Beefing Up ECM, Delivering More

Upgrade simplifies management of large networks

Configuresoft Inc.s Enterprise Configuration Manager 3.5 enables administrators of large Windows 2000 and Windows NT enterprises to proactively monitor massive, geographically dispersed networks while ensuring networkwide compliance with security and configuration policies.

In eWeek Labs tests, the ECM update showed much-improved remote administration capabilities via a new Web console and improved client grouping capabilities. Security information has also been beefed up, now showing centralized hot-fix information and local user and group settings across the enterprise.

ECM 3.5, a free download that shipped in late January, offers no vulnerability assessment tools, but it provides excellent reporting capabilities at an affordable price (especially for workstations). The product includes a 30-day license for five workstations and five servers. Permanent licenses are $30 per workstation and $775 per server.

Configuresoft also offers a maintenance contract that includes free product updates, 24-by-7 support, access to a user community mailing list, and free downloads of additional reports and packages from the Web site. The yearly maintenance fee is 20 percent of the overall license cost. A Windows 9x migration tool (which we did not test) is available separately.

ECM 3.5 consists of six integrated components: collector, console, Web server, user documentation, reports and agents. The collector works in conjunction with a user-provided SQL database to aggregate data from the agents. The console is a bundle of applications that configure, schedule, and monitor events and information. The new Web server provides an attractive remote monitoring interface.

Special Agents In Action

Agents collect specified information from clients, compress the data and send it to the collector. Because the agents utilize DCOM (Distributed Component Object Model) technology, they are active only when initiated by the collector and have a minuscule footprint when inactive.

Unlike Hewlett-Packard Co.s OpenView, which uses SNMP to actively monitor network object performance and alert upon failures, ECM 3.5s proprietary DCOM agents can monitor only Windows NT and Windows 2000 hosts and report hardware, software, operating system and security information and alerts to a central SQL database.

Installation was straightforward. We installed the ECM collector, console and database components on a Windows 2000 server running Microsoft SQL 7.0 server (ECM will also work with Windows NT 4.0 or Microsoft SQL Server 2000). ECM does require a Windows domain controller to ease permission issues among the clients, the collector and the database.

ECM offers automatic and manual ways to centrally distribute agents to single or multiple clients. In tests, both methods worked equally well installing on Windows NT and Windows 2000 servers and workstations within the domain, although the manual method provides greater flexibility via a prechecking mechanism and better reporting.

We could also remotely install agents on a server outside the domain, although we had to fire up a separate application to add security permissions.

Version 3.5s improved client grouping functions let us differentiate collection groups from reporting groups, and clients could be in multiple groups simultaneously. It was a snap to identify all NT 4.0 servers in a network, group them and schedule a periodic collection event for the group.

Using ECMs Compliance Monitor application, we created a template of shared, local user and hot-fix update information from a Windows 2000 Professional client. We then initiated an event that compared all Professional clients with the template. The subsequent report showed which users and shares were missing from the other clients and which hot fixes had not been installed.

Version 3.5 includes a much-improved read-only remote console. Used in conjunction with Microsofts IIS (Internet Information Server), the Web interface provides nearly all the reporting and monitoring details of the console in a clean, intuitive GUI.

Although information is transmitted unencrypted by default, administrators can easily add a certificate to IIS to encrypt and secure these transmissions.

In addition to alerts on the console and the Web interface, ECM 3.5 offers e-mail alerting. With the installation of Windows Scripting Host and ASPMail, ECM can provide different e-mail alerts to multiple administrators.