VPN or CItrix for support staff

Firstly I will openly confess I am not a network admin.

A couple of questions though around remote access for admins/support and remote access for users:

1) Is it common that remote support vendors would use citrix over VPN for remote support, say for example if they support an internal application you use?

2) Or is citrix more geared towards user remote access rather than remote IT support/admin?

3) What is the difference between citrix/VPN or is citrix a form of VPN?

4) Are there any limitations of using citrix for remote support, or areas where another solution is typically better.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Elmar KoschkaSenior System EngineerCommented:
VPN=Virtual Private Network

Citrix dont use VPN. You can support users without VPN. Citrix, Teamviewer and so on are tools for remote Support.

With this tools you can view the monitore from user or server and make support live.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tony JohncockLead Technical ArchitectCommented:
Hi - answers below your questions:

1) Is it common that remote support vendors would use citrix OR VPN for remote support, say for example if they support an internal application you use? Not so common to put Citrix OVER VPN for remote support, but can be done for sure.

Very common. It saves time getting a support engineer onto site and allows for much easier troubleshooting and problem resolution.

2) Or is citrix more geared towards user remote access rather than remote IT support/admin?

Given the cost of it, it is generally more widely used for remote access - putting it in just for a few remote access support users tends to be prohibitively expensive.

3) What is the difference between citrix/VPN or is citrix a form of VPN?

Well if you're referring to Citrix XenApp - this is a mechanism for delivering published desktops and applications to users. One major advantage of Citrix over a VPN is that you can control access down to an individual application whereas a VPN solution tends to give full network access.

4) Are there any limitations of using citrix for remote support, or areas where another solution is typically better.

I would generally not use Citrix _just_ for a remote support option due to the expense and possible additional complexity. Plus the application(s) in question may not support the latest 64-bit only version.

On top of that, the app needs installing onto the Citrix server or you use that as a jumpoff and allow RDP into the application server.

Or you could simply provide RDP access into your environment (not the most secure mechansim as nothing is encrypted).

OR you could provide a RD Web portal and then control application/RDP access to resources in a similar way to Citrix using just RDS licenses and this ensures a similar level of security and encryption as a Citrix solution at a much lower cost (if you use Citrix you also need RDS CALs on top).
pma111Author Commented:
Ok thanks, so what technology and archtiecture is behind a VPN solution? Are there common providers of VPN technology? What is installed on the remote clients and network infrastucutre to make VPN "happen"?
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

pma111Author Commented:
So VPN is typically cheaper than Citrix?
Tony JohncockLead Technical ArchitectCommented:
A VPN can be provided by some DSL switches or there may be an endpoint such as a dedicated device or server.

I've seen it implemented quite trivialy on a Windows XP desktop as this is significantly easier to set up than say Windows 2008 R2 for non-experienced staff.

VPN functionality may well be built into your firewall or router at the edge of your network.

There really are several options.
Ayman BakrSenior ConsultantCommented:
Another great way for remote vendor support and cheaper is using a form of web session like:


These solutions will allow the vendor to have a remote session on the client and control the mouse and keyboard depending on the level the client will allow. Such solutions are suitable where security is a concern and you want to give restrictive access to the vendor, i.e. you don't want the vendor to have a wide access to your network like in a VPN.
Tony JohncockLead Technical ArchitectCommented:
Teamviewer and Logmein are also very good - web based, SSL encrypted and free.
VPN is the cheapest solution. Citrix is just some layer to provide services/sometimes network services too.

You can easily create a VPN connection even on a Microsoft Server (Routing and RAS).
Ayman BakrSenior ConsultantCommented:
Solutions like GoToMeeting, GoToAssist or Webex are invitation based. Usually will be owned by the support and for the client it will cost nothing.

This is how it goes:

1. Support Vendor sends an email invitation for the session

2. Client clicks the link and the session starts

3. Client would give mouse and keyboard control to the vendor (shared control, i.e. also the client can take control by moving the mouse or typing on the keyboard)

4. When finished the client can stop showing the monitor and the session would be ended.
Please note that Citrix is more than a VPN. They both should not be compared. Application Virtualization is the main focus of Citrix Xenapp and Desktop Virtualization with Citrix xendesktop. Xenserver for server and so on.. If you plan to virtualize all applications for users around the globe and who will access from anywhere, any device, without conflicting their local desktop apps, and need a secure way of application delivery, then Citrix with Access gateway should be considered over VPN.

If you do not have the above requirement and only need a remote access to all  local resources from branch office to others, vice-versa and no need of application virtualization then you can skip Citrix and focus on VPN products.
In addition to the rest of the comments, I'll add more that should help :-)

1. Citrix - this is a very *broad* umbrella that consists of a large number of technologies.
VPN - this can be done by Citrix Netscaler's - it can provide an excellent SSL based VPN
VPN - this can also be done by Citrix Access Gateway providing an SSL based VPN
GoTo* (Meeting, Webinar, Assist etc.) - this is a set of remote access technologies adapted to a wide variety of circumstances.  This is very suitable for Remote support
XenDesktop - An excellent solution for providing individual desktop access to users.  It supplies a wide variety of technologies well aimed at the enterprise, and contains the best USB device support for remote clients.  It uses a modified version of ICA for presentation
XenApp - the 'grand daddy' of them all.  It provides the foundational version of ICA for presentation and uses servers to provide applications/desktops to a number of simultaneous users.  It has USB support, but due to the nature of USB and USB detection, the number of devices is not as robust as XenDesktop

For Vendor support, I definitely prefer the ad-hoc session capabilities of things like GoToMeeting/GoToAssist, WebEx etc.  As a side note -- unless things have changed, TeamViewer is only free for personal use, and is *not* free in a corporate environment.

The other consideration is what your vendor wants access to.. in 99% of cases, GoTo* or WebEx will work just fine and give you pretty solid control of what they can do or not do.  Of course it does require your involvement to launch the session.

The other technologies require you to set up AD accounts for them, and treat them as any other user - all of the management pieces are required, and you are giving them basically 'invisible' access to your network (or some piece of it).

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.