Managing PCs the Web services way
Altiris wants to lead the way on automating system deployment and updating.
IT lifecycle management is more than just automating how you configure servers, PCs and other client devices - but that's a big start, says Dwain Kinghorn, chief strategy and technology officer of Altiris, a fast growing company which develops software to provision, configure and update PCs, servers and other devices, as well as do asset management.
While his company is small by the standards of the industry, it has notched up several big deals. Dell for example is both a customer, using Altiris to deploy software to servers and desktops, and a distributor, selling it as part of its blade management suite - deployment technology is essential for blades, because there is no traditional way to deploy software to them.
The company also worked with HP to develop the latter's Rapid Deployment Pack, and HP ships Altiris recovery technology on all its commercial desktops and thin clients. Its software is used by Fujitsu-Siemens and Intel too, and just recently IBM signed up to integrate Altiris deployment tools into the software toolkit that it ships for its Intel-based x-Series servers.
Dwain Kinghorn says one of Altiris's advantages is that it came into the field after the likes of Tivoli and Computer Associates - its software can connect to other apps such as Remedy and Microsoft SMS or Active Directory to share data, but its design is different from the big frameworks.
"In the last few years there has been a discontinuity in technology, with the Web and so on," he says. "We have the notion of a core notification server, which ties into a configuration database built on SQL Server, with a .Net framework around it - it's effectively a set of Web services providing common ways to share information.
"The arrival of Web services, and standard protocols such as XML and SOAP, allows us to do integration and data sharing in ways that were really hard to do 10 years ago. CA, Tivoli and other frameworks weren't built on modular Web services. We've been able to successfully develop business logic modules that plug into the central database, bring them together as suites, and go to market. Under the covers it shares many things."
For example the system could download a new patch, work out which servers need it, use Wise (one of Altiris's many acquisitions) to package it, schedule its delivery with bandwidth compression, and snapshot the system before patching in case of failure - the company reckons its customers see 20 percent patch failure, mostly on the client side where systems aren't locked down, so new applications have been installed. Doing all this involves 12 or 13 products talking to each other, Kinghorn adds.
This deployment software is becoming essential for the likes of Intel, he points out, to the extent that it is funding end users to run pilot projects and test it. Intel of course wants people to move to new hardware, with new processors and chipsets, but the challenge for its customers is the cost of migration and deployment - Altiris cites Gartner figures which claim that migration and transition costs can be as much as 80 percent of a hardware refresh project.
Asked where PC configuration management software goes next, Kinghorn points to desired-state management, where you segment off areas of the operating system and application and watch for changes. Altiris has a product called Protect which can define, lock down and restore system configurations, including personalised environments.
Then there is Fortress, a new application virtualisation 'sandbox' technology. It's analogous to VMWare and has similarities with Softricity, but with more configuration management, he says. It means you can apply a patch and instantly remove it if necessary, or commit it once it's been tested and verified.
"Application virtualisation will allow a customer to roll out applications and patches in very short order without worrying about roll-back," he says. "Protect wraps the whole environment, but our Fortress technology goes to the application level."
Security and configuration management converge
On the server side, Altiris is moving into performance analysis for Webservers, via its acquisition of Web application management specialist Tonic. Kinghorn adds that network devices need configuration management too, discovering and deploying routers, switches and hubs, and that quarantine is a hot area - for example, using port control and VLANs so that when a new client joins, it is first allocated to a non-production VLAN and queried for its patch and security status.
"Over the last year, we've done the work to do system-level monitoring on Windows, Linux, Solaris, HP/UX," he says. "For example, is the processor overworked, what applications are running, what errors are occurring. Now with Tonic we have a second view of the system deep inside, at the application and user level."
He acknowledges though that there is plenty more to do on the configuration and asset management fronts. These should keep his distributed teams - Altiris has software development bases in several countries, including Australia, Estonia and the US - busy for some time to come.
"Areas that aren't strong today that are obvious additions include the convergence between security and configuration management," he says. "It's not making a personal firewall or antivirus, but it checking if it's installed and patched, are the security settings appropriate, for example which accounts are enabled or disabled. It's checking for vulnerabilities.
"So asset management is growing to include security vulnerabilities. It ties in to the ability to provision a quarantined VLAN for visitors to your office to have Internet access, say. But identifying a computer is a challenge - you can change the NIC, change the host name, etc.
"We're looking at storage provisioning too. There's a lot of security considerations to understand about storage networking and how things are configured on the SAN.
"And another big issue is service management. We have put the helpdesk into the asset management bucket, we will see that change. For example, there's a number of systems involved when a new employee joins - HR, you have to order and provision a PC, deploy it, load applications. We want to provide workflow or service request capabilities, to simplify tasks and make them repeatable."