Sounds like the install base of your product is growing large enough to warrant a single remote access solution. What kind of activities are performed by your Support personnel? Are they able to access the remote sites without coordination from the customer, or does it usually require a resource to activate and monitor the remote connectivity?
If the latter, sounds like you'd be better served by hooking up with WebEx, GoToMeeting, etc., so you have a single mechanism for providing remote support. If that doesn't work, there are other remote connectivity solutions that are more "agent" based that would support wake-up functionality, so your support personnel could access the endpoint without on-site coordination (if the customer allows). IMO, I'd start pushing for a single supported solution for future deployments rather than relying on the customer's current capabilities. We work with a couple of software vendors that require the deployment of their remote access software for support. Since you're dealing with multiple OS', you may have difficulty identifying a single solution to manage all of your patching, AV, software update requirements. You might need to look at something like Puppet that would allow you to automate various tasks against varying OS', but that would probably require a significant amount of scripting on your part. Just my .02. - Sean On Mon, May 2, 2016 at 2:01 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > All, > > $Company has a set of support engineers whose job it is to connect > with customer sites which run our product. There are over 50 of these > customer sites, and of course we hope to get more. > > Our systems at the customer sites are not normally the customers' main > set of IT resources, but are usually critical to their operations, so > their IT staffs have their own opinions on how to grant access for us > to their environments. > > Therefore, each site has different requirements for remote access, > having a multitude of different VPN units (Sonicwall, Juniper, Cisco, > etc.) and requirements for different brands of Antivirus installation, > and whether or not split tunneling is allowed, etc. > > Currently our support engineers are using 3 desktop machines with > varied OSes, and using a set of VMs running in VMware player, but not > nearly enough of them, so that there are frequent conflicts in the > configurations of the VMs, what with different versions of VPN and AV > software. > > I expect normally no more than 4 or 5 VMs to be in use at a time - and > usually only 1 or 2. > > My thought currently is to have a set of VMs (one per customer) on a > small cluster in a DMZ - our support engineers would be able to access > the host, start the required VM, and be on their way. > > My solution starts to run into conceptual problems, however, when I > think about how to power down VMs that aren't in use, and also how to > wake up VMs periodically so that they keep patches and antivirus > updates. Are there products our there for a given platform that will > detect VMs not in use and shut them down, and that will also wake > those not running, to let them get patches and AV updates, then shut > them down? I'm platform agnostic - we run both VMware (production) and > Hyper-V (DMZ) here, and I don't care which one I implement. > > Of course, whatever solution is proposed should detect machines in > use, and not shut them down. > > Thoughts, input, suggestions? > > Thanks, > > Kurt > > >
