Slashdot Mirror
Remote Administration vs. Phone Support?
Korgan asks: "I work for a company in which our primary focus is phone based support and helpdesk operations. Lately I have been involved in the trialing of several products that essentially allow agents to provide support across the Internet using remote administration using an ASP model. Examples of this type of technology in action are DesktopStreaming and ePeople. Does the community have any ideas and suggestions as to what they think would be the benefits and detriments of remote administration over phone based support?"
In my humble opinion, remote administration is much more efficient than phone support from the obvious standpoint of communication. Many times phone support can be hampered due to the miscommunications which can occur on both ends of the phone rather than a knowledgeable user who can access to the system and diagnose the problem in a matter of minutes. The major problem with remote administration, however, boils down to a simple matter of trust: most companies don't.
"The primary target of this is the corporate end user. I have been asked to provide reasons to the MD of the company that would qualify savings and improvements in KPI (key performance indicator) and SL's (service levels) and to justify why the initial expense would prove to be an overall savings in the long run. Things along the line of reduced problem resolution time, faster response, increased technician productivity and the like have already been considered. I am sure that there are many more reasons out there for a remote administration tool/service being more practical, cost effective and generally better than the standard phone based support most corporates employ."
But seriously, you are describing in-house support. In this case, the question of trust (which I would presume to be the most important) is just not an issue (hopefully, anyway ...). But this is
quite different if a different company does the support and thus might get access to confident and perhaps very valuable data and documents.
Voice or remote admin adds up to the same trust issues. For example, what's to stop a voice support center from telling the user, I'm going to email you a fix for the software. When you get it, just double click on the attachment. It might warn you about running a program, but it's OK this time. Viola!! Back Oriface is running and confidential information is available.
When it comes to support, there is always a minimum level of trust required, even if they work directly for you (many people can be bought for the right price). Many of the people needing the support have no idea what is going on, and will do whatever the support person says without question.
For that matter, one night when I called my former ISP with a problem, the support person was also the night admin, and he typed (as root) exactly what I told him to. The problem was fixed, and all was well, but....
"Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime,"
I prefer this version: "build a man a fire, and he's warm for an hour, set a man on fire, and he's warm for the rest of his life"
http://rareformnewmedia.com/
I once worked at a school where we had an computerised register-taking system. The thing is, this thing was a proprietary as hell: a maze of DOS .BAT scripts and FoxPro (or similar) databases and custom applications. While the staff involved were given training in using the system when it worked, any maintenance or troubleshooting was done remotely using PCAnywhere.
Essentially, the remote administration was provided in lieu of any kind of training or detailed documentation, and as a result the school would have to continue paying an annual fee to the company involved for as long as they wished to keep the system running.
In all fairness, many schools must be grateful to be able to look at the system as a black box, and the remote admin we got was very good.
--
Since when did "Engineer" mean "Tech support monkey" ?
--
That's SSH, remember!
There are times when I want to be walked through a procedure in order to learn it for myself, and there are times when I want tech support to save us both time and just fix the damn thing.
"How many light bulbs does it take to change a person?" --BMcC-->
It's a fair point about in-house vs external support, but if you can overcome the trust issues involved, it makes life a lot easier.
--
In any case, there are valid points raised by both the preceding posters. Yes, Novell allows remote putzing about with machines; if the admins are causing a problem with it, you need to get your change control procedures right; it's a people problem, not a technical problem.
As for developers, yes, they should have seperate machines for testing on, ideally not connected to the rest of the network; you don't want to run untested code on a live network! For every intelligent developer, there's half a dozen who have posterior/elbow differentiation problems. Given how easy it is to learn VB, are you surprised? :)
--
If we remote control a user's PC, we don't have to leave our desk to fix a problem on a computer at the other end of the building. If it's something complicated, we can do the work from our desk, without having to tell the end-user how to do it.
As an example, we had a new member of staff yesterday who had to have email set up. Rather than tell her "type this in this box, then click on OK" (after figuring out which box it is...) I was able to type in the details from my desk and only had to get her to type in her password. The email program was set up in about a minute; doing this by talk-through would have taken at least double that.
In short, you save on staff time, so you don't need so many staff (ie, savings for the company). The staff don't get so stressed (have you tried talking someone through tech support?) as well.
The only potential downside is that staff don't get as much exercise as they don't have to leave their desk, possibly leading to eye-strain (staring at the screen all the time) and other problems. These can be alleviated by rest breaks and properly designed workstations.
--
well, getting a gui is /so/ much better than talking someone thru a blind procedure (and HOPING they're clicking what you think they are clicking).
One solution to having a security risk open is to have a remote control agent available but not always running. say PCANywhere is installed, but not waiting for connections. Then if someone has an issues, you can ask them to launch PCANywhere, connect and tweak, then shut it down, and move on to the next issue w/o wasting time making a big deal out of every little thing.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
The "ASP" biztalk aside (that's just a funky workd used here for a webserver with request forms), these seem to be standard helpdesk companies which use a remote management tool (like VNC, ReachOut, pcAnywhere, CCM, etc).
You basically allow the help desk to remotely control your employee's client PCs. This means that - if you do not throw a dedicated line or big VPN solution - every single PC has to be addressable to internet. Even with a well designed firewall in place this introduces quite a risk for DoS attacks against the clients.
So if you open your company to be remotely managed by external help desks keep an eye on your security needs. Especially take care that you do not open a backdoor through the help desk system (your_net --> VPN --> help desk --> VPN --> other_net) and that liabilities and NDAs are safe and watertight for you.
Remotely managing clients can ease administration quite a bit (as posted before), but can become quite a hassle if the system does not work properly.
And make sure security does not become second. The admin tool either must require the user to confirm session shareing and enable him to immediately regain full control (by pressing a(ny) key) in case of problems - or enforce login as different user (which will log out the current user if he does not abort that with confirming a "really logout" popup box). Otherwise you will not be able to tell who did this or that possibly unpleasant change.
Lately I have been involved in the trialing of
several products
Trialing is a word?
-j
Forget that X-Windows source code rip with security issues (also known as "NT Terminal Server" ;-) and save some dough by just use a SSH client with port forwarding (like TeraTerm + TTSSH and VNC). It works great at my company, letting me support my notebook and other roaming users while they are on the road. TeraTerm+TTSSH is cake to setup, and you can configure it so all a user has to do is click an icon to connect with port forwarding.
-- Bryan "TheBS" Smith
-- Bryan "TheBS" Smith
Independent Author, Consultant and Trainer
This issue has been addressed by the upcoming Windows XP (codename Whistler). Based on Terminal Server, Windows XP allows you to setup one-time trust relationships with a set time duration, allowing somebody else to gain remote access to your desktop for situations like this. Really neat stuff.
When you actually speak with a user on the phone (or better yet see them face to face), you have a valuble opportunity to *educate* them so they won't repeat their mistake. Sure, you can send them an email after you remotely fixed their problem, but they probably wont read it and they almost certainly wont retain anything from it. In fact, they learn better if you simply tell them what to do and let them actually execute the steps to fix it.
Phil Agre has an excellent guide to helping people use computers that anyone working in a support or helpdesk position should read.
...this would be a no-brainer. People aren't interested in fixing it. They just want it fixed.
No one would think of servicing TVs, VCRs, stereos, cars, trucks, boats, planes, appliances, etc. etc., by having the consumer call someone, and that someone then directing the consumer's actions.
It's time computer support became modernized. Others here speak of teaching a man to fish, but this is a far more complex task than fishing, and computer repair is beyond the comprehension of half the population.
No, that's not elitist. Beyond comprehension is either by choice, or by design. In the case of computers, people choose to not understand, and the designers have chosen to make it incomprehensible.
According to this article (in German), that kind of remote administration is a feature in Windows XP.
My favourite quote - Microsofts Jim Allchin on the question whether that introduces a potential security risk: 'nothing can happen, the data is encrypted'.
;-)
We use Novell NetWare and ZENworks. It rocks for app distribution, workstation inventory, and remote administration. ZEN 3 has even more features, plus you can integrate your Linux machines into the NDS tree.
s /w hatsnew.html
http://www.novell.com/products/zenworks/desktop
"No prints can come from fingers / If machines become our hands." -- Jack Johnson
That's how we did it at my last job. Customer has a problem, they fire up the remote hosting software, we connect and fix the problem, they shut down the host software.
Best Slashdot Co
But beware "social engineering". To avoid this, if you have a software update to upload, you call the customer and tell them to call you back. This way they know they are actually getting the update from you and you will know if someone is trying to mess with them.
The last company I worked at (which did industrial automation) did just this. PC Anywhere on the users machine and when they had a problem they called us, turned on PC Anywhere, and we connected and fixed the problem. Then they turned off PC Anywhere. Very secure, as they only allowed access when there was a problem and only after thay called us and we told them to do so. And much faster than getting on an airplane and flying from Utah to Maryland, or wherever they were.
Best Slashdot Co
And for those people, you fix it and get out of the way... But from my experience, there is a large number of people that just need it explained to them and they get it - much larger than the surly employees who work where you do. :)
You say you want a revolution?
It seems clear that you have never worked for support in a corporate enviorment.
And you'd wrong. I spent 3 years in college through the trenches of MIS as support tech, help desk and network admin, and DBA admin. From every standpoint I had direct contact with some of the thickest people imaginable. In the time that I spent there, I recieved high praise form almost every employee (I think I pissed off one guy once), on the fact that I spent a little extra time to make sure that they got it. When I switched from Tech to HD my role went from a more hardware to more software package problems. When I went to NW admin I fixed and explained to them how to manage files and email better (though that had the least contact with them). When I switched to DBA, I started creating usable interfaces according to their specifications, helping them get it right the first time as opposed to ordering 3 revs on a single form... I had praise from managers, Directors and VPs all of which were amazed that their people were happier and more literate.
Trust me, I worked my way though the trenches of MIS. Go out to a shipping departent
If you did, you would know that there is always a percentage of the users (If you have a sales department, the number is generally higher) that just simply do not pick up on fixing common problems. they will call time and again with the same set of problems. You patiently sit on the phone with them, and identify the problem, explain what caused the problem, explain how to fix the problem, and explain how to avoid the problem in the future. All the while hoping against hope that this time he gets it, knowing full well that he won't
And traditionally, any problem I encountered that was not operator error I fixed without question. If I didn't think the user would get it, I'd explain it, I'd explain why... and I'd explain it in as simple terms as possible. By another guy I worked with I was told that I had too much patience for stupidity... Probably true, but he never made it out from behind the help desk...
But I think you read too much into my definition of increasing their knowledge. Douglas Adams once comment that flying is falling onto the ground and missing. I commonly think of being *proficient* with computers as "not causing the BSOD while I perform my daily function." When you take the time (as you said) to explain how to avoid the problem in the future, you are increasing your users knowledge. Maybe they won't get it this time, but some day when they are about to do something similar, they'll stop, think about what they are doing, and ultimately avoid their previous problem... They may not know exactly how or why, (though at the time I usually explained that) but they do have the skills not to cause the same problem again.
You say you want a revolution?
But any good support person would not only remote the machine but would also explain to the user what they were doing while they are working on the PC. A lot of people learn buy doing or seeing what is going on. So as you take them through each step you tell them what your doing. Or you can actually do the remote control as a window so you can see what the user is seeing and still talk them through it so they get the experience but be better able to see if they make a mistake.
Ah, but the original posting talked about doing away with phone support. Phone / remote - that's a completely different story. I agree wholeheartedly with what you said, and your procedure.
As far as the porn comment is concerned... (man am I paying for that) - disregard it as *porn* and think of it as something which causes a moral conflict or a general feeling of unfortableness. Perhaps the two individuals are different in theological beliefs... perhaps the user has a personal email up, or a corporate email which is supposedly secure communications.
In my experience, at a company I worked for a long time ago, working on the HR director's computer was a little dicey as he always had problems with opening attatchements, and what have you... when salaries are shot infront of you - you get put in a bad place by looking... regardless - its an uncomforable situation.
You say you want a revolution?
In the case of the home computer, you have the right to use porn as your background, but if a technician sees it while administrating your machine they DO NOT have the right to sue you, but they have the right to refuse to administrat your machine ever again.
Ah, but they do have the right to sue their employeer... That's the situation that I was going for.
You say you want a revolution?
And in a corporate environment, I would agree, this is a slightly better paradigm. However, quite commonly the MIS guys here have a tendency to *mess things up*, so I actually want them to seek me out before they change, fix, or do anything to my computer. As an engineer, I have had countless hours of work lost because MIS came in and did something unannounced (and either rebooted my machine without saving things, or saved things in a non-standard way - so as to make me chase them down for my files).
./ bursts), and examine my machine, I prefer to at least be told, questioned or otherwise asked first...
While I welcome MIS to scan my usage (a lot of
On top of this, we commonly put/pull project machines on and off the network. When we had to find MIS to configure network settings for us (something they wanted to do at one point) I tell you, it was a pain in the ass. I tell you, in this case, the fish thing really holds true.
Also, I'm sure the employer would not want it's support engineers wasting valuable time teaching users the ins and outs of the OS, not to mention the user wasting their time learning about their computer when they have more important work to be getting on with.
Having worked in both MIS through college and now working in engineering, I assure you, your employer wants the most productive employees possible. 15 minutes of explination on an OS issue which prevents this problem from ever occuring again, is well worth the money. Loosing 50 to 100 bucks for 15 minues so an engineer knows a better way to do something they will have to do either every day or with great frequency, saves an MIS call, MIS work, and engineer work.
Don't think of MIS as strictly a reactive entity, they need to be equally as proactive as possible.
You say you want a revolution?
For one thing, this really depends on how you use remote administration. That statement from the Bible "Give a man a fish he eats for a day, Teach a man to fish he eats for a lifetime," holds true here. If every time your user has a problem, you fix it without explaining what caused it, you're going to potentially decrease the learning rate of your user base. In other words, users will commonly repeat the same mistakes, and you will commonly repeat the same fix.
On top of this, many users do not want a remote administration client stored on their machine - as many think of it as "their machine," and as long as they are paying for a service, chances are they are right. By allowing a 3rd party support technician to access their machine, they are opening themselves up to a wide variety of personal investigation (regardless of the morals, intent or actions of the support personel). Lets add to that, the common tendency for people to say 'mine!' and not want you to touch their toy (remember computers aren't tools for everyone - to some they are just toys) and whatnot.
Then lets ask some other questions about if you do attatch using a remote administrative client... IANAL but, what if they have porn as their background and the helpdesk person is offended by this? I'm pretty sure this fits the definition of sexual harrassment of the employee, and requesting the client to change their background constitutes a violation of their rights - unless you prevented them from having any in your EULA...which I have problems with too... My point being, that sometimes you can indiscriminantly wander a step too far into someone's life by using a remote administration tool, and everybody can be unhappy.
Last, what about the fact that some users want phone support and not you to do something... Hey, it may inconvenience you, but some people prefer it... Phone support is common in all industries (even power tools) so it is a familiar medium of communication for many people. If you toss them on the recieving end of a remote administrative procedure, they may be less than comfortable, and therefore, less likely to continue business with you. Remote administration is great for servers, but you had better *know* your user base, and know what they want.
I guess, the bottom line is: while, it may be helpful to some, not everybody will want it. You risk dumbing your user base, and creating an unnecessary tension between employees and clients. And most importantly, you risk the security of their machine for your convenience.
Perhaps this is a good solution in major cases, but I might suggest this as a last alternative as opposed to your standard care.
You say you want a revolution?
Okay, for the sake of cheaper desktop support you decide to allow PCAnywhere (or VNC, or ReachOut, or RemoteAdministrator, or CarbonCopy, or SSH, or ...) through your firewall. Let's assume you're not totally stupid and so you only allow connections from the range of IP addresses assigned to your support company. Two questions then...
How secure is their network, and how do you know. Because if they have the excellent security practices of some of these companies that I have dealt with - like having Internet connections with no firewall at all - then your network just became as secure as their's. Nice. Or, let's say that they do this over dedicated lines rather than over the Internet. How many other companies do they serve and how do they protect your network from their others customers.
Second question: Who is sitting at that helpdesk PC at your service provider? Does your service provider have the same, or better, hiring practices as you do? How do you know that they aren't hiring Kevin Mitnick? (Don't get me wrong. Kevin has paid his debt to society and deserves the opportunity to find gainful employment, just like anybody else. Only, not at my company thank you.)
Being able to operate a user's machine remotely is nice, and can help a lot, but one really important setup I'd like to have is a camera & microphone setup over their shoulder so that I can see what they're doing (including monitor, keyboard & mouse, and any other hardware setup) when the problem occurs! I've spent hours poking around on somebody's machine trying to figure out why it's doing something, only to find out that they're doing some kind of obscure key & mouse dance to make the problem occur - something I'd never guess by myself in a million years.
This probably isn't going to be practical until videophones & the necessary infrastructure is ubiquitous, however. (The little cameras ON the computer aren't necessarily much help, since those are often the first to go or the culprits when something is screwing up...)
At a law firm I worked for a few years ago, we used PCAnywhere for Remote Admin on our Win95 desktops. Our offices were scattered along the east coast and PCAnywhere made helping anyone on our WAN a piece of cake. Others have mentioned that you should "Teach a man to fish" and I agree. Remote Admin does not stand in the way of that goal. On the contrary, it is a tool to facilitate training. You can watch what the user is doing and then correct them from thousands of miles away. Not to mention that using Remote Admin you can do a lot of work that would otherwise require travel. So, you can save on training and travel, 2 of the most expensive things in the IT budget.
Goofy, Geeky Gifts and More!
Don't throw out the entire phone desk.
What happens when
(A) The remote site's WAN connection is down.
(B) The PC's networking is broken (for whatever reasons).
(C) The OS won't boot.
You'll have to have good phone people for these.
As to the trust issue, many remote admin tools (Remotely Possible comes to mind) have a VCR-type function that allows you to record your terminal sessions. Initially, we only recorded sessions with "problem users," but the cost savings we realized allowed us to build a file server to store all of our sessions.
Finally, if users don't want the software on their system, well, tough. Remotely Possible (now called Control IT) allows you to push the software onto the client's box without the user's knowledge, and do so every time they log onto the network, in case the user somehow discovers and deletes it. This is useful with the aforementioned "problem users."
Give remote admin a try, but don't use it as an excuse to abandon phone support. The two, used together, make an excellent "teach a man to fish" tool, and will save your company a fortune in man-hours and support costs.
The question of benefits in remote administration depends on what you want to manage. Remote administration is greate for taking care of devices. I haven't done too much of this aside from admin of internetworking devices through SNMP, but even that can be very powerful. Managing devices directly does indeed streamline the troubleshooting process as well as speed up maintenance and upgrading, but I doubt it can replace the phone support line. So many calls a help desk gets from a user are not the 'my computer is broken' calls, but rather the 'how do I do this' variety. Even so, I figure remote admin capablities can shorten the time to resolve problems, making the user and the help desk staff happier. That said, there are limits to what remote admin can fix. Remote administration cannot address faulty user behavior and the problems that arise from such. It can be argued that nothing can help that, but I'm not that pessimistic. Remote administration can deal with machines, but you still need people to admin users.
I agree with you, 1:1 NAT doesn't really buy you any security. However, if one uses N:1 NAT (like I explained above: 2.2.2.2:port20001=>10.11.11.11), then you do get that extra security. At that point, a cracker would have to find the port first (admittedly not hard to do). But, you could make it harder by closing the port until it's time to turn on the remote access proggie (e.g. VNC).
Daniel
We've been using remote control in the shop I work, via Novell ZenWorks. It's great for taking care of "the little things", like missing Word toolbars or simple file-relocaton questions. Saves us techs a lot of unecessary leg work. Bigger problems like non-booting OS or what not obivously still take a visit, but really it's the little things that are the most time-consuming overall.
The best thing I've found about it is the ability to see what the user sees. Instead of trying to decipher what "My Word is screwed up" means, I can just log in and find out for myself. That in itself probably cuts the time for a remote control in half over what a similar phone call would take.
The only disadvantage so far is that the version we're using doesn't support remote rebooting. Apparently that's a "Real Soon Now" feature, but we'll see. And user resistance isn't as bad as you might think: most users find it "cool" to see their computer fixing itself with a mind of it's own.
In times like that you need a remote administration SNMP-manageable handgun.
-Pat
I've been involved in a project like this for my employer. We have over 100000 PCs in two thousand or so buildings all over the UK. It's estimated that it costs in excess of 100 UK Pounds for each site visit, so every remote fix saves a lot of money. Our helpdesk operators found that they could sort out the vast majority of problems with remote control.
The Downside though was that we managed to buy a product that just couldn't scale to the size of our business and still work reliably, so after two years and several million pounds we're having to rip it out and go with a new product.
If you're evaluating a product, ask to be put in touch with users who have similar sized enterprises to your own and find out from them what problems they've had. I'd be loth to name the product we failed with publicly (British libel law works well to protect big business against even genuine criticism) but it's one I wouldn't touch ever again. Let's just say it's produced by a subsidiary of a US company that might be in some way related to HAL.
I don't trust anyone to remotely access my PC. So I won't participate in any remote-admin program, and I've deleted all remote-admin software that my IT dept. has put on my PC. Frequent, intrusive "Y2K fixes" turned me off permanently from this.
sulli
RTFJ.
Well, the Cult of the Dead Cow makes something called Back Orifice that I hear works pretty well... you'd never know it's there!
sulli
RTFJ.
We used to use these on the Macs to do work at our desk from the lab, or vice-versa.
I can't recall who made it, but it was more than handy to do similar operations as remote administration, as well as complete control over the remote machine.
I donate all spillover Karma to the charity of my choice... Ada was still a babe despite what people may say...
If the tech screws something up he/she's responsible, while normally you can still blame the customer for having done something wrong, or something along the lines of:" Oh, in that case your system was unstable already"...
People replying to my sig annoy me. That's why I change it all the time.
I think that this is probably one of the features that keeps us at the level that we are. While we give basic computer classes to our employees, trying to solve a problem using just the phone can be both frustrating and time-consuming. And with us having offices all over the county (and with the county spreading some 300 square miles or more) this is just phoenomenal.
Of course, this is run through our own organization, and not through an ASP. But the same idealogy can be used for that as well. Compare the initial costs of the software and setup to the costs of teaching the employees the skills to do basic troubleshooting and the time wasted by Net Admin having to talk them though the process, etc. If a basic service call with phone support takes 45 minutes, but with Remote Admin it is cut down to 7 minutes, that is a significant reduction in cost. Factor in the salaries of both the employee being helped (say $14.00 per hour) and the help desk personnel (Hmm, how do you convert peanuts to dollars again?) and you can generate a pretty report to show management. All before lunch. Good luck!
Random Musings