We develop and deploy data collection from remote, inaccessible sites located around the world. Thus we need to have highly-reliable methods of remote control. This is accomplished in part by Intel vPro enabled computers, allowing remote power down, reboot, and even reinstall the operating system remotely from a HTTP vPro internal webserver.
Remote PC control checklist:
- Intel vPro motherboard
- Certificates to control vPro (don’t rely on passwords for full PC control!)
- Clonezilla DVD in DVD drive
- Clonezilla HDD image on Blu-ray in drive or USB HDD / flash drive
- Hardware Firewall to not expose vPro ports to outside world.
Commercial remote desktop: SSH port forwarding and RDP, but what about those who want to use LogMeIn or the like?
- Commercial remote desktop services such as LogMeIn are typically more secure on a Windows PC than just leaving port 3389 open to the internet.
- LogMeIn has convenient apps for smartphones and from a web browser
The downsides of LogMeIn-type commercial services have philosophical and practical aspects.
- Commercial services typically use proprietary (non-open-source) technologies for the central server and/or securing the connection. Open source choices are using perhaps the same technology but open to world-wide security reviewers.
- The convenience of commercial services (centralized server making the connections) is seen by some as a weakness, since it could have unknown hackers as employees, could shut down their server, raise prices, etc.