Jesus Vigo compares and contrasts two remote desktop applications based on the RFB protocol used by VNC to determine which package works best for remote administration.
Some veteran technology staffers say that IT is a young man's game, with increasing help desk calls and growing support ratios — all that running around can be exhausting. However, like I always say, "work smarter, not harder."
Using technology to leverage the one (or few IT) against the hundreds (or thousands) of end users and their devices helps us to perform incredible feats of sysadmin strength. No technology better conveys this than remote desktop access.
But which application is better? The two best examples of this currently are Virtual Network Computing (VNC) and Apple Remote Desktop (ARD). Each boasts similar base features and provide for a simple-to-use workspace to aide in managing the systems of any organization, large or small.
Without further ado, let's compare both of these great products in depth.
VNC by RealVNC is one of the more mature remote protocols available for remote access. Based on the RFB protocol, it was initially designed to perform in conjunction with a thin client, eventually becoming the three-prong application it is today. It includes the VNC Server, or computer that's sharing its desktop; the VNC Client, or computer that's viewing / interacting with the server's desktop; and the RFB protocol, which is used to communicate commands between the server/client.
VNC works just as well on LANs as it does over WANs, making it a boon for those wishing to provide remote support from offsite locations over the internet. Some router configuration may need to be performed in order to get VNC to communicate across the WAN, plus tweaks to Firewall settings.
Perhaps the greatest benefit of VNC is in its design as a platform-independant protocol. VNC has been developed in many flavors, providing support for Apple, Windows, and Linux just to name a few. This is a wonderful feature for sysadmin tasked with supporting heterogeneous networks of Windows and OS X nodes alike, since VNC makes it possible to manage Windows devices from OS X and vice-versa.
Alas, it's also VNC's design that is cause for its greatest concern, as VNC was not initially written with security in mind. Passwords are not sent in plain text across the network, so it's possible to sniff them out by using a packet inspector. Adding to this detriment is an 8-character limit imposed on the password by some VNC applications. The smaller the character space, the easier the password is to crack.
Another minor, but important issue to take note of is the overhead in the data transmission between the server/client. Unlike other remote desktop protocols, where efficiency is key to speedier communications, the RFB protocol sends raw data in an uncompressed form, which utilizes more bandwidth from end to end.
VNC, while trademarked by RealVNC, is available in many different versions from multiple developers, each utilizing RFB as the underlying communication protocol. While it's generally free*, several developers have taken to writing feature-rich versions of VNC to address some of the more prominent shortcomings of the application, such as adding native 128-bit AES encryption, file transfer capabilities, and even chat functions between the client and servers. Many of these packages also optimize the code to provide efficient, secure commercial applications that can connect — and remotely manage — any host of environments across a network.
* Note: RFB protocol and basic VNC functionality is covered under the GNU General Public License, which is free to use. However, developers have created VNC applications based in part on the RFB protocol and value-added features to sell as commercially available software, with software licensing varying from developer to developer.
2. Apple Remote Desktop (ARD)
The ARD app costs $79.99 (USD) from Mac App Store, and it's the de facto standard for managing tens, hundreds, or thousands of OS X-based Macs on a network. Based on VNC and relying on the RFB protocol from version 2.0 and on, ARD is a full-fledged VNC application with many added features geared at managing nodes running VNC-compatible server software.
ARD includes, among its many feature sets, the ability to transfer files to/from, secure sessions using 128-bit AES encryption, generate usage reports based on computers or users, keep tabs on system/application resources, and save commonly executed commands as templates for future use. It also does much more.
Being based on VNC, a little known fact is that ARD can also be used to manage computers running compatible VNC server software, regardless of the OS. This makes remotely managing Windows desktops or Linux servers a breeze, since the RFB protocol allows for them to be administered just as if you were logged on locally.
Security admins can rest assured that from version 3.0+, all ARD sessions are fully encrypted — not just passwords or keystrokes. This means any transmissions between end-points are secured from sniffing or man-in-the-middle attacks.
Another benefit inherent to ARD is native support for software distribution and asset management. Using the built-in features, applications may be copied, installed, or scripted from remote locations in a one-to-many ratio for successful deployment. Also, management reporting allows nodes to be queried to generate reports for just about any service instance or resource for one device or across the entire network.
Remote assistance — of course, being the main feature of VNC — is also further enriched by the inclusion of chat capabilities to speak one-on-one with a user in need of hands-on assistance. Additionally, system wide messaging is included, as is a console to view the contents of each device, simultaneously communicating with VNC. And last but not least, it offers Curtain Mode, which allows IT to perform troubleshooting on a system while the work is hidden from the view of the user sitting locally at the desktop.
Though based on VNC, Apple is no slouch when it comes to its 1st-party products, and ARD shows this with its attention to details, such as integration with Automator, remote command processing, and task templates used to store scripts and even schedule them... all at the touch of a button.
Pricing is affordable for such a full-featured product, but nothing compares to free. And with a little configuration and know how, a free VNC package could be setup with the proper level of security and have the necessary support features installed via plug-ins, even though not all of the features in ARD would be present. Besides the price of the application, there are no other licensing fees associated with ARD, no monthly service fees or annual support contracts, and no per-seat licensing fees either, which makes this a wonderful application for enterprise customers.
Among the many pluses in ARD's corner, one mark that will surely serve as a negative for a lot of admins is the requirement that an Apple computer running OS X be used to install ARD and therefore manage VNC servers from ARD. Though the Mac mini — Apple's least expensive desktop offering — is a superb OS X Server for managing Apple Remote Desktop nodes, it's an added expense beyond the client software, and this may be a deal breaker for some.
Of course, there are integrated management consoles like System Center 2012 from Microsoft or Casper Suite from JAMF Software, but they have high licensing costs associated with their usage, since they're all-in-one solutions. The focus of this article is to look into the SMB market with solutions that are both equally cost effective and powerful in desktop management.
While VNC and ARD are cut from a similar stock, they're vastly different once additional value-added features are taken into account, simplicity and ease of use or training is considered, and when you examine how the package is intended to be used. The only way to truly answer that question is to think about the needs of the environment and compare the various pluses and minuses of each package — or go with a neutral vendor, such as TeamViewer, which is also VNC-based and has support for desktop and mobile operating systems.
Which app do you prefer for remote administration, and why? Share your favorite in the discussion thread below.