Although IT administrators often feel as if they're at work 24/7, most actually do leave the office from time to time. Unfortunately, though, network problems often don't wait for business hours to crop up. If a server goes down, the network becomes inaccessible, or other problems occur when the administrator is off site, or in less dramatic cases, if routine maintenance tasks need to be performed, a good remote management strategy can save hours of driving time and lost productivity while the admin gets back to the server room.
There is an array of tools available for remotely managing the network, including some that are built into the operating systems, some freeware utilities and commercial products at a wide range of price points. Let's take a look at some of your options when it comes to remote administration and how you can design a strategy that will grow with your network.
Third-party remote control programs
One way to manage your servers is to connect to them over the Internet using a third party remote control program that allows you to log onto the server from a remote location. With these tools, you can see the desktop of the server and control it with the mouse and keyboard of the remote machine as if you were sitting at the server itself.
Examples of remote control programs include:
- PCAnywhere (Symantec): One of the first and still most popular relatively low-cost remote control programs, that can be used to manage both Windows and Linux servers. Web Remote uses a Java-enabled browser to access the server desktop. Also includes built-in AES 256 bit encryption, and a Pocket PC device can be used to access the server wirelessly. The bandwidth autodetect feature optimizes performance depending on the connection type. Costs $199.
- VNC (Virtual Network Computing): Uses a "viewer" program installed on the remote computer to view and interact with the server. The viewer can be installed on Windows, Macintosh, UNIX, BeOS, OS/2, DOS and even Palm and Windows CE/PocketPC devices, to remotely administer Windows, UNIX and Macintosh servers. There is also a Java viewer that allows you to use any Java-enabled Web browser to view the server's desktop. You can also run the viewer directly from a floppy disk. VNC is open source, free to download under the GNU General Public License (GPL) at http://www.realvnc.com/download.html. There is also an enterprise edition available (not free) that supports Windows and UNIX authentication and session encryption.
- Timbuktu Pro: Remote control software for Windows and Mac OS X that can make encrypted connections through Secure Shell (SSH) or VPN. Supports user authentication and security policies. Enterprise version includes automated deployment tools and integrates with popular systems management applications. Costs $159.95 (Windows) or $179.95 (Macintosh) for a twin pack.
- GoToMyPC: Web-based remote desktop service that can be used to connect to a server on which the GoToMyPC software is installed from a Web browser; however, this service is aimed more at connecting to a workstation. It has multi-monitor support and true 24 bit color support. Uses AES 128 bit encryption. Costs $19.95 per month or $179.40 per year.
- Radmin (Remote Administrator): Remote desktop program for Windows 9x and above that supports multiple connections on both client and server sides. Uses 128 bit encryption, has logging capabilities, IP filter table for restricting remote access to specific IP addresses. Costs $35 per license.
Most of these programs are low enough in cost to be affordable for small businesses. Some (VNC, Timbuktu) offer enterprise-level editions that you can move up to as your network grows.
Windows Remote Desktop/Terminal Services
Small businesses that use Windows 2000 or 2003 servers will appreciate the fact that they don't have to buy third party software or install freeware to remotely administer servers. Windows 2000 includes terminal services, which can be run in administration mode without the need to purchase additional licenses. You can connect to it from other Windows computers by downloading and installing the terminal services client software on the remote computers (free download from Microsoft).
The latest version of the terminal services client is the Remote Desktop Connection (RDC) software, which will install on Windows 9x, Me, NT 4.0 or Windows 2000. There is no need to install the client software on Windows XP and Server 2003 computers from which you want to manage the server, as the RDC client comes built into the operating system. It's accessed via All Programs | Accessories | Communications, and can also be found on the Windows XP (Home and Pro) installation CD.
Windows Server 2003 servers don't have to have terminal services installed to connect to the remote desktop. Instead, you need only enable the remote desktop service via the Control Panel | System applet, on the Remote tab. Remote Desktop is not enabled by default.
You can specify the remote users that you want to allow to connect to the server via Remote Desktop. All members of the administrators group can connect by default.
Terminal services can be made more secure by redirecting the Remote Desktop Protocol (RDP) traffic through encrypted tunnels using a tool such as Zebedee.
KVM over IP
Another choice for remote management is KVM over IP, which allows you to connect remotely to an IP-enabled Keyboard-Mouse-Video switch that sends the output from the server to the remote computer over a TCP/IP network (LAN or Internet). KVM over IP makes it easy for administrators to control multiple servers from a remote system. It's a very scalable solution in that you can expand the number of systems as the network grows and more servers are added. For more information about KVM over IP solutions from Avocent, see http://infrastructure.techweb.com/.
"Out of band" solutions
Remote desktop solutions work fine if the server you want to manage is up and running, but what happens if it loses its connection to the network? In that case, you need to plan for an "out of band" management solution. This refers to products that allow you to securely access your servers (and routers, switches, firewalls, etc.) independently from the network, or out of the network bandwidth. OOB products can connect via telephone lines and serial connections. You can use products such as the UniGuard and Port Authority appliances from CDI (http://www.outofbandmanagement.com/oob_story.htm).
If you're running Windows Server 2003, Microsoft's Emergency Management Services (EMS) can be used for out of band communications with your servers. Click here for more information about EMS.
As your network grows and your business becomes more dependent on its resources, you should be planning a strategy that will allow administrators to stay in control of the network and servers even when they aren't on site. There are many remote administrator tools available that will serve you well through all levels of growth.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.