by Lynn Merrill
The world of Management Software serves an important role for those administrators responsible for the assets and security of information within an enterprise. This genre of software provides tools installed at a central location that enables the administrator to manage and survey the state of those assets at any given time. The monitoring of hardware capabilities, performance and state of installed software, and the ability to troubleshoot problems from a remote location and send out critical notifications from a central location, not only save substantial time for the administrator, but also serve as a cost saving measures for the company. As more and more mobile devices are available to the enterprise, however, new concerns and problems arise when it comes to managing and monitoring of these devices.
This paper discusses many of the key areas of management software, and attempts to identify areas of concern related to a more and more mobile workforce. We will visit these areas, describe the function of each, and list potential concerns that are introduced when applying the concepts of Intel’s Mobilized Software Initiative to that area of management software. The key motivation of this discussion is to make you aware of what is involved in management software, how it was initially engineered and what must be addressed with regards to enabling mobile devices and managing them effectively. For the purposes of discussion within this paper, we will address primarily the aspects of management software as it relates to the IT industry.
Overview of Management Software
Management Software has been around for a number of years. Its primary goal is to facilitate the management of all assets within a company. This management activity occurs generally from a single location, where an individual can perform all management tasks without having to leave the office. The management software stack covers a wide variety of features that include tasks from discovery and inventory, to alerts and remote control. Over time these tasks have expanded to include specialized business models such as vending machine management and retail point-of-sale systems. The overriding common feature of these systems is that they are tailored to work in a wired environment, where all of the assets were in a known and fixed or relatively constant place. As mobile devices were introduced to the industry, they were viewed as toys, or nice things to have. However, as the acceptance and usage of these mobile devices has escalated over recent years, these management software systems are facing new challenges in making sure that their asset control is able to adequately manage these diverse and very moveable assets. We will delve into the specifics of many of the features contained within management software packages, and discussion some of the challenges introduced by the mobile devices that are so prevalent in our current society.
Inventory serves as the mechanism where by all information regarding the assets of the enterprise are collected, stored, collated, and made available for use by the administrator, or by other components of the management software stack. Typically there are two general areas of the inventory: Hardware and Software.
- Hardware inve ntory is concerned with the physical characteristics of assets such as computers, printers, monitors, phones, together with details of the assets such as it memory configuration, video card, network card, or what processor it contains. Even more detail can be kept by some stacks such as fan speed, processor temperature, and the like. Maintenance specifics and upgrade status of these components can also be tracked so that a clear picture of the capabilities of the work force is always known.
- Software inventory keeps track not only of what software is installed on the computers and other devices, but also when the last update occurred, and service patch level is currently applied to those software packages.
All of these inventory items are used by the administrator to get a clear picture of the state of the assets. For example, when it is time to prepare budgets for upgrades to hardware or software, the administrator can query the inventory to make a more accurate estimate of what is needed, who needs the funds first, and how much these items will ultimately cost to upgrade. The inventory becomes a valuable tool in aiding the administrator to perform their function in a variety of ways, too numerous to list. The inventory can also be used by other components of the management software stack. For example, when a new piece of software is acquired for use within the enterprise, the software distribution component will query the inventory for information on which machines do not have the software, which ones need a major upgrade to the latest version and which only need a new service patch update. It will perform the work necessary as dictated by the inventory, and then update the inventory to reflect the changes that were just performed so that current status is reflected in the inventory.
With mobile devices, the capturing of up-to-date information becomes more problematic. For example, instead of being at a fixed, wired location, devices can now be connecting via wireless networks, and may be roaming from one place to another. Some of the issues raised with mobile devices include authenticating a user’s credentials when connecting over a wireless network, a single user may have use of several devices and entry may come from multiple points instead of a single point. The devices themselves pose other problems for the inventory. These could include the bandwidth capability of the device, detecting and storing the communication preference of the device and whether it is wired or wireless. New devices such as access points and PDAs are heretofore unknown to most inventory lists; automatic detection methods have not been developed using standards to identify these devices. Form factor issues are also a new twist for inventory. Things such as graphical display capabilities, memory constraints for software and power availability when running on battery may all be new aspects that the inventory will need to address. In today’s world the administrator may have to review how assets are tracked, and may need to change them to be tracked and tagged as belonging to an individual, in addition to being owned by the department. These and other issues all come into play when dealing with inventory for the mobile workforce.
The purpose of this component of the management software stack is to facilitate the distribution of all software elements that are used to carry out the business of an enterprise. This functionality includes the delivery of, not only new software, but the maintenance of existing software, whether it is the operating system used by the devices, or the business software used by the employees. There several methods used to distribute the software each targeted to best suite the needs of the enterprise. Generally these methods determine the fastest site from which software may be downloaded so that installation times are as short as possible. Some methods employ a ‘push’ method where software is delivered in an expedited fashion. Other methods employ a ‘pull’ method where the receiving device controls when the download occurs. Most vendors support checkpoint restart which ensures that interrupted deliveries are restarted at the previous point at which the delivery failed and the distribution is completed. Typically a wired connection is assumed during the distribution of software.
For mobile devices a whole new set of issues arise. These issues include decreased bandwidth capabilities, size limitations of the devices, versions specific only to handheld or PDA devices, and power availability on the receiving device. Bandwidth issues stem from the difference in transfer rates between traditional Ethernet connectivity and the 802.11 wireless capabilities. Timeout issues on slow connections may be a problem for some products. Connectivity may also be spotty as the receiving device may be roaming from place to place while a distribution is in progress, meaning that a reliable disconnect/reconnect scenario is provided. Care needs to be taken that these issues are addressed by the software distribution component. As software is created with different modules made available for different devices, more intelligence needs to be added to the distribution of these modules so that the correct module is downloaded to the correct device. For example, you would not want the desktop version of Excel to be downloaded to a PDA, or vice versa. New measures for ensuring this type of issue need to be addressed, not only in the software distribution component, but perhaps in the inventory component as well. Mobile devices are often limited by smaller hard drives and are very often running on battery, bringing up issues that relate to the ability of the device to handle the requested download. The client as well as the server components would likely need to be modified to address this type of functionality for software distribution.
The Management Console is the tool used to control elements of the management software stack. From the console, typically installed at one location, the administrator can queue inventory scans, schedule software distribution tasks and send out alerts to specific machines. In brief, the console is where administrators can perform their tasks.
With wired connectivity, knowing whether a device is connected is not an issue. With mobile devices, however, knowing whether a device is connected or not connected presents new problems. Modifications for connected acknowledgement may now need to be provided in the management software so that the client and the server are aware that a connected state is in place. Pinging a device by name is also a common procedure performed from the management console. As mobile devices roam from place to place, the IP addr ess changes are registered quickly with DHCP server. However, the delay of the DNS service in migrating names can prove to be problematic, often meaning that a name is no longer registered. Only partial services would then be available to those seeking access. The addresses that are relayed may well be coming from a different proxy when moving from one location to another. So establishing trusted access points and recognizing rogue access points becomes another issue for the console when dealing with mobile devices.
In order to protect against legal actions, corporations will enforce application licensing through a process that is independent of the application. There are two licensing schemes in use today: Synchronous and Asynchronous.
- Synchronous Licensing. Applications controlled using this method are licensed to allow a set number of users to activate and use the application at the same time. On startup the application makes request for a license to the server. A central database on the server tracks the use and availability of licenses for all applications. If the number of concurrent users for the requesting application does not exceed the limit, a license is granted back to the system, and the application continues to run. Once the application is terminated, the license is freed up for use on another system. Application hooks prevent the application from running if no license is available. This method generally requires a connected state to function properly.
- Asynchronous Licensing. This method grants exclusive use of the license to the requesting application, allowing for start and stop operations as needed on the system using the application. As with synchronous method, only a set number of users may have a license granted to them.
For mobility, the synchronous method presents some challenges. Network connectivity is required for the application to request and receive a license on each startup of the application. If the user of the device is not connected then they are not able to use the application. To allow for true mobility, modifications would need to be made to the synchronous model to allow for the licenses to be checked out for offline use. This could also include the automatic check in of the license when network connectivity is reestablished if the application is not running. Allowing the administrator and the user to customizing this ability would a great asset to improving productivity when in a mobile environment.
Security and Alerts and Notifications
Literally volumes could be written with regards to issues dealing with security and the mobile environment. For management software this is a critical issue in that it must be augmented to protect the integrity of the intellectual property of the company, especially where mobile devices are prevalent in the workforce. The issues of authentication, authorization, and auditing are of paramount importance, and mechanisms must be in place to ensure the security of data being transmitted from corporate to the mobile users. Both the device and its user must be scrutinized. Access points that are in use from the device all the way to the servers at corporate must be authenticated and secured. These are all new security issues that heretofore were not needed, but are now critical.
Alerts and notifications allow the administrator, as well as other components of the management stack, to send system wide messages or events to the devices within the enterprise. It also provides communication of specific problems back to the administrator from the client machine. With a mobile workforce, the issues of connectivity and bandwidth again are at odds with how this feature is typically architected. As messages are sent out to the devices, it may be that some devices are not able to receive the messages due to a lapse in the connection, or a timeout on the message due to reduced bandwidth. Decisions must be made as to what to do when this occurs. Solutions such as a complete resend when a connection is reestablished or batching up the messages that were not successfully received are two suggestions. Acknowledgement of receipt of message may also need to be implemented in the feature to adequately solve the problems that may occur with mobile devices.
This feature is used to collect and store information about the assets of a company. It is initially used to provision new equipment and make sure that all of the components of that equipment, both hardware and software, are accurately stored in the inventory system. This becomes the baseline of what assets the company actually owns. Later as an audit is made of the equipment, this feature is again used to scan the assets and report the latest status back to the inventory. If the feedback from the scan is different from current inventory status, alerts can be generated which will inform the administrator of those differences. Both of these scenarios are automated and typically run in the background. For mobile devices that are offline, provisions must be made so that a rescan can be scheduled when the device is again connected. This would mean that the client would need to communicate that it is connected, and the server would need to be aware that a scan can now proceed. Provisions for reporting successful scans as well as incomplete scans would need to be made as well.
Real-Time System Monitoring and Remote Control
This feature allows for connection to any managed device to monitor its current state of operation. It is used primarily for problem resolution, but can also be used for chatting, file transfer, and other real-time operations. This software typically installs itself to the system to be monitored, executes, allows for the monitoring of the system, then uninstalls when monitoring ceases. For mobile devices, the issues of connectivity, bandwidth, and timeouts will impact the ability of this feature to function properly. Additional measures may need to be addressed within the software stack.
Remote Control often works hand-in-hand with system monitoring and enables the administration to control the operations of a device from a remote location. Robust systems allow for remote execution and for rebooting of the target system. They also provide the Wake-On-LAN functionality to turn a system on from a remote location. A very powerful tool, remote location again relies on a wired connection to the system being controlled. With mobile devices, scaling of graphical details to the available bandwidth can hamper the real-time view of the device. Network transitions may also prove problematic. These issues and others would need to be addressed and solved when working with mobile devices.
Management software provides a key and vital role to the administrator whose responsibility it is to manage and control the assets of an enterprise. Traditional software stack may not adequately address the challenges posed by a more and more mobile workforce. Modifications to aid with issues of wireless connectivity, bandwidth, security of data transfer from corporate headquarters to the mobile device are all required to make the management of mobile devices as sure and as accurate as managing fixed in-place assets. For these management stacks to continue providing this invaluable service, they must be modified to match the new and exciting technologies that are emerging.