WWDC2004 Session 607

Transcript

Kind: captions
Language: en
good morning and welcome the topic today
for our first session is third party
client management solutions managing mac
OS x and the enterprise presenting is
senior consulting engineer john detroit
[Applause]
my fan club in the audience good morning
the dedicated few the ones who survived
the parties survive the week we're
whistling the tune to the longest day
this morning you know or or a briefing
too far or you know whatever so what
we're going to talk about this morning
is third party client management the
whole idea of this is we want to talk
about for you guys some of the companies
that have brought their solutions to the
macintosh that are beginning to open up
the space and it goes in and i will
throw in a little bit there's a really
interesting briefing later on today on
myths and mysteries of the mac in IT you
know you may want to attend that too
because this is one of those briefings
that fits in with that and that a lot of
people think there is no client
management for the mac and we want to
dispel that very quickly this morning
i'm going to talk about several
companies and we're going to stret
stretch it out to the point where we
want a good-sized Q&A for you so you can
get a chance to talk to all these people
client management lifecycle some of you
attended the desktop management session
yesterday and over the last year or so
you've seen this slide come up this is
our life those of us that have to manage
computers you know we evaluate systems
we incorporate hardware and software we
deploy the systems we manage them and
then we go back and we reevaluate and we
deploy and we manage and we reevaluate
and deploy and manage and so forth and
the idea is you can either manage or not
manage now
I do know there are sites that don't
think that client management is
important where their idea of client
management is well let's just give
everybody their computers and if
something goes wrong we'll fix it right
you know the martyrdom approach to
client management I'll stay around on
Friday and fix it when they go home you
know some of you laugh because you know
you have people in your organization
that expect that yeah it's my computer
I'll do whatever I want to it but when
it's broken it's your problem right yeah
yeah we've heard that before well these
are some of the tasks that we have to
deal with in the client management space
and look at this I mean this probably
fits most of you have had to react to
one or more of these tasks on a daily
basis doing asset management where did
it go you know we got a doc pallet full
of systems in and they disappeared where
are they what's on them what are we
doing with them imaging a big things
going on today you know we could run
around with a pack of CDs or a firewire
drive we could image all our computers
one by one you know and then when you
turn around and you look at a one-to-one
deployment we have where there's twenty
seven thousand computers you know at 40
plus sites or 300 plus sites and you go
well that's not going to work so we have
to figure out a way to image these
things accurately and well we also have
to deal with software distribution
because you know for a fact that the
instant you finish getting your image
deployed we're going to release a
software update or a security update or
you know something because you know I
mean it's just the law of nature works
that way then we also have remote
control the helpdesk stuff or the
training stuff a corporate training
center a teaching lab where I want to be
able to reach out and grab hold of
systems my favorite piece of that is
being able to just lock a system up and
say no stop okay we're not doing email
now we're doing this you know that kind
of thing usage management keeping the
users on track okay this doesn't
necessarily mean you can't launch
something although it does but it also
means
keeping the systems more in tune with
what the policies and procedures are the
acceptable use stuff you know not
putting software on systems you
shouldn't have being able to use the
software you want in a teaching
environment and education it comes down
to if you sit down in front of a
computer and the instructor wants you to
use a piece certain piece of software
that's what they want you to use they
don't want you off here doing something
else license management key thing okay
fact it's tapered off a bit now but just
think of all of the articles we saw in
all the IT magazines and info world and
so forth what's everybody talking about
all the lawsuits flying around you know
company a bought one comfort one copy of
such and such software and they deployed
at eleven thousand times and thought
they could get away with it you know or
didn't know they just got a copy in for
evaluation and somebody left it on their
desk and next thing you know it's
everywhere okay patch and upgrade we're
back to that I did the image but now I
need to upgrade my systems i need to do
lots of them and then the helpdesk
management which is the call for help I
need something take a look at this for
me you know talk to me my favorite one
is the email message you get that says
the internet is down do you respond to
them by email telling them that you
don't think so or you just call them on
the phone and go really is it there are
days when we wish it actually just would
go down and stay there for a while well
let's take a look at all the different
players alphabetically I'm going to go
through them except for Apple I get away
with that Apple client management
solutions we have three primary pieces
that we play with in apple remote
desktop the net food netinstall
technologies and managed client for mac
OS 10 apple remote desktop and no i'm
not doing another one of the demos for
nader for those of you that have sat
through those this week the apple remote
desktop is designed to support software
distribution asset management some
remote administrative tools and the
remote assistance or the
help desk stuff in a nutshell we handle
distribution and updates by the way of
copying files packages and so forth out
across the network doing remote installs
we can do asset tracking through reports
and we can do remote administration we
can control and observe workstations one
or many we can also copy and delete
files on a system and one of the ones
that everybody likes to brag about is
the sending unix commands that can be
done out to a whole lot of systems so
yes you can send one of that rmdir dash
are you know yes you can and you might
get a response back you can also do
remote setup where if you're working in
that boot technology you can change the
startup drives and with ard 2 point 0
you can change the startup drive to a
remote network drive or if you're
already booting across the network you
can change it back to a local drive and
the screen sharing screen locking and so
forth in the opening of applications as
part of the remote assistance piece and
from a cross-platform perspective we do
support the BNC protocols to be able to
take control of Linux Windows machines
and so forth and to be able to share
screens and be able to take a management
control of those systems netboot network
install technology the netbook network
install technology is the idea of
booting a system off of a locked image
stored on the network so that when the
computers come up you know no matter
what happens and those of you that have
taught in a training lab understand what
this is like you're in there you're in
there and you're looking at the students
and you're saying okay you're trying to
take them through some package like how
to use a browser or how to do email or
anything and all of a sudden the people
in the back row you see their heads
disappear down below the computers
because you know and they're down there
whispering furiously to each other well
they did something they Dorf tit right
well with netboot what you do is you
just reboot the systems and what it does
is literally peel off a brand new copy
of everything and it starts up again as
if it was never broken in the first
place we can support mac OS 10 and mac
OS 9
images with netboot technology and the
images can be anything I can have
complete image sets I can have depart
mental image sets you know the staff
versus the technical support people
versus the people in the library versus
the people in the research department
can all have completely different
netboot sets I can have a diagnostic set
so instead of me running around with a
bunch of CDs or a bunch of floppy disks
or firewire drives or whatever I need I
can actually netboot to a complete set
of diagnostic tools and then work on the
system i can do installers automated
installers the automated installer is
what we call the unintentional install
where the system a little you boot to it
it automatically erases your drive
installs the operating system and
everything and it's really fun to have
somebody who has a good system sit down
and accidentally do that that can be
really fun now a racing hard drive and
you can do upgrade sets so that you can
also store packages and so forth out on
the net and have them available so you
can do an upgrade now single image can
span multiple servers or you can have
multiple servers supporting a single
image for throughput so that you can
have this the single net boot image
sitting on a whole cluster of excerpts
we like to see that net booting a whole
bunch of machines and the pictures
you've seen this week of the University
of Tokyo netboot lab that's what they're
doing they use a single image but a
whole cluster of servers and it load
balances manage client for mac OS 10 is
in a nutshell the ability to set up a
defined experience for the end user and
it can be done by user level group level
work group level or by computer level so
i can define the settings for different
machines its network based preference
management it supports complete settings
control over things such as my doc which
applications that can or can't launch
what items are mounted for me during the
login process whole lot of other
controls and it is part of the directory
but independent of any specific
directory service
so if I'm using LDAP or Active Directory
it doesn't make any difference I think
the information is stored within the
directory architecture and the end users
just the system builds the user
experience at login time and shows them
what they're allowed to have and it also
supports one-to-one deployments with a
concept called mobile accounts which
under Tiger will become mobile home
directories and that is the ability to
cash down the information so that when I
separate myself from the network the
settings that i use on the network stay
with me and that comes in really handy
environments where you give a company
owned portable to somebody but you don't
expect them to have full-blown access to
it when they're away from the company
net okay you want to manage it so that
was Apple alturas I'll terrorists have
some really really fascinating stuff
that they brought to the IT lifecycle
management for the Mac they have a
completely heterogeneous cross-platform
environment and here are some of the
tools that come with the Alturas client
management suite in that they support
mac windows the unix platforms linux and
some of the handheld os's they have a
client management suite that includes
right now the inventory solution for the
mac its asset management asset tracking
for the for the for the max so that you
can include that for your keeping track
of the hardware the software what's
installed you know how much RAM you have
that kind of thing and then the software
delivery solution for the mac is going
to provide application and update
support across the net for the mac users
and one of the best parts is is that as
usual you know you don't want to have to
go in and immediately from scratch start
customizing things to what you get is a
whole series of prepackaged web reports
that let you automatically begin
managing your assets without having to
create your own custom reports from
scratch here's an example of one of the
report screens an idea of some of the
kinds of things that we're looking at
and this is you know it's showing me
things drive drive information
information for the computer and so
forth pretty good tracking information
on the system I also notice that it has
a Microsoft five button mouse attached
server-side component that is what it is
windows server based it uses a web-based
admin console everybody talks about how
they want a lot of things web-based very
very good very very good for that role
in scope based security to make sure
that you stay within the limits that
you're allowed and encrypting the
transport we don't want all the asset
management information to move across
the net and the clear plus things like
adaptive display technology so that we
you know you can handle that the I don't
know if they handle the spoken interface
stuff that we've just introduced but
that is a definitely something that a
lot of people look at for qualification
when they bring their software in the
plug-in to play the shortcuts and
wizards obviously something to help you
get up to speed really quickly so that
we're not spending a lot of time
learning how to use all the different
pieces and extensible is obviously a
requirement in that we want to be able
to take the architecture and say you
know I always need the one more thing
and it's really good not to have
everything boiler plated for me another
idea of a report from them is going out
and looking at all my systems on the
network and getting a pretty decent
report of you know what's there and you
notice that doing it as a web-based
report makes it really simple you know
pick your browser and go for it the Mac
agent important to the Mac community is
the fact that it looks like it's a
Macintosh piece you know it does follow
the look and feel of the Mac some of the
features that I like in this are the
ability to be able to do block out
periods where i could say you know at
this time i don't want things being
brought to me you know there's a period
which work gets done versus updates get
done checkpoint recovery the idea of
being able to say you know what if we
get an interruption during the update
process or during the during the
reporting process and we want to be able
to say you know resume at a later time
and then things like scheduled wake ups
for the systems you know night time we
want to do the updates at 2am so we wake
the systems up and we'll take care of
the reports the inventory and so forth
and then being able to do client-side
logging so that we can keep track of
everything on there and see what's been
happening with it the road map for
alturas the inventory solution for the
mac and the software delivery solution
second half of 2000 for the deployment
solution with patch management and the
remote control portions are slated for
2005 and here are some of the customers
that will definitely crow about what
alturas has been up to this is the first
of many reminders that the enterprise IT
lab from noon to three today is going to
have these companies all these people
are going to be over there to be able to
answer questions and talk to you about
stuff and get a chance to take a look at
some of their solutions file wave file
wave is software distribution and asset
management for the Mac there a
cross-platform desktop and portable
management solution provider and they
provide their solution fully native to
the mac OS that's both client and server
are native to the mac OS the file wave
products they have software distribution
the software distribution uses that mac
OS 10 based server captures all the
asset information from the clients
cross-platform and provide you with a
series of reports and information that I
need to be able to do my job from a
asset management point of view and they
are fault tolerant and that they have a
mechanism built in to allow for what
they call boosters on the system where I
can have more than one server out there
capturing the information and I can fall
back if one
available i can fall back to another in
the system maintains of resilience that
way asset trustee is it is the asset
management piece in that what i can do
here is I can use a client driven
environment where the clients will pull
information from the system and then
provide the reports back to the
databases the server itself runs as a
unix-based demon it has an admin process
and a file server process for the client
requests very scalable using this
booster technology so that instead of
having just one server to worry about I
can deploy multiple servers out on the
network the administrator driven model
is the idea of you define as the
administrator who gets what packages who
gets what parts in the distribution and
at what time I can also under file wave
I can drag and drop install so for
instance office as an example is a
drag-and-drop install so i can take
office and i can drag it into a file
wave set and it'll just deploy it to the
machines that are in that set i can also
do customized installs where I could
take snapshots of systems like build a
known good system take a snapshot then
install a bunch of components on it and
then take another snapshot and then I
can install that new snapshot onto my
systems across there across the network
very easy to use here's an idea the
admin screen with some of the things
that brings up we have file sets the
clients and groups that you can manage
very simple
the file wave client unix demon under
Mac os10 a service under windows it
basically the client just pings the
server for an update when it's time for
it grabs the manifest from the server if
there is an update and then pull the
solution down from the storage from
storage so we have a this in this case
it so when the client needs to go get
something it goes and gets it is not a
push it's a pull system at that point
and here are what some people have had
to say about our friends of file wave I
like the extra plug for netboot you know
netboot is cool
if you want to visit file wave you can
either stay here in San Francisco or you
can go to Switzerland if my boss is
around here somewhere i have to go visit
file wave but they keep asking me it's a
short trip right landesk landesk used to
be part of Intel landesk is its own
entity now they're out in the client
management space fully cross-platform
very good client management suite
there's a look at some of their products
the solution you know and one of the
things I really like is i love i love
the graben graphics from everybody for
this stuff I mean this is this is my
this is my client management diagram
redone asset management remote control
problem resolution patch management
software license monitoring and software
distribution across Mac OS 9 10 linux
unix and windows all from a single
console that's I mean didn't that that's
what a lot of us would like to do from a
server side they use a pc server based
environment to host the core of the
management process but it's accessible
from an administrator point of view
using a Macintosh browser and that it
what it comes down to is that the admins
see exactly the same thing regardless of
whether they're managing max or pcs okay
very scalable and the security model
obviously it's using encryption we want
to be able to keep the asset management
tags and all the information that we're
watching for on the network we wanted
encrypted we don't want that stuff just
wandering around on the net and here's
an idea some of the pieces on the
landesk side as an example we have an
update the policy manager found a found
a new update for the system and the user
is getting ready to click whether or not
they whether
it's going to get installed down to the
computer or not and then also looking at
the system and seeing how many times the
software has been launched tracking
software usage and so forth so we
support mac OS 10 to 10 3 and mac OS 9
Directory Integration is key directory
integration is an important piece with
policy based management and the ability
to do both hardware and software
inventories okay remote control
management taking charge of systems
remotely and doing distribution with
multicast multicast as a key key item
and the fact that when you do unicast
broadcasts versus multicast broadcast
you're talking about bandwidth and the
cost of you know network usage and
having it localized into the various
languages you know makes deployment for
multinationals definitely a bonus here
and here's here's the everything I can
do slide and if you look at this we're
actually looking at all the devices that
are out on them out on a system looking
at the computer you can spot the
computers that are sitting there looking
at the tasks that are scheduled looking
at the patches that are set up to run
looking at all of the different
inventory information that's available
up here and at the same time and this is
this is something always makes me just
you know kind of you wonder every time I
see a PC window with a mac screen on it
it's just it's always that's fascinating
to me but then it's you know it's kind
of like the same thing that when we did
the ard ard demo and we were showing the
windows screen on that you know when you
go back and forth between that with all
the different products I think that's so
cool that we can go back and forth you
know and share screens and look at
everybody else to stop it it ought to be
that way you ought to be able to just do
it right and here's some comments on
land desks and the customers
the resources for landesk and that this
information will be available again at
the end of the session and over in the
IT over in the enterprise IT lab once
again from noon to three make sure you
stop in and take and take a look at
these guys marimba another significant
player in the client management space
changing configuration management
cross-platform unix windows mac alright
very key desktops portables and servers
the whole gamut software delivery
getting a software out to the systems
installing the software providing
updates when needed being able to get
information inventory management asset
management checking on checking on the
status of that deployment what's
happening you know has everybody been
upgraded where are they in the process
okay from a client management
perspective we're talking about managing
software change you know we have known
good systems that go out you need to
modify that to get new software you get
updates you want to be able to manage
that entire life cycle so being able to
package applications being able to
target the distribution to specific
systems that need it and being able to
follow compliance of that we don't want
to turn around and say well we bought 30
licenses of this but oops we
accidentally installed it on three
thousand computers you know you know
we've heard the term unattended
installed right you want unattended
installs happen at nine o'clock at night
when the traffic slow and everybody's
gone except for the guys who are still
playing unreal tournament down in the
graphics lab well we also have the
unintended installs and that's when the
oh I really only meant to put ten copies
of that out not 10,000 okay and I bring
that up now because I've been getting
those two terms mixed into my language
all week long and I thought you know it
would be really great to tell you that
this company supports unintended
installs and I don't want I didn't want
that to happen so I got it out of the
way
ongoing management obviously we want to
track what's going on we want our assets
track we want to know what's on every
system you know if somebody comes in and
brings the Walmart CD in over the over
the weekend and sticks it on their
computer we want to get a report back if
it that isn't supposed to be there and
collecting inventory information here's
an idea of looking at some of the
information and seeing what's out there
this is the tuner to be able to go out
and say here's here's the information
that I want to subscribe to with the
updates for various packages so the
administrator can set up what they want
made available to the users and we do it
from a centralized point of view so what
we can do is there's obviously arrange a
common tasks that we want so that the
users get guided through the normal
stuff you know the users being the
administrators get guided through the
normal stuff of what they want to be
able to put together and then the idea
centralized administration we're back to
that I have thousands of workstations or
tens of thousands of workstations and I
don't want to have to run around every
single site department or group and make
this stuff happen okay setting up
policies based on users and machines we
want to ensure policy based management
what we have to have here is the ability
to work with the directory architecture
that exists that we can define who gets
what when based on a directory that's
already in place and to be able to do
updates the version list update idea is
doing patch doing patch update
management based on the parts that are
common without worrying about you know
which version of the software we have
versus also being able to do patch
updates you know from 1.12 1.11 and so
forth and then being able to verify
verification is absolutely essential all
too often I've seen cases where we put
out updates and stuff to 100 machines
but you get no
feedback that all hundred machines got
it and getting verification back is
absolutely essential policy compliance
notice the graphic up here I like this
that we're looking at it's saying that
how much of the package the green shows
that they are compliant either at eighty
percent seventy percent you know in red
they're showing the non-compliant how
much their non-compliance how much
they're outside of policy and then the
blue is they haven't reported in about
that stuff but you look at that and you
go oh okay you know green is good I mean
as an administrator you know we all
think yeah you know I can complicate my
life a certain way but green is good i
can just you know look at a report and
go oh yeah okay cool we're set
everything is nice inventory discovery
predefined reports help set up your
environment for you so that we can turn
around using a browser and we can get
the report we can graphic we can graph
these out and say you know here's how
much stuff i have and get the charts out
i can also scan on a schedule and say go
and check all the ram go and check all
the hard drives how much hard drive
space that are already using how much
rams everybody got just go and get that
stuff check the components the marimba
components for me and see what's going
on plus it i can also not use the canned
reports if i don't want to i can
actually go out and I can do interactive
queries with this the client detail
designed for mobility designed for
offline use okay the idea of the key
things here or the checkpoint restart
okay that's number one in that I want to
be able to if I'm busy doing a check if
I'm busy doing a report if it breaks
from the network it will come back and
restart right at the checkpoint and the
fact that it's multi-platform is very
important okay now marimba has been
acquired
and they are adding in the remedy you
know the it's remedies being added in or
marimbas adding remedy to the yeah BMC
software is requiring them so they're
going to be using remedies coming in
over top of marimba to add functionality
to the environment and what we're
looking at here is to be able to expand
the capability to be able to do
repositories dynamic discovery of
systems okay being able to dynamically
capture systems when they show up to be
able to support literally everything for
applications code changes in the system
and once again policy-based okay and to
be able to do all of this stuff from a
central location auditing and so forth
with the key goal is you want to reduce
the amount of time that as an
administrator you spend trying to stay
compliant okay compliance management is
a key thing here where you want to spend
the least amount of time keeping up and
here's just a few the marimbas customers
hardly huh
okay Harley Davidson and NASA there's a
meeting and they will be in the lab the
enterprise labs you can take a look at
their stuff okay netopia another key
provider in the macintosh client
management space netopia easy to manage
client administration's remote support
admin absolutely fully cross-platform
Timbuktu Pro Timbuktu pros been around
for quite a while a lot of people have
been using Timbuktu Pro to do remote
control observe and so forth file
transfers copies one too many chatting
instant messaging and so forth and net
octopus for reporting asset management
checking on your hardware checking in
your software doing remote setup setting
system settings remotely being able to
grab and install software data files
folders packages across the network okay
here's some of the stuff within the net
octopus admin gathering font information
transferring file folders virus scanning
restarting put to sleep doesn't apply to
the users
oh that bill over in accounting let's
just put him to sleep for the
administrators you can also run this
peer-to-peer so you can do point to
point okay you don't need the server to
get in there you can just go point the
point and do one machine to another
machine control manage and do asset
management from point to point point of
view and you can use the internal
database within net octopus or you can
point it out to an external database
such as Oracle or any of the sequel
stuff db2 and the software delivery
system we put one distribution server in
place and then you can set additional
staging servers out it is a pull based
environment from the clients once the
clients have been told that there is a
manifest available or a load set
available form then they will they will
go and get it based on the schedules
that are established and you can also
create sub administrators and limit
which tasks the sub admins can do so we
say I you know I want people to only be
able to do this small component of all
of the administration here's a couple
more screenshots for instance the
software package setup what do I want to
install what parts do I want to go out
and then the log coming back from the
distribution center saying what happened
what was I doing for the end users use
Timbuktu the idea is the chatting the
text messaging and so forth between
systems but it also has the opt-in
capability where I can say is a user no
I don't want to be bothered right now
don't you know go away and I want to
talk to you okay and that octopus agent
includes the smart monitoring same stuff
that we use on the X herb okay to be
able to give you a warning when the hard
drive is going to get weird or something
you know when we want to react to that
a couple more screenshots this is the
timbuk2 chat sending files exchanging
files and screen sharing roadmap for net
octopus some of the things they're
planning in the second half of 2004
they're talking about adding in patch
management for mac and pc clients
putting in a software license manager
putting in a web-based UI for net
octopus integrating with rendezvous and
integrating with Active Directory all
key things to watch for ten million
computers worldwide and once again
netopia will also be in the lab and
they'll be up here as part of the QA at
the end of the session sassafras
software k2 highest mountain in the
world that depends on you know where the
laser bounces key auditor and key server
integrated auditing license management
and reporting capability it sounds very
simple but it's actually very key very
very very important parts of the client
management space okay with a scalability
that has no limits to it because the
amount of traffic that actually moves on
the network is so small it literally
scales you know well they won't claim
infinitely but it's it's very high
cross-platform support including thin
client support mac pc linux the stuff
that's out there everything key auditor
and key server what do they do key
auditor perform software audit it tracks
the OS it tracks the hardware it tracks
all the stuff that's out there it
captures software that's on the system
regardless of whether you want key
server to care about it or not
everything so if somebody installs
something on the server any executable
installed on a server or on a client if
key auditor takes a look at it it will
find it
okay so if the user thinks he can get
away with you know shipping the golf app
into his home directory more work it'll
show up and they audit ok key server
itself active control of all licensed
types this not only includes the generic
you know I want to control an app that
doesn't have a license I just own
licensed software license copies but
even as granular is saying I have mac
address based unique licenses and I have
to track those like the prolapse right
being able to track the prolapse okay
and if you have multiple licenses out
and a client and you realize that in
your reports you can go back and I can
reallocate and reclaim licenses that
don't get used I look at a machine and
found out I put a bunch of software on
there that for the last six months they
never launched and I can go back and I
could say no I don't need that anymore
and I can pull the license for those
people and they can't use it software
anymore the reports and databases very
intense a bunch of built-in reports
detailed audit these are just some of
the reports that come up under the menu
pick a few the daily license report a
hardware report what kind of logins have
we seen what kind of usage are we seeing
from user versus application you know
how many licenses times how many users
are out there give me a weekly give me a
weekly program report of what
applications have been used this week
you think about the end of the year
comes around and some company sends you
a bill and says oh it's time to renew
your twenty seven thousand dollar
license for the software you bought and
you go back and you find out you used it
for 11 hours you go ooh that's expensive
all right and then
you know you your audit but obviously
you got to follow up so you need to do
software compliance with that okay this
is the this is actually where I told
Johnny said this is where the unintended
incremental software update autók came
in this is the IRS shows up and checks
you the unattended because the system
itself will actually performance audits
in the background doesn't involve any
admin or user interaction okay new
computers and applications that show up
on the net or automatically discovered
and you can establish automatic policies
you know if I only want 30 copies of
this software to be used user 31
launching the software will be stopped
in their tracks being told no you can't
do this okay and you can then go back
based on this and make your software
decisions for deployment based on the
actual usage of software versus how many
licenses you know you've all seen that
TV commercial where the guy goes how
many do you want right the cardboard guy
that goes on to the door and we can
actually track and one of the things
that's interesting is being able to
track application versions you can track
applications for instance you can track
all the uses of Photoshop or you can
track all the uses of Photoshop version
you know 10 11 CS and so forth all
separately you can track version of an
application of all the 1 dot x versions
or all the one dot ones versus the 12 s
it admin console cross-platform we can
configure literally from anywhere in car
parks your powerbook around launch the
admin console plugin start making
changes okay organizing things by
organizational unit where it says
separate divisions you think of
organizational units that you do for
your management okay and I can create
license records that I track for every
single different system okay every
different application every mix and
match up to your heart's content
some comments from the k2 customers
so for more information once again the
lab noon to three okay go grab a bag
lunch go there you will definitely
definitely benefit from the experience
okay I just plug that in in the middle
of everything additional resources for
tracking down stuff recessed for a
software okay they're up in New
Hampshire go visit nice country okay
that white paper is you you want to you
want to download that take a look at it
good information there and they did a
webcast the Mac os10 labs group you can
take a look at now those are the key
players that I'm going to have up here
for QA here in a couple minutes I also
wanted to let you know that in the mac
space there are a whole lot of other
players out there that are doing client
management okay and just as a real brief
mention is an idea of jam software with
Casper for software imaging and updates
faronics deep freeze for management and
control of the systems basically locking
a system down that the user uses it logs
in does their thing and when they log
out it returns it back to its known
state okay autonomic with the answer
patch management solution and integrity
software was soft track there's a lot of
client management people who are very
very much investing in McIntosh and Mac
OS 10 it's not the oh yeah those things
just go in the graphics department
anymore you know now they go in the
graphics department and you can keep
track of them and not feel you know like
you're doing something stranger under
the table so we're going to do a Q&A now
and what I'm going to do is invite up
the key players from alturas landesk
file wave netopia sassafras marimba and
I'm going to have them introduce
themselves we're going to let you ask
questions of them okay and here's my
esteemed panel group if you guys want to
go ahead and come on up and will I
promise not to bang the microphone on
the table they told me not to do that
guys just line up as if the firing squad
was right here yeah put your toes on the
line you know okay thought was the
longest seen in your trousers they don't
know me okay we won't do basic training
but I'll have you guys go ahead and
introduce yourself what company so you
sound up already my name is not the best
men from netopia and I'm the R&D
director for on that octopus development
hi i'm jane from marimba and a senior
product manager over their clients
desktop management suite hello my name
is Steve workman and I'm the director of
product management for landesk software
good morning i'm jerome brookhaven I'm
the development manager at all tariffs
for macintosh product I've the names
been for sighs I'm the technical manager
at smiling hi I'm John Hamid am director
of marketing list a Sephora software
cool so we get people lined up the
microphones are on center and we have a
question right yeah Aaron kubo from your
net does anybody support router or
switch auditing and discovery or just
machine-based you know in that
occupant's we have our enemy SNMP
Council and it does discovery of all
devices out there network that
can talk FMT we also support a whole
range of special lips and if there's a
myth that you need to be looking at we
can in compile it in them and put it
into this product that's not a problem
it's part of landis management suite we
also have a component called unmanaged
device discovery that will discover
those types of devices anything with an
IP address we can pick up well with our
asset trustee products we have an SNMP
scanner that will skim network Bernie
SNMP talking device right thank you
after July fifteenth will have a network
discovery product remedy actually has
something that does asset discovery in
those elements remember handles more of
the actual systems themselves thank you
cool gel nation saint-meran is clever
restaurants I don't know we have complex
installations so things that aren't
normal and I want to be able to do them
on my clients without them actually
seeing it going on does any of the
software that you guys have reduced to
do that so with file wave there's the no
user interaction available or needed the
administrator sets up the complex
install and captures those files and
places them in the file wave server and
associate them with the groups of
clients that will download those then
the clients check with the file wave
server core that software they
downloaded automatically install
so yeah the same is true for a doctor's
and you can build really complex and
salacious characters you want with
dependencies whatsoever and you can even
also specify how much use and they
actually want on the client end and
plans can even do for package
installation for a later time and during
the day or a couple of days later and
you get full reporting of what the user
choose to do with the package we have
various modes of installation so you can
either do silent semi silent or a
full-on custom install so it really
depends on your environment and how you
want to set up and then our packaging is
all based on you can do it based on
policies you can set what users get what
type of installs of our machines and
remotely deployed out to their systems
that way we have a lot of the same
functionality as well that you can set
up in a policy based or push base for
either transparent client installation
or request client input as well Richard
oh it's over here first sorry Scott lamb
the University of Michigan I want to
bring up a topic we don't normally get
to discuss that conferences like this
and that's the actual cost of Licensing
I think Apple has got it right licensing
by administrator licensing by the number
of computers or computer access licenses
are not the way to go it gets
perceptively expensive I can say no to
an administrator license I can't say no
to a new computer I would prefer to see
more licensing based on administrators
than based on cam number of computers
[Applause]
we got it we got we got to follow up I
just going to ask you to clarify what
you mean by licensing by administrator
I'm sure that some people understand
your intention but others may not it's
Isis ask for ask for the love you get
mark me aside some sassafras cause I
love you guys okay the way the way ard
is license right now we license by the
number of administrators so I buy a copy
for each administrator that's going to
use the system where I by netopia I
license by how many computers i have and
my computer's go up exponentially the
other problem I have is when you have
those ghosts computers that seem to get
in the way of to count not being
licensed for that now and I don't even
know which ones are real and which ones
aren't so you're asking for our products
free license that way correct I'll begin
up advis I guess a lot of other people
and things to say that by the way key
server or k2 from san siro software is
licensed both by individual node which
most of you are familiar with many of
you are but we have a new licensing
program that we've introduced in the
last year that allows floating client
licensing and it doesn't sound exactly
the way that the name implies but it's
it's it's very very useful and
especially in higher it's and k-12
education sites maybe I just add / file
way for higher end especially we have
special licensing where we offer
low-cost licensing still based on the
number of clients but good feedback and
low Carter is relative music low cost is
relative yeah well okay that's
interesting feedback will take that into
consideration there are parts of our
product offering that we do license /
administrator or per console on a
concurrent basis so we are seeing the
need for some of that and like I said
we'll take that feedback and take that
into consideration as we look forward
one thing to note we do we do license by
on point clients but we also have
enterprise-wide packages part of the
reason why we do this because we have
some customers they have
point flex music match so it really
depends on your environment and so the
complexity that you're asking for the
endpoint to change the licensing it also
goes back into the support what does it
take to support the number of endpoints
users expectations or quality of service
she's got to put debt into the licensing
mix as well but my purchase is going to
be based on the car not based on your
car and you always get which pay for
right that's keeping in certain
environments we also do a global company
wide or universe device licensing
schemes where we do not count each
individual computer but you get just a
company-wide license and that may work
for you but you should talk to us if you
haven't seen re-elected cool okay okay
hang on to it for a second Richard I
reticulation università micros labs
first I want to make a comment you
didn't mention any open source tools
that a lot of people are using and
enterprise deployment so example rad
line and a lot of big companies are
using it so people in the audience it's
open source free you might really
consider looking at that before you you
pay for a solution what you might not
need to second what type of installers
do you guys support you do support
package installer advice you have to
repackage installers to use it with your
solutions distribute applications we
support a wide variety of package
installation formats the key thing is we
do have with a lot of the Installer
products out there on the market today
if you want to use various ones are
available they can put a wrap around it
and push it out to our technology we
have different agents that are available
that you can create custom installers
for if that's what you want to do we
also support you no third party package
installers and can provide you know once
they're packaged up we can then through
the top of distribution either push or
pull base but it was too broad
third-party application support
we have a similar story at out there if
you have something that's been packaged
through one of the third-party creations
you have you guys different facial or
Latin or any of them you know we'll be
able to push those out similarly on the
windows side of the fence we have
recently acquired y solutions and have
installer technologies available through
that as well with my always the paradigm
is a little bit different let me say so
we we actually don't deliver installers
necessarily we deliver the files that
get installed so will support any
installation essentially k2 from
sassafras has several rapid deployment
technologies available both on Windows
and Macintosh and I tech support people
can tell you a lot more about that right
now office fully supports all kind of
installers including applications mpk
cheese and we even teamed up with my
vision software and we ship a special
version of my version software installer
wise allows you to repackage software
and we have a snapshot utility also in
the product on the Windows Phone we
fully support msi installations and all
of the other installers out there full
integration is reporting etc with
regards to distributing your software to
both desktop and portable clients how
many of you support interrupted and then
resumed downloads through your software
that's the checkpoint restart component
that we talked about and we actually
even for our own client we have remote
deployment of the agent out to Dan
points as well so after you've
discovered it through our discovery
component you can fish
yeah we ought to support and resume
installations when mobile users and move
to a different spot or get from the wire
to the wireless network that's fully an
automatic behind the scenes we are
support and installing our initial agent
and throughout the network for the
automatic so you don't have to do this
nicorette to install our own agents and
with the next version we will also
support that for mac OS 10 where you can
get the agent automaker's 10 even though
there's nothing on that machine besides
my gosh 10 yeah support for mobile
devices is paramount for the Landis
product and we also provide the
checkpoint restart dynamic bandwidth
throttling those type of functions sport
interrupted distribution of software at
altiris we also support what we're
calling checkpoint recovery and we also
have a bandwidth throttling mode so that
if the bandwidth isn't sufficiently high
will either not send it or will send it
to slowly so that we can better manage
network traffic with file wave the
client is not necessarily connected to
the server at any time so laptops can be
away for weeks or months and when they
get an active network connection and
they can see the file wave server they
login and download their software if for
some reason that I guess the guys call
in the checkpoint so if for some reason
that the network connection is severed
the client will pick up where it left
off key server key auditor works in
concert with other software deployment
tool so we're not the point software
ourselves but rather were deploying
licenses through a very unique approach
that manages not only shared views
concurrent use licenses but also manages
mode-locked single computer licenses
will Jorgensen Pacific Northwest
National Laboratories so for those of us
who are considering client management
solutions that are out there a lot of
you have very similar features central
management patch management asset
management
and could each of you take a second to
give us the one distinguishing feature
or whatever you think makes your
particular problem better than others so
that we can help John did we have 30 can
do yeah keep it short I told them I told
them they could do that but they get 30
seconds of peace is the elevator pitch
so yeah go ahead guys we got on key
server has been in the marketplace in
1989 we are one of the pioneers and
software asset management focused
towards software license management for
many years a number of years ago we
introduced all software auditing
hardware auditing and integrated those
two products into K to our unique point
of advantage is that we manage any type
of a software license not just shared
use licenses where many products will
resort to auditing to figure out how to
manage single user mode like licenses we
actually manage them in an active
process and we integrate all of that
together into a web-based management
console with file wave and NASA trustee
where a Macintosh centric solution let's
say so our servers are running on the
macintosh and I think what distinguishes
us is where a mass deployment technology
and a mass collection technology so
where computers are coming and going on
and off networks file wave can handle
those situations and be able to deploy
from one location say in the US and you
can deploy to clients throughout the
world when you buy an alterra solution
you're buying a rich history that
started on another platform but we have
tremendous web reporting and that makes
it easier saves time and I think we have
a death in our reporting capabilities
that may not be found in other solutions
I think the biggest value proposition
for land of software is our rapid x
value what I mean by that is you can
actually take our solution and get it
installed and using it and getting the
payback from our feature set which is
highly integrated all driven from a
single console again the value
proposition for an IT manager is that
you can manage all devices regardless of
the platform the same way we're also
very committed to the Macintosh platform
as you can see in the pie chart that was
put up earlier we nearly have all of
those pieces filled through inventory
software distribution patch management
software license monitoring and remote
control and we're going to continue to
innovate on the Macintosh platform and
from that point going forward our key
differentiators experience and
scalability virginity we have customers
that range from 500 to 15 million
endpoints so if you look at like
musicmatch that you've seen on your iPod
we've been running on those for uncensor
inception other things that when you
look at our particular products you
think about policy orchestrations we
give you the choice push versus pool
based on policies that you set up for
users or machines so you can formulate
how you do your targeting and
distribution from one single console
based on your company or your business
versus based on our technology so its
flexibility scalability and policy based
orchestration okay for the netopia
products I can say that we are probably
the longest time of the Macintosh
platform starting in the late 80s and we
are fully cross-platform with and the
council mg client your most parts using
the same source code base so and you get
really all the features on both
platforms can manage the clients on both
platforms reactions burn and we are
trying to design everything for the
mobile users if you look at also for
distribution system it's really designed
for the mobility of the users do any of
your products support post install
actions for example apples installer
includes the
vision for about the pre-flight and a
close flight script I've been using the
post flight to do things like repair
permissions after the installation is
completed our application packager
enables you to do both post and pre
install components so if you need to do
sequencing of installations versus
actions after the install like kick off
a particular application run an
inventory scan report back to the system
on compliance we have that built in to
the park today yeah we have a similar
approach to if we can provide chaining
so one event can take place with
preconditions associated before that
event is required so we can do job
Cheney to accomplish that that question
that yes ok Altera's also will deliver a
dependency based solution and we also
have an application that can be run
after installation with my wave week in
schedule actions at particular time so
you can schedule a post installation
action to run any kind of scripts you'd
like margon keeps giving away a
microphone so hang on to a system send
it through phone that octopus you can do
whatever you want before installation
option sedation or part of the package
and as I said we've bundled my visions
were a version of my division it's
otherwise where you can also put your
own custom pre-fight and post-flight and
shell scripts and the software delivery
system also supports executing shell
scripts as part of the installation
process rich
can tell me if your product support a
trip wire and how what mechanisms you
use to check the file system object
never know where to begin here we do not
support required today that's something
that we are actively looking or roadmap
so if you want to stop by our lab after
work we'll be more than happy to talk to
you about your requirements how do you
check their file that something's not
been corrupted or modified compared to
what you're distributing right okay so
that's different we do we do do what we
call an md5 checksum we use open source
of scripture technology that we
co-developed with Microsoft your back in
98 in that particular piece what we do
is we do a check from an md5 checksum on
the file base to see if anything's
changed in that digital fingerprint if
it's changed on that digital sticker
print then you can either do an
automated repair based on the backup
that's stored in the workspace or versus
something and go to the head point to
the server to do you set that up in your
installation piece or you can do other
things like do a help desk a remote
admin to the machine to fix some of
those elements of the teachers any
corruptions versioning would file way we
have a self-healing mechanism that works
on a checksum essentially that every day
or every time the computers restarted it
checks the integrity of the deliveries
that you've made in any files that are
not matching the checksum automatically
downloaded and activated again cool
Chris Matthias st. Mary's College of
Maryland we have we've had a slight
problem over the last year with users
preening their own laptops home to
campus and not having all of their
updates and virus protection up two days
what sort of enforcement policies or
procedures do you all have in any of
your software to ensure that those users
get either moved to a DMV or locked out
until they're in compliance with all
their updates well what's my way we
don't have something that specifically
does that that second offer is that when
the client does have access to the
network it will automatically get into
sync with what you've configured on the
highway serving for it to have as the
appropriate software with the landesk
product we have the capability to run a
vulnerability scan on the device to
determine if it's in compliance you're
up to date with patches but one of the
things that we're looking at going
forward is concept around I see
quarantine e to wear when you first log
onto the network you will be checked
make sure that you're at a level before
you're allowed on to the rest of the the
network so that's the plans that we have
moving forward in 2005 so there's a
couple things that we do out of the box
we have policy compliance component and
I talked about so you can test the
system based on their policies little
check the manifest as they are they in
policy for not in policy it'll force it
to do an update uninstalling sell things
that are supposed to have the other
thing that we have is part of our field
service resource kit is something called
an action reaction engine that allows
you to state specific actions that you
want the system to take based on your
company policy so if it's quarantine
maybe you want them to check in via at
DMC first you can do that or if there's
other elements that you want to do maybe
they already connected to the land that
you want to be able to check in because
maybe it's not on mobile users or
different things that you can do in your
system we don't have anything like that
in place right now of course the other
option two is to make sure if it doesn't
have an apple logo on it you take it
away from them
my paycheck we cut back to the md5 do
you use your own empty five or are you
using the one that's built into OS 10 we
we have our own look like the md5
checksum that we were based off Java
technologies whether or not it's the
same one that's built in el attendant
fortune I don't know that but you can
ask I followed my engineers with me
today okay so stop by our lab and he'll
be able to tell you that thank you sorry
no I had a question everybody mentioned
package management and do you guys
support i'm uninstalling the package do
you support OS updates and OS installed
yes we have an OS migration product that
we call migration manager so they'll do
help you migrate your operating system
right now is currently a primarily
target to us windows we are planning mac
supports early next year the other thing
that we have as well as far as
uninstalling packages on the system we
can do that as part of our native today
can you downgrade OS let's say you got a
10-2 can go back down to 10 1 if you
want to take let's say for example we
have rolled back on the application
components unfortunately I don't know
the answer to that question but we can
you know that's something like a sort of
planning for the q1 like early next year
time frame will be able to give you more
information as you can uninstall
software if you know what got installed
we do not check the PKG receipts because
it's a little bit dangerous if you're
running a minor installer for
installation yes you can do the
uninstall you can trigger that regarding
the software update yeah we do support
also for upgrades and with the exception
we cannot do right now 10 12 10 2 or 10
22 10 3 but we're currently looking into
possibilities to do that at least then
when tiger comes out so that we can
migrate from and 32 tiger in regards to
the dance the uninstall does the
installer have to support that
or does your software support that and
the Installer has to support that but
you can also write your own model
solidest and we'll remove the various
parts 1 comment uninstalling is a very
dangerous thing because you do not know
what the install already installed and
there's a way with a doctor to find out
what could install using a sigh
scripture to get to the snapshots before
and after the installation that you
don't know if another software requires
the same framework or library and that
makes very dangerous doing an install
you're referring primarily to the
operating system right not packages both
ok so for packages it's all based on the
digital fingerprint for the md5 checksum
those do the uninstall look at
interdependencies between the packages
on the file system and then remove the
components are associated with that
different package and we have roaming
user of support coming in the later q3
time frame they'll be able to do it user
base if you have multiple users from
when users on a machine they're
leveraging the same package it will look
before it uninstalls on the base system
itself just in reference to your
operating system deployment question we
have a very robust migration profile
migration OS deployment migration part
of land s primarily on the windows side
but we are looking at adding that
functionality for the max platform in
the near future with mile waves we can
install OS updates as well as
application of station since we're
installing the files that can be
deactivated and new versions can be
swapped in or out just follow ways check
for dependencies so I want to remove one
package but it's used by another package
no we don't check for just pendency
explicitly as we leave that up to the
administrator to and make those
decisions pretty powerful tools can you
speak to the robustness of the
granularity you have available for
different levels of admins
yes part of landis management suite
we've added a feature component called
user management which is really role
based administration for each of the
components inside of our product we also
provide the ability to set a certain
scope level so you can have certain
LANDesk administrators access to certain
functions and manage certain people or
devices the same is to point out with
you can limit the administrators view to
just view certain data and you can also
limit administrators to only administer
certain client workstations put across
platform and there are no limits and
whatever you want to do is you can limit
for yourself administrators ours is we
have to roll space administration and
delegation of roles and we actually
bring it down to the granular level in
the sense that it do you want to target
you want to limit who has access to said
and what's distribution of coin itself
to what specific systems and machines we
can have more granularity there we also
have a role-based targeting for
granularity on keychain objects as well
if you're doing more of a server-based
type of deployments and server systems
so there's different levels of role
based administration and granularity
within our products I've with k2 key
server and key auditor we have unlimited
number of administrator accounts that
can be created by the master
administrator each of those accounts can
serve any number of different roles
there is a very expanded menu that I can
show you in the session later around
today from between noon and three where
you can you can pick and choose whatever
whatever roles you want any one of the
administrators to have access to so you
can limit down to just the report
viewing on up to full access to the
administration to last question hi I'm
Mike father from Calgary Board of
Education I just wanted to reiterate
about the cost of client licensing we
have about 12,000 max
so most of the products on a
client-based license we can't afford
your products my questions were in
regard to we do custom images that have
special permissions on files and stuff
when we're doing updates and pushes do
you have any control over permissions of
the files that are going on to the
systems I'll speak to that client
licensing issue quickly just by adding
that the floating client option
available in case you was developed in
particular for organizations that have
very large installations of computers
and possibly a small group of
specialized programs that you want to
distribute to them it's a very
affordable licensing option since we
don't do software distribution will go
to the next 10 second answers guys ok so
again we're file way for educational
licensing we have a very good scheme
where we give you the software and you
pay for support so i suggest them you
know we could talk about that offline
regarding permissions every file that we
control we can manage their permissions
the bits and the groups on them and the
owner interests in the interest of time
i'd love to talk more about this with
you and we've got our engineering
development team here from LANDesk and
if you want to stop by a little bit
later we can go into more detail on that
dependency question ours is to the
policy based orchestration I talked
about earlier we do both by a machine
based versus a user base so for like
roaming users if you have multiple risk
users on machine that they be not
necessarily have permission for
particular application