Advertisment

The Art of Managing Systems Effectively

author-image
PCQ Bureau
New Update

Computing may have come a long way, but desktop and laptop management issues

continue to plague every organization. These two are the most prolific items in

every organization. Moreover, laptops have seen a sharp rise in user adoption as

compared to desktops, making the job even more difficult. Obviously, managing a

component that's not restricted to the four walls of the office is not easy. So

if managing desktops was difficult, then managing laptops is a nightmare.

Advertisment

In order to implement the right solution to manage the two, you need to

understand the key issues you're likely to face in the process. The key thing to

remember here is that all system management issues stem from the fact that

you're dealing with a large number of systems, which are spread out. The wider

this spread, and larger the number of systems, the bigger is the challenge of

managing them. Let's now understand the most critical issues you'll need to

tackle.

Security Management



This is one of the biggest in managing a large fleet of desktops and

laptops. Moreover, when it comes to laptops, another factor--fear of their

theft, also gains importance. If it gets stolen, then the value of data on the

device is more important than the value of the device itself. So the solution

you'll deploy would depend upon the value of this data. Maybe it's hard disk

encryption, or a software that can track stolen devices and then allows you to

remotely delete all the critical data over the Internet, so that it doesn't get

mis-used.

Advertisment


Controlling Laptop theft with

Adeona
This is an

application that will allow you to remotely delete data from a stolen

laptop. Its installation is pretty easy and only takes a few minutes. Once

installed, Adeona automatically starts a background service. By default, the

client sends updates at randomly defined times, usually an update every 30

mins. As the installation finishes, it places a '.ost' file on the desktop.

This is the file you will need to determine the location of your stolen

notebook. It's recommended to backup up this file in a secure location away

from your notebook, like on a CD or you can just email it to yourself.

Adeona has recover tools that help you determine

the location of your stolen notebook. These tools are by default installed

with the client, and can also be installed separately. The recovery tool

connects to the Adeona server, which than tries to retrieve the last IP

address from which the Adeona client had sent the update. Once it has

retrieved the details, it will automatically save them on the desktop in a

text file format. This will include the last IP address and names of nearby

routers if available.

During

installation, Adeona asks you to provide a password that shall be used to

cross-check your credentials in case of theft.
In case of theft,

you can track your laptop's location by feeding the IP address in one of the

global IP tracking sites such as maxmind.com.

Another security issues that need to be managed is patches and updates

management. If not done in time, the systems would become more vulnerable to

security threats. This becomes even more critical for laptops because they're

always connecting to unknown networks and are more prone to picking up

infections. What's required is a solution that can automatically roll out

patches and updates remotely. There are quite a few patch management solutions

around, so we won't get into them.

ManageEngine

Desktop Central 6 is similar to Spicework and provides a very friendly UI

for software deployment across a large number of machines.
Advertisment

In case of laptops, you need a solution that will not allow it to connect to

your parent network unless it complies with the organization's security

policies. So if its virus definitions are out of date, or is missing some

critical patches, then it won't be allowed access into the network unless these

are taken care of. The field of Network Access Control or NAC is supposed to

take care of this problem.

Remote Application Deployment



This is similar to OS and patch management, but its not as as time bound.

For instance, you can define your own time line to roll out applications, but

you can't do that for security updates because malware could strike at any time.

The going technology for this today is called application streaming, wherein an

application is streamed to the laptop or desktop automatically.

Managing Mis-use



If users are given a free hand on their machines, then they could do lots of

things to it-install unwanted software, run unwanted applications, fill it up

with personal data like songs, movies, etc. Apart from lowering productivity,

unwanted applications also pose a serious security risk. There are lots of apps

on the Internet that have malware embedded in them. Besides that, there are also

the 'know-it-all' users on the network who feel they know more than anybody else

and don't need to comply with the organizational policies. They could do things

like disable the host firewall, install pirated applications, etc. These are all

potential security risks that require control.

Advertisment
Spicework also

maintains a list of software installed on systems across the network. You

can also see the systems where they have been installed.

The security angle also comes in here, where an employee could walk away with

confidential company data on a USB flash drive or connects an Internet data card

to the machine and sends out sensitive information. This becomes even more

dangerous in case of laptops, because you're not directly monitoring them.

Therefore, solutions to block different ports on a system, and software to

prevent application installation need to be considered to handle this.

Handling user abuse is therefore a critical part of systems management. One

thing you need for this is user rights management. It will help you minimize

systems downtime by controlling what users can or can't do on their systems. All

the issues we talked about, like downloading software, changing system

configuration, etc can be blocked through user rights management applications.

Advertisment

Besides third party tools, Windows Servers also provide excellent user rights

management.

Remote Management



When you have a spread out fleet of systems, you can't expect to go from system
to system to manage day to day tasks. Therefore, you need to consider options

that can let you remotely manage all the systems. In case of PCs, this is still

manageable because they're all on the same network, and it's a controlled

environment. However, in case of laptops, it becomes extremely challenging

because they could be connecting from anywhere. How will you provide support to

the laptop user in such cases?

For remote system access, there are several tools available. One of course is

the Remote Desktop, which is a part of Windows itself. In case you have a

multi-platform environment, then you could use a tool called VNC. This is freely

available and can be downloaded from www.realvnc.com. This provides the VNC

Server and Viewer components. The former sits on the systems, while the latter

is used for remote access.

Advertisment

VNC would be good for a LAN, but what if you're connecting from outside, like

a mobile user connecting from home? This is where you need a VPN solution. We've

talked about one such VPN implementation in a previous issue. You can read it at

http://pcquest.ciol.com/content/topstories/ 2009/209020106.asp. For smaller

organizations, there's a free, online tool called LogMeIn. It provides a virtual

network, using which your IT helpdesk can access your users' machines remotely

to solve any problems.

Inventory management



One of the most difficult things to manage in laptops and desktops is their

inventory. How many systems are there, what is their configuration, how many

require an upgrade, and which ones can be discarded are just a few of the tasks

that need to be done on an ongoing basis. What makes this job all the more

difficult is the frequent changes in the numbers. Some employees quit, others

join the organization, so the devices keep changing hands. These

adds/moves/changes are extremely difficult to manage.

There's a software called SpiceWork that can handle systems inventory. It's

free and can manage software, network and PC inventory. The software even has a

helpdesk and IT portal, which enables users to submit tickets, in case they have

any complaints. The software can be downloaded from www.spicework.com.

Installation only takes a couple of minutes.

The software is completely web based, so its configuration can be accessed

from any web browser on your network. The beauty of the software is that it can

remotely auto discover all devices on your system, and even capture the

inventory information about them. So if you want to know what kind of hardware

does a particular system use, then simply navigate to the Inventory menu of the

software, and click on the workstations group. You'll see all the systems it's

tracking. Click on the system you want to view its hardware details. It tracks

hostname, processor, RAM, BIOS and OS details, all from a single window.

Advertisment