How did I choose remote administration solutions? Experience of the head of the IT department of a Moscow college

However, suddenly everything changed. And today I want to share with you the story of how we solved one of the problems that arose in import substitution of software during one of the most turbulent periods. So, dear reader, welcome to cat.

Initial conditions

At the beginning of 2022, the long-awaited restoration began. But, to our regret, it was accompanied by a mass exodus of almost all foreign vendors from the Russian market, on which our monolithic structure was built. It has become absolutely obvious that the era of Microsoft Windows for government customers is irrevocably gone, and we are facing a rapid transition to Linux. Initially, we didn’t see anything terrible in this. Yes, you will have to set aside time for training, but the current versions of Linux operating systems are very user-friendly, you can easily adapt to them and gain experience. There may be problems with training average teachers who do not always hold the mouse confidently, but there is nothing to be done: our path was predetermined and chosen for us, we need to move on.

Initially, we wanted to study the operating systems available in the registry of domestic software: we had already tested about ten different ones, interviewed users, but then, like a bolt from the blue, they brought us a targeted urban supply of equipment. It had nothing to do with the restoration process, it had its own goals and objectives, but the main surprise was that the operating system installed on it was the city’s own development based on Linux.

Whether we wanted it or not, our world has been shaken once again. We were mentally prepared for the fact that we would not be able to completely unify all equipment due to different specifics of work and compatibility with a number of equipment. And in addition to the need to administer the remaining Windows and MacOS PCs, we now have at least three different builds for Linux. At the same time, all sorts of interactive devices were on Android – it turns out to be a small branch of a perfectionist’s hell.

Therefore, we came to the most logical and simple solution: we need a single administration center for all our diverse devices. After all, if we cannot ensure uniformity of technical equipment, then we must provide ourselves with the ability to comfortably service all this and, of course, in a remote format.

How we started looking for solutions

When our fleet consisted mainly of PCs on Windows, we made do with a remote assistant, also known as Microsoft Remote Assistant (in common parlance, “dadashka”), and in some cases, the well-known TeamViewer and AnyDesk. For obvious reasons, further use of our “gentleman” set was not possible. Although the remote assistant continues to work, it is unknown how long it will last, and it is not available on Linux. TeamViewer left the Russian market, but it’s impossible to use it for free in our volumes, as well as AnyDesk, and we didn’t want to risk waiting for its departure.

And so, we plunged into the search and selection of solutions for remote administration in the vastness of our vast homeland. Despite the fact that we did not have a clear time frame for searching and selecting a solution, one thing could be said for sure: it is better to lay out this straw as quickly as possible, while immediately taking into account all possible risks and requirements. It was important for us:

• The most universal and cross-platform (and architecture-independent) solution.
• Presence in the register of Russian software
• Ability to work both inside and outside the organization.
• Security compliance: centralized video recordings, strict logging, SIEM support.
• Integration capabilities with various LDAP, SSO and other features for Enterprise.
• Notifying the user about the administrator connection.
• Allow certain employees to securely connect remotely to their PCs.

Having determined the requirements, we began to study the registry of domestic software. Having narrowed the search criteria to the software class “09.14 Centralized management tools for end devices” and the class “02.08 Monitoring and management tools”, we received a little more than 1200 records and after a couple of hours of studying the information received – our test group, namely:

1. 1C Connect
2. Assistant
3. Rudesktop
4. RMS
5. PRO32 Connect
6. Radmin
7. Litemanager
8. Circuit Access

Perhaps the sample was not entirely complete, since there is a lot of stuff in the registry, but it is not too small to find software that is right for us. Although we removed some of the applicants from the list almost immediately.
The first to drop out of our sample were RMS, Radmin And Litemanager. The reasons for this were the lack of product development over a long period of time, an outdated and inconvenient UX\UI, a lot of problems with Linux support and a complete lack of support for agents on Android. 1C Connect And Circuit Access fell out of the tests next. The first would require too much effort from us to launch, integrate and have unnecessary functionality, while the second turned out to be “damp” and does not currently have agents for Linux.
We decide for ourselves that we will test the remaining three products: Assistant, PRO32 Connect And Rudesktop.

Analysis of service capabilities

So, the first one to go into testing was “Assistant” as one of the old-timers of the market. I won’t say that the UX and UI of the software gives me a wow effect, but the guys clearly worked hard to make it look good. There are quite a large number of settings for both the agent and the client. The software copes with the main tasks, the connection mechanics are familiar. User actions in the system are logged, but it is possible to integrate with various Enterprise systems, although without uploading to SIEM systems and APIs. The license itself is purchased for the number of active sessions and is unlimited. It seems like this is it, take it and be happy, you even have a FSTEC certificate. But that's where the advantages end. Connections drop out every once in a while, only a complete restart of the software helps, and the regular error “Connection timed out” makes not only your hair stand out, but also the first line of technical support. Elevating privileges on a remote OS works only once, the saved administrator password disappears after the first use, and the functions of the remote command line and task manager do not work at all under Unix systems, and the work of the developer’s technical support leaves much to be desired. At the same time, on MacOS the developer did not properly sign the software, the system complains and recommends deleting it. Everything is written on the website and in the instructions, of course, very colorful and beautiful, and there are many advantages, but with such pricing for the product, even with an educational discount, there is no desire to buy it. Fortunately, we do not have requirements for such software in terms of mandatory FSTEC certification, so we can consider the remaining software.


Choosing between the remaining candidates was a rather difficult and non-trivial task for us. Both products have all the features we need and even integrate with Telegram almost out of the box. They also meet all our requirements in terms of functionality, have a fairly pleasant and user-friendly interface, and are easily and transparently scalable.

Let's look at the pros and cons of each product separately, starting with Rudesktop. The solution itself is absolutely classic, although for some reason the dashboard and agent also comes with a personal account, in which you can’t really do anything, apparently, you need to test it together with their UEM system. The first impression you get from using it is that everything is right according to the canons, as bequeathed by TeamViewer, which left us. There's not much to grab onto. Connections to remote machines are stable, there is the ability to automatically adapt the quality of the transmitted image, which is important for our unstable clients, and even a night theme. Transferring files and folders is implemented quite conveniently, in the classic “Total Commander” format.

Of course, the product is still raw; judging by the dates of registration of rights to the software and entry into the register, the guys have been on the market for a little over a year. We quite often encountered problems with increasing rights in the system and connection failures. There have been cases when one or another functionality was simply disabled during operation. I was very pleased with the scheme for adding computers to the address book: this can only be done by connecting to a remote computer. We haven’t figured out why and why this was implemented exactly this way. Most of the errors we received were with Linux versions of operating systems. This certainly raised many concerns regarding the further use of the software. In a combination of factors, until the end of the tests, we had the feeling that a German car had been taken away from us and put in its Chinese counterpart. It seems like the buttons and functions are the same, it does its job, but something is wrong.

That's how we got to our last candidate for the role of remote assistant – PRO32 Connect. When we first looked at the materials on the product, we had many questions about why it was done this way. Yes, of course, access to remote devices from a browser, in fact, from any device is captivating, but automatically I really want to see the usual dashboard, although the developer also has one, though it’s still in beta format, and not a personal account on the WEB. Installing the server part does not raise any questions in principle and takes a minimum of time, just a couple of commands and you have a ready-made server on docker containers.

Graphics and UX\UI deserve special praises from the developers, everything is in its place and intuitive. Technically, two technologies are responsible for broadcasting images from a remote screen: WebRTC or WebSocket, depending on the type of connection. In our rather complex and distributed network, both options performed very well and stably, regardless of the type of connection of the remote device to the Internet. We have several Android devices connected via a regular 4G modem, and the connection to them was quite stable even despite the weather's attempts to interfere with our tests.

Separately, I would like to note the non-standard mechanics of connecting to a remote device in the case of one-time or first support of a remote device. The software provides for the generation of a unique agent for a specific session, which allows you to avoid a number of questions about obtaining an access password from a remote user. At first, we were very surprised by this decision and were even outraged that the mechanism we were all familiar with, which had proven itself over many years, was simply missing. One of the first questions we received from a group of testers was: “What should we do with this link, we can’t dictate it over the phone.” But, having studied in detail the proposed options for connecting and transferring all access, it became clear that connecting this way is much easier and faster than getting an automatically generated pair from an employee – login and password, especially if the latter contains not only numbers, but also letters of different register. In general, what the test group initially considered a problem turned out to be a panacea and a means of saving nerve cells.

I was also very pleased with the opportunity to use 2FA right out of the box, and in various versions from an email message to a notification in Telegram; as a bonus, everyone can force it on. In general, the additional functionality for integration with a bot in Telegram provides ample opportunities: exchanging files with a remote machine (as far as I understand, others still do not have such a function), generating sessions and various statuses about connections. I was also pleased with the built-in translator, on the one hand, this thing is not very necessary in our realities, on the other hand, the support guys immediately remembered our wonderful class with computers in Chinese, where we often had to fix something by touch and from memory. And if on Windows this was at least somehow feasible, then with the planned transition to Linux we had concerns that a class with hieroglyphs in the interface would create additional adventures for us. Although we were satisfied with the test results, we sincerely lacked time for longer tests, some more subtle options for customizing the software for managing roles (there are only three of them in the product), the ability to exchange not only files, but also entire folders, as well as the lack in the software functionality of the remote command line and task manager, although without them our technical support performs its functions perfectly.

How we made the final decision

Perhaps it’s time to move on to conclusions and conclusions. When choosing software, we paid more attention to its various features and non-standard capabilities, because in essence, most of the functionality in such products is standard, of the same type, and no one will reinvent the wheel here. Two very important things played a role in making the final decision for us.

The first is licensing and product pricing principles. Rudesktop is licensed according to the classic model, like all its foreign analogues, the main cost is the number of operators and the number of active sessions that these operators can create. PRO32 Connect has a slightly different approach – the license consists of the cost of the operator and the number of devices available, while the number of sessions per operator is not limited. Everything seems to be clear and transparent here. But the specifics of technical support work in a government agency tell us that any operator can simultaneously hold two or even three active sessions. Sometimes two people connect to one device to solve some problem, and if the number of devices and support operators I have is approximately fixed, then the number of simultaneous sessions is completely unpredictable and depends on too many factors and parallel events. You don’t even need to open statistics on support load during Covid-19, so everything is clear.

The second factor that played a decisive role in the choice of software, we found out through small “scientific” research that Rudesktop is in fact Russian only to a small extent and is built on the Open source project Rustdesk from “unfriendly” Singapore. We, of course, had our doubts at first and had to spend time studying the issue, but a detailed analysis was able to confirm our fears. But we cannot afford to sit and wait by the sea for the weather until the copyright holders close the project, or the Ministry of Digital Development will carefully check the software themselves, and even more so we cannot give state money for Open Source.

And the scales themselves tipped towards the desired choice. We found our tool for providing technical support, it became PRO32 Connect. Through thorns and many tests, he became the undisputed leader.

I hope this article was useful to you and will help you make your choice, but in the meantime I’ll go prepare a new series of articles on import substitution of hardware in an urgently tight timeframe.