An essential tool found in the toolbox of every Service Provider is remote control software, a type of software that allows to execute commands and actions on a computer situated in another place, leveraging an Internet connection. Let’s see what are the characteristics of a good remote control software, also introducing some of the available solutions.
The architecture
All remote control solutions we cover in this article are based on an architecture that calls for a host, a gateway and a client (also called guest). The host is the computer to be controlled, on which we can install an agent that sets the remote connection while being executed as service (in Windows) in order to let it run as soon as the operating system is loaded.
The client is the local computer where we can run a specific software, called viewer, which can visualize the remote screen and we use to perform operations.
If both host and client are on the same subnet, on a VPN if needed, visibility is direct and there aren’t any issue in terms of configuration and security (save for the overall network security), but if both computers are on different networks, then some problems arise as there are NAT systems to overcome and it’s mandatory to leverage at least a secure authentication and traffic encryption system for the sake of security.
In order to overcome the obstacle, a third element is introduced in the architecture: a gateway server which abstracts the connection between host and client. Such server is provided by the software produces and guarantees the proper security of connections. Solutions belonging to this review all adopt a combination of public/private key authentication and data encryption. In this way Man in the Middle (MiM) attacks are avoided and intercepted data are unusable thanks to encryption.
How it works
The client can start two connection modes: attended or unattended.
With the attended mode, a request for remote control is sent to the host which has to confirm it, when the client effectively can control the host. In general, clients permissions can be set from the host, that is, the host can decide which actions can be performed by the client and which can’t.
That’s the typical case of support requests: the client asks for a remote control, the technician sends a client activation link (the specific modes changes according to each specific solution), then the connection between host and client can be established. The remote computer to connect with is usually identified by an IP address or by a software-assigned ID.
With the unattended mode the connection is directly established by the client instead, requiring no confirm from the host; for instance, because it has already been given and the “remember the preference” option was checked. In this case remote activities can be performed without another person sitting at the other edge of the connection. It’s the typical case of remote control of servers and unattended computers (or in remote places).
Host side, the software is downloaded by means of a link straight from the producer’s site or, if the licence allows to, from your own site; some products offer MSI packages that can be propagated with Group Policy to all computers belonging to the same Active Directory domain. It’s a very useful option in case of big installation volumes and indeed it’s offered only by those software, like ScreenConnect, TeamViewer and LogMeIn, which are also addressed to corporate environments and not just MSP or reduced habits.
Ammyy, Aeroadmin and Anydesk are conceived for 1:1 remote support activities and offer a single installation package that includes both roles of host and client; obviously the host role will be choose for computers to control and the client role for the machine used for remote control.
Authentication is with several methods: Windows account, dedicated password, “one-time-use” password (one single use, then it expires and is no longer valid), LDAP or 2-Factor Authentication.
Anatomy of a remote control software
The main purpose of a remote control software is to control a computer by performing all the actions that are usually done: creating, modifying and deleting files and folders, installing and uninstalling programs, modifying computer settings, executing programs, reading/writing emails, executing scripts and command from the command line, modifying network settings, using network resources (shares, printers, etc..), login and logout, powering off and restarting the computer (also in safe mode and re-establishing the remote connection). Some products can power on a computer leveraging Wake on LAN (which basically consists in sending a signal through the network that “wakes up” the computer), an important feature if there’s no option to have physical access to the computer. In this case both computers must be on the same physical network or connected with a VPN.
The remote computer’s screen is visualized on your own computer, and the user experience is by all means similar to the one when sitting in front of the remote computer. Video quality is determined by the characteristics of the Internet connection and usually there are settings that optimize the output according to the connection itself (sometimes, like with TeamViewer, it’s done automatically). The viewer can scale the original resolution of the remote screen, extend it full-screen or on multiple monitors. Some programs allows to invert the visualization direction: on the host (remote) screen the client (local) screen is visualized: in practice, roles are inverted. It’s a very interesting feature especially with meetings.
Mouse and keyboard inputs have effect on the remote terminal, however some keys like function keys (F1, F2, etc..), the Windows key and special combinations (like Ctrl+Alt+Del) might be interpreted as local, ie directed towards the client computer itself; every product we’ve tried allows to send the remote computer such signals with dedicated buttons or menus. Remote audio too can be shared, as the screen, and in some cases it’s possible to establish voice calls between computers.
The basic features go along with other advanced features as file transfer (better if with resuming transfer capability if the connection drops; some products offer a dedicated window for file transfer management, while others, in a more advanced and easier way, offer drag-and-drop), clipboard synchronization, remote printing and video-recording of the session (with audit, diffusion or revision of the session itself purposes). In some cases it’s possible to blank the remote screen, thus not showing control actions to the remote side, and block remote inputs (from mouse and keyboard) in order to work flawlessly or for security/secrecy purposes.
A well-ordered visualization of controlled computer, perhaps with a hierarchical visualization like an address book, allows to manage hosts to connect in a easier and more comfortable way, in particular when administering several devices; some products show information on the host, like operating system and hardware characteristics, without having to connect, so that a proactive management can be carried out. LogMeIn, ScreenConnect and MSP Anywhere also allows to execute scripts and command line commands (cmd and PowerShell) straight from the client.
Despite an entire category of software specifically conceived for the purpose, some solutions (TeamViewer, MSP Anywhere and LogMeIn) offer an host monitoring system by visualizing in real time the consume of computational resources and running processes and services.
Another way of using remote control software, as hinted before, is meeting, which basically consist in the sharing of your own screen with the clients connected. It’s really useful for webinars, long-distance tuition, conferences, presentations and all situations that require a main screen to be shared among participants. The event, after being created by the host, is sent and shared with invites. Addressees will decide whether to confirm or not the invitation and participate to the meeting. They will have access to the shared screen but without any form of interaction with the host computer (ie mouse and keyboard inputs). However some software with the meeting feature (like TeamViewer) offer some user interaction capabilities, like text and voice chat, video recording and reverse-sharing, that is, sharing the screen of one of the participants instead of the host’s.ScreenConnect and TeamViewer also offer a user client for Android and iOS devices to participate to meetings without a desktop setting (in addition for remote control in situations of emergency). Chat is a service that is usually available and allows local user and remote user to talk, for instance to illustrate what’s going on during a support session or to explain in detail during a video lesson. Text chat is usually offered, and some products also offer a voice chat so that you can communicate with free hands. Ammyy offers only a voice chat.
ScreenConnect and TeamViewer also have VoIP capabilities.
Mobile devices like tablets and smartphone are nowadays part of the daily technological supply of most MSP and Service Providers, and, following this trend, many producers offer Android and iOS apps, thus covering most of the market, dedicated to remote control.
Such apps work as client and allow to perform remote control activities from mobile devices, albeit with less comfort than with a desktop in most cases.
The list of features of a good remote control software is closed with reporting and logging capabilities, which are always useful to troubleshoot issues or to calculate how much time has been dedicated to remote activities.
Licence and users management
Almost every product we have tried allows to manage operator users that perform remote control actions assigning specific permissions and subdividing into groups: in this way you can create a structured organization that can give different permissions to the members of the company to perform certain actions. Obviously if the software is used with a personal, and not commercial, scope, then there is a single user and the need of managing different users is not present.
Products are usually licenced with offers that varies not in terms of features, rather than the number of operators e simultaneous sessions. Licences can be annually or monthly according to the service (or to how the expenditure is to be distributed through time): for instance ISL Online also offer a physical appliance to host inside the walls of your infrastructure that is, in practice, the proxy server used by the remote computer to connect and overcome the NAT system of its network and become easily reachable.
The products we’ve analyzed share -at least generally- the same licensing model: the number of operators (ie the number of users for the technicians providing remote support) and the number of simultaneous sessions (a remote control is a session) are what determines the licence. In some cases the licence is determined also by the number of endpoints that can be controlled and the number of client-side installations.
Only ISL Online offers a different licensing model: the number of licenses is equal to the number of simultaneous sessions. There’s also a prepaid option without limitations in terms of sessions, and credit is calculated according to the length of the connection.
If you just look for a personal use, ie controlling just a couple of remote devices, many software offer a free license for personal use, naturally not suitable for commercial use.
Every product offer a trial version to test features and decide whether to buy it or not.
UltraVNC, based on the VNC protocol, is the only free product also for commercial use of this review; despite the number of features is scarce and limited to the essential ones, it’s a solution that should be carefully evaluated given the licence that allows the free use without constraints in terms of users or simultaneous connections, also in a commercial implementation. PcHelpware is the package that includes the repeater used to overcome NAT systems and let client and VNC server to talk on different networks.
Finally, branding.
Branding consists in the customization of the graphical aspect of the host executable file with colours and logo of your own company, which is a useful feature that can offer a feeling of security and familiarity to users, in particular to the less tech-savvy, and to enrich your own offerings with a product that, at least on a visive side, is yours.
Several products offer this capability, and ScreenConnect also offers the opportunity of translating the software in your own language (if available) in order to guarantee and even more comfortable experience to clients.
Comparative table
Concluding, here’s a comparative table with all the software we have tried so that you can have a complete overview (PDF available for download here).
Aeroadmin | Ammyy | Anydesk | gotomypc | ISL Online | MSP Anywhere | LogMeIn | ScreenConnect | TeamViewer | Ultra VNC | |
Attended/Unattended | Y/Y | Y/Y | Y/Y | Y/Y | Y/Y | Y/Y | Y/Y | Y/Y | Y/Y | Y/Y |
NAT and firewall bypass | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
File transfer | Y (with resume) | Y | Y | Y (with synchronization) | Y | Y | Y | Y | Y | Y |
Cryptography | AES + RSA | AES-256 / AES-256+RSA-1024 | TLS 1.2 | AES 256 bit + RSA 1024 bit | AES 256 bit | TLS 1.x (AES 128 - 256 bit or 3DES 168 bit) | AES-256 | AES-256 + RSA-2048 | TWF 256 | |
Log-report | Y | Y | Y | Y | Y | Y | Y | Y | Y | N |
Address book | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
Host information | N | N | N | N | Y | Y | Y | Y | Y | N |
Remote script and commands from command line | N | ? | N | N | N | Y | Y | Y | ? | N |
MSI package for Group Policy installation | N | N | Y | N | N | N | Y | Y | Y | N |
Meeting-Webinar | Y | Y | Y | N | Y | Y | Y | Y | Y | N |
Remote monitoring | N | N | N | N | N | Y | Y | N | Y | N |
VoIP | N | N | N | N | Y | Y | N | Y | Y | N |
Blackboard | N | N | N | N | Y | N | Y | Y | Y | N |
Transfer session to another operator | N | N | N | N | Y | Y | Y | Y | Y | N |
Multiple monitors | Y | N | Y | Y | Y | Y | Y | Y | Y | N |
Support Ctrl+Alt+Canc, Win key, etc | Y | N | Y | Y | Y | Y | Y | Y | Y | Y |
Poweroff/reboot | Y | Y | N | Y | Y | Y | Y | Y | Y | N |
Reboot in Safe Mode | N | N | N | N | Y | Y | Y | Y | Y | Y |
Chat | N | Y (voice only) | Y | N | Y | Y | Y | Y | Y | Y |
Video record session | N | N | N | N | Y | Y | Y | Y | Y | N |
Executable file with client and host roles | Y | Y | Y | N | N | N | Y | N | N | Y |
Invite join session (meeting) | N | N | N | Y | Y | Y | Y | Y | Y | N |
Remote monitoring | N | N | N | Y | Y | N | Y | Y | Y | N |
Remote printing | N | N | Y | Y | Y | Y | Y | groups with permissions | N | |
Wake-on-LAN | N | N | N | Y | Y | Y | Y | Y | Y | N |
Authentication | ID, password, manual, combined | ID, password | password | 2FA | personal, one time | Windows account, personal | Windows, LDAP, 2FA, custom | 2FA, password one time | password | |
Audio support | N | N | Y | Y | Y | Y | Y | Y | Y | N |
Reverse visualization direction | N | N | Y | N | N | N | N | N | Y | N |
Clipboard synchronization | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
Viewer in browser | N | N | N | Y | N | N | N | N | Y | Y |
Blank remote screen | N | N | Y | Y | Y | Y | Y | Y | Y | N |
Block remote inputs | N | N | Y | Y | Y | Y | Y | Y | Y | Y |
Licence | ||||||||||
Supported operating systems for remote control | Windows (from 2003 to 8, 32 and 64 bit) | Windows 2000/Server 2000 or superior, 32 and 64 bit | Windows (XP or superior), OS X, Linux, FreeBSD | Windows 2000 or superior, OS X 10.5 or superior | Windows, OS X, Linux, iOS, Android, Windows Mobile 6.5 | Windows, OS X | Windows, OS X | Windows, Linux, OS X, iOS, Android | Windows (2000 or more recent, Server 2000 or more recent), OS X, Linux, Android, iOS, BlackBerry, Windows Phone | Windows (95 or superior) |
Client operating systems | Windows (from 2003 to 8, 32 and 64 bit) | Windows 2000/Server 2000 or superior, 32 and 64 bit | Windows (XP or superior), OS X, Linux, FreeBSD | Windows 2000 or superior, OS X 10.4 or superior | Windows, OS X, Linux, iOS, Android, Windows Mobile 6.5 | Windows, OS X | Windows (XP SP3-Server 2003 onwards, 64 bit), OS X (10.7 Lion onwards), Android, iOS | Windows, Linux, OS X, iOS, Android | Windows (95 or superior) | |
Free licence for personal use | Y | Y | Y | N | N | N | N | N | Y | Y |
Licensing model | Pro/Business/Corporate - per operator | Free/Starter/Premium/Corporate | Free/Lite/Professional/Enterprise | Personal/Pro/Corporate | Subscription/Enterprise + Prepaid | 3 tiers | Personal use/Intensive use/Small businesses | One (1 user, up to 20 computers), Standard (1 admin, 2-50 users), Premium (10 admins, 10.000+ users) | Business/Premium/Corporate | free also for commercial use |
Number of operators | 01-50 | Licences are for computers to control | 1/1 (extendible)/unlimited/unlimited | 1 admin, 1 user/1 admin, 2-50 users/1+ admin, 10+ users | see below | 1-3/4-10/10+ | unlimited | 1 user, up to 20 computer/1 admin, 2-50 users/10 admins, 10.000+ users | 1-200 | unlimited |
Multiple sessions | 1/2/unlimited | 1/unlimited/2/unlimited | 1/1/1 (extendible)/unlimited | ? | number licences = number of simultaneous sessions | unlimited (per operator) | 03/01/10 | 1-3 | unlimited | |
Remote computers controlled | ? | unlimited | ? | 1/2/unlimited | ? | 300 | 05/02/10 | 10/unlimited/unlimited | ? | unlimited |
Mobile app | N | N | N | Y | Y | Y | Y | Y | Y | N |
Self-hosted on-premises | N | N | N | N | Y | N | N | Y | N | Y |
Branding | Y | Y | Y | N | Y | Y | Y | Y | Y | Y |
Users management | ||||||||||
Groups | N | N | N | Y | Y | Y | Y | Y | Y | N |
Users permissions | Y | Y | Y | Y | Y | Y | Y | Y | Y | N |
We have particularly appreciated ScreenConnect and TeamViewer given the very rich assortment of features, but the licence price can be an insurmountable limit; among the cheapest solutions, Ammyy and Aeroadmin offer a good compromise between price and features but don’t offer a centralized user management. Anydesk is a really interesting project that you should keep an eye on; unfortunately development is really slow.