Guide to Client Management
Client management tools keep end users productive
By Denise Dubie and Tom Henderson, Network World Lab Alliance
Client management technology promises to help IT departments keep happy their most important customer; the end user.
These products, typically software packages, work to maintain operating system and application health on client machines ranging from desktops to laptops to mobile devices such as PDAs or BlackBerries. The products use two sets of programs: software installed at the server that administers, monitors and updates the other piece of software – often called agents. Agents are distributed to all client machines and are often configured to update a central server or management console about their health and status, but the server software can also poll client machines on a scheduled basis to learn more about the status of the systems.
Client agents are often active data gatherers that communicate various administrator-desired information regarding client states, such as CPU, memory, disk space utilization, network traffic seen, and other system characteristics to a centralized server. The server then digests, possibly analyzes, and stores the collected data. Some management applications also allow the analysis of incoming data to trigger actions. For example, the software could initiate the lockout of a user account after too many password failures, indicating a desktop is undergoing unauthorized access attempts.
Agent software may also be the delivery conduit for agent-assessed patches and fixes, updated antivirus or malware files, and other data payloads. Sometimes the agents "pull" information on demand or on an administrator-defined schedule, or have software "pushed" to the client based on server scheduling.
Many agents, when joined with management applications, also have the ability to summarize all of the software a client has available, and subsequent comparisons can be made with lists of applications that are administratively approved or disapproved for organizational use as a policy-enforcement mechanism.
Client management software may also be responsible for authenticating a user, keeping track of and auditing user network navigation and resource access, and may add communication encryption and resource 'ticketing' of both local and network applications. Management software may or may not be tightly coupled with an organization's directory services for purposes of authentication, access audit, single-sign-on usage, VoIP profiling and configuration, as well as offering mobilized resources like "remote desktops," mainframe/hosted-application access, and simple Wi-Fi accessibility. Clients can also be monitored as detection nodes in Wi-Fi intrusion detection, where each Wi-Fi node (because it has a two-way radio) can "listen" or monitor the surrounding area for unauthorized equipment.
Asset management features included in many tools help IT administrators maintain accurate license information, which could assist during software-license negotiations and promise to cut costs for shops with unused client resources. For instance, the software can share details around which applications installed on client machines are tapped most and which remain mostly idle and unutilized. During vendor negotiations, IT managers can save cash by taking into account usage data collected by client management tools.
Security measures include monitoring end-user access to applications for compliance purposes and providing information needed to better secure endpoints. Client management tools, for instance, collect information on patches installed on the machines, which let administrators know which client systems might be vulnerable to attack.
The end-user perspective is the last stop in end-to-end performance management and is often considered the most critical point at which an application must perform up to expectations. Data collected on client machines can give insight into application response times and help IT work out problems causing services to slow down.
Finally, client management applications often ally operating system accessibility, by enforcing limitations on user behavior. These policy-enforcement actions may perform actions such as disabling USB ports on client/desktop systems so that data can't be copied, policing the use of Web access, aiding in monitoring e-mail application misuse (sending company information, forbidden language, as examples), or prevent undesirable user-installed software.