ManageEngine Alternative – Compare to Goverlan

This CompareScope™ paper looks at four solutions designed to facilitate remote administration of Microsoft Windows-based client and server computers. Some of these solutions have advanced to better manage the client platforms outside of the traditional Microsoft domain by offering remote administration of Mac and Linux systems. These solutions aim to improve IT worker productivity and to reduce end user impact on systems being fixed or maintained.

Solutions in this category vary widely not only in base functionality, but also in the details of their implementation. Fine differences in user interface, workflow, and efficiency can make all the difference for an IT technician or administrator. Deployment details and impact can also differ, which impacts an organization’s ability to pilot, deploy, and maintain a solution over time.

Remote administration of distributed client systems is an essential capability of IT support staff. Solutions in this category are designed to facilitate remote administration of distributed client and server computers, typically in real-time. For many of the tasks enabled by these solutions, the native alternative is either a physical desk visit, or a Remote Desktop connection. Either of those alternatives is interruptive to the user of the affected system, and carries a high price in IT personnel overhead. Additionally, solutions in this category offer at least some capability for batch administration of multiple computers. Batch administration may include pushing out a software application or patch, applying one or more configuration changes, or generating reports based on queried data. Solutions in this category may also offer enhanced remote control features, either by integrating with native Windows features (Remote Desktop, Remote Assistance) or by providing their own remote control protocol. An increased expectation is that these solutions also offer remote administrative solutions for the entire enterprise, not just Windows. Solutions adopting an enterprise approach will offer remote management to Mac and Linux clients, normally through Virtual Network Computing (VNC) or Secure Shell (SSH).

Solutions in this category may replicate or emulate the native Windows user interface for specific maintenance tasks, such as configuring a firewall or working with device drivers. This approach provides a familiar administrative surface for IT workers, while the actual work is conducted “under the hood” against one or more remote computers.

In the past, several of the solutions in this category have not maintained a historical configuration database, preferring to query information from systems in real-time. This differentiates them from pure configuration management products, which typically aggregate information into a database and maintain some degree of configuration history, but do not provide access to real-time configuration values. In some cases, the inventory data can become stale and have possible poor effects on batch management decisions and accurate reporting.

Several solutions are evolving to support both real-time query of configuration data and the retrieval of stored information in times when the remote system is offline. Permitting IT to utilize aggregate data from real-time online systems and stored data of offline systems improves the decision making process and reporting accuracy. While some solutions provide this hybrid approach seamlessly, former database-driven data systems may require additional steps to manually gather real-time data, which is first stored in the database before delivery in a report or batch-processing job.

For this paper, we examine several functional areas we deemed key to this category.

Products in this category often provide functionality that seems to point at other categories. For example, by enabling IT personnel to query configuration information from remote computers, one might presume that these solutions also provide a means of managing or enforcing a desired configuration – but that is not a part of this category. Some solutions in this category do provide functionality that extends at least partially into other categories; where appropriate, we note those.

This paper is a product comparison, designed to provide a comparative look at four solutions in this category. This paper is not an exhaustive analysis of the suitability of any particular solution for a given market space.

Products included in this CompareScope™ are:

• Goverlan Remote Admin Suite v8
• Dameware Remote Support v11
• LanDesk Management Suite v9.6
• ManageEngine Desktop Central v9

The Goverlan and Dameware solutions adopt a similar approach, and one that is consistent with most solutions in this category. Using Active Directory and network discovery, they identify unmanaged computers on your network and provide the ability to query basic information from them by means of Windows Management Instrumentation (WMI). You also have the ability to push the solution’s client agent (small in both of their cases) to unmanaged computers, making them managed computers. The client agent gives the solution more coverage and reach into the remote computer, enabling a broader range of management tasks and reporting. Data is queried from systems in real-time, and changes are also applied in real-time, although both solutions allow for scheduled application of batch changes. Manageability with Dameware is available only when managed systems are turned on and awake, and both solutions support various techniques to control the power state.

The Goverlan solution differentiates itself by providing a storage database for real-time gathered information. The SURE-DATA approach improves data accuracy and availability by supplying real-time information combined with stored data for offline systems. This improves manageability by allowing the scheduling of actions for systems, regardless of state, as is common in larger database-driven solutions.

The LanDesk solution is a complex, server-and-agent-based product that compares (from a feature perspective) to Microsoft System Center Configuration Manager. This comparison examines only those aspects of the LanDesk product that relate directly to real-time remote client management; the product does include significant additional features that are not considered here.

The ManageEngine solution contains several product solutions along with a collection of tools to build a customized solution similar to LanDesk. This comparison examines only those aspects of Desktop Central that relate directly to real-time client management, and in some cases will require additional free tools from the ManageEngine collection to provide the desired functionality.

These products all rely primarily upon a locally installed client agent to do their work, although they typically provide some minimal level of client-free functionality, including the ability to deploy said client via push installation. Some care should be taken by customers when selecting a solution, as the client agent can play a crucial role in security and stability. The size of the client agent, its software dependencies, and so forth should be considered.

These products typically rely on a combination of Active Directory Domain Services (AD DS) and network discovery (pinging IP ranges) to discover unmanaged systems. Solutions in this category do not necessarily rely on a database.

Solutions in this category may also offer centralization of certain auditing events for reporting and auditing purposes, such as use of the solution’s remote control facilities. Where appropriate, we note the availability of such centralized features, although these were not a major focus for this comparison.

Note that both the Goverlan and Dameware solutions are desktop applications. They do not require a server-based infrastructure and can be deployed for piloting without impacting the production network.

LanDesk and ManageEngine have traditional centralized databases for inventory collection, primarily used for reporting and targeting resources. The inventory collection process can take several days depending upon configuration. This approach is similar to Microsoft System Center Configuration Manager (SCCM). For normal day-to-day tasks like deploying major application updates, the stale nature of the inventory data is generally not seen as a problem. For real-time client support and troubleshooting, the delay in current inventory information can be a factor.

The Goverlan solution provides a unique hybrid solution in that it first gathers its inventory information in real-time, then optionally storing this information (using SURE-DATA technology) to a local file or central SQL database. This contrasts from LanDesk and ManageEngine by providing immediate real-time information as the technician is working and displaying stored information for systems that may be offline, permitting more accurate queries for actions and reports. Inventory collection may also be scheduled, but the importance of having real-time information immediately available is the foremost concern to the support technician.

Remote control is a core functional area for solutions in this category. Solutions typically support the built-in Remote Desktop Protocol (RDP), may support VNC and Telnet/SSH for cross-platform control, and often provide their own proprietary remote control protocols. Proprietary protocols may offer better network utilization or lower CPU utilization, file transfer and chat capabilities, additional user experience or security options, and so on. The feature comparison below was performed using the product’s proprietary control solutions, when available.

These solutions all offer various end-user approval modes that, depending upon their configuration, can require remote viewers to obtain end-user permission before viewing or controlling the session, or can be set to allow administrators full remote control with no user awareness or acknowledgement. The available modes should suffice for most organizations’ political and privacy needs, but are typically available only in conjunction with the solution’s proprietary remote control protocol. Native features like Remote Assistance or Remote Desktop Protocol may not be as configurable.

We should point out that there are technically two distinct approaches to remote control. In-band control is what we’ve reviewed for this paper, and it is provided by all of the products reviewed as noted in the chart above. Another approach, out-of-band control, utilizes hardware-based redirection of the keyboard, mouse, and monitor. This requires the computer motherboard to include support for the technology, and the most popular today is Intel vPro-based remote control. This support includes the ability to change power settings and mount ISO images regardless of the current state of the target. We did not examine vPro in any depth for this paper, because it has significant requirements, but it should be noted that Goverlan, Dameware and LanDesk products support Intel vPro.

While the following table provides an overview comparison of these products, it is important to note that there are significant and often subtle differences between the products. For example, when managing printers, environment variables, and other user-specific settings, the Goverlan solution is multi-user aware. When managing a shared computer, for example, Goverlan can “see” individual user profiles and permit you to modify them individually or all at once. This can be a significant advantage; other solutions may accomplish this by modifying the profile when the user logs on, rather than in real-time.

Another example: when searching for objects in AD DS, the Goverlan solution provides a simplified UI that enables an administrator to directly search for attribute names. Typing “department=sales,” for example, retrieves all users in the Sales department. The Dameware solution supports AD DS searching through the standard OS dialog, which provides full functionality but is somewhat more complicated to use. Other solutions such as LanDesk support LDAP query format, but this may impact IT support staff unfamiliar with this query language.

It should be noted that Goverlan provides a unique feature named fastConnect that is especially useful to support technicians. This feature allows the support professional to find and target a computer by searching for the username of the currently logged on user. As an example, when a user contacts support, they rarely know their computer name, forcing the support technician to spend several minutes helping the user discover and report the computer name for a remote connection. With fastConnect, the technician can query for the username and see the corresponding computer, allowing for an immediate connection without further involving the user.

* The Dameware product, unlike the others, appears to have minimal Exchange Server administrative support (mainly mailbox management and attributes, which come from AD DS), but has a number of restrictive system requirements to use it.

The following table summarizes the key functional areas for remote administration. These areas can be administered “behind the scenes,” meaning they do not require remote control of the remote computer. Users will not be aware that the following activities are taking place.

Because it is designed as a configuration management tool, the LanDesk and ManageEngine solutions offer a broader range of built-in configuration tweaks and settings. These are centrally defined, downloaded by their client agent, and applied at logon. These settings include Microsoft Office, Microsoft Outlook, Security Policies, Time Synchronization, Folder Redirection, and more. Most of these settings are in the registry, making them manageable with either the Goverlan or Dameware products as well, although those two products do not pre-define configuration packages for these. Many organizations will already be using, or will prefer to use, the native Group Policy objects (GPO) feature of AD DS to manage these and other registry-based settings for more granular targeting and application of settings. The Goverlan product, through its Scope Actions feature, could also provide a similar level of granularity.

The Dameware solution’s batch processing capabilities are limited. You can, in a batch, deploy the solution’s client agent, install services, deploy registry files, manage power state (restart, shutdown, etc.), send pop-up messages, and a handful of other selected tasks by selection of computers.

By contrast, the Goverlan solution has extensive batch processing capabilities. You can define scopes, which are groups of computers, users, or AD DS groups. Scopes can consist of static lists, AD DS sites or containers, IP address ranges, and so on. An extensive set of actions, broadly categorized as “reporting,” “setting,” and “executing” are built-in, and custom actions can be created. Actions can be further scoped by specifying limiting criteria – only machines with a certain amount of RAM, for example. Reporting is available for the entire WMI repository – a wide range of data, much of which is pre-indexed and explained within the solution. Settings can include AD DS properties, local accounts, and a range of WMI objects. Execution can include nearly anything the solution is capable of doing on a per-computer basis, including network settings, printers, processes, software, for a total of several dozen discrete actions.

The LanDesk and ManageEngine solutions offer the strongest contrast, as it is not intended for real-time batch deployment. Instead, you create configuration policies and rules, which are deployed to collections.

Because most IT environments consist of more than one administrator or technician, shared features can become important.

Because it uses a central configuration repository (database), the LanDesk and ManageEngine solution's configuration is automatically shared across all administrators using the product.

Although the Dameware solution does have a central server for licensing, we were not able to discover any means of sharing configuration data between users of this solution.

The Goverlan solution supports sharing computer lists, console layouts, remote control connection sets, software installer packages, batch action sequences, and batch action target lists. With the addition of the SURE-DATA database, configuration information is shared similar to LanDesk.

The Goverlan solution includes WMIX, an integrated utility (also available standalone) that provides a GUI atop the WMI repository. This utility enables administrators to browse WMI (often the only way to discover what the repository contains), and provides custom in-product documentation for core WMI classes and properties. Using the utility’s built-in reports, report wizard, or report templates, administrators can generate a wide variety of real-time inventory reports.

The Dameware solution does not offer equivalent functionality.

The LanDesk and ManageEngine solutions offer reporting from WMI, but do not draw upon real-time data. Instead, using a proprietary reporting interface to generate reports based upon information stored in its database. A number of built-in reports are included, and custom reports with custom WMI queries can be created. A policy using Data Collection must be configured to collect data before reports can be generated from that data.

It should be noted that the real-time discovery, exploration and future storage of custom WMI information has proven essential in many situations. Most products leave the IT support staff to accumulate their own tools outside of the product to accomplish these tasks. The Goverlan WMIX utility provides this integrated support and goes beyond most other available toolsets.

The Goverlan and Dameware solutions address the same problem space within an organization, although the Goverlan product offers broader functionality and deeper management reach. Its approach to batch administration – action scopes, a GUI-based task sequencer, and so on – offer extended opportunities for use, and take the product almost to the point of being a full-fledged systems management tool. With the hybrid approach of real-time inventory and management combined with the inclusion of SURE-DATA configuration storage, many organizations will find this a more affordable and robust management tool removing the complexities of deploying and implementing a product such as LanDesk. The additional attention to management details, such as the fastConnect feature providing easy-to-discover computer targets from usernames, demonstrates an understanding of the support professionals role and challenges. Greater platform administration of Mac and Linux is a must for growing organizations with cross-platform requirements.

The LanDesk solution is designed for far more than real-time remote client support, and indeed that is not its strongest aspect. It is at heart a centralized, database-driven configuration management suite, with remote control capabilities and certain remote management capabilities. Strong support for out-of-band management (with supported hardware) helps supplement these capabilities. Similar to ManageEngine, this product is more of a traditional full-featured database-driven approach, but requires an investment in architecture, deployment and management that may not be best suitable for some companies.