October 2014
Copyright ©2014 Concentrated Technology, LLC
commissioned by
This CompareScope™ paper looks at four solutions designed to facilitate remote administration of Microsoft Windows-based client and server computers. Some of these solutions have advanced to better manage the client platforms outside of the traditional Microsoft domain by offering remote administration of Mac and Linux systems. These solutions aim to improve IT worker productivity and to reduce end user impact on systems being fixed or maintained.
Solutions in this category vary widely not only in base functionality, but also in the details of their implementation. Fine differences in user interface, workflow, and efficiency can make all the difference for an IT technician or administrator. Deployment details and impact can also differ, which impacts an organization’s ability to pilot, deploy, and maintain a solution over time.
Remote administration of distributed client systems is an essential capability of IT support staff. Solutions in this category are designed to facilitate remote administration of distributed client and server computers, typically in real-time. For many of the tasks enabled by these solutions, the native alternative is either a physical desk visit, or a Remote Desktop connection. Either of those alternatives is interruptive to the user of the affected system, and carries a high price in IT personnel overhead. Additionally, solutions in this category offer at least some capability for batch administration of multiple computers. Batch administration may include pushing out a software application or patch, applying one or more configuration changes, or generating reports based on queried data. Solutions in this category may also offer enhanced remote control features, either by integrating with native Windows features (Remote Desktop, Remote Assistance) or by providing their own remote control protocol. An increased expectation is that these solutions also offer remote administrative solutions for the entire enterprise, not just Windows. Solutions adopting an enterprise approach will offer remote management to Mac and Linux clients, normally through Virtual Network Computing (VNC) or Secure Shell (SSH).
Solutions in this category may replicate or emulate the native Windows user interface for specific maintenance tasks, such as configuring a firewall or working with device drivers. This approach provides a familiar administrative surface for IT workers, while the actual work is conducted “under the hood” against one or more remote computers.
In the past, several of the solutions in this category have not maintained a historical configuration database, preferring to query information from systems in real-time. This differentiates them from pure configuration management products, which typically aggregate information into a database and maintain some degree of configuration history, but do not provide access to real-time configuration values. In some cases, the inventory data can become stale and have possible poor effects on batch management decisions and accurate reporting.
Several solutions are evolving to support both real-time query of configuration data and the retrieval of stored information in times when the remote system is offline. Permitting IT to utilize aggregate data from real-time online systems and stored data of offline systems improves the decision making process and reporting accuracy. While some solutions provide this hybrid approach seamlessly, former database-driven data systems may require additional steps to manually gather real-time data, which is first stored in the database before delivery in a report or batch-processing job.
For this paper, we examine several functional areas we deemed key to this category.
Products in this category often provide functionality that seems to point at other categories. For example, by enabling IT personnel to query configuration information from remote computers, one might presume that these solutions also provide a means of managing or enforcing a desired configuration – but that is not a part of this category. Some solutions in this category do provide functionality that extends at least partially into other categories; where appropriate, we note those.
This paper is a product comparison, designed to provide a comparative look at four solutions in this category. This paper is not an exhaustive analysis of the suitability of any particular solution for a given market space.
Products included in this CompareScope™ are:
The Goverlan and Dameware solutions adopt a similar approach, and one that is consistent with most solutions in this category. Using Active Directory and network discovery, they identify unmanaged computers on your network and provide the ability to query basic information from them by means of Windows Management Instrumentation (WMI). You also have the ability to push the solution’s client agent (small in both of their cases) to unmanaged computers, making them managed computers. The client agent gives the solution more coverage and reach into the remote computer, enabling a broader range of management tasks and reporting. Data is queried from systems in real-time, and changes are also applied in real-time, although both solutions allow for scheduled application of batch changes. Manageability with Dameware is available only when managed systems are turned on and awake, and both solutions support various techniques to control the power state.
The Goverlan solution differentiates itself by providing a storage database for real-time gathered information. The SURE-DATA approach improves data accuracy and availability by supplying real-time information combined with stored data for offline systems. This improves manageability by allowing the scheduling of actions for systems, regardless of state, as is common in larger database-driven solutions.
The LanDesk solution is a complex, server-and-agent-based product that compares (from a feature perspective) to Microsoft System Center Configuration Manager. This comparison examines only those aspects of the LanDesk product that relate directly to real-time remote client management; the product does include significant additional features that are not considered here.
The ManageEngine solution contains several product solutions along with a collection of tools to build a customized solution similar to LanDesk. This comparison examines only those aspects of Desktop Central that relate directly to real-time client management, and in some cases will require additional free tools from the ManageEngine collection to provide the desired functionality.
These products all rely primarily upon a locally installed client agent to do their work, although they typically provide some minimal level of client-free functionality, including the ability to deploy said client via push installation. Some care should be taken by customers when selecting a solution, as the client agent can play a crucial role in security and stability. The size of the client agent, its software dependencies, and so forth should be considered.
These products typically rely on a combination of Active Directory Domain Services (AD DS) and network discovery (pinging IP ranges) to discover unmanaged systems. Solutions in this category do not necessarily rely on a database.
Solutions in this category may also offer centralization of certain auditing events for reporting and auditing purposes, such as use of the solution’s remote control facilities. Where appropriate, we note the availability of such centralized features, although these were not a major focus for this comparison.
Note that both the Goverlan and Dameware solutions are desktop applications. They do not require a server-based infrastructure and can be deployed for piloting without impacting the production network.
LanDesk and ManageEngine have traditional centralized databases for inventory collection, primarily used for reporting and targeting resources. The inventory collection process can take several days depending upon configuration. This approach is similar to Microsoft System Center Configuration Manager (SCCM). For normal day-to-day tasks like deploying major application updates, the stale nature of the inventory data is generally not seen as a problem. For real-time client support and troubleshooting, the delay in current inventory information can be a factor.
The Goverlan solution provides a unique hybrid solution in that it first gathers its inventory information in real-time, then optionally storing this information (using SURE-DATA technology) to a local file or central SQL database. This contrasts from LanDesk and ManageEngine by providing immediate real-time information as the technician is working and displaying stored information for systems that may be offline, permitting more accurate queries for actions and reports. Inventory collection may also be scheduled, but the importance of having real-time information immediately available is the foremost concern to the support technician.
Remote control is a core functional area for solutions in this category. Solutions typically support the built-in Remote Desktop Protocol (RDP), may support VNC and Telnet/SSH for cross-platform control, and often provide their own proprietary remote control protocols. Proprietary protocols may offer better network utilization or lower CPU utilization, file transfer and chat capabilities, additional user experience or security options, and so on. The feature comparison below was performed using the product’s proprietary control solutions, when available.
Goverlan Remote Admin Suite v8 | ManageEngine Desktop Central v9 | |
---|---|---|
Find users and computers in AD DS by using wildcards and attribute names | Yes; streamlined UI | Yes |
Discover computers by logged on username | Yes; fastConnect | No |
Connect to remote computers via smartcard login | Yes | Yes |
Chat with users | Yes | No |
Transfer files | Yes | Yes |
Proprietary remote control protocol | Yes | Yes |
VNC support | Yes | No |
Telnet/SSH support | Yes | Yes |
Remote Desktop Protocol support | Yes | No |
Remote Assistance support | Yes | Proprietary |
Create dashboards showing multiple remote computers’ screens | Yes | No |
Remote shadowing of user sessions | Yes | Unknown |
Various end-user approval modes | Yes | Yes |
Remote control notification and auditing options | Yes | Yes |
Lock out local user option | Yes | Yes |
Blank screen from local user option | Yes | Yes |
Capture screen shots | Yes | Unknown |
Capture video of remote control session | Yes | Unknown |
Central auditing of remote control activity | Yes; free Goverlan Central Server component required | Yes |
Options to reduce network utilization / improve performance | Extensive: Color reduction, numerous visual options | No |
Clipboard integration via remote control | Yes | No |
Clipboard-based file transfer from remote computer | Yes | No |
"Observe only" remote option | Yes | Unknown |
Integrated Task Manager during remote control | Yes | No |
Integrated performance display options along with remote control/monitoring | Yes | No |
Multiple administrators can enter a shared remote control session | Yes | No |
These solutions all offer various end-user approval modes that, depending upon their configuration, can require remote viewers to obtain end-user permission before viewing or controlling the session, or can be set to allow administrators full remote control with no user awareness or acknowledgement. The available modes should suffice for most organizations’ political and privacy needs, but are typically available only in conjunction with the solution’s proprietary remote control protocol. Native features like Remote Assistance or Remote Desktop Protocol may not be as configurable.
We should point out that there are technically two distinct approaches to remote control. In-band control is what we’ve reviewed for this paper, and it is provided by all of the products reviewed as noted in the chart above. Another approach, out-of-band control, utilizes hardware-based redirection of the keyboard, mouse, and monitor. This requires the computer motherboard to include support for the technology, and the most popular today is Intel vPro-based remote control. This support includes the ability to change power settings and mount ISO images regardless of the current state of the target. We did not examine vPro in any depth for this paper, because it has significant requirements, but it should be noted that Goverlan, Dameware and LanDesk products support Intel vPro.
While the following table provides an overview comparison of these products, it is important to note that there are significant and often subtle differences between the products. For example, when managing printers, environment variables, and other user-specific settings, the Goverlan solution is multi-user aware. When managing a shared computer, for example, Goverlan can “see” individual user profiles and permit you to modify them individually or all at once. This can be a significant advantage; other solutions may accomplish this by modifying the profile when the user logs on, rather than in real-time.
Another example: when searching for objects in AD DS, the Goverlan solution provides a simplified UI that enables an administrator to directly search for attribute names. Typing “department=sales,” for example, retrieves all users in the Sales department. The Dameware solution supports AD DS searching through the standard OS dialog, which provides full functionality but is somewhat more complicated to use. Other solutions such as LanDesk support LDAP query format, but this may impact IT support staff unfamiliar with this query language.
It should be noted that Goverlan provides a unique feature named fastConnect that is especially useful to support technicians. This feature allows the support professional to find and target a computer by searching for the username of the currently logged on user. As an example, when a user contacts support, they rarely know their computer name, forcing the support technician to spend several minutes helping the user discover and report the computer name for a remote connection. With fastConnect, the technician can query for the username and see the corresponding computer, allowing for an immediate connection without further involving the user.
Goverlan Remote Admin Suite v8 | ManageEngine Desktop Central v9 | |
---|---|---|
Smartcard login support | Yes | Yes |
AD DS management: User, group, computer, and OU object management. | Yes | No |
Find users and computers in AD DS by using wildcards and attribute names | Yes; streamlined UI | Yes |
Discover computers by logged on username | Yes; fastConnect | No |
Exchange Server mailbox management | No | No |
Rename computers | Yes | No |
Manage computer domain membership | Yes | Yes, additional free tool |
Manage local users and groups | Yes | Yes, additional free tool |
Intel vPro AMT integration for out-of-band management | Yes | No |
Control system power status (lock, logoff, reboot; manage power settings) | Yes | Yes, additional free tool |
Wake-on-LAN (WOL) support | Yes | Yes, additional free tool |
Send pop-up messages to logged-on users | Yes | No |
Live chat with users | Yes | No |
Remote command prompt | Yes | Yes, additional free tools |
Remote Task Manager | Yes | Yes, additional free tool |
Built-in convenience access to Ping, TraceRt, etc. | No; can be added as custom controls | No |
Discover systems by IP scan | Yes | Yes, additional product |
* The Dameware product, unlike the others, appears to have minimal Exchange Server administrative support (mainly mailbox management and attributes, which come from AD DS), but has a number of restrictive system requirements to use it.
The following table summarizes the key functional areas for remote administration. These areas can be administered “behind the scenes,” meaning they do not require remote control of the remote computer. Users will not be aware that the following activities are taking place.
Goverlan Remote Admin Suite v8 | ManageEngine Desktop Central v9 | |
---|---|---|
File system | Yes | Yes |
Event Logs | Yes | Yes |
Local users/groups | Yes | Yes |
Open files/resources | Yes | No |
Printers | Yes | Yes |
Processes | Yes | Yes |
Basic system information | Yes | Yes |
RAS Settings | No | No |
Registry | Yes | Yes |
Task Scheduler | Yes | Yes |
Services | Yes | Yes |
File Shares | Yes | Yes |
View installed software | Yes | |
Remotely Repair/Install/Uninstall software | Yes | Yes |
View installed hotfixes | Yes | Yes |
Configure network | Yes | No |
View environment variables | Yes | Yes |
Change environment variables | Yes | Yes |
View performance data | Yes | Unknown |
Manage devices (Device Manager) | Yes | No |
Manage Windows Update settings | Yes | No |
Track logged-in users | Yes | Yes, additional free tool |
Remotely Add/Remove System Components | Yes | Yes |
Manage Startup items | Yes | No |
Manage mapped drives | Yes | Yes |
Manage auto-logon | Yes | No |
Force remote GPO update | Yes | Yes |
Transfer files | Yes | Yes |
Auto-force specified processes to a specified priority level | No | No |
Manage Windows Firewall settings | Yes | Yes |
Because it is designed as a configuration management tool, the LanDesk and ManageEngine solutions offer a broader range of built-in configuration tweaks and settings. These are centrally defined, downloaded by their client agent, and applied at logon. These settings include Microsoft Office, Microsoft Outlook, Security Policies, Time Synchronization, Folder Redirection, and more. Most of these settings are in the registry, making them manageable with either the Goverlan or Dameware products as well, although those two products do not pre-define configuration packages for these. Many organizations will already be using, or will prefer to use, the native Group Policy objects (GPO) feature of AD DS to manage these and other registry-based settings for more granular targeting and application of settings. The Goverlan product, through its Scope Actions feature, could also provide a similar level of granularity.
Goverlan Remote Admin Suite v8 | DameWare Remote Support v11 | |
---|---|---|
Query data from offline machines | Yes | Yes |
Create sets of users or computers to target for data queries or actions | Yes | Yes |
Target actions to AD DS objects in bulk | Yes | Yes |
Target actions to users in bulk | Yes | Yes |
Target actions to computers in bulk | Yes | Yes |
Dynamic query-like criteria for targeting | Yes | No |
GUI builder for action sequences | Yes | Yes |
Shareable action sequences | Yes | No |
Re-run batches against failed computers | Yes | No |
The Dameware solution’s batch processing capabilities are limited. You can, in a batch, deploy the solution’s client agent, install services, deploy registry files, manage power state (restart, shutdown, etc.), send pop-up messages, and a handful of other selected tasks by selection of computers.
By contrast, the Goverlan solution has extensive batch processing capabilities. You can define scopes, which are groups of computers, users, or AD DS groups. Scopes can consist of static lists, AD DS sites or containers, IP address ranges, and so on. An extensive set of actions, broadly categorized as “reporting,” “setting,” and “executing” are built-in, and custom actions can be created. Actions can be further scoped by specifying limiting criteria – only machines with a certain amount of RAM, for example. Reporting is available for the entire WMI repository – a wide range of data, much of which is pre-indexed and explained within the solution. Settings can include AD DS properties, local accounts, and a range of WMI objects. Execution can include nearly anything the solution is capable of doing on a per-computer basis, including network settings, printers, processes, software, for a total of several dozen discrete actions.
The LanDesk and ManageEngine solutions offer the strongest contrast, as it is not intended for real-time batch deployment. Instead, you create configuration policies and rules, which are deployed to collections.
Because most IT environments consist of more than one administrator or technician, shared features can become important.
Because it uses a central configuration repository (database), the LanDesk and ManageEngine solution's configuration is automatically shared across all administrators using the product.
Although the Dameware solution does have a central server for licensing, we were not able to discover any means of sharing configuration data between users of this solution.
The Goverlan solution supports sharing computer lists, console layouts, remote control connection sets, software installer packages, batch action sequences, and batch action target lists. With the addition of the SURE-DATA database, configuration information is shared similar to LanDesk.
Goverlan Remote Admin Suite v8 | ManageEngine Desktop Central v9 | |
---|---|---|
Query information via WMI | Yes | No |
Generate custom WMI reporting scripts from a GUI | Yes: produces VBScript | No |
GUI builder for GPO WMI filters | Yes | No |
WMI-based Asset Management Reports | Yes | Yes |
WMI-based IT Compliance Reports | Yes | Yes |
AD DS reporting | Yes | Yes |
The Goverlan solution includes WMIX, an integrated utility (also available standalone) that provides a GUI atop the WMI repository. This utility enables administrators to browse WMI (often the only way to discover what the repository contains), and provides custom in-product documentation for core WMI classes and properties. Using the utility’s built-in reports, report wizard, or report templates, administrators can generate a wide variety of real-time inventory reports.
The Dameware solution does not offer equivalent functionality.
The LanDesk and ManageEngine solutions offer reporting from WMI, but do not draw upon real-time data. Instead, using a proprietary reporting interface to generate reports based upon information stored in its database. A number of built-in reports are included, and custom reports with custom WMI queries can be created. A policy using Data Collection must be configured to collect data before reports can be generated from that data.
It should be noted that the real-time discovery, exploration and future storage of custom WMI information has proven essential in many situations. Most products leave the IT support staff to accumulate their own tools outside of the product to accomplish these tasks. The Goverlan WMIX utility provides this integrated support and goes beyond most other available toolsets.
The Goverlan and Dameware solutions address the same problem space within an organization, although the Goverlan product offers broader functionality and deeper management reach. Its approach to batch administration – action scopes, a GUI-based task sequencer, and so on – offer extended opportunities for use, and take the product almost to the point of being a full-fledged systems management tool. With the hybrid approach of real-time inventory and management combined with the inclusion of SURE-DATA configuration storage, many organizations will find this a more affordable and robust management tool removing the complexities of deploying and implementing a product such as LanDesk. The additional attention to management details, such as the fastConnect feature providing easy-to-discover computer targets from usernames, demonstrates an understanding of the support professionals role and challenges. Greater platform administration of Mac and Linux is a must for growing organizations with cross-platform requirements.
The LanDesk solution is designed for far more than real-time remote client support, and indeed that is not its strongest aspect. It is at heart a centralized, database-driven configuration management suite, with remote control capabilities and certain remote management capabilities. Strong support for out-of-band management (with supported hardware) helps supplement these capabilities. Similar to ManageEngine, this product is more of a traditional full-featured database-driven approach, but requires an investment in architecture, deployment and management that may not be best suitable for some companies.
Copyright ©2014 Concentrated Technology, LLC
Goverlan, Inc. has been providing cost-effective, real-time remote administration software solutions since 1998. Goverlan solutions are entirely implemented and managed from within clients¹ infrastructures, thereby fostering security, integrity and control. Designed with the high standard requirements of corporate IT, Goverlan is chosen by IT support technicians worldwide for their ease-of-use, global reach, and expandable feature set to get to the root of problems quickly, dynamically and efficiently. Goverlan¹s initial design began in 1997, geared for a large and fast-paced helpdesk of a Wall Street securities trading firm based in New York City with offices worldwide. To learn more, visit Goverlan.com.
Concentrated Tech is a boutique technology analysis and education firm. Founded in 2005 by industry experts Don Jones and Greg Shields, the company focuses on helping technology and business come closer together by offering strategic consulting, timely education, and expert analysis.
Concentrated Tech analysis papers are independently researched, written, and published. While papers may be commissioned by a specific company or organization, that company or organization is given no editorial control over the content of the paper. The commissioning company or organization has the option of publicly publishing the completed paper, or reserving it for internal use only.