Remote support, administration and patch management of XP workstations
From: ADFH (msnews200402tmp_at_bachelorguy.com)
Date: 02/23/04
- Next message: frank: "speed of remote desktop"
- Previous message: marty_at_partshelf.com: "Re: How to use a router provided VPN?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 24 Feb 2004 02:37:32 +1100
I've been queried about the remote support and administration of a herd
of windows boxes.
With support needing to be centralised at the primary location for these
systems, and the nature of the deployment making it difficult to visit
each machine on site, the question arises - what is the most efficient,
secure and effective means of providing "hands on" support remotely to
each system as well as ensuring that all necessary patches are
maintained..
My initial thoughts have been a solution based on "Remote
Assistance"/RDP - however, this only covers the ability to provide
support on demand as opposed to non-interactive maintainance tasks.
Ie. It needs to be initiated from the remote end (Remote Assistance)
The use of RDP on Pro versions of XP allow for a remote login, but for
security purposes, the ability to update access credentials in the event
of a compromise would be high and assigning each machine a unique
authentication key would mean a lot of records would need to be made,
and therefore these unique keys would likely be recorded in an insecure
fashion (stickit-note syndrome ;-) ) due to their number. Any solution
must be able to manage patches to both the OS and applications including
AV.
>From descriptions given at this fairly early stage of the process, it
would appear that the systems to be rolled out will be fairly homogenous
with perhaps 3 or 4 variants (desktops and laptops), the same OS and one
of three connection types of varying speeds (broadband not to be assumed
in all cases).
The systems at this point, I'm told, are probably going to have public,
routable, dynamic IPs although static ones may be assigned. Some will
have small routers on-site providing IP masquerading (DSL) so they still
won't be directly accessible without some interaction with the routers.
Some will be just connected via modems, so there could possibly be a
need for "phone home" ability.
Has anyone else been involved in projects such as this? Got any
pointers? Reference sources? Major caveats? Case studies? White papers
etc. etc.? Perhaps I'm in the wrong newsgroup?
So far, "Software Update Services" has been suggested for patch
management - am thinking I might look into it. Not sure how it might
work in a semi public network environment.
Thanks in advance folks..
Anthony
PS. The address is valid, but temporary - I'll probably keep it open for
a few months. Feel free to CC to it..
- Next message: frank: "speed of remote desktop"
- Previous message: marty_at_partshelf.com: "Re: How to use a router provided VPN?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
