Remote Administration vs. Phone Support?

Korgan asks: "I work for a company in which our primary focus is phone based support and helpdesk operations. Lately I have been involved in the trialing of several products that essentially allow agents to provide support across the Internet using remote administration using an ASP model. Examples of this type of technology in action are DesktopStreaming and ePeople. Does the community have any ideas and suggestions as to what they think would be the benefits and detriments of remote administration over phone based support?" In my humble opinion, remote administration is much more efficient than phone support from the obvious standpoint of communication. Many times phone support can be hampered due to the miscommunications which can occur on both ends of the phone rather than a knowledgeable user who can access to the system and diagnose the problem in a matter of minutes. The major problem with remote administration, however, boils down to a simple matter of trust: most companies don't.

"The primary target of this is the corporate end user. I have been asked to provide reasons to the MD of the company that would qualify savings and improvements in KPI (key performance indicator) and SL's (service levels) and to justify why the initial expense would prove to be an overall savings in the long run. Things along the line of reduced problem resolution time, faster response, increased technician productivity and the like have already been considered. I am sure that there are many more reasons out there for a remote administration tool/service being more practical, cost effective and generally better than the standard phone based support most corporates employ."

Re:Not quite ?! wrong ;-)

this has been done yet - x0rfbserver
It exports an running X desktop, so it can be used like WinVNC. And of course it's GPLed and uses the same protocol as VNC.

x0rfbserver.hexonet.com

Re:Remote control v. good - can be nightmare

I work for a state govt (to remain nameless to shield the incompetent), and remote admin of our Novell network is awful. They foist changes on us without warning and without testing, trashing people's machines, removing Admin privs from developers and other admins that must have them, and generally causing as many problems as they solve. I have seen this happen in the corporate world as well. Developers used to having the ability to edit their registry settings suddenly finding that they don't have them (no notice), and then being blocked from an essential task and having to notify their managers and then a big political battle to get back needed privileges. And there is NO WAY that I want a support person logging on my home PCs! My ISP (@Home, I have a cable modem) took me out for 2 days by screwing things up on my DNS server. So what happens when I call them up? They say the problem is on MY computer, and their analyst proceeds to have me rip out all kinds of things that I end up having to put back! GRRRRR!!! Don't get me wrong - I am FOR the concept - but ideals and the real world soon go their separate ways, and until I see significant improvements in support management and the level of expertise of support personnel, I see more problems than benefits.

Re:Gee, let me think... BAD IDEA.

[SuperQ]

well, as said by other posts, it's not their machine, they don't really want to know what was wrong, they just want to get back to working

here's my story of remote-admin hell. I remotely admin'd NT workstations (hell). calls would come in, and I would remote-connect to see what the problem was. I could fix the problem, and explain to the user what went wrong at the same time. "oh.. this wasn't your fault" or "don't do that, you break the computer" you have to use a combination of both remote admining, to cut down on mis-information from the user. and phone support so the user knows what's going on. that's how you earn the trust of the remote admin.. you have them on the phone from the time the problem is reported, till it's fixed.

a remote support person should not just get a note of a problem througha ticketing system.. there is no re-asurance to the user that something is going on..

Re:Remote control v. good

[sjames]

But seriously, you are describing in-house support. In this case, the question of trust (which I would presume to be the most important) is just not an issue (hopefully, anyway ...). But this is quite different if a different company does the support and thus might get access to confident and perhaps very valuable data and documents.

Voice or remote admin adds up to the same trust issues. For example, what's to stop a voice support center from telling the user, I'm going to email you a fix for the software. When you get it, just double click on the attachment. It might warn you about running a program, but it's OK this time. Viola!! Back Oriface is running and confidential information is available.

When it comes to support, there is always a minimum level of trust required, even if they work directly for you (many people can be bought for the right price). Many of the people needing the support have no idea what is going on, and will do whatever the support person says without question.

For that matter, one night when I called my former ISP with a problem, the support person was also the night admin, and he typed (as root) exactly what I told him to. The problem was fixed, and all was well, but....

Re:Gee, let me think... BAD IDEA.

[joss]

"Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime,"

I prefer this version: "build a man a fire, and he's warm for an hour, set a man on fire, and he's warm for the rest of his life"

A tool for keeping customers tied

[slim]

I once worked at a school where we had an computerised register-taking system. The thing is, this thing was a proprietary as hell: a maze of DOS .BAT scripts and FoxPro (or similar) databases and custom applications. While the staff involved were given training in using the system when it worked, any maintenance or troubleshooting was done remotely using PCAnywhere.

Essentially, the remote administration was provided in lieu of any kind of training or detailed documentation, and as a result the school would have to continue paying an annual fee to the company involved for as long as they wished to keep the system running.

In all fairness, many schools must be grateful to be able to look at the system as a black box, and the remote admin we got was very good.
--

Re:Remote administration

[Sabalon]

Can we not have one thread on here that doesn't come back to "free" and "it's just a windows thing"?

Odd thing is I can remote admin my win2k box from my linux box with VNC just fine, and vica-versa.

Not every solution must have a Linux or open/free component to it. Remember - News for Nerds, not Linux News.

Re:Gee, let me think... BAD IDEA.

[Evangelion]

Since when did "Engineer" mean "Tech support monkey" ?


--

Re:Remote control v. good

[Spirilis]

Heh, we got it bass-ackwards here. We have a remote control program for our computer lab computers, but we only use it for snooping, not for remote support. Students/teachers actually come to us when they need help. It makes for meeting girls easier, although not really since most girls probably aren't turned on by a bunch of geeks in jeans and untucked t-shirts hovering over her showing her how to save a file ;-)

Re:remote admin is popular, and an old topic : uni

[PhilHibbs]

That's SSH, remember!

"Either-or" is a dumb way to look at it.

[alumshubby]

There are times when I want to be walked through a procedure in order to learn it for myself, and there are times when I want tech support to save us both time and just fix the damn thing.

Re:Remote control v. good

[larien]

All those minutes add up :)

It's a fair point about in-house vs external support, but if you can overcome the trust issues involved, it makes life a lot easier.
--

Re:sysadmins==janitors

[larien]

Then you've been talking to the wrong sysadmins. I'm not going any further with this as it looks like a complete troll.

In any case, there are valid points raised by both the preceding posters. Yes, Novell allows remote putzing about with machines; if the admins are causing a problem with it, you need to get your change control procedures right; it's a people problem, not a technical problem.

As for developers, yes, they should have seperate machines for testing on, ideally not connected to the rest of the network; you don't want to run untested code on a live network! For every intelligent developer, there's half a dozen who have posterior/elbow differentiation problems. Given how easy it is to learn VB, are you surprised? :)
--

Remote control v. good

[larien]

We use Novell/NT here, and remote administration is absolutely brilliant.

If we remote control a user's PC, we don't have to leave our desk to fix a problem on a computer at the other end of the building. If it's something complicated, we can do the work from our desk, without having to tell the end-user how to do it.

As an example, we had a new member of staff yesterday who had to have email set up. Rather than tell her "type this in this box, then click on OK" (after figuring out which box it is...) I was able to type in the details from my desk and only had to get her to type in her password. The email program was set up in about a minute; doing this by talk-through would have taken at least double that.

In short, you save on staff time, so you don't need so many staff (ie, savings for the company). The staff don't get so stressed (have you tried talking someone through tech support?) as well.

The only potential downside is that staff don't get as much exercise as they don't have to leave their desk, possibly leading to eye-strain (staring at the screen all the time) and other problems. These can be alleviated by rest breaks and properly designed workstations.
--

Re:Remote control v. good

[Dissenter]

Having worked Tech Support for a couple years, I know the hard times that come with walking people through things over the phone.

I remember telling one of my clients, who's title was System Administrator, to download a patch from our website to fix a problem she was having. She proceded to ask me where that was, so, assuming she was an admin and had someting in her head, I proceded to rattle off the URL. It gets worse.

She asked me where to type that. I said in the address bar of your browser. That's when I got the absolute worst question I've ever heard from an admin. "What's a browser?" I asked her to hold on and proceded to ROFL all over my office. I turned to one of my co-workers and said watch this. As I picked up the phone I said "Okay, I want you to double click on the Big Blue E." My Co-worker lost it.

From that point on I will always choose to connect to their system remotely to troubleshoot and repair problems. With applications like Terminal Server and PC Anywhere, there are loads of tools to remotely troublshoot issues. The only drawbacks are when I am debugging an application that my company has written. They don't have the source code, so we have to use things like RAS or dialing directly into their network and running the application on our end to their servers.

Dissenter

Re:Remote control v. good

[ghoti]

The email program was set up in about a minute; doing this by talk-through would have taken at least double that.

Wow, you saved a minute there! Woohooo! ;-)

But seriously, you are describing in-house support. In this case, the question of trust (which I would presume to be the most important) is just not an issue (hopefully, anyway ...). But this is quite different if a different company does the support and thus might get access to confident and perhaps very valuable data and documents.

Re:Remote control v. good

[sracer9]

remote administration is absolutely brilliant.

I agree wholeheartedly. We have a network constisting of mostly macs and use Network Assistant to remotely administer them. It's absolutely the way to go. Now when somebody calls us and says "the thingy isn't working right today." we can remotely observe/control to find out what "thingy" it is. Great for pointing out user errors and proper procedure.
Also works very well for setting up SETI@home processes at the end of the day!

Re:Remote control v. good

[Mr.+Jackson]

I must be missing something. Aren't most of our computer problems these days network related How are you going to fix my network problem over the network?

Re:Gee, let me think... BAD IDEA.

[jwilloug]

That statement from the Bible "Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime," holds true here.

And yet, remarkably, the supermarket down the street does a brisk business in salmon steaks. I don't like to fish and don't want to learn how, I'm more than happy to pay someone else to do it for me. Yes, even though it means I'll never eat a decent mullet. For better or worse, a lot of folks feel the same way about computers.

Re:Security problems - a solution

[ch-chuck]

well, getting a gui is /so/ much better than talking someone thru a blind procedure (and HOPING they're clicking what you think they are clicking).

One solution to having a security risk open is to have a remote control agent available but not always running. say PCANywhere is installed, but not waiting for connections. Then if someone has an issues, you can ask them to launch PCANywhere, connect and tweak, then shut it down, and move on to the next issue w/o wasting time making a big deal out of every little thing.

Misundersood NAT? (was: Re:Security problems)

[yabHuj]

I (help desk) am on internet with address 9.9.9.9 (maybe hide-NATed, maybe not). Two users with problem are on PCs 10.10.10.10 and 10.11.11.11 (private, internal network). Both are hide-translated (N:1 NAT) to 2.2.2.2 on the internet side. So how can I connect to the first, how to the second one? Which IP address do I use for the one or other?

If you do 1:1 NAT (e.g. 2.10.10.10 and 2.11.11.11) you won't gain any security from NAT as you can still address each client individually - and thus leaving them vulnerable to DoS (flooding) attacks.

Re:Misundersood NAT? (was: Re:Security problems)

[danpbrowning]

I agree with you, 1:1 NAT doesn't really buy you any security. However, if one uses N:1 NAT (like I explained above: 2.2.2.2:port20001=>10.11.11.11), then you do get that extra security. At that point, a cracker would have to find the port first (admittedly not hard to do). But, you could make it harder by closing the port until it's time to turn on the remote access proggie (e.g. VNC).

Security problems

[yabHuj]

The "ASP" biztalk aside (that's just a funky workd used here for a webserver with request forms), these seem to be standard helpdesk companies which use a remote management tool (like VNC, ReachOut, pcAnywhere, CCM, etc).

You basically allow the help desk to remotely control your employee's client PCs. This means that - if you do not throw a dedicated line or big VPN solution - every single PC has to be addressable to internet. Even with a well designed firewall in place this introduces quite a risk for DoS attacks against the clients.

So if you open your company to be remotely managed by external help desks keep an eye on your security needs. Especially take care that you do not open a backdoor through the help desk system (your_net --> VPN --> help desk --> VPN --> other_net) and that liabilities and NDAs are safe and watertight for you.

Remotely managing clients can ease administration quite a bit (as posted before), but can become quite a hassle if the system does not work properly.

And make sure security does not become second. The admin tool either must require the user to confirm session shareing and enable him to immediately regain full control (by pressing a(ny) key) in case of problems - or enforce login as different user (which will log out the current user if he does not abort that with confirming a "really logout" popup box). Otherwise you will not be able to tell who did this or that possibly unpleasant change.

Re:Security problems

[danpbrowning]

...every single PC has to be addressable to internet...

Nope. I use VNC a lot to do remote support, and you can just punch a few holes (read: ports 21000-21050) in the firewall and NAT them through.

The other part is: call the user and say, 'click here to start the remote admin program' so i can get in first. It's a little extra protection that way.

Re:Security problems

[hobbesx]

...every single PC has to be addressable to internet. Not necessarily- In a corporate situation (or home LAN, etc...) they could also be acessible to an intranet.

Trialing

[tregoweth]

Lately I have been involved in the trialing of
several products

Trialing is a word?

-j

Re:Trialing

[wiredog]

Come on, haven't you ever heard of verbing ? (Verbing being a case of verbing.) Very common in the english language.

Re:Trialing

[srhuston]

Ahh yes... All nouns can be verbed. Example: "All nouns can be verbed."

Gotta love the Dictionary.

Re:Trialing

[Dreyfus]

Trialing is a word?

It's fairly common to make verbs out of nouns in English. And in business English, it's fairly common to make verbs out of nouns even when perfectly good verbs already exist. I suppose people think it makes them sound professional, serious or sophisticated, but in reality it just sounds pompous. Anyone who cares about writing well would be well advised not to model their prose after what they see in corporate America.

Re:It can pay, but evaluate the products first

[anomaly]

I believe that I'm using this product today. I'd like to talk with you about your experiences with it. Please email me at tom_cooper at bigfoot dot com so that I can get more information.

Thanks!

Regards,
Tom Cooper

SSH and VNC -- secure, capable and free!!!

[BitMan]

Forget that X-Windows source code rip with security issues (also known as "NT Terminal Server" ;-) and save some dough by just use a SSH client with port forwarding (like TeraTerm + TTSSH and VNC). It works great at my company, letting me support my notebook and other roaming users while they are on the road. TeraTerm+TTSSH is cake to setup, and you can configure it so all a user has to do is click an icon to connect with port forwarding.

-- Bryan "TheBS" Smith

Whistler for this

[Osty]

This issue has been addressed by the upcoming Windows XP (codename Whistler). Based on Terminal Server, Windows XP allows you to setup one-time trust relationships with a set time duration, allowing somebody else to gain remote access to your desktop for situations like this. Really neat stuff.

Re:Remote mistakes ? network problems ?

[tweek]

that's why on one of the remote machines I deal with I wrote a quickie shell script that does:

#!/bin/sh
/sbin/ifconfig eth0 down
/sbin/ifconfig eth0 up

The cool part is that it's usually fast enough that my connection only lags for a second and I'm still in the same login session ;)

Re:Remote mistakes ? network problems ?

[tweek]

My mission is compelete! heheh.

Re:Gee, let me think... BAD IDEA.

[MISplice]

I work for a large firm that uses Intel LanDesk to remotely administer workstations. We are encouraged to use it because it has proven to be a very effective tool in supporting or client base.

If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base. In other words, users will commonly repeat the same mistakes, and you will commonly repeat the same fix.

this statement can hold true. But any good support person would not only remote the machine but would also explain to the user what they were doing while they are working on the PC. A lot of people learn buy doing or seeing what is going on. So as you take them through each step you tell them what your doing. Or you can actually do the remote control as a window so you can see what the user is seeing and still talk them through it so they get the experience but be better able to see if they make a mistake.

what if they have porn as their background and the helpdesk person is offended by this?

One he said this is for a corporate environment so if anyone has porn on their machine they should be reprimanded in some way (Unless the corporation is in the Porn industry) Second most remote agents have a feature which allows you to suppress any backgrounds for speed purposes( Who wants to wait for a hugh picture to load on the desktop when the fix could have been done before it even loads.) Just my 2 cents

Re:Gee, let me think... BAD IDEA.

[trongey]

"Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime,"

1) This only works if he happens to live near water.

2) I like the version I saw the other day: "Give a man a fish and he eats for a day. Teach him to fish and he'll sit in a boat all day drinking beer."

VNC - the lifesaver

[gruntvald]

I support Engineers around the country, and have been able to solve literally hundreds of problems and questions quickly and easily by hitting the VNC java applet from my browser that allows me to control a Windows NT desktop. I've been able to do it from any location, too, because the only requirement for the administrator is a PC with a java enabled browser - simple enough. It works snappily over a VPN connection too, so I can help from home. Typically the support calls fall into two categories - 1) confusion over operation, so I'll demonstrate to the user while talking to them on the phone, or 2) a real problem, in which I'll dig right in and fix it. I don't have to talk them through rudimentary tests "Click on start .... " etc. I used to do that, and found that when I went to the VNC model, my support call time went down 90% in duration!

Re:Beware the quick and easy path

[novarese]

Well, some users will never learn. But wouldn't you rather talk to that user on the phone and at least try to make them feel bad about not learning rather than just fix their problem everytime?

BTW, I'm not saying that there is no good reason to use remote admin utilities, I'm just saying they're not a cure-all.

Beware the quick and easy path

[novarese]

Remote admin can be attractive since you don't actually have to interact with the lusers, but in the end, unless you use it wisely it will create more work for you.

When you actually speak with a user on the phone (or better yet see them face to face), you have a valuble opportunity to *educate* them so they won't repeat their mistake. Sure, you can send them an email after you remotely fixed their problem, but they probably wont read it and they almost certainly wont retain anything from it. In fact, they learn better if you simply tell them what to do and let them actually execute the steps to fix it.

Phil Agre has an excellent guide to helping people use computers that anyone working in a support or helpdesk position should read.

Re:Beware the quick and easy path

[wildrider]

I'm a Unix systems administrator for a fairly large company, and I've found that the best way is to use a combination of both ideas. While I'm on the phone talking with the user, I'll also have already logged into their system to see if I could locate the problem and fix it. Often, I'll have the problem fixed by the time the phone call is finished.

Re:Beware the quick and easy path

[nstenz]

When you actually speak with a user on the phone (or better yet see them face to face), you have a valuble opportunity to *educate* them so they won't repeat their mistake. Sure, you can send them an email after you remotely fixed their problem, but they probably wont read it and they almost certainly wont retain anything from it. In fact, they learn better if you simply tell them what to do and let them actually execute the steps to fix it.

Yet again yesterday: "Hi... I'm getting an application path error - how do I map a network drive again? I should probably write this down so I don't have to call and ask you..." "Yes, you should write it down..." This is about the 10th time this person has done this... If she wouldn't click 'No' when Windows says it can't find the share to map to on boot, she wouldn't have this problem... but she always clicks no too, no matter how many times I tell her otherwise...

Oh- She's not the only one. I just love my job... by the way, we make all of our customers buy LapLink or pcAnywhere for remote suppport (we're a software company).

If it were a car and not a computer....

[scotpurl]

...this would be a no-brainer. People aren't interested in fixing it. They just want it fixed.

No one would think of servicing TVs, VCRs, stereos, cars, trucks, boats, planes, appliances, etc. etc., by having the consumer call someone, and that someone then directing the consumer's actions.

It's time computer support became modernized. Others here speak of teaching a man to fish, but this is a far more complex task than fishing, and computer repair is beyond the comprehension of half the population.

No, that's not elitist. Beyond comprehension is either by choice, or by design. In the case of computers, people choose to not understand, and the designers have chosen to make it incomprehensible.

Remote administration is feature in Windows XP

[harmonica]

According to this article (in German), that kind of remote administration is a feature in Windows XP.

My favourite quote - Microsofts Jim Allchin on the question whether that introduces a potential security risk: 'nothing can happen, the data is encrypted'.

;-)

Re:Remote administration is feature in Windows XP

[31:]

so... what was your username again?

Remote admin client? Oh no, I can assure you there's no remote admin client on your machine.

/sound of scream from down the hallway

---
I'm not ashamed. It's the computer age, nerds are in.
They're still in, aren't they?

Re:Remote administration is feature in Windows XP

[johnyaya15]

jack mayo, one of the lead PM's for Whistler/XP, spoke at my univ. last night. interesting, i asked about the remote capabilities. he uses it to log in from the road (over a 56K connection) and says it works well. i didn't pry too much into the security side of things, but with M$, you've got to believe it will be a major liability. oh yeah...my first /. post. mod me nicely =)

use Novell NDS and ZENworks 3

[jakob_grimm]

We use Novell NetWare and ZENworks. It rocks for app distribution, workstation inventory, and remote administration. ZEN 3 has even more features, plus you can integrate your Linux machines into the NDS tree.

http://www.novell.com/products/zenworks/desktops /w hatsnew.html

Re:Security problems - a solution

[wiredog]

That's how we did it at my last job. Customer has a problem, they fire up the remote hosting software, we connect and fix the problem, they shut down the host software.

Remote administration

[wiredog]

If you provide onsite support it can certainly save on travel time, especially if the end user is in another city, and it can give many of the benefits of onsite support without the associated costs in plane fare, etc. For the sake of security, however, the host software should only be started by the user.

But beware "social engineering". To avoid this, if you have a software update to upload, you call the customer and tell them to call you back. This way they know they are actually getting the update from you and you will know if someone is trying to mess with them.

The last company I worked at (which did industrial automation) did just this. PC Anywhere on the users machine and when they had a problem they called us, turned on PC Anywhere, and we connected and fixed the problem. Then they turned off PC Anywhere. Very secure, as they only allowed access when there was a problem and only after thay called us and we told them to do so. And much faster than getting on an airplane and flying from Utah to Maryland, or wherever they were.

Re:Remote administration

[RedX]

Perhaps you should re-read the topic before you embarrass yourself any further. AFAIK, your magical solution of using telnet and X will not serve up the current desktop that a client is sitting at, like PCAnywhere and VNC for Windows can. We're talking about remote administration of a client desktop, not remote administration of a server.

Re:Remote administration

[Girf]

And I thought this was slashdot.. I do believe that all unices come with something called 'telnet', the good ones something called 'ssh'. Oh, you also wanted graphical access.. try something called 'X'.

One more thing: Please stop embarrassing us all and degrading the quality of Slashdot.

Re:Remote administration

[beefness]

Not exactly...

But we decided we could save money by using the existing old 486's that we have, loading them with DOS and the citrix ICA client, and then running almost all of our admin apps on 2 citrix servers (soon to be 3).

We actually use Windows here because Office2000 is dictated as the corporate standard by head office. Using Citrix is actually much cheaper for us, because we actually get our clients for pretty much nothing (our old computer stock plus a few donated by other offices), what costs are the servers and the Software licenses. Even with the premium we pay for having the Citrix software, it still works out cheaper than buying 150 computers which are capable of running windows 9x/NT/2000 just for the sake of running Office.

Also pooling our software licences also means that we can reduce software licence costs by only paying for the maximum number of licences that we may use at any one time, as opposed to paying for one for each machine. Also some licenses are only billed per machine installed or per processor, so we save even bigger in those areas, especially considering we can (and do regularly) have 120 users simultanesously across 4 processors or 2 machines...

So what looks expensive, can actually work out cheaper... It's also more convenient for us, because we only have to update software on 2 servers as opposed to say 150 workstations... Considering our company has alot of proprietry software thats updated almost monthly, it makes our job a hell of a lot easier.

To give you an idea, we can support 200 users (including about 50 Fat client NT workstations and 150 Thin Clients) and 2 other offices each having 30-40 'slim' clients (they have most of their apps loaded locally, but get some of their app's delivered from the Application Server - we dont have a very fat pipe between us and our other offices, otherwise we'd go totally thin client here too).

We can support all of these people with an IT department comprising of 4 full time staff, and I can still find time to post to Slashdot at work, so we cant be all _that_ busy can we? :)

Re:Remote administration

[beefness]

We do the same thing with VNC on our NT client machines at our other offices, we have it permanently loaded on to the servers, so that it starts as a service on boot, but for our CAD users at other sites, we let them load up VNC as and when, it's not just us in IT that use it either, our CAD manager also uses it in parallel with the phone for training purposes for remote staff.

For our admin stuff we use Metaframe on top of Windows NT Terminal server, so by nature we can just take control by a user permitted 'shadowing' session.

Re:Remote administration

[beefness]

Obviously You've never heard of Citrix Metaframe (www.citrix.com) for Unix. On Windows, Citrix Metaframe sits on top of NT Terminal Server, or Windows2000 Server and basicly allows for the deployment of any application, or whole user desktop.

Metaframe for Unix (avalable for Linux, HP UX, Solaris, IBM AIX) does exactly the same thing, but with the Unix system, allowing deployment of Unix Applications and desktops to users. It even lets you do it cross platform using Citrix's Idependant Computer Architecture, so I can access xemacs from a palmtop running windows CE, or I can run MS Word on my linux box, totally seemlessly, I can even access the local drives of my client machine, if I wish (or rather if I as administrator let myself!!).

An administrator can shadow a users desktop, or individual application, this means that support is easy, because the user can see what your doing with the mouse, I have demonstrated procedures to users using a phone call and a shadow session at other offices... but I could do it all over the world if I wanted to, I can even pick up the shadow session somewhere else other than the server, from another client device... So I could support a user in office B, who is logged into an Application server in Office a, while I am sat on the train using my palmtop and a GSM mobile phone.

The possibilities are endless, it's complete freedom of movement, it even makes outsourcing of Helpdesk staff easier when we're short staffed.

This is the future, this is what we'll all be doing in about 2 years.

Re:Remote administration

[cyber-vandal]

VNC
allows you to do this. It's similar to PCAnywhere but is platform-independent.

Re:Remote administration

[mungewell]

I think you will find that PC Anywhere (version 2) runs quite happily under Wine..... Simon W.

Re:Remote administration

[gerddie]

Administration is not the problem, since you need no GUI for UNIX-administration. In fact UNIX is better prepared for remote administration, since telnet (and now ssh) are enough to configure the host.
But with support you are right. One needs a software to see, what the other person sees on his/her screen. And sometimes even this is not enough: A woman called us, she always has this blue screen. We told her to turn off the computer and on again. But she said, the blue screen is still there. She answered very quickly, so we asked: "How do you turn off the computer?" - turned out she only switched off the monitor.- So you see, standing beside her would not have raised any question.
Back to your issue: I don't know if there is any software to take over a X session over the network. Anyone other?

Re:Remote administration

[bluntmanspam]

I'll assume you are talking about remotely controlling the computer so that the user can see what you are doing and interact with you (since otherwise telnet or better SSH would be the obvious answer). For remote X control, though, why not try out VNC? Basically, a free PCAnywhere type of client/server for Linx to PC, PC to Linux, Linux to Linux, etc. So wouldn't that bring the TCO of Linux down?

Re:Remote administration

[tarawa]

Here is a great example that I think almost everyone here can relate with.

I have VNC installed on my mom's PC at home. When she has a problem, she just connects to the internet and tells me the IP address by either phone or instant message.

I simply go in, fix the problem, and I am done, plus mom is happy and will probably make me a nice batch of cookies. :)

Cya L8r
Lee
________________________________
There was a young lady of Wight,
Who traveled much faster than light,
She departed one day,
In a relative way,
And arrived on the previous night.
--- Stephen Hawking: Space and Time Warps

Re:Remote administration

[ChungoNZ]

VNC piped of SSH - duh!!!!

Re:Remote administration

[snake_dad]

PCAnywhere might restrict you to using Windows or Apple, remote adminstration does not. Unix has remote adminstration built-in: telnet, ssh, etc. I have done support for a number of clients using a software package running on unix. Most of the support was done while talking to the client on the phone, and at the same time working remotely on his/her machine. IMHO the combination of phone and remote administration gives you the best chance to keep the customer happy, by being able to quickly assess and resolve any problem that is not hardware related.

Re:Gee, let me think... BAD IDEA.

[RobHood]

Further than this, there is a much larger problem that comes with this remote admin. We are experimenting with remote diagnostics, but are not going to go into remote admin. The reason is: who is liable?

If we were logged in doing something, and a problem occurred, we are liable for it. Proving otherwise can be virtually impossible. Doesn't matter what happened or how it did.

And from the company's standpoint, that is too great of a risk to take. I can't say I disagree either.

Re:Gee, let me think... BAD IDEA.

[goldmeer]

"Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime," holds true here.

It seems clear that you have never worked for support in a corporate enviorment.
If you did, you would know that there is always a percentage of the users (If you have a sales department, the number is generally higher) that just simply do not pick up on fixing common problems. they will call time and again with the same set of problems. You patiently sit on the phone with them, and identify the problem, explain what caused the problem, explain how to fix the problem, and explain how to avoid the problem in the future. All the while hoping against hope that this time he gets it, knowing full well that he won't

Just my 2...

-Joe

Re:Gee, let me think... BAD IDEA.

[walnut]

And for those people, you fix it and get out of the way... But from my experience, there is a large number of people that just need it explained to them and they get it - much larger than the surly employees who work where you do. :)

Re:Gee, let me think... BAD IDEA.

[walnut]

It seems clear that you have never worked for support in a corporate enviorment.

And you'd wrong. I spent 3 years in college through the trenches of MIS as support tech, help desk and network admin, and DBA admin. From every standpoint I had direct contact with some of the thickest people imaginable. In the time that I spent there, I recieved high praise form almost every employee (I think I pissed off one guy once), on the fact that I spent a little extra time to make sure that they got it. When I switched from Tech to HD my role went from a more hardware to more software package problems. When I went to NW admin I fixed and explained to them how to manage files and email better (though that had the least contact with them). When I switched to DBA, I started creating usable interfaces according to their specifications, helping them get it right the first time as opposed to ordering 3 revs on a single form... I had praise from managers, Directors and VPs all of which were amazed that their people were happier and more literate.

Trust me, I worked my way though the trenches of MIS. Go out to a shipping departent

If you did, you would know that there is always a percentage of the users (If you have a sales department, the number is generally higher) that just simply do not pick up on fixing common problems. they will call time and again with the same set of problems. You patiently sit on the phone with them, and identify the problem, explain what caused the problem, explain how to fix the problem, and explain how to avoid the problem in the future. All the while hoping against hope that this time he gets it, knowing full well that he won't

And traditionally, any problem I encountered that was not operator error I fixed without question. If I didn't think the user would get it, I'd explain it, I'd explain why... and I'd explain it in as simple terms as possible. By another guy I worked with I was told that I had too much patience for stupidity... Probably true, but he never made it out from behind the help desk...

But I think you read too much into my definition of increasing their knowledge. Douglas Adams once comment that flying is falling onto the ground and missing. I commonly think of being *proficient* with computers as "not causing the BSOD while I perform my daily function." When you take the time (as you said) to explain how to avoid the problem in the future, you are increasing your users knowledge. Maybe they won't get it this time, but some day when they are about to do something similar, they'll stop, think about what they are doing, and ultimately avoid their previous problem... They may not know exactly how or why, (though at the time I usually explained that) but they do have the skills not to cause the same problem again.

Re:Gee, let me think... BAD IDEA.

[walnut]

But any good support person would not only remote the machine but would also explain to the user what they were doing while they are working on the PC. A lot of people learn buy doing or seeing what is going on. So as you take them through each step you tell them what your doing. Or you can actually do the remote control as a window so you can see what the user is seeing and still talk them through it so they get the experience but be better able to see if they make a mistake.

Ah, but the original posting talked about doing away with phone support. Phone / remote - that's a completely different story. I agree wholeheartedly with what you said, and your procedure.

As far as the porn comment is concerned... (man am I paying for that) - disregard it as *porn* and think of it as something which causes a moral conflict or a general feeling of unfortableness. Perhaps the two individuals are different in theological beliefs... perhaps the user has a personal email up, or a corporate email which is supposedly secure communications.

In my experience, at a company I worked for a long time ago, working on the HR director's computer was a little dicey as he always had problems with opening attatchements, and what have you... when salaries are shot infront of you - you get put in a bad place by looking... regardless - its an uncomforable situation.

Re:Gee, let me think... BAD IDEA.

[walnut]

In the case of the home computer, you have the right to use porn as your background, but if a technician sees it while administrating your machine they DO NOT have the right to sue you, but they have the right to refuse to administrat your machine ever again.

Ah, but they do have the right to sue their employeer... That's the situation that I was going for.

Re:Gee, let me think... BAD IDEA.

[walnut]

And in a corporate environment, I would agree, this is a slightly better paradigm. However, quite commonly the MIS guys here have a tendency to *mess things up*, so I actually want them to seek me out before they change, fix, or do anything to my computer. As an engineer, I have had countless hours of work lost because MIS came in and did something unannounced (and either rebooted my machine without saving things, or saved things in a non-standard way - so as to make me chase them down for my files).

While I welcome MIS to scan my usage (a lot of ./ bursts), and examine my machine, I prefer to at least be told, questioned or otherwise asked first...

On top of this, we commonly put/pull project machines on and off the network. When we had to find MIS to configure network settings for us (something they wanted to do at one point) I tell you, it was a pain in the ass. I tell you, in this case, the fish thing really holds true.

Also, I'm sure the employer would not want it's support engineers wasting valuable time teaching users the ins and outs of the OS, not to mention the user wasting their time learning about their computer when they have more important work to be getting on with.

Having worked in both MIS through college and now working in engineering, I assure you, your employer wants the most productive employees possible. 15 minutes of explination on an OS issue which prevents this problem from ever occuring again, is well worth the money. Loosing 50 to 100 bucks for 15 minues so an engineer knows a better way to do something they will have to do either every day or with great frequency, saves an MIS call, MIS work, and engineer work.

Don't think of MIS as strictly a reactive entity, they need to be equally as proactive as possible.

Gee, let me think... BAD IDEA.

[walnut]

For one thing, this really depends on how you use remote administration. That statement from the Bible "Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime," holds true here. If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base. In other words, users will commonly repeat the same mistakes, and you will commonly repeat the same fix.

On top of this, many users do not want a remote administration client stored on their machine - as many think of it as "their machine," and as long as they are paying for a service, chances are they are right. By allowing a 3rd party support technician to access their machine, they are opening themselves up to a wide variety of personal investigation (regardless of the morals, intent or actions of the support personel). Lets add to that, the common tendency for people to say 'mine!' and not want you to touch their toy (remember computers aren't tools for everyone - to some they are just toys) and whatnot.

Then lets ask some other questions about if you do attatch using a remote administrative client... IANAL but, what if they have porn as their background and the helpdesk person is offended by this? I'm pretty sure this fits the definition of sexual harrassment of the employee, and requesting the client to change their background constitutes a violation of their rights - unless you prevented them from having any in your EULA...which I have problems with too... My point being, that sometimes you can indiscriminantly wander a step too far into someone's life by using a remote administration tool, and everybody can be unhappy.

Last, what about the fact that some users want phone support and not you to do something... Hey, it may inconvenience you, but some people prefer it... Phone support is common in all industries (even power tools) so it is a familiar medium of communication for many people. If you toss them on the recieving end of a remote administrative procedure, they may be less than comfortable, and therefore, less likely to continue business with you. Remote administration is great for servers, but you had better *know* your user base, and know what they want.

I guess, the bottom line is: while, it may be helpful to some, not everybody will want it. You risk dumbing your user base, and creating an unnecessary tension between employees and clients. And most importantly, you risk the security of their machine for your convenience.

Perhaps this is a good solution in major cases, but I might suggest this as a last alternative as opposed to your standard care.

Re:Gee, let me think... BAD IDEA.

[NTSwerver]

I appreciate your situation, the poor service from your MIS guys could, again, be down to money - ie. if you pay peanuts, you get monkeys.

My original post relates to the enviornments I'm used to, where the support specialists know their stuff and the end user will lose a *lot* more than 50-100 bucks for 15 minutes OS training.

----------------------------

Re:Gee, let me think... BAD IDEA.

[NTSwerver]

If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base.

Depends on the enviornment. In a corporate enviornment, where the end user is an employee in some depatment other than IT, then I'm sure they won't want to know what the problem on their machine is (especially if it's an OS problem as opposed to an application usabilty question), they'll just want it fixed. Also, I'm sure the employer would not want it's support engineers wasting valuable time teaching users the ins and outs of the OS, not to mention the user wasting their time learning about their computer when they have more important work to be getting on with.

On top of this, many users do not want a remote administration client stored on their machine - as many think of it as "their machine,"

Again, in an office enviornment the machine is not 'theirs'.

what if they have porn as their background and the helpdesk person is offended by this?

Most companies I know of treat downloading and storing pr0n on workstations as a sackable offense.

Last, what about the fact that some users want phone support and not you to do something... Hey, it may inconvenience you, but some people prefer it..

Again, in corporate enviornments, this would come down to money. Fixing problems over the phone is *much* slower than remotely controlling the machine from your desk. The quicker the problems can be fixed = the more time the engineers have. The more time the engineers have = the less engineers the company has to employ. The less engineers the company has to employ = the more money the company makes.

----------------------------

Re:Gee, let me think... BAD IDEA.

[SaxMaster]

If only there was an option for "irony" in modding things up. This also falls under the "when in rome" category. :)

Re:Gee, let me think... BAD IDEA.

[SuiteSisterMary]

True; in the biblical version, Jesus Christos uses his divine power to replicate the food, thusly breeding dependence and fear into the local populace. He then, I believe, preached, in effect buying their attention with food. It's a bit more subtle than using his divine power to create wine, thusly feeding an outright addiction, but it's still more insidious. And besides, his old man would have just started smiting people.

Re:Gee, let me think... BAD IDEA.

[SuiteSisterMary]

This actually happened to a co-worker of mine, who was using Timbuktu to remotely troubleshoot a client machine. The client ran a homosexual porn site, and his desktop and icons were all, shall we say, in theme.

Re:Gee, let me think... BAD IDEA.

[jgarry]

Sell a man a fish you get a dollar. Sell him a cert program you get thousands.

Re:Gee, let me think... BAD IDEA.

[jgarry]

Phone support and remote admin are two different things. They should both be done, adapted to each situation.

For example, when the help desk sees my workstation, they go "whoah!" - I've got a bunch of db admin tools and mucho obscure stuff. Every so often, management decrees changes to everyones work station, and mine inevitably gets screwed up. SMS is the worst.

Now we are getting a big contract for EDS to replace all help desk and PC support. Many of us are hunkering down and expecting to avoid calling them as much as possible. Pretty counter-productive.

And imagine if a bunch of us get desktop Linux!

Re:Gee, let me think... BAD IDEA.

[pallex]

"If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base. In other words, users will commonly repeat the same mistakes, and you will commonly repeat the same fix. "

Sometimes a customer pays you for a service, and just wants it working. Dont want to learn, dont want anything other than a working system. By having the ability to pcAnywhere/Excellanet into a box and up/download databases, log files etc, you can do it all remotely - no need to get the next plane/train 600 miles. No downsides. None whatsoever.

Re:Gee, let me think... BAD IDEA.

[FrankNputer]

If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base. In other words, users will commonly repeat the same mistakes, and you will commonly repeat the same fix.

The flip side to this, however, is "a little knowledge is a dangerous thing". I can't count the number of times I took support calls from users who, after getting an explanation of something that happened & how to fix it, went on with this "little knowledge" & tried to apply it to some other problem, resulting in a long (& expensive) support call after all. Not only did we have to fix their original problem, but first we had to fix whatever it was they broke.

These were also the people who, to whom you would say, "hit Cntl-C" andthen hear something like 'clickclickclickclickclickclickclickclickclickclic kclickclickclickclick..."Uh-Oh"...clickclickclickc lickclickclickclickclick...

OTOH, remote support was quite useful to diagnose & fix problems. An additional benefit was that you could see what the person was doing wrong, rather than apply psychology to get them to admit it. (Very few people will admit that they made a mistake.)

Sure, some people want to have you on the phone, and this is usually part of the service that is provided. Our usual practice was to have them on the phone as we were attached to their PC, because we usually needed the additional feedback. But, if they had other work to do - which many of them did - then we could administer a fix while they got on with their business.

Re:Gee, let me think... BAD IDEA.

[RatFink100]

That statement from the Bible "Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime," holds true here

I think you'll find that's just a popular saying not a Bible verse

Re:Gee, let me think... BAD IDEA.

[mgkimsal2]

" If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base. In other words, users will commonly repeat the same mistakes, and you will commonly repeat the same fix. "

You're assuming that the problem is one which will repeat itself often. Many times people have a one time problem (printer problem, etc.) that is much easier solved by doing what needs to be done in 30 seconds rather than explaining the entire concept of driver coding ins and outs.

Re:Gee, let me think... BAD IDEA.

[loki4eng]

It seems pretty dumb to look assume this is an either/or proposition. I use remote administration all the time while I'm on the phone with the user. It goes like "watch this, ok? Now I'm...". The users who want to learn do, and any experienced support person will tell you that you can't make the users who don't want to learn learn anything, and if you try they'll hate you. Sum total, your post is intellectually sound, but it ain't like that in the real world.

Re:Gee, let me think... BAD IDEA.

[Xenopax]

Then lets ask some other questions about if you do attatch using a remote administrative client... IANAL but, what if they have porn as their background and the helpdesk person is offended by this? I'm pretty sure this fits the definition of sexual harrassment of the employee, and requesting the client to change their background constitutes a violation of their rights - unless you prevented them from having any in your EULA...which I have problems with too... My point being, that sometimes you can indiscriminantly wander a step too far into someone's life by using a remote administration tool, and everybody can be unhappy.

Ok, you are very mistaken about what sexual harrassment is. Bascially there are two possibilities to your situation, remote administration of a home or a work computer.

In the case of the home computer, you have the right to use porn as your background, but if a technician sees it while administrating your machine they DO NOT have the right to sue you, but they have the right to refuse to administrat your machine ever again. However, if it is a work PC and you have a porn image, well first your an idiot since anyone in your office can scream sexual harrassment, but also the technician admining your machine can sue you and your company.

Re:Gee, let me think... BAD IDEA.

[Shimatta1]

If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base. In other words, users will commonly repeat the same mistakes, and you will commonly repeat the same fix.

Maybe, maybe not. In my experience as a tech support agent, I'd run into one of three situations;

1.) The customer has a problem that couldn't be avoided, therefore learning is irrelavent. My best example is Corrupted DUN; occasionally, for no apparent reason (and this was especially true under Winduhs 95), the Dial Up Networking software would become corrupted and have to be uninstalled and reinstalled. The user might have done something to cause it, but generally it was simply unavoidable, so fix it and get on to the next call.

2.) The customer is williing to learn what happened so they can avoid it; usually, if it's a corporate and/or internal customer as is being described in this case, they'll keep in contact with you until it's fixed and want to know what they can do to avoid this. These are the good customers, they realize that even if a problem isn't their fault, there may be something they can do to help prevent it from happening again, as opposed to...

3.) The customer cannot or will not learn. These are the ones that insist it was your fault that the computer stopped working after they deleted vital system files. These are the ones who don't know what a vital system file is and don't care; they just want more disk space. Explanation is futile; the computer will be trashed again in short order. (The worst one of these I ever dealt with was a customer who couldn't even learn that her problem wasn't even an issue for my department; she would continually call us and we'd continually tell her to call the correct department (rumor from the other department had it that she had burned out three of their agents who had been assigned to deal with her personally.))

Types one and two were the most common; type threes were the leading cause of burnout, and tend to be the ones irrevocably seared into the minds of bitter tech support agents. Type threes also tend to be the hardest ones to work with; they will commonly challenge the agent (because they assume they know more, despite all evidence to the contrary) or they're constantly mis-interpreting commands because of lack of familiarity with the system.

If a remote administration program is available and feasible (such as with an internal customer), you can bypass the most significant impediment to finding a solution; the customer. Aside from the massive savings in time and efficiency, there's also the savings in tech support wear and tear. I left a tech support job without having another job lined up because of the stress. By preventing (or at least delaying) the burn out of support agents, the company avoids the hassle of bringing in new agents and training them, as well as the lost productivity of the new agent (when compared to the productivity of the old agent had she not burnt out).

If an agent fixes the problem by remote administration, they should contact the customer, by phone or email, and provide information on what was done, what can be done to avoid it, and possibly instructions so they can fix it themselves in the future. This way, you can avoid the dumbing-down of your customer base.

As for "who would allow this to be installed?", again, look at this with corporate or internal customers; the former may well allow it for the increased speed of troubleshooting and fixing problems, the latter doesn't really have a choice. If the boss says install it, it will be installed. This also eliminates the pornographic background problem; it's not (or shouldn't be) an issue in a corporate environment. (I also question whether that would be sexual harassment; I think it would only qualify if the administratee deliberately put it up to harass the administrator.)

I do have to agree about which contact people would prefer; most would prefer to be on the phone with the agent while it was being repaired. Personally, though, I think the additional efficiency and the saved wear 'n' tear on the agent outweighs this issue.

Just my 96,280 cents (two cents after sales tax added in.)

Jon "Shimatta" Baxter, anyone need a slightly used computer geek?

Re:Gee, let me think... BAD IDEA.

[kkrause]

Bible statement??? You'll have a hard time finding it in the Biblie...I believe it's a Chinese proverb.

How about Citrix?

[TheHulk]

I work for a company of roughly 500 people and we only have one full-time help-desk person. With Citrix Metaframe remote administration is done through "Shadowing" allowing this one person to efficiently manage everyone in the company. The bandwidth requirements are much smaller than X and easily workable with a 28.8 Kbps dial-up connection. Although there's not currently a server version for Linux, they do have clients which run on just about every platform known to mankind. Currently there are only server versions for Windows Terminal Server and Solaris. I don't mean to sound like a commercial but even a UNIX dork like myself was rather impressed by it's functionality.

Security

[markt4]

Okay, for the sake of cheaper desktop support you decide to allow PCAnywhere (or VNC, or ReachOut, or RemoteAdministrator, or CarbonCopy, or SSH, or ...) through your firewall. Let's assume you're not totally stupid and so you only allow connections from the range of IP addresses assigned to your support company. Two questions then...

How secure is their network, and how do you know. Because if they have the excellent security practices of some of these companies that I have dealt with - like having Internet connections with no firewall at all - then your network just became as secure as their's. Nice. Or, let's say that they do this over dedicated lines rather than over the Internet. How many other companies do they serve and how do they protect your network from their others customers.

Second question: Who is sitting at that helpdesk PC at your service provider? Does your service provider have the same, or better, hiring practices as you do? How do you know that they aren't hiring Kevin Mitnick? (Don't get me wrong. Kevin has paid his debt to society and deserves the opportunity to find gainful employment, just like anybody else. Only, not at my company thank you.)

Remote administration _AND_ support

[mOdQuArK!]

Being able to operate a user's machine remotely is nice, and can help a lot, but one really important setup I'd like to have is a camera & microphone setup over their shoulder so that I can see what they're doing (including monitor, keyboard & mouse, and any other hardware setup) when the problem occurs! I've spent hours poking around on somebody's machine trying to figure out why it's doing something, only to find out that they're doing some kind of obscure key & mouse dance to make the problem occur - something I'd never guess by myself in a million years.

This probably isn't going to be practical until videophones & the necessary infrastructure is ubiquitous, however. (The little cameras ON the computer aren't necessarily much help, since those are often the first to go or the culprits when something is screwing up...)

The Unix way is old and proven

[aphor]

I don't understand what the big deal is. I'm a Unix Admin, and I can "become" a user any day of the week, and have had that capability for the ENTIRE ten years I've had root on ANY box.

First the person calls me. I answer some questions, trying to avoid having to type my own solution. If the user can't do it, they the user asks me to do "superuser" things (for example, "become" them and look at their files). This is OK because there is established accountability for things that happen here. Not so with an ASP. This is why Unix vendors have a hard time selling remote administration services to their clients. It is only done in a very restricted way, usually with (somewhat qualified) company personell supervising.

Re:What about Timbuktu?

[jmenezes]

Farallon made Timbuktu Pro for the Macs, and as of version 2.x, they also made it for windows, thereby enabling what i believe is for the first time cross-platform remote administration (this was back in early 90's)
Very handy tool, and one of the only ones available for a mac for a long time

Remote administration via phone ?

[bockman]

Would it be feasible?

That is, the user's computer call the tech support system and establish a ppp link ... then it can chat with the operator, explain the problem, and the operator can ssh in user's computer, look itself and try to fix the problem.

It looks a nice idea to me ...

There are times

[irksome]

There are times when phone support would be much easier than remote control. For example, I work at a large University. Our clients are mostly students, however we do support departmental offices too. Installing remote control software on every computer would be a HUGE pain in the (well, you know).

However, since you stated that this was for a corporate environment, I'm assuming that you have some amount of control over every computer. I think that using a remote control software in this situation would end up saving a lot of time over phone support. At my high school, we used Network Assistant on the Macs, and were looking into PC Anywhere for the PC's (that ended up not happening, due to school beauracracy) While it's good for spying, it was also easier to fix a lot of problems, rather than doing phone support.

-

Incompetent Remote Administration

[Peter+Simpson]

We have remote administration at my company, via Norton's Zen. The IT people can remotely install and upgrade the workstation software, which sounds like a pretty good idea, until the process screws up. The PCs here are not all configured the same way, because they were bought at different times, came from companies we acquired, or whatever. This can cause troubles when assumptions are made by IT about the software state of the machines being remotely "upgraded". Three times in the past six months, a remote installation of software has gone wrong in my group. There have also been about the same number of successful installs. We don't know for sure, because this happens without our knowledge or permission. Sometimes, the upgrade hoses the system and has to be backed out. Sometimes, it fails to complete, leaving the system non-functional. Sometimes, the new software breaks another piece of software installed for a particular user (like AutoCad or some other special-use software that corporate doesn't support...or even know about). In a continuing effort to cut costs, we have "outsourced" the IT support functions, which seems to mean that the support people do their best, but they probably haven't been here that long, and probably won't be here long enough to "learn the ropes". I have recently de-installed the Novell software on my workstation and am now supporting it myself. At least I know what gets done to it and who to blame.

Re:Incompetent Remote Administration

[Evil+Grinn]

The PCs here are not all configured the same way, because they were bought at different times, came from companies we acquired, or whatever. This can cause troubles when assumptions are made by IT about the software state of the machines being remotely "upgraded". Three times in the past six months, a remote installation of software has gone wrong in my group. There have also been about the same number of successful installs.

I have seen this problem myself. I think the issue is that people fail to realize that

Remote Administration != Administration en masse

at least not in the kind of environment you are talking about.

---

Re:Incompetent Remote Administration

[ocbwilg]

I think that you mean Novell's Zen Works. As near as I can tell, Norton/Symantec does not have a remote admin product unless you count PCAnywhere.

Zen Works really isn't that great to begin with.

Re:Windows XP

[beefness]

This is true, most of this has come from a partnership between Microsoft and Citrix, incidently, Citrix we're the first people to implement this type of technology on the Windows Platform, and they did it back with Windows 3.x

Citrix now own the source and the IP for Windows for workgroups, they got it for helping microsoft to develop terminal services for NT4.0, however, Microsofts effort at terminal services on NT were pretty poor, to get anything out of terminal services on NT, you need to use Citrix Metaframe, which basicly sits on top of it, and fixes the majority of it's problems, it doesn't fix all of them, but it does make it very usable, I talk about this in one of my other posts so I wont repeat that here, clicking on my info will let you track that down.

Terminal Services in Win2K are more improved, they still only appear in the server version, still to get the real benefit you need Citrix Metaframe on top, it's feature set just makes it much more manageable..

On Win2K server there are two types of Terminal services, the first is just to allow remote administration of the server (a maximum of two terminals), the second allows remote user logons to the server.

Remote Admin on 700+ user WAN

[MadMorf]

At a law firm I worked for a few years ago, we used PCAnywhere for Remote Admin on our Win95 desktops. Our offices were scattered along the east coast and PCAnywhere made helping anyone on our WAN a piece of cake. Others have mentioned that you should "Teach a man to fish" and I agree. Remote Admin does not stand in the way of that goal. On the contrary, it is a tool to facilitate training. You can watch what the user is doing and then correct them from thousands of miles away. Not to mention that using Remote Admin you can do a lot of work that would otherwise require travel. So, you can save on training and travel, 2 of the most expensive things in the IT budget.

Can't do 100% remote

[demaria]

Don't throw out the entire phone desk.

What happens when
(A) The remote site's WAN connection is down.
(B) The PC's networking is broken (for whatever reasons).
(C) The OS won't boot.

You'll have to have good phone people for these.

Re:Can't do 100% remote

[dynoman7]

I agree. Another problem is the fact that some customers just don't trust their contractors. I've worked on several government jobs where the only help interface to the customer is the phone. By design, customers like to have control of their systems. I don't mind either...sure, it may take a little longer to walk someone thru the diagnosis, but, in the long run, you find and fix the problem the right way using an agreed upon process (CM). Again, customers like control.

-dynoman7

Re:Can't do 100% remote

[Evil+Grinn]

What happens when
(A) The remote site's WAN connection is down.
(B) The PC's networking is broken (for whatever reasons).
(C) The OS won't boot.

You'll have to have good phone people for these.

All of the above will typically require a technician to actually physically go to the customer's site.. wow, what a concept!

Friendly and well-trained helpdesk won't do you any good if the guy who actually comes out to go monkey around with the customer's hardware is incompetent.
---

Re:Can't do 100% remote

[hobbesx]

Nah- Everybody knows that the best helpdesk guys are shackled to the desk.

This is what UPS is for!

VNC

[hydrino]

I a big VNC supporter. VNC helps our company do complex configurations of software over the Internet. This saves on huge phone bills for support as well as support engineers time. If the network is not working we always have dialup( painful). For an added boost try the tight encoder.

http://freshmeat.net/projects/vnc-tight/

Re:VNC

[wh1td0g]

yes, vnc is 'da shit'. its free and much more lightweight than pcanywhere and is multiplatform. on a windows 9x intranet it hardly makes no sense not to install vnc and set it to run as a service so remote administration is possible. and with an ssh server available, you can even do remote admin over the internet all nice and encrypted.

From the Trenches

[thomis]

I work in a very small shop (~30 employees)and do internal and external support. Our software product is fairly... erm... fragile, so I've dealt with roughly half of our user base (which totals about 500, from firms smaller than ours to BiG companies). I would absolutely love being able to work on users' machines remotely. Alot of the objections raised here have been from the geek point of view (no, I don't want remote admin on my workstation either), or the sysadmin pov. Then there is the argument for educating your users. This is ideal for in-house support, but I walk over to my co-workers' desk to do show and tell. My external support customers rarely want to learn something about the software, or their OS, for that matter. And it shows. I can walk someone through bringing up a 'Properties' dialog and reporting the info I'm looking for in roughly the same amount of time that it would take to run a diagnostic app and complete a fix. And for Lusers who struggle with a 'Save As' dialog, working with me to fix their pooter is just frustration, not a nifty opportunity to learn something. Don't tell me I just need to be more empathetic the Lusers- I try to leave even the most clueless with a grin from some stupid joke, but I think most would be much happier if I could just pop in and fix things.
and don't even get me started on the boundaries of traing people to use email packages I've never seen and teaching MCSEs how to change policies on their NT workstations... ("they can run 16 bit apps... there, I just ran Notepad!" /me- "*groan*"...)

Web-Based support

[Walter_e_Kurtz]

There is always the third option of web-based self help support. The company I work for does a great job in creating web based solutions to enable the user to figure out the issue for themselves. This reduces miscommunication and support staff errors. This also makes the user feel like they were able to do something on their own and makes them more productive. Admittedly there are some instances where there is a need for the phone support or an onsite individual to help but we have found that for the majority of problems the user is able to resolve the issue themselves if guided correctly.

Check out www.Safeharbor.com for some good examples of this.

When done right, it makes your life SO easy.

[testy]

With proper implementation, you may never have to be face-to-face with a user again. At my company, we had 1500+ users scattered around town (outgrew our offices), and simply didn't have the time for techs to drive around and fix stuff. So when the helpdesk sent us an issue, we would call the user, make them save their work, then (and this is the key) make them watch as we remotely fixed the problem. That way, they'll learn the proper way to do things, and won't have to call back the next time. Eventually, the helpdesk started using the app, and we had enough free time to work on important things, like upgrading network infrastructure and performing Y2K audits (did I mention this was a couple of years ago?).

As to the trust issue, many remote admin tools (Remotely Possible comes to mind) have a VCR-type function that allows you to record your terminal sessions. Initially, we only recorded sessions with "problem users," but the cost savings we realized allowed us to build a file server to store all of our sessions.

Finally, if users don't want the software on their system, well, tough. Remotely Possible (now called Control IT) allows you to push the software onto the client's box without the user's knowledge, and do so every time they log onto the network, in case the user somehow discovers and deletes it. This is useful with the aforementioned "problem users."

Give remote admin a try, but don't use it as an excuse to abandon phone support. The two, used together, make an excellent "teach a man to fish" tool, and will save your company a fortune in man-hours and support costs.

Re:When done right, it makes your life SO easy.

[rbrome]

I recommend Timbuktu. The enterprise version has extensive security policy management, and a private key system to ensure security over untrusted networks.

Four years ago, I worked at a helpdesk where we rolled out Timbuktu, (like PCAnywhere, but seamlessly cross-platform Mac and PC,) to the whole company. It worked beautifully and resulted in huge increases in employee satisfaction with IT, plus huge time savings on both ends. And that was with only one 70-person office.

As the above poster mentioned, the best solution turned out to be combined phone and remote support. A customer would call, and we'd connect to their machine. We would have them exmplain the problem and show us what they were doing first. If we could just guide and coach them over the phone and watch while they performed the solution, that was always preferable. We only took control of their machine if the solution was complex and not something they would ever need to do themselves.

(BTW, if you have multiple offices, and long-distrance calls are an issue, I believe Timbuktu can even set up IP voice connections to accompany remote connections.)

Just being able to watch their screen passively eliminated all of the communication problems that normally make phone support so difficult, and eliminated people sitting idle waiting for a techie to come to their desk. This type of combination support works better than anything else I've seen.

Security was a big issue with the company, but Timbuktu's extensive security policy management system gave us the flexibility we needed to satisfy our CEO's paranoid fears about being spyed on. Of course, employees had to give permission before we could connect to their machine.

Users vs Devices

[Prof_Dagoski]

The question of benefits in remote administration depends on what you want to manage. Remote administration is greate for taking care of devices. I haven't done too much of this aside from admin of internetworking devices through SNMP, but even that can be very powerful. Managing devices directly does indeed streamline the troubleshooting process as well as speed up maintenance and upgrading, but I doubt it can replace the phone support line. So many calls a help desk gets from a user are not the 'my computer is broken' calls, but rather the 'how do I do this' variety. Even so, I figure remote admin capablities can shorten the time to resolve problems, making the user and the help desk staff happier. That said, there are limits to what remote admin can fix. Remote administration cannot address faulty user behavior and the problems that arise from such. It can be argued that nothing can help that, but I'm not that pessimistic. Remote administration can deal with machines, but you still need people to admin users.

Cost Effective Solution - Try this

[tubs]

If you are after a cost effective solution then try this site

http://www.uk.research.att.com/vnc/

Although we have a closed network, so some security issues are hmmm, ignored, its a damn useful bit of kit.

Re:What if..

[CrazyJoel]

You can remotely control trained monkeys to push that darn enter key.

What if..

[ellem]

The phone line/CAT5 is kicked out of the jack?

How do you remotely administer that?

How do you remotely administer a powered down monitor?

How do you flirt with a hot admin exec remotely?


---

Re:What if..

[ellem]

Marge: I thought he was house trained?

Homer & Mojo: Eh...

--
Everything has already been answered by The Simpson's
---

What about teaching the (L)user?

[Dram]

What about teaching the user to fix their own problems? Would phone tech support help users learn the workings of their computer? If you have a person from a help desk go and fix all the problems remotely the problems could come up again and all the user would be able to do is call the help desk. If you explain to the user how to fix a problem you will not need to explain it again. (at least theoreticly)

is it in the travel industry..........???

[dingbarks]

i work for a company with a similar dilemma arising in the near future..... the fact is remote admin is the "economical" way to go but I dont think its all black and white! What about those problems that are easy to identify/resolve at the 1st level within minutes/seconds eg: printing, LAN connectivity etc ????? I think once a pre-determined amount of time has been spent on an issue (5 mins?) it should be escualted to second level at which time remote access is required to resolve........ Make all instalable programs offered to the client on the net (via eay to follow pages)...also missing a service you can offer to the client for a charge! But I think you will always require this 1st level for two reasons: 1)the easy issues are not worth the trouble given time taken to init RAS and get into the remote pc...... 2)a great way to stay in touch in some capacity with your clients (they cant think they have been completely forgotten, mmmmmmmmmm!) thats just my thoughts anyway, if ya can't be good be better at it!

Remote controls a good thing

[jayhawk88]

We've been using remote control in the shop I work, via Novell ZenWorks. It's great for taking care of "the little things", like missing Word toolbars or simple file-relocaton questions. Saves us techs a lot of unecessary leg work. Bigger problems like non-booting OS or what not obivously still take a visit, but really it's the little things that are the most time-consuming overall.

The best thing I've found about it is the ability to see what the user sees. Instead of trying to decipher what "My Word is screwed up" means, I can just log in and find out for myself. That in itself probably cuts the time for a remote control in half over what a similar phone call would take.

The only disadvantage so far is that the version we're using doesn't support remote rebooting. Apparently that's a "Real Soon Now" feature, but we'll see. And user resistance isn't as bad as you might think: most users find it "cool" to see their computer fixing itself with a mind of it's own.

Windows XP

[dirtmerchant]

This is one of the big new features of Windows XP that Microsoft is touting. Says CNET's Review, "A new option called Interactive Support lives at the top of all help and support services screens. Follow this link to open Remote Assistance, a peer-to-peer tool that lets you email other Whistler users and lets them, in turn, take over your system and show you exactly what they'd do. This is great if you can't find a feature or have a hard time explaining the problem you're having. The tool is designed to work with Microsoft or hardware vendor tech support but can also help experienced friends or family members solve newbies' PC problems." Sounds like yet another built in "feature" to add to a script kiddie toolbox.

Terminal Services

[PatJensen]

Windows 2000 has a built-in remote access feature using Terminal Services. It's on the same CD as Server and you just need to use Add/Remove Programs to install it. It will prompt you whether you want multi-user capability or remote administration mode. Select remote administration mode and you can use the Microsoft RDP Terminal Services client to connect and manage your applications and services.

As far as supporting applications go on individual machines there are many infrastructure components you can use. You have Microsoft SMS, Tivoli, Novell ZEN, Intel LanDesk and more. These packages can inventory, track, deploy software and allow you to remote control/reboot/debug most issues.

-Pat

Re:Works the other way around aswell

[PatJensen]

I've been in a situation like this, and the solution will work well until your Project Manager or Contractors decide to replace core components, not notify staff and then reboot your server during peak hours.

In times like that you need a remote administration SNMP-manageable handgun.

-Pat

The issue is not trust - phone is better because

[janimal]

After a support call, the customer wants to know how the problem was fixed, so (s)he can do it on their own next time. With remote admin, the customer remains oblivious to the problem even if you say what was done. They learn by doing.

There is a better solution that combines the technologies. The tech person should see what is being done, but not control it. The procedure should be walking the customer through somethig with better knowledge of what (s)he is seeing in fronto of their face.

Telephone-only support is definitely crippled. Remote admin is far worse, because it allows for abuses, which are much more detrimental to any company than an extra hour spent to get things right.

Janimal

It can pay, but evaluate the products first

[nishikigoi]

I've been involved in a project like this for my employer. We have over 100000 PCs in two thousand or so buildings all over the UK. It's estimated that it costs in excess of 100 UK Pounds for each site visit, so every remote fix saves a lot of money. Our helpdesk operators found that they could sort out the vast majority of problems with remote control.

The Downside though was that we managed to buy a product that just couldn't scale to the size of our business and still work reliably, so after two years and several million pounds we're having to rip it out and go with a new product.

If you're evaluating a product, ask to be put in touch with users who have similar sized enterprises to your own and find out from them what problems they've had. I'd be loth to name the product we failed with publicly (British libel law works well to protect big business against even genuine criticism) but it's one I wouldn't touch ever again. Let's just say it's produced by a subsidiary of a US company that might be in some way related to HAL.

Another benefit

[urbanjunkie]

You forgot to mention easier installation of trojan de jour by disgruntled helpdesk employee.

Re:Not quite

[devildog-kryliss]

Actually what you could do in a situation like this is run VNC from work and then use it at home from your browser. http://127.0.0.1:5801 and you will pull up that same desktop in your browser. Works pretty slick.

Remote assistance is more than remote control

[derossi]

NB: I work for ePeople.

It's important to realize that remote desktop sharing/control is not the same thing as remote assistance. Desktop sharing is one tool, and a commodity one, that has been around a long time (Timbuktu, VNC, PCAnywhere, ...).

To really have an alternative to traditional phone-based support, you need a lot more components. As has already been suggested, trust is a huge issue that has to be acknowledged and faced directly.

Who is going to provide the support? If everything is internal to a company, and employees are providing the help, it's a totally different world than if you're going to allow outside people to dynamically participate. If you do want to take advantage of outside people, you need to think about certification, validation, reputation, ratings, and everything else that lets you achieve the comfort level you need.

What communication mechanisms do you need? Chat is rarely enough, since it really only lends itself to the trivial, "one and done" type problems. A unified combination of chat, posted messages, email, and phone gives the most flexibility. You've also got to be able to re-enter communication after reboots, research, or even lunch breaks.

What commerce models do you need? Strictly internally, you may not really care since all employees are entitled to support at no charge. For supporting customers, there are many shades of entitlement and costs. What you really want is a way to associate different costs/prices with different severities/response times/requestors/etc.

What other support tools should be smoothly integrated? Do you need data gathering? Diagnostics? Or do you want to have to use the remote control to go and check the user's system configuration manually each time?

Works the other way around aswell

[boaworm]

Remote administration works the other way around as well. Say that a company has some development groups, each working on a dev server. As soon as the work group needs to access the machine to register a component (dll) they have to run all the way down to the basement and ask admin staff

Instead, by letting the dev servers be remotely controlled by the project leader from his own workstation, both users and admins save time.

It works good, and saves time.

Old Stuff

[herbierobinson]

Stratus Computer has been doing this for 15 years over phone lines. It works great (I've debugged problems on computers half way around the world). You still need to keep the phone support, though.

Trust

[sulli]

I don't trust anyone to remotely access my PC. So I won't participate in any remote-admin program, and I've deleted all remote-admin software that my IT dept. has put on my PC. Frequent, intrusive "Y2K fixes" turned me off permanently from this.

Re:What Program?

[sulli]

Well, the Cult of the Dead Cow makes something called Back Orifice that I hear works pretty well... you'd never know it's there!

OH MY GOD.

[7-Vodka]

Why has NO ONE mentioned Micro$of~'s Windows XP?
Alright, allow me to point out what Windows XP has to do with this:

Quote: One totally new feature is the ability to allow one XP user to take control of another XP user's computer through the Internet, something Gates said would make it a snap to diagnose and fix problems.

Here is the link to the original article: Windows XP review

"just connect this to..."
BZZT.

Remote admin has it place

[mprindle]

I work in the Industrial sector. The Industrial sector is always behind the commercial/residential sectors in the way of technology. We are just now starting to use Remote Access technology. In our specific application we use PCAnywhere.

PCAnywhere in our situation is great. Let me give one example. I am at customer x's site doing a software upgrade on one of there servers. The upgrade "wizard" appears to complete successfully, but on the start of the application it appears that that the database was not imported after the upgrade. So I do a manual import of the database that was saved earlier. All seems to go well, but after a few more checks there are some pieces of the software that are not working. So you go through all your normal tricks and nothing works.

Finally you have to call tech support to figure out what in the heck is going on. Instead on having them talk through what is going on, you hook up the modem and let them dial in via PCAnywhere and see for themselves.

As tech support pokes around looking through the registry and some of parts of the app nothing seems to be to bad. They try some of their tricks, but nothing works. Finally tech support decides to remove the app and reinstall it. Remember this is all being done remotely.

Tech Support totally removes the app, including all of the registry entries and every other trace of the program. Then proceeds to reinstall it.

This previous scenario happened to me. If tech support wasn't able to dial in and figure out what was going on then, it would of been a REALLLY long phone call with a lot of "what did you say", "where is that", and "it didn't do what you said".

So the ability to dial into a system is a great option to have, but personally I wouldn't want someone dialing into my personal system poking around.

What Program?

[b0bby]

If you don't mind me asking, what program are you running? I'd be interested in a fast secure remote control program.

What about Timbuktu?

[glebite]

We used to use these on the Macs to do work at our desk from the lab, or vice-versa.

I can't recall who made it, but it was more than handy to do similar operations as remote administration, as well as complete control over the remote machine.

Re:What about Timbuktu?

[glebite]

The above post should be modded up above 0 - the information was handy, Timbuktu information can now be found at: Timbuktu Info

And yes, this product seems to work nicely inter-OS.

Thanks for the update, dude...

Remote is the way to do it

[smnolde]

The area of the comany in which I work does 24-hr emergency support for our customers. We've had remote admin tools available for well over five years.

Now, we're using more and more of VNC for remote admin and it's been a blessing. There are so many times I've had to explain to a dumb-ass-brick-head how to configure the same software he's there to support.

We also use the same customer's site to potential customers as an example of our remote admin and diagnostic utilities.

Remote Admin = Bad

[Tomcat666]

If there was only remote administration for my software problems, I wouldn't be that good in fixing problems myself. I learned lots from the mails and phone support lines of companies.

One example, happened just weeks ago: I installed a Cygwin compiled version of the PsyBNC IRC bouncer. But it didn't work together with my Cygwin compiled eggdrop (btw Cygwin = run Linux programs on Windows). So I asked the developer if he could help me out. He told me to get the complete Cygwin suite (something like: run Linux command lines and programs inside Windows... like VMWare, but the other way round). I am a Linux nobody, so he told me what I could do to set up remote administration. I did, he tried to configure the bouncer via Telnet, didn't succeed. And I couldn't do anything further because he didn't tell me what he did.

To make a long story short: It's often essential that people show and teach You how things are done.
I understand Micro$oft adding remote administration to their next Windows so they can help their customers. Because these people just want it to work. Windows users just want their machines to work right, it seems to me as if most of them don't want to learn how they can get their things right themselves.

But maybe there are a *few* people out there that want to learn that stuff. Like me. :)

And btw... companies don't want their phone support to teach you the important things.
1) It costs time (= money) that shouldn't be wasted.
2) They may lose customers because those can fix their problems themselves.
3) They may have to pay even more money to fix improperly fixed problems. :]

Remote Administration vs. Phone Support?

[kilroy7]

I use a combination of VNC and ICQ in my organization. With 6 different sites to admin, VNC has allowed me to work on any machine in the organization from one location. Of course, some problems just cannot be solved by remote administration....but when they can be taken care of by connecting and taking remote control of the workstation, it saves a lot of leg work.

Re:Dumass

[delcielo]

Dumass isn't a word... dumbass.

My euro0.02 worth

[Reedi]

We installed this sort of thing in a previous job for a very large UK law firm (no names, no non-disclusure suit) with the idea that it would save money and I suppose in a way it did.
We had to spend a long time injecting large amounts of clue (sometimes forcibly and with the use of language which was "inapropriate in a professional environment") into the heads of the helpdesk staff though and not a few rantmails to the manglement about the pitiable state of the staff they were hiring to work the phones.

(One guy was hired on the basis of his 3 years experience on a helpdesk - As it turns out when we sysadmins questioned why this guy could barely type never mind fix a user's mailbox we found out that the helpdesk had been for users of cash registers...)

What we found after a while was that although the helpdesk staff were improving, the lusers were not. In fact they were (as if it was possible) getting worse.

We were stumped as to what to do to get out of this downward spiral. The solution? Lie to the lusers and tell them that remote control is down for the day and talking them through it is the only way. They soon tired of this and began to remember passwords etc.

One problem which may rear its ugly head especially if you are fixing external client's PCs which I have come across. What do you do if as I did I found an image of what I judged to be a minor in a state of undress?
I deliberated over this for a few seconds then called in my colleague who agreed on the age estimate. From then on it took whole milliseconds for my hand to reach out for the phone and the boys in blue.

This was internal so I had no qualms but it might place your company in an interesting legal position if it was an outsider.

Ian

PS. The whole thing was hushed up and he left the firm.
No one ever asked me to be a witness in a court case against him so I guess he got away with it.

Not quite

[infiniti99]

This doesn't "take over the X session". Rather, it starts a new one. I've also found this to be a problem with a command shell as well. There is no way to transfer it.

I believe the Windows version of VNC serves up the current desktop because that's the only way it can work on that platform. The Unix version actually fires up a completely independant desktop into the background which is very powerful but it also means there is no way to serve up your current session. There have been many times where I had something that was running (like a download) and I wanted to be able to resume using the app/desktop when I get home. No chance on Linux..

Right now if you want to be able to resume your desktop or shell elsewhere, you have to think in advance by starting up VNC or "screen" beforehand. There has got to be a better way. Sure everyone could use VNC locally all the time (just in case we might leave the computer) but isn't that a bit silly? Also insanely slow. As crazy as it sounds, there should be a way to make Xvnc operate like the Windows server.

-Justin

Re:Not quite ?! wrong ;-)

[infiniti99]

Wow. Exactly what I was looking for. This could come in handy.

I just thought of another problem though. When serving your current session, doesn't that leave you wide open at the local machine?

There ought to be a way for the server to blank the local screen upon remote login (so fire up server, then start xlock and go home). Or perhaps a way for the rfb server to completely take over the entire X session and disconnect the local X server. So the whole session would go into the background and kdm would pop back up or what have you.

Cool that this comes with source.. perhaps I will have to play around.

Thanks!
-Justin

There's one point where Internet support will fail

[AFCArchvile]

For instance, ISP's can't rely on Internet-based support; what if there's a customer who can't connect? What good is Internet support in that case?

who needs remote control?

[Evil+Grinn]

If you're on the same NT domain as the user, and you are an administrator, you can just edit his registry directly. I used to fix things all the time by doing that. No need for any special remote-control services that may or may not be available.

Of course this was in a company that could afford its own tech support staff. No company would ever give this kind of access to some 3rd-party outfit. At least I hope not.
---

Remote Admin in Automation

[elbarsal]

Having dealt with more than one customer site where remote access to PC's would (or has) simplified matters, I have to say that it is a good idea.

The key is that I work for an automation contractor, and systems we deploy do not belong to particular users; the systems belong to the process or line they control. As such, it is essential that we correct any issues promptly, which is more easily done over VPN or dial-up line, rather than taking a drive or a flight.

Additionally, the users we deal with are responsible only for the workings of their process or line, not for the condition of the PC's they sometimes use.

A co-worker took a trip last week (hour and a half drive, each way) only to reboot a PC. This also speaks of the capabilities of the customer.

Ed

Around here...

[Xibby]

Where I work I have a couple extra accounts in AD for support people for some of our custom software. Whenever I need to show them what's going wrong, I have them login via Citrix and shadow their session. Works rather well. When their done, the AD account is disabled. TO ensure they use the correct settings (128bit SSL encryption) I have the java client installed as an applet. Overall pretty slick. (Keep everything properly firewalled...)

This soultion from Compaq looks interesting, but I don't see enough advantages to make it useful for UNIX. For NT though...

Perfect Use for Remote Admin

[Quantum_Well]

Obviously, this is just what I need for those weekly calls from family members.

Phone Rings:

Me: "Hello"
Family member: "My computer isn't working"
Me: "Groan"

Next thing you know my dinner is cold and I am ready to put my fist through the wall.

One Solution, Many Platforms

[QuonsetTheHut]

I've found VNC pretty helpful. Drive NT/win2k from Linux. Drive win98 from a palm pilot. Drive Linux from a web browser. Can't remember if it does MAC yet or not? I've tried M$ Net Meeting, but it's a pain to install, and at least one reboot involved if you want to allow remote operation (ugh!) AND... it does Xwindows!

It's a little slower than some solutions, but it does the most on the most platforms. I give it 2 thumbs up!

Remote Administration

[big_groo]

In our organization, we use Tivoli - an IBM product. I'm one of the desktop plebes, so if it can't be resolved remotely, it's my job to run around and fix it. With Tivoli (I don't know about the other programs) you can control Unix, NT, 95 you name the clients. We mostly use Tivoli for remote updates of software (MUCH easier than sending a tech to each of the 30,000 workstations we have). If a bug is found in the software, quarterly (sometimes more) updates are performed on all the ws's. The only people in our organization that have access to remote control are the Tivoli group (of course) and the CSD. The CSD will use it on occasion - if the (l)user doesn't understand what they're being told to do. We also use Tivoli for asset management. When you've got 30,000 leased desktops/laptops, it's nice to have a current list of serial numbers, equipment reference numbers etc. on hand.

For the most part, this works well, except when you're having network issues. Lose a switch? What then? Router implodes? Oops. "Click here...now do this..."

What happens when...

[fognugen]

I worked the PC support desk at a large PC manufacturer for about a year, and I can think of many examples when this would not suffice.

1.) Processor is not seated properly = No Post
2.) Modem or NIC is messed up = No Connection
3.) Customer is checking the status of a work order = No use for remote admin
4.) Customer is lonely & wants to chat = I'm a social worker...

Remote mistakes ? network problems ?

[Quazion]

#ssh -l quazion 1.1.1.1
password:

Your connected to 1.1.1.1
Welcome Quazion...
$su -
password:
#ifconfig
....
eth shit...
....
#ifdown eth0

( Connection timed out )

Somethimes its a real pain you cant change network settings when the network card is up ;D

But this shows some simple mistake that happends over remote networking the costs downtime and a lot of time to get there and get it back up...and if someone was behind the console of that machine it would be back up before even someone noticed...

Re:Remote mistakes ? network problems ?

[Quazion]

This makes me feel very stupid, your happy now ? ;D

remote admin is popular, and an old topic : unix.

[rigor6969]

I mean really, with unix, remote admin'ing has been a standard for ages. If the security is tight, SSH/VPN/firewall/dialup whatever, its not a security point. Some remote admin, i do via ssh, some i have to go through a secure dialup. Doesn't really matter, as long as the proper security is installed, correctly from the beginning. It saves me time, the customer time, and the bottom end result is less time wasted, hence less $$ fees for the end user.

remote administration apps

[abcbooze]

also known as TROJANS! Back Orrifice anyone?

Don't rely too much on remote administration

[Kj0n]

I think remote administration is the ideal way of configuring computers on the network, but it can be dangerous to trust it too much. When there are serious problems that cause the remote administration tools to fail, you should be able to fall back on phone support or be able to go there yourself and fix it.

If this is impossible (for instance, when the server is located in another country), be sure that you have experienced people there who can assist you.

Phone support with Remote Admin works very well

[Mantrid]

I've found that having a PCAnywhere session (or shadowed Citrix session) open while talking to someone on the phone is very effective. The only problem is when people start pointing at the screen with their fingers (which they might do with voice only anyways) hehe

.....

[gr8fulnded]

remotebox# setenv DISPLAY mybox:0.0
remotebox# netscape

Problem solved.

(ok, so its been awhile since I used the DISPLAY variable. My syntax might be a little off).

--Dave

One major drawback

[Jedi+Alec]

If the tech screws something up he/she's responsible, while normally you can still blame the customer for having done something wrong, or something along the lines of:" Oh, in that case your system was unstable already"...

Nothing is black and white, but remote admin works

[ocbwilg]

I have been using remote admin tools in various jobs for several years now, and I like them. We all know that it's time-saving, and time equals money, but let me spell it out just in case.

A user calls the helpdesk with a problem. The user is clueless as to how to operate a computer, otherwise they would have the problem. This is further complicated by the fact that most users don't have the knowledge/language necessary to express the nature of their problem in a way that is meaningful to technicians.

When I worked as a level 2 technician, I would have to call the user back on 90% of the tickets that I was issued simply because I couldn't make sense of what the user had told the helpdesk. No wonder the helpdesk couldn't help them and decided to send someone 'round to check it out. So I'd spend about 10 minutes on the phone with a user working through what exactly the user was doing that caused the problem only to realize that it was a user training issue rather than a support issue. Or that it could be fixed by changing a simple setting in a configuration screen. Something the helpdesk could have done had they comprehended what gobbledygook the user was spouting.

When we finally implemented a remote admin solution we gave the helpdesk access to it. The number of tickets that were escalated to the more expensive level 2 support people decreased dramatically. There's a cost saving right there.

But in my organization when a level 2 technician had to go "deskside," they would have to take an elevator (or the stairs) to the appropriate floor, which became an issue because our company spanned 21 floors of the office building. If something couldn't be done over the phone then it could take 20 minutes in travel time (waiting for elevators, making stops along the way), not to mention the time it took for the fix.

Once we had remote admin, even in most scenarios that did escalate to level 2 we could fix them remotely by logging into the user's system with a privileged account. Software installs typically required a deskside visit. With remote admin, I could just log into the machine while the user was at lunch and when they came back it would be working. I could do 5 installs at a time if I needed to without leaving my desk.

This obviously was a time-saver, which of course equates into a money saver. And in fact we did eliminate at about 25% of our level 2 support staff due to the "reduced workload". So it definitely can save money.

We also used remote admin tools to work on PC's at remote sites (which allowed us to not even have IT people at the remote site and still service the users adequately) via the WAN. We could even remotely troubleshoot systems from salespeople in the field who were logged in via dial-up. Sure was slow, but it worked. So there is significant savings attached to it.

As a sysadmin, I use remote admin tools all the time when working on servers. Makes it very convenient, especially if I need to work on several servers simultaneously.

In your situation with it being an ASP, obviously the issues are slightly different. I've seen a couple people here who've been pretty adamant about it not being a good idea in that kind of an environment. Someone even tried to claim that ASP just means a webserver with request forms. So with that in mind, it appears that we have to define what an ASP model actually is in your case.

The ASP that I worked for generally had WAN links to all of our customers that they used to access the apps that we hosted for them. These were of course firewalled on both ends and only passed traffic between clients and the app server. In this situation it should be relatively simple to allow traffic from your remote admin tool between the client company and a specified pool of systems at your company. This can be a relatively secure solution and it would work pretty well from a technical standpoint.

But if your ASP is one that only provides browser-based front ends to an app server via the Internet, it is considerably more difficult to implement a secure remote admin tool.

And then there's the whole issue of customers letting an ASP have admin capabilities over their desktops. Or are we talking about remotely administrating the servers at their site (which their shouldn't be many of if it's an ASP model)?

So I guess the question is how are you defining yourself as an ASP? I worked for an ASP that evolved from an outsourcing model. We started as a company in 1995 with customers that outsourced their entire IT departments to us, including app servers and desktop support. When the ASP buzz hit, we shifted away from desktop support and more towards apps. We used to farm out a lot of applications via Citrix (someone else mentioned this) and we could shadow users sessions. But that's not so much remote admin since the session is executing on the app server anyway. Unless your company also is contracted to provide desktop support, it seems to me an odd way to go.

Large scale remote admin

[Anml4ixoye]

I work for a large county government organization. We have over 10,000 employees, most of which with one or two computers. We also staff a 6 member helpdesk at a remote location that is tied to us using fiber. We run a program similar to PCAnywhere but that is extremely secure, fast, and runs seemlessly in the background. In fact, you would never know it was on your machine until someone admins it.

I think that this is probably one of the features that keeps us at the level that we are. While we give basic computer classes to our employees, trying to solve a problem using just the phone can be both frustrating and time-consuming. And with us having offices all over the county (and with the county spreading some 300 square miles or more) this is just phoenomenal.

Of course, this is run through our own organization, and not through an ASP. But the same idealogy can be used for that as well. Compare the initial costs of the software and setup to the costs of teaching the employees the skills to do basic troubleshooting and the time wasted by Net Admin having to talk them though the process, etc. If a basic service call with phone support takes 45 minutes, but with Remote Admin it is cut down to 7 minutes, that is a significant reduction in cost. Factor in the salaries of both the employee being helped (say $14.00 per hour) and the help desk personnel (Hmm, how do you convert peanuts to dollars again?) and you can generate a pretty report to show management. All before lunch. Good luck!

RA == Repair

[radialphish]

It's obvious you appreciate the virtuies of remote administration. It makes your life easier. However, a clear distinction must be made: remote administration IS NOT SUPPORT.

It's a repair service.

When you go in and make the screen fly on a bewildered user to fix a problem, you have to ask yourself are you fixing the real problem or the immediate problem? Give a person a fish, and they won't go hungry; teach them to fish and you feed them for life.

Phone support is more tailored to teaching users what they have done wrong, getting them more familiar with the system. Remote Administration destroys the learning experience. This results in more unknowledgeable clients having more and more problems because they haven't realized what they're doing wrong.

An ideal situation would employ both forms, where you both show visually what to do, and explain the reasons for doing it. It may be harder, but you will get less calls for support!

Needed to be pointed out

[ooze]

Although this should be obvious. But remote administration is to do fix those screwed up file systems without needing to say you clients how stupid they were. You fix it, and send them a mail of success with the note, not to do this again, and all are happy.

Remote administration

[Yoshi+Have+Big+Tail]

The problem with this is that remote administration restricts you to using Windows or Apple (because PCAnywhere isn't available for Unix) - and you might prefer a 'free' solution (although I guess this demonstrates the importance of TCO - it's not the initial purchase price that counts, it's the total cost of ownership).

Re:First Jew

[feldsteins]

Get professional help before it's too late.
--

Self administering software?

[iqgenius]

Best after software that didn't break (!) would be self administering software that could dial-up and administer itself (like the old days!)

Re:Self administering software?

[bentai]

I would make software that does not break, but unfortunately I gave up my control of Microsoft ; )

Remote administration is an anachronism

[bentai]

Why have a helpdesk person dial in when computers can be programmed to fix themselves via "self-healing"? Check out http://www.inodeusa.com/home.html Sure, there is an ASP component, which they call Managemetn Service Provider, but there is also a tool for making workstations bulletproof.

Comments from Control-F1 developer

[DillyBravo]

At the risk of looking like I'm giving a plug, I'm going to go ahead and post this.

Desktop Streaming and ePeople are two players in this space; I happen to be a developer at a third with a much stronger product: Control-F1 (www.control-f1.com), which, along with my previous help desk experiences, gives me a slightly different perspective on this issue.

Admittedly, remote support isn't the solution to every support problem: users who have unplugged their machine, or can't figure out to to login, for instance, obviously require a different method.

Also admittedly, a lot of the solutions out there (like Desktop Streaming) are remote control oriented, and this brings up a host of security issues. Our solution, however, also adds a suite of diagnostic tools to the equation, as well as integrated security.

For starters, users request support by visiting a support portal; that solves the social engineering issue. Secondly, the user has a complete host of security settings at their control, and the help desk administrator can set a default for those settings; anything from 'anything goes' to 'prompt me before you can look at my hard drive'. This also goes into a lot of other options, but I'm not trying to do a plug here so I'll lay off.

As for the phone support vs. web support issue: people like to talk on the phone. Some people won't do it any other way. But remote support has a place here, too, at least in the diagnostic tools realm. For example, one of our tools allows you to setup and save templates for getting data from a machine, instead of walking a user through it. That saves a lot of time, which translates into both ROI and happier, less frustrated technicians.

Then you have the issue of fixing things for users instead of showing them. Remote support has solutions in this realm too; remote control can let you quickly train a user on a task without a long, frustrating, and (for the user) humiliating attempt at doing it w/o the benefit of visuals.

Auditing? Tech's screwing up? Everything is logged, so yes, if an incompetent technician (or a comptent one who makes a mistake) screws something up, the finger points at them. The benefit though, is that instead of having to point at the customer and hope no one finds out, you have an audit trail to reverse most mistakes you made, instead of having to guess at what they might have been.

There are lots of other benefits; check out our website, as Desktop Streaming and ePeople are only half of the solutions in this marketspace. But my essential point is that remote support is a viable tool. Good security and education make users comfortable with the idea, and that's available now. Strong diagnostic toolsets save technician time and frustration, and I know I would've killed for that. Web-based eSupport isn't going to kill the traditional help desk, but it's a great benefit.

Finally.. Thanks for all the great suggestions on how we can make our product more valuable.