Remote sharing in smaller company & security concerns
Posted by Logical-Present6320@reddit | sysadmin | View on Reddit | 18 comments
I work at a startup and we are in a situation where for remote employees we want to give them remote access to specialized equipment: mac studio and intel+GPU (windows). This is mainly for graphics related work.
I have used teamviewer and anydesk. I wanted to check with the community:
1) What tools have they used and come across?
2) Especially in the days of AI, I want to be sure that I dont endup with a tool which takes all my data. So:
2.1) What security audit should I do?
2.2) What should I avoid?
Thanks in advance!
briskik@reddit
Create a VPN, don't use Team Viewer
Logical-Present6320@reddit (OP)
Just edited my post for giving more context. Its not a 1:1 mapping i.e one remote device dedicated to one employee, its rather a pool of devices that can be accessible for employees on time shared basis (cost concerns since we are a smaller startup).
My idea behind teamvier, anydesk was that I could have those devices on a company account and the employees could have access to this pool of devices and use it as required.
So really:
1) company devices connected to teamviewer/anydesk or something better
2) employee logs to these tools and accesses devices. They seem to have file transfer etc., so things work across
3) I can enable SSO to ensure right accounts are being used.
Ecstatic-Hat-3377@reddit
The VPN suggestion is correct directionally I believe, WireGuard specifically is prob what you want under the hood. The missing piece is the management layer that makes it actually usable for a team without a dedicated network eng/admin. For your specific use case shared device pool, SSO, non-technical employees you'd want WireGuard for the network layer, RustDesk self-hosted for the remote desktop layer, and something to tie the access management together. Happy to walk you through how we've seen startups solve exactly this if it's useful.
You should take a look at NoMachine and parsec though to get an idea of other potential tools to solve your conundrum. They're very high performance remote desktop apps with a graphical focus.
jsiwks@reddit
Pangolin a good option for the WireGuard management layer and it's also open source. You'd deploy a network connector in the pool of machines, the the employees connect to the VPN with a client. It handles NAT traversal so you don't have to mess with firewalls or any of that
Logical-Present6320@reddit (OP)
Thanks, this is great info!
Have you done any security assessment of either of these tools? No worries if not
Ecstatic-Hat-3377@reddit
Sorry not sure who you're referring to with this response but feel free to pm me if that was meant as a reply to my comment. Regards
thekohlhauff@reddit
I wouldnt advise vpn in 2026. Too many vulnerabilities to keep up with and a majority of breaches nowadays are via VPN infrastructure.
Obviously you can guard and build against this but I just dont think its worth the trouble anymore.
GullibleDetective@reddit
Vpns underly even bomgar, teamviewer, Hamachi, screenconnect. But yes a self spun firewall branded sslvpn unless you're on top of netsec can be dicey
Curious201@reddit
for a small company, i would avoid teamviewer/anydesk as the main design unless you really only need occasional attended support. they are easy to start with, but they also become a messy access-control problem once people leave, devices change hands, or multiple employees need access to the same pool of machines. if this is company equipment, i would rather have a vpn into the office plus rdp to specific machines, or a proper rmm/remote support tool with named users, mfa, logging, and device groups. if it is employees’ personal devices, i would be even more cautious and keep it attended-only unless there is a written policy. the big thing is not just “can i connect,” it is who can connect, when, to what, and whether you can prove it later.
Logical-Present6320@reddit (OP)
Thanks, super helpful!
malikto44@reddit
I'd sooner use TailScale and see about a commercial license for that, then using TeamViewer or AnyDesk.
frenswithgeese@reddit
LogMeIn is reliable, auditable logs, and has MFA.
GullibleDetective@reddit
They jumped the shark long ago, screenconnect/splashtop
thekohlhauff@reddit
Parsec was built with this in mind if this is a creative workfield.
tech_is______@reddit
Are you providing corp laptops for remote users, or are they using their personal devices?
Logical-Present6320@reddit (OP)
Corp laptops accessing corp devices.
I should have added this earlier: Its not a 1:1 mapping i.e one remote device dedicated to one employee, its rather a pool of devices that can be accessible for employees on time shared basis (cost concerns since we are a smaller startup).
My idea behind teamvier, anydesk was that I could have those devices on a company account and the employees could have access to this pool of devices and use it as required.
So really:
1) company devices connected to teamviewer/anydesk or something better
2) employee logs to these tools and accesses devices. They seem to have file transfer etc., so things work across
3) I can enable SSO to ensure right accounts are being used.
Hope that gives better idea. I will add this in the post as well!
tech_is______@reddit
Should be fine. Check out Splashtop, TeamViewer is really expensive and love to lock you in to long term contracts.
eu_licensing_pro@reddit
TeamViewer and AnyDesk are fine to start with, but I’d be a bit careful using them long term for a business setup.
What I’ve seen go wrong isn’t really the tool, it’s how access gets messy over time. People get added, nobody cleans things up, and after a while you’re not really sure who can access what anymore.
If you go this route, just make sure everyone has their own account and that you have some visibility over who is connecting where.
Also think ahead a bit. It works fine with a few users, but once you add more people or contractors it can get messy pretty quickly if there’s no structure.