The self-managing desktop

One company discusses new automation tools that give desktops the respect they deserve.

When it comes to the automation portion of your new data center strategy, don't forget the desktop.

So says Herb Schmoll, manager of end-user services at Jarden Consumer Solutions, the Boca Raton, Fla., company formerly known as Sunbeam Products. As much as automation is changing network and server operations, it is affecting desktop management , he says. So great are the implications that companies need a "desktop architect" on staff, he believes.

At Jarden CS, for example, a desktop architect has helped craft automated patch-management processes and has investigated the use of application virtualization. The primary tool at the desktop architect's disposal - the Altiris Client Management Suite (CMS) - is a class of tool that differs from the typical help desk products usually associated with desktop management. This systems management suite performs functions such as software distribution, IT asset management, remote control, PC backup and configuration management.

"Tools like Altiris ... have huge implications [for desktop support] - suddenly, I can do things the server and network  groups have long been able to do. That's an order of magnitude more sophisticated than desktop management has ever been," Schmoll says.

He offers his automated patch-management system as an example. With the help of The Blue Willow Group, an Altiris integrator, Schmoll's desktop team has built a "package server" network for distributing Windows XP and Office patches to 21 Jarden CS facilities around the world. At all but one site, a desktop running XP acts as the local package server, housing patches it receives from an Altiris Notification Server located in Boca Raton. Only in Boca Raton, which serves 450 users, does the package server reside on a server-class machine, he says. When a user machine, which talks periodically to the Notification Server, learns that it needs a patch, it taps into the package server on its local subnet for the appropriate download. This automated process is transparent to users - even the reboot is handled automatically, after hours.

Fast and easy

Automated patch management, served by low-cost desktops, is saving Jarden CS's desktop team thousands of hours of manual effort. For instance, Schmoll recently determined that over the course of a couple of months, this automated process resulted in 110,000 "touches" of user machines. Undertaken manually, at 10 minutes per update, those patch updates would have required 17,000 hours, or about 2,000 working days, Schmoll calculates. Instead, one technician spent about 120 hours testing the patches and readying them for deployment.

Likewise, using the software distribution capability found in Altiris CMS, Schmoll's team recently installed Office 2003 on 300 employee desktops in the course of about an hour. Previously, that effort would have meant desktop support technicians going on-site (or asking local "super users" to help with the installs) and spending a half-hour per user machine, for a total of about 150 hours, he says.

And, a recent companywide deployment of a new version of KVS Vault, an Outlook add-on for e-mail management, took all of 15 minutes. Previously, loading the new software on 1,400 user machines would have taken Schmoll's team about 224 hours, at 10 minutes per machine, he says.

Schmoll gives kudos to senior management at Jarden CS for the open-mindedness regarding the desktop group and the tools allowed. "The $200,000 investment we've made in Altiris is not uncommon for a network operations or server engineering team. But it's an outrageously large amount of money to give to people who usually put Office on desktops. That it would be open to discussion is what makes Jarden CS management out of the ordinary," he says.

Access to sophisticated systems management tools makes having a desktop architect all the more important, notes Schmoll, who has been advocating a desktop architecture position for years. His interest in the idea arose after he felt belittled during a meeting with a "mainframe guy" over computing power. Schmoll prepared for the next meeting by tallying up the RAM, processing, storage and so forth of the desktop machines under his purview. He showed that the company's desktop capacity was four times greater than that available with the mainframe. "If I have a 'computer' that's that powerful, running 1,700 or so applications, I think I need an architect for it," he says.

Within his current organization, the desktop architect is responsible for determining what employee ma chines look like -  what versions of the operating system and applications are right for each computer, what policies and procedures to implement, whether a user gets access as a guest, a power user or as an administrator, for example. Most companies don't empower one person to make all these decisions, Schmoll says. But with new-data-center-style automation, such a move certainly makes sense. "I need someone with the credentials, the intellect and the experience who will be able to stand behind decisions affecting the desktop," he explains.

As an example, Schmoll tells of a recent incident that involved the network group's rollout of a VPN client with personal firewall. The personal firewall disabled remote control software, a critical tool his team uses to support users. The desktop architect was able to convince the network operations manager that the user support group's access to the remote control tool overrode the additional, but not critical, protection provided by the personal firewall. The network group uninstalled the personal firewall until both teams could agree on a product that met all needs. (Schmoll favors the personal firewall in XP).

Apps on tap

With a desktop architect acting as his technology specialist, Schmoll is free to be the team's visionary. And the next likely move he sees is application virtualization. Schmoll sees this new data center technology as a way of streamlining the software distribution process. Altiris makes application virtualization available in its Protect tool, which uses a specialized File System Layer technology that keeps track of an application's file system and registry footprint. Each File System Layer can contain an entire application or other collections of files and data. These software layers can be deleted, archived, migrated to other machines and restored with user preferences and data, all without touching the underlying Windows installation, according to Altiris.

Application virtualization will speed the time needed to individualize desktop machines, Schmoll says. And, application virtualization would make granting temporary application access much easier, he adds.

As Jarden CS's experience illustrates, network executives are wise to remember that the desktop is also the computer.

From outsourced to inhouse

Case tudy: How one IT tech brough user support back in-house.


Learn more about this topic

Security automation: The next wave


Automation know-how


Patch management: Automated tools help, but don't cure all patch ills


Vendors upgrade operations automation gear


What can virtualization bring to the data center?


Patch management buyer's guide

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.