158 Part IV: Nitty-Gritty Service Management
Dividing Client Management into Five Process Areas
Look at the five process areas for successful client management illustrated in Figure 13-1 (in the preceding section):
Asset management: No matter what the client environment is (cellphone, BlackBerry, laptop or desktop PC, Windows, or Mac), activities within that container need to be registered, monitored, and tracked based on both the hardware itself, the software that runs on the platform, and the use that is made of it by various groups of users.
Service monitoring: Activities in this process area monitor what’s happening at each client, as well as the tasks required to maintain the right level of service. The service desk provides coordination for monitoring.
Change management: Activities in this process area involve managing and implementing all changes in applications and hardware. This area may include configuration management for applications that span the client and the data center, as well as license management.
Security: Activities in this process area involve securing the whole client domain against external threats and authenticating which users can get into which facilities. Security may involve locking down administration capabilities and proactively managing the storage and backup of data files.
Integration/automation: Activities in this process area aim to standardize all client management processes so that they work together to improve overall service, enhance overall governance, or reduce costs.
Each group of processes may be served by multiple software products and may be carried out by different groups in client management. All five process areas are carried out in some way in all organizations, with varying levels of sophistication. Most companies have some way to keep track of devices, for example; the tracking mechanism may be anything from a simple spreadsheet or an automated system that discovers all new devices as soon as they connect to the network.
As organizations mature, client management has to become business-driven rather than technology-driven. Consequently, a good way to begin improving client service management is to automate the technical management of the client so that it’s largely invisible to users. Where you start depends on where you are, but taking all responsibility for PC administration, application provisioning, and IT security away from users is an intelligent goal.
The following sections cover the five process areas in detail.
Chapter 13: Desktop and Device Management 159
Asset management
Desktop and device asset management helps you select, buy, use, and maintain desktop hardware and software. What must you do to manage desktops and mobile devices thoroughly? Here’s a list of necessary activities:
Establish a detailed hardware asset register. A register is a database that itemizes hardware assets and records all the details. It lets you analyze hardware assets (including peripherals) and provides a foundation for many user services, including provisioning and security. It also may be fed with information by asset discovery software.
Establish a software register. A software register tracks all the software elements of devices. It complements the hardware register and offers a foundation for better automated provisioning of software.
Control software licenses. Some users may be able to add new software to a desktop or mobile device, either because they have administrator capability or because some application self-service has been implemented. Controlling a glut of software is a difficult task. Watching software licenses reduces costs and efforts; it also eliminates the risk that the company will be running more versions of software than it has paid for.
Manage device costs. By tracking device use, you can reduce redundancies, as well as maintain hardware more efficiently. Often, companies have devices that are no longer used but that still require time and effort to maintain.
Service monitoring
The client environment is one of the most vexing problems for IT management. Where client support is not well integrated with data center support, good reasons exist to establish an integrated support service. Then client monitoring goes beyond identifying a problem with a mobile or desktop device: The support service is driven by the data center’s trouble-ticketing system, which tracks a problem to its resolution and quickly identifies situations in which the data center applications are the cause of the problem.
You can also support users by putting these components in place:
Automated client backup: An automated backup system reduces the risk of data loss and speeds recovery times when failures occur. The sad truth is that most users simply don’t have the discipline to manage their own backups, and a simple disk crash on a PC or laptop usually results in the loss of important data. (For more information about data loss and recovery time, see Chapter 14.)
160 Part IV: Nitty-Gritty Service Management
Remote management and maintenance: Because users may be spread around the country or the globe, service providers must be able to manage both client hardware and software remotely.
Client recovery: Normally, this task involves restoring data from automated backups, but it also can involve reconfiguration or a software upgrade, depending on the problem diagnosis.
Root-cause analysis: Many monitoring products place a software agent on the client device to capture the behavior of the hardware and software in real time. Simply knowing whether a failure is caused by hardware or software leads to faster recovery. The more information you can gather about CPU, memory, and application resource use, the easier it is to diagnose a problem.
Application monitoring: Users are quick to blame IT when the performance of their applications is poor. Poor performance can have a multitude of causes, one of which is simply that the client device doesn’t have enough power. Consequently, IT needs to be able to monitor client device performance based on actual application use. Application monitoring helps determine whether a performance problem can be resolved simply by a device upgrade.
Service-level maintenance: Service levels should be applied both to hardware and applications running on client devices. Unless these service levels are defined accurately, they can’t be monitored effectively. Because client management is an integral part of overall data center management, it can’t be viewed in isolation. Service-level maintenance becomes even more important as organizations virtualize the client environments within the data center. (For more information on virtualization, see Chapter 15.)
Change management
Managing change means that you have to provide standardized processes for handling IT changes. Because the client device environment often lacks the centralized service management control that is typical in the data center, it can become the weak link in service management.
You should meet these key requirements for handling client-focused change management:
Hardware provisioning: Rapid deployment of devices minimizes the time needed to support staff changes. New staff members have to be provisioned just as quickly as those leaving the organization.
Software distribution and upgrade: Being able to distribute changed software to devices across the organization is mandatory in tight financial times. Many companies create a standard desktop client environment that facilitates distributing and changing software.
Chapter 13: Desktop and Device Management 161
Patch management: Patches are changes to software that are made to fix bugs rather than changes that upgrade software functionality. When well automated, patch management minimizes the impact of patch implementation while reducing the risk associated with the bugs that are being fixed. Many such fixes address IT security problems.
Configuration management: This process lets your company automate the configuration settings in a desktop software environment, making it easier to manage the client environment. Specifically, it manages which applications are loaded and may include IT security settings that provide or deny administrative capabilities (see the following section).
Security
Ensuring the security of every user access device in a company can be tough. Even when IT sets up security, outside software can easily creep onto devices — particularly laptops and mobile devices, which are difficult to bolt down.
Moreover, it’s possible nowadays to run applications from a memory stick or thumb drive and to plug a variety of devices into USB ports.
Safeguard your access devices by using these approaches:
Secure access control: This approach may involve just password control, or it may involve more sophisticated (token-based or biometric) authentication. Secure access control reduces security breaches.
Identity management: Identity management defines the user in a global context for the whole corporate network. It makes it possible to link users directly to applications or even application functions. This approach delivers networkwide security, associating permissions with roles or with individual users.
Integrated threat management: Normally, you have to counter a variety of security threats through several security products, both on the client and in the data center:
•Virtual private networks secure remote communications lines for using PCs from home or from remote offices.
•Intruder-detection systems monitor network traffic to identify intruders.
•White-listing products limit which programs are allowed to run.
Automated security policy: Ultimately, with the right processes and technology, you can manage some aspects of IT security to some degree via policy. Some products manage logging activity so that the activities of all users throughout the network are logged, for example. Also, you can define policies within identity management software to designate who has the right to authorize access to particular services or applications.
162 Part IV: Nitty-Gritty Service Management
Integration/automation
Integrating good client management into the overall service management framework can be complicated. Organizations are dealing with a variety of client environments, ranging from fully functional PCs to virtualized clients and wireless devices. To meet service levels, client management must be predicable and consistent.
Key ingredients in this approach include the following:
Standards: Adopting client management standards precedes and prepares for all other integration work and enables greater flexibility over time. By standards, we mean standards in every layer of technology from hardware (standard PC models using standard components from the keyboard to networking cards) through communications and data access to client applications. The important point to understand is that when you deviate from any agreed-on standard, you risk increasing the number of points of failure and create potential integration problems. In recent years, most in-house software development has adopted Web Services standards, which has made it far easier to link applications both on clients and on servers.
Management by policy definition: The ideal is to implement client management simply by defining policy directives in software and having them obeyed. Technically, reality is a long way from the ideal. It’s possible, however, to enforce some rules directly in software (such as patch and configuration management software), and some software can be used to help automate compliance and governance. The better the implementation of service management capabilities becomes, the more feasible it is to move toward management by policy.
Governance and regulatory compliance: Compliance often delivers side-effect benefits beyond simply being able to prove that IT operations are compliant when they’re audited. One benefit may be that you can better meet internal audit requirements and, by analyzing some of the data gathered, gain deeper insight into the client domain. Specific benefits depend on your country and your industry.
In many industry sectors nowadays, organizations have to abide by specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the health care sector. Nearly all such regulations affect IT because they mandate a duty of care for customer data, and penalties are applied if these regulations are violated. Consequently, they’re not optional. Luckily, however, many of these regulations are
a boon because they mandate sensible IT practices, and companies