Imagine if all your computers were running in remote locations. Worse, the locations kept changing. How do you keep track of who has what machine? Who needs an upgrade? How do you get the latest copy of your product catalog to the salesman who just left for a convention in Poughkeepsie? And, most importantly, how do you fix the CEO's laptop (who is in Walla Walla) after he's deleted Excel (again) and needs to retrieve last month's sales projections for the board meeting?
It's OK; you can come out from underneath your desk now. We tested five software products that can manage your mobile machines: Xcellenet's Afaria, Swan International's Vision64, Callisto Software's Orbiter, Synchrologic's iMobile Suite and Mobile Automation's Mobile Automation 2000. Because each company has a different vision of what you need to get the job done, we devised a core set of functions as a basis for our comparisons: software deployment, application self-healing, hardware and software inventory, file backup or synchronization, and remote-control capabilities (see "How we did it").
We gave the Blue Ribbon Award to Mobile Automation 2000. While it didn't steal the show in all categories, it was a consistent finisher. It has a scalable infrastructure that is easy to install and manage. It also provides a thorough hardware and software inventory, and was easy to generate reports. The remote control features were fully functional. Finally, the backup of remote files and the ability to schedule restores was good.
If your needs are different, the other contenders may fit your bill perfectly. For example, iMobile Suite has some nice data management features, remote backup and restore functions, and lets handhelds connect via a workstation or directly. Similarly, Afaria offered extra connectivity and support options that might appeal to shops that are heavy on PDAs and light on remote workstations. And Vision64 is great if you need a heavyweight management program but don't have to worry about handhelds. Finally, if you need something that's easy to deploy and use, Orbiter may be your ticket.
Xcellenet's Afaria offers the Laptop Server and the Handheld Server. Laptop Server is a bit of a misnomer, as it can manage any machine running any version of Windows. Xcellenet plans to merge these two products in future versions of Afaria. Both servers run on Windows NT or 2000, and communicate with the remote clients via Microsoft's Internet Information Server (IIS). But in the current release, they cannot run on the same server, and it requires two machines to manage both types of clients. Afaria uses Microsoft SQL Server or Oracle 8 as its database.
Management of Afaria can be accomplished through a Win32 executable or remotely with any current Web browser. Afaria has four distinct classes of functions: Software Management, Inventory Management, Document Management and Session Management. These are organized into "channels," which are used just like channels in Internet Explorer.
The Afaria server is also called a "transmitter." One nice feature of Afaria is the ability to replicate channels to other "target transmitters." Using this, you can place target transmitters in remote locations, saving WAN bandwidth and improving client response times.
There are two grades of client, the Channel Viewer and the Browser Client. The Browser Client uses a browser to connect to the Afaria server via IIS. If you don't use Internet
Explorer, you have to manually configure your Multi-purpose Internet Mail Extensions types to hand off the Afaria files to the underlying client. The Channel Viewer has more features and communicates directly with the Afaria server. The Browser Client is much smaller than the Channel Viewer, but if your users don't need to worry about details, the Browser Client offers all of the core functionality. Afaria also has a Java client for Solaris, HP-UX or Linux machines. It works like the Browser Client and can access channels published to Web pages on your servers.
The Channel Manager creates channels that are published and made available to the clients. The Channel Viewer can see them natively, the Browser Client requires HTML to be created on the server. Afaria creates the executables and the necessary HTML snippet, and can even put it in the clipboard for you. But you must put it in the proper page. This depends on how your Web site is set up, and how you want to organize things. In either case, one channel can be configured to run on connection. This is best used for your most important function, such as a virus definition update or your inventory collection.
Software Management lets you distribute and maintain applications and files. Applications can be delivered as an installation package, or as a series of files. If an application breaks, a user can select the application again through either client. The client compares what was in the original distribution to what is currently on the workstation. If any files don't exist or match, Afaria sends only the needed files to repair the distribution. However, Afaria can't detect a corrupt application, which requires user interaction or a scheduled channel execution to fix.
The Inventory Manager captures hardware and software inventory. Once activated, the Afaria client collects information about the workstation. If the laptop is still connected to the network when the client finishes the inventory, it sends the information back to the Afaria server. Otherwise, it waits until the next time a connection occurs. This lets the user disconnect whenever they need to and not wait on the client.
The Session Manager is the most powerful tool, but also the most difficult to master. It is a scripting tool that can perform almost any task. It can look at machine settings, manipulate files and even work with the registry. For example, if a new virus comes around, you could have a Session Manager script send new virus definitions to the client, run a scan, compress the log file and then send it back to the server.
Another nice feature is Afaria's Document Manager, which lets users on the local network "publish" documents to a channel from their desktops and share them with the remote users. Those who create the content can control who receives the documents, as well as whether they can be changed. New versions of documents can also be updated automatically. For example, a publications group that keeps its catalog in PDF can publish the catalog so the mobile salesforce can look for and download the latest version of the catalog.
For remote control, Afaria uses a special version of Symantec's PCAnywhere. It's basically the same PCAnywhere, but the Afaria version has rules for automatic delivery and installation, and snaps into the administration console directly. If PCAnywhere exists on a machine, you have to reinstall the Afaria version to make it work correctly from the Afaria console. Xcellenet left remote control as an add-on feature, so if you don't need it, or already have remote control, you don't need to install it or pay extra.
Afaria's Handheld Server supports three types of devices: Palm OS, Windows CE and the Research in Motion BlackBerry pager. Because Afaria was the only product that offered support for the BlackBerry, we did not test out its capabilities.
The device client is bulky. For the Palm devices, some of which have only 2M bytes of memory to begin with, a 173K-byte client might be hard to swallow. However, this larger client is fully functional, with or without the companion workstation. So if your PDA has a modem, the Afaria client can connect directly to the Handheld Server and execute its subscribed channels.
The Windows CE client worked well on our Compaq iPAQ 3650. The inventory and software channels worked just as flawlessly as they did on the workstations. But things didn't go quite as smoothly with our Palm III units. Sometimes HotSync would crash during updates, especially after software distributions. Worse yet, when trying to connect the Palm to the Afaria server directly, it would often give the Palm a Fatal Exception error, requiring a reset.
Because Windows for desktops and Windows CE use essentially the same APIs, it's not surprising that the Windows CE client was more stable. We shaved a little off the score for our Palm difficulties and the current requirement of needing two servers.
Swan's Vision64 manages only Windows machines, but the company plans to expand into the handheld arena. Because Swan does the installation for you as part of the base purchase, this product gets a perfect score for installation. They come to your business, install the product and give you (or your staff) a brief tutorial on how to manage and use the product. Swan also offers consulting services for larger and more complex rollouts.
Vision64's management console is written in Java. This is handy because it gives the same tool no matter where you are. While the console is quick when running on the server machine, it took longer to load when we were remote. Connecting to the server to do administration over a slow link should probably be avoided because it takes a while for all the Java classes to transfer and load. But, if you're in a pinch, it will work.
We liked Vision64's administration details. The major features of Vision64 are separated when creating other administrative logons. You can grant read-only or full permissions on these tasks. For example, you could create an administrator that only has read access to the inventory, or perhaps you want someone to create software distributions, but nothing else. It's easy to choose the capabilities of each account with a few mouse clicks.
The Vision64 architecture scales well, and is obviously designed with large infrastructures in mind. One Master Server stays within the organization, but you can have any number of Intermediate Servers dispersed throughout your network. The Intermediate Servers can have administrative functions on them, or can be collection and distribution points. Collection Servers package the software distributions, which are stored on the other servers for delivery.
This may seem complex. Smaller organizations may only need one central Master Server and can choose to put the Collection Server on the same box. But Vision64 gives much larger corporations the ability to distribute services to any segment of their network as they see fit. This lets administrators put a service "closer" to dial-in connections for faster access, or put "local" servers in other offices, for better use of bandwidth.
For packaging and delivering applications to laptops, Vision64 has many options. For simple or small applications, its install program can be sent as a whole, then automatically launched, perhaps with an answer file or in silent mode. If the application or data is just a collection of files, it may be easier to just push them to specific directories on the client machines. However, Vision64 can also use its Collection Servers to take "snapshots" and package applications.
A snapshot of the laptop is taken before and immediately after the installation of an application. The Collection Server then compares the two snapshots to determine what needs to be sent. This includes new files, differences in existing files and even registry updates and changes.
Vision64 uses "integrity control" to periodically check these software distributions for accuracy. If it detects file or registry differences, it can send changes to fix potential problems. It can be configured to fix any difference in files, or it can assume that if the file is newer it is an acceptable update.
Another handy feature is how Vision64 can deliver these packages. You can transfer them to the server, install them and then delete them, or leave them on the workstation. The disadvantage in leaving the packages behind is in storage space. However, the advantage is that the Vision64 client then has the ability to self-heal the applications, even if disconnected from the network. It is possible to create CD images of your distributions and have the Integrity Control functions retrieve any needed files from there, rather than the hard disk. This compromise lets your remote repair applications without connecting to the network again.
For inventory, Vision64 can collect software and hardware information. If you want Desktop Management Interface hardware information or SNMP traps collected, it will require a third-party client piece (such as OpenManage) to pull from the clients. But once retrieved, Vision64 can incorporate the data into its databases (SQL or Oracle). The server can pull a complete directory listing from each machine. If someone is short on disk space, this will give the administrator a roadmap of where to find unneeded files.
On the management console, inventoried software is categorized first by vendor, then by product. It is easy to see what machine has which packages installed, or what machines a particular package is installed on. A query tool can define search criteria to find machines across your network. Once the inventory is collected, it is available to query, regardless of current connection status. You can define groups based on these queries to target certain functions, such as software upgrades, or knowing who gets which packages.
We were impressed with Vision64's remote control features, especially the extra layer of security and control. The remote control agent can be configured with profiles for different people to connect with - each being password protected. But you can also limit access to certain files and directories. For example, let's say you want an administrator to remotely look at what's going on with a machine in payroll, but you want to make sure that person doesn't start poking around in files he has no business in. Simply add that data directory as an exception, remove their rights, and they can't open the file. It will say the file is in use or the drive is not ready. The one time when this feature can be defeated is if a file is already open on the desktop when the administrator connects. It won't close that file, but it will prevent it from being reloaded or saved during that session.
Callisto's Orbiter runs on Win 2000 or NT, and uses SQL Server as its database. Orbiter's management is done through a Win32 executable, but it can also be installed on any machine that can make a TCP/IP connection to the server. Installation was very straightforward. Assuming your SQL Server is installed ahead of time, you can easily complete this install in 10 minutes.
Orbiter calls its functions "jobs." You can create jobs to deliver and maintain files, retrieve files from remote machines, take inventory, run diagnostics, or even collect information for a "change analysis."
Orbiter creates each job with a very intuitive wizard. Once created, the jobs can be scheduled to run once or on a schedule. Different jobs have different intervals, ranging from hourly to monthly.
Orbiter makes quick work of taking hardware and software inventories. It can pull back an extensive inventory of the hardware, and catalog it in the database. Using prepackaged or custom queries, it is easy to find machines that meet certain criteria. The query tool makes it easy to specify what you're looking for. It lists the resources it is tracking. After qualifying them in some way (for example, any machine with more than 300M bytes of free space), off it goes. You can also create query groups that are updated on a schedule. For example, you can have Orbiter find machines that have low disk space, then create a job for those machines to purge temporary files once a day.
Software delivery can copy files or maintain that distribution. You can send an installer package and have it launch automatically, perhaps even with an answer file or template. The advantage is that you can completely automate an install, or let a user install it. However, if you install the files individually, Orbiter can check for the existence of these files and repair the distribution if any files are missing. They are checked each time the distribution job is scheduled to run. Unfortunately, it does not yet have the ability to maintain registry health.
A job entitled "Change Analysis" can help this. It collects information from an ailing workstation, then compares it with previously collected data. Orbiter then shows the administrator all changes between them. This includes registry changes, files added or deleted, space limits on disks and hardware configurations. They are even color-coded to make it very easy to quickly browse through the extensive and potentially long list. Orbiter does not have any remote control features built in. However, using Change Analysis, you can frequently diagnose a problem without needing to see the workstation.
File retrieval is another handy feature. You can configure a job to grab certain files from the workstation, or even scan entire directories for new files. This can be the result of diagnostic tools or even data files that need protection. They are copied back to the server, so if a user deletes one, the administrator can create a software delivery job to restore them. However, the user cannot make this request on their own.
Every machine that needs to be managed by Orbiter must have a client installed on it. Again, this installation is all but trivial. If you can feed it the address of your server, you can set up the client. Once the client is installed, it reports to the Orbiter server. The client is always running. It "sees" whether you have network connectivity and does its business in the background, throttling back to stay out of the way. It grabs a list of work to do and stores it locally on the workstation. By default, there is an interface to the client for the user. A schedule and status of jobs is displayed on the main screen. Users can even suspend all job processing if they need all their bandwidth, such as those using a dial-up connection. Orbiter's bandwidth consumption can even be "throttled" within the client so you can be sure your telnet or browser sessions will not time out.
Another nice feature is how you can request software distributions immediately. For example, the rule for delivering and checking your main application won't run until tomorrow, but you accidentally deleted some of its files. You can go to the software tab, select the package and request a new install. Orbiter immediately checks the files and sends what is needed to repair your distribution.
The Orbiter client is also capable of managing Palm OS devices, as long as HotSync is installed on the machine. It will push a small (17K byte) agent to the Palm device. During a HotSync, if inventory jobs run, the agent collects the hardware information and catalogs what software is present. Software delivery jobs can also be created to install applications to the Palm units. The Palm units rely on the workstation to be managed. They cannot interact with the Orbiter server on their own, even with a modem connection.
Other features of interest include connectors for Microsoft's Systems Management Server and Peregrine's Service Center. We did not test these in our review.
Orbiter gets high marks for its installation and ease of use. We took a bit off for not having remote control capabilities, but not too much because the change analysis is a nice middle ground.
Synchrologic's iMobile Suite is comprised of four products that can be mixed and matched to provide needed services. They are all managed centrally, using the Microsoft Management Console.
This install was tedious and the most involved in this review. Many of the extra steps involved manually setting up the Web site and virtual directories within IIS. But once you complete the install, it's smooth sailing. Whether you install one or all the pieces, they are all accessible in the same place, using the same tool.
IMobile Suite is built around keeping data synchronized. There are functions for delivering and retrieving files from clients, regardless of their platform. IMobile Suite provides functionality to Windows laptops as well as Palm OS devices, whether hooked to a PC or using their own network connectivity. Pocket PC and Windows CE functionality will be included in the next release.
The clients use a Web interface to interact with iMobile Suite. Once they log on, they can see what tasks have been made available to them. The administrator can make tasks mandatory, or let the user decide to subscribe or not. A schedule can be pushed out to the clients for reconnection times. This ties into the Task Scheduler under Windows.
File backup and retrieval is well thought out. If a back-up task is assigned to a user, the Web interface makes it easy to run the job at any time, or on a schedule. The client and server use compression when sending files to ease the bandwidth required.
It is also easy for a user to request a restore of files previously backed up from the client. Go to the Backup page, and click on "Restore Files." It will return a list of files that have been backed up. They check the ones they need, select "Download Now," and the files are restored.
Another noteworthy feature, but just outside the scope of our review, is the Data Sync Server portion of iMobile Suite. For those applications that use databases (sales quote programs, for example) it is important for those database changes to be synchronized with the home office. You can define applications for which the iMobile client will keep the remote database synchronized with a central version.
Also, the iMobile Suite server can capture a Web site and make it available while offline, which can be handy if you have documents on a company intranet that you want available to mobile users.
Each time the iMobile client connects, it sends some inventory information back to the server. IMobile Suite is user-centric in how it stores this information. You have to first look at the user, then select the inventory properties to see the machine information. It will update this with the information from the last machine they logged on from, or the last PDA they used. But because PDAs are such personal devices, it is rare for multiple users to share one.
If you look at the user, then select hardware inventory, it will show you some detail about the machine, including free disk space, environment variables and a few other details. It is not really that exhaustive. When you look at the overall inventory information, it merely presents statistics of all machines together. For example, "you have 30 Windows 98 machines and 20 Win 2000 machines."
The software inventory is similar, in that it is tied to the user, but separated by Windows or Palm OS categorization. When you look at the inventory information, it will list the name of a package and how many users have it installed. For example, "you have 80 copies of Office 2000." We would have liked a little more detail.
In regard to the Palm OS functions, the inventory features work even better. The hardware inventory on the Palm will return battery levels, free RAM, the Flash ID (unique identifier), OS version and other useful information. The software inventory will give details about programs (.prc files) and/or databases (.pdb files) and their size.
One unique and extremely useful feature in iMobile Suite is how it can send documents created on Windows machines to the PDAs. The client has two companion programs with it, which are viewers that let you send spreadsheets or word processing documents to your end users' PDAs. So if you have sales figures in Excel spreadsheets, or procedures in Word documents, you can now just send them directly to your Palm users and let iMobile worry about the file conversion. It downloads two viewer programs, one for "spreadsheets" and one for "docs." It's a proprietary format, and you can't create these files on the PDA.
Currently, iMobile Suite does not offer any kind of remote control functionality.
Mobile Automation 2000
Mobile Automation 2000 can manage Windows machines, Palm OS and Windows CE devices. The PDAs are managed via the companion workstations. The desktop can retrieve information about the PDA, store it, then send it to the server when next connected. Also, the server can send things to the PDA and store them until the next sync. Mobile Automation 2000 can use an Oracle, Microsoft SQL server or Access database to store its data. It also uses IIS as an administrative reporting tool and for user interaction.
The installation was straightforward and intuitive. As long as your database of choice and Web server are running ahead of time, the base installation can be completed - with little interaction needed - in about 15 minutes. This includes a master Command Server, the administrator console and the Web tools.
To manage distributed segments on your network, Mobile Automation can also deploy Secondary and Relay Servers wherever you want. Once machines connect to the Command Server and register, they can be assigned to Secondary Servers on their local network. Relay Servers can be sent packages defined by the Command Server, giving clients nearby repositories to use.
Distribution and installation of the client, or laptop "agent," is a simple process. Once your administrative install is completed, a wizard packages the client install and makes a Web page to install it from. All the information necessary to begin managing the client is contained in that package. Give your users a URL to that page, have them click on the install link (or save the file locally and run it), and the machine begins to automatically register itself.
Once clients register, they can be assigned to any number of groups for package distribution. These packages can be for software distribution, inventory management, remote file retrieval and remote control.
Hardware inventory uses a range of tools to gather detailed information. Basic information can be gathered directly from the client's operating system. But Mobile Automation 2000 can also tap into details provided by DMI agents, Windows Management Interface Instrumentation (WMI) agents, or even Wired for Management agents. Windows Millennium Edition and Win 2000 come with WMI functionality built in. Mobile Automation includes WMI agents for older Windows clients that are ready for distribution. Using the predefined groups, you can send a WMI software distribution to your older Windows boxes automatically after initial registration. Other useful prepackaged distributions include Software Inventory, Detailed Software Inventory, and samples for retrieving files and doing backups.
Reports for the hardware and software inventories are available from a Web browser. If you are using the administration console and select a report, a Web browser is spawned with the results. A remote administrator would use a Web browser to first get to the Web administration page, find the machine in question, and then request the same report.
Mobile Automation offers several ways to get software and files to remote users. If the application is small enough, you can copy files to the remote workstations. This would also be a handy way to distribute virus definition updates, spreadsheets or other documents to keep current. If it is an application that is packaged as a stand-alone installation, it can be delivered and launched automatically. You can have it run silently with answer files, or you can let the user have control over the install.
However, creating a custom package gives the most flexibility and control. A machine is used to create the package. First, the machine is scanned before the software installation and once again after the install is completed - much like the "snapshots" used with Vision64. It presents a listing of every difference it finds, both on disk and in the registry. You are free to remove any files that aren't associated with the package, as there may be stray changes that happen unrelated to the installation.
Once the package is completed, you can specify how to install it - silently or with user permission and supervision. You can also determine how it will install the files; whether they need to only be newer or if they must be identical. Finally, the distribution will have a schedule and interval for how often it will try to run. This can range from a few minutes to two months, or not at all.
Another interesting feature is the ability to "publish" the distribution to a Web page. This gives the users a central repository where they can go to request packages for installation. For example, not everyone may need an image viewer, but you may choose to make one available just in case. This can also let users help themselves if they happen to damage an application. If the application is published for distribution, they can connect to the Web page, click on the distribution and it will replace what it needs to.
If you choose, a log file can be updated each time a distribution is run, either by a push or by the Web interface. This gives an audit of how many times a package has been reinstalled.
For those who need remote control, Mobile Automation offers its Live Remote solution. It lets an administrator remotely take over the machine. It can be configured to load automatically, or only if the user manually starts it. The user can be alerted to a connection, or choose to have it remain silent. Live Remote is based on the AT&T Labs open source project, called Virtual Network Computing. It is integrated into the Mobile Automation console, and the security is tightened a bit. Otherwise, the functionality is identical.
Mobile Automation supports Palm OS devices and those running Windows CE and newer Pocket PC models. They are supported through their companion desktop machines, which means the functions are monitored whenever the user connects the PDA to their desktop/laptop to synchronize.
Mobile Automation can handle multiple PDAs synchronized from one workstation. It takes a modest hardware inventory and some software inventory. It seems to be better at finding software on Windows CE devices than on Palm OS devices, but it can deliver new packages to either platform just fine.
Packages for PDAs can also be published to the Web page. However, the package needs to be delivered to the companion workstation, and not directly to the handheld.
Mobile Automation got consistent marks across the board. While not overly flashy, it just got the job done in all the areas we were looking for. It was easy to use, and easy to understand. Not only can the administrator fix remote problems, but it also gives remote users some tools to help themselves.
All the products tested provided the same type of information, and all at about the same quality. PDFs are becoming the preferred method for distributing documentation, and rightly so. The documents were thorough, with plenty of examples, and indexed to make it easy to find what you need.
With the diversity we have in our products, the only way to come up with a winner is to clearly state the objectives. The features we looked for were a complete and accurate inventory of hardware and software, good deployment of software with the ability to fix the installation, the ability to back up and restore files from remote machines, support for laptops and handhelds, and some form of remote control of the machines. Based on these criteria, Mobile Automation 2000 wins. However, depending on your needs, the other products can also fit the bill nicely.
This story, "The long arm of the LAN" was originally published by Network World.