Remote Desktop are you doing IT wrong?

Remote Desktop – are you doing IT wrong?       Remote Desktop – are you doing IT wrong?     A  feature  comparison  of  Remote  Desktop  Connec...
1 downloads 0 Views 1MB Size
Remote Desktop – are you doing IT wrong?

 

   

Remote Desktop – are you doing IT wrong?  

  A  feature  comparison  of  Remote  Desktop  Connection  Managers  for     Systems  Administrators  running  Windows  on  their  desktops          

By  Eugene  Kalayev,  Smart-­‐X   MCT,  MCITP,  CCNP,  CCA   Smart-­‐X  2012  ©

1

Remote Desktop – are you doing IT wrong?

   

Preface I  have  downloaded  and  installed  Royal  TS,  VisionApp,  Remote  Desktop  Manager,  ControlUp,  RDCMan,   mRemote  and  Terminals.  As  often  done  by  my  IT  colleagues,  I  read  no  manuals  and  took  them  for  a   test  drive.  In  this  article  you  will  find  my  take  on  the  pros  and  cons  of  these  utilities  and  a  note  on   common  system  management  tactics  when  approaching  the  management  of  complex  IT  systems.

             

 

Part One: Remote Desktop Connection managers overview Ever  since  the  early  ages  of  Windows  and  Terminal  Services  deployments,  Remote  Desktop  has  been   an  essential  component  of  enterprise  computing.  Indeed,  the  ability  to  gain  full-­‐desktop  access  to  any   Windows  system  connected  to  a  network  has  numerous  uses  in  organizational  IT,  many  of  which  are   constantly  being  taken  to  new  heights  by  products  like  Citrix  XenApp,  XenDesktop,  VMware  View,   Microsoft  RemoteApp  and  many  others.  Many  protocols  (RDP,  ICA/HDX,  VNC,  PCoIP,  etc.)  and   architecture  types  (cloud-­‐based  such  as  TeamViewer  and  LogMeIn,  on-­‐premises  solutions  such  as   Royal  TS  and  Dameware)  are  used  for  remote  support,  application  delivery,  work  from  home  and  other   tasks.  Whatever  your  platform  of  choice,  the  underlying  principle  stays  the  same  –  as  long  as  you  have   IP  connectivity  and  sufficient  rights,  physical  distance  should  not  prevent  you  from  accessing  any   machine,  and  that’s  great.   (For  an  exhaustive  list  of  remote  desktop  technologies  check  out  this  Wikipedia  article).   Remote  Desktop  (I’ll  use  this  term  loosely,  including  various  solutions  and  protocols)  is  very  useful  for   administration  purposes  as  well,  which  explains  the  flourishing  market  of  connection  managers,  most   Smart-­‐X  2012  ©

2

Remote Desktop – are you doing IT wrong?

of  which  are  management  consoles  designed  to  aggregate  multiple  Remote  Desktop  connections  in  a   single  window.  Often  many  other  management  features  are  under  the  hood,  and  we’re  here  to  help   you  figure  out  what’s  best  for  your  needs.  A  quick  browse  through  Alternativeto.net  reveals  a  great   wealth  of  products,  such  as  Royal  TS,  VisionApp,  Remote  Desktop  Manager,  ControlUp,  Dameware,   mRemote  and  RealVNC  to  mention  just  a  few  popular  ones.   Here’s  a  quick  test  to  find  out  whether  you  need  a  connection  manager.  If  you  have  multiple  Remote   Desktop  connection  windows  open,  some  disconnected  and  some  have  unidentifiable  IP  addresses  and   cryptic  names  on  them,  record  one  point.  When  you  click  the  Windows  Start  Menu,  do  you  sometimes   forget  which  machine  are  you  on?  If  the  answer  is  yes  and  you  haven’t  been  drinking,  record  another   point.  Does  your  user  account  have  multiple  disconnected  sessions  on  many  servers  in  your   environment,  some  of  which  have  been  idle  for  ages?  There  you  go,  have  another  point.  One  more  if   you  are  regularly  using  RDP  in  RDP,  and  an  extra  point  if  you  do  RDP  inside  RDP  inside  RDP  or  a   virtualization  host’s  console  inside  a  remote  access  protocol  session.   So  you  have  decided  that  you’ve  had  enough  of  switching  between  numerous  Remote  Desktop   connections.  Now,  what  should  you  expect  of  a  connection  manager?  Almost  every  one  of  these   products  includes  a  handy  way  of  configuring  multiple  connections  and  switching  between  machines   (with  a  folder  tree  view  and/or  tabs),  and  a  password  vault  that  allows  for  saving  credentials  and  thus   speeding  up  the  connection  process.  Let’s  call  these  core  features,  without  which,  well,  it’s  not  really  a   connection  manager.  Now,  it’s  time  to  find  out  which  protocols  are  supported.  If  you  have  a  mostly-­‐ Windows  environment,  you  will  probably  use  RDP  connections  most  of  the  time.  I  would  say  my   personal  runners-­‐up  would  be  Citrix,  Telnet,  SSH  and  Remote  Assistance.  Protocol  support  varies  for   different  products,  here’s  a  small  summary.  I’ll  focus  on  Windows-­‐based  products  this  time,  although   it’s  worth  noting  that  RoyalTS  now  has  a  version  for  Mac  OS  and  iPhone  as  well.

Smart-­‐X  2012  ©

3

Remote Desktop – are you doing IT wrong?

  So  the  winner  in  this  category  is  Remote  Desktop  Manager  by  Devolutions,  due  to  the  richest  collection   of  supported  connection  types,  which  include  such  popular  cloud-­‐based  solutions  as  TeamViewer  and   LogMeIn.  Here’s  a  screenshot  of  their  “Add  Session”  window,  showing  part  of  this  variety:  

Smart-­‐X  2012  ©

4

Remote Desktop – are you doing IT wrong?

  This  being  said,  protocol  support  is  not  the  whole  story.  If  RDP  is  dominating  your  environment,  you   might  not  care  too  much  for  the  variety  of  protocols  offered.  Perhaps  in  that  case  the  productivity   enhancing  features  offered  by  the  different  products  would  be  of  more  interest.  In  the  next  section,    I   will  compare  the  approaches  used  by  different  connection  managers  to  import  and  organize  multiple   connections  and  credentials  to  keep  the  admin’s  efficiency  at  its  peak.      

Part Two: Everything in its right place: Importing and Organizing Remote Desktop connections.   Let’s  now  compare  the  approaches  taken  by  different  products  to  organize  and  arrange  your   connections.  With  no  exception,  all  products  offer  a  tree  view  to  arrange  all  your  connections.  This   Smart-­‐X  2012  ©

5

Remote Desktop – are you doing IT wrong?

arrangement  method  offers  the  advantage  of  hierarchy  and  inheritance  of  different  connection   properties.  For  example,  you  might  want  to  create  a  folder  for  all  your  servers  (or  servers  of  a   particular  type),  configure  credentials  and  other  connection  settings,  and  inheritance  will  make  the   addition  of  new  connections  a  matter  of  seconds.  The  surveyed  products  did  not  differ  much  in  this   aspect,  all  having  their  versions  of  the  tree  view  for  different  connections.  Devolutions  and  visionApp   both  show  stored  credentials  in  the  tree  as  well,  while  the  tree  in  RoyalTS  also  includes  different  tasks   for  quick  access,  which  we’ll  mention  later.   Before  we  go  on,  just  a  quick  note  on  the  user  interface  of  these  products.  All  of  them  have  their  own   visual  styles  for  different  tastes,  but  I  really  would  like  to  point  out  the  beautiful  interface  of  RoyalTS.  I   found  it  sleek,  clear  and  overall  pleasant  to  look  at.  As  an  antithesis,  Terminals  has  a  rough-­‐looking  UI   which  looks  like  it  was  never  thoroughly  planned  (as  often  happens  with  open-­‐source  apps).   Adding / importing connections to the console Using  the  products  surveyed  above,  I  have  tested  the  functionality  offered  by  the  different  products  to   import   and   create   connections,   while   focusing   on   bulk   operations   and   maximum   environment   integration.  Let’s  take  a  look  at  the  results.   So  how  would  you  add  your  favorite  remote  connections?  The  most  straightforward  methods  would  be   to  scan  your  environment  (network  or  Active  Directory).  Another  way  would  be  to  provide  a  file  with   names  of  all  your  favorite  machines.  As  you  will  see,  different  product  support  different  file  formats  for   import   and   export   (I   have   omitted   the   native   format   for   each   solution,   support   for   which   seems   obvious).     Also,   I   know   sysadmins   sometimes   find   it   handy   to   add   machines   by   providing   a   range   of   names  (say  Server01-­‐Server99),  which  I  found  only  in  Microsoft’s  product.               Smart-­‐X  2012  ©

6

Remote Desktop – are you doing IT wrong?

Here  is  a  support  matrix  for  all  the  popular  import  methods  I  could  find:  

    Again,   Devolutions   Remote   Desktop   Manager   offers   a   substantial   variety   of   supported   formats   (including   Office   documents!),   in   addition   to   being   aware   of   various   competitors’   file   formats,   which   is   impressive.  ControlUp  offers  the  unique  ability  to  scan  Active  Directory  domains  and  forests  that  your   Smart-­‐X  2012  ©

7

Remote Desktop – are you doing IT wrong?

computer  does  not  belong  to  or  trust,  which  may  come  in  handy  in  complex  environments.   However,  I  have  to  select  the  open-­‐source  Terminals  for  winner  in  this  category.  Two  main  reasons  are:    

  A. This  cool  built-­‐in  port  scanner.  By  scanning  an  IP  address  range  for  services  listening  on  popular   ports,  you  can  add  computers  that  are  ready  and  available  for  connection,  with  the  appropriate   connection  type  detected  and  saved  automatically.  I  liked  this  feature  a  lot  (mRemote  has  a   similar  feature,  too  bad  it’s  buried  in  [right-­‐click  a  folder]>Tools  >  Import/Export  >  Import  from   Port  Scan).   B. Upon  first  launch,  Terminals  offered  to  import  all  my  most  recently  used  RDP  connections  from   the  registry,  which  got  me  started  with  dozens  of  relevant  connections  within  seconds.  That’s   what  I  call  a  smart  and  useful  out-­‐of-­‐the-­‐box  behavior.   I  think  a  few  words  are  due  about  collaboration  between  several  systems  administrators  in  the  same   organization  connecting  to  the  same  machines  and  sharing  connection  details.  While  in  all  products   surveyed  above  you  can  just  share  the  configuration  files  and  send  to  your  colleagues,  some  products   take  a  more  advanced  approach.  In  visionApp’s  Environment  Wizard  you  can  configure  a  SQL  database   for  saving  (and  sharing)  program  data.  Visionapp  also  deserves  kudos  for  their  “synchronize”  option,   which  allows  for  a  folder’s  content  to  be  dynamically  updated  from  Active  Directory,  VMware  or  a  file,   thus  keeping  the  server  list  up  to  date  for  multiple  admins.  Devolutions  offer  separate  server  packages   for  storing  program  data  centrally,  both  on-­‐premises  and  in  the  cloud,  while  supporting  popular  cloud   platforms,  such  as  Amazon  S3,  Dropbox  as  well  as  database  formats.  In  addition,  their  Online  Backup   option  allows  you  to  keep  a  spare  copy  of  your  configuration  in  the  cloud.   Smart-­‐X  2012  ©

8

Remote Desktop – are you doing IT wrong?

Once  you  have  imported  and  arranged  all  of  your  machines  neatly  in  their  folders,  it’s  time  to  test-­‐ drive  the  features  offered  by  our  connection  managers  beyond  simple  remote  connections.  

Part 3: Remote Desktop and beyond: Management and monitoring features. In  parts  1  and  2  of  this  document,  I  have  compared  several  remote  desktop  connection  managers,   focusing  on  their  protocol  support,  import  capabilities  and  collaboration  features.  Now  it’s  time  to   attend  to  the  extras  –  the  features  which  sys  admins  may  find  useful,  besides  the  core  functionality  of   Remote  Desktop.   Most  of  the  products  offer  the  ability  to  run  basic  command-­‐line  tools,  such  as  ping  or  tracert  against   the  machines  you  added  to  the  console.  Also,  a  systems  administrator  might  sometimes  want  to  invoke   some  management  tools,  such  as  Event  Viewer,  Services  or  Registry  Editor  from  inside  the  connection   manager.  Sometimes  these  commands  and  tasks  need  to  be  executed  just  before  or  just  after  you   establish  a  connection,  so  task  sequencing  is  also  of  interest  (For  example,  when  investigating  how   come  a  cranky  Terminal  box  doesn’t  feel  like  accepting  sessions  this  morning).                       Smart-­‐X  2012  ©

9

Remote Desktop – are you doing IT wrong?

Let’s  take  a  look  at  the  feature  matrix  for  management  tools  and  other  extras.  (At  this  point,  let’s  set   aside  Microsoft’s  Remote  Desktop  Connection  Manager,  which  doesn’t  really  offer  any  tools  besides   plain  RDP)  

 

Smart-­‐X  2012  ©

10

Remote Desktop – are you doing IT wrong?

As   you   have   probably   noticed,   some   of   the   cells   have   weird   gray   checkmarks   in   them.   I’ll   explain.   Terminals’  Networking  Tools  have  some  grey  spots  since  many  of  them  are  not  really  designed  to  run   against   your   target   machines   (for   instance,   tools   such   as   Interfaces   and   Connections   are   local   only,   while   System   Information   requires   a   manual   WMI   connect   to   each   machine).   Programs   that   have   a   grey   checkmark   in   the   “Multi-­‐target   tasks”   perform   multi-­‐target   commands   as   disjoint   single-­‐target   tasks,   for   example   if   I   send   a   restart   command   to   ten   computers   and   each   one   has   an   error,   I   will   receive  ten  error  messages  which  I’ll  have  to  patiently  dismiss  one  by  one.  ControlUp  is  the  only  one  of   the   products   surveyed   here   which   is   able   to   perform   the   tasks   in   parallel,   report   their   progress   and   present  the  results  in  a  manageable  form,  so  creating  a  registry  key  or  stopping  a  service  on  a  hundred   servers  feels  absolutely  similar  to  doing  so  on  one  server  or  ten.     If  you  are  using  RDP  to  connect  to  remote  computers  access  to  which  requires  a  VPN  connection  to  be   dialed,  you  will  likely  find  the  “Pre/post  connection  tasks”  useful.     Please  note  the  bold  “Custom  Command  execution”  column.  A  checkmark  in  it  means  that  the   software  allows  any  executable  to  be  configured  as  a  custom  task.  In  theory,  that  means  other  tasks   marked  as  unavailable  may  actually  work  with  this  option.  While  this  is  true  for  console-­‐side  tasks  such   as  ping,  this  does  not  include  tasks  performed  at  the  remote  computer.  By  “Remote  custom  command   execution”  I’m  referring  to  the  scenario  when  you  need  an  arbitrary  executable  to  run  on  the  remote   computers,  as  opposed  to  local  execution  on  your  desktop  (for  example  running  ipconfig  /flushdns  on   a  dozen  remote  machines).  These  tasks  are  only  supported  by  ControlUp  via  a  remote  agent,  just  like   good  old  PSexec  but  in  a  GUI.  

Part 4: System Management and Monitoring with Remote Desktop - Are you doing IT wrong? In  parts  1,  2  and  3  of  this  article,  you  are  familiar  with  the  core  functionality  and  workstyle  offered   by  several  existing  Remote  Desktop  management  programs.  Now  I  would  like  to  offer  you  my  take  on   a  common  inefficient  practice  in  Windows  systems  management,  which  may  be  easy  to  get  involved  in   once  you  have  found  the  Remote  Desktop  manager  of  your  dreams.   Smart-­‐X  2012  ©

11

Remote Desktop – are you doing IT wrong?

Both  as  a  consultant  and  as  an  IT  trainer,  I  was  approached  many  times  with  technical  questions  which   made  me  wonder  what  the  real  challenge  at  hand  is.  For  example,  when  an  IT  guy  asks  something  like   “How  do  I  set  a  login  script  to  run  as  Local  System?”,  I  have  learned  not  to  resist  the  urge  to  ask   “What  is  it  exactly  that  you  would  like  to  achieve  ?”.  I  would  like  to  suggest  that  the  same  logic   applies  to  many  management  and  monitoring  challenges,  especially  when  you’re  dealing  with  multiple   machines.  In  other  words,  if  once  finished  with  the  article  you  choose  a  connection  manager,  add  20   servers  and  log  into  each  and  every  one  of  them  to  run  a  command  or  check  a  piece  of  system  info,   then  YOU’RE  DOING  IT  WRONG!     To  quote  Maslow,  it  is  tempting,  if  the  only  tool  you  have  is  a  hammer,  to  treat  everything  as  if  it  were   a  nail.  And  in  our  case,  it  can  indeed  be  tempting  to  use  a  connection  manager  for  parallel   management.  Example:  you  need  to  restart  a  service  on  three  machines.  If  you  cannot  quickly  come  up   with  a  command  line  solution,  it  can  be  quite  tempting  to  log  into  the  boxes  one  by  one  and  get  it  over   with  (especially  if  you’re  charging  by  the  hour  ;).  The  dilemma  gains  strength  as  you  face  a  similar  task   to  be  performed  on  ten  servers,  or  perhaps  a  hundred.  Again,  savvy  scripters  will  surely  find  a  cure…  or   just  do  the  10  servers  manually  while  no-­‐one  is  looking.   Regardless  of  your  choice  of  a  Remote  Desktop  connection  manager,  if  you  prefer  an  all-­‐in-­‐one  multi-­‐ target  management  solution,  you  should  definitely  check  out  ControlUp.  While  it  may  not  be  the  most   sophisticated  Remote  Desktop  connection  manager,  you  may  be  surprised  by  its  powerful  approach  to   managing  multiple  machines,  and  just  may  be  the  right  tool  for  your  job.               Smart-­‐X  2012  ©

12

Remote Desktop – are you doing IT wrong?

Last  but  not  least,  I’ll  now  summarize  the  Remote  Desktop  connection  managers  from  the  commercial   perspective.  There  will  be  no  summary  recommending  the  perfect  product,  but  hopefully  this   comparison  has  provided  you  with  some  material  for  thought  that  will  help  you  choose  your  favorite   management  companion.

  Smart-­‐X  2012  ©

13

Remote Desktop – are you doing IT wrong?

Web pages for surveyed products : Devolutions:  http://remotedesktopmanager.com/   visionApp:  http://www.visionapp.com/germany/solutions/asg-­‐remote-­‐desktop.html   mRemote:  http://www.mremote.org/   ControlUp:  http://www.smart-­‐x.com/controlup/   Terminals:  http://terminals.codeplex.com/   Microsoft  RDCMan:  http://www.microsoft.com/en-­‐us/download/details.aspx?id=21101   RoyalTS:  http://www.royalts.com  

See also:      Wiki  –  List  of  Remote  Desktop  Software:           http://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software        AlternativeTo.Net  –  Remote  Desktop:   http://alternativeto.net/SearchResult.aspx?search=tag:remote-­‐desktop    

Smart-­‐X  2012  ©

14