|
Although CCM tools are great at automation, they do not do as well at making the environment inherently more secure. Although some perform patch management, there’s simply no “magic button” in these tools that can be pressed to make the desktops “more secure.” Some more modern CCM tools now contain a “desired state” reporting and management method. This feature is intended to help the administrator control computers to a specific set of defined criteria. Unfortunately, CCM tools are far from perfect, and are sometimes used as reporting tools to simply express how far from the baseline a desktop has traveled. Moreover, it’s not always easy to make exceptions for flexibility. A “desired state” is a fixed goal, and configuring alternatives from the desired state can be challenging. Additionally, in the worst case, if a desktop with a desired state becomes corrupted beyond repair, there is no way to return back to that desired state — no matter how much the administrator wishes for it to be so.
For these reasons, CCM tools are not enough to provide absolute certainty of the configuration state of a desktop. Organizations need to adopt and implement blended solutions that combine CCM tools with an additional way to positively guarantee the end state of a desktop, and the ability to quickly refresh it if it strays too far from the corporate standard. Only then can IT Managers have confidence that their corporate directives are being honored and adhered to. This has a direct benefit on the bottom line. It simply costs less if you know precisely what to expect on end-users desktops. Less to troubleshoot, less to install, and less to maintain. Also, ensuring that your solution works across multiple heterogeneous systems is more important than ever. With Windows, Macintosh, and Linux operating systems on corporate desktops (sometimes both or all three on some people’s machines), the savvy IT Manager will ensure that the flexible and secure solution works across all platforms the company uses today and tomorrow.
By keeping in mind some of the trouble points presented here, you’ll be well on your way toward achieving that secure, managed, and flexible desktop.
For the rest of the paper, we’ll examine some common scenarios IT Managers face and how to minimize the exposure you’ll face. Then, we’ll wrap up our discussion with some ways you can work around these issues, without sacrificing flexibility or security.
The Desktop Pain Cycle
IT Managers are up against an issue called the “Desktop Pain Cycle.” The situation can show up anywhere, but we’ll highlight some common areas that most IT Managers run into time and time again, detracting from “real” IT management duties, consuming time, and causing frustration for the whole department, and, of course the end user as well.
In all cases, it starts when the user acquires a new desktop. This can be a repurposed computer, or a computer that comes in from the manufacturer. In most cases, the desktop is scripted or imaged to an installation. Indeed, that installation is usually a well-defined corporate standard. However, because of the specific business need that desktop is destined for, that corporate standard simply cannot be adhered to for very long. Over the long haul, that drift in standard causes stability degradation and the need for the desktop to be re-imaged back to the baseline — only to see a repeat in the cycle again.
Scenario 1: Scholastic Student or Corporate Training Labs
Student labs from elementary school to college face some of the toughest abuse. Additionally, corporate employees can sometimes act in inappropriate ways when they go to training. That’s because students usually have a huge amount of free time on their hands. This can happen before or after class, or during lab time. Even with some of the best security, there is often a way to get a “toe hold” into the system and have students install the software they want. In doing so, that software degrades the experience for all subsequent users. Moreover, the whole point of student labs is to produce the same experience over and over again, regardless of the user on the desktop. So the next student’s experience on that desktop is reduced, and could mean a loss of productive learning time for that next student. Therefore, in most cases, Scholastic Student and Corporate Training labs often fail to meet the very goal they set out to achieve. In the end, these desktops are in constant need of re-imaging or re-scripting to return the desktop back to the baseline. CCM tools by themselves are of limited usefulness here. On the one hand, you might be able to use it to scan for software that isn’t corporate-sanctioned, but it might be hard determining who precisely is installing the software because these desktops are used by so many different individuals.
|
