Anything under RDPv6 doesnt support DirectX, because of how it works. Unfortunately v6 is only available in Vista at the moment. Even then I don't think I'd want to use it for ages...imagine the lag. Plus I dont think you can "drag" USB input controllers as you can with printers, etc.
I dont get the argument, what is the Apple+Microsoft Remote Desktop solutions if it is not VNC? It's the same thing it's just that one of them does not have a corporate logo stamped on it.
Its mostly to do with authentication (i.e. domain / local, or VNC's own - I'm afraid I've not kept up with VNC recently, but as far as I'm aware it still doesnt hook in to external auth servers?), and the level at which they operate. RDP works at either the low OS or the kernel level (depending on what its doing), intercepting the GDI stuff and making little jpg's for each unique item. VNC makes a screen shot of the entire screen - which is slower to update as you have to update the whole thing, every "refresh" (assumes that you're not running a hook driver for VNC).
Plus the other big advantage to RDP is that you dont have to be logged on as a console user (provided that you're connecting to a Windows server).
Edit: Ah, I see UltraVNC does Windows auth as well now, but the other VNC derivatives dont.
What security risk? Any technical support based installation of VNC or RDP should have user initiated invites.
When I connect to customer machines there isn't even a password... I put a password field into the application just to reassure customers, it isn't used !
As for VNC's system of sending the screen as an image, it portalises the screen so it doesnt send the whole thing. I can see the advantage of GDI hooks if you're just using Windows based applications - I wonder if Microsoft ever realised there's more to life than Windows... What happens in RDP if I remote access to 3dsMax running an OpenGL viewport? I've no idea and i'm not berrating it - i'm asking, because it sounds like it wont display the openGL viewport.
In any case the purpose of VNC is to see what is on the customers screen, not to recreate the problem at my end by hooking the system and recreating it.
From a support point of view I just dont see the advantages of moving away from an inhouse product to a Microsoft product one, or an Apple one, I hope that answers the original question
I came across this thread while looking for dedicated server / insim documentation, and noticed a few things being discussed on other issues.
For the curious, RDP was actually developed by Citrix, which was a breakaway group of OS/2 Egineers from IBM. They licenced the NT 3.51 source code for 350k and hacked up a console mux to emulate a multi-user environment like UNIX. It has been refined over time and is now quite mature, though windows will never really be multi-user without a complete rewrite. Citrix sold terminal services back to Microsoft for several hundred million dollars.
The real gem here is the ICA protocol which is extremely light, secure, supports encryption as well as OS hooks for authentication and authorization incuding PKI, LDAP or any other native authentication and authorization technology.
Now, I'm a UNIX guy for years and have been building multi-platform development environments since the early 90s, so I'm definitely not coming from a perspective of a microsoft fan. The RDP protocol is a world beater. VNC is free and OK for home use, but nobody working for me would be using it in a production environment. Were I the customer, I would be sure that authentication ties into some LDAP implementation or other, using the ICA protocol if remote console was necessary.
Then again if the customer needs someone to remote control their boxes for support purposes, they're screwed anyways, they just don't know any better. Do yourself a favour and require authentication. You don't need the responsibility of an incident falling squarely into your lap when it is discovered that you left a welcome mat on your customer's machines. Believe me, if there is an incident, it WILL land with you rather than the company. Having the cute invite required thingy is great, but dont bet your job on it.
Sorry Leachman, but your suggestion is less secure. The reason is you are still thinking traditional server/client. For true security you need to think backwards. It's this backward thinking that makes my way more secure, plus makes it easy to setup for my customers - just open the program and click (these are the key features I need).
You are thinking about authentication systems and password encryption and verification like somebody who works on big systems and networks. Perfectly understandable, but it means you are approaching the problem of security from the traditional direction, which to me is backwards, because I think out of the box.
My clients have no open security holes, no ports setup on their router (which is good because I cannot set that up for them with VNC and if I need to use VNC to get them to click stuff then they're not up to editing a router NAT table), and most importantly it leaves no services running on their computer.
I do all that at my end, my router points to an open port on my computer at work. When i'm on a support call the customer invites my router IP via my application, which forwards the request to my computer, which I only setup to listen when I instruct a customer to invite. I get a request pop up on screen and I then take control.
There's no service running at their end, they initiate the connection, I am the server.
It's backward, but it's way better than setting up authentication servers and NAT tables and all that other stuff you big systems guys love for no other reason than it confuses the hell out of small systems users... And it's that confusion which would defeat the whole purpose of using remote control for support purposes.
At the end of the day the biggest drawback of VNC is it is slower than RDP, but i'm using Apple + PC computers, VNC is fully portable between the two and most importantly, my application doesnt stay running after it's been finished with. RDP, whether Apple's (which is aweful) or Microsofts (which I havnt used) implementations use a traditional server/client model which is always going to be vulnerable unless you set up all the complicated hackable systems you are talking about ... because you can guarantee that somewhere somebody knows more about security than the pair of us put together.
You are saying that no authentication is better than authentication. You must work for a very small company with no overisght on your work. I would fire any employee of mine who placed the company and our customers at risk like that.
I am sorry, I tried to help you but this is going nowhere. I considered explaining why the above is exactly counter to a sane approach but I'm not going to bother. You realize that (without telling us much) you have informed us exactly how to compromise your solution?
EDIT: Just wanted to clarify something Becky. I'm not trying to attack you. Use what you like the RDP / VNC thing makes no difference. But for your own sake, consider having the service require a password at least. Good luck.
