Computerworld: Hands on with Apple Remote Desktop 3

Apple last week announced Apple Remote Desktop 3 (ARD 3), the latest iteration of its desktop management software. ARD 3 is a Universal application optimized to take advantage of newer Intel-based Macs and makes the administration through ARD available to Mactel machines for the first time since their launch earlier this year. “If you have a network of Macs,” said Eric Zelenka, senior product line manager, “ARD 3 makes managing that network of Macs as easy as managing one machine.”

ARD 3 takes advantage of improvements in Mac OS X 10.4 Tiger to enable features such as remote Spotlight searching. Just like Spotlight on a local machine, the search features in ARD have been upgraded to include Spotlight and all its benefits. ARD 3 also includes the Remote Desktop Widget, which allows an administrator to monitor the standard view of machines using a Dashboard widget rather than launching the full application. If the administrator then double-clicks on a machine icon in the widget view, ARD 3 is launched.

The software distribution system in ARD 3 has been significantly enhanced over the last version. In addition to being more efficient in terms of the time needed to complete tasks and perform network copy operations, ARD 3 enables bandwidth throttling and scheduling, two features that any busy network and network manager can appreciate.

The most significant improvement is the addition of the Task Server, which enables scheduled tasks and load to be distributed appropriately. When remote users log into the system, updates are automatically delivered to their machines following the order scheduled by the administrator and using only the allotted bandwidth.

In terms of asset management, ARD 3 offers a useful enhancement. Many applications use what is known as concurrent licensing which allows an organization to install the application on all its machines but only use an allotted number of licenses at any particular time. Tracking this usage has always been a daunting task for an administrator. That’s especially true when end users ask for an application because they expect it to be available to them, leaving the system manager with no idea if or when the software is actually used.

To help sysadmins more efficiently manage their licensing costs, ARD 3 introduces Application Usage metering and user history reports, where the frequency of application usage and user identity can be tracked, reported and analyzed.

The included Automator actions for common repetitive tasks are a welcome addition to ARD 3, as are the pre-populated UNIX commands.

Using a SQL database to store all the machine information makes reporting much simpler and allows Web-enabled access to that data. In effect, an administrator can automate or offload reporting to other parts of the organization. I love the fact that you can transfer the clipboard back and forth using two designated buttons.

The ability to remote drag-and-drop files to a remote machine graphically rather than needing to specify the copy path, will make support easier for many sysadmins. I don’t see any difference between curtain mode and locking the screen as ARD 1 and 2 did — except that in curtain mode you can put a message up along with the lock screen. Both modes allow for a custom picture to be used, a handy feature for those admins who want to present a friendlier face than the large metal lock image.

The status indicators add additional visual feedback to the monitoring console, allowing an administrator at a glance to check that hundreds of machines are within accepted operating parameters

Also welcome is the added AES-128 bit encryption. For sysadmins, it puts a task server in the demilitarized zone between their inner and outer firewalls and the Internet so that remote users can do updates securely. This ensures that custom settings and remote commands cannot be intercepted over an internal or external network.

As for accessing SQL data directly, there is an article posted on the Apple Developer Connection. Accessing the database in ARD 3 is a little bit different than in earlier versions because it needs to be compatible with an existing default postgreSQL install and more secure than ARD 2. The database communication is also on a different port (the new port is 5433 by default) and the username and password can be found in this directory: /private/var/db/RemoteManagement/RMDB/passwd.txt.

The default username is ard but the password is generated randomly so each install is unique and secure. With ARD 2, we set the username and password to ard/ard. As with ARD 2, however, the user can shut down the agent, edit that passwd.txt file to change the username and password and then restart the agent.

One of the greatest selling points in ARD is the fact that there is no per-client licensing. Since ARD client is built into every Mac OS X 10.3 and 10.4 desktop and server, the only expense in ARD is the administrator license. This license is sold in two tiers: For $299, administrators can manage up to 10 machines at once — or they can manage more than 10 machines, but only 10 at any one time. For $499, administrators get an unlimited usage license.

Unless you have just 10 machines, I advise buying the full license.

I did come across a few issues with the new ARD release. While Spotlight searches worked perfectly, and package installation was indeed dramatically faster, I was initially unable to get any reports to work. I tried both ARD 2.2 and 3 clients, without success. This was working in ARD 2. Calls to tech support resolved this issue, and if this happens to you, keep this possible solution in mind: The first possibility is that your network is not allowing communications to be originated from the device back to your task server. Ports 3283 and 5900 need to be open for both UDP and TCP.

In my case, I had a corrupt task server preferences file on the admin server. To fix this, I went to Library/Application Support/Apple/Remote Desktop/Task Server/ and deleted the Settings.plist file. You’ll need to su to get in or change the permissions on the folder to do this.

Another possibility if your reports fail is that something is corrupted on the client side. In that case, you do have to physically go to the machine, shut off remote desktop and do a sudo rm- R on /var/db/RemoteManagement/caches/. If that fails, also remove /Library/Preferences/ from the client machine. Obviously, visiting the client is the last thing you want to do, so try the other solutions first.

Overall, ARD 3 brings this application to the level of other commercially available asset management and remote support applications. Except for the lack of a useful application packaging system — the included packager is too kludgey and programmer-oriented to be called useful — ARD 3 is at the level of its more established peers. The now-included SQL database allows for real enterprise-level reporting, the task server allows an admin to offload and schedule tasks and the incredibly low cost for licensing makes this application seriously worth considering for managing more than five Mac OS X desktops.

After I’ve had some time to use ARD 3 in detail, and can put it to some real-world testing, I’ll report back on what I find.

Subscribe to the Apple @ Work Newsletter