Gone are the days when virtually the only way you could keep your workstations up to date was to do it manually....
I still remember the nights I spent deploying applications to workstations one at a time.
Today, though, there are numerous software products available that automate the workstation management process. The software is almost a necessity now because workstation management is a more demanding task than it was just a few years ago. Let's face it: There aren't enough hours in the day for an already busy administrator to dash from workstation to workstation performing some menial task.
After finances come features
Workstation management tools are available in a variety of price ranges. If you are in the market for one, first you should narrow down your choices to the ones that are within your budget and then start comparing features.
The products offer various features. For instance, many workstation management utilities rely on an agent that is placed on the individual workstation. If the software you are considering requires agents, then make sure there is a good way of deploying the agents. Ideally, you should be able to deploy the agents through the application's console, but at the very least, look for one that allows you to deploy the agents through a login script or to assign them to computers through the Active Directory. If you have to manually deploy agents, it totally defeats the purpose of buying the software.
Another feature to consider is application deployment. Most workstation management tools will let you deploy applications, but consider these other factors: You need to be able to tell your management software what the system requirements are for an application -- and it needs to be smart enough to honor those requirements. For example, imagine that a particular application requires Windows XP. You would not want your application management software to blindly attempt to install the application onto machines that are running Windows 98.
Find out whether or not the management software offers a feature to limit bandwidth consumption. Even if you are running gigabit Ethernet, your network would encounter some kind of bottleneck (most likely at the server level) if your management software tried to deploy an application to thousands of machines simultaneously. Different management programs handle bandwidth management differently. Some use elaborate bandwidth throttling algorithms. Others queue deployments so that a deployment doesn't start until the previous deployment finishes.
This brings up another point: What happens if a particular deployment stalls or crashes? Your management software needs to be intelligent enough to detect the problem and take corrective action. You don't want to simply leave the workstation in a crippled state, and you may not want to hold up other deployments because you have one stubborn PC. If an application does fail to install correctly, then your management software should be able to roll back the system to its previous state and alert you to the problem (assuming that it is unable to fix the problem).
In larger organizations, it is important for your management software to be scalable and to be location aware. For example, if you have a network of 10,000 computers, it's a little unrealistic to expect a single server to be able to manage software deployments for all of those workstations. You'll want to deploy subordinate management servers that can help with the workload. However, the software needs to be location aware as well. For example, imagine that you have 500 PCs in a remote office. You would want the management server in the remote office to service those PCs. You wouldn't want 500 machines downloading updates from a server in the main office and clogging up your WAN link when there is a perfectly capable server available locally.
Of course there is more to workstation management than just deploying new applications. One of the biggest workstation management jobs is keeping patches up to date. Sure, there are free patch management applications available (such as Microsoft's Software Update Services), but the freebies usually only patch a limited number of products. Unless you have a separate, comprehensive, patch management solution in place, look for management software that can patch a wide variety of applications (and the operating system itself) in as automated a manner as possible. The software should also be able to generate a full report of which patches have been applied to which workstations and when.
Make use of valuable inventory reports
One other important feature is the software's ability to perform hardware and software inventories of your workstations and then produce reports based on those inventories.
There are several reasons why this is important. Software inventories are important because they can help you to stay legal in regards to software licensing. What's more, inventory records will come in handy by helping you comply with the regulations that are being imposed on computer networks in various industries. In order to be compliant, you must be able to perform a real-time software inventory of your workstations. The report would display the applications that are installed and the patches that have been applied.
Hardware inventories are just as important, but for different reasons. Hardware inventories can be used to help the management software determine whether a specific application is compatible with a workstation prior to deployment. Inventory reports also helps deter theft. A service tech at one of my former employers was running a very profitable business that involved stealing memory out of PCs and reselling it. The thief was eventually caught because our management software alerted us to the fact that memory was being removed from various computers.
As you can see, there are a lot of issues to consider when shopping for workstation management software. They should help you when you are deciding which product is best for your enterprise.
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.