Manage remote PCs

Remote desktop management is becoming a necessity for IT departments. GartnerGroup studies show that support expenses make up as much as 80 percent of a LAN-based PC's total cost of ownership (TCO), and systems administrators are eager to trim those expenses. ON Technology's remote desktop management system, ON Command Comprehensive Client Management (CCM) 4.5, can help.

CCM, which operates on Windows-based enterprise networks, lets you remotely install, repair, and configure OSs and applications on desktop PCs throughout your LAN or WAN. The product also remotely executes hardware tasks such as disk drive partitioning and formatting, as well as BIOS flashing.

The software performs these tasks through several server and client components. In a basic installation, a CCM server contains and manages information about any PC with an installed CCM client. You use the CCM Administration Console to view this information. You also perform maintenance tasks on demand and manage scheduled software deployments and upgrades. Finally, you use the CCM Depot Manager to maintain the installation packages and source code for various applications that you use CCM to deploy.

To fully reap the product's benefits, make sure all client PCs on your network are compatible with Remote Wake-Up and Preboot Execution Environment (PXE—for information about PXE, see the sidebar "PXE's Promise"). If the client machines aren't compatible, you need to upgrade client hardware or create network boot disks for legacy PCs that you want to remotely manage. If you have relatively new client PCs, you might need to visit each PC to make the necessary BIOS configuration or upgrade a NIC.

A CCM deployment requires substantial planning, administrative time, and training. When I received the program for review, I spent an hour skimming 700 pages of documentation in six manuals. In most organizations, a successful CCM rollout requires a project manager. An ON Technology representative told me that most customers who purchase CCM also purchase a support agreement with the company's Professional Services Division. This support, which the software's purchase price doesn't cover, typically includes onsite help with setup and integration. The support can also include assistance with customizing specialized application packages for deployment on your network. The amount of extra cost depends on your environment's complexity and the degree to which you want to customize CCM. ON Technology's Professional Services costs $185 per hour, and an add-on component for creating or customizing installation packages costs $9995.

A CCM server requires a 200MHz Pentium Pro processor or better, 64MB of RAM, 4GB of hard disk space, Windows NT Server 4.0 with Service Pack 3 (SP3) or later, and NTFS on all server drives. The CCM server needs to be a dedicated box. Because the CCM server can support as many as 500 clients, you'll need to adjust your hardware estimates accordingly. The large disk-space requirement is for software-installation package storage (i.e., the depot) that you can offload to other servers. If you administer clients across WAN links, remote depots are necessary. If your network uses DHCP, CCM requires you to install ON Technology's DHCP support services on all your DHCP servers. Finally, you need to install NT 4.0 or Windows 9x on PCs that you intend to manage with CCM's Desktop Agent. The Desktop Agent doesn't support Windows 3.x or UNIX clients, although the CCM server component can run on UNIX.

After launching the setup routine on a member server in the Windows 2000 Magazine Lab, I created two local user accounts. The CCM setup program later assigns permissions for these accounts to folders in the CCM directory tree. One of the accounts is for the Desktop Agent, which requires access to setup packages and instructions. Because the Desktop Agent logs on locally at each client, the agent's credentials must match those of the CCM server's local account for the agent to have access to the shared folders. The other account is for the Depot Manager, which requires access to the CCM folders in the software depot. After I created the local user accounts, I selected the NT domain the server would work in and named an administrative area. (Each CCM server has an administrative area that includes the PCs the server manages.) To complete the setup, I reapplied SP3. CCM installed 230MB of code and eight new services.

To install the DHCP support services, I relaunched setup.exe on a DHCP server and chose options to install the services. I chose all the defaults, and the setup routine installed a CCM folder at the root level of the C drive and added four new services, including Trivial File Transfer Protocol (TFTP) for downloading files to client PCs, and Wake-Up Proxy for Remote Wake-Up capabilities. I reapplied SP3 and rebooted. Then, I opened NT's DHCP Manager and created a DHCP global scope option that defined the boot file my client PCs would use for network booting. Thus, the client PCs received a pointer to the CCM server along with their DHCP-assigned IP address. On a larger network, I'd need to repeat this task on all DHCP servers. This setup becomes more complicated on a network with multiple IP segments.

After I set up the CCM and DHCP servers, I installed the Enterprise Viewer, Administrative Console, and Depot Manager. You can install these components together or separately on remote clients running NT or Win9x. The Enterprise Viewer is a Microsoft Management Console (MMC) snap-in that lets you manage multiple CCM servers from one interface. The Administrative Console is CCM's GUI for managing servers, but it views only one CCM server at a time. Depot Manager defines a software storage area and populates the area with correctly assembled installation packages. In the test environment, I installed all three components on the CCM server without incident, although I first needed to install the MMC and Microsoft Internet Explorer (IE) 4.0.

Depot Manager is straightforward to use, and I had no problems moving CCM's predefined packages to the CCM server software depot. CCM packages come in several varieties and are the heart of how the software manages network clients. The packages can install software applications and OSs. They can also make configuration changes or launch particular actions before or after the OS loads. The product ships with shell OS and application packages that require you to supply vendor application files. ON Technology's Web site provides other packages. Screen 1 shows the Depot Manager interface. The left pane lists CCM-provided shell packages. The right pane shows the CCM server's designated depot share, which contains a list of packages and vendor files.

Unfortunately, the base product doesn't let you create packages. Furthermore, if you want to customize packages, you need to use CCM's proprietary scripting language. If you want to use CCM to deploy specialized applications, you can buy the InstallCam or pay ON Technology's Professional Services to help you.

Different Clients
Before I could see the software perform, I needed to configure clients. CCM clients are consistent or cooperative. The program configures consistent clients from initial drive partitioning and formatting through the latest installed application. If CCM manages a PC from the beginning, the software records a complete history of all CCM-managed installations, configurations, patches, and service packs. An administrator can use this information to restore the latest system configuration to a client that is down because of disk corruption or failure. You integrate cooperative clients into CCM after their initial setup. Clients that aren't PXE-capable are cooperative by default.

I used the Administrative Console to test both types of clients. The setup was similar for both clients. I entered a client ID, host name, and media access control (MAC) address, then specified whether the client was on an Ethernet or Token-Ring network. At that point, I selected a check box to differentiate between cooperative and consistent clients. Next, I defined the drive partitions. Finally, I created a task to install NT 4.0 and the CCM Desktop Agent, choosing those packages from the depot, as Screen 2 shows. I set several required system parameters for the OS and saved all my configurations. CCM takes no further actions with a cooperative client except to enter the client data into the program's proprietary database.

For the consistent client, CCM recorded the database entries and immediately began to execute my configurations. The PXE-capable PC that I chose as the consistent client came to life through the CCM Wake-Up Proxy service, which I installed on the DHCP server. The PC then obtained an IP address and boot file location from the DHCP server and booted to the network. The monitor momentarily displayed the ON Technology logo, then connected to the CCM server to check for instructions. The client found the packages I had assigned, downloaded several files of a compact OS into memory, and launched Fdisk. CCM partitioned and formatted the drive and began loading NT. Although I had to enter a CD-ROM key code (which I didn't see in the setup parameters when I configured the system), the operation worked flawlessly. At the Administrative Console, I checked my client's status and studied the error logs for problems.

I tested cooperative clients by using the CCM Desktop Agent to push application installations. I used an older Compaq computer that predated PXE and Remote Wake-Up support, and I manually installed the Desktop Agent on an NT Workstation machine. I pushed an antivirus application and Microsoft Office 97 without incident. Permissions weren't a hassle because the Desktop Agent has temporary membership in the local administrator group during installations. The parameters in CCM's predefined packages offered setup flexibility, but some organizations might want to customize the package with additional templates and macros. Next, I installed a 3Com 3C905 NIC with a Managed PC Boot Agent (MBA) that gave the Compaq computer PXE capabilities. I used CCM to remotely partition and format the drive and to load NT Workstation, which converted a cooperative client into a consistent client. The only remote-management functionality missing on the older PC was Remote Wake-Up, which the motherboard didn't support.

ON Technology sells CCM for as much as $145 per seat, and you can purchase a desktop remote control product, ON Command Remote, for an additional $15 per seat. The company also offers add-on modules. This à la carte method of adding functionality to CCM can get expensive. For example, large organizations rolling out the CCM Desktop Agent to their existing clients will need a deployment tool. ON Technology's Professional Services provides a utility that runs with the Command Line Interface (CLI). The only hitch is that CLI, an add-on module, costs $9995. The InstallCam, which ON Technology is replacing with Development Studio, is a necessity for most organizations and seems natural to bundle with CCM rather than to sell separately. SQL Bridge is available for moving data from CCM's proprietary database to a Microsoft SQL Server format—­for $9995. This price structure favors enterprise networks, and the larger installation base offers the greatest potential Return on Investment (ROI).

CCM's functionality and stability impressed me. The product's strongest asset is its exploitation of PXE. ON Technology is at the head of the pack in using this emerging technology. But CCM isn't a comprehensive replacement for other desktop management suites. Functions such as hardware and software inventory, software metering, and network monitoring are absent. Instead, ON Technology provides integration with existing products that provide these features, such as Microsoft Systems Management Server (SMS) and Tivoli Systems' Tivoli Management Environment (TME) 10. CCM includes a Desktop Management Interface (DMI) explorer utility (at no extra charge) to connect with DMI agents such as Intel's LANDesk client manager.

Although front-end costs add up, organizations looking for long-term savings need to consider CCM. Until a desktop management suite provides a truly comprehensive management tool set, IT managers must weigh each product's features against their enterprise needs. SMS fares well against CCM in a simple comparison of cost to features but doesn't yet exploit PXE's functionality. Thus, CCM remains competitive even after you consider the costs of add-on modules and ON Technology's Professional Services. The product will yield long-term savings for some organizations.

ON Command CCM 4.5
Contact: ON Technology * 781-487-3300
Web: http://www.on.com
Price: $145 per seat for as many as 999 clients; $100 per seat for 1000 or more clients; $9995 for each add-on module
DECISION SUMMARY:
Pros: The product's ability to exploit the Preboot Execution Environment is unique and lets administrators perform low-level tasks that usually require a visit to the client; all features are reliable; documentation is detailed and well written
Cons: The product is complex and has a steep learning curve; pricing structure isn't practical for small to midsized networks; some potentially important components (e.g., InstallCam, Command Line Interface, SQL Bridge) cost extra