Get to know your desktop

Desktop management is no longer just about taking an inventory of hardware and software. It is increasingly about providing a secure environment for a firm’s employees to work in

  • E-Mail
By  Peter Branton Published  December 11, 2005

|~|desktopmainbody.jpg|~|Desktops are now commonplace and usually outnumber all other components of an organisation’s IT infrastructure, sometimes stretching over several different locations. |~|CIOs do not have a list of the personal computing devices —desktops, notebooks, PDAs — that are deployed in their company. They do not know what software is installed on them, which ones are in need of an upgrade, which ones have been compromised, or how many users are exchanging files over instant messaging (IM) services. And because they — nor anyone else in senior management in their organisation — don’t know there is a good chance that their network is at risk. Now add to that the users within that organsisation ann- oyed with their IT department simply because their systems have aged, leading to slow resp- onse times and PC crashes. The result is IT managers in perpetual firefighting mode, continuously attending to operational problems in the network. That’s where desktop management comes in. The underlying idea is simple. Companies need to collate information on the number of desktops they have, the configuration data and age, software and usage. Using this information, claim the proponents of desktop management, they will be able to manage desktops proactively. Desktop usage is now commonplace within organisations. Desktops usually outnumber all other components of a firm’s IT infrastructure such as network devices, backend servers, applications, web and database servers. Organisations that deploy a large number of desktops over several locations need to have a desktop management solution in place if they are to have control over their infrastructure. This will involve an inventory of installed hardware and software — asset management — software distribution and patch management. With these in place, the IT department can check whether systems are working properly at proper intervals, and update anti-virus solutions and other software on a regular basis. Once assets are classified, system administrators can assign priorities and tackle issues accordingly. This is possible only through automated desktop management systems that encompass asset management, software distribution, remote control, and help desk solutions. But desktop management is not just about taking stock of the infrastructure, deploying software and updates, and fixing problems using remote control capabilities. There is also spam filtering, security patch updating, virus scanning, detecting and eliminating spyware, IM security, wireless security and more. For remote workers, this list will also include firewall configuration and virtual private network (VPN) management. Handling these myriad tasks can be a tall order. And while industry experts stress there is no quick-fix solution, a number of firms promote some form of automated solution. “As the number of users within organisations is growing at a rapid rate, it is becoming unmanageable without automated solutions,” claims Bjarne Rasmussen, vice president, Technology Services, CA in the Arab Countries and Pakistan. Companies such as CA, IBM and HP offer software tools that allow IT departments to manage these end-user devices remotely. Bharati Suresh, marketing manager and channel support, Novell Middle East, agrees: “Today, the most expensive part of owning a network is managing and maintaining the desktop infrastructure.” “Different hardware and OS versions, frequent software and patch update requirements, and virus threats are all burdens on the IT staff and increase IT costs to unsustainable levels,” he continues. “Hence a policy-driven, unique and identity-based process is required to reduce the IT effort, and give IT staff consistent, highly automated management, regardless of device location,” Suresh observes. Essentially, all desktops and their properties — software as well as hardware — have to be identified and then policies need to be set for those. A very simple example could be telling the management software to update virus definition once every day. Or a policy could outline what levels of employees have access to which assets and information. There could be a list of software that is allowed to be installed and another list for software that is banned. For instance, some organisations do not allow instant messaging services at all, while others have blocked peer-to-peer software such as Kazaa. But what about smaller companies, or those that are working on tight budgets, what should they do? There are certain aspects of desktop management that have to be deployed, regardless of the size of organisation. And vendors have different answers to what those aspects are. Samir Kirouani, technology manager, Trend Micro Middle East, highlights anti-virus solutions, anti-spyware, firewalls, and intrusion prevention. However, Kevin Auger, product line manager, Security Management, LANDesk Software, stresses asset management, software distribution and patch management. The tools available for desktop management range from entire suites to standalone software for different aspects — such as patch management or asset management. Some of the popular desktop management tools include Novell’s ZENworks, Trend Micro’s OfficeScan, Symantec’s Ghost Solution Suite, CA’s International Suite, LANDesk Management Suite and Altiris Client Management Suite. And some form of centralisation is inevitable with desktop management — it just makes tasks such as patch installations on desktops that much simpler. Centralised application installation, monitoring application usage and keeping track of resources also become easier. The amount of time, effort and cost saved when all the controls are in one place is immense. For instance, an operating system upgrade on 1000 machines over six locations would take at least a month to install, plus another month to fix the glitches. It would also involve engineers travelling to various locations. If it is all centralised, the installations could be done overnight, sitting in the head office, while glitches could be handled remotely over the following week. It can also aid security. ||**||Feeling secure|~|Kirouanibody.jpg|~|Samir Kirouani, technology manager of Trend Micro Middle East. |~|Creating a secure environment is obviously critical to an organisation’s performance. Says LANDesk’s Auger, “One of the most important aspects of desktop management and why it is so important today is that it provides the foundation to securely manage enterprise endpoints.” “Effective endpoint security management is only possible if it is layered on top of comprehensive configuration manag- ement,” he states. It is a point which is also stressed by Carole Theriault, senior security consultant, Sophos, UK: “When working in a networked environment, it is vital for a system administrator to see what is running on the machines. From a security standpoint, this is of primary importance.” She warns that prevalent thr- eats can cripple the integrity and credibility of a company, and it is important that the administrator can quickly receive warnings about unusual activity. This must be on top of updating all machines on the network with new security protection efficiently and effectively. The threats are clear: last month, the US federal authorities arrested Californian resident Jeanson James Ancheta. He is alleged to have accumulated a botnet (a network of hacked PCs turned into zombie systems) of more than 400,000 machines (See IT Weekly 12-18 November 2005). His victims included the US Department of Defense. To prevent such cases, a four-pronged effort is needed to manage security. This involves installing a firewall, encrypting channels, using anti-virus tools and spreading awareness among the users. And while the first three can be managed using made-to-order products, it is the fourth element that needs more planning and thought. The desktop user is seen as the weakest link. Restrictions on operational freedom can curb pro- ductivity, and help to create a feeling of ‘us and them’ between users and the IT managers. Some service providers add a user counselling aspect to their offer package, with regular updates to users on why a certain upgrade is being done, or why their machine has been given a certain level of access. It is vital for an organisation to keep its communication chann- els open, while keeping a tight rein on security. “Ultimately IT departments need to satisfy the company’s business objectives, while managing the levels of risk exposure and limiting the possibility of abuse,” says Ivor Rankin, senior technical manager, Symantec Middle East and Africa (MENA). “It’s a delicate balance which, if planned and executed correctly, can lead to a mutually beneficial and secure computing environment for both the business and its users,” he adds. The issue of access levels raises another important aspect of desktop management — that of protocol analysis and network monitoring. Implementing desktop management enables the IT division to quickly analyse the traffic to each desktop. This is very important for allocating the right amount of resources at each endpoint, as well as track the traffic for an eventuality, such as unusually high traffic to a certain desktop — and whether it has been compromised or is being used for something it is not intended for. Turnaround time for the service provider is critical for spotting a problem before it causes greater damage. Whether it is automation, security or monitoring, there is the issue of whether to entrust everything to one vendor or pick and choose specialist products from different companies. While some firms may prefer the latter approach, others may feel that having a different vendor for each element will simply complicate matters. Customers are increasingly looking for ‘trusted advisors’ who can offer integrated solutions that add value to their existing infrastructure — for example, one customer may be advised to purchase predominantly Symantec products, yet another may handpick selected products which enhance its existing solution. Frederic Barret, systems engineer at Altiris, says: “We clearly see a consolidation trend within software vendors. Altiris itself has bought several companies lately to provide additional features, such as security.” The biggest leap for companies, however, is to outsource desktop management. One of the reasons for the deployment of desktop management is to make the job of the in-house IT team easier and more efficient, yet there are low levels of outsourcing in the region as a whole. “Desktop management is pretty close to end-user service: language barriers can be a ‘no-go’ for remote outsourcing in desktop management,” reasons Barret, pointing to one indicator as to why it has failed to take off. But there are definite advantages to outsourcing. Keeping abreast of technology, round-the-clock service, fluctuating demand cycles, varied levels of technology skills, and quick deployment of experts in the eventuality of a security breach are all convenient when an outside agency, whose core competencies are these, manages them. It also results in cost effectiveness and an overall ease of operation. Whether or not the process is outsourced, desktop managem- ent is something each organisation has to engage in. It isn’t so much the benefits of implementation, but the dangers of doing nothing. With spam and virus attacks escalating, unless an organisation knows exactly what each desktop is up to, it is asking for trouble. Even if we remove security from the picture, the sheer scale of hardware and software deployments in a large enterprise can seem unmanageable. The overall trend towards managed services is just beginning. And desktop management, even as a component of an overall managed services package, may just offer more economies of scale for organisations. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code