Managing the madness

Desktop management has always been a daunting task for IT administrators. But some parties believe that companies need to take a...

Desktop management has always been a daunting task for IT administrators. But some parties believe that companies need to take a more holistic view.

Danny Bradbury reports

In 1995, when Larry Ellison, Scott McNealy and friends introduced the network computing concept, they promised it would revolutionise the way that IT managers handled resources. Administrators would no longer have to suffer the tyranny of the PC, which inevitably broke down and cost inordinate amounts of cash to repair.

Five years later, we are all still using those darned white boxes. They still cost as much money as ever, and cause just as many frustrating problems, but it looks as if PCs are here to stay, and we have to manage them. Desktop management is one of the most problematic issues for many IT administrators, and it becomes more of a headache as companies increase in size. When companies merge and have to integrate their desktop management infrastructures, the problem can reach migraine proportions.

Traditionally, desktop management has included both asset and configuration management. Asset management products are designed to help you keep track of what you have in your organisation, ideally all the way down to the PC component level. So an asset management product should be able to tell you that someone has pinched 128Mbytes of memory from that Pentium II processor sitting in accounts. It should also be able to tell you whether someone has installed a copy of Quake on a system, for example, and ideally be able to help you keep track of peripheral devices such as printers, too.

The Y2K crisis prompted some companies to take charge of their asset management policies, and work out exactly what was in their organisation. Rizan Flenner, business development manager for Computer Associates (CA), recalls that the company ran an initiative called AimIT Y2K in co-operation with EDS. "EDS provided a powerful Y2K compliance database and CA contributed the asset management tool," he says. "Close to 100% of the customers using CA's inventory tool AimIT would not like to give up the benefits gained by real-time asset tracking."

Real-time tracking is important, says Geoff Willett, business manager for managed services at infrastructure and maintenance company Lynx Technology. One of the biggest problems in the asset management space is the use of static products, he says. "The big problem is when people move things, changing them and so on," he says, naming Intel's Landesk product as one of the tools that helps administrators find where products and software have been changed and removed.

Configuration management products are a boon for IT managers who have to administer large numbers of PCs, especially if they must be administered remotely. They enable PC settings to be altered from a central site and make it possible to distribute software and upgrades to end-users over the network.

But the nature of desktop management is changing, according to Jim Turner, chairman of the Distributed Management Task Force (DMTF). Even the name of the DMTF is indicative of that - the organisation used to be called the Desktop Management Task Force.

"We saw that the issues of management are really moving beyond component-based management - managing a particular piece of software and hardware," he says.

Instead, the emphasis has switched towards holistic management, governing not only the components but also the relationships between them.

Back in the late 1980s and even the early 1990s, PCs were largely standalone affairs with little networking capability. These days, the most popular solutions require networked capability. If someone is sitting at a networked desktop and is unable to access their e-mail, there are many components, such as the e-mail software, network adaptor, network router and server that could be at fault, he explains. Consequently, the term desktop management was a misnomer.

In response to this need, the DMTF has developed the Common Information Model (CIM), a protocol for exchanging information between different systems management tools. It is designed to interface with existing network management exchange protocols, such as the Simple Network Management Protocol and Management Information Bases. There are thousands of management tools in the industry, and they all build their own proprietary information databases, explains Turner. A common information model covering data formats and naming conventions for different components would solve the management problems for these companies, which is where the CIM comes in. The CIM falls under the umbrella of the Web-based Enterprise Management (WBEM) standard which uses an XML-based language to pass CIM-based information over http.

Another useful standard from the DMTF, this time focusing entirely on the desktop, is the Desktop Management Interface, which is a protocol for managing PC-based components. This focus on network-centric computing resources has led to products such as Corechange, a tool from software developer Corepoint that approaches desktop management from the other direction, enabling employees to manage company resources through a central portal. Corepoint spokesman Ronan Lavelle explains that the tool essentially takes the concept of single sign-on - the idea of providing single password access into all the relevant applications and services within an organisation - and presents those resources in a personalised browser. "But something in the background needs to happen," he says.

Accounts on different operating systems and applications must be managed and the Corepoint software carries out the donkey-work behind the scenes.

Still, in spite of Turner's protests there is still a strong need for desktop-focused management. While it is true that computing resources are becoming more distributed, the utopia of Joe Public accessing records on the company database from his Wap phone is still a long way off. Until that happens workers will do most of their work at the desk, using applications that reside on the desktop.

With this in mind, technologies are needed which will tame the desktop. Centralised computing seems to be one of the most promising technologies in this area. Having been given a much-needed shot in the arm recently by the overhyped application service provider market, the concept of centralised computing is nothing new.

The likes of Citrix and Microsoft have been promoting the idea of ultra-thin clients - even more extreme than the Java applet-based network computer concept - for the last four or five years.

Such systems can be used to run programs on a remote server and access just the graphical output on a thin client. Citrix's Metaframe and Microsoft's Terminal Server edition are designed to do this.

Alternatively, administrators can manage desktop resources from the server. Microsoft originally offered such services under the Zero Administration for Windows toolkit, which enabled desktop software elements to be governed from a central site. System builds could even be downloaded to a suitably equipped thin client over the network. In Windows 2000, this has metamorphosed into Intellimirror, a set of configuration management technologies for user data and settings management and software installation.

Unfortunately, there will always be some workers for whom centralised control will simply not be appropriate. While ultra-thin clients are often a good solution for structured workers - those workers who perform repetitive, simple tasks such as data entry or record retrieval for customer services - such systems simply will not cut it for the average marketing manager, or sales representative out on the road. Knowledge workers such as these often use laptops, which are the bane of any desktop management consultant's existence. It is difficult to manage such machines logistically when they are not connected to a network.

"That is a headache," says Willett. "Products like Microsoft Systems Management Server and Landesk audited software on a periodic basis to check out what illegal and unauthorised software people are using."

While checking the status of a laptop and making the necessary changes when it connects to the network is better than nothing, it is far from optimal. Likewise, software updates will be sent to the laptop when it next connects, but someone could install an illegal piece of software - possibly a Trojan horse - on the system and run it for hours or even days before they reconnect.

As the rest of the enterprise evolves, so does the concept of desktop management. Directory-enabled networking is the next big thing for the desktop and distributed systems management industry, says Turner. He argues that policy-based software distribution using directories enables you to base your configuration management on service agreements that in many cases have hitherto been only verbal. "You need to manage relationships between applications and end-users," he says. "The issue is that a lot of that is not standardised."

This lack of standardisation has been a character trait of the desktop management industry. While it has been possible to define policies within traditional desktop management products, it has not been easy to hook these into other parts of the application infrastructure. It would be ideal, for example, to create a standard profile for a particular type of worker such as a technical support engineer, encompassing not only payroll status and network access profiles but also detailing which applications that type of worker would use. This would tie worker life cycle management seamlessly in with desktop configuration management.

Directory-enabled networking will enable this type of activity thanks to the use of standard directory exchange protocols such as LDAP. The fact that many organisations will use a single type of directory infrastructure makes it easy to store all this information in one place.

Microsoft has its Active Directory service, introduced as part of Windows 2000, while Novell has had the Novell Directory service for some years now. It has used this as the basis for its Zenworks desktop management solution, which makes it possible to manage workstation profiles from a central location. Supporting Windows 2000, the product can be used to install operating systems over the network, just as the Zero Administration for Windows technology did.

Desktop management is undergoing a revolution. While records of its death are greatly exaggerated, the line is blurring between desktop and system management to the point where they are becoming interchangeable.

Consequently, standards will become increasingly significant as information exchange between directories and desktop and system management products becomes important.

Stopping desktop infractions

Keeping unauthorised software off desktop systems is one of the biggest challenges for any IT manager. The rise of e-mail and home PCs has led to a large number of PC-literate end-users who know how to install a copy of Doom or open an .exe attachment from a PC, but who do not understand the ramifications of their actions.

Some products have emerged that are designed to stop such infractions. AppSense Technologies, for example, has released version 3.2 of its Appsense product. When installed, the NT- and Windows 2000-compatible product can be configured from a central terminal to prevent unauthorised executables from running on any desktop on the network. It also logs such attempts so users can be "educated" when their extra-curricular activities are spotted.

Read more on Business applications