Remote Support Tools

I am looking for remote support tool recommendations that work well with ZIA and ZPA.

So far I’ve looked at BeyondTrust (previously called Bomgar). What remote support tools do you recommend that give the IT help desk control of user’s systems without the need for a VPN.

TeamViewer would work. Essentially any service that works with client initiated sessions

Beyond trust works great, that’s what we use

We are working with ZPA Engineering right now to enable PDQ to do server to client communication, and they have stated it is completely possible.

I can share more info as i have it, just got out of a engineering call about a hour ago.

Microsoft Remote help is a good one, but its expensive.

We have used Zoho Assist for years with ZScaler. I often use Zoho with no issues!

Client to client with ZPA, would this require a machine tunnel to be set up before the user logged in?

If you are looking to make a Zero Trust Architecture you shouldnt allow peer to peer connections. Have a server in between and preferably a tool with good security that the SOC can set detections and playbooks for. That way even if something initially goes undetected you have the forensic information to audit.

TeamViewer Tensor is closest to Bomgar

Thanks for the recommendation from personal experience.
Do sessions automatically reconnect after a user reboots and reconnects to the Internet? Or do they need to log back on to the system before the remote support connection is established?

That would be great, thank you.

Yeah, but that’s best practice for a domain joined system anyways. Otherwise you end up with cached Kerberos tickets.

Beyond trust is client to server connection so after a reboot the user would have to reinitiate the connection

hopefully ill have the guidelines on this monday or tuesday

We use GoToAssist for remote desktop assistance fwiw also

What is your process of generating and issuing machine certificates for all of these machine tunnels?

Also, if a computer is connected via a machine tunnel, and no user has logged in yet, does it link a human user to the connection?

I just use the built-in features of ZCC + ZPA.

No human user is linked to the connection as no human user is logged in - but this allows you to make policy specific to the machine tunnels that only allow access to the bare minimum (like AD).

Deploying Machine Tunnels for Pre-Windows Login | Zscaler

Thank you, this is really helpful!