Remote management is essential in order to deliver improved efficiency at lower costs

Software tools simplify PC roll-out and patch management


Software tools simplify PC roll-out and patch management.

Organisations are constantly looking for ways to reduce the overheads from cost of service and repair to equipment downtime, and improve the cost efficiency of their IT assets. Desktops are one of the most expensive areas.

There is a raft of tools that enable the IT department to manage desktops more efficiently, from roll-out to maintenance. But just how practical is this, and how much do these management products let you manage?

The desktop environment continues to become more complex every year, with new technology, new hardware and new software. Typically, companies refresh their IT at intervals ranging from 18 months to three years.

Rolling out new hardware, software, or both is time consuming and involves huge costs. And problems posed by keeping the desktop environment up-to-date do not stop there. Software patches have to be installed regularly and walking to 500 machines to update them manually is simply not practical or cost effective. It is even less so when the machines are distributed around branch offices.

The solution? Manage the desktop remotely from central locations. Considerable savings can be made by taking advantage of the latest desktop management technologies. You can now get tools for software upgrades and patches, hardware and software asset management, software distribution, and support services.

A new ISO standard has been ratified and lists the elements that should be addressed by software asset management. This is a good guideline for companies as to what can be achieved through managing the desktop software effectively.

With the advent of Windows 2000 and Active Directory, IT departments benefited by gaining increased control of desktops through the introduction of features like Group Policies, which allow the environments of selected numbers of desktop users to be managed as one.

Since then organisations have seen many upgrades to hardware, and the use of laptops for mobile working has become prevalent. The new mobile environment and distributed computing poses an obvious question: why have many companies not moved to a managed desktop?

Rob Grange, IT solutions consultant for Bull Information Systems, believes that some of the problems are inherent in the existing technology.

"Most of the comprehensive management software packages are overbearing and have proved cumbersome or require a significant investment in skilling of staff, with limited results or acceptance. The increase in laptop use has also made it harder to deploy. Some niche technologies have seen a resurgence as a result. Citrix has benefited from companies changing and using the technology as a strategic solution," he says.

Many organisations see thin client technology as a way to allow applications to be accessible to groups of users without the need to replace the entire hardware infrastructure. Since the operating system and applications are run centrally, software upgrades and deployment is easier and more cost-effective to manage than the traditional desktop model.

Thintop provides a range of management products for both Citrix servers and desktops that will provide remote control of deployment, inventories and patch management.

However, Grange believes previous technical obstructions are also disappearing, "Business applications can be better managed centrally and with the improvements in communications (ADSL/3G data networks) there is no longer a significant barrier to access," he says.

As history demonstrates, rolling out new hardware and software can be a risky business, but Barry Varley, chief executive at testing consultancy Acutest, believes a more effective approach to testing is needed, since about 50% of testing undertaken by British businesses before roll-out is unnecessary.

"We analysed the testing of a number of our customers and found that, while managers thought they had identified 60% of the potential problems in a roll-out, they had only identified 16%," he says.

A common practice is to test only the more visible large applications before roll-out, but it can often be the smaller applications that are overlooked by testing that can cause system, and ultimately business, failures.

Acutest research shows that managers typically allow only half the time needed for testing systems, so it is clear why the testing programme often becomes squeezed before deployment.

To save costs, time and reduce the risk of business failure, Varley says, "IT departments need to adopt a risk-based approach to testing and involve business managers to find out what applications are business-critical before testing."

With some companies refreshing 30% of their PC environment each year, the physical process of rolling out new hardware, software or both adds weight to already overstretched IT departments.

Getronics' Rapid Deployment eXperience (RDX) service works with Microsoft's Business Desktop Deployment technology to allow remote deployment of software on the desktop.

RDX includes a discovery and management tool to find what hardware is in use in the organisation, allowing the IT department to assess whether PCs are capable of being upgraded with the latest operating systems and applications.

RDX creates a controlled operating environment image to suit the typical business groups, such as finance, HR or marketing, with specific applications then added on top. Once this has been established Getronics uses a remote toolset to push the applications out to the desktop.

This service is aimed at companies with more than 500 desktops to update and maintain, and installations have covered as many as 700,000 seats distributed around the world. Getronics believes that labour costs on roll-outs can be reduced by at least 40%, and savings on on-going management can amount to between 10% and 25%.

Savings through the use of zero-touch technology are so large because of the reductions in engineers' time and travel, as well as the speed with which new technology can be implemented.

Maintenance can also be undertaken with the RDX service, allowing the remote rebuilding of software on PCs, resetting of passwords, and setting up share systems. The technology is also relevant to applying patches to operating systems and applications.

The constant stream of software patches put out by software suppliers can be a significant burden on the IT department. The large system management applications allow patches to be pushed out to the desktop, but there are also additional products and services that are available solely for managing what can be a long and painful process.

Alan Bentley, UK managing director of PatchLink, specialising in patch management, says patching involves gathering information about the IT environment.

"In all there are 15 critical steps to patch management, and companies need to improve the accuracy and reduce the risk in applying upgrades," he says. "Risk can be assessed against what will happen if you don't patch, or apply a patch to a machine that doesn't need it or that it is incorrect for."

PatchLink's Update provides IT departments with access to a repository of patches that PatchLink gets direct from the software suppliers. The patches are tested against 250 different configurations, repackaged for the relevant configuration, are digitally signed by PatchLink and can be pulled down on an SSL link.

Patches are available for different platforms including Windows, Mac, AIX, and Solaris and, by the end of this year, support is to be provided for the mobile platforms.

Broader desktop management systems such as solutions from 1E, Symantec, Altiris, Monactive and Computer Associates, provide an even greater element of control to the IT centre. Some products allow the IT centre to stipulate when machines are powered down, and what services are available during certain hours.

SecureWave's Sanctuary products, for instance, enable IT centres to specify which executables are allowed to run, which USB devices can be connected and what information can be saved to external sources.

So while the days of engineers travelling around the country are not gone, at least they may not have to do it so frequently, or with armfuls of CDs.

Centralised IT management products

Altiris's Client Management Suite provides centralised management of mixed hardware and operating system environments, zero-touch operating system deployment and migration, integrated hardware and software inventory with web-based reporting, policy-based software management, and automated patch management.

Computer Associates' Unicenter enables asset discovery and tracking, software packaging and distribution, software usage monitoring and automated patch distribution. It also provides IT with the ability to retrieve and save data from the desktops before rebuilding begins. Its DNA product also helps with migration by storing the user settings before changing operating systems.

IBM's Tivoli Configuration Manager is aimed at enterprises for migrating and deploying PCs, automating software and patch distribution, and managing inventory. The latest version offers automation technology for delivery of patches and works with the Tivoli suite of products that cover the entire enterprise.

1E's products deliver control in the Windows environment and their patch management module enables PCs to be booted and unlocked remotely, and patches delivered, documents saved and users logged off. Its SMSNomad Branch specifically enables central management of PCs in branch offices, removing the need for an SMS server to be placed at each location, with OSD Branch providing deployment and migration of operating systems to remote branches.

Monactive's Activesam product provides management tools for Microsoft, Citrix and Unix platforms, and integrates information on daily usage, inventory and licence agreements as well as identifying misuse of computers and software.

Symantec's On Command and LiveState products incorporate the technology and products from the PowerQuest acquisition, and provide a complete suite for patch management, enterprise-wide roll-outs of new platforms including Windows, Linux and Pocket PC, asset management, and device control and monitoring.

What is active management technology?

Intel's new AMT tools bring the ability to manage hardware from the server onto the desktop, allowing system administrators to reboot and repair PCs independent of the system's status.

Hardware information is stored in flash memory that is inaccessible to users, but is scanned at first power-up before the operating system loads.

This information is accessible remotely, and technology already exists to boot an inactive system remotely through network controllers.

Keyboard control can be redirected to the system administrator who then has the power to boot the remote device from an external source over the network, and from there can work to repair and restore a system.

AMT is part of a cross-platform management initiative that sees Intel working with major manufacturers to design a set of industry specifications and interfaces that will allow more control of the desktop.

Fujitsu Siemens has announced the first PCs to incorporate AMT, the Esprimo E5905 desktops, and main desktop management applications will be able to retrieve the information stored in the flash memory and incorporate it into their feature set.

Intel's own IT department believes AMT will save the company at least $16m (£9.2m ) annually in asset management and client computer support.

ISO/IEC 19770: standard for risk, cost and competitiveness

This new standard was developed as a guide to what issues software asset management should address:

  • Risk management - to impact the risk of interruption to IT services; the risk of deterioration in the quality of IT services; the risks of legal and regulatory exposure through non-compliance; and the risk of damage to the company image arising from these incidents.
  • Cost control - through possible reductions in the direct costs of software and related assets, through better negotiating of pricing and contracts; reductions in time and cost in negotiating new contracts through better asset information; reductions in costs through better forecasting and budgeting for future investment; reduction in infrastructure costs by assessing whether management processes are efficient and effective; reduction in support costs.
  • Competitive advantage - better quality decision making (for IT procurement and system development) through better infrastructure information; faster deployment of new systems and increased functionality; the ability to manage transitions in IT environments especially when due to business acquisitions, mergers or demergers; better employee motivation and client satisfaction due to fewer IT problems.

Read more on Operating systems software