Remote access vs remote desktop

Thought Leadership piece with Robert Hogg, Managing Partner, Ancero

Almost overnight the COVID-19 pandemic forced most organizations, large and small, to shift to a remote working environment. While some businesses had the solutions and policies in place to enable a seamless transition, many have been scrambling to figure out how to provide remote workforces with secure access to corporate systems, applications, and data.

While Ancero has been working with organizations to make the switch, we’ve learned there is a general confusion about the differences between remote working via virtual private network [VPN] and a remote desktop protocol [RDP] session.

Most consider a VPN and RDP to be the same. Although both provide a secure connection to resources on a corporate network for remote workers, a VPN and RDP are two very different solutions with distinct advantages and disadvantages. Let’s see how they compare so you can make an educated decision about which solution makes sense for your organization.

Virtual Private Network [VPN]

A VPN uses advanced encryption and tunneling techniques to create a secure internet connection between a user and a network. Business networks can connect with each other, and remote workers can access sensitive data from a business network without exposure to unauthorized users. This is obviously more secure than an open, public Wi-Fi network, which offers no such protection.

Because internet traffic and user identity are protected with encryption, VPN is technically a security solution, although it does enable remote network access, whether users are working from home, a coffee shop, or an airport.

The simplicity and cost-effectiveness of VPNs make them an attractive option.

There are several drawbacks, however, to keep in mind when considering a VPN as a remote work solution. First, VPNs generally require significant amounts of bandwidth. Files are transferred to and from your computer and the remote network so users can access and work with those files. Since the VPN does not compress or optimize data, file size can have an impact on performance.

Also, VPNs aren’t ideal for databases and line-of-business software applications, most of which were designed to run on a local area network [LAN] with enough bandwidth to support high speeds. Databases generally don’t perform well, or won’t run at all, over a VPN connection.

Finally, printing and scanning can be difficult depending on the type and size of the print job and the volume of printing and scanning activity. Specific firewall configurations are often required, and end users need to navigate driver files and other local computer settings to enable printing and scanning via VPN.

Remote Desktop Protocol [RDP]

RDP is a secure network communication protocol developed by Microsoft to enable the remote management of and access to virtual desktops and applications. RDM makes it possible for a remote user to not only log in to a network, but also to use network processing and storage resources by mirroring the graphical interface of the remote computer. By tapping into the cloud for RDP, you can eliminate the need to purchase and maintain dedicated server and storage systems.

With RDP, all processing occurs on the remote computer. Only screen images, keystrokes, and mouse clicks are transmitted across an RDP connection, which greatly reduces bandwidth requirements. In short, everything is happening on the network, while the user merely sees this activity via the RDP connection.

Unlike VPN, RDP typically enables users to access applications and files on any device, at any time, over any type of connection.

The biggest advantage of RDP is that you have access to network resources, databases, and line-of-business software applications without the limitations and high bandwidth demands of VPN. Because so little data passes through the connection, RDP is ideal for low-bandwidth environments. Printing and scanning are greatly simplified by the use of cost-effective utilities that help to automate jobs and overcome driver file issues. RDP also enables resource sharing, the use of multiple displays, and the ability to temporarily disconnect from the remote desktop without logging out of your applications.

Early versions of RDP had security problems, including a vulnerability that made RDP sessions susceptible to compromise by unauthorized users. Modern versions of RDP offer much more robust security features. No data is stored on the end-user device, which makes it easier to satisfy increasingly strict compliance regulations.

In addition to basic encryption and smart card authentication, newer versions of the Windows operating system are capable of identifying users who are authorized to access a network or system through an RDP session. Microsoft also provides the option to limit remote access to users with network-level authentication.

VPN or Remote Desktop or Both?

If your organization has no bandwidth-intensive data, no databases, and no line-of-business software, as well as limited printing and scanning requirements, a VPN solution is generally an effective solution. You should be able to remotely access network resources without performance or security issues.

If you need a wide range of processes, functionality, and capabilities that aren’t supported by VPN, an RDP solution is the better choice. Although RDP does require more time and effort to install and configure than VPN, the RDP environment will feel more natural to remote workers while requiring less bandwidth and minimal premises-based hardware. With RDP, remote workers can operate exactly as they would in the office without limitations. RDP can also be combined with VPN to provide maximum functionality and security.

If you’re concerned about the productivity and security of your remote workforce, contact us and lets’ discuss your current configuration and if you should be using a VPN or Remote Desktop, or a combination of both. We are currently conducting free virtual consultations to accommodate you.

Remote Desktop and Remote Assistance both allow remote control of your computer, but they serve different purposes.

Remote Desktop is designed to allow you to “take over” a computer as if you were sitting in front of it. I might use Remote Desktop to use a computer in another room, or one that doesn’t even have a keyboard and monitor attached.

Remote Assistance, as its name implies, is designed to allow one person to help another by accessing their computer — either to view or to control it — while the person being helped watches.

Let’s dive deeper.

Local versus remote

To keep things straight, we should define just what local and remote really mean.

In the discussion below, the “local” computer is the computer you have in front of you. The “remote” computer is a computer somewhere else — perhaps in another room, perhaps in another country.

Since much of the concern regarding Remote Assistance and Remote Desktop is security-related, we’ll try to keep it simple: the local machine will be the machine in front of you that you want to allow [or deny] someone else — someone remote — the ability to access.

Remote Desktop

Remote Desktop [sometimes referred to by the acronym of the underlying protocol, RDP or Remote Desktop Protocol] is best viewed as a way to “take” the screen, keyboard, and mouse of a local computer and use them on a remote computer.

The local computer must have Remote Desktop enabled, and be running the Remote Desktop service, which listens for incoming RDP requests. If your edition of Windows supports it [more on that below], you can enable Remote Desktop in Windows 10 by searching for “remote desktop settings” and selecting the option in the resulting dialog.

The remote computer runs the Remote Desktop application. Given a machine name or IP address, the app makes a connection to the machine being connected to. The remote user must sign in to Windows using an account on the local machine that has Remote Desktop privileges.

One connected and authenticated, the screen of the local computer switches to a login screen, and the current desktop is displayed in the Remote Desktop Application, where it can be used and interacted with as if sitting at the real computer.

The example above shows two screens. On the left is our local machine: a Windows 10 Pro machine on which Remote Desktop has been enabled. The machine on the right, the remote machine, is running the Remote Desktop Application connected to the machine on the left. The app is in full-screen mode, showing the desktop of the connected-to machine. At the top of its window, you can see a small toolbar with the name of the machine being connected to and additional controls.

The session can be closed either by closing the Remote Desktop Application on the remote machine or by logging in using the “real” screen and keyboard on the local computer.

Remote Desktop is ideal for accessing your own machines if they don’t happen to be nearby, such as in the basement, or if they don’t have actual displays and input devices attached. While it is possible to use Remote Desktop across the internet, it can be complex to configure. Remote Desktop really works best on local area or corporate networks.

Remote Assistance

Remote Assistance no doubt leverages much of the Remote Desktop technology, but for a different purpose: allowing someone to connect to your computer so as to be able to help you with something.

Remote Assistance must be enabled, though it’s generally enabled by default.

There are several ways to initiate Remote Assistance, but the most common is that the person wanting help — using the machine to be connected to — creates a help request file, transfers that file [by email or any other method] to the helper they wish to grant access to their machine. That person opens the file using the Remote Assistance application, which then attempts to establish a connection.

Once connected, the computer being connected to displays a password. That password must be entered by the person attempting to connect; it must be given to them over the phone, by text message, or some other method. Once they enter the password, the local user must approve their access, at which point the remote helper is allowed to view the computer desktop of the person requesting it.

In the example above, the user of the machine on the left — the “local” machine — has requested assistance. The user of the machine on the right — the “remote” machine — has successfully connected the Remote Assistance application to do so. The Remote Assistance application is showing the desktop of the local machine in a window on the remote machine.

Anything that happens on the local machine is shown on the remote. In this case, the local user clicked on the Start menu, and it’s shown on both.

A remote user can request control, meaning she will not only be able to view the local machine, but also use it as if she were at the machine — not unlike Remote Desktop. The local user must approve the request. Both the local and remote user can access the local machine, and both can see the screen.

Remote Assistance is useful for exactly what its name implies: getting help. It’s also useful for letting someone view your desktop as you do something, or any scenario where you might want to have someone view, or even interact with, your local computer.

Remote Assistance connections work across the internet as well as locally.

Remote Access, Remote Desktop, and Windows editions

Because Remote Desktop is listed as “unavailable” for Windows Home editions, there is some confusion. You can’t connect to a Windows Home computer, but the Remote Desktop app is present, and you can connect from a Windows Home computer to another computer that does support Remote Desktop connections.

Remote Desktop and Remote Access Video