Geek Speak

4 Posts authored by: dlink7

Supporting the Vendor

Posted by dlink7 Mar 24, 2014

Over the last three weeks my posts have focused around end users and remote support tools. This time I want to focus on vendors. In theory you should love your vendors that you work with, there are an extension of your IT team.  I know there are the new vendors trying to get new business and most people try to avoid them like the plague but there is an expectation to every rule. Most vendors have a genuine interest or at least in my mind of benefit of seeing their customer succeed.


One thing that can make or break a vendor relationship is remote support. Some vendors have remote support enabled on their systems so they can go directly to the box in question. I am a big fan of this but the paranoid folks are worried that security may be at risk and usually don’t allow it.  I know for Nutanix gear you can set a timer on how long you want the remote tunnel to last. It’s a good option if you’re worried about a vendor using his equipment as jump box.  I think if you’re dealing with a global company this option is great to help remove some of the language barriers that may exist with follow the sun support.


If you don’t have the option above the next step is the dreaded Webex/GoToMeeting.  For whatever reason in a time of crisis you can be rest assured you will be downloading the newest client and maybe even playing with a java update. Usually ok but doing console work is usually problematic for the person trying to give support.  My big beef is that it gets people use to accepting remote connections. Humans are easily fooled, self included so if possible I think it best to control access on your own terms. If at all possible if you can extend your current remote tools to share your screen with the vendor I think that is ideal.


What do you do for your vendors so they can support your gear on site? Give them a virtual desktop and only give access to their system? VPN with full access? Let them use their own tools?


Curious to hear peoples thoughts and if people think of this a security threat.

Last week I was asked about offline VDI.  I was taken back a bit because that hasn’t come in a really long time. My opinion has always been that if you didn’t have the Internet or a link to the database that installing the application locally wasn’t really going to do anything for you. Maybe I am just taking for granted that everyone has some form of high speed available today and if you don’t you’re in a place where you don’t want to be bugged anyways. The classic is, “what happens when I am traveling on the plane?”  Open Microsoft Office like the rest of us or watch a movie


Joking aside we’ve become really dependent on the network for work and delivering support.  Myself personally wouldn’t devote a lot of effort with unconnected users.  Maybe I am living off in Never Never land but I think too much time is wasted for the last 20% of use cases.  I would focus on getting my remote users the tools need to ensure the network was rock solid or at least they could connect easily.


For road warriors or the office user I really like RAP-3’s from Aruba. I was just leaving a place as their where getting implemented.  The fact that they can setup the VPN I thought was great. Standard enterprise tools could then used for supporting the users. The best part was not worrying about a flaky wireless connection at the other end. With the RAPs you could use 3G/4G to get them to connect to the Internet and all done.  I know Meraki has something similar but I don’t have any experience with them.



What tools do you provide for your remote users? Just VPN, VDI, nothing? Do people still have to worry about unconnected users?

Privacy issues\regulations are the worst that has happened to corporate IT. This my be a Canadian thing or related to working with unionized employees but those are two issues that have shaped my opinion anyways. Not sure how it affects other geo’s around the world but it seems like we have bent of backwards for the employee to the point of craziness.


I’ve always been more about getting the job done and worrying too much about privacy in the workplace. I am of the opinion if you don’t want people knowing what your doing, don’t do it at the work place.  I’ve used at least three pieces of software that required permission from the user before starting a remote control session. Most times it ended up in my using the local administrative account to bypass it. After 3 or 4 times of missing the user at their desk or the person that needs helps needs  go on “break “you just want to get the work done and move on.


From a virtual desktop perspective, I would always make sure I could use the vSphere console to mirror a remote session. By default if you’re using PCoIP the vSphere console would be black and then required some more hoops to be jumped through before you could help the user. To switch the behavior you could switch the registry key.


HKLM\SOFTWARE\VMware, Inc.\VMware SVGA DevTap\NoBlankOnAttach : DWORD: 1


Never had to deal with too many corporate polices with privacy but do know lots of people with a sense of entitlement. The reality is the employer has a right to track anything you do with a corporate device.


Has privacy gotten in your way? Is privacy really strong in your workplace?

I don’t deny that great remote support tools are needed.  It my IT career the best I’ve been able to muster most times is  RDP and the joy of combing thru the event logs for server support. On the desktop side of the house I’ve usually had the pleasure of some outdated MS product to work with because it was “free”. This is really sad since I’ve worked in healthcare and in oil & gas with healthy budgets. I am not sure why or how it became acceptable to have MacGyver based support tools or procedures when we would have just spent a healthy part of the budget on a product we now have to support.  I guess most times it has to do with new projects are sexy and exciting and support is not and relegated to the background. How does one go about changing the paradigm?


I think the first step is to figure out how much time your spending on support. Chances are it’s a lot more than you think. Studies find 70% - 80% of time in IT is spent keeping the lights on instead of moving the needle.  Even if you speed up support calls by 5% it could represent a fairly could chunk of money. 


BYOD is another chance to reinvent the support equation. Most support products are built for the land behind the corporate firewall. Having both support and the end user connect to a VPN is problematic. Having a support tool that can integrate to the business applications, traditional or SAS and connect directly to the user would be huge.


Some other things that would be core to helping out support would be:


  1. 1) Event and logging\correlation tools to present current service levels to a web page to prevent multiple phone calls from hitting the helpdesk
  2. 2) If the end user was submitting a ticket online, a downloadable tool would automatically do a self-diagnostics and submit results in the ticket. A part of this would be a network assessment.
  3. 3) Making departments fight for the after hour Service Level agreements
  4. 4) Location based printing so if the first printer is down it will redirect to the next closet.
  5. 5) Arm support with the same tools that the clients have. Seems basic but I’ve seen where the executes get MACs and the support team is on windows. Just makes life a little harder.


Is support the ugly duckling in your organization?  If you could help support what you do first? What tool would you buy to help the cause?

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.