ECM Gains Mandate Power

 
 
By Cameron Sturdevant  |  Posted 2003-08-04
 
 
 

EXECUTIVE SUMMARY
Enterprise Configuration Manager 4.5
Configuresofts ECM upgrade goes beyond monitoring Windows-only server and desktop parameter settings by adding a capable enforcement tool that can automatically reset machines to approved settings. IT managers should carefully orchestrate the use of ECM 4.5 so that legitimate changes arent undone, thus diminishing the value of installing ECM 4.5 in the first place. ECM is priced at $995 per server and $30 per desktop. Configuresoft is at www.configuresoft.com.
KEY PERFORMANCE INDICATORS
USABILITY FAIR
CAPABILITY EXCELLENT
PERFORMANCE GOOD
INTEROPERABILITY POOR
MANAGEABILITY GOOD
SCALABILITY EXCELLENT
SECURITY EXCELLENT
  • PRO: Enforces configuration rules; granular operator access.

  • CON: Windows-only; constructing configuration rules is a time-consuming process.

  • EVALUATION SHORT LIST
    BindViews Policy Center Symantec Corp.s Symantec Enterprise Security Manager NetIQ Corp.s VigilEnt Security Manager
    ConfigureSoft Inc.s Enterprise Configuration Manager 4.5 has gained the ability to mandate Windows server and desktop configuration parameters.

    eWEEK Labs believes ECM 4.5, which shipped in June, is worth a look for IT managers who want a handle on their Windows-based machines and thus fewer service calls. In our tests, any deviation from the settings specified in ECM 4.5 resulted in our test machines being reset to the approved configuration. At $995 per server and $30 per desktop, ECM 4.5s price is comparable to that of rival offerings, such as BindView Corp.s Policy Center tool.

    Of course, IT managers should carefully consider how they use the new capabilities in ECM 4.5. We recommend using configuration rules, which Configuresoft calls templates, to report noncompliant machines. ECM 4.5 can use its installed agent to ensure registry settings are present when starting or stopping Windows services.

    In tests, ECM 4.5 performed well—almost too well. We modeled several exemplary machine configurations and set up ECM 4.5 to keep our machines in perfect running order. Then we used Windows Update and installed the latest Windows 2000 hot fix from Microsoft Corp.

    Windows worked fine, and ECM 4.5 wasnt bothered, but IT managers in large shops with fast-changing environments might not be so lucky.

    At its base, ECM is a capable configuration management tool, but it is limited to Windows-only systems. BindViews Policy Development, by comparison, supports Novell Inc.s NetWare, along with several varieties of Unix, in addition to Windows.

    ECMs deft ability to restore Windows systems to an approved configuration is the main reason why IT managers should consider it, even for heterogeneous operating system environments.

    Not surprisingly, ECM 4.5 relies on Microsofts SQL Server database. After a couple of false starts, we realized that ECM 4.5 queries the database, not the agents that it installs on each managed machine. As a result, we strongly advise IT managers to run data collections about machine configurations on a regular basis. In tests, it was easy enough to keep the database up-to-date with regularly scheduled collections.

    Because this version of ECM has far greater power to change systems, Configuresoft has commensurately beefed up security controls for console operators. We used a combination of access rules and ECM roles to provide granular access control privileges. For example, we created users who could access information about all the machines in our test network. We limited these users to a small group of machines in developing configuration policies.

    ECM 4.5 has joined the security hype parade. Although the product ably monitors servers and desktops for compliance with approved configurations that are known to resist tampering and hacking, we think that forward-looking IT managers should also consider how ECM 4.5 can cut overall operating costs. Keeping machine parameters updated with tested and approved settings can be as valuable as assuring that workers disable anti-virus tools.

    ECM 4.5 could cut help desk calls on nonsecurity configuration problems by making sure missing registry keys or stopped services are addressed automatically without human aid from the help desk.

    Senior Analyst Cameron Sturdevant is available at cameron_sturdevant@ziffdavis.com.

    Rocket Fuel