Investigating GoverLAN
-
Anyone familiar with GoverLAN? A friend on SW pointed me over to this product to investigate. Works with Windows, Mac OSX and Linux. Even has a free version. Has some cool AD and XenApp integration features.
Here is what I was told: It's an agent based monitoring tool that ties in with AD for simple ADUC management functions. I don't think it requires AD, but I'm not sure how you would navigate your machine/users view otherwise. Either way, you can manage all ADUC properties for machines/users. Additionally, you can build "script packages", reports, scheduled events, custom actions (need to install a printer and set it to default on 30 machines that have users w/o admin privileges? 5 minutes.) and save them all for you or your team to run again or use as the base for another package. You can also easily browse the admin share, pull up a remote console or run a program as a different user on the target or host machine. Uninstalling and installing software is a breeze and it makes short work of pushing the install packages to the machines you select. There's a lot more, but I think you get the gist.
If, after all this, you still need to remote onto the machine - it's quick and easy. If you had this on a laptop with your VPN, you could remotely manage any computer on your network (as long as you supply the appropriate credentials) that you have the agent installed on. If the agent isn't installed you can click the "install agent" you're good to go in just a few seconds.
There is a way to get remote access to a machine that's not on the LAN, but they have to request the connection.
It's also a perpetual license. $800/tech. After an extended 60 day trial I was sold.
-
wow - this sounds cool!
Deploy software alone almost makes it worth the $800
-
I picked it up a few months ago and it's really pretty amazing.
Their goal with remote administration is to have screen sharing be a last resort to solve problems. You can view and edit control panel items like installed printers, mapped drives, etc and view the task manager without interrupting the user at all.
Over the past year they've been focusing on making their product better for people getting their feet wet with PowerShell. One example pointed out in the sales demo I went through is that you can build PowerShell scripts that only affect the local computer, then use Goverlan to define the scope and run it locally on each computer.
I was able to deploy it for a nonprofit space due to the glorious renewal pricing - $80/year for major upgrades, which tend to come out every few years based on their past releases. Their support plan is also $80/year.
The only caveat I have found is that all of the coolest features only work if you're connected on a private network - they don't let you manage drive mappings for someone over WAN. For remote user assistance, people here have two options: Use Goverlan's "request assistance" program, where the user initiates the assistance request and a popup appears on your admin console to accept/decline, or just use ZeroTier to extend your private network.
-
I won a license for GoverLan (v8) last year, but I really haven't used it for much more than remote control. Are these new features in v9? Or have I been under utilizing this program?
Caveats for purchasing the software: support is not free. You have to buy support, and their online KB is pretty slim.
-
Did you get the whole admin console or just the remote control portion? We have v8 over here as well.
-
@WingCreative I think just the remote control version.
-
@WingCreative said:
The only caveat I have found is that all of the coolest features only work if you're connected on a private network - they don't let you manage drive mappings for someone over WAN.
That's the impression that I got. What to us would be a "legacy" network. We've moved away from the LAN concept completely. I know tons of places still use it, so this could be very useful, but for us it's no longer viable.
-
Thanks for the invite! I spoke with one of the sales reps at Goverlan this morning and he cleared up some of the questions you had.
First, I was told that this system was designed with "the enterprise" in mind, so it definitely requires a VPN or LAN connection at this time. I figured this was the case, even though there is a method where a user can "request" a remote session by opening a RAR (remote assistance request) token, confirming the request and then initiating it. It would then go back to you and then you're connected over the WAN. There are some port forwarding rules that need to be in place on both ends before this can take place, though.
This...isn't exactly ideal. Especially for some MSPs or even some SMBs that don't have a VPN that their tech can connect to the LAN with. So, in early Q2 they are introducing a new method of connecting to machines without LAN/VPN connectivity. It's basically a proxy setting on their Central Server that allows the connection between the client & tech over the WAN. I'm not too knowledgeable on proxies, so I won't stick my foot in my mouth further than I can pull it out. They did say they aren't sure how pricing will work on this, so maybe someone should reach out to them and let them know that MSPs should be moving away from VPN/LAN and that their pricing should reflect their acceptance of this as risk management/mitigation.
The application itself is installed on and run on the machine that the support tech will be using most. We have two licenses here, so I can install it on up to 4 machines. Their central server can be put in place to distribute client settings, audit sessions, control access, etc...You can also share settings, scripts and custom actions with your colleagues if you set up the central repository that each machine/user can access.
The application doesn't require AD to work. You can actually go through and setup your own containers with IP address scopes or by site. The management & remote features would still work the same as long as you can authenticate on the client machine.
Scott, if you're interested in trying it out you should reach out to them and ask to put their proxy to the test.
As a side note: I don't work for Goverlan or get any perks for pushing their kit. I just think it's really helpful and enjoy sharing what I find handy.
-
Looks like something to look into soon.
-
@The-A-Train said:
First, I was told that this system was designed with "the enterprise" in mind, so it definitely requires a VPN or LAN connection at this time.
This goes against my recent writings that the LAN is a legacy concept and being phased out for security and flexibility reasons. In the California IT scene, the LAN is already not the norm. The east coast IT scene is much more traditional, but as the LAN becomes increasingly unnecessary I see "enterprise" very much not the term for this model. Enterprises are the ones best equipped to move to more modern structural models.
-
@The-A-Train said:
Scott, if you're interested in trying it out you should reach out to them and ask to put their proxy to the test.
As both a company with a modern architecture AND as an MSP, they don't meet any of our needs, I'm afraid. Sounds like for internal IT departments on a single forest that have invested in AD and are relying on the LAN design it offers a lot of value. But for the MSP space, this wouldn't work. VPNs between MSPs and their customers is a very bad thing.
I have some articles at press about how dangerous that is in the MSP space. It doesn't just make for high cost, low quality interactions it causes MSPs to be exposed to their customers and vice versa which, in turn, exposes all of their customers to each other. It's the IT equivalent of lice in kindergarten.
-
@The-A-Train said:
The application itself is installed on and run on the machine that the support tech will be using most. We have two licenses here, so I can install it on up to 4 machines. Their central server can be put in place to distribute client settings, audit sessions, control access, etc...You can also share settings, scripts and custom actions with your colleagues if you set up the central repository that each machine/user can access.
Could be cool, they have a lot of tools that if they could be centralized and not cause "cross contamination" could be very MSP useful. They need to get to a model like most of their competitors where you run in a datacenter and agents reach out and create the connections and allow for seamless, unexposed connections from anywhere, to anywhere.
-
@scottalanmiller said:
Could be cool, they have a lot of tools that if they could be centralized and not cause "cross contamination" could be very MSP useful. They need to get to a model like most of their competitors where you run in a datacenter and agents reach out and create the connections and allow for seamless, unexposed connections from anywhere, to anywhere.I think this is what they are trying to do with their proxy connection. I'm not sure if it would clear up the cross contamination, but it would eliminate the need for an actual connection to the client's network.
Do you have any links to your articles concerning MSP and VPN? I'm interested in learning more about the West-coast way.
-
@The-A-Train said:
Do you have any links to your articles concerning MSP and VPN? I'm interested in learning more about the West-coast way.
It's waiting for the editor to publish. I just looked and it hadn't gone live yet.
