Support in the cloud
Skip the traffic and use cloud services to proactively support clients without leaving your office.
There you are, in your office on a cold, wet winter day, when the phone rings. It’s one of your clients, and they’ve got a problem. So it’s into the car or out on the bike, and onto the wet road for an hour or so, only to discover that you just needed to update some malware protection tools, or push an update onto a desktop PC. Or it’s a blazing hot summer day and the traffic is terrible. Or you’re in the middle of setting up a server or rebuilding a desktop… If only you could deal with the issue without leaving your desk – there’d be time for everything else that needs doing, and your clients would get their problems solved that much quicker. And what if you could do it all without getting that call in the first place?
Remote support solutions have been around as long as the modem, but a new generation of cloud hosted services add additional layers of management capability, along with advanced support tools. Cloud-hosted dashboards give you quick and easy access to clients’ machines, giving you the ability to proactively identify issues and push solutions – with little or no user intervention required. You’re also able to budget more effectively, and charge appropriately; cloud support tools are billed as subscription services, usually with a fee per managed device.
It’s important to choose the appropriate management tool for your clients’ needs. They’re all different, with different strengths and weaknesses. Some focus on remote desktop access, others on security and update management. You’ll find some that offer online help desks, and some that have similar look and feel (and support tasks) to familiar on-premises systems management tools.
Windows InTune, currently in beta, takes the latter approach. It’s perhaps best thought of as a cloud hosted version of System Center Essentials – minus the server support. Even so, it’s a useful tool for any consultancy working with PCs on multiple sites (and there’s going to be a version for ISVs capable of supporting multiple organisations as well). It’s easy to use, with a lightweight agent for user PCs that includes a version of Microsoft’s Forefront anti-malware client.
Signing up for the beta entails creating a new subdomain on the onmicrosoft.com service. This is used to create a LiveID that you use to sign into the Windows InTune site, manage.microsoft.com (you can’t use an existing LiveID). The beta comes with 25 device licenses (and Microsoft would like you to install it on at least 5 PCs), though the final service will be offered as a per-user subscription. There’s another good reason for using Windows InTune, as each user licence also includes rights to install and use Windows 7 Enterprise, giving your clients access to a secure modern operating system. If you’re working with several different clients you can have a separate subscription for each client and quickly switch between subscriptions on the login screen.
Once you’re logged into Windows InTune for the first time, you’ll be prompted to download the agent software. There are two versions – one for 32-bit PCs and one for 64-bit. Installation is simple, as Windows InTune preconfigures the appropriate connection information. All a user needs to do is connect to the Internet, run the appropriate executable and reboot their PC. The Windows InTune agent downloads the appropriate software updates from the service, setting up remote desktop connection tools and anti-malware software (it’ll also uninstall Windows Defender or Microsoft Security Essentials as part of the installation to avoid conflicts). Once rebooted, user PCs have a desktop link to the Windows InTune Center, a self-service support tool that can be used to trigger updates, launch anti-malware scans, and request remote assistance from a help desk.
Windows InTune’s anti-malware tools are the same as those used in Forefront Endpoint Protection. That means you’re going to be pushing out enterprise grade anti-malware tools to all your managed PCs. That’s a big benefit to SME networks that are often protected by bundled or free anti-malware tools that don’t offer the same central updater, the same subscription cycle or the ability to alert administrators of problems.
You can configure the Windows InTune Center remotely, using Windows InTune’s policy tools to preconfigure it with additional help desk information. It’s a useful idea, giving users one place to manage their machines and at the same time get access to as much helpdesk information as possible. You can even provide links to FAQs and additional online support tools. Simplifying access to support tools should make it easier for users to contact your support team, and, at the same time, give them information that will reduce the number of calls your help desk needs to respond to.
Once the agent software has been installed on user PCs, it’ll report back to the Windows InTune cloud service. PCs are initially placed in an Unassigned Computers group. You’ll want to create separate groups for each department or class of user, as these will simplify software distribution and policy-based management.
Windows InTune turns the familiar Windows Software Update Service into a cloud service. Like System Center Essentials, it’s able to manage and push updates to client PCs, and to inventory and manage the software installed on user PCs. Drill down into the individual PC properties to see what’s been installed. While you can’t remotely uninstall software from Windows InTune, you can at least see what might possibly be causing problems – as well as where users might be violating site policies or using unlicensed software. You’re also able to get a report of all the software currently installed and in use on a site, making it easier to understand just how your clients are using licensed software – and if they can make savings by renewing fewer licenses in future. Software reports include version numbers, so you’re also able to check if third party software needs to be updated or if users are using applications that have known incompatibilities. Data held in Windows InTune can be exported in CSV format for further analysis. If your clients are using Microsoft Volume Licencing agreements, Windows InTune will manage and monitor application usage, identifying gaps in license coverage. Microsoft has made a commitment that it won’t use Windows InTune data to monitor for license infringements, so if your clients inadvertently step outside license coverage, your use of Windows InTune to manage their systems won’t affect their relationship with Microsoft (though you’ll want to make sure that they become compliant very quickly to reduce any liability you and they may have).
Managing updates is becoming increasingly important, and tools like WSUS are effective ways of controlling which updates are sent to which PC. Windows InTune’s cloud update service is that same familiar WSUS, with tools to define how updates are approved, and how they’re pushed to managed PCs. The approval process is important, as you don’t want to deliver an untested update to a client’s network – and at the same time, you don’t want to leave them vulnerable to vulnerabilities where there are known exploits.
Windows InTune’s alerts are the key to effective operation. You can choose which administrative user gets what type of alert, either online or via email. Alerts can be proactive, from Windows In-Tune’s monitoring tools, or can be triggered by new updates arriving from Microsoft. They’re also part of Windows InTune’s support desk service, letting users get assistance from remote help desk staff.
Users needing support can use the Windows InTune Center to request a support session. This uses Windows Easy Assist to provide a chat environment, along with screen sharing. The administrator gets an alert, either by email or in the Windows InTune environment; when the connection is made, chat windows open on both the administrator’s and the user’s machines. The user can show the administrator what the problem is on the shared screen, with the option of handing control to the remote administrator. If a solution needs a download, you can push files over the support connection – and install them through the shared screen.
Windows InTune is a powerful tool, taking much of what System Center Essentials offers and pushing it into the cloud, where it can be used to manage many different clients’ PCs. Server support is sadly lacking and it only handles Microsoft licences, not the many other software sup-pliers you’ll need to deal with, but it should at least simplify desktop management.
Microsoft is bringing InTune into an already busy remote management marketplace. Tools from GoToMyPC and LogMeIn have now added support and management features to the original cloud remote access clients. Building on remote access tools makes sense – you need to get your hands on a PC with problems, and tools like these bring users’ desktops to your support PCs, wherever they are. You don’t even need to have a PC to hand, with clients for iPad and iPhone giving you anywhere, anytime access to supported PCs.
LogMeIn Central is where you manage all your LogMeIn Pro client PCs. Licensed on a per PC basis, LogMeIn Pro gives you direct access to PCs, with alerts and information about how the PC is running. There’s a lot of information here, with LogMeIn Pro pulling information from the PC’s WMI APIs. Once you log on to a managed PC from Central, the Web dashboard shows an overview of the machine state with information about recent Windows system events, along with live CPU and memory usage. Central also lets you build and run managed virtual networks, using the Hamachi peer-to-peer network protocol. Central has tools to help deploy LogMeIn and Hamachi client software, sending email or instant messages with install links.
Connected PCs are easy to manage, with direct access to services and processes, as well as examining currently running drivers. There’s everything you need to remotely debug a PC, without a user even knowing – it’s only when you request screen sharing or start a chat that they know you’re connected to their PC. You’re even able to reboot the remote PC. Users get something out of LogMeIn too; the LogMeIn Pro client lets them access their desktop PC securely over the Internet, and transfer files to colleagues.
If you want even remoter access to a PC, LogMeIn’s Ignition client runs on a wide range of different smartphones, including iPhone and iPad. You won’t get the full Central management environment on smaller screens, but what you will get is a remote desktop on your phone, letting you support your clients from the road.
To work with servers, you need something like Citrix’s GoToManage. A complement to the GoToAssist remote support service, GoToManage mixes cloud services with local agents. Set up requires installing a crawler on a local PC, which examines the network for servers and workstations. You’ll need to configure the crawler with a data key that connects the crawler securely to the cloud management platform; we’d recommend installing it on a server or an al-ways-on PC, as it’s an important piece of GoToManage, and you’ll need it to handle most operations. There is the option to use a cloud-based crawler, but it won’t have the same capabilities as the network tool.
After crawling the network, GoToManage builds an inventory of the machines on the network, and starts monitoring them, using WMI and SNMP. This is a much more complex tool than Windows InTune or LogMeIn Central, with the ability to build and run complex WMI queries against managed machines. That makes it a lot more flexible but, as always, with great power comes great responsibility; you can use GoToAssist Pro to connect directly to managed devices (once the appropriate agent has been installed), and handle alerts and issues without user interaction. The same agent runs on servers, giving you tools to handle many common support issues remotely, without leaving your browser.
That’s the real advantage of cloud-based support tools; they require only minimal software on your and your clients’ networks, while still giving you secure access to PCs and servers. With tools like these, you’re able to manage more client networks more effectively, with fewer time-consuming site visits.
LogMeIn’s community support forum:
Windows InTune on TechNet
Resources and advice on using Windows InTune:
Windows InTune Beta Sign Up
Sign up for the Windows InTune beta to try out cloud manage-ment on 25 PCs:
Volume 2, Edition 4
Managing mobile devices
feature finder code 2428a
Volume 2, Edition 3
Managing networks with System Center Essentials 2007
feature finder code 2306a
Volume 1, Edition 1
feature finder code 111a
Currently in beta, pricing TBD
LogMeIn Central: £176 per year
LogMeIn Pro 1 computer, £41.95 per year,
5 computer, £29.80 per computer per year
LogMeIn Ignition: £17.99
Starter (10 serv-ers, 90 other devices)
$89 per month $854 per year
Enhanced (25 servers, 225 other devices)
$219 per month $2102 per year
Plus (50 servers, 450 other devices)
$399 per month $3830 per year
GoToAssist pricing: $89 per month/admin
$854 per year/admin
£439 per Business license (single workstation).
£889 per Premium license
Build your own support tools with TeamViewer
If you want just a simple remote access platform, TeamViewer gives you an interesting modular approach to building a support environment. Everything runs using desktop client software with connections passing securely through the TeamViewer cloud service rather than over RDP or VPN connections.
The heart of TeamViewer is its remote desktop tool – which acts as both client and server. Use it to share user desktops with a support team, or to quickly manage a user’s PC. You can upload and download files, or chat. You don’t need to deploy the full client to user PCs; the customisable QuickSupport client runs without an installer and doesn’t need admin rights. There’s an additional Manager application too, which adds a database of installed TeamViewer software as well as logging tools.
For servers, there's a Host option that runs as a service. You’ll need to pre-configure passwords, but once set up you can connect to a server from anywhere – even using TeamViewer’s iPhone client. This is a cross-platform tool, with Mac and Linux clients as well, and a version of QuckSupport for Mac desktop PCs, simplifying your Mac support options.
Setting up Windows InTune
Once you’ve signed up for Windows InTune, log into the service dashboard where you can add administrator users and download the client software ready for installation on the desktop PCs you’re planning on managing.
There are two versions of the Windows InTune client software, one for 32-bit systems and one for 64-bit systems. Download and distribute them from a network share on a USB stick.
Users get new anti-malware software, along with the Windows InTune Center. This lets them manage updates, run anti-malware scans, and request remote support connections. Clicking the last sends a message to Windows InTune, for an administrator to respond.
An administrator can respond to a support request alert on the Windows InTune Web site, launching Windows Easy Assist. This lets you chat with users who need help, upload or download files, and use a remote desktop to control the machine that needs support.