The ActivTrak Viewer can be used across a VPN (Virtual Private Network) connection. That is, running the Viewer on a VPN client you can monitor activity on the server side of the connection.

You will need to install the ActivTrak Relay Service on the local network. It can be installed on the VPN server itself, or on another computer on the network.

The ActiveTrak Relay is a service that allows the ActivTrak Viewer to broadcast across subnet boundaries when UDP broadcast forwarding is not provided by the routers connecting the subnets.

If broadcast forwarding is turned off at the router, the ActivTrak Viewer will not be able to see Agents on subnets other than the local subnet, unless the Relay is installed on those subnets.

Installation

The ActivTrak Relay is simple to install, has no user interface, and can be deployed using the same remote installation feature used to install the ActiveTrak Agent. The .MSI file for the ActivTrak Relay is included in the Viewer package and is installed in the Program Files folder.

C:\Program Files\Birch Grove\ActivTrak Viewer\ActivTrakRelay.msi

It is best to install the Relay on a computer that will be running 24/7 and has a static IP address. It can be a domain server, a standalone server, or workstation. While it is only necessary to install the relay on one computer on the subnet, there is no problem using more than one computer as a relay.

Configuration
If your Viewer is on subnet A and you wish to observe Agents on subnet B, install the ActivTrak Relay Service on a subnet B computer. Then in the Viewer, when configuring subnet B for viewing, enter the address of the relay computer in the optional field.

Employee monitoring has existed in many forms since the concept of employment first arose. Throughout history, the development of technology has made it possible to more closely observe the behavior of your employees, and apply stricter control measures over their work.

It’s important for any employer to realize that employee monitoring is a delicate subject, and if you want to avoid a negative backlash from your subordinates, you need to approach it with professionalism and an open mind. Luckily, common sense is often enough to realize when your actions are becoming inappropriate, and if you also follow the simple guidelines listed below, you should be able to use employee monitoring to make your company both more productive and pleasant to work at.

1. Be open about your intentions. Nobody enjoys being told about a major policy change in the last minute. Warn your employees well in advance that they’re going to be monitored, and make it clear that you’re willing to listen to their opinion about it. It’s important to let your employees know that they can have a say in the monitoring process, so they don’t feel the whole thing is simply being imposed on them.
2. Outline your rules precisely and accurately. There should be nothing vague and ambiguous about what employees are and aren’t allowed to do in their worktime. The best way to ensure that your employees are adhering to your rules, is to make the rules as clear and understandable as possible.
3. Be willing to make compromises. From time to time, productivity monitoring may interfere with an employee’s life on a personal level. When this occurs, it’s important to help the employee understand that you value their opinion and are ready to make an exception from the rules. However, be careful as it’s easy to go overboard with this attitude and give your employees too much freedom in controlling the monitoring.
4. Value your employees’ privacy. Remember, to them, this is an intrusion, no matter how you may see it. While it’s important to get the best out of the monitoring process and increase the company’s productivity, there’s a fine line that you must never cross, where monitoring becomes too intrusive for your employees to feel comfortable. Again, common sense can go a long way in getting this right, but if you want a quick answer about a specific rule or procedure, just put yourself in an employee’s shoes and think about the effects it will have on him/her.
5. Know who you’re hiring. If you build a reliable working group by carefully screening your candidates, you may not even need to apply monitoring at all. It’s usually better to hire someone with a few years of experience and a professional attitude, and pay them a higher salary, than to vouch for the questionable applicant who’s willing to work for much less – and spend thousands on monitoring software later on.

“Not in my shop!”

If that’s a refrain that pops instantly to mind when you think about the possibility of monitoring your employees’ use of the internet, it may be time to rethink. Conversely, if you are a strong fan of control, you may also benefit from easing up on the reins. Somewhere between devil-may-care and iron fist is the path to enlightened management.

Regardless of the type of business you run, if there are computers on the premises and employees have regular access to them, there will be illicit usages. Even the most hard-driven office drone can manage a quick game of Solitaire, so how much more difficult it is to sneak in an hour of online shopping or a few checks on a Facebook page? Employers the world over are faced with the double query:

• What, exactly, is the danger of illicit and uncontrolled internet access in the workplace?
• Where is the fine line between monitoring and eavesdropping?

The answer to the first question is fairly straightforward. If use of the internet is outside the scope required for the completion of the job at hand, that use can be considered illicit. Employers have the right to determine what employees will be permitted to do with business-owned equipment. Just as most employers would frown on an employee borrowing a copy machine for the weekend to run up a batch of holiday newsletters, the employer is paying for and owns the contract for access to the internet from computers belonging to the business. Case pretty much closed.

The dangers of unmonitored use are several:

• Distraction
• Wasted time
• Waste of materials if the user is downloading and printing
• Possible contamination of the network with downloaded viruses and other malware
• An open door for hackers who might want to collect private information or completely shut down the network for nefarious reasons

Here’s an example of unmonitored use gone awry:

The site was a public high school with a secure district-wide network. The employee, a classroom teacher, found her lunch period to be an excellent time for online shopping from her classroom computer. The evil-doer, later determined to be a student or group thereof, using a Keylogger, was able to determine the teacher’s pass codes to both the network and her credit card. The personal information for every employee in the district was also accessed and downloaded, and the download sold. Within days, the district network of several hundred computers was at the mercy of the perpetrators who merrily hacked into the most secure corners, changing grades and creating generalized chaos. The threat of identity theft continued to hang over the employees indefinitely. The upshot of it all was that the network had to be shut down for a period of time, throwing record-keeping and research into chaos while the source of the problem was ferreted out by the district computer tech. Small goof; big craziness.

A “Keylogger”, by the way, is a favored route into networks. Also called a keystroke logger or system monitor, this can be either a hardware device attached surreptitiously to the user’s keyboard or a software program installed and lurking in some or all of the networked machines. The logger records every keystroke. Thus any top secret pass codes are rendered useless open doors to the inner reaches of private information. This sort of incursion can be prevented relatively easily by requiring that each user change his pass code regularly on a staggered schedule, but gaining 100% compliance on a requirement of that irritation level is difficult. If internet access is monitored—including the installation by the employer of a system monitor of the same type—at very least the location of the incursion can be targeted, isolated, and disinfected more quickly.

The problems of waste are more insidious. How many hours a day of Internet Desktop Tower Defense are you willing to subsidize? A relaxed and focused employee is a boon, while an angry, frustrated, powerless employee is a bomb. A certain minimal investment might be worthwhile, but unfettered, the investment can go negative very quickly.

On the other hand, depending on the type of business in which the company engages, allowing employees to feed their creativity by seeking out competitors’ websites or looking up the latest patent applications while they are working on their assigned project might benefit everyone. Only someone on-site can sense the heartbeat of the organization and determine its health or relative weakness. Keeping the sense of excitement alive is one of the most valuable jobs of a manager of any type of business, no matter the number of employees.

Email and networking sites are probably the two largest draws for illicit internet use in the workplace. It is difficult if not impossible to completely ban all of either. Workers have breaks in their day during which their time is their own, if only for fifteen minutes. Attempts to control the content of that time are generally doomed and may lead to revolt. The danger in permitting outside email on company computers is the risk that sensitive information may easily find its way out of the office. Networking can make strangers seem remarkably familiar, and it would be folly to assume no slips will ever sink your ship when an employee with a happy finger is instant-messaging his new bestest buddy in Budapest.

Distraction is a huge side-effect of that sort of interplay. When Mickey in Consumer Affairs is flirting online with Breezy in Accounting, what are the odds at least one order or complaint or pat on the back is going to slide by unnoticed? They’re higher than if the two of them were unable to continue their cyber-dalliance during work hours. And the evil “reply all” button can make mincemeat of any burgeoning employee bonding efforts. When a private message from above, forwarded to a bunch of friends as a joke, is accidentally spread across the Eastern Seaboard, all hope of recovery is lost.

Where does management end and spying begin? The line generally becomes crystal clear when it has been crossed. If an employer makes reasonable rules, employees will respond reasonably. An employee lounge area exists in most businesses large and small. A cafeteria with a Wi-Fi connection will suffice. Allowing open access to several computers that are not networked with the workstations in the offices is an excellent, open-handed way of settling many of the problems of control. Permitting employees to use their own personal laptops, netbooks, iPhones and other smart devices is cheaper and easier all around. Once a Wi-fi network is in place, setting firewalls is a relatively simple and secure way of keeping the personal personal and the business stuff nice and clean. There is no such thing as “impervious”, so aim for “mostly secure” and you will be better off than most.

Installing system monitors or keyloggers is a simple but questionable route to take around the privacy issue. If employees are permitted access to the internet from their desks, logging their keystrokes can be an actionable invasion of privacy. After all, many of those strokes will harbor secret passwords to personal bank accounts as well as user ID’s for online gaming sites. It’s impossible to log only the keystrokes that might later be an issue.

On the whole, maintaining an atmosphere of reasonable trust while allowing for safe outside use of the internet is the best of all possible solutions. As managers, employers must allow for individual expression or risk losing loyalty. As employees, workers will respond better to being made part of a team than to being spied on and smacked across the palms for infractions, real and imagined. The best arrangement will be different for each company, but there is one for every setting. Do the legwork, keep an open ear and a more open mind, and find the one that works for you.