Remote maintenance — the complete guide

What is remote maintenance?

Remote maintenance denotes the remote-controlled access to a computer, server or other device over the internet or an internal network to perform maintenance, support or configuration — without the technician being physically present at the device. Related terms:

• Remote support — common in helpdesk context, often synonymous
• Remote desktop — describes the technical means: remote screen transmission
• Remote access — umbrella term that also includes pure VPN or SSH connections
• Screen sharing — sub-function of a remote maintenance tool
• Helpdesk tool — remote maintenance in the context of a service desk with ticketing

At its technical core, any remote maintenance is an interplay of three components: a host (the maintained device), a client (the technician's device), and a signaling path (how they find each other). The data channel itself runs in the modern stack as a P2P connection directly between host and client; older tools relay everything through a central cloud server.

The four most important types of remote maintenance

Attended vs unattended access

Attended: the end user is present, accepts an incoming connection and confirms it actively (e.g. by entering a code). Typical for ad-hoc support: end customer calls, technician opens a session, end customer sees the cursor move. Unattended: the device accepts connections without human confirmation, provided the technician is authenticated. Typical for server maintenance and device pools (e.g. an MSP maintains 50 customer PCs at night).

Cloud-relay vs P2P

Cloud-relay (cloud-centric): all data flows through the tool vendor's servers. TeamViewer Classic is the prototype. Advantage: simple firewall traversal. Disadvantage: bandwidth and data protection. P2P (peer-to-peer): screen data goes directly between client and host, only in rare NAT cases via relay. AnyDesk, RustDesk, WinDesk are P2P-first. Advantage: low latency, no data through third-party cloud. Disadvantage: NAT traversal can get tricky (symmetric NAT, enterprise firewalls).

Browser-based vs native app

Browser-based: HTML5 gateway like Apache Guacamole; connection runs in the browser tab. Advantage: no client installation. Disadvantage: performance limitations, no file transfer outside the browser sandbox. Native app: dedicated client installer. Advantage: full performance, multi-monitor, system audio. Disadvantage: installation required.

Permanent install vs portable

Permanent: service runs in the background, often in the system context, accepts incoming connections even when nobody is logged in. Necessary for unattended access. Portable: ZIP-based client runs from any folder without installation. Useful for technician toolkits (USB stick) and ad-hoc support on restricted machines. Details in the portable alternative section.

When do you need remote maintenance?

Six typical use cases:

• IT providers / MSPs — maintenance of customer fleets, patch management, software rollouts. See IT providers use case.
• SMEs with branch offices — central IT serves branches and home-office setups. See SME use case.
• System administrators — server maintenance, headless Linux machines, bare-metal diagnostics. See sysadmin use case.
• Schools + educational institutions — PC room management, teachers supporting students from the teacher's desk. See education use case.
• Family + friends — "my mum needs help with the printer." Ad-hoc support for non-technical people. See family use case.
• Software vendors — customer success teams running onboarding sessions on the customer's screen.

Remote maintenance and the Swiss legal framework

Three legal frameworks are relevant for Swiss remote maintenance:

• GDPR (EU) — applies to Swiss companies as soon as they have EU citizens as customers or are reachable from the EU. Most important duties: register of processing activities (Art. 30), data processing agreement (Art. 28), data security (Art. 32).
• Swiss FADP (revised, in force since 2023) — the revised Swiss data protection act. Essentially GDPR-compliant with a few Swiss specifics: explicit consideration of "particularly worthy of protection personal data" (religion, health, etc.).
• Industry-specific regulations — FINMA circulars for banks, FDPIC recommendations for insurers, professional secrecy for lawyers (Swiss Penal Code Art. 321) and doctors (Penal Code Art. 321 + cantonal health laws).

Concrete consequence: if your remote maintenance software has a US server component (public rendezvous, cloud relay), this is CLOUD Act-relevant — and thus a show-stopper for many Swiss industries. Swiss fiduciaries, law firms, medical practices and insurers need tools with Swiss or EU data residency. Deeper coverage in the GDPR remote support practice guide.

Which remote maintenance software for which use case?

Quick orientation — detailed comparison on the comparison table:

• You want Swiss hosting + cross-platform incl. Pi: WinDesk. Even if you don't have a Pi today — the architecture is cross-platform-first, saving future migration.
• You're in an international enterprise with multi-party compliance: TeamViewer Tensor. Expensive, but with all the enterprise features.
• You have Linux admin skills and want 100% self-hosting: RustDesk (open source, MIT) or MeshCentral. Details on the RustDesk alternative page.
• You need browser-based bastion access: Apache Guacamole as a self-hosted gateway in front of RDP/VNC/SSH.
• You are a solo hobbyist, need remote on your home PC: Chrome Remote Desktop is enough. Or RustDesk public server if you don't want Google.
• You want to test without account + credit card: WinDesk Free, CHF 19.90/month Pro, 14-day free trial.

Set up remote maintenance securely — seven layers

Detailed practice guide on the security page and in the remote desktop security blog post. At the core:

• End-to-end encryption (AES-256-GCM is standard)
• Multi-factor authentication (at least TOTP, better hardware-bound via WebAuthn/Passkey)
• Hardware-bound device tokens (Secure Enclave / TPM 2.0)
• Audit trail with immutable session logs
• Granular roles + permissions (no "all technicians may do everything")
• Endpoint hygiene: patched operating systems, no compromised technician machines
• Clear off-boarding process: when a technician leaves the company, their tokens must be invalidated within hours

Cross-platform: Windows + Mac + Linux + Raspberry Pi

One of the most common mistakes in tool selection: only looking at your own OS. Modern IT is cross-platform:

• Windows 10/11 — still the market share leader, all tools support it. WinDesk for Windows.
• macOS Apple Silicon — explosive growth, especially in creative industries. Apple Developer ID + notarisation are required for a sane end-customer experience. WinDesk for Mac.
• Linux x64 — dominant on servers, increasing on desktops (Ubuntu, Fedora). .deb + .rpm packages are standard. WinDesk for Linux.
• Raspberry Pi 4/5 (arm64) — often overlooked. Pi-based kiosks, digital signage, maker setups, school computers all need remote maintenance. Few mainstream tools deliver arm64 builds as an equal platform. WinDesk for Pi.

Migration: switching from one tool to another

If you currently use a remote maintenance tool and want to switch, a cutover plan is important — not a hard switch. We recommend 2–4 weeks of parallel operation. Concrete guides:

• Migration from AnyDesk to WinDesk
• Migration from TeamViewer to WinDesk
• Migration from RustDesk to WinDesk

In-depth articles in the WinDesk blog

• What is remote desktop? — fundamentals article
• Remote desktop security guide
• GDPR-compliant remote support in Switzerland
• P2P vs cloud relay — architecture comparison
• Set up unattended access correctly
• Remote support for SMEs — practice guide
• Remote support Windows + Mac + Linux
• Choose remote desktop software