Today, a growing number of companies are investing in multiple systems management tools. These are being used to provide key services such as inventory, software distribution, patch management, power management, security configuration and vulnerability management.
However, this type of investment often results in a set of disparate systems management tools that are not integrated, have a high total cost of ownership, are slow to respond to incidents and ultimately provide a poor return on investment. The issues that arise are significant, and are both monetary and performance related. These can include: increased license, infrastructure and staff costs, management tools impacting client performance and poor visibility and control of distributed enterprises.
However, solutions such as Tivoli Endpoint Management (TEM) address these issues by providing real time visibility and control of distributed enterprises through a single unified management platform, using a single agent and a unified console.
Such a platform can act as a solid foundation for an integrated set of software products that provide lifecycle management, endpoint protection, security configuration and vulnerability management. These intelligent platforms can respond rapidly to events in an enterprise, and are designed to continuously discover, assess, remediate and enforce the health and security of servers, desktops, and roaming laptops in real time.
Unified Management Platform
A unified management platform is required as the foundation for all software modules, which could include asset discovery, patch management, security configuration, power management and many more. This platform is built up on the concept of having a single agent installed on all target systems that is capable of performing all the software functionality. This agent is designed specifically not to impact the performance of a target system, using only 2-4 megabytes of memory and less than 2 per cent of processor bandwidth when active.
In organisations that have a large distributed enterprise, it is often an impossible task to keep track of all of your IP enabled IT assets. In some cases a significant number of a company’s IP enabled IT assets could be undocumented and not appear in any inventory databases or asset list. It is hard enough to keep track of all the assets that you do know about let alone find all the assets that you don’t know about. In fact, getting visibility of the assets that you are currently not managing is as important as correctly managing the assets that you do know about.
There are many compelling reasons to implement a comprehensive patch management system, to mention just a few:
- known vulnerabilities of un-patched systems are targets for viruses and malicious code
- un-patched systems are in breach of governance such as Sarbanes-Oxley
- increased threats from modern working practices, remote workers, interconnected sites
A successful patch management solution is not just about the software technology used to deploy patches; it is also about having the right people and processes in place to make a solution work. Patch management software should not only provide the technology to deploy patches but should automate significant parts of the process, thus reducing the burden on the people supporting the patch management process.
Security Configuration and Vulnerability Management
New and increased governance, both internal and external, of organisations is forcing companies to invest a lot time and money both implementing new security policies and proving compliance to existing policies. Some companies are still finding it difficult to implement some of the most fundamental IT security policies, such as maintaining secure systems, security patch management and security updates for major operating systems. Even when the right security policies are in place companies often find it difficult and time consuming to provide evidence of compliance.
For example, TEM’s Security Configuration and Vulnerability Management software provides the ability to assess and enforce security policies on all systems running the TEM agent, by providing an out of the box security management solution. There are default security configuration policies that can be applied to Windows, Unix, and Linux platforms that will enable companies to maintain secure systems. Compliance of systems to enforced security policies can also be monitored in real time through the reporting tools.
One area that has recently been bought to the forefront, is that of power management. IT equipment, particularly desktop PCs account for a significant part of an organisations energy usage. Using even the simplest of calculations there are compelling reasons to implement a PC-power management solution, for example:
If a PC is kept running 24 hours a day 7 days a week and is only used for 8 hours a day, then the energy consumed by the PC for the 16 hours a day it is unused is wasted. If you then take into account weekends and holidays, over 70% of the energy consumed by a PC left running 24/7 could be wasted.
The simplest way to reduce this wasted energy and still allow access for maintenance and critical updates is to implement an effective PC-power management solution. Organisations should adopt an intelligent, automated solution for reducing power consumption without adversely affecting computer use or administration. This can be done with a solution that tracks the state of a computer (idle, active, standby, powered off) and allows you to create power policies that maximise power savings. The visibility to be gained through reports that measure this power usage, is a real asset to any company.
It is encouraging to see that so many organisations are realising the need for a wide variety of systems management tools. Asset discovery is an invaluable tool in today’s distributed enterprises. It is essential that organisations are aware of all the assets they currently don’t manage and put action plans in place to rectify the situation. Patch management too is an integral part of every day IT, and an intelligent software toolset can complement and reduce the burden on the people and processes that make up a patch management solution.
Of course, maintaining secure systems and keeping security patching up to date on all IT systems should be the minimum requirements for a company’s IT security policy. And, with IT making up more and more of a company’s carbon footprint, it is essential that companies tackle the issue of wasted energy; implementing an effective power management toolset can speed up this process.
These recommendations are all imperative to a healthy IT infrastructure, but the opportunity presented by automation and by adopting a unified management approach is vast. Such an approach for performing multiple systems management functions can not only reduce the complexity of systems management infrastructure and the load systems management tools place on managed clients, but also reduces the total cost of running the solution.