Roll with the changes

Even after two decades of managing desktop computers, administrators' challenges aren't getting any easier. "Contrary to what a lot of managers want to believe, the computer desktop is very volatile," said Carol Baroudi, president of Baroudi Bloor, an information technology research and consulting firm based in Arlington, Mass. "Even today, it is far from a stable environment."

Desktop systems management products promise to mitigate the problems, but the complexity, frequent changes and constant security patching that complicate desktop computer management persist.

Despite the challenges, upgrading desktop PCs is likely to heat up in the coming months. Microsoft Corp.'s Service Pack 2 for Windows XP (SP2) "may be the tipping point for the migration to XP," said Alan Promisel, a research analyst at IDC in Framingham, Mass.

Government officials who have been waiting to move to Windows XP, Microsoft's latest PC operating system, will be more inclined to begin the upgrade knowing that SP2 addresses many of the security vulnerabilities plaguing XP.

As a result, government administrators will face yet another major desktop upgrade. But at least they will have some automated tools to help them. Microsoft, for example, offers tools through the Systems Management Server (SMS), although it is not comprehensive.

However, several other vendors, such as Altiris Inc., Computer Associates International Inc. and Symantec Corp., offer comprehensive desktop management and migration automation suites. In addition, vendors such as Tranxition Corp. and BindView Corp. offer various products that handle certain desktop management tasks, such as personal data migration or vulnerability assessment, that often are part of a successful desktop migration.

And for administrators who don't want to handle their own desktop migrations, managed service providers such as Everdream Corp. will do the task for them remotely. If you went through a desktop migration a few years ago and haven't upgraded your management software, you may be in for a surprise. The latest generation of migration automation software contains capabilities to detect the latest vulnerabilities, proactively manage software license compliance and migrate users' personal data and desktop preferences. These capabilities typically are included as part of a comprehensive product or offered as an add-on through an alliance with a company that specializes in such products.

Multiple steps required

Desktop migration is complicated. It involves identifying the existing configuration of each desktop to be migrated, taking inventory of the hardware and software, packaging the new software and electronically distributing and installing the appropriate software on each PC.

Also, you will want to identify and capture users' personal data and desktop settings, which a successful migration should automatically restore. Along the way, you may need to perform asset management tasks, license management to ensure compliance with software terms, patch management, vulnerability assessments and more.

Without automation, desktop migrations quickly become a nightmare. Typically, a technician would have to go to each PC, back up the data and settings, insert the CD with the new software, click through all the prompts, resolve problems caused by discrepancies in the hardware or software configuration and then reload personal data.

"If we didn't have automation, someone would have to visit each desktop and go through the whole process," said Chris Cormell, a consultant at Titan Corp. who handles desktop migration at the Army Department's Information Management Center. "The whole thing would take about four hours for each machine."

You can do the math; migrating one or a handful of PCs is pretty simple. Most government administrators, however, must migrate dozens, hundreds or, in the case of the Army center, 10,600 users. The organization is moving from Windows 2000 to Windows XP, and officials hope to move a third of the users per year.

Cormell uses Symantec's iCommand, which pushes the software across the network and remotely reloads a desktop computer's software. He also uses Tranxition's Personality Tranxport to capture users' personal settings and data so they can be automatically restored at the end of the migration. Cormell also uses SMS but not for migration.

"SMS is a lot more hands-on, and there is no way to remotely deploy an image with SMS now," he said.

Even when using automation tools, administrators must be careful during migrations. For example, a migration to a large operating system such as Windows XP can quickly saturate a network. "We try to do it at night so we don't eat up users' bandwidth," Cormell said. The products typically let you restrict the migration to a segment of the bandwidth to avoid congestion, but this usually slows the process.

The Walter Reed Army Medical Center in Washington, D.C., dropped SMS years ago in favor of Computer Associates' Unicenter asset management and software delivery tools, said Jeffrey Goldberg, director of enterprise management at Management Solutions and Systems Inc., a civilian contractor responsible for managing about 13,000 Walter Reed desktop PC systems spread across 60 sites.

Like those at all Army agencies, Walter Reed officials are working to comply with a service directive to move from Windows NT and to Windows XP or Windows 2000 by the end of the year.

The Unicenter products generally have been effective in automating the migration, with one exception. "It initially didn't do anything about moving the personality of the desktop user, the user profile," Goldberg said. However, with Computer Associates' Desktop DNA, a suite of desktop management tools the company picked up when it acquired Miramar Systems Inc. in March, administrators can automatically make user settings and personal data as part of the migration.

In addition to migrations, Goldberg's group found another use for Desktop DNA. Army personnel move frequently, and they often try to save their personal data to disk and bring it with them. "With Desktop DNA, we can capture that profile and send it to whatever system they are going to," Goldberg said.

Officials at the Michigan Army National Guard also are undertaking a migration, moving from Windows NT to Windows XP. After struggling with the limitations of SMS for desktop migration, particularly the lack of remote capabilities, they turned to Altiris.

Initially, officials thought only the help-desk staff would use Altiris. "Then we saw that the Altiris Deployment Server could help with desktop software migration," said David Day, staff sergeant at the guard's headquarters. Using Altiris, Day migrated more than 600 desktop computers from Windows NT to Windows XP in less than 60 days.

"It was amazing," he said. "I could do 25 systems at once, and it took about an hour and a half."

Finally, guard officials purchased the entire Altiris client management package, which includes patch management, desktop inventory, asset management and software deployment. Officials felt the difference immediately.

"We just began implementing the whole thing, and already it is patching machines for us," Day said. Previously, the team used Microsoft's SMS for patch management but found it harder to use.

In addition to automated migration and patch management, "Altiris allows us to get a handle on the desktop systems," Day said. "In the past, we had no control over the desktop assets. We'd load what people asked for, and we had super users who could load software on their own. We had no control."

Through asset management, administrators quickly brought the situation under control. They chose a standard desktop software configuration of applications and settings, also called an image, although they recently added a second image to accommodate hardware differences. Now, everybody gets the approved image automatically.

Next up is a software portal. Through the portal, administrators will be able to access the latest approved software and patches. "We've defined two types of software on the portal: software approved for everyone and job-specific software," Day said. To get job-specific software, users submit a help-desk ticket. Once approved, the software will be installed over the network via the portal.

Organizations experience a fast and direct payoff from automating the desktop migration process. At the Army center, the cost of migrating 10,600 desktops the old way would be astronomical — four hours per PC. Now, technicians become involved only when automated migrations fail, usually when unexpected windows pop up requiring someone to click OK. This usually happens when someone has attached a nonstandard peripheral device to the system.

For the Michigan guard, automated desktop management has enabled two help-desk workers to manage 1,500 PCs, including software migration and patch management, Day said.

The desktop migration problem isn't going away. Even if you have already muddled your way to Windows XP without the aid of automation, you won't have long to rest. If there isn't another major service pack upgrade before then, Microsoft officials will be releasing the next version of Windows in 2006. By then it certainly will pay to have desktop management automation in place.

Radding is a freelance journalist based in Newton, Mass. He can be reached at alan@radding.net.

***

Improving desktop management

Here are six steps information technology managers can take to make PC software and hardware upgrades easier:

Automate as many administrative tasks as possible.

Establish a standard hardware configuration.

Define a single software image.

Allow a limited number of image options for job-specific purposes.

Manage bandwidth to balance migration throughput and network contention.

Test the migration package thoroughly before introducing it.

What to look for in a product

A comprehensive desktop management automation package delivers all or most of the following functionality:

Electronic software delivery over the network.

Software packaging and image creation.

User profile capture and transfer.

Asset management.

Inventory.

Configuration.

License compliance.

Patch management.

Vulnerability management.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above