As soon as your network has more than a handful of computers located in one place, managing them starts to become an issue. As the number and variety of computers rises, some things (like visiting them all to install a patch or new application) become difficult. Although you can automate many tasks in a login script, these can rapidly become unwieldy and difficult to manage. The requirement to install a dedicated desktop management system becomes inevitable.
The choice of management package will depend on the environment - network operating systems in use, size and topology of the network and the combination of desktop (typically wired directly to the network) and laptop (usually connecting in via dialup) computers. Management of devices such as switches, routers or other SNMP-capable devices may required. An emerging consideration is support for Palm and Pocket PC-derived PDAs and even smart phones and pagers.
Afaria from Xcellenet (www.xcellenet.com) allows you to manage Windows based machines, PDAs and some varieties of wireless pager. At present, management of Windows-based computers and PDAs are carried out through different management programs although a new release is in development so by the time you read this everything may be controllable through a single interface. It can be used either as a standalone package or be integrated with an existing framework such as Microsoft SMS, HP OpenView or CA Unicenter.
On the client side, there are a number of ways of accomplishing a given task which allows you to tailor operations to the environment you operate in. On the server side you will need Windows NT Server and either a SQL Server or Oracle database for information storage. Authentication and assignments may be carried out based on NT domains or LDAP directories.
Afaria uses channels to organise tasks. Channels are published to make them available to clients and can be unpublished in order to stop clients connecting or subscribing to them. An automatic subscription option is available to force clients to use a particular channel. This feature is particularly useful to force clients to receive updated signatures for their anti-virus software and to perform audits which users might otherwise not perform voluntarily.
Figure 1 shows the Channel Administrator, illustrating a number of channels of different types. The Channel Administrator shown runs on the server, management can also be carried out from elsewhere using a web browser if the Afaria server is also running Microsoft Internet Information Server 4 or above. Although not shown, folders can be created which allow groups of channels to be kept together. One thing to be aware of is that a small number of operations in Administrator do like screen real estate - with a screen display of 800 x 600 the window should be almost maximised to see everything.
The first big hurdle you are likely to face in deploying Afaria is actually getting the client software (the installation files for which total about 2 MB) on to the client computers. A variety of approaches may be used to accomplish this. Network-connected machines are fairly easy since you can just put the setup program in the login script. A silent installation is possible so that users don't have to know what's going on if you don't want them to. Simply edit the silent.ini file to give the correct target directory for the installation and run the setup program with a "-s" switch.
Remote users are a little more tricky and you will need to tailor your approach depending on the user and device population you have to deal with. If you have a reasonably trustworthy, IT-literate user population you could send them a CD (might seem a waste for only a 2 MB file but you might still find it works out cheaper than floppies) which they could install themselves. The important options can be predefined and the CD could be set to run automatically so it's reasonably easy, if (and sometimes it can be a big if) they just put the CD in the drive.
Email is another option although you will need to think carefully about how your users will react when they get the attached file (are they used to receiving files of that size, will they wait patiently for it to download or will they ring for support when their mail is "stuck"). There will then need to be some mechanism to detach the file from the message and then run it. How you achieve this will depend on the mail system you are using and to what extent you can rely on your users to accurately follow whatever instructions they're given.
Eventually, by a variety of means, you should be able to get the software installed on the majority of machines and pick up the stragglers on a case-by-case basis. Hopefully you'll have a list of what hardware is supposed to be out in the wild and be able to compare this with the results of the hardware audit which will probably one of the first tasks you'll want Afaria to run anyway.
Although the client software must be installed, there are different ways that it can actually be used. If you simply want to use Afaria to push files (programs or data) out to clients and collect audit information from them, there is no need for the end users to interact with the client software, avoiding any need to train them in using it. If you want users to be able to choose some or all of the operations which are going to be carried out then there will be some training element involved.
Figure 2 shows the Afaria Channel Viewer. It has a familiar Explorer-type view with transmitter information (each Afaria server is known as a transmitter) in the left pane and the channels available on the selected transmitter in the right pane.
If you have a sizeable, out of control network, the first thing you'll be wanting to know is exactly what's out there. Although you will probably know what has been purchased centrally, satellite offices and remote users can have a nasty habit of buying things, even if it's just a simple mouse, without telling you. The first you'll know about it is when they phone up for support and you discover that their new hardware's driver conflicts with one of your applications, they need to use both and want you to sort it. The availability of easy to install Plug and Play devices seems to be making this more common.
The Inventory Manager allows you to carry out both hardware and software audits (if you do software you have to do hardware as well). You can also opt to get a complete listing of the files on the system but this takes time to run and additional time to transfer the data. You have the option of running the scan while the remote device is online (fine if they're on a network, not recommended over a slow dial-up link), after the communication session or at a scheduled time. For the latter two options, the information collected by the audit will be returned to the server on the next client connection. The disadvantage of the scheduled option is that if the device isn't switched on at the scheduled time, the job won't run. This might not be a problem with desktop PCs which are normally on during office hours but mobile workers, being more inclined to work varied hours, could easily miss a scheduled event.
The low level auditing software is based on Intel code and works better on some systems than others. Given the wide variety and rapid development of components though this isn't entirely surprising. Once the data has been gathered you can run a variety of reports both from within the Inventory Manager Console or your favourite database reporting tool. So if you want to find all the clients which are using an application prior to a specific version (causing "I can't open files I get sent" support problems), or running their display at less than 16 bit colour ("web pages look funny"), you can. Where appropriate you can also check such parameters as remaining battery capacity.
If the Software Manager won't allow you to deploy a bit of software in the way you want to, chances are you shouldn't be doing it like that anyway (and if you really want a feature, ask for it and it may appear). Two main types of installation are supported: setup based where you send out one or more files then run setup.exe or similar and non-setup based where you simply deliver a collection of files. If neither of those suits, you can use the supplied Capture program to do snapshots of a system before and after the application is installed. This will then create what is effectively a setup-based installation which will include all the files, registry changes and so on.
Whichever type of installation you select, you can choose whether to deliver the package of files to the client directly or have them accessed from somewhere on the network. If you have a mixture of dial-up and networked machines you will probably want to create two packages, delivering files to the remote machines for dial-up users and running from the network otherwise. Once the basic package details are defined, there are a whole range of advanced options you can choose from.
If the installation is to a Windows NT system, you can specify whether shortcuts should be defined only for the currently logged in user or for all users. A wide range of system criteria checking can be carried out to ensure that the right operating system is installed with enough RAM and free disk space. Other dependencies can be catered for by running other Afaria channels or programs before or after program installation. Pre and post-installation messages can also be defined if needed. If you don't want the user to be able to uninstall the application, files can be marked as shared or non-removable.
Of particular relevance when deploying to remote users, you can segment the files in to chunks based either on size or transfer time. Delivery periods can be defined so that, for example, files are only transferred during times when telecoms changes are lower. If you only want the application installation happen between certain dates and times, you can set those too.
The Software Manager is only required for applications. Other files which you might want to transfer to and from client machines are handled separately using the Document and Session Managers.
Most organisations have a collection of useful files which nearly everyone needs. This might include word processor templates, price lists, contact lists and so on. Even if you have an existing groupware application such as Lotus Notes, there may still be times where you can't quite replicate a file in exactly the way you want to. The Document Manager allows you to control the deployment of files which are not directly part of an application. The Document Manager is only used to send files out to the client. If you want to retrieve files, you need to use the Session Manager described later.
Once again, a huge range of options are available to control exactly how a file should be sent out. A useful feature is file differencing. If only small changes are made to a given file, only the incremental changes are sent out, rather than the whole file. After the first transfer, this reduces the amount of data which needs to be transferred to the client.
Whatever else you might want to do, it's probably handled by Session Manager. Each Session Manager channel comprises at least one Sendlist or Worklist. A Sendlist is effectively a subset of a Worklist used to send files to a client, create directories and check files. A Worklist is far more powerful since it allows you to create scripts which can send and retrieve files, create or remove directories, check or update Registry values and other system settings and run programs. So, a simple example might copy all the files from C:\My Documents on a client and copy them to the user's own folder on the server. A more complex session might check for the amount of available disk space and if it is getting low, raise an alert for the system administrator (which would appear on the server Alerts Console) and then go on a trawl to delete unnecessary temporary files and search for common unauthorised applications, raising further alerts if it finds any.
When using Session Manager to retrieve all the files in a folder remember, if required, to select the include subdirectories option since this isn't selected by default. Session Manager channels can become extremely complex and you really need to plan what you want to do before you start building the channel.
If you have a Document Manager channel which delivers a number of useful files you may want to make it available so that people can subscribe to it if they want to. Since the files relate to a specific event, you only want them available during certain dates and times. But those dates and times are in the future and you want to set the channel up now so you don't have to worry about it later. Easy, just define a visibility window for the channel and set the dates and times during which the channel should be visible to clients. Set the autosubscribe option to force the clients to receive the channel.
Authentication can be carried out against accounts on the local machine Afaria is running on, a Windows NT domain or using LDAP. SSL can also be used with the LDAP option. In order to use authentication the NT Guest account must be disabled, normally recommended anyway. If the user is not already authenticated to a domain, there is the facility for the client to log in to the transmitter.
When authentication is in use, you can specify whether particular channels are available to a given NT local or domain/global group or LDAP organisational unit. The Security tab available for channels and transmitters allows you to specify which groups of users are to be allowed access. Note that you can only specify groups, not individual users.
For basic operations, Afaria is very simple to use. Follow the Wizard, publish the channel and you're done. However, careful planning and testing are required to get the best out of the huge range of options (not all of which have been mentioned here) available for most operations. This is especially important when you are supporting multiple device types since the criteria used for networked desktop machines will often differ from how you want to treat laptops or other portable devices.
Xcellenet run three training courses for Afaria. The main administration course lasts four days, which gives some indication of how much there is to the product as a whole. Add in the other one day courses if you need to install and configure the NT server or manage handheld devices.
ends
2525 words approx.