Remote Possibilities
We tested 14 remote-control products that let you support IT users from afar.
October 14, 2002
Traditional remote-control software includes file-transfer functions along with remote-control capabilities. But to distinguish themselves in a crowded market, vendors are adding components usually found in desktop-management suites. For example, NetSupport Manager provides hardware and software inventories as well as support for SNMP and Wake-on-LAN. Conversely, some remote-control products, such as Altiris Carbon Copy and Novell's Remote Management Agent, are part of desktop-management suites. If you are considering a desktop management solution or use Altiris Client Management Suite or Novell ZENworks, you won't find any of the best-of-breed products a compelling alternative to the remote-control component included in those packages. But you wouldn't want to purchase these packages just for remote control.
Performance RankingClick here to enlarge |
Secure Communications
Each product we tested provides options for encrypting authentication schemes and data streams, but it's misleading to make security comparisons across the board. For example, NetSupport uses 56- to 256-bit DES (Digital Encryption Standard) and AES (Advanced Encryption Standard) encryption, while pcAnywhere uses Microsoft's default CSP (Cryptographic Service Provider) and RC4 encryption. In the long run, though, no encryption scheme is unbreakable. If the authentication scheme is compromised, that's a critical flaw. However, if the data stream is intercepted, that's not as critical because traffic contains only screen updates. We verified that no clear text passed on the wire when encryption was enabled and tested common security features, such as lockout, connection restrictions and file-access permissions.
Whether you use a modem-to-modem connection or a LAN connection with remote control, you're bound to encounter communication errors. We tested a program's ability to detect and recover from communication errors (error detection and recovery). No applications could identify the disconnect immediately, and only half provided an error message before closing the session. Most returned to the client application. However, TWD's Remote-Anything abends, while LapLink's remote control and pcAnywhere's file-transfer programs were the most stubborn--they just sat there and let the user think he or she was still connected. Novell's Remote Manager identified the disconnect quickly, but the host was not usable until after a reboot. Both NetSupport and CrossTec provide keep-alive functions. NetSupport ticks hosts every 18 seconds and identifies a remote-control-session disconnect within approximately 43 seconds. When the tick is timed every 1 second, it identifies disconnects within 30 seconds.
Server administrators will be tickled by many of these products' features, such as a master's ability to broadcast files to a number of hosts and directory integration to set up remote control in the enterprise with the same users and groups used for account management. Altiris and Symantec both offer host code that can be installed without a reboot, ideal for mission-critical servers. Unique to this roundup, Altiris also provides asynchronous and synchronous modes for remote control. The synchronous option offers screen updates in real time, while the asynchronous mode scans the remote display and updates display changes only. The asynchronous setting provided ideal performance for viewing Java applications.
By the NumbersClick here to enlarge |
During our tests Altiris bought Previo's eSupport Essentials technology, including Remote Assistant. Altiris says it will offer eSupport Essentials PC recovery utilities but considers Carbon Copy its remote-control solution of choice, replacing Remote Assistant. This removed Previo from the competition. In addition, Vector Networks licenses the NetSupport product and resells it as PC-Duo. PC-Duo looks and feels exactly like NetSupport Manager. Hence, we did not test PC-Duo but gave it the benefit of NetSupport Manager's performance results. We also did not include it in our report card. We did, however, scrutinize the feature set and included that information in our features chart.
Our Editor's Choice award goes to NetSupport Manager 7. NetSupport offers optimal performance in a full-featured remote-control application with plenty of enterprise-level configuration, installation and management options. Although it did not receive top scores in raw performance testing, NetSupport supplied the right mix of performance and features. It edged out second place CrossTec's NetOp Remote Control by providing hardware and software inventories, audio chat and host support for multiple inbound connections. And though third-place finisher Symantec pcAnywhere provides directory integration, NetSupport maintains support for DOS, IBM OS/2 and Microsoft Win16 and Win32 systems and provides administrators with a "client scanning" feature to scroll through multiple desktops in a single window. These three products are profiled below. Read about the others we tested online.
Although it doesn't support LDAP or NTLM and is not a component of an enterprise desktop-management suite, NetSupport Manager is a comprehensive remote-control solution that can be centrally deployed and managed in the enterprise. NetSupport ranked fourth in transferring bitmaps and sixth in file transfers. These scores, together with the full range of remote-control features and a competitive price, put it ahead of CrossTec's NetOp Remote Control and Symantec's pcAnywhere.
NetSupport has two main code components, the control (master) and the client (host). The control and the client code can reside on the same machine. In addition to a straightforward CD installation, NetSupport offers a network-installation method in which setup, license and configuration files are copied onto a central server. Users can browse to this directory and execute the setup file.
We were impressed with the NetSupport Deploy Utility, which lets network administrators push install NetSupport onto workstations without any host interaction. In addition, the utility can update license information and client configurations and even uninstall the package remotely. The utility gave us a list of available networks along with domain and workgroup information. We selected the host onto which we wanted to install the package and the necessary configuration files, then clicked "deploy" and the package was installed. Deploy Utility also gave us a detailed report of successful and failed deployments.
Masters interact with hosts in one of three modes: watch, share and control. In watch mode, the host is viewed passively. In share mode, the host shares the control of its PC with the master. In control mode, the master takes control of the host computer by locking the user's keyboard and mouse. The client-scanning option let us view multiple host screens in a single window; the scan interval can be set to cycle through different screens.NetSupport Manager offers detailed logs about a remote-control session, including the duration, who disconnected and files transferred. NetSupport also provides power management, in which a master can power on or off hosts. To power on a host, Wake-on-LAN must be supported by the network adapter. NetSupport also lets an administrator inventory host workstations' hardware and software.
A show feature let us show the master screen to multiple hosts. This is very useful for training sessions and demonstrations and provides a platform to broadcast a corporate communication to employees. Also, KVM activities can be recorded and saved for later playback. A scripting tool let us schedule tasks, such as file transfers or application installations, to run unattended. Although the administrator must learn a proprietary scripting language, this tool provides a facility to automate repetitive tasks.
NetSupport Manager 7.0, $99/$29,360. NetSupport, (888) 665-0808, (770) 205-4456. http://www.netsupport-inc.com
NetOp Remote Control was developed to support a critical database application for the Danish stock market, so it was designed with connection speed, stability and data security in mind. Version 7.01 lives up to its billing with a high degree of security and above average performance.
Although slower in file transfers than half of the products we tested and ranked twelfth in bitmap transfers, NetOp posted high marks in network management and security. Users are notified within approximately 50 seconds after their connections are interrupted. In addition, NetOp uses a small amount of memory on the desktop.
Like NetSupport Manager and Symantec pcAnywhere, NetOp splits its code into separate programs to improve functionality and performance. You can install the master, host or both programs on a machine. The optional enterprise deployment uses a deployment utility to let you choose which features to install to multiple PCs. First, select the source of installation (CD or direct download). Next, configure the hosts (input the license key and select other options). Last, select the target computers. You can install NetOp on a single workstation or select from an NT domain list. You also can group computers into target groups.If you plan to maintain your initial configuration settings over all selected PCs, choose the default installation. This worked in our labs without fail. Once complete, we could view a log file to verify the NetOp installation on selected PCs.
Remote-Control Software FeaturesClick here to enlarge |
NetOp masters can manage their local caches in three ways: separate files for every host, a common file or no cache file. This is useful for administrators who want to keep separate log files for every session. The caching option also lets you set a maximum size for the files, to limit disk-space usage. And, like NetSupport Manager, NetOp supports Wake-on-LAN and provides record and playback features for troubleshooting and training, though the playback is rather slow and jerky.
CrossTec does not compromise on security. Rather than rely on a machine's default CSP, like pcAnywhere does, CrossTec offers AES encryption and up to 256-bit keys for authentication and to protect against third parties reading the data stream transmitted between a master and host. It also uses integrity checking to verify that data streams have not been altered and to protect against compromised keys, and offers a separate product, Security Server, to manage security.
Security Server provides enterprises with role-based remote access using SQL 7.0 or MSDE. You create roles using a wizard that can draw on user and group information from Microsoft Windows NT domains and Active Directory. If you do not use Windows domains, you can use a common user name/password, but we don't recommend this route. Instead, create your own identities with separate passwords. With roles, you can allow unfettered access to all hosts and their file systems for your domain administrators and limit others to certain activities by function, time and location. NetOp lets you limit location by IP or MAC address. Security Server also performs daily logging and log management so you know who is controlling whom, when and where on your network. If you don't use Security Server, security roles can be defined locally on each host.
NetOp supports a cascade control that let us control a host from another host we were already controlling. This activity compromises speed and can be confusing, but it may be handy for troubleshooting multiple servers or desktops from a remote location. NetOp also can operate in stealth mode, hiding the master from the host, and sports a request-for-help feature for hosts to call for service and support.NetOp Remote Control 7.01, $179/$29,965. CrossTec Corp., (800) 675-0729, (561) 391-6560. http://www.NetOpUSA.com
Returning champion pcAnywhere (see "Remote Control Saves Steps"), almost made it to the top of the heap for its first-rate performance, security and support for multiple directory schemes--including Active Directory, LDAP, NDS and NTLM--but it was foiled by its high price and NetSupport Manager's strong management capabilities.
In the performance category, pcAnywhere ranked third in our bitmap-transfer test and fourth in file transfers. It also packs a lot of features into a small memory footprint. Although the host code consumes 6,824 KB while dormant, it uses only 7,996 KB while active (see graphic "Memory Usage in Remote Control"). But pcAnywhere was not quick to identify communication problems between clients and hosts, taking approximately 49 seconds to sense a broken connection.
Still, pcAnywhere is easy to install in any type of environment. We tested several installation methods, including a Web-based installation, which is a hassle-free and reliable solution for enterprise deployment. We were pleasantly surprised with how easy it was to customize an installation using the packager option. This took the pain out of manually editing an installation file, and pcAnywhere's packager lets you create your own installation set, providing control over which features are available to the user, including protocol support and which, if any, dialog boxes are displayed during installation. We also successfully tested the "rebootless" host option, which let us create a host-installation package that did not require a host reboot after the software installation.
PcAnywhere had the most security features of the products we tested. New to version 10.5 is a host-assessment tool that checks the configuration of hosts and alerts administrators of possible security issues. It includes enhanced logging capabilities for security events that can trigger SNMP traps or log events in its own format for reporting purposes. A remote-access perimeter scanner let us identify pcAnywhere hosts in our network and scan for other installed remote-control software. And it includes an option to shut down unsecured hosts. However, no criteria were provided to define insecure.
Memory Usage in Remote ControlClick here to enlarge |
As with many of the products we tested, pcAnywhere provides multiple levels of encryption and authentication. It also includes IP-based connection restrictions and file-integrity checking to prevent unauthorized copies of the software. This enforces standard configurations in the enterprise and protects specific critical files from being overwritten. Furthermore, you can narrow the risks of unauthorized access by limiting connections through the use of a serialization code.The Windows Explorer-style file transfer is as good as it gets. We could take over remote-control sessions without stopping the file-transfer process, and pcAnywhere, like LapLink, provides autotransfers and folder-synchronization options with delta-transfer technology.
pcAnywhere 10.5, $179/$90,900. Symantec Corp., (800) 441-7234, (408) 253-9600. http://www.symantec.com
Dilip Advani, Saurabh Bhasin, Julio Caraballo and Bilson M. Poikayil are research associates at Syracuse University's Center for Emerging Network Technologies. They can be reached at [email protected], [email protected], [email protected] and [email protected]. Sean Doherty is a technology editor and lawyer based at our Syracuse University Real-World Labs®. A former project manager and IT engineer at Syracuse University, he helped develop centrally supported applications and storage systems. Write to him at [email protected].
Altiris eXpress Carbon Copy Solution | Binary Research International Remotely Anywhere | LapLink Gold 11 | Novell ZENworks for Desktop 3.2 | uRoam FirePass 1000 | TWD Industries Remote-Anything | Netopia Timbuktu Pro Enteprise Edition | Funk Software Proxy Remote Control 4.0 | Linktivity WebInteractive 2.0 | TridiaVNC 1.5 (32-bit Windows)/1.4 (Unix/Linux) | Microsoft Windows XP Remote Desktop Connection, Remote Assistance
Altiris eXpress Carbon Copy Solution
When teamed with Altiris Express Notification Server, Carbon Copy is an enterprise-class remote-control solution. Notification Server deploys Carbon Copy to any 32-bit Windows OS and does not discriminate between servers and desktops. It centralizes all remote-control activity, manages client configurations and tracks events through logs, reports and notifications.
Carbon Copy scored high in security but lacked a tight integration with Active Directory (as this article went to press, Altiris released a Connector for Active Directory that it says will let administrators import computers and users into the Altiris eXpress environment to distribute Carbon Copy and enforce policies).
The Carbon Copy host program had one of the smallest memory footprints-884 KB. But when viewed as a component in the Altiris Express Management Suite, the host memory requirements totaled 6,620 KB while dormant and 7,600 KB when active. Carbon Copy also did not distinguish itself in our bitmap- and file-transfer tests. As for stability, it was able to detect communication problems with hosts in approximately 36 seconds and was one of the few programs that gave us an indication-via a pop-up dialog box-that the connection had been lost.Carbon Copy contains both a Web-hosted console and a Microsoft Windows utility console for remote control. The Web console is backward-compatible with Altiris Carbon Copy programs running on 16- or 32-bit versions of Windows, and Compaq's Carbon Copy 5.0 to 5.5. With the Web console, Carbon Copy utilities are downloaded on demand without requiring a separate installation. This gives helpdesk personnel mobility, but administrators are limited to one connection at a time. If you need multiple outbound connections, like those available from NetSupport Manager or pcAnywhere, you need to use the Windows utility (256 simultaneous connections). However, the Windows utility does not include the deployment, configuration and reporting features. C'est la vie.
Notification Server 5.5 is a free download from Altiris. We installed Notification Server and MSDE 7 onto a Windows 2000 Server (SP2) running on a Dell PowerEdge 2450 and created and configured a default database, AeXNS. After configuring an SMTP server and an administrative e-mail account to receive alerts, we were ready to plug in Carbon Copy.
But we first needed to deploy the Notification Server client on each machine. A push or pull deployment method can be used, but because the push method required us to browse the domain for eligible clients, we opted to pull the code from an ASP (Active Server Page) located on the server. We could then install Carbon Copy using a policy package. Policies define how (automatic reboot or no reboot) and when Carbon Copy is deployed. Standard reports analyze Carbon Copy events and inventory data; you can also create your own reports.
Once the software was deployed, we browsed to a host and could connect and authenticate using Active Directory, NTLM or local authentication. Once connected, we could control the host machine, chat (audio and text) and transfer files. Unique to this roundup, Altiris provides an asynchronous and synchronous mode for remote control.
The Carbon Copy solution is not a mover and a shaker. But as a component of Altiris Express, it adds an important feature set to a full line of Web-enabled solutions. Although it costs more than other remote-control programs, the capability to manage a Carbon Copy deployment and configuration from a Web-based central location is key. Administrators can monitor events like connection status, remote utility usage and security status and receive e-mail alerts of critical events.Altiris Express Carbon Copy Solution, $500/$38,000. Altiris, (888) 252-5551, (801) 226-8500. www.altiris.com
Binary Research International Remotely Anywhere
Remotely Anywhere was a big surprise in a small package. Like Altiris' Carbon Copy and uRoam's FirePass, RA is a Web-based remote-control solution. But unlike Carbon Copy, RA does not require a client-server architecture, and unlike uRoam, it does not come in an appliance or provide remote control, FTP, SSH or telnet servers.
All RA services can be accessed from an HTML interface that supports Java and Java script (Internet Explorer 5.0 or higher, Netscape 6.2 or higher). It was second only to uRoam for the smallest memory usage while remote control was active (6,860 KB) and detected communication problems within 34 seconds.RA fell into the second tier in performance testing, behind pcAnywhere, LapLink and uRoam. It came in seventh in bitmap transfers and third in file transfers. But it stayed a few notches behind the front-runners because it lacks support for file synchronization and remote printing.
RA sniffs out machines on the network that have the program installed and identifies them by IP address or DNS name. When we chose a host machine from the browser interface, we were presented with a menu of actions, including remote access, administration, performance, system information and configuration management. Each action has subfunctions; for example, in remote access, you can start a remote-control or telnet session, chat, and transfer files. The remote-control session opens in a Java Applet. Because functions like CTRL+ALT+DEL and clipboard transfer cannot be captured through an applet, RA provides these functions through a separate submenu option. Depending on the configurations, the remote-control session can be carried out through the browser or by opening a separate window.
The performance option provides a graphic display of CPU, memory usage, disk space used, network utilization and registry quota utilization of the host machine. The configuration section, however, is the most important part of this submenu. As administrators, we could configure standard settings and deploy that configuration over the network.
Like uRoam's Firepass, RA maintains secure authentication and connection using 128-bit SSL (Secure Sockets Layer). To maintain this level of security, you can disable unsecured HTTP connections. During the authentication process, RA first looks for users registered with the program, then Windows NT users. You can disable NT authentication and limit access to registered users. Specific access to available menu options can be set for each user.
Administration is the second main option that the user sees after logging in. From here, we could view processes running on the host machine, engage in registry and file management, and manage shared resources, virtual memory and user access. The system-information option shows host information, such as which files are being accessed, what registry entries are in use and how many remote-control sessions are running, along with drive and partition information, network adapter and even the status of the motherboard.RA provides easy navigation and configuration capabilities in remote control with secure authentications and data streaming and, like Altiris and uRoam, claims to be WAP compatible and accessible through handheld devices.
Remotely Anywhere, $99/$41,000. Binary Research International, (888) 446-7898, (414) 961-1716. www.remotelyanywhere.com
LapLink Gold 11
LapLink Gold 11 is the latest iteration of a program that has been on the market for nearly 15 years. This longevity indicates a mature application with a rich feature set as well as stability in initiating and maintaining communications. LapLink did not let us down: It came in second in performance and sixth overall behind products with more functionality in network management and enterprise integration.LapLink Gold is LapLink's full-featured remote-control program, containing both master and host code. However, Gold Host, the host-only code for desktops and servers that do not need the master code, gobbles up approximately 12,620 KB of memory while dormant and 13,488 when active. If you have the room, the weight pays off in features and performance. In bitmap transfers, LapLink scored second, behind Spartacom's Linktivity, and in file transfers, it ranked fifth. But its price for 1,000 users exceeded that of most of our other participants. LapLink Gold also did not fare well under the ERD test for remote control-it did not detect a communication problem with a host for more than 3 minutes, though, once restarted, it was able to pick up a file transfer where it was interrupted.
LapLink sports most of the remote-control features we were looking for, lacking only a facility for clipboard transfers and session recording options. Like pcAnywhere, it supports directory synchronization using delta file transfers with SpeedSynch technology. SpeedSynch compares files and sends only the changes. LapLink also distributes files to several computers simultaneously and automates the operation using an Xchange Agent. Also, as with most of programs we tested, an administrator can use a text or voice chat feature to interact with end users in real time.
Although LapLink lacks a centralized facility to log remote-control activity and monitor and modify the application once it's out in the enterprise, it does provide a distribution utility for clients to pull the Gold Host software from a central server. We copied the setup files from the CD to a shared directory on our test network. Once there, we modified the host setup script (Setup.iss) to provide for a silent installation. The setup script let us change default connection settings, initiate security, apply licenses and install LapLink computer names. But it did not give us the fine-tuning available in pcAnywhere's network installation script and provided no central configuration for the application once it is installed on remote PCs. To change configuration, you need to reinstall the host software. Even then, the installer will not launch while the LapLink Scheduler is in memory. You need to unload it manually before installing from the network.
We had a problem logging in to a LapLink host on our Windows 2000 PCs, which started LapLink before the Windows logon. Rather than providing a handy button on the tool or task bar, like pcAnywhere, the command is hidden in the "session" pull-down menu. Alternatively, CTRL+SHIFT+D will do the trick. If this is difficult to remember, you can configure your own CAD sequence in the remote-control options. In addition, LapLink provides a "Surf Up" utility that enables end-users to access files from a remote computer using a Web browser with optional SSL security.
If you need to connect PCs outside of a network, LapLink is well-suited to the task. Although many programs provide support for modem-to-modem communication, LapLink maintains support for direct connections using serial, parallel, infrared and USB interconnects. You can even do a push install to another PC using the serial port and a null modem cable.LapLink Gold 11, $179.95/$42,575. LapLink, (800) 343-8080, (425) 483-8088. www.laplink.com
Novell ZENworks for Desktop 3.2
Novell's enterprise remote-control solution is part and parcel of ZENworks for Desktop 3.2, a complete desktop management suite. Although we did not test the entire suite, we installed NetWare 5.1 and configured ZENworks to activate and test the remote-control features.
ZENworks is not as feature-rich as pcAnywhere or LapLink, but it's easy to see why most NetWare shops choose it to control desktops. Like Altiris, it offers hardware and software inventories and central control of remote control activities. It does this through a tight integration with NDS.ZENworks did not burn up our test track for bitmap and file transfer and got no rave reviews on the memory requirements for the Novell Client software. But it did receive our top score in the network-management category and got high marks for security in its 128-bit NICI cryptographic modules.
After installing the NetWare server and ZENworks, we installed ConsoleOne 1.3.2, the software required to administer ZENworks. ZENworks uses policies grouped into packages to manage desktops. By default, there are a number of packages designed to manage users and workstations. Any these packages can contain the Remote Management Policy that enables remote control. This policy decides on the availability of remote-control features, such as chat, diagnostics, file transfer and viewing. We enabled the Remote Management Policy in the WinNT-2000 Workstation Package and associated it with our NetWare 5.1 server.
Unlike the previous versions of ZENworks, 3.2 provides an easy method to import workstations into the NDS tree for management. We activated a workstation import policy within a server policy package, associated it with our server then set a DNS alias for the server as ZENWSIMPORT. Once a user logs into the NDS tree with the Novell Client 32 and Remote Management service, his or her workstation is added to NDS for management and is ready to be controlled from the ConsoleOne screen.
The Event viewer provides detailed logs of all remote-control activities, and each host can view its remote-control history by clicking on the remote management icon in the taskbar. Also present is a "ping the remote managed machine" option, which we feel is superfluous and should have been replaced by a more useful feature, like the scanning option found in NetSupport Manager.
ZENworks provides some impressive inventory information. Specifically in regard to remote control, there is a diagnostic feature for the remote workstation. The information is separated into two parts, OS and network information. The OS diagnostics report on the memory, environment, device drivers and services running on the event log. The network diagnostics give information on the NetWare connections, network drives, print capture information and protocol information.Novell ZENworks for Desktops, $59/$59,590. Novell, (800) 453-1267. www.novell.com
uRoam FirePass 1000
The FirePass 1000 is a unique entry: It is a hardware solution contained in a 1U appliance running Linux (kernel 2.2.16). The FirePass server is a Web application server that acts as a proxy for remote access to internal resources and is accessible through HTML 3.2-and-above-compliant browsers over SSL.
Once connected, we could control Windows 32-bit desktops, transfer files, print remote documents from local printers and engage other network resources via POP3, IMAP, SSH (Secure Shell), telnet and terminal services.Like Binary Research's Remotely Anywhere and Spartacom's Linktivity, the FirePass 1000 provides remote control through a standard Web browser and requires no guest or client software. Further, its client support goes beyond Win32 systems to the RIM Blackberry, PalmOS, PocketPC and handheld phones (iMode and WAP). Browser support for Java, JavaScript and ActiveX is not necessary but will enhance the end-user experience. The FirePass remote-control solution was not as feature-rich as NetSupport Manager or pcAnywhere and did not distinguish itself from rivals in transferring bitmap files. However, it proved to be the fastest file transfer performer in our roundup and came in second in our stability test, identifying a broken communication connection in approximately 14 seconds and, after alerting us with a pop-up, closing gracefully.
uRoam's centralized remote-access solution provides authentication services using a local database or an LDAP or RADIUS server. It also offers support for Vasco's DigiPass strong, two-factor authentication. It identifies itself to remote browsers using an x509 certificate from a trusted root authority in your enterprise (our test server shipped with a Thawte certificate).
The FirePass server manages remote sessions and renders network resources through Web browsers using a suite of application modules called Webifyers. Webifyers act as the interface between network infrastructure and applications to translate user input and display output into content viewable in a remote browser. They not only provide remote-control functionality but also support legacy applications, such as 5250 and 3270 terminal emulation, and Microsoft Terminal Service, SSH, telnet and VNC access to servers. Special Webifyers also support Citrix solutions, POP3/IMAP and Microsoft Outlook and Lotus Notes.
The FirePass's network configuration can be set from a Web browser or a menu-based command line using a null-modem cable attached to the serial port. Once configured for the test network, we set up the box using intuitive Web forms. The server maintenance pages provide plenty of options that let you limit access to the administrative console by IP address, renew/replace the SSL certificate, configure SNMP agents, stop and restart services, and back up and restore the server's configuration. Other administrative functions provide for a default SMTP server, administrative e-mail alerts and firmware updates. The FirePass also includes central logging for all services along with standard and configurable reports.
Users access the FirePass in one of two modes. In "My Network" mode, users log in and have access to network resources such as e-mail, terminal sessions (telnet and 3270) and terminal services. In this mode, the FirePass is a fully functional, multiuser network client for remote administrators. The second mode, "My Desktop," lets the FirePass authenticate remote users to their desktop computers in the enterprise. Each user account requires a license. If you provide both My Network and My Desktop to one user, two licenses are required.When you create a user, the FirePass generates a private key that is used as a license key to activate the client software for remote control. The key can be mailed to users directly from the management interface and contains a URL to download the client software from the FirePass server. Once the client is installed on the desktop, it registers the license key with the server and matches it with a user. When a user authenticates to the FirePass server it knows which desktop to pass the user through for remote control and file transfer.
Together, the uRoam agents consumed 6,168 KB of RAM while dormant and 6,368 KB while active. During remote control, uRoam used less RAM than any other participant, though it did not provide as much functionality as fatter clients.
uRoam's FirePass 1000 supports 100 concurrent users and is competitively priced at $11,110. For enterprises that require more than 100 simultaneous connections, the servers can be clustered together for scalability and fault tolerance.
FirePass, $110/$11,110. uRoam, (510) 687-1616. www.uroam.com
TWD Industries Remote-Anything
Remote-Anything did exceptionally well in the file-transfer test, coming in second behind uRoam. But though TWD claims it performs faster file transfers using encryption, we weren't able to verify this in the lab because the program crashed four times during testing. It also did not fare well when transferring bitmaps at low bit rates and didn't notice that a host had been disconnected for approximately 58 seconds.
Still, Remote-Anything has a comprehensive feature set at a competitive price because TWD licenses the master program using BIOS keys to connect to unlimited hosts in the enterprise. This is unique in this product category. At $12,550 for 10 masters, TWD will not break your budget for remote control. If you factor in free updates and free technical support, you may even pocket some change for another project.
After an uneventful installation, we were able to scan the entire network with a single click and locate available hosts. After highlighting the desired host, we could remotely control it, perform file transfers or chat with the user. We could also ping the system, get a hardware inventory, engage Wake-on-LAN, reboot or uninstall the host software. Like NetSupport's, Remote-Anything's hardware-inventory options gave us detailed information about the host, including hard disk and memory usage, CPU information, IP address, MAC address and current user.
TWD includes options for compression and encryption and provides detailed log files. In addition, we could view a progress bar when connected over slow links. The bar let us know that the bitmap was still loading.We also installed TWD's Directory Server (version 1.1.4), which provides a central controller for masters and hosts and let us assign groups, manage access rights and direct SOS calls for help while providing loa- balancing and mirroring options. However, Directory Server will add to the cost (see www.twd-industries.com/en/prices.htm for a breakdown).
Weighing the few problems we encountered against TWD's small memory requirements, performance, features and very competitive price, we feel it's an entry to keep an eye on for future reviews.
Remote-Anything, $49/$12,550. TWD Industries, 33 (0)492 940 510. www.twd-industries.com
Netopia Timbuktu Pro Enteprise Edition
Netopia's Timbuktu Pro doesn't supply add-on modules for secure gateways, like NetOp Remote Control does, or Notification Servers to distribute the program, like Altiris Carbon Copy does, and did not distinguish itself in any category. But it does support multiple operating systems in the enterprise, provides all the features associated with remote control and has average memory requirements.
Timbuktu Pro's performance surprised us. Although a popular remote-control program, it only managed seventh in file transfers and sixth in bitmap transfers. Although it does have good directory integration and distribution utilities, it lacks central event handling, does not provide inventories and does not give enterprises much of a break on price, coming in at $36,360 for a 1,000 user site.
On the other hand, Timbuktu Pro is the only product in our lineup that supports Mac OS 9 and X along with Windows 98, Me, NT, 2000 and XP, and it covers all the basics to observe and control remote computers along with file transfer and chat (text and voice) utilities. Like pcAnywhere and LapLink, Timbuktu Pro provides several communication options for remote control, including LAN, ISDN, DSL, cable and direct dial-up. And not surprisingly, it is the only player to support Apple Talk in addition to IPX and TCP/IP.
Timbuktu Pro supports push or pull, unattended, scheduled network installations and offers a "Make List" program that finds all computers on a network eligible for installation or upgrade. It also lets you upgrade existing versions and push common address books and site policies to share host information and enforce configurations and security.
Timbuktu Manager is the administrative tool used to scan network computers running Timbuktu Pro. It can connect to a particular machine and change configuration to enforce standard settings throughout the enterprise. In this way, we locked down our Timbuktu Pro machines in the lab and forced them to act as hosts only. The Manager can work in MMC (Microsoft Management Console) through a Snap-It module.Timbuktu Pro uses local security to restrict or grant privileges to end-users or site keys. Site keys are used mainly to restrict access between onsite and offsite users. But different site licenses can be created for NT Domain or Active Directory accounts and deployed through the Netinstaller to centralize administrative rights.
Timbuktu Pro Enterprise Edition, $55/$36,360. Netopia. (800) 485-5741, (972) 855-6600. www.timbuktupro.com
Funk Software Proxy Remote Control 4.0
Funk Proxy provided respectable performance in bitmap transfers, but it wound up at the bottom of the pack in file transfer and did not distinguish itself in our ERD test. It also had a fairly hefty memory requirement of 11,072 KB RAM while dormant and 12,072 KB while active. Its saving grace was a competitive price of $25,250 for 1,000 users and 10 support staff.Funk delivers two separate remote-control software suites, the Proxy 4.0 and the Proxy Control Gateway. Proxy 4.0 is the full-featured remote-control solution. The Gateway suite is aimed at enterprise environments that need a recording feature for remote control and some centralized control. By design, it does not have basic features offered in Proxy 4.0, including file transfer, encryption and remote printing. We were very surprised that a Gateway Control Host does not require any authentication from a master to access any PC defined by the Host Gateway. This task can be accomplished by simply obtaining the gateway's IP Address.
Installation of both suites was hassle free but, unlike pcAnywhere and LapLink, Funk Proxy's default configuration isn't secure. Users, passwords, encryption and other security settings need to be set up manually. Until that is accomplished, any master can control any host. Security features include the use of the station name and a simple password or NTLM authentication as well as standard options to require hosts to accept connections and a lockout feature. It also provides a time limit for connections.
File transfer continues to be a weak point for Proxy 4.0. In our previous review we stressed the fact that Proxy's File Transfer option will overwrite existing files. This continues today. All our other participants provide dialog boxes that warn before overwriting files. Funk does provide standard file and directory management for remote PCs but fails to provide any enhancements to its previous version, such as directory synchronization and delta transfers. We were also surprised to find that some of the software features do not work as advertised. The Blank Host Screen option, for example, works only with Windows 98. Otherwise, the feature suppresses only the mouse and keyboard control on the host. Also, the Copy Text option failed in all our tests.
Like NetSupport Manager and PC-Duo, Proxy has a cycling monitor that runs through different hosts at configured time intervals. Administrators will find this tool an excellent addition to their monitoring toolkits, but it would be nice if you could take control of a host from the cycling option without exiting and initiating a remote control session when you identify a problem.
With its low price and passing performance, Funk continues to be popular with enterprises and individuals needing basic remote-control features. But if you're looking for increased central control, better performance and more security you may need to get out your checkbook.Proxy Remote Control 4.0, $175/$25,250. Funk Software, (617) 497-6339, (800) 828-4146. www.funk.com
Linktivity WebInteractive 2.0
Most remote-control programs require a control, or guest, program for the helpdesk or the remote user and a host program for the corporate desktop. But with SpartaCom's Linktivity WebInteractive, you don't need to install any software on either side. All you need is a Web browser, and your sales or service and support team will be talking with and helping customers and employees in no time.
Linktivity's remote control is not a program for end users to maintain connections with their corporate desktops. Like Altiris' Carbon Copy, it is a component in a client-server package. Linktivity is aimed at sales and helpdesk support to communicate and help customers and employees. We installed the Linktivity "connectionpoint" on a Windows 2000 Advanced Server. Prerequisites included IIS and an SMTP server for operation. We used an existing SMTP server in the lab for the testing and skipped to the IIS configuration. Configuration then went smoothly, and Linktivity was available for service and support.Compared with most rivals' GUIs, Linktivity's visual appeal is stunning. We quickly forgot some of the complexities of the installation and moved to performance.
Linktivity reached the top of the mark in our bitmap-transfer test, beating out LapLink, Symantec and NetSupport. It was also a top performer in our stability test, identifying and coping with a broken communication link under 20 seconds. With a similar pricing model as TWD, Linktivity's cost for 1,000 users was based on the number of agents or support staff. At 10 users, the cost was beat only by our freebies: Microsoft and TridiaVNC. But in file transfer testing, it dropped down to ninth position and, with a browser, Linktivity is our heaviest remote control program in operation (23,860 KB). But remember, there is no persistent client to install or maintain on either side of remote-control operations. On the server side, Linktivity offers some cool features, such as graphical gauges to monitor caching, compression ration and bytes per second. It also provides central control and live statistics for all connections made between hosts and masters.
However, when we drilled down to remote control, Linktivity lacked some very common features that its rivals provide. For example, Linktivity cannot broadcast previously recorded sessions. Also, when it comes to file transfers, Linktivity lacks drag-and-drop capabilities, delta file transfers, crash recovery and folder synchronization, and it does not restrict access to the file system.
Hosts can be controlled in two ways. They can invite a master via e-mail or request help by filling out a Web form on the server. The request is then sent to a queue to await an available representative. An audible message acknowledges queue status. A master accepts the invitation for remote control, and the server enables the parties to engage in remote control, file transfers, co-browsing (browse the same Web sites), and chat using voice or text. The host, however, must approve of the controlled sessions and file transfers, and the sessions do not support screen blanking or locking of the keyboard and mouse. Although these are security features in our other remote-control packages, their disability in Linktivity reflects its customer-oriented design.
WebInteractive 2.0, $1,499/$8.999. Linktivity, a division of SpartaCom Technologies. (800) 809-1245. www.linktivity.comTridiaVNC 1.5 (32-bit Windows)/1.4 (Unix/Linux)
If you need remote control in a pinch, TridiaVNC is one place to go. It's a free download and it does the job. But don't be fooled: Although it provides encryption for passwords, it lacks encryption for the data stream.
It also came in last, by a long shot, in our bitmap transfers. And if you're looking to transfer files, the free version won't do. You'll have to upgrade to the Pro version for $49 per user. For 1,000 users, that will come close to Funk Proxy's price tag.
AT&T Research Laboratories developed VNC (Virtual Network Computing) as an open-source software product under the GNU Public License. This means that you can obtain the source code and modify it to suit your needs. Tridia charges you a little bit extra for its packaged version, documentation and support, but VNC is freely available elsewhere on the Web (see www.sourceforge.net).VNC comes in two parts, a VNC server and a VNC viewer. As the names indicate, the server is the host. The viewer, or master, can also be started in listen mode to accept connections initiated by a server. VNC also runs as a service under Windows, and in the absence of a viewer, a host can be remotely controlled via a Web browser.
Tridia has made VNC installation a breeze under Windows, Linux and Unix (AIX,HP-UX and Solaris). VNC on Linux usually runs on the display you specify. Forexample, we used vncserver :1 so that the Linux computer accepted connections onour default display 1. You may also modify the ~/.vnc/xstartup file to customizethe windows manager and display.
VNC lacks a utility to scan the network for hosts advertising remote-controlavailability, but it did not take us long to find a utility called VNC AdminConsole 1.0.21 (www.mast-computer.de). VNC Admin let us specify a range of IPaddresses to scan for VNC servers.
Performance under Linux is much better than in a Windows environment. Forexample, under Windows, we scrolled down a couple of pages in a word document ona host and noticed a slow, choppy screen refresh. Under Linux, the same actionproved to be fast and smooth.
TridiaVNC Pro adds some import features for enterprises and supportsauthentication using LDAP, NTLM and NDS. It also adds a Java-based console thatlets you scan for PCs running the VNC server and encryption for the data stream.Finally, it provides a deployment utility and facility to maintain centralconfigurations and updates. But it lacks file transfer and text/voice chats.TridiaVNC, free. Tridia Corp., (800) 582-9337, (770) 428-5000. www.tridiavnc.com
Microsoft Windows XP Remote Desktop Connection, Remote Assistance
Wondering what Microsoft Windows XP is doing in this review of sophisticated remote-control software? Windows XP provides some basic remote control features using two applications: Remote Desktop Connection and Remote Assistance. Because it is free with a Windows XP license we compared it to the best to see what it had to offer. And it was, well, the worst.
Remote Desktop and Assistance use the Remote Desktop Protocol (RDP) 5.1. Hosts are restricted to the Windows XP OS, but clients can be any 16- or 32-bit Windows OS. Remote Desktop/Assistance outperformed Novell, Netopia, TWD-Industries and TridiaVNC in bitmap transfers, but it carried last place in file transfers, hands down. And it weighed in with almost the heaviest memory requirements while dormant on the desktop: 13,968 KB. Novell got the heavyweight award.The Remote Desktop Connection feature is available only in the Professional edition and is disabled by default. Once we enabled it from the "remote" option in the system properties we could control hosts using Remote Desktop Client (RDC) software. RDC is preinstalled on XP computers, but it can also be added using the setup program from the XP installation CD or downloaded from Microsoft's Web site. Note that a master can make multiple outbound connections to monitor more than one host at a time, but only one master can monitor any single host. In short, one-to-many is OK. Many-to-one is not.
When you engage the remote desktop, the local machine is automatically locked to prevent anyone from making changes during the control session. You can optimize slower connections by adjusting the desktop size and display settings, and you can transfer files by copying and pasting them. Remote Desktop lives up to its name. Local drives, printers and serial ports were available; we could even play audio files on the host and enjoy them on the master. We were impressed, but it didn't seem to help Bob Dylan's voice much.
Remote Assistance is one of the coolest features we've seen from Redmond since Windows for Workgroups. It lets local and remote users see and control the same screen in real time. Here's how it works. A "novice" looking for help clicks on the "Help and Support Center" tab in the Start Menu to seek an "expert." There are three ways of calling for help: Invitation using MSN Messenger, an e-mail invitation using Outlook Express or by sending a file. Messenger lets the so-called expert, or master, take immediate control of the computer requesting help. The other options are less than immediate.
The expert answering an e-mail invitation has to open an attachment containing a 904-byte file called RAInvitation.msrcIncident to engage in remote control. For security, Remote Assistance lets you select an expiration period for the invitation, and you can require a password.
These applications cannot be compared with some of the advanced products, but the package is included in the Windows XP installation package. As a result, it will get wide distribution and, unless it gets better, little use.
Remote Assistance feature in Microsoft Windows XP, included in OS. Microsoft, (800) 936-5700, (425) 882-8080. www.microsoft.com
The estimated cost to manually support 2,500 desktops over a three-year period at best would be greater than $650,000, at worst $5.5 million, according to Gartner. This is based on the number, complexity and types of calls and the time needed to address each call. It does not include costs of dispatching technicians, user downtime, and the salaries of support personnel, who comprise the bulk--35.9 percent--of internal IT staffers.That's why you need remote-control software. It can reduce the cost of supporting client desktops, cut the cost of server administration and make your telecommuters more productive. Even small companies that have extended their reach via the Web are seeing a spike in consumer demand for more interactive online support methods. E-mail doesn't cut it if your competitor has instant-chat capabilities.
We gathered a herd of remote-control tools, best-of-breed products as well as components of desktop-management suites. Not surprisingly, best-of-breed solutions held the top spots. NetSupport Manager took top honors because of its excellent performance, enterprise-class deployment and manageability, and reasonable price.
We tested these remote-control products at our Syracuse University Real-World Labs®. Performance tests determined screen-refresh rates between masters and hosts by transferring bitmap images during remote control sessions. File transfer performance was tested by transferring document files between masters and hosts. To grade each product, we combined the raw performance with an analysis of the features. We also tested for error recovery and detection and verified that clear text was not passed in the authentication and the data streams during encrypted sessions.
To test features and functionality, we installed, where necessary, NOS support. For performance testing, we used two Dell Computer GX-1 workstations (500 MHz). The GX-1s ran Microsoft Windows 2000 Professional. When possible, we turned off caching. When that was not possible, as with Web browser remote control, we stopped and started sessions and cleared cache between sessions. We inserted a Shunra Storm STX-100 between the workstations to emulate traffic at 56 Kbps--the slow speed provided a level playing field for testing screen-refresh and file-transfer capabilities.
For screen-refresh testing, we used a pallettized bitmap file with 8-bit color depth (223 KB) and three true-color RBG bitmaps at 24-bit color depth to transfer between master and host computers. For file-transfer testing, we used document files that ranged in size from 297 KB to 5,229 KB in several formats. Each file was transferred between guest and host three times with and without encryption.
For the most part, we found no noticeable difference in performance for encrypted and nonencrypted sessions. Because each program provided various options for exchanging keys and encrypting data, we disabled encryption to put each product at the same starting point. However, the products from Novell, Spartacom Technologies and uRoam defaulted to encrypted sessions, but this did not seem to hinder their performances.To determine error recovery and detection, we unplugged the two test computers from the Shunra Storm and connected them to a 100-Mbps hub. We started a remote-control session and a file-transfer session for each program and unplugged the host from the hub. We did this three times for each product and averaged the three tests.
To test whether these applications encrypted the authentication and data stream to prevent clear text from passing on the wire, we used WildPackets EtherPeek NX 1.0.0 to capture and analyze all packets transferred between guests and hosts while connected to a 100-Mbps hub. For the Novell, Spartacom Technologies and uRoam products, we added the server into our packet-capture sequences.
Finally, we looked at the memory usage on hosts to determine the cost of remote control on corporate desktops and servers. We were careful to compare apples with apples in the memory requirements. For both Altiris and Novell ZENworks, we included the base client footprint and the remote control applications. Other components of the packages were not included in the calculation. Memory usage was measured while the programs were in memory and dormant (no remote-control session active) and active in a remote-control session.
R E V I E WRemote-Controlled Software Part I
Sorry,
your browser
is not Java
enabled
Welcome to
NETWORK COMPUTING's Interactive Report Card, v2. To launch it, click on the Interactive Report Card ® icon above. The program components take a few moments to load.Once launched, enter your own product feature weights and click the Recalc button. The Interactive Report Card ® will re-sort (and re-grade!) the products based on the new category weights you entered.
Click here for more information about our Interactive Report Card ®.
Note: due to the unusually large number of products in this review, we've split the interactive report card into two groups of seven for easier viewing.
(click to enlarge)
R E V I E W
Remote-Controlled Software Part I
Sorry,
your browser
is not Java
enabled
------------------->
Welcome to
NETWORK COMPUTING's Interactive Report Card, v2. To launch it, click on the Interactive Report Card ® icon above. The program components take a few moments to load.
Once launched, enter your own product feature weights and click the Recalc button. The Interactive Report Card ® will re-sort (and re-grade!) the products based on the new category weights you entered.
Click here for more information about our Interactive Report Card ®.Note: due to the unusually large number of products in this review, we've split the interactive report card into two groups of seven for easier viewing.
(click to enlarge)
You May Also Like