LogMeIn.com - remote access to a PC behind a router

[Thorin]

I found out at work about this website called LogMeIn.com, which allows remote access to a computer even when your computer (the client) and the computer you're trying to contact (the host) are both behind their own firewalls.

Now, I was quite concerned about how that would work and what kind of security holes that would create, but after reading this technical security whitepaper from the LogMeIn company my mind is somewhat more at ease.

Basically, the host computer connects securely to a web server (with a custom tcp-over-udp protocol), the client computer connects securely to a web server (with the https protocol),  and the web server acts as gateway between the the host and the client.  This means that there is no configuration changes needed to any routers or NAT devices inbetween.

Does anyone have any experience with this program?  They have a free version which allows remote access, and a pay version which allows file transfers and remote print jobs and other such stuff between host and client.  I would imagine it could be very helpful to troubleshoot problems on peoples' computers if they're far away geographically (thinkin' of the parents/grandparents/etc).

[Melbosa]

No experience myself.  I typically just setup RDP access for myself and clients (and most clients have SBS servers, so they have a web interface to use for the connection).

So my remote needs are not with people's home desktops, so haven't had a need to look into it.  Let me know how it goes, should I ever need this in the future.

[Lazybones]

Windows live mesh is free and also lets you RDP through firewalls. Uses SSL tunneling so for the most part the firewall thinks it is out bound HTTPs traffic. It is really slow compared to direct RDP.

https://www.mesh.com/

[Thorin]

When you setup RDP, do you travel over a VPN so that you can copy files and print files to the local computer you're using?

I'm surprised here at work that they're thinking of going through LogMeIn.com instead of opening a port on the router for anyone who wants to use RDP.  Of course, then they need different ports for each user, as they'd need to set up port forwarding...  But this is a small shop (five developers).

Windows live mesh is [..] really slow compared to direct RDP.

Yeah, I wonder how slow/fast LogMeIn is.

What bothers me is that they have this big Cisco VPN device, but the required client isn't supported on Vista 64bit so one of the devs was at home and couldn't VPN in, and therefore couldn't RDP to his desktop, and therefore couldn't get any work done.

[Melbosa]

RDP is encrypted by default on Windows machines (you can use registry keys to up the encryption if the default isn't satisfactory).  And it has the ability to do Printer and Drive pass-trough on its session (I do it all the time).  The trick with the printers is that you need to have the same print drivers installed at the destination (remote) to use the printer at the source (your computer's printer).

So no VPN.  But this does limit you to the amount of connections your destination host can accept.  VPN allows you access network resources that VPN is authorized for; so you can either have multiple destination hosts for RDP sessions or just act as a computer on the same network.

[Melbosa]

What bothers me is that they have this big Cisco VPN device, but the required client isn't supported on Vista 64bit so one of the devs was at home and couldn't VPN in, and therefore couldn't RDP to his desktop, and therefore couldn't get any work done.

A guy here at work uses VirtualBox  and a 32bit OS for that specific reason on his 64bit machine to VPN into NAIT.  We too have a Cisco VPN Concentrator device, and use the Cisco client VPN software.

[Thorin]

I've played with this LogMeIn software some more, and I think it's neat.  Here's something that stands out for me: the output on the remote monitor is captured and zoomed appropriately to fit on the local monitor.  You can tell it to fit to size or stay at actual size.  If you have multiple remote monitors, you can tell it to show you one monitor at a time or all the monitors at the same time.  You can full-screen your view, and choose to set the remote desktop to the resolution of your local monitor so it fits perfectly.  This is similar to Remote Desktop, although Remote Desktop doesn't appear to support zooming.

Something else that stands out for me: the company has a subscription to LogMeIn Central, where all the computers available through LogMeIn are listed and some of the employees have accounts.  In LMI Central we can then configure who has access to what machine(s), and what level of access they have.  This means every computer the company owns could be listed and potentially accessible, but you can limit regular users to only be able to remotely access their workstations while IT/Helpdesk can access some or all of them.  You could even allow developers remote access to some servers but not others.

Another thing: when two or more users are connected to the same machine, they can start up a chat app outside of the remote machine.  There's also a whiteboard (haven't tried it yet).

And all that through a standard web browser! (in my case Firefox).  Although I will admit that I installed the Firefox plugin, so I haven't seen what it looks like without the plugin - they claim to be able to do everything without the plugin but that it's not as smooth.