Although IT administrators often feel as if they’re at work
24/7, most actually do leave the office from time to time. Unfortunately,
though, network problems often don’t wait for business hours to crop up. If a
server goes down, the network becomes inaccessible, or other problems occur
when the administrator is off site, or in less dramatic cases, if routine
maintenance tasks need to be performed, a good remote management strategy can
save hours of driving time and lost productivity while the admin gets back to
the server room.
There is an array of tools available for remotely managing
the network, including some that are built into the operating systems, some
freeware utilities and commercial products at a wide range of price points.
Let’s take a look at some of your options when it comes to remote
administration and how you can design a strategy that will grow with your
Third-party remote control programs
One way to manage your servers is to connect to them over
the Internet using a third party remote control program that allows you to log
onto the server from a remote location. With these tools, you can see the
desktop of the server and control it with the mouse and keyboard of the remote
machine as if you were sitting at the server itself.
Examples of remote control programs include:
- PCAnywhere (Symantec): One of the first and
still most popular relatively low-cost remote control programs, that can
be used to manage both Windows and Linux servers. Web Remote uses a
Java-enabled browser to access the server desktop. Also includes built-in
AES 256 bit encryption, and a Pocket PC device can be used to access the
server wirelessly. The bandwidth autodetect
feature optimizes performance depending on the connection type. Costs
- VNC (Virtual Network Computing):
Uses a “viewer” program installed on the remote computer to view and
interact with the server. The viewer can be installed on Windows,
Macintosh, UNIX, BeOS, OS/2,
DOS and even Palm and Windows CE/PocketPC
devices, to remotely administer Windows, UNIX and Macintosh servers. There
is also a Java viewer that allows you to use any Java-enabled Web browser
to view the server’s desktop. You can also run the viewer directly from a
floppy disk. VNC is open source, free to download under the GNU General Public
License (GPL) at http://www.realvnc.com/download.html.
There is also an enterprise edition available (not free) that supports
Windows and UNIX authentication and session encryption.
- Timbuktu Pro: Remote control
software for Windows and Mac OS X that can make encrypted connections
through Secure Shell (SSH) or VPN. Supports user authentication and
security policies. Enterprise version includes automated deployment tools
and integrates with popular systems management applications. Costs $159.95
(Windows) or $179.95 (Macintosh) for a twin pack.
- GoToMyPC: Web-based remote desktop service
that can be used to connect to a server on which the GoToMyPC
software is installed from a Web browser; however, this service is aimed
more at connecting to a workstation. It has multi-monitor support and true
24 bit color support. Uses AES 128 bit encryption. Costs $19.95 per month
or $179.40 per year.
- Radmin (Remote Administrator): Remote
desktop program for Windows 9x and above that supports multiple
connections on both client and server sides. Uses 128 bit encryption, has
logging capabilities, IP filter table for restricting remote access to
specific IP addresses. Costs $35 per license.
Most of these programs are low enough in cost to be
affordable for small businesses. Some (VNC, Timbuktu) offer
enterprise-level editions that you can move up to as your network grows.
Windows Remote Desktop/Terminal Services
Small businesses that use Windows 2000 or 2003 servers will appreciate
the fact that they don’t have to buy third party software or install freeware
to remotely administer servers. Windows 2000 includes terminal services, which
can be run in administration mode without the need to purchase additional
licenses. You can connect to it from other Windows computers by downloading and
installing the terminal services client software on the remote computers (free
download from Microsoft).
The latest version of the terminal services client is the
Remote Desktop Connection (RDC) software, which will install on Windows 9x, Me,
NT 4.0 or Windows 2000. There is no need to install the client software on
Windows XP and Server 2003 computers from which you want to manage the server,
as the RDC client comes built into the operating system. It’s accessed via All
Programs | Accessories | Communications, and can also be found on the Windows
XP (Home and Pro) installation CD.
Windows Server 2003 servers don’t have to have terminal
services installed to connect to the remote desktop. Instead, you need only
enable the remote desktop service via the Control Panel | System applet, on the
Remote tab. Remote Desktop is not enabled by default.
You can specify the remote users that you want to allow to connect to the server via Remote Desktop. All members of
the administrators group can connect by default.
Terminal services can be made more secure by redirecting the
Remote Desktop Protocol (RDP) traffic through encrypted tunnels using a tool
such as Zebedee.
KVM over IP
Another choice for remote management is KVM over IP, which
allows you to connect remotely to an IP-enabled Keyboard-Mouse-Video switch
that sends the output from the server to the remote computer over a TCP/IP
network (LAN or Internet). KVM over IP makes it easy for administrators to
control multiple servers from a remote system. It’s a very scalable solution in
that you can expand the number of systems as the network grows and more servers
are added. For more information about KVM over IP solutions from Avocent, see http://infrastructure.techweb.com/.
“Out of band” solutions
Remote desktop solutions work fine if the server you want to
manage is up and running, but what happens if it loses its connection to the
network? In that case, you need to plan for an “out of band” management
solution. This refers to products that allow you to securely access your
servers (and routers, switches, firewalls, etc.) independently from the
network, or out of the network bandwidth. OOB products can connect via
telephone lines and serial connections. You can use products such as the UniGuard and Port Authority appliances from CDI (http://www.outofbandmanagement.com/oob_story.htm).
If you’re running Windows Server 2003, Microsoft’s Emergency
Management Services (EMS) can be used for out of band communications with your
here for more information about EMS.
As your network grows and your business becomes more
dependent on its resources, you should be planning a strategy that will allow
administrators to stay in control of the network and servers even when they
aren’t on site. There are many remote administrator tools available that will
serve you well through all levels of growth.