santiago silver - Fotolia


What to look for in client management tools

Bringing PC and mobile device management under the same umbrella is clutch for IT today. Shops can get that done by picking the right client management tools.

Managing endpoints in the enterprise grows more complex every day. Administrators must handle the usual assortment of Windows desktops, but many must also contend with a mix of mobile devices that have invaded the enterprise.

It should come as no surprise that many IT administrators are on the hunt for comprehensive client management tools, yet selecting the right one is no easy task. Admins must consider a number of factors to ensure they get exactly the features they need.

Asset management

IT needs a client management tool that can track all or as many assets as possible, with room to scale up. The tool should be able to inventory endpoints and gather information about the hardware, operating systems and installed applications, regardless of where the endpoints reside.

Before selecting a product, admins should get a sense of the type of endpoints the tool will track. For example, which operating systems do users' devices run? A comprehensive client management tool should be able to handle most of the endpoints.

And don't forget all those smartphones, tablets and other portable devices. These days, companies likely need a product that also supports mobile device management (MDM) and mobile application management (MAM). At the very least, a client management tool should seamlessly integrate with existing MDM and MAM tools.

Also consider whether you want to manage devices that are not domain-joined, or ones that are not connected to the corporate network, such as machines used for lab tests, or ones that run in off-site facilities or in someone's home.

Software management

Endpoints don't just sit there. An operating system runs on each one, and so do numerous applications. Some computers also run virtual machines, each with its own operating system and applications. The ability to manage all this software is essential to an effective client management tool. It should be able to package and deploy operating systems and applications -- regardless of the number or type of endpoints -- and deployments should require little-to-no user intervention. IT should also be able to target deployments based on categories such as department, user role, machine type or any number of other variables.

The ability to apply service packs, update software and perform ongoing patch management is also important. Ideally, these processes should be automated.

A comprehensive client management tool should also be able to manage and update antivirus and other security software, and it should control application access through such mechanisms as black and whitelisting. In addition, the product should be able to manage software licenses to ensure against unexpected costs and prepare for audits.

Security and configuration

The security and configuration capabilities of a client management tool go hand in hand. They facilitate system management and protect sensitive resources. Most desktop management products take a policy-based approach that lets IT exercise fine-grained control over how endpoints are configured and what end users can do on their machines.

The policies available in a client management product should let IT control a wide range of settings, from software updates to firewall configurations, including how each machine should be configured by default. Through the policies, admins should be able to define baselines that apply to each type of endpoint, with the ability to create custom policies when needed. The product should also integrate seamlessly with existing domain structure and directory services.

Admins should be able to apply the configuration settings based on a variety of factors. For instance, IT might want to base certain settings on the operating system, device type, or on how a user logs on to the network. Admins should be able to control proxy settings, USB device use and registry entries, and they should be able to exercise that control based on users or machines.

When assessing client management tools, verify how it secures the management environment. Communications from the tool to the endpoints and back-end storage should be protected. Data should be secure at rest and in motion, even if the entire operation lies behind the firewall.

Auditing and reporting

No client management tool is complete without the ability to monitor managed endpoints. Administrators should be able to gather information that helps them track how workers use their devices, how well those systems perform and whether any security risks exist. Features such as Windows logging are seldom extensive enough to provide the type of robust auditing and reporting most enterprises require.

An effective auditing system can help administrators identify current problems and prevent future ones. To this end, the system should be able to raise alerts and send critical information to the appropriate stakeholders, such as business managers or security teams. Administrators should also be able to generate comprehensive reports from the information collected so they can quickly grasp issues and drill down to more details as needed.

The auditing and reporting capabilities can also play a role in complying with security guidelines and regulations such as PCI, the Health Insurance Portability and Accountability Act, FERPA or the Sarbanes-Oxley Act. With a system for auditing and reporting in place, administrators can run reports that help them assess the compliance of their users and devices.

System administration

Another consideration to take into account when assessing client management tools is general system administration, as it pertains to the product's efficiency, usability and overall effectiveness. For example, admins should be able to perform all management tasks from a single, centralized console that is intuitive and comprehensive. If the console is a server-based application, the tool should also provide remote access.

Client management tools can come as on-premises products or cloud-based services, so companies should weigh whether one strategy is more effective than the other. Regardless of which type a shop uses, IT should also consider how well the product integrates with other systems, how many tasks the tool can automate, and what self-service capabilities are available -- such as allowing end users to reset their own passwords. Shops should also find out what sort of support the vendor offers before purchasing a product or subscribing to a service.

Next Steps

The evolution of endpoint management

Rules of endpoint management engagement

Unified consoles the star of client management tools

Dig Deeper on Endpoint security management tools