Skip to main content /TECH with IDG.net
CNN.com /TECH
*
EDITIONS:

MULTIMEDIA:

E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:

SERVICES:
CNN Mobile

CNN WEB SITES:
CNN Websites

DISCUSSION:

SITE INFO:

CNN NETWORKS:
CNN International

TIME INC. SITES:

WEB SERVICES:

PCAnywhere lets users control everything

Network World Fusion

By David Strom

(IDG) -- Remote control is a simple concept, but it also has a lot of depth. You have a pair of computers running a matched set of software: one is the host, which is controlled by the remote unit. The connection between them can vary from a standard TCP/IP link over the Internet, to other LAN protocols, to dial-up modem connections.

The idea is appealing for several reasons. Support staffs can examine a distressed user's desktop configuration and make changes over the phone. Colleagues can collaborate, viewing the same documents and making suggestions. And office workers can gain access to their corporate networks from home, or vice versa, when they accidentally forget a file or need to update a document.

Corporate network administrators can choose from numerous programs. For this review we looked at four: Symantec's pcAnywhere, Computer Associates' Control IT, AT&T Research Labs UK's Virtual Network Computing (VNC) and Altiris' Carbon Copy. All four have been around for many years „ the first versions of pcAnywhere date to DOS, and the program is now on Version 10. VNC is free; the others cost several hundred to several thousand dollars, depending on licensing arrangements. We give our Blue Ribbon Award to pcAnywhere, a superior product that can handle just about anything thrown at it.

Networking/connection features

The most important part of remote control products is their flexibility when it comes to hooking them up. All come ready to work across TCPIP LANs. Carbon Copy, pcAnywhere and Control IT support a variety of network protocols over LANs and dial-up connections. VNC is the only product that offers cross-platform support, meaning that a Windows machine can be a host controlled by a Mac or Unix box. The other three only work between Windows computers.

IDG.net INFOCENTER
IDG.net
Related IDG.net Stories
Features
Visit an IDG site


IDG.net search



With the exception of VNC, the others let you transfer files between host and remote computers, as well as handle the remote control sessions.

There are a few standout connection features worth mentioning. Carbon Copy can run remote control sessions and voice conversations concurrently over a single connection. PcAnywhere can switch between voice and data sessions without hanging up the phone, which is almost as good. Both are especially useful for support situations, or in circumstances where a remote user has only one phone line, such as in a hotel room. Carbon Copy and Control IT support the ability for a host to wait for several incoming connections on multiple communications pathways, such as dial-up and IP. The others only support one path for each host, meaning that you need to understand how your remote users are going to be connecting before you leave the premises of your host PC.

Finally, another notable issue for support purposes is the ability to record and play back sessions with Carbon Copy, Control IT and pcAnywhere.

Display performance

We tested the ability of numerous Windows applications to perform under remote control over a variety of screen sizes and color depths. What we were looking for was the ability to move the mouse or type characters on the remote unit and see them appear on the host with as little delay as possible so we could still operate the host computer without a lot of frustration or delays. All four applications functioned well in this regard, although pcAnywhere and Carbon Copy had superior screen responsiveness and crispness. We realize that this is a subjective measure, and certainly the other two products delivered acceptable performance. Performance over a 10M bit/sec Ethernet network (see "How we did it," page 41) was almost as fast as sitting at the host computer itself. Performance over the 56K bit/sec dial-up modems was noticeably slower but acceptable for all products.

Control IT mangled some of the Windows desktop and start menu icons depending on the particular display resolutions involved, although we could still navigate the menus and run our programs.

Remote over the Internet

Despite a respectable number of screen and color choices, the variety of connection options isn't enough for most network administrators. They also want to operate remote control products over at least some portion of the Internet, including using existing dial-up or broadband Internet access providers or from corporate partner and remote office locations. This presents a problem.

Typically, the way these products work is to connect to a specific public IP address or computer name. However, neither item is usually available across the Internet because many dial-up accounts don't have fixed IP addresses. Further, any corporation with a firewall will probably block access to its remote control host computer on general security principles, and if not won't have any public IP addresses for its hosts to use anyway.

To make remote control work over the Internet, you have several choices: open up ports, encrypt traffic, go around the Internet with dial-up connections into your private LAN, or use a directory server.

First, you could open one or more ports on your corporate firewall to let particular users enter to control specific hosts. Each host will require a special port number and configuration, which can be tedious (not to mention potentially risky) if not set up properly. This isn't very desirable once you have more than a few hosts on your network, as your firewall administration staff will spend lots of time poking holes for specific hosts. And if you have a personal firewall on your home or remote office network, you'll also have to open the corresponding port on its firewall. This could quickly get out of hand and become a mess to administer and maintain.

PcAnywhere and Control IT have settings sheets to configure their application port numbers to anything other than their respective defaults of 5631-2 and 799, and Carbon Copy can change its standard port number of 1680 by changing the parameter TCP_PORT=XXX in its CCW32.INI settings file. VNC can use any port number other than its standard 5900 by typing it directly after the IP address of the host in the remote connection dialog box.

Second, you could use a VPN to establish an encrypted path between remote and host computers. This is what most corporations will probably do, but it adds a layer of complexity to the remote control process. An alternative is to make use of a secured shell (SSH) program with VNC, which is a popular combination and one that AT&T goes to some length to document on its Web site.

Third, you could work around the firewalls. One method is to attach a dial-up modem to your host and then connect over ordinary phone lines, dialing into the host directly from the remote PC. All of the products except VNC support establishing dial-up connections for remote control from within their applications, meaning that the remote control software dials your modem and directly handles the call negotiation with the modem attached to the host computer. You can use VNC over a dial-up line but you need some other means to establish the connection, such as Windows' remote access software.

The drawbacks to this method are that maintaining phone lines is expensive, and many corporate security managers might not be thrilled about having all these modem paths into their network from the outside world.

An alternative is to use your Web browser for remote control, using HTTP or IP protocols to get around the firewall because most networks don't block access on this port. All but VNC can do this, using a special ActiveX or Java-based control that runs inside your Web browser. With Carbon Copy, you need to be running the Altiris Management server, because the ActiveX control doesn't work with the stand-alone versions. It's true that all three of these Web-based solutions will work, but they're somewhat flimsy. What's more, they don't support file transfers. If you need to operate remote control over the Internet, a better choice would be to make use of other products that are designed for this, such as GoToMyPC.com and Uroam.com „ both will cut through most firewalls.

Finally, you can use a directory server to find and connect to your host. Carbon Copy uses its own Internet Listing Server (ILS), while pcAnywhere can be configured with Netscape's or Novell's Lightweight Directory Access Protocol server or Microsoft's Active Directory services to match up host and remote connections instead of trying to connect to a public IP address.

You can browse the ILS service for particular computer names and then proceed to connect to your host that is listed in the ILS directory. You'll still need to open a port to communicate through the various firewalls, or set up an encrypted private network to reach these directory servers. And to make matters worse, Carbon Copy doesn't support this method if the host PC is on a network that is using network address translation. We also had some trouble because Altiris was in the process of moving its ILS servers that were formerly maintained by Compaq. Given these complexities, we wouldn't recommend using this method for either product.

Security options

As remote control programs have become more sophisticated, the number of security options has improved. Of the four products, VNC has the least number of options, and you'll need to bring up your registry editor to implement any of these security features, which is troubling on such a simple product. You can also implement VNC with SSH products, although we didn't test this.

PcAnywhere and Carbon Copy have the most security options (see chart 2, below). We liked how pcAnywhere and Control IT could script how the product would respond to normal and abnormal session termination: You can automatically log off Windows, reboot the host computer or exit the host program. These scripting features are important, particularly if you are going to use these products as dial-up hosts, given the issues surrounding modem connections. We also liked how pcAnywhere and VNC could restrict access by IP address or subnet.

Carbon Copy doesn't distinguish between normal and abnormal session termination, but does have some scripting ability, and we liked its granular directory access permissions for file transfers: you can limit access to particular directories on the host for all remote users.

PcAnywhere has similar features, although the restrictions are to entire disk drives or devices such as the floppy or CD-ROM and only on Win 9X/Millennium Edition systems.

With all four products, you can configure the host to automatically start its program before the Windows logon process, meaning you can enforce the built-in security features of each program before it gets to any Windows or LAN logon access security. That is important to concerned security administrators.

Corporate deployment issues

PcAnywhere, Control IT and Carbon Copy are all part of a larger series of products from each vendor that involve desktop management and network maintenance applications. We concentrated our tests on the stand-alone versions of the products to create a more level comparison. But each program can nicely leverage the features found in each suite.

Control IT works with CA's Unicenter network management consoles and reporting programs, offering centralized user management to keep track of access rights and host machines. The steps to create this scenario are complex and numerous, although carefully documented in the manual. The focus here is on managed desktops, using Unicenter as the control point.

Carbon Copy works with the Altiris eXpress suite of management utilities, including desktop disk duplication, help desk and asset management tasks. It is included in several of the suites of products. The focus of Altiris is on life cycle PC desktop management and maintenance, as well as using its suites of products to help clone and deploy desktops.

Symantec has the weakest suite for network administrators: You can create a special installation package with a subset of features tailored to your particular corporate situation. Altiris and CA also support a similar packaging feature.

One function important to administrators is finding out how many hosts are running on the network and ensuring that they are properly configured and secured. You could use any port scanner to discover hosts on your network, but another solution is to use a tool from Symantec called Remote Access Perimeter Scanner. It scans a range of IP addresses and detects a variety of competing remote control programs besides pcAnywhere, including LapLink, Carbon Copy and VNC. As an indication of how useful this can be, we found several pcAnywhere and Carbon Copy hosts on our shared subnet assigned to us by our ISP. But the tool is limited: If you change the default IP port setting for any of the programs, the Symantec scanner won't discover them.

Control IT's Admin console offers a much more limited ñdiscoveryî feature that works only if used in conjunction with its management server and only for discovering other Control IT hosts that are managed by the same server.

Installation

All products were extremely easy to install and get going as stand-alone applications. VNC was superior to the others. It has the smallest executable size of the bunch, fitting comfortably on a floppy. Control IT supports a mode called ñenable on the flyî that lets administrators remotely launch the program via a management console, but we didn't test this.

Documentation

VNC's documentation is available online. The others have slim printed manuals (pcAnywhere also has an additional administrators' manual for configuring the custom packages.) PcAnywhere had the most complete and clear documentation, and VNC the least. We would have preferred a printed manual from VNC, but given that the program is free the online documentation is acceptable.

Pricing

Although VNC is free, you may want a program with more options and security features than VNC can offer, and then you'll have to pay some cash. With Symantec, you'll have to wade through the licensing arrangements, with separate pricing structures for host-only versions that are about half those for the full host/remote program package. We preferred Altiris and CA, which both have simpler pricing schemes based on site-license or per-copy fees, respectively.

Conclusion

PcAnywhere and Carbon Copy clearly are the two best products.

Both support a variety of connection options, have various logging and security features, and can be customized extensively to meet particular corporate remote control needs. Control IT comes close to matching most features, but doesn't really measure up in terms of authentication mechanisms.

Existing Unicenter customers are the best target audience. VNC is mean and lean, and if you can deal with its limited feature set and can supplement its connectivity options with a VPN or SSH client, then it is an appropriate solution. And if you need cross-platform remote control, it is the only product we tested that lets a Macintosh or Unix box control a Windows host, and vice versa.





RELATED IDG.net STORIES:
RELATED SITES:
• Semantec
• Computer Associates
• AT&T

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top