Managing client devices continues to challenge IT staff looking to equip end users with productivity tools while also protecting networks from errant behavior on the desktop.
“One of the biggest challenges for today's IT operations group is the management of an increasingly distributed and heterogeneous environment,” says Natalie Lambert, senior analyst at Forrester Research. “Despite their efforts to standardize, the client environment is in a state of constant change.”
This means that IT operations must now maintain multiple operating system images, deploy hundreds if not thousands of applications, and assure patch and system security compliance — knowing all the while that system connectivity to the corporate network is not guaranteed.
Client management refers to the tasks an administrator performs to keep desktop, notebook or other non-server computing devices running smoothly. Client-management products, delivered as stand-alone software or a software and hardware combination, cover a wide range of functions designed to automate the management of client machines. Organizations ranging from very small businesses to global enterprises can benefit from such tools that perform seemingly mundane tasks that actually keep a company running. Among the tasks that fall under the client management umbrella are asset auditing and inventory management, operating system deployment and configuration, virtual machine management, software license monitoring, software distribution and patch management, remote control, mobile device management, network access control, desktop vulnerability threat analysis, intrusion detection, virus and spyware detection and removal, USB device management, client backup and recovery, and physical maintenance and cleaning.
“We see a number of drivers for client systems management. The key ones have a need to maintain control and visibility on the endpoint, drive standards automate common tasks and in so doing drive down the costs of managing the endpoint. These costs are typically hidden and represent often manual and repetitive tasks that administrators have to do,” says Mark Boggia, Director, Endpoint Management Pre-sales, Symantec EMEA.
Vincent Delannoy, Technical Consultant, LANDesk, lists out some other key drivers: “Client systems management enables you to take chare of all the different hardware and software in your company, and quickly react to security holes by deploying appropriate solutions.”
How does it work?
These products, typically software packages, work to maintain operating system and application health on client machines ranging from desktops to laptops to mobile devices such as PDAs or BlackBerries. The products use two sets of programs: software installed at the server that administers, monitors and updates the other piece of software – often called agents. Agents are distributed to all client machines and are often configured to update a central server or management console about their health and status, but the server software can also poll client machines on a scheduled basis to learn more about the status of the systems.
Client agents are often active data gatherers that communicate various administrator-desired information regarding client states, such as CPU, memory, disk space utilization, network traffic seen, and other system characteristics to a centralized server. The server then digests, possibly analyzes, and stores the collected data. Some management applications also allow the analysis of incoming data to trigger actions. For example, the software could initiate the lockout of a user account after too many password failures, indicating a desktop is undergoing unauthorized access attempts.
Agent software may also be the delivery conduit for agent-assessed patches and fixes, updated antivirus or malware files, and other data payloads. Sometimes the agents “pull” information on demand or on an administrator-defined schedule, or have software ”pushed” to the client based on server scheduling.
Many agents, when joined with management applications, also have the ability to summarize all of the software a client has available, and subsequent comparisons can be made with lists of applications that are administratively approved or disapproved for organizational use as a policy-enforcement mechanism.
Best practices
Propagating the installation of a client management product across a network entails some basic and some not-so-basic steps. For example, how can you be sure you haven’t inadvertently skipped a machine which rightly falls under your administrative umbrella? This sort of problem rarely crops up when you’re deploying server-oriented tools. But in a large company, thousands of desktop PCs can form a seemingly impenetrable jungle.
The answer to the dilemma is to take a methodical and systematic approach: Use the client manager’s discovery feature to find all the desktop units. Then examine its reports to verify you’ve included every machine.
“The growing needs of different users demand that IT solutions become more agile in the ways they provide access to applications and corporate resources. Given the varying connectivity, storage, and security models needed to provide service-oriented offerings, IT teams need to keep in mind that the “one-size-fits-all” approach no longer meets users’ needs. Combine this with upcoming trends like virtualization and mobility requirements, customers need to carefully assess and evaluate technology solutions available and they are best able to meet their user requirements,” says Mohammed Arif, Product Manager, Servers & Tools, Microsoft Gulf.
Here are some additional tips to ensure your client manager deployment goes smoothly and that the product works the way you need it to:
1. Before deploying a client manager throughout the network (even with a vendor’s help), first try out the software in a controlled, small environment to better understand how it installs, how it performs and what it does in specific situations that you force it to handle. Become familiar with how the desktop manager behaves and know how to use it to enforce licensing as well as operating system and software versioning. Get comfortable with the product’s remote control feature, and run some practice drills to understand how the tool distributes software, updates and operating system patches.
2. Use Windows policies, directory and file permissions and desktop controls to keep users from altering corporate-approved PC configurations, but keep in mind that the corporation, not the employee, owns each desktop screen. Other employees will from time to time need to use the PC that the employee thinks of as “his” or “hers.”
3. For the sake of simplicity and consistency, avoid mixing and matching different client management products across the network. Centering on one tool will yield better control over desktop PCs and other computing devices. It will also reduce the variety of backup devices and backup formats you have to manage. Using a single tool will give you consistent, consolidated reports on the number, types and configurations of your desktop units. And it will make life a lot easier for network administrators and troubleshooters.
4. Take the time to document the client computing environment in your organization. Keep the documentation up to date. The documentation will help you the next time you need to do a major upgrade. It will be a useful resource for capacity planners. And it can even be your justification to the IRS for the depreciation expenses your company claims at tax time.
5. Assume, despite your best efforts to prevent it, that spyware, a virus or some other malady will damage your client management configuration at some point in time. Establish procedures to restore desktop configurations and run fire drills to make sure your procedures work. Use similar goals for your desktop and other computing devices that you use for your servers – you want to maximize uptime and availability for the users who rely on the desktop machines to get their work done.