WWDC2004 Session 607

Transcript

Kind: captions Language: en good morning and welcome the topic today for our first session is third party client management solutions managing mac OS x and the enterprise presenting is senior consulting engineer john detroit [Applause] my fan club in the audience good morning the dedicated few the ones who survived the parties survive the week we're whistling the tune to the longest day this morning you know or or a briefing too far or you know whatever so what we're going to talk about this morning is third party client management the whole idea of this is we want to talk about for you guys some of the companies that have brought their solutions to the macintosh that are beginning to open up the space and it goes in and i will throw in a little bit there's a really interesting briefing later on today on myths and mysteries of the mac in IT you know you may want to attend that too because this is one of those briefings that fits in with that and that a lot of people think there is no client management for the mac and we want to dispel that very quickly this morning i'm going to talk about several companies and we're going to stret stretch it out to the point where we want a good-sized Q&A for you so you can get a chance to talk to all these people client management lifecycle some of you attended the desktop management session yesterday and over the last year or so you've seen this slide come up this is our life those of us that have to manage computers you know we evaluate systems we incorporate hardware and software we deploy the systems we manage them and then we go back and we reevaluate and we deploy and we manage and we reevaluate and deploy and manage and so forth and the idea is you can either manage or not manage now I do know there are sites that don't think that client management is important where their idea of client management is well let's just give everybody their computers and if something goes wrong we'll fix it right you know the martyrdom approach to client management I'll stay around on Friday and fix it when they go home you know some of you laugh because you know you have people in your organization that expect that yeah it's my computer I'll do whatever I want to it but when it's broken it's your problem right yeah yeah we've heard that before well these are some of the tasks that we have to deal with in the client management space and look at this I mean this probably fits most of you have had to react to one or more of these tasks on a daily basis doing asset management where did it go you know we got a doc pallet full of systems in and they disappeared where are they what's on them what are we doing with them imaging a big things going on today you know we could run around with a pack of CDs or a firewire drive we could image all our computers one by one you know and then when you turn around and you look at a one-to-one deployment we have where there's twenty seven thousand computers you know at 40 plus sites or 300 plus sites and you go well that's not going to work so we have to figure out a way to image these things accurately and well we also have to deal with software distribution because you know for a fact that the instant you finish getting your image deployed we're going to release a software update or a security update or you know something because you know I mean it's just the law of nature works that way then we also have remote control the helpdesk stuff or the training stuff a corporate training center a teaching lab where I want to be able to reach out and grab hold of systems my favorite piece of that is being able to just lock a system up and say no stop okay we're not doing email now we're doing this you know that kind of thing usage management keeping the users on track okay this doesn't necessarily mean you can't launch something although it does but it also means keeping the systems more in tune with what the policies and procedures are the acceptable use stuff you know not putting software on systems you shouldn't have being able to use the software you want in a teaching environment and education it comes down to if you sit down in front of a computer and the instructor wants you to use a piece certain piece of software that's what they want you to use they don't want you off here doing something else license management key thing okay fact it's tapered off a bit now but just think of all of the articles we saw in all the IT magazines and info world and so forth what's everybody talking about all the lawsuits flying around you know company a bought one comfort one copy of such and such software and they deployed at eleven thousand times and thought they could get away with it you know or didn't know they just got a copy in for evaluation and somebody left it on their desk and next thing you know it's everywhere okay patch and upgrade we're back to that I did the image but now I need to upgrade my systems i need to do lots of them and then the helpdesk management which is the call for help I need something take a look at this for me you know talk to me my favorite one is the email message you get that says the internet is down do you respond to them by email telling them that you don't think so or you just call them on the phone and go really is it there are days when we wish it actually just would go down and stay there for a while well let's take a look at all the different players alphabetically I'm going to go through them except for Apple I get away with that Apple client management solutions we have three primary pieces that we play with in apple remote desktop the net food netinstall technologies and managed client for mac OS 10 apple remote desktop and no i'm not doing another one of the demos for nader for those of you that have sat through those this week the apple remote desktop is designed to support software distribution asset management some remote administrative tools and the remote assistance or the help desk stuff in a nutshell we handle distribution and updates by the way of copying files packages and so forth out across the network doing remote installs we can do asset tracking through reports and we can do remote administration we can control and observe workstations one or many we can also copy and delete files on a system and one of the ones that everybody likes to brag about is the sending unix commands that can be done out to a whole lot of systems so yes you can send one of that rmdir dash are you know yes you can and you might get a response back you can also do remote setup where if you're working in that boot technology you can change the startup drives and with ard 2 point 0 you can change the startup drive to a remote network drive or if you're already booting across the network you can change it back to a local drive and the screen sharing screen locking and so forth in the opening of applications as part of the remote assistance piece and from a cross-platform perspective we do support the BNC protocols to be able to take control of Linux Windows machines and so forth and to be able to share screens and be able to take a management control of those systems netboot network install technology the netbook network install technology is the idea of booting a system off of a locked image stored on the network so that when the computers come up you know no matter what happens and those of you that have taught in a training lab understand what this is like you're in there you're in there and you're looking at the students and you're saying okay you're trying to take them through some package like how to use a browser or how to do email or anything and all of a sudden the people in the back row you see their heads disappear down below the computers because you know and they're down there whispering furiously to each other well they did something they Dorf tit right well with netboot what you do is you just reboot the systems and what it does is literally peel off a brand new copy of everything and it starts up again as if it was never broken in the first place we can support mac OS 10 and mac OS 9 images with netboot technology and the images can be anything I can have complete image sets I can have depart mental image sets you know the staff versus the technical support people versus the people in the library versus the people in the research department can all have completely different netboot sets I can have a diagnostic set so instead of me running around with a bunch of CDs or a bunch of floppy disks or firewire drives or whatever I need I can actually netboot to a complete set of diagnostic tools and then work on the system i can do installers automated installers the automated installer is what we call the unintentional install where the system a little you boot to it it automatically erases your drive installs the operating system and everything and it's really fun to have somebody who has a good system sit down and accidentally do that that can be really fun now a racing hard drive and you can do upgrade sets so that you can also store packages and so forth out on the net and have them available so you can do an upgrade now single image can span multiple servers or you can have multiple servers supporting a single image for throughput so that you can have this the single net boot image sitting on a whole cluster of excerpts we like to see that net booting a whole bunch of machines and the pictures you've seen this week of the University of Tokyo netboot lab that's what they're doing they use a single image but a whole cluster of servers and it load balances manage client for mac OS 10 is in a nutshell the ability to set up a defined experience for the end user and it can be done by user level group level work group level or by computer level so i can define the settings for different machines its network based preference management it supports complete settings control over things such as my doc which applications that can or can't launch what items are mounted for me during the login process whole lot of other controls and it is part of the directory but independent of any specific directory service so if I'm using LDAP or Active Directory it doesn't make any difference I think the information is stored within the directory architecture and the end users just the system builds the user experience at login time and shows them what they're allowed to have and it also supports one-to-one deployments with a concept called mobile accounts which under Tiger will become mobile home directories and that is the ability to cash down the information so that when I separate myself from the network the settings that i use on the network stay with me and that comes in really handy environments where you give a company owned portable to somebody but you don't expect them to have full-blown access to it when they're away from the company net okay you want to manage it so that was Apple alturas I'll terrorists have some really really fascinating stuff that they brought to the IT lifecycle management for the Mac they have a completely heterogeneous cross-platform environment and here are some of the tools that come with the Alturas client management suite in that they support mac windows the unix platforms linux and some of the handheld os's they have a client management suite that includes right now the inventory solution for the mac its asset management asset tracking for the for the for the max so that you can include that for your keeping track of the hardware the software what's installed you know how much RAM you have that kind of thing and then the software delivery solution for the mac is going to provide application and update support across the net for the mac users and one of the best parts is is that as usual you know you don't want to have to go in and immediately from scratch start customizing things to what you get is a whole series of prepackaged web reports that let you automatically begin managing your assets without having to create your own custom reports from scratch here's an example of one of the report screens an idea of some of the kinds of things that we're looking at and this is you know it's showing me things drive drive information information for the computer and so forth pretty good tracking information on the system I also notice that it has a Microsoft five button mouse attached server-side component that is what it is windows server based it uses a web-based admin console everybody talks about how they want a lot of things web-based very very good very very good for that role in scope based security to make sure that you stay within the limits that you're allowed and encrypting the transport we don't want all the asset management information to move across the net and the clear plus things like adaptive display technology so that we you know you can handle that the I don't know if they handle the spoken interface stuff that we've just introduced but that is a definitely something that a lot of people look at for qualification when they bring their software in the plug-in to play the shortcuts and wizards obviously something to help you get up to speed really quickly so that we're not spending a lot of time learning how to use all the different pieces and extensible is obviously a requirement in that we want to be able to take the architecture and say you know I always need the one more thing and it's really good not to have everything boiler plated for me another idea of a report from them is going out and looking at all my systems on the network and getting a pretty decent report of you know what's there and you notice that doing it as a web-based report makes it really simple you know pick your browser and go for it the Mac agent important to the Mac community is the fact that it looks like it's a Macintosh piece you know it does follow the look and feel of the Mac some of the features that I like in this are the ability to be able to do block out periods where i could say you know at this time i don't want things being brought to me you know there's a period which work gets done versus updates get done checkpoint recovery the idea of being able to say you know what if we get an interruption during the update process or during the during the reporting process and we want to be able to say you know resume at a later time and then things like scheduled wake ups for the systems you know night time we want to do the updates at 2am so we wake the systems up and we'll take care of the reports the inventory and so forth and then being able to do client-side logging so that we can keep track of everything on there and see what's been happening with it the road map for alturas the inventory solution for the mac and the software delivery solution second half of 2000 for the deployment solution with patch management and the remote control portions are slated for 2005 and here are some of the customers that will definitely crow about what alturas has been up to this is the first of many reminders that the enterprise IT lab from noon to three today is going to have these companies all these people are going to be over there to be able to answer questions and talk to you about stuff and get a chance to take a look at some of their solutions file wave file wave is software distribution and asset management for the Mac there a cross-platform desktop and portable management solution provider and they provide their solution fully native to the mac OS that's both client and server are native to the mac OS the file wave products they have software distribution the software distribution uses that mac OS 10 based server captures all the asset information from the clients cross-platform and provide you with a series of reports and information that I need to be able to do my job from a asset management point of view and they are fault tolerant and that they have a mechanism built in to allow for what they call boosters on the system where I can have more than one server out there capturing the information and I can fall back if one available i can fall back to another in the system maintains of resilience that way asset trustee is it is the asset management piece in that what i can do here is I can use a client driven environment where the clients will pull information from the system and then provide the reports back to the databases the server itself runs as a unix-based demon it has an admin process and a file server process for the client requests very scalable using this booster technology so that instead of having just one server to worry about I can deploy multiple servers out on the network the administrator driven model is the idea of you define as the administrator who gets what packages who gets what parts in the distribution and at what time I can also under file wave I can drag and drop install so for instance office as an example is a drag-and-drop install so i can take office and i can drag it into a file wave set and it'll just deploy it to the machines that are in that set i can also do customized installs where I could take snapshots of systems like build a known good system take a snapshot then install a bunch of components on it and then take another snapshot and then I can install that new snapshot onto my systems across there across the network very easy to use here's an idea the admin screen with some of the things that brings up we have file sets the clients and groups that you can manage very simple the file wave client unix demon under Mac os10 a service under windows it basically the client just pings the server for an update when it's time for it grabs the manifest from the server if there is an update and then pull the solution down from the storage from storage so we have a this in this case it so when the client needs to go get something it goes and gets it is not a push it's a pull system at that point and here are what some people have had to say about our friends of file wave I like the extra plug for netboot you know netboot is cool if you want to visit file wave you can either stay here in San Francisco or you can go to Switzerland if my boss is around here somewhere i have to go visit file wave but they keep asking me it's a short trip right landesk landesk used to be part of Intel landesk is its own entity now they're out in the client management space fully cross-platform very good client management suite there's a look at some of their products the solution you know and one of the things I really like is i love i love the graben graphics from everybody for this stuff I mean this is this is my this is my client management diagram redone asset management remote control problem resolution patch management software license monitoring and software distribution across Mac OS 9 10 linux unix and windows all from a single console that's I mean didn't that that's what a lot of us would like to do from a server side they use a pc server based environment to host the core of the management process but it's accessible from an administrator point of view using a Macintosh browser and that it what it comes down to is that the admins see exactly the same thing regardless of whether they're managing max or pcs okay very scalable and the security model obviously it's using encryption we want to be able to keep the asset management tags and all the information that we're watching for on the network we wanted encrypted we don't want that stuff just wandering around on the net and here's an idea some of the pieces on the landesk side as an example we have an update the policy manager found a found a new update for the system and the user is getting ready to click whether or not they whether it's going to get installed down to the computer or not and then also looking at the system and seeing how many times the software has been launched tracking software usage and so forth so we support mac OS 10 to 10 3 and mac OS 9 Directory Integration is key directory integration is an important piece with policy based management and the ability to do both hardware and software inventories okay remote control management taking charge of systems remotely and doing distribution with multicast multicast as a key key item and the fact that when you do unicast broadcasts versus multicast broadcast you're talking about bandwidth and the cost of you know network usage and having it localized into the various languages you know makes deployment for multinationals definitely a bonus here and here's here's the everything I can do slide and if you look at this we're actually looking at all the devices that are out on them out on a system looking at the computer you can spot the computers that are sitting there looking at the tasks that are scheduled looking at the patches that are set up to run looking at all of the different inventory information that's available up here and at the same time and this is this is something always makes me just you know kind of you wonder every time I see a PC window with a mac screen on it it's just it's always that's fascinating to me but then it's you know it's kind of like the same thing that when we did the ard ard demo and we were showing the windows screen on that you know when you go back and forth between that with all the different products I think that's so cool that we can go back and forth you know and share screens and look at everybody else to stop it it ought to be that way you ought to be able to just do it right and here's some comments on land desks and the customers the resources for landesk and that this information will be available again at the end of the session and over in the IT over in the enterprise IT lab once again from noon to three make sure you stop in and take and take a look at these guys marimba another significant player in the client management space changing configuration management cross-platform unix windows mac alright very key desktops portables and servers the whole gamut software delivery getting a software out to the systems installing the software providing updates when needed being able to get information inventory management asset management checking on checking on the status of that deployment what's happening you know has everybody been upgraded where are they in the process okay from a client management perspective we're talking about managing software change you know we have known good systems that go out you need to modify that to get new software you get updates you want to be able to manage that entire life cycle so being able to package applications being able to target the distribution to specific systems that need it and being able to follow compliance of that we don't want to turn around and say well we bought 30 licenses of this but oops we accidentally installed it on three thousand computers you know you know we've heard the term unattended installed right you want unattended installs happen at nine o'clock at night when the traffic slow and everybody's gone except for the guys who are still playing unreal tournament down in the graphics lab well we also have the unintended installs and that's when the oh I really only meant to put ten copies of that out not 10,000 okay and I bring that up now because I've been getting those two terms mixed into my language all week long and I thought you know it would be really great to tell you that this company supports unintended installs and I don't want I didn't want that to happen so I got it out of the way ongoing management obviously we want to track what's going on we want our assets track we want to know what's on every system you know if somebody comes in and brings the Walmart CD in over the over the weekend and sticks it on their computer we want to get a report back if it that isn't supposed to be there and collecting inventory information here's an idea of looking at some of the information and seeing what's out there this is the tuner to be able to go out and say here's here's the information that I want to subscribe to with the updates for various packages so the administrator can set up what they want made available to the users and we do it from a centralized point of view so what we can do is there's obviously arrange a common tasks that we want so that the users get guided through the normal stuff you know the users being the administrators get guided through the normal stuff of what they want to be able to put together and then the idea centralized administration we're back to that I have thousands of workstations or tens of thousands of workstations and I don't want to have to run around every single site department or group and make this stuff happen okay setting up policies based on users and machines we want to ensure policy based management what we have to have here is the ability to work with the directory architecture that exists that we can define who gets what when based on a directory that's already in place and to be able to do updates the version list update idea is doing patch doing patch update management based on the parts that are common without worrying about you know which version of the software we have versus also being able to do patch updates you know from 1.12 1.11 and so forth and then being able to verify verification is absolutely essential all too often I've seen cases where we put out updates and stuff to 100 machines but you get no feedback that all hundred machines got it and getting verification back is absolutely essential policy compliance notice the graphic up here I like this that we're looking at it's saying that how much of the package the green shows that they are compliant either at eighty percent seventy percent you know in red they're showing the non-compliant how much their non-compliance how much they're outside of policy and then the blue is they haven't reported in about that stuff but you look at that and you go oh okay you know green is good I mean as an administrator you know we all think yeah you know I can complicate my life a certain way but green is good i can just you know look at a report and go oh yeah okay cool we're set everything is nice inventory discovery predefined reports help set up your environment for you so that we can turn around using a browser and we can get the report we can graphic we can graph these out and say you know here's how much stuff i have and get the charts out i can also scan on a schedule and say go and check all the ram go and check all the hard drives how much hard drive space that are already using how much rams everybody got just go and get that stuff check the components the marimba components for me and see what's going on plus it i can also not use the canned reports if i don't want to i can actually go out and I can do interactive queries with this the client detail designed for mobility designed for offline use okay the idea of the key things here or the checkpoint restart okay that's number one in that I want to be able to if I'm busy doing a check if I'm busy doing a report if it breaks from the network it will come back and restart right at the checkpoint and the fact that it's multi-platform is very important okay now marimba has been acquired and they are adding in the remedy you know the it's remedies being added in or marimbas adding remedy to the yeah BMC software is requiring them so they're going to be using remedies coming in over top of marimba to add functionality to the environment and what we're looking at here is to be able to expand the capability to be able to do repositories dynamic discovery of systems okay being able to dynamically capture systems when they show up to be able to support literally everything for applications code changes in the system and once again policy-based okay and to be able to do all of this stuff from a central location auditing and so forth with the key goal is you want to reduce the amount of time that as an administrator you spend trying to stay compliant okay compliance management is a key thing here where you want to spend the least amount of time keeping up and here's just a few the marimbas customers hardly huh okay Harley Davidson and NASA there's a meeting and they will be in the lab the enterprise labs you can take a look at their stuff okay netopia another key provider in the macintosh client management space netopia easy to manage client administration's remote support admin absolutely fully cross-platform Timbuktu Pro Timbuktu pros been around for quite a while a lot of people have been using Timbuktu Pro to do remote control observe and so forth file transfers copies one too many chatting instant messaging and so forth and net octopus for reporting asset management checking on your hardware checking in your software doing remote setup setting system settings remotely being able to grab and install software data files folders packages across the network okay here's some of the stuff within the net octopus admin gathering font information transferring file folders virus scanning restarting put to sleep doesn't apply to the users oh that bill over in accounting let's just put him to sleep for the administrators you can also run this peer-to-peer so you can do point to point okay you don't need the server to get in there you can just go point the point and do one machine to another machine control manage and do asset management from point to point point of view and you can use the internal database within net octopus or you can point it out to an external database such as Oracle or any of the sequel stuff db2 and the software delivery system we put one distribution server in place and then you can set additional staging servers out it is a pull based environment from the clients once the clients have been told that there is a manifest available or a load set available form then they will they will go and get it based on the schedules that are established and you can also create sub administrators and limit which tasks the sub admins can do so we say I you know I want people to only be able to do this small component of all of the administration here's a couple more screenshots for instance the software package setup what do I want to install what parts do I want to go out and then the log coming back from the distribution center saying what happened what was I doing for the end users use Timbuktu the idea is the chatting the text messaging and so forth between systems but it also has the opt-in capability where I can say is a user no I don't want to be bothered right now don't you know go away and I want to talk to you okay and that octopus agent includes the smart monitoring same stuff that we use on the X herb okay to be able to give you a warning when the hard drive is going to get weird or something you know when we want to react to that a couple more screenshots this is the timbuk2 chat sending files exchanging files and screen sharing roadmap for net octopus some of the things they're planning in the second half of 2004 they're talking about adding in patch management for mac and pc clients putting in a software license manager putting in a web-based UI for net octopus integrating with rendezvous and integrating with Active Directory all key things to watch for ten million computers worldwide and once again netopia will also be in the lab and they'll be up here as part of the QA at the end of the session sassafras software k2 highest mountain in the world that depends on you know where the laser bounces key auditor and key server integrated auditing license management and reporting capability it sounds very simple but it's actually very key very very very important parts of the client management space okay with a scalability that has no limits to it because the amount of traffic that actually moves on the network is so small it literally scales you know well they won't claim infinitely but it's it's very high cross-platform support including thin client support mac pc linux the stuff that's out there everything key auditor and key server what do they do key auditor perform software audit it tracks the OS it tracks the hardware it tracks all the stuff that's out there it captures software that's on the system regardless of whether you want key server to care about it or not everything so if somebody installs something on the server any executable installed on a server or on a client if key auditor takes a look at it it will find it okay so if the user thinks he can get away with you know shipping the golf app into his home directory more work it'll show up and they audit ok key server itself active control of all licensed types this not only includes the generic you know I want to control an app that doesn't have a license I just own licensed software license copies but even as granular is saying I have mac address based unique licenses and I have to track those like the prolapse right being able to track the prolapse okay and if you have multiple licenses out and a client and you realize that in your reports you can go back and I can reallocate and reclaim licenses that don't get used I look at a machine and found out I put a bunch of software on there that for the last six months they never launched and I can go back and I could say no I don't need that anymore and I can pull the license for those people and they can't use it software anymore the reports and databases very intense a bunch of built-in reports detailed audit these are just some of the reports that come up under the menu pick a few the daily license report a hardware report what kind of logins have we seen what kind of usage are we seeing from user versus application you know how many licenses times how many users are out there give me a weekly give me a weekly program report of what applications have been used this week you think about the end of the year comes around and some company sends you a bill and says oh it's time to renew your twenty seven thousand dollar license for the software you bought and you go back and you find out you used it for 11 hours you go ooh that's expensive all right and then you know you your audit but obviously you got to follow up so you need to do software compliance with that okay this is the this is actually where I told Johnny said this is where the unintended incremental software update autók came in this is the IRS shows up and checks you the unattended because the system itself will actually performance audits in the background doesn't involve any admin or user interaction okay new computers and applications that show up on the net or automatically discovered and you can establish automatic policies you know if I only want 30 copies of this software to be used user 31 launching the software will be stopped in their tracks being told no you can't do this okay and you can then go back based on this and make your software decisions for deployment based on the actual usage of software versus how many licenses you know you've all seen that TV commercial where the guy goes how many do you want right the cardboard guy that goes on to the door and we can actually track and one of the things that's interesting is being able to track application versions you can track applications for instance you can track all the uses of Photoshop or you can track all the uses of Photoshop version you know 10 11 CS and so forth all separately you can track version of an application of all the 1 dot x versions or all the one dot ones versus the 12 s it admin console cross-platform we can configure literally from anywhere in car parks your powerbook around launch the admin console plugin start making changes okay organizing things by organizational unit where it says separate divisions you think of organizational units that you do for your management okay and I can create license records that I track for every single different system okay every different application every mix and match up to your heart's content some comments from the k2 customers so for more information once again the lab noon to three okay go grab a bag lunch go there you will definitely definitely benefit from the experience okay I just plug that in in the middle of everything additional resources for tracking down stuff recessed for a software okay they're up in New Hampshire go visit nice country okay that white paper is you you want to you want to download that take a look at it good information there and they did a webcast the Mac os10 labs group you can take a look at now those are the key players that I'm going to have up here for QA here in a couple minutes I also wanted to let you know that in the mac space there are a whole lot of other players out there that are doing client management okay and just as a real brief mention is an idea of jam software with Casper for software imaging and updates faronics deep freeze for management and control of the systems basically locking a system down that the user uses it logs in does their thing and when they log out it returns it back to its known state okay autonomic with the answer patch management solution and integrity software was soft track there's a lot of client management people who are very very much investing in McIntosh and Mac OS 10 it's not the oh yeah those things just go in the graphics department anymore you know now they go in the graphics department and you can keep track of them and not feel you know like you're doing something stranger under the table so we're going to do a Q&A now and what I'm going to do is invite up the key players from alturas landesk file wave netopia sassafras marimba and I'm going to have them introduce themselves we're going to let you ask questions of them okay and here's my esteemed panel group if you guys want to go ahead and come on up and will I promise not to bang the microphone on the table they told me not to do that guys just line up as if the firing squad was right here yeah put your toes on the line you know okay thought was the longest seen in your trousers they don't know me okay we won't do basic training but I'll have you guys go ahead and introduce yourself what company so you sound up already my name is not the best men from netopia and I'm the R&D director for on that octopus development hi i'm jane from marimba and a senior product manager over their clients desktop management suite hello my name is Steve workman and I'm the director of product management for landesk software good morning i'm jerome brookhaven I'm the development manager at all tariffs for macintosh product I've the names been for sighs I'm the technical manager at smiling hi I'm John Hamid am director of marketing list a Sephora software cool so we get people lined up the microphones are on center and we have a question right yeah Aaron kubo from your net does anybody support router or switch auditing and discovery or just machine-based you know in that occupant's we have our enemy SNMP Council and it does discovery of all devices out there network that can talk FMT we also support a whole range of special lips and if there's a myth that you need to be looking at we can in compile it in them and put it into this product that's not a problem it's part of landis management suite we also have a component called unmanaged device discovery that will discover those types of devices anything with an IP address we can pick up well with our asset trustee products we have an SNMP scanner that will skim network Bernie SNMP talking device right thank you after July fifteenth will have a network discovery product remedy actually has something that does asset discovery in those elements remember handles more of the actual systems themselves thank you cool gel nation saint-meran is clever restaurants I don't know we have complex installations so things that aren't normal and I want to be able to do them on my clients without them actually seeing it going on does any of the software that you guys have reduced to do that so with file wave there's the no user interaction available or needed the administrator sets up the complex install and captures those files and places them in the file wave server and associate them with the groups of clients that will download those then the clients check with the file wave server core that software they downloaded automatically install so yeah the same is true for a doctor's and you can build really complex and salacious characters you want with dependencies whatsoever and you can even also specify how much use and they actually want on the client end and plans can even do for package installation for a later time and during the day or a couple of days later and you get full reporting of what the user choose to do with the package we have various modes of installation so you can either do silent semi silent or a full-on custom install so it really depends on your environment and how you want to set up and then our packaging is all based on you can do it based on policies you can set what users get what type of installs of our machines and remotely deployed out to their systems that way we have a lot of the same functionality as well that you can set up in a policy based or push base for either transparent client installation or request client input as well Richard oh it's over here first sorry Scott lamb the University of Michigan I want to bring up a topic we don't normally get to discuss that conferences like this and that's the actual cost of Licensing I think Apple has got it right licensing by administrator licensing by the number of computers or computer access licenses are not the way to go it gets perceptively expensive I can say no to an administrator license I can't say no to a new computer I would prefer to see more licensing based on administrators than based on cam number of computers [Applause] we got it we got we got to follow up I just going to ask you to clarify what you mean by licensing by administrator I'm sure that some people understand your intention but others may not it's Isis ask for ask for the love you get mark me aside some sassafras cause I love you guys okay the way the way ard is license right now we license by the number of administrators so I buy a copy for each administrator that's going to use the system where I by netopia I license by how many computers i have and my computer's go up exponentially the other problem I have is when you have those ghosts computers that seem to get in the way of to count not being licensed for that now and I don't even know which ones are real and which ones aren't so you're asking for our products free license that way correct I'll begin up advis I guess a lot of other people and things to say that by the way key server or k2 from san siro software is licensed both by individual node which most of you are familiar with many of you are but we have a new licensing program that we've introduced in the last year that allows floating client licensing and it doesn't sound exactly the way that the name implies but it's it's it's very very useful and especially in higher it's and k-12 education sites maybe I just add / file way for higher end especially we have special licensing where we offer low-cost licensing still based on the number of clients but good feedback and low Carter is relative music low cost is relative yeah well okay that's interesting feedback will take that into consideration there are parts of our product offering that we do license / administrator or per console on a concurrent basis so we are seeing the need for some of that and like I said we'll take that feedback and take that into consideration as we look forward one thing to note we do we do license by on point clients but we also have enterprise-wide packages part of the reason why we do this because we have some customers they have point flex music match so it really depends on your environment and so the complexity that you're asking for the endpoint to change the licensing it also goes back into the support what does it take to support the number of endpoints users expectations or quality of service she's got to put debt into the licensing mix as well but my purchase is going to be based on the car not based on your car and you always get which pay for right that's keeping in certain environments we also do a global company wide or universe device licensing schemes where we do not count each individual computer but you get just a company-wide license and that may work for you but you should talk to us if you haven't seen re-elected cool okay okay hang on to it for a second Richard I reticulation università micros labs first I want to make a comment you didn't mention any open source tools that a lot of people are using and enterprise deployment so example rad line and a lot of big companies are using it so people in the audience it's open source free you might really consider looking at that before you you pay for a solution what you might not need to second what type of installers do you guys support you do support package installer advice you have to repackage installers to use it with your solutions distribute applications we support a wide variety of package installation formats the key thing is we do have with a lot of the Installer products out there on the market today if you want to use various ones are available they can put a wrap around it and push it out to our technology we have different agents that are available that you can create custom installers for if that's what you want to do we also support you no third party package installers and can provide you know once they're packaged up we can then through the top of distribution either push or pull base but it was too broad third-party application support we have a similar story at out there if you have something that's been packaged through one of the third-party creations you have you guys different facial or Latin or any of them you know we'll be able to push those out similarly on the windows side of the fence we have recently acquired y solutions and have installer technologies available through that as well with my always the paradigm is a little bit different let me say so we we actually don't deliver installers necessarily we deliver the files that get installed so will support any installation essentially k2 from sassafras has several rapid deployment technologies available both on Windows and Macintosh and I tech support people can tell you a lot more about that right now office fully supports all kind of installers including applications mpk cheese and we even teamed up with my vision software and we ship a special version of my version software installer wise allows you to repackage software and we have a snapshot utility also in the product on the Windows Phone we fully support msi installations and all of the other installers out there full integration is reporting etc with regards to distributing your software to both desktop and portable clients how many of you support interrupted and then resumed downloads through your software that's the checkpoint restart component that we talked about and we actually even for our own client we have remote deployment of the agent out to Dan points as well so after you've discovered it through our discovery component you can fish yeah we ought to support and resume installations when mobile users and move to a different spot or get from the wire to the wireless network that's fully an automatic behind the scenes we are support and installing our initial agent and throughout the network for the automatic so you don't have to do this nicorette to install our own agents and with the next version we will also support that for mac OS 10 where you can get the agent automaker's 10 even though there's nothing on that machine besides my gosh 10 yeah support for mobile devices is paramount for the Landis product and we also provide the checkpoint restart dynamic bandwidth throttling those type of functions sport interrupted distribution of software at altiris we also support what we're calling checkpoint recovery and we also have a bandwidth throttling mode so that if the bandwidth isn't sufficiently high will either not send it or will send it to slowly so that we can better manage network traffic with file wave the client is not necessarily connected to the server at any time so laptops can be away for weeks or months and when they get an active network connection and they can see the file wave server they login and download their software if for some reason that I guess the guys call in the checkpoint so if for some reason that the network connection is severed the client will pick up where it left off key server key auditor works in concert with other software deployment tool so we're not the point software ourselves but rather were deploying licenses through a very unique approach that manages not only shared views concurrent use licenses but also manages mode-locked single computer licenses will Jorgensen Pacific Northwest National Laboratories so for those of us who are considering client management solutions that are out there a lot of you have very similar features central management patch management asset management and could each of you take a second to give us the one distinguishing feature or whatever you think makes your particular problem better than others so that we can help John did we have 30 can do yeah keep it short I told them I told them they could do that but they get 30 seconds of peace is the elevator pitch so yeah go ahead guys we got on key server has been in the marketplace in 1989 we are one of the pioneers and software asset management focused towards software license management for many years a number of years ago we introduced all software auditing hardware auditing and integrated those two products into K to our unique point of advantage is that we manage any type of a software license not just shared use licenses where many products will resort to auditing to figure out how to manage single user mode like licenses we actually manage them in an active process and we integrate all of that together into a web-based management console with file wave and NASA trustee where a Macintosh centric solution let's say so our servers are running on the macintosh and I think what distinguishes us is where a mass deployment technology and a mass collection technology so where computers are coming and going on and off networks file wave can handle those situations and be able to deploy from one location say in the US and you can deploy to clients throughout the world when you buy an alterra solution you're buying a rich history that started on another platform but we have tremendous web reporting and that makes it easier saves time and I think we have a death in our reporting capabilities that may not be found in other solutions I think the biggest value proposition for land of software is our rapid x value what I mean by that is you can actually take our solution and get it installed and using it and getting the payback from our feature set which is highly integrated all driven from a single console again the value proposition for an IT manager is that you can manage all devices regardless of the platform the same way we're also very committed to the Macintosh platform as you can see in the pie chart that was put up earlier we nearly have all of those pieces filled through inventory software distribution patch management software license monitoring and remote control and we're going to continue to innovate on the Macintosh platform and from that point going forward our key differentiators experience and scalability virginity we have customers that range from 500 to 15 million endpoints so if you look at like musicmatch that you've seen on your iPod we've been running on those for uncensor inception other things that when you look at our particular products you think about policy orchestrations we give you the choice push versus pool based on policies that you set up for users or machines so you can formulate how you do your targeting and distribution from one single console based on your company or your business versus based on our technology so its flexibility scalability and policy based orchestration okay for the netopia products I can say that we are probably the longest time of the Macintosh platform starting in the late 80s and we are fully cross-platform with and the council mg client your most parts using the same source code base so and you get really all the features on both platforms can manage the clients on both platforms reactions burn and we are trying to design everything for the mobile users if you look at also for distribution system it's really designed for the mobility of the users do any of your products support post install actions for example apples installer includes the vision for about the pre-flight and a close flight script I've been using the post flight to do things like repair permissions after the installation is completed our application packager enables you to do both post and pre install components so if you need to do sequencing of installations versus actions after the install like kick off a particular application run an inventory scan report back to the system on compliance we have that built in to the park today yeah we have a similar approach to if we can provide chaining so one event can take place with preconditions associated before that event is required so we can do job Cheney to accomplish that that question that yes ok Altera's also will deliver a dependency based solution and we also have an application that can be run after installation with my wave week in schedule actions at particular time so you can schedule a post installation action to run any kind of scripts you'd like margon keeps giving away a microphone so hang on to a system send it through phone that octopus you can do whatever you want before installation option sedation or part of the package and as I said we've bundled my visions were a version of my division it's otherwise where you can also put your own custom pre-fight and post-flight and shell scripts and the software delivery system also supports executing shell scripts as part of the installation process rich can tell me if your product support a trip wire and how what mechanisms you use to check the file system object never know where to begin here we do not support required today that's something that we are actively looking or roadmap so if you want to stop by our lab after work we'll be more than happy to talk to you about your requirements how do you check their file that something's not been corrupted or modified compared to what you're distributing right okay so that's different we do we do do what we call an md5 checksum we use open source of scripture technology that we co-developed with Microsoft your back in 98 in that particular piece what we do is we do a check from an md5 checksum on the file base to see if anything's changed in that digital fingerprint if it's changed on that digital sticker print then you can either do an automated repair based on the backup that's stored in the workspace or versus something and go to the head point to the server to do you set that up in your installation piece or you can do other things like do a help desk a remote admin to the machine to fix some of those elements of the teachers any corruptions versioning would file way we have a self-healing mechanism that works on a checksum essentially that every day or every time the computers restarted it checks the integrity of the deliveries that you've made in any files that are not matching the checksum automatically downloaded and activated again cool Chris Matthias st. Mary's College of Maryland we have we've had a slight problem over the last year with users preening their own laptops home to campus and not having all of their updates and virus protection up two days what sort of enforcement policies or procedures do you all have in any of your software to ensure that those users get either moved to a DMV or locked out until they're in compliance with all their updates well what's my way we don't have something that specifically does that that second offer is that when the client does have access to the network it will automatically get into sync with what you've configured on the highway serving for it to have as the appropriate software with the landesk product we have the capability to run a vulnerability scan on the device to determine if it's in compliance you're up to date with patches but one of the things that we're looking at going forward is concept around I see quarantine e to wear when you first log onto the network you will be checked make sure that you're at a level before you're allowed on to the rest of the the network so that's the plans that we have moving forward in 2005 so there's a couple things that we do out of the box we have policy compliance component and I talked about so you can test the system based on their policies little check the manifest as they are they in policy for not in policy it'll force it to do an update uninstalling sell things that are supposed to have the other thing that we have is part of our field service resource kit is something called an action reaction engine that allows you to state specific actions that you want the system to take based on your company policy so if it's quarantine maybe you want them to check in via at DMC first you can do that or if there's other elements that you want to do maybe they already connected to the land that you want to be able to check in because maybe it's not on mobile users or different things that you can do in your system we don't have anything like that in place right now of course the other option two is to make sure if it doesn't have an apple logo on it you take it away from them my paycheck we cut back to the md5 do you use your own empty five or are you using the one that's built into OS 10 we we have our own look like the md5 checksum that we were based off Java technologies whether or not it's the same one that's built in el attendant fortune I don't know that but you can ask I followed my engineers with me today okay so stop by our lab and he'll be able to tell you that thank you sorry no I had a question everybody mentioned package management and do you guys support i'm uninstalling the package do you support OS updates and OS installed yes we have an OS migration product that we call migration manager so they'll do help you migrate your operating system right now is currently a primarily target to us windows we are planning mac supports early next year the other thing that we have as well as far as uninstalling packages on the system we can do that as part of our native today can you downgrade OS let's say you got a 10-2 can go back down to 10 1 if you want to take let's say for example we have rolled back on the application components unfortunately I don't know the answer to that question but we can you know that's something like a sort of planning for the q1 like early next year time frame will be able to give you more information as you can uninstall software if you know what got installed we do not check the PKG receipts because it's a little bit dangerous if you're running a minor installer for installation yes you can do the uninstall you can trigger that regarding the software update yeah we do support also for upgrades and with the exception we cannot do right now 10 12 10 2 or 10 22 10 3 but we're currently looking into possibilities to do that at least then when tiger comes out so that we can migrate from and 32 tiger in regards to the dance the uninstall does the installer have to support that or does your software support that and the Installer has to support that but you can also write your own model solidest and we'll remove the various parts 1 comment uninstalling is a very dangerous thing because you do not know what the install already installed and there's a way with a doctor to find out what could install using a sigh scripture to get to the snapshots before and after the installation that you don't know if another software requires the same framework or library and that makes very dangerous doing an install you're referring primarily to the operating system right not packages both ok so for packages it's all based on the digital fingerprint for the md5 checksum those do the uninstall look at interdependencies between the packages on the file system and then remove the components are associated with that different package and we have roaming user of support coming in the later q3 time frame they'll be able to do it user base if you have multiple users from when users on a machine they're leveraging the same package it will look before it uninstalls on the base system itself just in reference to your operating system deployment question we have a very robust migration profile migration OS deployment migration part of land s primarily on the windows side but we are looking at adding that functionality for the max platform in the near future with mile waves we can install OS updates as well as application of station since we're installing the files that can be deactivated and new versions can be swapped in or out just follow ways check for dependencies so I want to remove one package but it's used by another package no we don't check for just pendency explicitly as we leave that up to the administrator to and make those decisions pretty powerful tools can you speak to the robustness of the granularity you have available for different levels of admins yes part of landis management suite we've added a feature component called user management which is really role based administration for each of the components inside of our product we also provide the ability to set a certain scope level so you can have certain LANDesk administrators access to certain functions and manage certain people or devices the same is to point out with you can limit the administrators view to just view certain data and you can also limit administrators to only administer certain client workstations put across platform and there are no limits and whatever you want to do is you can limit for yourself administrators ours is we have to roll space administration and delegation of roles and we actually bring it down to the granular level in the sense that it do you want to target you want to limit who has access to said and what's distribution of coin itself to what specific systems and machines we can have more granularity there we also have a role-based targeting for granularity on keychain objects as well if you're doing more of a server-based type of deployments and server systems so there's different levels of role based administration and granularity within our products I've with k2 key server and key auditor we have unlimited number of administrator accounts that can be created by the master administrator each of those accounts can serve any number of different roles there is a very expanded menu that I can show you in the session later around today from between noon and three where you can you can pick and choose whatever whatever roles you want any one of the administrators to have access to so you can limit down to just the report viewing on up to full access to the administration to last question hi I'm Mike father from Calgary Board of Education I just wanted to reiterate about the cost of client licensing we have about 12,000 max so most of the products on a client-based license we can't afford your products my questions were in regard to we do custom images that have special permissions on files and stuff when we're doing updates and pushes do you have any control over permissions of the files that are going on to the systems I'll speak to that client licensing issue quickly just by adding that the floating client option available in case you was developed in particular for organizations that have very large installations of computers and possibly a small group of specialized programs that you want to distribute to them it's a very affordable licensing option since we don't do software distribution will go to the next 10 second answers guys ok so again we're file way for educational licensing we have a very good scheme where we give you the software and you pay for support so i suggest them you know we could talk about that offline regarding permissions every file that we control we can manage their permissions the bits and the groups on them and the owner interests in the interest of time i'd love to talk more about this with you and we've got our engineering development team here from LANDesk and if you want to stop by a little bit later we can go into more detail on that dependency question ours is to the policy based orchestration I talked about earlier we do both by a machine based versus a user base so for like roaming users if you have multiple risk users on machine that they be not necessarily have permission for particular application