Networking

10 things to look for in a remote connectivity application


This information is also available as a PDF download.

Remote access to workplace PCs and servers is no longer a luxury. Many organizations require that staff, technology administrators, and business owners regularly connect remotely to central or branch office systems, whether they're traveling, working from home, or visiting another site.However, not all remote connectivity applications are created equal. Windows' own Remote Desktop Connection typically requires server support to deliver direct access to multiple remote systems in the same location. Worse, its printing capabilities can prove difficult if not impossible to configure without the support of third-party products.

Some remote connectivity applications require special firewall configurations, while others deliver strong security features but at the expense of performance. Here are 10 things to look for in remote connectivity applications to ensure your organization deploys an effective remote access solution.

#1: High performance

Few experiences prove more frustrating than having to complete a lot of work via a slow remote access connection. Thoroughly test remote connectivity applications prior to selection and deployment to make sure the platform you choose provides acceptable performance. Only by testing a remote access utility in your real-world environment -- complete with your office's unique collection of various DSL and cable modem links, firewalls, and various Windows workstations and servers -- can you be certain the platform delivers the performance you require.

#2: Strong security

Employees, tech staff, and business owners often must access, process, and update business-sensitive information via remote connections. Thus, it's imperative that the remote access technology in use provide appropriate security. It makes no sense to invest heavily in security, including servers to authenticate users and restrict file access, only to open your organization's data by deploying an insecure remote access application.

Look for a remote connectivity application that requires authentication to complete remote connections and that encrypts the actual contents of the remote access sessions. Several leading products deliver 256-bit SSL encryption; settle for nothing less.

#3: Simple client-side configuration

Organizations must remember that their employees are public relations practitioners, marketing experts, sales professionals, and financial specialists; such staff are typically neither well trained nor comfortable when it comes to installing and configuring remote access software. So it makes sense to adopt remote access client-side applications that are easily installed and configured.

Avoid remote access solutions that require much client-side configuration or administration. Ideally, client-side setup and configuration will be as simple as double-clicking an install file, following basic installation prompts, and supplying a workstation name or address, username, and password.

#4: Firewall-free configuration

Any time organizations select a remote access application that requires client-side firewall configuration, technology administrators can plan on trouble. If the remote access solution requires specific firewall ports to be opened, it's doubtful that employees will either know how to properly configure those firewall settings (such as on their own broadband routers) or have the necessary knowledge and administrative rights to configure hotel and other corporate network firewalls to permit the necessary traffic.

For this reason, you should look for remote access programs that don't require firewall adjustments on the client-side network. Increasingly, remote connectivity solutions are moving away from requiring firewall adjustments, but some still require such changes. They are to be avoided if possible.

#5: Simple installation

There's no reason IT administrators should overly complicate their own roles, either. The easier a remote access solution is to install on the host side the better. Whether deploying a hardware- or software-based solution, host-side setup and administration should be kept to a minimum. Few server, network, and firewall changes should be required.

#6: Local printing support

Printing is perhaps the biggest stumbling block when it comes to remote access solutions. Although most programs perform relatively well and deliver acceptable security, few make it easy for users to print the contents of remote applications and systems using their local printer.

LogMeIn Pro automatically configures a user's local printer to serve as the default printer during a remote access session.

In the case of Windows Remote Desktop Connection, third-party manufacturers have developed add-on software that readily solves the issue. However, the required licensing costs per user are significant. Seek a remote access application that automatically configures users' default local printers to print application and system data from the remote system locally.

#7: Easily adjusted display settings

To optimize efficiency, users must be able to easily update display settings, too. This is particularly true today, when many organizations are deploying widescreen displays. Those widescreen displays, when accessed from a standard 17" monitor, could prove frustrating for end users unable to fit the contents of the remote system on their desktop displays. By making sure that users can adjust the remote display settings to match their local monitor resolution, you'll help improve user productivity and reduce support desk calls.

Windows XP's (and Vista's) Remote Desktop Connection makes it easy for users to adjust the resolution size of the remote desktop. They just need to click the Options menu, select the Display tab, and adjust the resolution size appropriately.

#8: File transfer capabilities

Many remote access applications deliver simple remote access capability. However, some remote access programs also include separate easy-to-use file transfer utilities that simplify transferring large numbers of files (and even folders en masse) from a remote office workstation to a laptop or other system. The feature is particularly handy when traveling employees must frequently update or replace large numbers of files.

#9: Simple license management

License management is a little-discussed issue, but it bears mentioning. If a remote access application is rolled out for an employee who subsequently leaves the organization, it's best if the organization can roll that license over to the new staff member who replaces that employee. Not all remote access programs permit such license rollovers, though, so you should review a remote access program's licensing requirements prior to making a purchase.

#10: Quality support

Remote access solutions don't always work the way they're supposed to. Occasionally, trouble arises, whether due to software conflicts on a user's system or issues with an organization's network configuration. In such cases, you'll want access to quality technical support.

Although it's helpful to have a well-maintained Wiki, there are many occasions when IT departments may be required to contact the remote access manufacturer's technical support staff. Whether issues arise with Windows updates, cross-platform incompatibilities, or even conflicts with an antivirus or anti-spyware program, the required solution may not be available on a public support Web site or within supplied documentation.

Prior to purchasing a remote access solution, contact the vendor's support staff to determine how knowledgeable the customer service support staff is and how quickly it responds to trouble tickets.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

8 comments
apotheon
apotheon

OpenSSH coupled with the X Window System's network transparency (for when GUI access is necessary) may be the best tool available to meet all those needs. There is not a single item on that list of ten criteria that is not handled admirably well by OpenSSH -- which is the single most common and well-respected secure remote access tool available. X forwarding over OpenSSH is dead easy, and often unnecessary in any case. OpenSSH's optional data compression capabilities provide flexible performance optimization. Strong encryption with a number of supported authentication schemes, including the ability to customize further with the help of additional authentication tools, provides security as tight as a drum -- or as tight as you want it, at any rate. Open source licensing ensures the price is right, and that the software doesn't contain any hidden surprises. The benefits are numerous, and it's one of the simplest-to-use remote access tools in existence. The only downside for some people is that getting it installed and working properly on MS Windows might be a bit of a problem -- but for users of free unices (like Linux and FreeBSD -- or OpenSSH's point of origin, OpenBSD), commercial UNIX systems, and MacOS X, it's no problem at all.

roysten
roysten

By far 2 of the best in opensource world. I think SSL-Explorer holds a lot of promise as it does not requires any client s/w (except a browser), and not even openvpn could do better in terms of ease of maintenance.

rw
rw

Even the "just a browser" products require some sort of java or active X download. Which would require some sort of install rights on a well protected machine. Plus certificates need to be installed. What if you could run the product from a usb device, no need to install anything. No need to build special webservers and once the key is removed no trace on the client machine. The service does not have any unencrypted footprint on the internet. All web based services need a web site... The biggest come hack me signal out there.

rw
rw

We now have to put together something where user stupidity / carlessness / wrecklessness is eliminated. Smart designs make it very difficult for end users to mess them up. Write down passwords. Telling all login details to collegues. Set up a vpn system where you have to meet non user specified criteria.

NOW LEFT TR
NOW LEFT TR

there will be a weak link. If we gets so far down the line the weak link ends up being the 'user' that is part of the overall system.

rw
rw

ok?... So how does it "know" your are who you say you are. It also requires a machine you control therefore 2 client machines needed. The the machine is compromised they have access to a PC that can see the entire network. I don't think the 10 things in the original entry goes far enough.

rebellious_antics
rebellious_antics

i have been testing Radmin 3.0 since its release and it has its benefits, but also its disadvantages. Security Security is absolutely essential for any remote access software. We, at Famatech, are dedicated to providing you the highest security levels possible. Our cryptography engineers are very proud of pushing the technology and keeping Radmin the most secure remote access software available. Radmin user authentication is substantiated by a modified Diffie-Hellman 2048 bit algorithm. Advanced 256-bit AES encryption is always enabled for all data streams being transferred over the network. Other security features include Windows Security, NTLM/Kerberos and Active Directory support. The program checks user permissions as well as IP-filter settings. now il go over the options. before connecting to an IP or domain name, you have a few options for what type of connection to make. 1) full control 2) view only 3) files transfer 4) connect via terminal 5) shut down/restart options 6) open a chat window with the client 7) call the client (VOIP) 8) send a text message now once connected, one of the main features i like aboutthis software is the resize client desktop screen button on the tool bar. by clicking on this, the remote screen is virtually resized to fit your screen, without actually changing the screen resolution on the remote pc. i found nothing more frustrating with other remote administration applications that you have to scroll around the screen to see the entire screen of the remote client, or having to change their screen resolution in order to do so. other options while connected are: send remote clipboard, and get remote clipboard.. allowing you to copy and paste, to and from the client pc choose which remote monitor to view and also its worth mentioning the colour settings which support up to 24 bit giving good clarity. now for my grumbles. although it has many features i love, it has a few i dislike. for example: having to configure port forwarding for every client system ( we have quite a large network, so instead i configured a connection to the server, and installed radmin viewer on the server, so i could use that application to connect to the other systems on the lan locally secondly, printing. its not possible to print to your local printr from the remote client. Brad Gothard Administrator / C++ Programmer

rw
rw

Not bad not bad at all. However I suppose we all have to play devil advocate and think where is the shortfall? It encrypts traffic but if the end point is compromised you encrypt the unwanted code too. It would also seem that the client is again like VPN part of the host network. So once a machine is compromised you can assume access to the network is compromised. Encryption of traffic is all well and good but there are other points to consider, a few more than the 10 specified in the leading article.