Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SW Deploymnt, Auditing, Rmte Control, Patch Mgmt for 750 PCs/90 sites 1

Status
Not open for further replies.

djhawthorn

Technical User
Mar 4, 2002
641
AU
Our current setup
I am part of a small team that manages ~750 machines (almost all IBMs; desktops, servers, laptops) across around 90 sites.

About 60% of the sites run their own seperate Active Directory domain (with upto 35 machines per site), the remaining 40% are smaller sites running only a workgroup scenario (with upto 5 machines per site). There are no trusts between any of the domains. Each site is a seperate entitiy, and this is a major consideration when reviewing potential products.

All the sites are linked via a secure WAN; with a central, single-point-of-entry gateway to the internet (firewalled, monitored, controlled).

We try and maintain an SOE across all machines; their configuration is basically the same, and so we use Norton Ghost heavily to clone images.

All machines are centrally managed for AV, and semi-centrally managed for patch management with SUS.

All the servers run a pcAnywhere host, all the client machines run NetMeeting for remote control support.

There are no local IT staff at any of the sites - all support is done remotely, with on-site visits where required (though this is not easy - some sites are inter-state or in country towns).

All users logging on have administrative access to the local machine, except for the domain controllers themselves, where the user has limited access.

All machines run a logon script, which in turn runs an 'AutoProcess' VBScript engine, which looks for and runs any scripts we deploy from time to time to aid in automation of administrative tasks.

What we are looking for
We are looking for software (free or at-cost) to provide one or more of the following items:
- Software Deployment
- Auditing (Hardware and Software)
- Remote Control (of all machines)
- Patch Management

At the moment we have the above items in limited fashion - for example I can audit the machines using a VBScript (as we have done) and get back their hardware stats - but we have no way of knowing about rogue PCs not running the logon script. SUS is great for deploying patches; but you wouldn't know if a machine wasn't picking up updates. So we are looking for better solutions.

Just looking at remote control packages, we are seeing at least 20 different capable products out there, which makes my job to report on viable vendors a living hell by the time I cover all four categories :).

Has anyone had any experience on packages that do any or all of the above, that would recommend their choice of product?

Basically we are looking for:
Software deployment
- The ability to build templates, and within that:
--- Report on discrepancies / machines that don't meet the template
--- Enforce templates (add/remove software that doesn't exist per the template)
- The ability to add/update or remote packages or products like Adobe Acrobot, MS Office etc, to select or all PCs/or on a per-template basis

Auditing
- The ability to scan a network and find all plugged in devices, interrogate them, find out what they are etc.
- Hardware auditing (machine specs, serial numbers etc)
- Software auditing (what's installed, license management etc.)
- The ability to centralise reporting of audited machines

Patch Management
- Centralised reporting on what machines need what patches
- Patching of only Windows security and MS Office patches
- Push-technology is preferrable, though not essential

Remote Control
- Ability to lock out the remote keyboard, mouse, and preferably blank the screen
- Scanning of subnets to find available hosts -- being able to scan remote subnets would be especially useful
- Being able to group hosts into different groups or categories
- File transfer ability is preferred

General
Given the large volume of PCs across so many sites - some of them interstate and all have no local IT staff - we have to take in to consideration the following:
- Deployment to client machines has to be relatively easy (batch/automated is the only solution for us - we can not affort the time to install software manually to 750 machines)
- Centralisation of administration is critical - to a central server back at the main office where possible; to their local server at absolute least.
- Ease of configuration (preferably command-line or registry hack) is important - anything scriptable with VBScript or the tools built-into the product is preferred.

I greatly appreciate any feedback people can give with products they could recommend, have used, or would consider a viable solution for the above setup.


[auto] MCSE NT4/W2K
 
There are several options availabe and I can't speak to all of them. However, I can speak to what we use here and that is SMS 2003. I don't see any of your requirements that aren't met by SMS. I don't particualarly like SMS's remote control (some do) so I use VNC for that.

Your domain structure MIGHT cause a problem, but SMS can discover through other methods besides AD.

It seems you've done your research. Have you looked at SMS and declined to use it for some reason?

-If it ain't broke, break it and make it better.
 
We haven't really looked too deeply at anything yet. The domain structure might change, and might have to be changed as part of the roll-out of new support tools - its something we plan for longer-term, and can investigate. The problem is for the workgroup sites, upgrading to a domain structure is not a cheap solution.

We haven't discounted any packages as yet - what we are trying to do at this point is two fold

- Work out our requirements for new tools
- Work out possible vendors/products that achieve those requirements

When we have that down pat, we will look more closely by trying and evaluating the short-listed software/vendors, and speak to the resellers about what their product can do for us in our environment/setup.

Obviously though to get a short-list, I wanted to hear other professionals opinions of products they use and would recommend (or not, as the case may be).

So I greatly appreciate your input; and anyone elses!

[auto] MCSE NT4/W2K
 
In that case I strongly recommend SMS 2003. You can take a look at some of its documentation here faq22-5224.

-If it ain't broke, break it and make it better.
 
If your organization has a tight budget, use some of the inherant features within Windows, i.e. deploy apps via Group Policy.
For remote control I'd suggest Remotely Anywhere, a cost effective remote control utility.

Otherwise if you can afford it, I second SMS 2003
 
My boss likes the look of Remotely Anywhere, and its been shortlisted.

There is a budget, but we are sort of looking over the next few years to aquire the stuff we need. Like Tivoli we can buy in modules to slowly get the tools we require over time.

[auto] MCSE NT4/W2K
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top