Anyone used or permitted Webex?

[Woodie]

Looking for information/experience with Webex. I've been asked to allow vendors to remote control into the company, to workstations/servers.

Yes, I've googled, but looking for real-world experience/knowledge.

TIA

 

[rhuss]

we have used it for demo's and training. i don't really have anything technical to offer, but i know the network guys weren't too pleased about having to let us use it. i know we have used it a bunch of times with no real problems, but i am pretty sure there are some big security risks.

 

[Carazariah]

Woodie,
We used it once here at work for exactly the same reason. Client requested remote access. We have a fairly tight Firewall/Router that blocks access to just about everthing. I found that it seemed to work okay for the demonstration and testing we did in house. But I only watched and controled another PC in house not outside the LAN to the Internet. I wasn't the lead on implementing it with the client so I'm not sure if they ever used it to remotely access our desktops.

Thanks
C

 

[Woodie]

bump for other opinions?

 

[cmetz]

It sucks, don't use it.

A former employer loved it for some reason, used it for all major company meetings, and it never, ever worked 100% right. At a minimum, it required Windows, IE, and default wide-open security settings, or your client couldn't do anything. Even then, reliability was lacking and performance was sllow. I was told that it was expensive, too.

Everything they did with WebEx could have been done using freely available tools. In their case, VNC could have done it all - it was just PowerPoint screen sharing. I think WebEx can do more than that, and so I suggest you investigate what freely available tools could do what you are trying to use WebEx to do.

"I've been asked to allow vendors to remote control into the company, to workstations/servers." I'm not sure why you'd use WebEx for this problem. Could you elaborate as to the problem you're trying to solve? Maybe we could suggest a better solution that way.

At a high level, letting vendors remote control into company machines is already a nervous place. It sounds to me like you should put the affected machines into their own special sandbox network, quite firewalled from the rest of your corporate infrastructure, and make sure you have appropriate access controls and policy controls in place, not to mention legal CYA.

 

[Woodie]

The current vendor access solution requires:

ID configuration, custom VPN client build, the vendor has to install that custom VPN client build, creating a new profile on the VPN switch(es), updating firewall rules to give them access to the particular devices after they've successfully VPNed in... very cumbersome, and the TCO is relatively high.

So, vendors want us to host a Webex session during problem evaluation and resolution from the affected server (device), so they can see what we're seeing. At times the vendor will want to take control of the device in order to make changes or further problem determination. This solution would be much more scalable, as our servers are very consistent in terms of OS and browser/settings.

Vendor access to production systems is indeed a very nervous place. Since we're talking about say 500 servers with some Vendor or other running code on them, sandboxing isn't a good option. I think the "process" around granting access is going to be key.

I'll take a closer look at the browser piece of it...since this is being targeted for servers, and we're migrating to 2K3 w/ the locked down IE...we're going to run into some "issues" there. (We *strongly* discourage the use of the browser on the servers)