Remote control: not just for techies
Making the PC connection.
By Sue Hildreth, Computerworld | Computerworld UK | Published: 11:00, 21 November 2006
Like Sisyphus rolling his rock up the mountain over and over, IT support professionals deal with the same end-user support issues day after day. And when it comes to supporting users at remote locations, those problems just seem to multiply. Far-flung users suffer from shaky Internet connections, misconfigured VPN clients, lost security tokens, forgotten passwords, virus-ravaged laptops and, of course, children who like to "modify" Mum and Dad's settings.
With more employees than ever working away from the office, at home or on the road, supporting remote end users is consuming more and more precious IT resources.
To address this problem, a handful of companies -- led by Citrix Online and LogMeIn -- are taking a different approach to remote access. It's one that doesn't use a virtual private network and may make life simpler for end users and IT support staff.
Under the new concept, the user's remote desktop or laptop isn't connected to corporate servers. Instead, the remote user is connected to his PC back at the office, with all of the same files, applications and desktop icons. This is accomplished mainly with a Web browser and screen-sharing technologies like those that have been used for remote support and online presentations. Even a PC in an airport kiosk or at a friend's house is sufficient to give a user full access to his office desktop.
For both busy remote users and overworked IT departments, the simplicity of these services can be a godsend.
Mississippi Baptist Health Systems, for instance, had been providing remote users with VPN access to the hospital's systems. But it wasn't an ideal solution for either staff or users. "The complexity of supporting a VPN is great, and many issues have to do with end-user training," says Michael Long, director of network services.
So, three years ago, when the idea of subscribing to Citrix Online's GoToMyPC service came up, the hospital jumped at it. Now, more than 100 Baptist Health administrators and medical professionals use the service. Users log onto the GoToMyPC Web site, which then contacts each individual's computer -- either at the hospital or in a physician's office -- and opens an encrypted session between the two.
"It's a familiar environment, and they don't have to launch anything on the client. It's very easy for them to use," says Long.
Unlike a VPN, which requires that software be loaded onto the client device and configured, remote desktop services just need software on the host PC. A Java applet is typically downloaded onto the client after the user logs into the service, and that applet communicates with the host desktop. Once logged on, the user has access to all applications available from the desktop -- local ones as well as server-based applications and databases.
Ease of use and lower IT support costs aren't the only benefits driving this market. Some organisations also see remote desktop access services as a way to reduce the number of laptops floating around with sensitive corporate data stored on their hard drives. Also, the services offer ready-to-go business continuity plans in case of a disaster or other emergency that prevents workers from getting to the office.
"I call it the perfect storm of benefits, and I expect the marketplace for this to grow on the order of two to three times the rate of the PC market in general," says Dana Gardner, an analyst at Interarbor Solutions, a research and consulting firm specialising in enterprise software.
"It's not a brand-new market, but it's started to take off in the past few years," says IDC analyst Stacy Sudan. "Some companies no longer want employees to take laptops on the road for security reasons. And it's also being offered as a business continuity option."
A fresh breeze
For instance, the International Association for Exhibition Management, a Dallas-based trade group with 3,500 members, turned to 01 Communique Laboratory's I'm InTouch service so staff could work from home when Hurricane Rita threatened in 2005.
"After Katrina hit, everyone was scared. So when Rita started coming, we bought licenses so everybody could work from home for a day or two," says chief financial officer Scott Stanton. "It's part of our disaster plan now."
The Johns Hopkins Bloomberg School of Public Health also found remote access to PCs helpful during a natural disaster -- a snow and ice storm that left 30 inches of snow on the ground.
"We had one professor who needed to make grant deadlines, and she was able to do all her work remotely," says Ross McKenzie, director of IS at the school. "It would have been a support nightmare if we'd had to go around and set up VPNs at everyone's houses. This was a nice, clean solution."
Distributing IT support
For some organisations, the services help the IT department work with highly distributed operations. The IT staff at Meineke Car Care Centres use the LogMeIn service to gain access to PCs at hundreds of automotive centres across the US without long drives to visit each location, according to technical support specialist Matt Langley.
At Kettering Medical Centre Network in Ohio, Sentillion's vThere remote access software lets off-site physicians, students and administrators tap into their hospital PCs. Kettering Medical has 220 applications and 50 facilities in the Dayton area, so remote access is a major issue, says Director of Technology Bob Burritt.
Analysts and users cite few security concerns with the remote services. Most of the service providers offer several layers of security, including encryption, certificates and multiple passwords.
The connection from the remote device to the service, and from the service to the host desktop, is encrypted. And two or three passwords are normally required to gain access to a user's work applications -- one password to log into the service, another to get to the PC and a third for access to the corporate network. Some services use certificates to verify their own servers' identities to guard against a hacker attempting to pose as a server to a remote user -- a so-called man-in-the-middle attack.
Corporate versions of these services also provide administrative and security functions such as the ability to lock out remote printing or file transfers, one-time passwords for users who may be using public PCs, access restrictions and two-factor authentication.
"With the GoToMyPC management console, we can custom-configure security settings, force password changes, manage the log and see where access is coming from," says McKenzie.
Because many Johns Hopkins employees travel to countries without reliable Internet connections, GoToMyPC enables them to access desktop files and run statistical analysis on college computers from PCs in Internet cafes or anywhere else. In addition, McKenzie says, many faculty members work from home using the service, and the information systems department relies on it to keep tabs on the status of university servers.
Shortcuts to insecurity
The only real security issue that Johns Hopkins has encountered involved desktop shortcuts. An employee discovered that his roommate had clicked on a GoToMyPC shortcut and was able to access the employee's work PC. So McKenzie had the shortcut feature disabled for all users. (Citrix Online notes that while it's possible to create a shortcut to an account, it isn't possible to create one that will open an encrypted session to the host PC.)
One advantage of the remote services is that they negate the chance of a malware infection. Viruses on a home PC can't infect the corporate computers. Likewise, a corporate virus can't get onto the remote client unless the user saves an infected file to disk.
All in all, the real selling points for services like LogMeIn and I'm InTouch are price and convenience. According to IDC's Sudan, fees typically range from $10 to $20 per PC per month, possibly less for large-volume deals.
And it is substantially more convenient for employees, who get access to everything on their work PCs, and for IT workers, who don't have to hand-hold users to set up VPNs and configure e-mail clients.
Long says that support calls from remote users plummeted 80 to 90 percent after Mississippi Baptist switched to the Citrix Online service. That's a lot of IT manpower that's now available for other projects, he notes.
"It pays for itself in resource time, if nothing else," Long says. "With the VPN, we sometimes have had to spend several hours with end users initially getting it working. With this, the support and IT resource costs are so much lower."
Desktop in your pocket
For many people, being mobile means using a handheld device, so remote access vendors such as LogMeIn, Citrix Online and 01 Communique support handhelds. But how well does a tiny screen work for viewing a big desktop?
"The big challenge is how to pan around a PC desktop with a handheld," notes Gary Chen, an analyst at the Yankee Group. He says he doubts handhelds will be popular devices for accessing desktops remotely, though they may be useful in certain situations, such as when the user's laptop isn't available.
Ross McKenzie, director of IS at the Johns Hopkins Bloomberg School of Public Health, agrees that it's not the best way to get to a desktop application but thinks it has great value for specific uses.
"There's certainly some applications I wouldn't want to run on a handheld, because you're accessing a 17 inch monitor with a 4 inch screen," he says. "But it can also be very useful. For instance, our IS people use them to check on server status without having to go back to their desks, or to read a document remotely. It's a part of the overall tool bag."