Remote Desktop – are you doing IT wrong?
Remote Desktop – are you doing IT wrong?
A feature comparison of Remote Desktop Connection Managers for Systems Administrators running Windows on their desktops
By Eugene Kalayev, Smart-‐X MCT, MCITP, CCNP, CCA Smart-‐X 2012 ©
1
Remote Desktop – are you doing IT wrong?
Preface I have downloaded and installed Royal TS, VisionApp, Remote Desktop Manager, ControlUp, RDCMan, mRemote and Terminals. As often done by my IT colleagues, I read no manuals and took them for a test drive. In this article you will find my take on the pros and cons of these utilities and a note on common system management tactics when approaching the management of complex IT systems.
Part One: Remote Desktop Connection managers overview Ever since the early ages of Windows and Terminal Services deployments, Remote Desktop has been an essential component of enterprise computing. Indeed, the ability to gain full-‐desktop access to any Windows system connected to a network has numerous uses in organizational IT, many of which are constantly being taken to new heights by products like Citrix XenApp, XenDesktop, VMware View, Microsoft RemoteApp and many others. Many protocols (RDP, ICA/HDX, VNC, PCoIP, etc.) and architecture types (cloud-‐based such as TeamViewer and LogMeIn, on-‐premises solutions such as Royal TS and Dameware) are used for remote support, application delivery, work from home and other tasks. Whatever your platform of choice, the underlying principle stays the same – as long as you have IP connectivity and sufficient rights, physical distance should not prevent you from accessing any machine, and that’s great. (For an exhaustive list of remote desktop technologies check out this Wikipedia article). Remote Desktop (I’ll use this term loosely, including various solutions and protocols) is very useful for administration purposes as well, which explains the flourishing market of connection managers, most Smart-‐X 2012 ©
2
Remote Desktop – are you doing IT wrong?
of which are management consoles designed to aggregate multiple Remote Desktop connections in a single window. Often many other management features are under the hood, and we’re here to help you figure out what’s best for your needs. A quick browse through Alternativeto.net reveals a great wealth of products, such as Royal TS, VisionApp, Remote Desktop Manager, ControlUp, Dameware, mRemote and RealVNC to mention just a few popular ones. Here’s a quick test to find out whether you need a connection manager. If you have multiple Remote Desktop connection windows open, some disconnected and some have unidentifiable IP addresses and cryptic names on them, record one point. When you click the Windows Start Menu, do you sometimes forget which machine are you on? If the answer is yes and you haven’t been drinking, record another point. Does your user account have multiple disconnected sessions on many servers in your environment, some of which have been idle for ages? There you go, have another point. One more if you are regularly using RDP in RDP, and an extra point if you do RDP inside RDP inside RDP or a virtualization host’s console inside a remote access protocol session. So you have decided that you’ve had enough of switching between numerous Remote Desktop connections. Now, what should you expect of a connection manager? Almost every one of these products includes a handy way of configuring multiple connections and switching between machines (with a folder tree view and/or tabs), and a password vault that allows for saving credentials and thus speeding up the connection process. Let’s call these core features, without which, well, it’s not really a connection manager. Now, it’s time to find out which protocols are supported. If you have a mostly-‐ Windows environment, you will probably use RDP connections most of the time. I would say my personal runners-‐up would be Citrix, Telnet, SSH and Remote Assistance. Protocol support varies for different products, here’s a small summary. I’ll focus on Windows-‐based products this time, although it’s worth noting that RoyalTS now has a version for Mac OS and iPhone as well.
Smart-‐X 2012 ©
3
Remote Desktop – are you doing IT wrong?
So the winner in this category is Remote Desktop Manager by Devolutions, due to the richest collection of supported connection types, which include such popular cloud-‐based solutions as TeamViewer and LogMeIn. Here’s a screenshot of their “Add Session” window, showing part of this variety:
Smart-‐X 2012 ©
4
Remote Desktop – are you doing IT wrong?
This being said, protocol support is not the whole story. If RDP is dominating your environment, you might not care too much for the variety of protocols offered. Perhaps in that case the productivity enhancing features offered by the different products would be of more interest. In the next section, I will compare the approaches used by different connection managers to import and organize multiple connections and credentials to keep the admin’s efficiency at its peak.
Part Two: Everything in its right place: Importing and Organizing Remote Desktop connections. Let’s now compare the approaches taken by different products to organize and arrange your connections. With no exception, all products offer a tree view to arrange all your connections. This Smart-‐X 2012 ©
5
Remote Desktop – are you doing IT wrong?
arrangement method offers the advantage of hierarchy and inheritance of different connection properties. For example, you might want to create a folder for all your servers (or servers of a particular type), configure credentials and other connection settings, and inheritance will make the addition of new connections a matter of seconds. The surveyed products did not differ much in this aspect, all having their versions of the tree view for different connections. Devolutions and visionApp both show stored credentials in the tree as well, while the tree in RoyalTS also includes different tasks for quick access, which we’ll mention later. Before we go on, just a quick note on the user interface of these products. All of them have their own visual styles for different tastes, but I really would like to point out the beautiful interface of RoyalTS. I found it sleek, clear and overall pleasant to look at. As an antithesis, Terminals has a rough-‐looking UI which looks like it was never thoroughly planned (as often happens with open-‐source apps). Adding / importing connections to the console Using the products surveyed above, I have tested the functionality offered by the different products to import and create connections, while focusing on bulk operations and maximum environment integration. Let’s take a look at the results. So how would you add your favorite remote connections? The most straightforward methods would be to scan your environment (network or Active Directory). Another way would be to provide a file with names of all your favorite machines. As you will see, different product support different file formats for import and export (I have omitted the native format for each solution, support for which seems obvious). Also, I know sysadmins sometimes find it handy to add machines by providing a range of names (say Server01-‐Server99), which I found only in Microsoft’s product. Smart-‐X 2012 ©
6
Remote Desktop – are you doing IT wrong?
Here is a support matrix for all the popular import methods I could find:
Again, Devolutions Remote Desktop Manager offers a substantial variety of supported formats (including Office documents!), in addition to being aware of various competitors’ file formats, which is impressive. ControlUp offers the unique ability to scan Active Directory domains and forests that your Smart-‐X 2012 ©
7
Remote Desktop – are you doing IT wrong?
computer does not belong to or trust, which may come in handy in complex environments. However, I have to select the open-‐source Terminals for winner in this category. Two main reasons are:
A. This cool built-‐in port scanner. By scanning an IP address range for services listening on popular ports, you can add computers that are ready and available for connection, with the appropriate connection type detected and saved automatically. I liked this feature a lot (mRemote has a similar feature, too bad it’s buried in [right-‐click a folder]>Tools > Import/Export > Import from Port Scan). B. Upon first launch, Terminals offered to import all my most recently used RDP connections from the registry, which got me started with dozens of relevant connections within seconds. That’s what I call a smart and useful out-‐of-‐the-‐box behavior. I think a few words are due about collaboration between several systems administrators in the same organization connecting to the same machines and sharing connection details. While in all products surveyed above you can just share the configuration files and send to your colleagues, some products take a more advanced approach. In visionApp’s Environment Wizard you can configure a SQL database for saving (and sharing) program data. Visionapp also deserves kudos for their “synchronize” option, which allows for a folder’s content to be dynamically updated from Active Directory, VMware or a file, thus keeping the server list up to date for multiple admins. Devolutions offer separate server packages for storing program data centrally, both on-‐premises and in the cloud, while supporting popular cloud platforms, such as Amazon S3, Dropbox as well as database formats. In addition, their Online Backup option allows you to keep a spare copy of your configuration in the cloud. Smart-‐X 2012 ©
8
Remote Desktop – are you doing IT wrong?
Once you have imported and arranged all of your machines neatly in their folders, it’s time to test-‐ drive the features offered by our connection managers beyond simple remote connections.
Part 3: Remote Desktop and beyond: Management and monitoring features. In parts 1 and 2 of this document, I have compared several remote desktop connection managers, focusing on their protocol support, import capabilities and collaboration features. Now it’s time to attend to the extras – the features which sys admins may find useful, besides the core functionality of Remote Desktop. Most of the products offer the ability to run basic command-‐line tools, such as ping or tracert against the machines you added to the console. Also, a systems administrator might sometimes want to invoke some management tools, such as Event Viewer, Services or Registry Editor from inside the connection manager. Sometimes these commands and tasks need to be executed just before or just after you establish a connection, so task sequencing is also of interest (For example, when investigating how come a cranky Terminal box doesn’t feel like accepting sessions this morning). Smart-‐X 2012 ©
9
Remote Desktop – are you doing IT wrong?
Let’s take a look at the feature matrix for management tools and other extras. (At this point, let’s set aside Microsoft’s Remote Desktop Connection Manager, which doesn’t really offer any tools besides plain RDP)
Smart-‐X 2012 ©
10
Remote Desktop – are you doing IT wrong?
As you have probably noticed, some of the cells have weird gray checkmarks in them. I’ll explain. Terminals’ Networking Tools have some grey spots since many of them are not really designed to run against your target machines (for instance, tools such as Interfaces and Connections are local only, while System Information requires a manual WMI connect to each machine). Programs that have a grey checkmark in the “Multi-‐target tasks” perform multi-‐target commands as disjoint single-‐target tasks, for example if I send a restart command to ten computers and each one has an error, I will receive ten error messages which I’ll have to patiently dismiss one by one. ControlUp is the only one of the products surveyed here which is able to perform the tasks in parallel, report their progress and present the results in a manageable form, so creating a registry key or stopping a service on a hundred servers feels absolutely similar to doing so on one server or ten. If you are using RDP to connect to remote computers access to which requires a VPN connection to be dialed, you will likely find the “Pre/post connection tasks” useful. Please note the bold “Custom Command execution” column. A checkmark in it means that the software allows any executable to be configured as a custom task. In theory, that means other tasks marked as unavailable may actually work with this option. While this is true for console-‐side tasks such as ping, this does not include tasks performed at the remote computer. By “Remote custom command execution” I’m referring to the scenario when you need an arbitrary executable to run on the remote computers, as opposed to local execution on your desktop (for example running ipconfig /flushdns on a dozen remote machines). These tasks are only supported by ControlUp via a remote agent, just like good old PSexec but in a GUI.
Part 4: System Management and Monitoring with Remote Desktop - Are you doing IT wrong? In parts 1, 2 and 3 of this article, you are familiar with the core functionality and workstyle offered by several existing Remote Desktop management programs. Now I would like to offer you my take on a common inefficient practice in Windows systems management, which may be easy to get involved in once you have found the Remote Desktop manager of your dreams. Smart-‐X 2012 ©
11
Remote Desktop – are you doing IT wrong?
Both as a consultant and as an IT trainer, I was approached many times with technical questions which made me wonder what the real challenge at hand is. For example, when an IT guy asks something like “How do I set a login script to run as Local System?”, I have learned not to resist the urge to ask “What is it exactly that you would like to achieve ?”. I would like to suggest that the same logic applies to many management and monitoring challenges, especially when you’re dealing with multiple machines. In other words, if once finished with the article you choose a connection manager, add 20 servers and log into each and every one of them to run a command or check a piece of system info, then YOU’RE DOING IT WRONG! To quote Maslow, it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. And in our case, it can indeed be tempting to use a connection manager for parallel management. Example: you need to restart a service on three machines. If you cannot quickly come up with a command line solution, it can be quite tempting to log into the boxes one by one and get it over with (especially if you’re charging by the hour ;). The dilemma gains strength as you face a similar task to be performed on ten servers, or perhaps a hundred. Again, savvy scripters will surely find a cure… or just do the 10 servers manually while no-‐one is looking. Regardless of your choice of a Remote Desktop connection manager, if you prefer an all-‐in-‐one multi-‐ target management solution, you should definitely check out ControlUp. While it may not be the most sophisticated Remote Desktop connection manager, you may be surprised by its powerful approach to managing multiple machines, and just may be the right tool for your job. Smart-‐X 2012 ©
12
Remote Desktop – are you doing IT wrong?
Last but not least, I’ll now summarize the Remote Desktop connection managers from the commercial perspective. There will be no summary recommending the perfect product, but hopefully this comparison has provided you with some material for thought that will help you choose your favorite management companion.
Smart-‐X 2012 ©
13
Remote Desktop – are you doing IT wrong?
Web pages for surveyed products : Devolutions: http://remotedesktopmanager.com/ visionApp: http://www.visionapp.com/germany/solutions/asg-‐remote-‐desktop.html mRemote: http://www.mremote.org/ ControlUp: http://www.smart-‐x.com/controlup/ Terminals: http://terminals.codeplex.com/ Microsoft RDCMan: http://www.microsoft.com/en-‐us/download/details.aspx?id=21101 RoyalTS: http://www.royalts.com
See also: Wiki – List of Remote Desktop Software: http://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software AlternativeTo.Net – Remote Desktop: http://alternativeto.net/SearchResult.aspx?search=tag:remote-‐desktop
Smart-‐X 2012 ©
14