Configuresoft ECM found easiest to use

Early issues with Linux, data collection overcome; customer support responsive.

The compliance functionality offered by Configuresoft is a freely available module for its Enterprise Configuration Manager (ECM) platform. Overall, ECM was the easiest to use. We had some early problems finding Linux systems and running initial system data collection, but customer support was responsive, and after we received a software update, everything worked fine.

ECM consists of a Web server, agent software, collector software that gathers the data from the agents and puts it in the database, a SQL Server database, and a browser-based console.

Policies are managed within the administrator console and are set up easily with the wizard. We configured a check for Sophos Anti-Virus in just a few minutes.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The compliance functionality offered by Configuresoft is a freely available module for its Enterprise Configuration Manager (ECM) platform. Overall, ECM was the easiest to use. We had some early problems finding Linux systems and running initial system data collection, but customer support was responsive, and after we received a software update, everything worked fine.

ECM consists of a Web server, agent software, collector software that gathers the data from the agents and puts it in the database, a SQL Server database, and a browser-based console.

Policies are managed within the administrator console and are set up easily with the wizard. We configured a check for Sophos Anti-Virus in just a few minutes.

Out of the box, ECM has eight roles for limiting access to collected information, but it provides a very high level of detail to create custom roles, down to individual components, within the console. Access control is integrated with Microsoft Active Directory, so you don't need to worry about managing a separate infrastructure.

Configuresoft's agent software is unique in that it does not run as a service on the client system. This agent is a Dynamic Link Library that activates when it needs to perform a data collection or system analysis. The agent initially collects full system data, but subsequent runs can include just the deltas.

All system data is stored in the database and compliance reports are run off that data. This process helps speed up reporting, but it also introduces a lag in the information provided. To get up-to-the-minute compliance views, a data-collection action would need to execute and update the database before any system configuration changes were seen in reports.

ECM audit logs were very good, one of the more complete and easily accessible features tested. We could see what actions were performed and identify the users who performed them.

Remediation options are somewhat limited. If a check is enforceable, a Configuresoft term meaning it can be fixed automatically, administrators can make the change on the system. They also can roll back any changes that cause a problem. Rollback functionality is not available at all times, however; it depends on the specific change and the operating system involved.

One area where ECM lags is the level of detail it serves up on pinpointed compliance issues. ECM will tell you a system is out of compliance as a result of one of its checks, but provides minimal detail on why the check failed or what steps can be taken to remediate the issue.

< Previous: Symantec | Next: Elemental Security >

Read more about security in Network World's Security section.