Managed Desktops Task Force

SUBMITTED BY: SHAWN DUNNING, MAURICE YORK, BILLY BEAUDOIN, JOSEPH JENKINS, DAN EVANS, RICHARD NORRIS, SCOTT CALLICUT, DONNA BARRETT, DANIEL HENNINGER

August 31, 2010

Managed Desktops Task Force

August 2010

1

Managed Desktops Task Force

August 2010

Managed Desktop Defined

The Managed Desktops Task Force was formed in 2009 with the charge to recommend the best method for managing university-owned network-attached computers. The committee was comprised of representatives from colleges and units across the university.

Initial discussions revolved around what the scope of the committee should be (i.e. - focus on managing all operating systems, just Mac OS X and Microsoft Windows, or Microsoft Windows only), gathering information from peer institutions and defining what a “managed computer” really is.

After much discussion, the committee settled on the definition of a managed computer as “A university-owned computer attached to the university public network that can be remotely managed at the operating system level”.

Initially the scope was to look at how to manage computers with all operating systems. After evaluations of the tools, it was determined to only focus on the management of Microsoft Windows OS machines. The tools currently on the market arguably have a limited ability to manage Macintosh, Linux, and Windows computers effectively in a large

enterprise. The Mac Policy/Mac Tech committees voted in 2010 that if a management tool was purchased, Casper suite would be their recommendation based on its ability to focus on managing apple computers well. Most Linux computers at NC State are already running in a managed environment although more work needs to be done in putting resources towards the effort. Peer institutions have a common finding on not trying to get one tool to manage all platforms. Information gathered from peer institutions is located in Appendix A of this document.

Levels of Management

During discussions regarding best practices for managing computers, it was determined two categories of management were needed to fit multiple roles computers fill within the

university. Thus, the committee recommends a basic and enhanced management role. The basic tier of desktop management assumes that a university level policy will have been defined for all university-owned machines to have some level of management. For the basic level of management, a management agent (defined as a third party application or

2

• Deployment of operating system updates and power management. • Compliance with the university anti-virus policy found here:

http://www.ncsu.edu/policies/informationtechnology/REG08.00.10.php.

The enhanced tier of desktop management assumes all facets of the basic tier are met, but with additional requirements. The management agent for the enhanced tier managed computer will have the following abilities:

• Pull hardware/software inventory reports.

• Software metering capabilities to track network license use.

• Distribution of software through push and pull mechanisms. IT staff can push software to computer(s) via a central administrative interface and/or end users may request software from their machines.

• Report completion of pushed updates.

• Remote control by IT administrative staff for support needs.

• Role/Scope based security to determine the end user's necessary level of access to perform his/her job.

• User/Computer authentication via a network identity (e.g. - Active Directory, LDAP).

The enhanced tier would be the default recommendation with the understanding that all job functions within the university have different requirements. In instances where the

enhanced tier is determined to interfere with daily operation and performance of duties for faculty/staff, a college, department or unit may elect to use the basic tier of computer management.

Peer Institutions Review

The committee interviewed several peer institutions who utilize some form of management for their computers. Stanford stood out as the one institution reviewed who took a very centralized approach to their computer management. However, the majority of other institutions were very decentralized allowing colleges, departments and units the ability to control their own environments with minimal involvement from a central IT organization. Another institution that seemed similar in possible implementation to NC State was Purdue. They started a combined purchasing program along with their managed desktop initiative to help with costs and acceptance from the campus community.

Of the institutions reviewed, the committee determined the most widely used third party products were Microsoft SCCM, Symantec Altiris and BigFix. For further details on products used by peer institutions, please see Appendix A.

3

Evaluating Management Suite Technologies

The committee recommendation comes from many months of talking through the issues of decentralized support responsibilities on campus, discussing which major technologies are essential for managing computers effectively, and realizing that the financial landscape is not only changing with the broader economy, but may be driven by many different goals. It quickly became clear that there is no true market leader for a product to manage large computing environments; there are simply larger players and smaller, emergent

competitors, each with its strengths and weaknesses. Some came to the forefront as more suitable choices while others were eliminated quickly. No single product, however, emerged over any other as the clear and obvious winner (this was due, in part, to the various and sometimes competing needs of each of the committee representatives). The more recognized products chosen for further investigation are offered by Symantec (Altiris), Dell/Kace (Kbox), Microsoft (SCCM), BigFix and Casper Suite (for Apple computer

management). Our first step was to discuss our greatest challenges at NCSU and to list the features of each product believed to be helpful in achieving viable solutions to those

challenges. The more predominate products were then evaluated based on their marketing materials (focusing on the technical offerings of each with respect to the challenges we face), followed by interviews of peer institutions who use them. The NC State Vice

Chancellor for Information Technology and CIO Dr. Hoit sent an email to fellow CIOs asking for their willingness to share their experiences with managed computing. Other institutions were either found in internet articles, conference presentations, or previous knowledge of committee members. Each institution was assigned to a member of the committee for consultation. The interviews were held via email, telephone or in-person and began with a pre-scripted set of questions related to the specific technologies used by each institution and their experiences with implementation, integration, usability and the scope of deployment. The questionnaire can be found in Appendix B.

After a thorough evaluation of the technologies and who was currently using them, on site interviews and presentations were scheduled with Symantec Altiris, Big Fix, Dell Kace, and CDW who presented the Microsoft SCCM solution.

4

Dell Kace KBOX

The Kace KBOX (acquired by Dell in 2010) is a cross-platform appliance-based management suite that positions itself in the market based on low cost and ease-of-use. Kace provides a two-appliance solution: one (the K1000) for inventory, asset management, software distribution, patch management, license management and metering, reporting, etc, and another (the K2000) for network OS installs, imaging, and centralized software deployment. The typical KBOX approach is to deploy a single appliance of each type to manage an entire enterprise, though both the K1000 and K2000 have mechanisms for creating satellite data repositories and virtual appliances to distribute the load of network-intensive tasks such as software deployment and imaging. The KBOX provides a web-based management console with roll-based permissions, a user portal for self-service systems diagnostics and software downloads, and a complete reporting tool.

The KBOX solution for handling multiple units or entities within a single enterprise is to create "Organizations" which effectively partitions the K1000 appliance into multiple instances to provide each unit with its own, complete management interface to managed that unit's machine independent of the other instances, yet allow resources (such as application and OS images as well as reporting) to be shared and centralized. What this would roughly map to in the NCSU organization is an effective separate management

appliance for each IT unit on campus. At the system level, the KBOX creates an umbrella that sits over all of the subsidiary instances and provides a level of unified reporting and

enterprise-level administration of the entire system. Specific administrators can be given read or even write access to multiple Organizations if desired, allowing for flexible administration of multiple units. The KBOX interface is designed to be straight-forward enough for desktop support staff to use it on a daily basis for trouble remediation, asset management, and software deployment tasks, but also provides more advanced and sophisticated tools for high-level systems administrators.

While the KBOX is designed as an appliance to manage the full life cycle and administrative tasks of multiple platforms (Windows, Mac, Linux), Kace positions the KBOX not as a replacement for every other management tool you have, but as one more tool in the toolbox that provides an advanced level of asset management over a broader scope of machines than is possible by assembling numerous specialized non-integrated tools. In practice what this means is that a given customer may select to use certain KBOX tools ubiquitously across the enterprise (such as inventory, asset management, software license management and metering, security scans and policy enforcement, etc), but allow individual units to use platform-specific or specialized tools where the KBOX equivalent does not offer significant advantages over existing practices or would carry a premium for retraining and retooling workflow (such as image deployment and patching).

5

Cost: $140,000 per appliance for all management modules on the K1000 and K2000, unlimited client licenses, initial jump start training, and support for the first year.

Strengths: Directory service agnostic (can manage independent, AD-joined or Novell-based machines); Cross platform management (Windows, Mac and *nix); Low infrastructure footprint (appliance-based deployment); Easy of use/management; Completely web-based management using any web browser; Unlimited license for Remote Software Appliances (RSA) for application delivery (can employ network storage); File-level de-duplication "compresses" the overall storage used for images (same file in 10 images = 1 file with 10 pointers to it).

Weaknesses: Storage limited to internal storage of the appliance for images (currently 480GB for the K2000 for images only; Use of "organizations" allows shared use of resources and delegates management, but can't share configurations between them - each new unit is a completely separate entity.

Microsoft SCCM

Microsoft SCCM is the evolutionary product for the previous SMS product. It is agent based and allows administrators to adjust everything in the windows operating system from the power scheme to what applications are advertised for deployment. It has the ability to remote control client using the built-in remote assistance feature of the windows operating systems. It has limited abilities managing windows computers not joined to the domain where it is present, but can gather essentials including software/hardware inventory and OS patching. It has no ability to manage non-windows computers without the additional

purchase of third party add-ons like Quest Management Extensions. SCCM builds on top of the Active Directory in its functionality of using group policies to deploy software and make computer changes. It allows the administrator to confirm delivery of applications, patches, and security fixes.

Licensing negotiations are still on-going at the composition of this recommendation. The last figure quoted was $110,000 per year for a site license just for SCCM. Other options including the Core CAL and Campus Agreement need to be fleshed out with Microsoft given the current agreements for MS Office, desktop OSs, and server OSs and CALs. The combination of several agreements could potentially bring the price for the license down below the $110k figure. Additional costs would be incurred for Server Hardware and MS SQL Server licenses. A rough estimation of hardware was given at $50,000 over a hardware refresh cycle.

SCCM integrates with and extends current windows OS deployment (WDS) and patching (WSUS) technologies already in use in the WOLFTECH campus Active Directory.

6

Due to mounting frustrations with two failed Proof of Concepts (installing/using the product in our campus environment to see the product work as advertised) by two different

Symantec-appointed engineers, the group voted to eliminate Altiris from the running. Complicated interfaces, convoluted and choppy integration of "acquired" products and the lack a true Windows 7 64-bit client were among the more obvious reasons to cease further consideration. While the market share of Altiris and associated costs of implementation would be comparable to the integration of SCCM, the lack of faith in it as a viable product, from the committee's viewpoint, led to an overwhelming vote to remove it from the list of possible solutions.

Big Fix

It was determined after the initial interview that Big Fix was very similar to Kbox and

Symantec Altiris. It was not brought for a proof of concept on this basis along with cost and it's lacking the ability to remote control clients.

Comparison of SCCM Quest Extensions and Casper Suite features

A call was made for a quote from the vendors of Casper Suite and SCCM Quest Extensions. Both are based on a per seat licensing model. They quoted at an approximate number of 2000 apple computers based on the last inventory conducted by the MacTech and

MacPolicy committees in 2009. The cost for both is roughly $50,000 initially and about 20% maintenance thereafter. It was noted that in reviews most of the functionality of the SCCM product could be attained on the apple computers using the Quest add-on for SCCM. The notable feature missing would be imaging. The Office of Information Technology has already purchased the imaging piece of Casper for the apple computers in the spring of 2010.

A further evaluation would be needed to see what features would be essential with these products.

Implementation Questions

• Ongoing costs of program year to year and how they will be covered

• Policy question of buy-in--central mandate for agents to be installed on all university-owned machines (and what that means for a mixed SCCM/Casper solution), or voluntary participation by colleges/units?

7

• Governance question for administration of system and enforcement of system-wide policies, communication regarding the system, etc. Do we need a management committee with university-wide representation?

• Operational question for management and ownership of the management platform (with an SLA covering monitoring, reporting, hardware, licensing, maintenance, etc). Where will the system live and who will sponsor hardware refresh, dedicate staff resources, etc?

• Estimate of total number of machines to be covered, how many per year will be added

• Estimate of hardware and related infrastructure, FTE staff commitment to install the system and scale up for production, FTE staff commitment for ongoing system administration

• Recommendation for purchasing a support contract and estimated costs

Recommendations for Follow-on Activities

• Recommendation to form a task force to investigate a campus-wide VDI infrastructure project, including full virtual desktop environments as well as

virtualized software deployment. Potential multi-year cost savings in hardware and power are in the hundreds of thousands of dollars, with significant environmental impact for carbon abatement

• Recommendation to re-evaluate our computer management strategies as technologies change and the computing environment at NCSU evolves.

Estimation of Computers Impacted

The number of computers within the scope of this initiative is variable. Computers are purchased and sent to surplus every day from various departments and units. It is also difficult to get an accurate number of the number of computers on the public network at any given time. The communications technology department gives an estimate that changes vastly when students are in session during the fall/spring versus the summer months. During a snapshot in the summer of 2010, 13,000 nodes of workstations, servers, and virtual

machines were present. This does not include any student computers in the dorm rooms or those using the wireless network. The campus default WOLFTECH AD domain had 8,000 computers registered at the time of this recommendation report. Depending on the adoption of technologies, there could be an additional 3,500 administrative desktops and another estimated 2,000 that will move from other departments and units.

An agent based system that is available for all university owned computers will allow

administrators to have a much better picture of the number of unique workstations active at any given moment in time.

8

Servers should be managed by the agent based system on an opt-in basis until policies are in place to govern the security of the types of servers and what they hold on them (PCI, HIPPA, etc.)

Advantages/Disadvantages to Managed Computing

Advantages of a managed environment must be available to everyone involved in the process. Some advantages will be seen by the greater community and others will be more beneficial to the individual units and users.

Financial Advantages

• Lower software license cost due to better software inventory and metering • Reduced cost for software deployment

• Reduced cost for PC deployment

• Power savings due to easier implementation and ability to correlate with inventory data

Security Advantages

• Automated patching of operating systems • Automated patching of software

• Better inventory control through asset management tools • Ability to react centrally to security vulnerabilities

IT Support/End User Advantages

• Enhanced support via remote assistance tools

• Increased user satisfaction (i.e. computer stability, computer replacement time, application availability)

• Enhanced support through user initiated remote control

• Less application issues due to multiple modes of software deployment (less applications require packaging)

Disadvantages

The main disadvantage is cost. Every system that was evaluated involved either a site license or per seat cost. We would recommend a combined approach similar to Purdue's

implementation. The costs could be offset by the savings in the new combined purchasing program. It is possible that fewer increases in staff will be needed as the number as

9

Technology Recommendation

The overall recommendation is to adopt Microsoft's SCCM solution for managing Windows computers. The committee brought the decision of the technology recommendation to a vote and it was not unanimous. The vote came down to 6 voting for SCCM, 2 for KBox, and 1 abstention. The major concerns with SCCM were the overall cost of the project and its lack of cross-platform support. Added benefits would be noticed from all solutions if appropriate university level policies were implemented around power consumption, better security of the operating systems, and customer satisfaction.

The committee would also recommend that the central IT organization (Office of

Information Technology -OIT) hire adequate staff to be the provider and service owner of whatever product is chosen.

10

Appendix A

East Carolina University

Several OIT staff visited East Carolina University (ECU) in the spring of 2010. Many items were discussed including their management of administrative and student lab desktops. Microsoft’s Active directory was relied on heavily for the management of the windows based desktops.

At the time of the visit the administrative side was using Active Directory and group policies to manage the deployment of simple packages and for authentication. A web portal was available for faculty and staff to login and see software packages that were available such as Microsoft Office. The end-user was able to download and install the packages that they wanted on their machine. There was no application deployment strategy for most of the large applications like MS Office and Adobe CS products. In the summer of 2010, they decided to move to Dell Kace’s Kbox. The price point was the most attractive feature. On the student side, they were using Symantec Altiris for about 3000 student lab

computers. They mainly use the client management suite (CMS) for hardware and software inventory. Because of the nature of student labs and their ability to reimage them whenever needed, they didn’t deploy any software with the CMS. All of their software packages were deployed with the images that were 90Gb and larger. There were no large deployments of virtual desktops in the enterprise. Application virtualization was also not utilized.

Georgetown University

The following people contacted Beth Bergsmark from Georgetown on August 6th, 2009: Danny Davis, Dan Evans, Maurice York, Shawn Dunning, Richard Norris. Georgetown was using SCCM to manage their faculty/staff desktops. They had two models of management. One was called lightly managed and the other fully managed. At the time 80% of their desktops were lightly managed which meant that they were using Ad and group policies to push applications and patches to the desktop. The lightly managed also allowed users to be local administrators on their own computers. They had recently had a security breach which had facilitated their decision to move everyone to the fully managed model. The cost to move from their current Client Access Licenses made it cost effective to move everyone to using the SCCM product. They evaluated Symantec Altiris but found that the web interface was not well designed and it looked like a lot of products thrown together with little continuity.

11

Their managed environment also included the use of encrypted drives. They were utilizing a product called Embassy Remote Administration Server to manage the encryption of the devices.

California Institute of Technology

Caltech has a “Managed Computing” environment that consists of hardware and software deployment as well as desktop support. Each faculty/staff member utilizing the managed program pays a $600/year fee that includes a standard desktop or laptop computer. They utilize Symantec Altiris for their management suite which is controlled centrally. At the point of the conversation, Apple computers were not supported under the managed program but were under the non-managed marginally. All users have their My Documents redirected to a central file storage system that comes with a default 1Gb of storage space.

The central organization also maintains loaner computers for quick turn around when a computer crashes.

Laptops were also fully supported under the program. Some mobile devices were also supported under the program with most having Blackberries and iPhones.

More information can be found at:

http://www.imss.caltech.edu/cms.php?op=wiki&wiki_op=view&id=640

University of Florida

University of Florida IT is in a re-org mode at the moment with multiple units combined under the CIO, which reports to the Senior VP for Administration and Business. About half of the total IT funding goes to OIT, half to localized support. Desktop management is primarily under the localized support. The group contacted (Administrative IT support, Robert Staats) is one of the largest localized support groups with a dotted line report to the CIO. Windows machines on campus are using AD, though they are not all in a single domain. The primary domain UFAD houses many machines on campus. The AD used by the

Administrative IT support group is slated to migrate into UFAD at some point. Since UF has a Campus Agreement for the Windows OS, Server, Core CALs, and Office (the “Campus Desktop” license), UF is Microsoft-centric and is becoming more so because homogeneity will improve support/lower costs. Many groups use WDS for image deployment and SCCM for application deployment. In the Administrative IT domain, all faculty staff machines start with one of a couple images and software is layered on with SCCM, and any by-hand

tweaking if need be; no one has local admin at all. Departments in UFAD and the

Administrative IT domain are delegated OU-full control, but not necessarily in SCCM. They create groups and collections of apps are assigned to the groups by the server admins.

12

Laptops are handled similarly to desktops and are joined to AD as well, with some policy changes. Some Macs are joined to AD for file/printing to AD and they are looking at Quest add-ons for AD to do management of Mac/*nix boxes, but no decision yet. Linux is currently unsupported in any central way, though some groups do handle case by case.

Purdue University –SMART Computing

As seems to be the case with a number of universities, Purdue's move to a university-wide managed systems solution was instigated by a security breach that resulted in a hacked system on campus. An investigation into what happened and who was responsible revealed that there was no central management and security for desktop and laptop computers and no consistency across the thirty different units on campus. Purdue's central IT unit (ITAP) was charged with creating a strategy for implementing a universal management system, but with no mandate from the top and no money allocated, they had to find an approach that would get buy-in from all the units on campus. Purdue's IT structure is much like NCSU's, with a central IT organization and many distributed, independent IT units in the colleges, so they knew there would be resistance to any centrally managed system that appeared to take control away from the colleges.

Purdue's solution was to tie the implementation of the managed system (they chose SCCM) to their consolidated purchasing program and roll them together into a single program called SMARTcomputing. Their consolidated purchasing program was entirely voluntary on the part of the colleges and units, so units had to "join" the program and commit their purchasing power to the central pool in order to take advantage of the agressive pricing. In order to pay for SCCM, Purdue decided to require SCCM on any machine purchased through the consolidated purchasing program and took the cost per machine for SCCM out of the savings per machine that the program received from the consolidated purchasing program, using part of the savings to pay a share of SCCM and returning the difference to the college. By way of example, a college joining the consolidated purchasing program could save an average of $200 a unit on desktop machines. ITAP found that the cost of covering a machine under the SCCM umbrella was $141 (they were later able to reduce this to $100), so what the college saw from their side was a $60 savings over the pricing that they could get on their own from Dell and free automatic inclusion of the SCCM management tool. In order to get buy-in, the SMARTcomputing program offered to grandfather in legacy systems free of charge (those machines purchased prior to the SMARTcomputing initiative) for any college that committed to the SMARTcomputing program.

13

• Put a common management tool in place that won't cost colleges any money • Implement a system that is completely transparent and something that everyone

would own, not just central IT

• Create a program that is so compelling that the question for college administrators would be "Why wouldn't you do this?"

To date the SMARTcomputing program has focused on solving the "80%" Windows problem, though they have left an opening to include other platforms in the future. SCCM currently covers about 4000 computers on campus and growing. Purdue has realized significant cost savings through consolidated purchasing of hardware and software, with an estimated savings of $350K in two years, over and above what university would have saved through normal discounts. The campus is now approaching nearly $1M in total savings, though $600,000 of that has been put back into the cost of the program (this is the $141 per machine). Calculated program costs include:

• Hardware costs

• Licensing costs for SQL, server patch management

• Director responsible for nothing but SMARTcomputing, plus a half time clerk • Three FTE technical staff to implement the program and bring it up to speed • Once the program was established, centrally identified ITAP staff for full time

administration

The estimated program costs did *not* include licensing costs for SCCM itself, which was already included in the Purdue Microsoft Campus Agreement.

Purdue's model for administering the SMARTcomputing managed system component is of potential interest and usefulness to NCSU in implementing our own program. Purdue has a well-developed governance structure that includes four main teams (sub-projects), each one with three co-chairs from the academic, college IT, and central IT stakeholders, with member representatives from every IT organization on campus. Each of these teams reports up to the CIO as the executive sponsor. Below is a chart of the four teams and governance structure:

14

SMARTcomputing covers Windows desktops and laptops but does not include mobile devices at the moment. Purdue is also pursuing a VDI infrastructure project that will perhaps target clerical and administrative desktops, but has not advanced this project very far to date.

University of North Carolina at Chapel Hill

University of North Carolina at Chapel Hill is in the process of consolidating many active directory implementations into a single campus-wide AD. The central AD has approximately 9,000 computers and is expected to increase greatly in the near future. While the AD itself is centrally managed, most desktop management is pushed down to the OU administrators. The exception is patching services (WSUS and Patchlink), which are run centrally. Since the CALs are site licensed, multiple units run SCCM in the AD. Any Mac and Linux support (other than patching via Patchlink) is per-unit and not handled centrally other than configuring the domain to allow the possibility.

Windows Hi-ed

On February 3rd, 2010, an informal poll of the windows-hied@lists.stanford.edu mailing list was conducted asking for any comprehensive comparisons of desktop management systems that had been done by other higher education institutions. Responses were received by a small number of institutions, which are summarized below.

15

• UT Austin - UT did a side by side evaluation of BigFix, LANDesk, and SCCM and chose SCCM. Also recommended Lanrev over Quest for Mac integration.

• Carnegie Melon - CM did a comparison of Altiris vs. SCCM and went with SCCM. • Etten-Leur (Netherlands) - Recommended Zenworks.

• Penn State CommonWealth Campuses - Recommended KBox, negative experience with Altiris.

• University of Minnesota - UM evaluated SCCM, Altiris, LANDesk, and ZENWorks. OIT went with SCCM; one of the larger colleges went with Altiris (and is now switching to SCCM).

Additionally, at the Windows Hi-ed conference in April 2010, informal discussions were held with representatives from UNCG, University of Wisconsin, University of Washington,

University of Minnesota, Stanford, Penn State with the general feeling that SCCM and Bigfix were the top desktop management tools for university environments.

Appendix B - Institution Questionnaire

Managed Desktops Participant Information NCSU Representative(s):

16

How do you define a managed desktop?

What factors drove you to look at a managed desktop solution?

Tell us about how you accomplished the public relations challenges of implementing such a system.

What were the primary complaints and from whom? What were the primary selling points?

Do you try to manage Windows, Mac, Linux? Do you manage Laptops, Mobile devices, VMs? Are you redirecting user’s files to a central location? Are there different levels of management of desktops?

Do you have a cost per PC for managing the desktop? Different costs for different types?

Purchased Solution

Are you using a purchased solution? Which one(s)? What features of the product are you using?

OS Patching Software deployment Hardware Inventory Software Inventory Proactive monitoring? Remote Assistance

17

Do you have a web page outlining your policies, models and costs?

Virtual Desktops

Are you implementing any virtual desktop solutions? Do you have a cost per VM?

How do you deal with storage/user files?

Purchased Solution for VDI

Are you using a purchased solution? Which one(s)?

What was your approximate startup cost for server infrastructure? What is your approximate cost per VM?

What features of the product are you using?

OS Patching for VDI

Software deployment Hardware Inventory Software Inventory Proactive monitoring? Remote Assistance

References

18

1. Quest Management Xtensions - http://www.quest.com/quest-management-xtensions-configuration-manager/

2. Casper Suite - http://www.jamfsoftware.com/products/casper-suite/

3. Absolute (formerly Lanrev) - http://www.absolute.com/products/absolute-manage/

4. Likewise Enterprise - http://www.likewise.com/products/likewise_enterprise/

5. BigFix Software - http://www.bigfix.com/

6. Microsoft SCCM - http://www.microsoft.com/systemcenter/en/us/configuration-manager.aspx

7. Dell Kace Kbox - http://www.kace.com/

8. Symantec Altiris Client Management Suite -