So how do you manage remote users?
According to reader experts
Name: Trevor Pott
Job Title: Systems Administrator
Roaming users have requirements for offline data, as they get only infrequent chances to access the internet and thus connect to the corporate network. Unfortunately, many networks to which your users may gain access block all traffic except HTTP and SSL. Fortunately, in many cases supporting the secure synchronisation of data is possible relatively securely without the hassle of a VPN.
Outlook Anywhere (as one example) works fine over an SSL connection, and so does WebDAV. Numerous other technologies exist to solve the problem of getting information into the users’ hands with varying levels of security. Another consideration is that a significant amount of information required offline is something that can be synced to a smart phone. Some smart phones (such as Blackberries) integrate very well with corporate networks, can be easily secured and even remotely wiped in case the device is lost while containing sensitive data.
If your users have more than very sporadic access to the internet, I heartily recommend embracing Virtual Desktop infrastructure (VDI).
Sensitive information never has to leave the network, and virtual desktops can be managed far easier than (for example) a roaming user’s notebook. With the myriad of solutions available to access a given desktop over HTTP or SSL, VDI is also a solution that frequently works where VPNs are blocked. If your users can function with VDI and a secured smart phone you do not have to spend time trying to police what users can and can not do with their notebooks.
As for the question of usability; depending on bandwidth availability, RDP enhancements from companies like Wyse can do some amazing things. If you search El Reg’s back articles, you’ll find several relating to companies that are offering VDI/RDP enhancements; and IBM is even jumping in and trying to make a profit from this very concept hosted on a large scale. Internet access is ubiquitous, and you don’t need a very big pipe for a basic RDP session.
VDI certainly doesn’t solve every remote access usage scenario; but it certainly simplifies things when and where it can be applied. Start with VDI in mind and ask yourself what information your roving users require that can’t be adequately served by a remote session. The more information you must remove from the network, the more you must lock down devices that can access that information. Depending on your situation, the cost of an Air Card and contract might be far less than the hassle of offline synchronization.
Name: Jon Collins
Job Title: Managing Director, Freeform Dynamics
Managing mobile or home-working desktop users can be difficult for a number of reasons, not just the lack of proximity but also (for example) that it is harder to control what is being used: external drives, printers, broadband networking can all add to the mix.
As well as remote management capabilities in the hardware we have talked previously about in relation to power, we would recommend considering two options. The first is remote desktop control software, from the likes of Citrix (GoToMyPC). With such tools you can actually use the remote desktop as though it was your own, speeding up fault diagnosis considerably – it also becomes easier to see if anything untoward has been installed.
Second, be sure that your remote management toolsets and policies tie in with your security strategy. Depending on your configuration, you may have a combination of technologies including virtual private networking (VPN), which will influence how you manage users remotely.
And speaking of security, virtualisation and thin client approaches offer a number of options when it comes to remote desktops, enabling (for example) home workers to use a locked-down virtual desktop from the likes of Becrypt. Some approaches allow for virtual machines to be “checked out” when good enough bandwidth is available, such as when visiting HQ or when working in a branch office, to ensure that the latest version is available. As a final point however, it is well worth reviewing all of the features that are available in modern operating systems and hardware platforms. A number of remote management features are available ‘out of the box’ or can be easily augmented with third-party products.
If you think you can do better, head over to the comments and let us know how you think remote workers should be managed.
Sponsored: Global DDoS threat landscape report