In a previous article, I provided six tips for using Remote Desktop for remote hosted servers. Remote Desktop is the most common solution for this because it's readily available, tightly
There are several reasons why you might want to opt for something other than Remote Desktop for long-distance connectivity to a remote hosted server:
- Additional security, not just for the data in the connection itself but for how the server is accessed;
- More features;
- Different approaches to existing problems; and, of course
- Cost. Most of the options described below are of low or no cost, which makes them all the more appealing.
Some third-party software companies have expanded on the basics of Remote Desktop by adding features that ought to come in handy when dealing with a physically inaccessible server. One of these companies is Atelier Web, whose widely used software product, Web Remote Commander, offers:
- file transfers, including remote file compression and decompression;
- more robust Clipboard support, including transfers of pictures and other data formats not usually supported via Remote Desktop;
- "Port Finder," which maps applications to available open ports; and
- a remote chat function, for communicating directly with someone on the remote server.
One limitation of Web Remote Commander is that it requires the ports for RPC (i.e., Microsoft Networking) to be open to the destination server. But it uses Windows' own authentication system to ensure that anyone attempting to connect is only able to do in an authorized way.
Some third-party programs that expand on Windows Terminal Services only add one dedicated feature. Still, they're useful if that's all you want to add. For instance, TSDropCopy, from AnalogX, enables simple drag-and-drop remote file copying through a Terminal Services connection. However, it's not always as reliable as a more broadly supported technology like FTP, and, since it uses the Terminal Services clipboard as a data exchange medium, it can be flaky if it's not set up right.
Alternatives to Windows Terminal Services
Some admins eschew Windows Terminal Services entirely and use another technology to connect to the remote server. One of the most popular of these alternate desktop connection methods is VNC.
VNC is a cross-platform connectivity system, so users in a heterogeneous environment can use it to connect clients from any platform (Windows, Linux, Mac, etc.) transparently.
Since VNC is also open source, it exists in several implementations, many of which have features not found in Remote Desktop. Among the best of these is TightVNC. Its list of bonus features available in Windows include the ability to transfer files through the connection client (handy when you don't want to or can't use FTP), JPEG image compression (for faster display rendering) and a Java-based client that can be run in any Web browser that supports Java.
The last feature is especially handy since you don't need to download or install anything—you simply connect to the TightVNC server on a given port, log in, and the Java client is downloaded automatically. For those who want to administer the server remotely without needing to be at any particular computer, this is ideal.
VNC can also be run on any port, which makes it a slightly less obvious target for a hack attempt by someone who might be trying to log in via Remote Desktop. (Of course, a strong password policy should keep such people out, but not even letting them know where the door is can grant that much more peace of mind.)
Keep a few things in mind: VNC uses its own password, which is not integrated into Windows, and while it encrypts passwords, it doesn't encrypt the data sent (at least not yet). One way to compensate for this is to add an OpenSSH server and tunnel the connections to the server through it.
Tunneling: VPNs and SSH
Another way to improve the security of Remote Desktop connections—if security is a concern—is to wrap it in another protocol: tunneling, through a virtual private network (VPN) or through Secure Sockets (SSH). Remote Desktop does have some native encryption of its own, but it's limited by the capacity of the client using it. Using a third-party wrapper allows you to encapsulate Remote Desktop sessions in encryption of any strength.
One way to implement SSH in Windows is through the open-source product OpenSSH or through a commercial product such as Bitvise's WinSSHD (which has configuration instructions for use with Remote Desktop).
Another tunneling application that's free and unencumbered by patents, although fairly unsophisticated, is Zebedee, which can also be used to forward Remote Desktop traffic.
Remote Hosted Server Management Fast Guide
Use Remote Desktop for remote hosted server management
Remote Desktop alternatives
Managing applications on remote hosted servers
Remote hosted server management: Disaster recovery and prevention
This was first published in June 2006