This article originally appeared in TidBITS on 2014-04-16 at 1:26 p.m.
The permanent URL for this article is: http://tidbits.com/article/14678
Include images: Off

ITbits: Mac Remote Desktop Software Roundup

by David Koff

Never has there been a time in history when so many people have had such widespread access to so many computers. Most of us have computers at home and work, and one in every five people [1] now also owns a smartphone. And the number of devices we have access to is increasing as technology becomes ever more pervasive. That’s why it’s important to understand the one category of software that gives us access to our Macs even when we’re using some other computer: remote desktop.

Although long-time Mac users might remember when seeing a blurry remote desktop via an early version of Timbuktu was nearly magical, remote desktop software has matured tremendously over the past five years. Thanks to widespread, high-speed Internet access, centralized software as a service via the cloud, and the power of modern smartphones, today’s remote desktop software lets us control computers both on local networks and over the Internet. Let’s look at the three most common reasons why most people wish to use remote desktop software to better understand the power of today’s solutions.

  1. Telecommuting: For those who have separate home and work computers, remote desktop software allows us to control our work computers from any other computer via the Internet. That, in turn, allows us to check email from home (or on vacation, if absolutely necessary) as if we were sitting at our work computers, to use file-sharing capabilities on the company’s servers, and even to chat with co-workers. But remote desktop software isn’t just for our home or individual work computers: as a system administrator (someone who maintains hundreds of Macs), I’ve also relied on remote desktop software to control all of the servers I was tasked to maintain. Some remote desktop software applications (such as LogMeIn and TeamViewer) are so powerful that they don’t require any network or router configuration for the end user. Applications like these are ideal for people who need remote access at companies that maintain private, closed networks that don’t allow outside access.

    It’s important to note that as Internet security has become a top priority for most companies, some remote desktop software may be blocked by the IT department. In this case, logging onto the workplace network using a traditional virtual private network (VPN) allows most remote desktop software to work as advertised.

  2. Collaborating with Coworkers: In today’s workplace, the IT department isn’t the only source of technical assistance. Project managers, team leaders, software trainers, and subject matter experts can also leverage the power of remote desktop software to assist colleagues. With the right remote desktop software, team leaders can share screens during a conference call with colleagues; trainers can teach digital artists about the latest features in a new piece of creative software; project managers can demonstrate new protocols to their staff; and, of course, the IT department can fix problems on colleagues’ Macs. For coworkers on the same private network, remote access can save time and, more importantly, money.

  3. Supporting Friends and Family: Another class of remote desktop software is engineered to work across the Internet. That’s bad news for those of us who regularly receive phone calls from friends and relatives asking for “just a minute” of our technical time (those calls often turn into “just an hour”). It’s difficult to walk an unsophisticated user through troubleshooting a simple issue over the phone, but by taking control via remote desktop software, it becomes possible to solve some problems in “just a minute”. Unfortunately, that leaves us with one less excuse to help Uncle Harry when he calls for help with his email. For, like, the 15th time.

Underlying Technologies -- Let’s take a few moments to explain the technologies underlying remote desktop applications. This is important because some technologies trade ease of use for security. Plus, in some cases, getting remote desktop software to work may require activating a service on the Mac or logging into a router and opening ports to allow these services to function over the Internet. Since it’s always best to be informed in advance, let’s take a deeper look at the top four technologies that fuel remote desktop applications — two that provide security and two that make the remote connection possible.

With the uses of remote desktop and underlying technologies covered, let’s look at the best remote desktop applications on the market for Mac users. “Best” is of course subjective, so I’ll try to explain why I recommend specific apps for particular situations.

Built-In Mac Options -- Apple includes several remote desktop applications in Mac OS X, including Screen Sharing, Back to My Mac, and Messages. But don’t assume they compete with one another, because they’re all useful in different situations.

Screen Sharing is a VNC client built in to Mac OS X since 10.5 Leopard that works exclusively on Macs and operates best between two Macs on the same local network. (It’s possible to use Screen Sharing across the Internet, but doing so requires specific router configurations and is a bad idea from the security standpoint, since Screen Sharing is based on VNC.)

Those who work on enterprise networks will recognize Screen Sharing as a scaled-down version of Apple Remote Desktop [5] (also known as ARD), Apple’s full-fledged remote management software.

Screen Sharing is one of the easiest remote desktop applications to set up and use. First, ensure that the target Mac has the Screen Sharing checkbox selected in the Sharing pane of System Preferences. Then, on the other Mac, open a Finder window, select the target Mac in the sidebar under Shared, and click the Share Screen button. (If you know the server’s IP address, you can also enter vnc://XXX.XXX.XXX.XXX into Safari’s address bar or into the dialog that appears when you choose Go > Connect to Server in the Finder.) Enter an appropriate username and password and presto: you’re using the other Mac as if you’re sitting in front of it. To make quick connections even easier, check out Stefan Klieme’s $1.99 ScreenSharingMenulet [6], which puts an icon in your menu bar listing the Macs you can control.

[image link] [7]

If direct connections via Screen Sharing are a poor choice for remote desktop use over the Internet, what’s better? The Back to My Mac service, which also debuted with 10.5 Leopard, since it solves the discovery and security problems, enabling Screen Sharing to connect to Macs elsewhere on the Internet securely. While Back to My Mac used to be part of a paid .Mac or MobileMe subscription, it is now free with iCloud.

As you might expect from the name, Back to My Mac works only with Macs, but there are additional requirements as well. Each Mac must:

[image link] [8]

But there’s more. You must have a router that supports either Universal Plug and Play (UPnP) or NAT Port Mapping Protocol (NAT-PMP). For an Apple AirPort base station, you don’t need to do anything unless you want to access files on a connected hard drive. In that case, you need to log in to your base station with AirPort Utility and enter your Apple ID and password into the Back to My Mac interface. But if you have a third-party router from Linksys, Netgear, or the like, it could be significantly more difficult, and you’ll need to refer to your router’s documentation. Apple has a support document that may help [9].

[image link] [10]

Messages is the instant messaging client that first appeared in 10.8 Mountain Lion, succeeding iChat from earlier versions of Mac OS X. While the program is best known for sending and receiving chat messages, Messages can also share a Mac’s screen [11] or prompt someone to share their screen. In theory, Messages is thus creating a zero-configuration remote desktop session which requires only a request and approval on each side, making it much easier than having to configure a router.

In practice, however, there are several gotchas. Messages screen sharing works only if you’re chatting with the other person via AIM, Jabber, Google Talk, or Bonjour, but not Yahoo or the most likely option, iMessage. Worse, while Messages-based screen sharing works well over local area networks using the Bonjour service, it doesn’t work as well across the Internet. And it won’t work at all if you have a laptop connected to an external monitor with the lid closed. So, if it works for you, great, but don’t get your hopes up.

Additionally, Messages screen sharing isn’t based on VNC; nor does it use IPsec or SSL/TLS for security! Rather, it uses an older chat client protocol developed ages ago by America Online called OSCAR [12] (Open System for CommunicAtion in Realtime — yes, it’s stretching a little for the acronym).

LogMeIn -- One of the most popular and well-respected names in the remote desktop space is LogMeIn [13]. LogMeIn has long offered a series of Web-based applications that use SSL/TLS to enable secure remote desktop capabilities for Macs and PCs, with the base level being free.

On 22 January 2014, however, the company discontinued its popular LogMeIn Free application, which allowed users to use remote desktop on up to ten different computers for no charge (see “LogMeIn Dropping Free Service [14],” 21 January 2014). Why the sudden change? The company most likely realized that it was providing one of the best services in the technology world for free instead of charging a reasonable fee.

LogMeIn’s services are among the best and easiest to use in the space. The company now offers LogMeIn Pro [15], which lets you access up to two computers starting at $99 per year, and LogMeIn Central [16] for remote desktop services on up to 100 computers, starting at $299 per year. In addition, the company makes smartphone apps for both iOS and Android; the apps are free with any paid subscription. LogMeIn has a variety of other products and services, but honestly, Pro and Central are the most popular.

LogMeIn’s software is dead simple to use, requires no router configuration, and runs via either the LogMeIn Web portal or the company’s Ignition desktop application. For those seeking high levels of security, LogMeIn documents how its applications are HIPAA-compliant [17]. This level of security allows for the application’s usage when dealing with computers which hold medical records. However, a careful examination of the LogMeIn documentation reveals that HIPAA compliance varies for each of its products, so be careful if that’s important.

GoToMyPC -- LogMeIn’s most noteworthy competitor, GoToMyPC [18] is owned by the venerable technology company Citrix. Like LogMeIn, GoToMyPC is a Web-based application, relying on SSL/TLS to ensure secure remote desktop sessions between any two Macs or PCs. Also like LogMeIn, GoToMyPC offers free smartphone apps [19] for both iOS and Android devices, along with an app for use with Amazon’s Kindle Fire.

Where the company really sets itself apart from LogMeIn, however, is with its emphasis on security. LogMeIn does fine, but GoToMyPC [20] takes security several steps further. Its Web application provides for screen blanking and keyboard locking and dual-layer strong passwords, and — in its Corporate application — GoToMyPC is both HIPAA- and HITECH-compliant [21], meaning that the software can legally be used on computers that have access to patient medical records. By comparison, LogMeIn doesn’t advertise its product line as being HITECH-compliant, which involves further requirements. But you’ll pay for GoToMyPC’s enhanced security. Remote desktop access for just one computer using the Personal or Pro plan is $10 per month or $99 per year, with no multiple machine discount.

CoRD -- While Microsoft’s free Remote Desktop Connection [22] is usually the first application a Mac user would think of when needing to control a PC remotely, it’s not the best option currently available. CoRD [23] is a free, open-source application that is both easier to use and faster.

Getting started with CoRD, as is the case with all the remote desktop solutions discussed in this article, requires some amount of setup to permit access. In this case, the remote desktop protocol must be enabled on the target PC. On Windows 7, look in Control Panel > System and Security > System > Allow Remote Access. You can then select which kind of access to permit.

[image link] [24]

[image link] [25]

Once that’s done, CoRD works flawlessly for machines on the local network. Notably, it can display multiple connections in a single window, so IT professionals who need to monitor or control various PCs from their Macs can do so in one unified window in CoRD.

But what if the PC in question is on another network, another building, or another country? For those looking to control a remote PC over the Internet, CoRD will work fine, but you’d need to configure the router managing the target network to forward TCP port 3389 to the IP address of the target PC in question. For personal use, that’s probably fine, but for larger institutions with valuable data, I’d suggest a more secure and robust solution involving a VPN.

TeamViewer -- A proprietary remote desktop application, TeamViewer [26] is used on (the company claims) over 200 million computers at some of the largest companies in the world. Perhaps for good reason: it works on Mac, Windows, Linux, and nearly every popular smartphone operating system; it lets the user control multiple computers within one window; it offers copy and paste between computers; and it even enables you to wake a sleeping computer on another network. Like LogMeIn and GoToMyPC, TeamViewer is easy to install and setup works over the Internet without needing to configure or port-forward any routers.

Even better, for those who need something simple to use with friends, family, or at home, Team Viewer is absolutely free. Otherwise, one-time fees run $749 (Business), $1,499 (Premium), or $2,839 (Corporate), depending upon what features you need (verify that all stated features are available for the Mac; the feature list on the licensing page [27] focuses on Windows). Considering there are no ongoing fees, the prices are reasonable for businesses looking for a unified remote desktop solution.

On the security front, TeamViewer uses a proprietary system, but does disclose that it’s based on RSA public/private key exchange and 256-bit AES session encoding [28], security technologies comparable to SSL/TLS. TeamViewer also offers ISO 9001 certification, two-factor authentication, and prevention of “man in the middle” attacks, and can be configured to be HIPAA-compliant. Which is to say, it’s a robust solution both for individuals who might need to use it occasionally to help a family member and for large corporations with strict security policies.

Mikogo -- I haven’t spent a lot of time with Mikogo [29] and few people I know in the system administrator community have even heard of it. But that shouldn’t stop you from taking a closer look. Mikogo sports a number of meeting-related features, such as screen recording, multi-user whiteboard, voice conferencing, presenter switching, per-application window sharing, and multiple monitor support. But it also provides full remote desktop support for remote control.

Mikogo runs on an impressive number of platforms, including Mac, Windows, Linux, iOS, and Android (but not Windows Phone). It’s free for private use, and has creative pricing options [30]: either monthly fees ranging from $13 to $78 or a one-time flat fee of $312 to $1,872. Security is solid, with ISO 9001 certification and 256-bit AES encryption, and the Mikogo Web site is secured with 128-bit encryption using SSL/TLS. And Mikogo’s HTML Viewer makes nearly all of its functionality work on any device running any Web browser.

My Recommendations -- A little boggled by all the technologies and solutions? I understand; it’s a complex topic. To help cut through any confusion, I’d like to offer recommendations for specific scenarios. Obviously, different people require different tools for different jobs, but I base my recommendations here on three factors:

With that in mind, here are my top picks.

VNC is a simple but somewhat insecure remote desktop protocol. Because it’s an open protocol, many companies make their own VNC software. As a longtime system administrator, I’ve used numerous different VNC applications. In preparation for this article, I re-sampled the current versions of RealVNC, TightVNC, and Chicken of the VNC, all of which I’ve run previously. To be honest, I’ll probably never use any of them again. They all work, but they’re clunky, not intuitive, and sometimes require software to be installed and configured on both the host and the target Macs. Who wants all that extra work?

Apple’s Screen Sharing application is already built into every version of Mac OS X, so not only is it totally free, it’s already installed! To understand how to best use Screen Sharing within two minutes, read Apple’s Share Your Screen tech note [31].

Now that LogMeIn is no longer free, TeamViewer has become my preferred solution for anyone who needs a secure, easy-to-use, and totally free remote desktop application. TeamViewer works over the Internet, requires no router configuration, and sets up within minutes between any two Macs, PCs, or Linux boxes. The free version — available only for private use — is the same application used by sysadmins who need to manage hundreds of computers, so it’s a powerful enterprise-level solution as well. This one is a no-brainer.

I’m surprised by my recommendation for this category, given that I’m a longtime LogMeIn user. At $299 per year, LogMeIn Central appears to offer the best price point for those needing to provide remote desktop access for up to 100 Macs or PCs, with solid security. However, LogMeIn charges yearly for its service, making it more expensive than TeamViewer’s flat rate cost of $749 within three years.

Add in TeamViewer’s industry standards-based security and cool meeting-related features that enable the software to act like a digital meeting center (similar to WebEx [32]) and TeamViewer becomes the clear choice. The icing on the cake: TeamViewer runs on more desktop and mobile operating systems than LogMeIn, so companies can feel secure in purchasing a solution that will work with most current standards.

Cord is easy-to-use, lightweight, takes only minutes to set up, and is totally free. When used with computers on the same network, it requires no router configuration. But what makes it the clear application choice for those needing to control several PCs from a Mac is its capability to combine multiple remote desktop sessions into a single tabbed window.

Think I’ve missed a first-rate tool? Post in the comments below or get in touch.

[1]: http://www.businessinsider.com/smartphone-and-tablet-penetration-2013-10
[2]: http://en.wikipedia.org/wiki/ITU_Telecommunication_Standardization_Sector
[3]: http://msdn.microsoft.com/en-us/library/cc240772.aspx
[4]: https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12&at=10l5PW
[5]: http://www.apple.com/remotedesktop/
[6]: http://www.klieme.com/ScreenSharingMenulet.html
[7]: http://tidbits.com/resources/2014-04/Enable-Screen-Sharing.png
[8]: http://tidbits.com/resources/2014-04/iCloud-Back-to-My-Mac.png
[9]: http://support.apple.com/kb/HT4907
[10]: http://tidbits.com/resources/2014-04/AirPort-Utility-enable-BtMM.png
[11]: http://support.apple.com/kb/PH12036
[12]: http://en.wikipedia.org/wiki/OSCAR_protocol
[13]: https://secure.logmein.com/
[14]: http://tidbits.com/article/14453
[15]: https://secure.logmein.com/products/pro/
[16]: https://secure.logmein.com/products/central/
[17]: https://secure.logmein.com/welcome/documentation/EN/pdf/common/LogMeIn_HIPAA.pdf
[18]: http://www.gotomypc.com/remote-access/
[19]: http://www.gotomypc.com/remote_access/mobile_remote_access
[20]: http://www.gotomypc.com/remote-access/
[21]: http://support.citrixonline.com/en_US/gotomypc/knowledge_articles/000021927?title=Is+GoToMyPC+HIPAA+compliant%3F%7D
[22]: http://www.microsoft.com/en-us/download/details.aspx?id=18140
[23]: http://cord.sourceforge.net/
[24]: http://tidbits.com/resources/2014-04/Allow-Remote-Access.png
[25]: http://tidbits.com/resources/2014-04/Allow-Remote-Assistance.png
[26]: http://www.teamviewer.com/
[27]: http://www.teamviewer.com/licensing/
[28]: http://www.teamviewer.com/en/res/pdf/TeamViewer-Security-Statement-en.pdf
[29]: http://www.mikogo.com/
[30]: http://www.mikogo.com/pricing/
[31]: http://support.apple.com/kb/PH11125
[32]: http://www.webex.com/