The Art of Managing Systems Effectively

Computing may have come a long way, but desktop and laptop management issues
continue to plague every organization. These two are the most prolific items in
every organization. Moreover, laptops have seen a sharp rise in user adoption as
compared to desktops, making the job even more difficult. Obviously, managing a
component that's not restricted to the four walls of the office is not easy. So
if managing desktops was difficult, then managing laptops is a nightmare.

In order to implement the right solution to manage the two, you need to
understand the key issues you're likely to face in the process. The key thing to
remember here is that all system management issues stem from the fact that
you're dealing with a large number of systems, which are spread out. The wider
this spread, and larger the number of systems, the bigger is the challenge of
managing them. Let's now understand the most critical issues you'll need to
tackle.

Security Management

This is one of the biggest in managing a large fleet of desktops and
laptops. Moreover, when it comes to laptops, another factor--fear of their
theft, also gains importance. If it gets stolen, then the value of data on the
device is more important than the value of the device itself. So the solution
you'll deploy would depend upon the value of this data. Maybe it's hard disk
encryption, or a software that can track stolen devices and then allows you to
remotely delete all the critical data over the Internet, so that it doesn't get
mis-used.

Controlling Laptop theft with Adeona
This is an application that will allow you to remotely delete data from a stolen laptop. Its installation is pretty easy and only takes a few minutes. Once installed, Adeona automatically starts a background service. By default, the client sends updates at randomly defined times, usually an update every 30 mins. As the installation finishes, it places a '.ost' file on the desktop. This is the file you will need to determine the location of your stolen notebook. It's recommended to backup up this file in a secure location away from your notebook, like on a CD or you can just email it to yourself. Adeona has recover tools that help you determine the location of your stolen notebook. These tools are by default installed with the client, and can also be installed separately. The recovery tool connects to the Adeona server, which than tries to retrieve the last IP address from which the Adeona client had sent the update. Once it has retrieved the details, it will automatically save them on the desktop in a text file format. This will include the last IP address and names of nearby routers if available.
During installation, Adeona asks you to provide a password that shall be used to cross-check your credentials in case of theft.	In case of theft, you can track your laptop's location by feeding the IP address in one of the global IP tracking sites such as maxmind.com.

Another security issues that need to be managed is patches and updates
management. If not done in time, the systems would become more vulnerable to
security threats. This becomes even more critical for laptops because they're
always connecting to unknown networks and are more prone to picking up
infections. What's required is a solution that can automatically roll out
patches and updates remotely. There are quite a few patch management solutions
around, so we won't get into them.

ManageEngine Desktop Central 6 is similar to Spicework and provides a very friendly UI for software deployment across a large number of machines.

In case of laptops, you need a solution that will not allow it to connect to
your parent network unless it complies with the organization's security
policies. So if its virus definitions are out of date, or is missing some
critical patches, then it won't be allowed access into the network unless these
are taken care of. The field of Network Access Control or NAC is supposed to
take care of this problem.

Remote Application Deployment

This is similar to OS and patch management, but its not as as time bound.
For instance, you can define your own time line to roll out applications, but
you can't do that for security updates because malware could strike at any time.
The going technology for this today is called application streaming, wherein an
application is streamed to the laptop or desktop automatically.

Managing Mis-use

If users are given a free hand on their machines, then they could do lots of
things to it-install unwanted software, run unwanted applications, fill it up
with personal data like songs, movies, etc. Apart from lowering productivity,
unwanted applications also pose a serious security risk. There are lots of apps
on the Internet that have malware embedded in them. Besides that, there are also
the 'know-it-all' users on the network who feel they know more than anybody else
and don't need to comply with the organizational policies. They could do things
like disable the host firewall, install pirated applications, etc. These are all
potential security risks that require control.

Spicework also maintains a list of software installed on systems across the network. You can also see the systems where they have been installed.

The security angle also comes in here, where an employee could walk away with
confidential company data on a USB flash drive or connects an Internet data card
to the machine and sends out sensitive information. This becomes even more
dangerous in case of laptops, because you're not directly monitoring them.
Therefore, solutions to block different ports on a system, and software to
prevent application installation need to be considered to handle this.

Handling user abuse is therefore a critical part of systems management. One
thing you need for this is user rights management. It will help you minimize
systems downtime by controlling what users can or can't do on their systems. All
the issues we talked about, like downloading software, changing system
configuration, etc can be blocked through user rights management applications.

Besides third party tools, Windows Servers also provide excellent user rights
management.

Remote Management

When you have a spread out fleet of systems, you can't expect to go from system
to system to manage day to day tasks. Therefore, you need to consider options
that can let you remotely manage all the systems. In case of PCs, this is still
manageable because they're all on the same network, and it's a controlled
environment. However, in case of laptops, it becomes extremely challenging
because they could be connecting from anywhere. How will you provide support to
the laptop user in such cases?

For remote system access, there are several tools available. One of course is
the Remote Desktop, which is a part of Windows itself. In case you have a
multi-platform environment, then you could use a tool called VNC. This is freely
available and can be downloaded from www.realvnc.com. This provides the VNC
Server and Viewer components. The former sits on the systems, while the latter
is used for remote access.

VNC would be good for a LAN, but what if you're connecting from outside, like
a mobile user connecting from home? This is where you need a VPN solution. We've
talked about one such VPN implementation in a previous issue. You can read it at
http://pcquest.ciol.com/content/topstories/ 2009/209020106.asp. For smaller
organizations, there's a free, online tool called LogMeIn. It provides a virtual
network, using which your IT helpdesk can access your users' machines remotely
to solve any problems.

Inventory management

One of the most difficult things to manage in laptops and desktops is their
inventory. How many systems are there, what is their configuration, how many
require an upgrade, and which ones can be discarded are just a few of the tasks
that need to be done on an ongoing basis. What makes this job all the more
difficult is the frequent changes in the numbers. Some employees quit, others
join the organization, so the devices keep changing hands. These
adds/moves/changes are extremely difficult to manage.

There's a software called SpiceWork that can handle systems inventory. It's
free and can manage software, network and PC inventory. The software even has a
helpdesk and IT portal, which enables users to submit tickets, in case they have
any complaints. The software can be downloaded from www.spicework.com.
Installation only takes a couple of minutes.

The software is completely web based, so its configuration can be accessed
from any web browser on your network. The beauty of the software is that it can
remotely auto discover all devices on your system, and even capture the
inventory information about them. So if you want to know what kind of hardware
does a particular system use, then simply navigate to the Inventory menu of the
software, and click on the workstations group. You'll see all the systems it's
tracking. Click on the system you want to view its hardware details. It tracks
hostname, processor, RAM, BIOS and OS details, all from a single window.