Review: GoToMyPC Corporate 5.0Review: GoToMyPC Corporate 5.0
It's a useful tool for remote access, but it could sharpen its multi-user support capabilities.
February 9, 2006
Citrix GoToMyPC, an Internet-based, hosted screen-sharing application, differs from most remote-control programs in that it lets you traverse firewalls and NAT (network address translation) devices without the need to set up VPNs, which are sometimes blocked on hotel, Wi-Fi or guest networks. Originally designed for a single user to access one PC, the corporate edition includes access-control capabilities, user and group support and tiered administration. I looked at the Corporate 5.0 release, which touts better performance, an improved end-user interface, and drag-and-drop file transfers.
Communication is handled over HTTP or HTTPS, with GoToMyPC acting as an intermediary. Hosts--the machines that are to be controlled remotely--will make periodic connections to the GoToMyPC service, checking for new remote-control session requests. A host does not accept direct incoming connections. This approach enables GoToMyPC to get around firewalls and proxies without the need for VPNs--convenient, but with a security downside. To compensate, Citrix offers a free service for limiting the use of the product to approved users and even features. You also could configure your firewall to block the IP addresses or DNS names that GoToMyPC uses.
Administrators and users both go to the GoToMyPC web site for access. Administrators, upon logging in, are presented with a choice of remotely accessing PCs or going to the user and PC administration site, where they can manage and grant capabilities to users, administrators and PCs. To create users of the GoToMyPC service, the administrator need only input their e-mail address. A message is then sent to the user, with a hyperlink to follow. The user creates his password, and the service becomes available to him.
• Simple interface and usage
• Slow file transfers
The e-mail message contains a specially generated URL, unique to each user, but I would have liked to see one more layer of authentication, such as entering a temporary password that's communicated via another channel. Manager accounts are created in the same fashion. It's a simple approach, but this model is susceptible to a packet capture attack. You can, however, place manager accounts into a restricted access group until you verify their identity. PCs can also have their own access codes as an additional layer of security.
Administrators can place each user into only one group or subgroup at a time. Restrictions may be placed on the group itself, but individual user settings can override the group settings. I was able to turn on or off features such as file transfer, remote printing, chat and taking over the host's keyboard.
Each Windows computer the administrator wants to enable for remote control needs a small client program installed, under 5 MB. We detected about 20 MB of memory used during a remote-control session. The client program can be installed as a service that loads at start-up, or run after a local user's first logon. Each host computer is assigned an owner--the GoToMyPC user account that was used to install the client--who is automatically granted access to the machine, but a manager can go into the administration site and add other users to a PC if desired. The owner may also choose to set an access code that must be input by any user attaching to the PC.
Unfortunately, adding additional users to a PC needs to be done on an individual node or user basis. I couldn't assign group access to a PC, an irritating limitation if you want to use GoToMyPC as a tech support tool. This gives the impression that centralized management has been grafted onto a product whose origins are as a one-user, one-PC tool, rather than truly integrated into a corporate-level offering.
When I connected to the remote access Web site, I was presented with a list of all PCs that I, as a user, had permission to access. I used a Java-based viewer for access, although Windows users get a bit more functionality with an ActiveX- based viewer. The local user--someone using a host PC at the time a remote user is trying to connect to it--is notified of a remote connection through a pop-up window.
Overall performance was very good and responsive, even on a cable modem. I tested out the shared clipboard feature by writing some text in Notepad on my host PC, copying it and pasting it into a copy of Notepad running on the remote PC. I was able to print it via shared printing with no trouble. Files could be dragged and dropped from the host PC onto the remote PC's viewer window, or the reverse. A file selection dialog box is also available. I tested transferring a 266 MB file (Service Pack 2 for WinXP) from my local machine to the host. With both computers on the same subnet, the transfer took 9 minutes, 38 seconds through GoToMyPC. The same file sent directly from one machine to the other via Windows File Sharing took only 30 seconds. The advantage of GoToMyPC is that it encrypts the file transfers with 128-bit AES, while most corporate firewalls will block Windows File Sharing across the Internet.
Users can see statistics on their connection performance over time. Bar graphs show how much performance degradation was caused by CPU or Internet connections on the host and the client, on an aggregate or per session basis. Managers can generate reports across their organization of access history, user activity and features enabled. Although some parts of the product still need tweaking, the reporting is very good.
Small IT organizations will find the product useful as a remote access solution, and the ability to traverse external firewalls and NAT devices is handy for bigger businesses that take the appropriate security measures, too.
Michael J. DeMaria is a technology editor based at Network Computing's Syracuse University's Real-World Labs®. Write to him at [email protected].
About the Author(s)
You May Also Like