Best Practices in Lifecycle Management

Transcription

1 Best Practices in Lifecycle Management Comparing Suites from Dell, LANDESK, Microsoft, and Symantec An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) Position Paper Prepared for Dell Revised: February 2015 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING

2 Table of Contents Executive Summary... 1 Best Practices in Lifecycle Management... 1 Evaluating the Lifecycle Management Marketplace... 2 Methodology... 2 Heterogeneous Support... 3 On-Premise versus Software-as-a-Service (SaaS) Solutions... 4 A Note on Enterprise Mobile Management... 4 Evaluation Key:... 4 Functional Comparison... 5 Asset Discovery and Management... 5 Provisioning... 7 Security & Patch Management... 8 Third-Party Patch Management Configuration Compliance and Remediation Process Automation and Service Desk Interfaces and Reporting Financial Comparison Pricing Models Infrastructure Cost Comparison Total Implementation Costs Very Small Support Stack Small Support Stack Medium Support Stack Large Support Stack Non-Computer Device Support Very Small Support Stack Small Support Stack Medium Support Stack Large Support Stack Operational and Training Costs EMA Perspective About Dell... 19

3 Executive Summary IT system lifecycle management includes a broad array of essential and complex processes for ensuring optimal reliability and performance of technology investments. Critical to enabling these management disciplines are automated solutions that simplify and standardize administrative and reporting tasks. However, choosing a lifecycle management suite that cost-effectively meets enterprise requirements can often be a confusing process. To assist in the evaluation of automated lifecycle management platforms, Enterprise Management Associates (EMA) has conducted a side-by-side functional and financial comparison of solution suites from four of the leading vendors in this market space: Dell, LANDESK, Microsoft, and Symantec. Key best practices in lifecycle management are explained and used as a framework for highlighting critical points of comparison, and a detailed financial evaluation goes beyond license costs to help determine total cost of ownership of each platform. The EMA analysis includes a comparison of over 45 features across seven key areas Asset Discovery & Management; System Provisioning; Software Distribution; Security and Patch Management; Configuration, Compliance and Remediation; Process Automation and Service Desk; and Interfaces, Reporting, and Alarming. The results of the review show that Dell KACE Appliances equal or exceed the functionality of their competitors across most disciplines. Yet, when factoring in total infrastructure expenses, the Dell KACE Appliances cost significantly less than their primary competitors. With such a strong value proposition, EMA recommends businesses of any size considering solutions for lifecycle management should include the Dell KACE Appliances in their product evaluations. Best Practices in Lifecycle Management Lifecycle management of IT resources (including desktops, laptops, and servers) involves a number of key disciplines, aimed at achieving efficiency, productivity, and cost reduction within IT and across the business. Key disciplines that EMA recommends when considering a solution for lifecycle management include: Asset Management Automatic discovery of hardware and software assets allows organizations to accurately identify the types and locations of devices and software connected to the network. This helps in cost accounting and feeds accurate planning for provisioning, security, compliance, and more. Inventory Management Keeping up-to-date inventory allows businesses to reuse existing systems instead of buying new ones, reduce their hardware inventory software upgrades and license costs, and avoid fines and other penalties by ensuring license compliance. Bare Metal Installation Provisioning new software into a system that has no previously installed operating system or boot agents reduces on-site visits and gets new users and systems up and running faster. EMA research shows that lack of bare metal installation can double or triple the time it takes to achieve user productivity. Software Distribution and Provisioning Installing software from a central location allows new employees to contribute faster, and ensures existing users can do their job by having the software they need, when they need it. EMA research has found that centralized software management halves the time it takes to provision new applications. Security and Patch Management Detecting and protecting against security risks at the edge of the network is critical to reducing enterprise IT risk. Centralized security management can prevent potential vulnerabilities such as unauthorized software or configurations, as well as detect and quarantine insecure systems out of the network. Ensuring endpoints are using the latest patch editions is also important for maintaining optimal system and application performance. Page 1 Page 1

4 Configuration Compliance and Remediation Centralized maintenance of software versions, settings, and other configuration elements helps organization achieve compliance by detecting, preventing, and removing unauthorized software, malware, pirate software, exposures, and other malicious changes. EMA research shows that it also halves the amount of time it takes to deploy patches, and reduces virus and spyware management (both detection and remediation) by an average of 80%. Process Automation Automating and connecting IT management processes saves time and money. EMA research has shown, for example, that process automation can reduce software deployment time on average by two-thirds, and halve the time taken for patch management. Service Desk An integrated mechanism to report problems and service requests enables prompt response to end users and reduces administrative roadblocks. An easy-to-use portal interface to such a system reduces telephone calls, manual intervention, service desk staff costs, and errors, allowing automation to add more value to the process. Reporting Reporting on status and activity allows businesses to identify and avoid potential problems, provides the audit and control proof of compliance required for regulations such as SOX, PCI, and HIPAA, as well as to enable best practices like ITIL and COBIT. Alerting and Messaging It is important for administrators to detect and respond quickly to problems in order to reduce exposure, cost, and downtime. EMA research shows that it takes an hour, on average, before an administrator discovers a critical problem. Automated alerting significantly reduces this delay and allows administrators to correct problems before end users and customers are even aware an incident has occurred. Evaluating the Lifecycle Management Marketplace EMA conducted a comparison of features in the most critical lifecycle management disciplines. While it is not a complete comparison, the following section identifies the availability of many of the essential capabilities in four of the most popular lifecycle management solutions on the market today: Dell KACE K1000 Systems Management and K2000 Systems Deployment Appliances LANDESK Management Suite 9.6 SP1 Microsoft System Center 2012 R2 Configuration Manager (SCCM) Symantec Altiris Client Management Suite (CMS) 7.5 SP1 Methodology EMA identified the feature sets included in each solution suite based on publically available sources and then invited all four vendors to review and comment on the evaluation of their respective solutions. Any input provided was incorporated into the analysis as long as it met the following criteria: All features needed to be included in the current release of the solution suite. Beta releases and notes of future capabilities did not qualify for inclusion. All features needed to be recorded in publically available documentation to provide confirmation of the capabilities and to ensure they are officially supported. The features needed to be self-contained within the current release of the solution suite. Features available in a different product set from the same vendor or from a 3rd party vendor were not considered applicable as including these would significantly and unfairly impact the cost analysis. Page 2 Page 2

5 Due to space limitations, EMA did not attempt to evaluate how well each product performs each capability, and organizations are strongly advised to perform their own comparison analysis on any functionality deemed critical. Heterogeneous Support New to this report edition is the inclusion of independent charts identifying platform support for different operating environments, including Windows, Mac OS X, Linux, UNIX, and Chromebook platforms. While all solutions in this evaluation were initially developed to principally support Windows endpoints, EMA s evaluation indicated very clear points of contrast in the level of heterogeneous support offered by the solutions. The inclusion of the additional charts is intended to assist in highlighting these differences. However, readers are encouraged to weigh the value of this additional information proportional to the amount of heterogeneity in their own environment. All four solution sets support the latest and most commonly employed editions of Windows and Mac OS X as well as a number of Linux and UNIX platforms. The chart below indicates supported platforms for each management solution: Windows Windows XP Windows Vista Windows 7 Windows 8 Mac Mac OSX 10.6 Mac OSX 10.7 Mac OSX 10.8 Mac OSX 10.9 Mac OSX Linux CentOS Debian Fedora Oracle Enterprise Linux Red Hat SUSE Ubuntu UNIX AIX FreeBSD HP-UX Solaris Page 3 Page 3

6 It should also be noted that while Symantec CMS natively provides limited support for Linux and UNIX systems, its sister product, Symantec Server Management Suite, offers broader capabilities for supporting these platforms but has not been reviewed in this evaluation. On-Premise versus Software-as-a-Service (SaaS) Solutions While most lifecycle management solution suites were initially introduced as on-premise solutions (i.e., management platforms that physically reside and operate within an organization s local area network), many vendors have since introduced cloud-hosted solutions that are remotely accessed, maintained by their respective vendors, and offered as a monthly or annual subscription. These SaaS-based management platforms typically offer slightly diminished functionality from their on-premise cousins, but may be more cost effective for some organizations since they require no upfront infrastructure purchases or on-going maintenance costs. In order to ensure EMA s evaluation is as fair as possible to the vendors, only the on-premise solutions have been reviewed, enabling a direct apples to apples comparison. However, for many businesses, a SaaS solution may offer a superior bargain depending on organizational requirements, so it is advisable to review both on-premise and SaaS solutions when evaluating platforms. A Note on Enterprise Mobile Management All four vendors in this evaluation have invested heavily into the development of capabilities for the management of mobile devices (i.e., smartphones and tablets). Microsoft has incorporated some of these capabilities into SCCM 2012 SP2, while LANDESK and Symantec offer separate but integrated mobile management platforms. Dell has also introduced some mobile management capabilities (such as asset discovery and management) into the K1000 management appliances in addition to offering a cloud-hosted Enterprise Mobility Management solution service. Because the number of management processes necessary to support enterprise mobility would be too extensive to cover in this document, EMA did not attempt to compare mobile management capabilities offered by the vendor solutions. Instead, lifecycle management features and solution costs were principally limited to support for laptops, desktops, and servers. Nonetheless, EMA recognizes that mobile device support has become a critical part of enterprise IT management requirements and recommends organizations perform a similar evaluation to the one presented below when evaluating mobile management solutions. Evaluation Key: =Yes =Partial =No Page 4 Page 4

7 Functional Comparison Asset Discovery and Management Windows Bare Metal Discovery OS Discovery (agent-based) Application Discovery (agent-based) Agentless OS & App Discovery Inventory Management (agent-based) Inventory Management (agentless) License Management License Enforcement License Reclamation Software Usage Metering Integrated Software Catalog Asset management for Windows devices is considered a core competency for all the evaluated solutions, so it is not surprising that they all score very well in providing these base capabilities. All evaluated solutions are able to automatically discover devices even if they do not have an operating system installed (by serial number, MAC address, etc.), and all the solutions are broadly able to detect operating systems and applications on Windows devices. While LANDESK, Microsoft and Symantec all require the installation of an agent to perform OS and application discovery tasks, the Dell KACE appliances can accomplish this with or without an installed agent. Once assets are discovered, inventory information and tracking can be performed by all four solutions agentlessly; although Dell and LANDESK can leverage installed agents to support some advanced inventory management capabilities, and Dell can collect additional information from Dell systems, such as warranty information. All four solutions also manage software licenses and can meter and report on software usage. Dell, LANDESK, and Symantec are able to enforce the use of licenses and can reclaim unused licenses so they can be reprovisioned where they will be more optimally used, reducing enterprise costs. Dell and LANDESK also maintain software catalogs from which known application and version characteristics can be associated with discovered applications for license reconciliation and management. At the time of this evaluation, the Dell software catalog included 52,468 entries and was updated daily, while the LANDESK software catalog included 2,800 entries and was updated quarterly. Page 5 Page 5

8 Mac OS X Bare Metal Discovery OS Discovery Application Discovery Agentless OS & App Discovery Inventory Management (agent-based) Inventory Management (agentless) License Management License Enforcement License Reclamation Software Usage Metering As Mac OS X device adoption continues to grow in the enterprise market, IT management vendors have systematically increased support for the platform. Notably, discovery and inventory management capabilities on Mac OS X are very comparable to features supporting Windows platforms across all four platforms. Both Microsoft and Symantec, however, do not yet provide support for license management on Mac endpoints. Only Dell extends software usage metering capabilities to Macs. Linux Bare Metal Discovery OS Discovery Application Discovery Agentless OS & App Discovery Inventory Management (agent-based) Inventory Management (agentless) License Management License Enforcement License Reclamation For Linux platforms, Dell KACE is the only platform that provides license management capabilities. Microsoft SCCM is only able to see Linux devices with an installed agent, so it is unable to perform bare metal discovery. Page 6 Page 6

9 UNIX Bare Metal Discovery OS Discovery (agent-based) OS Discovery (agentless) Application Discovery (agent-based) Application Discovery (agentless) Inventory Management (agent-based) Inventory Management (agentless) The Dell KACE platform performs management tasks on UNIX devices only through agentless processes. Conversely, Microsoft SCCM is only able to perform discovery and inventory management tasks via an installed agent. While Symantec Altiris CMS can discover UNIX devices (i.e., it identifies an unrecognized IP address on the network), it is unable to natively identify any asset details from these systems. Chromebook Bare Metal Discovery (agentless) OS Discovery (agentless) Inventory Management (agentless) The Dell KACE K1000 Management Appliance is the only evaluated solution that offers management capabilities specifically targeted at supporting Google Chromebooks. The LANDESK and Symantec solutions will discover the Chromebooks on a network as an unknown IP address, but are unable to identify the operating system or any other inventory details. Provisioning Windows Bare Metal Provisioning Multicasting Integrated Driver Management Integrated User State Migration Virtual Machine Provisioning Automated Software Deployment Self-Service Software Portal All solutions can remotely provision Windows platforms onto bare metal and without a preinstalled agent. Multicasting the ability to provision multiple systems simultaneously is also supported by all four solution sets for Windows deployments. Virtual machines can natively be deployed by the Dell KACE K2000 Deployment Appliance and Symantec Altiris. Microsoft SCCM can also provision virtual machines when used in conjunction with Microsoft System Center Virtual Machine Manager Page 7 Page 7

10 (included in the purchase price). All but Symantec offer user state management capabilities for setting and migrating user settings and configurations. All four solutions provide features for automatically deploying software to Windows systems, and all provide a self-service software portal that allows end users to select and provision Windows applications without needing to interact with IT administrators. Mac OS X Bare Metal Provisioning Multicasting Integrated Driver Management Integrated User State Migration Automated Software Deployment Self-Service Software Portal Mac OS X provisioning can be performed by Dell KACE, LANDESK, and Symantec Altiris; however, multicasting for Mac deployments is only supported by Dell and Symantec. LANDESK also supports user state migration capabilities for Mac OS X updates. While all four solutions can deploy applications to Mac endpoints, Microsoft does not provide a self-service portal for these platform users. Linux Bare Metal Provisioning Automated Software Deployment Unix Bare Metal Provisioning Automated Software Deployment LANDESK and Symantec can also deploy Linux and UNIX operating systems. While all four solutions can deploy applications to Linux platforms, only Microsoft and Symantec extend software deployment to UNIX devices. Security & Patch Management Windows Patch Management Vulnerability Scanning with Automated Remediation Application Black Listing Application White Listing Updates for 3rd-party Malware Protection System patching is essential for ensuring security hardened operating environment, so it is no surprise that all four solutions include automated processes for deploying patches on Windows platforms. Dell, LANDESK, and Symantec perform vulnerability scans that can automatically remediate identified Page 8 Page 8

11 problems. Although Microsoft does not natively include vulnerability scans, that capability is available through integration with its System Center Endpoint Protection Manager platform. With application black listing, the Dell, LANDESK, and Symantec platforms allows organizations to restrict access to specifically identified Windows applications. LANDESK additionally includes white listing capabilities allowing organization to limit user access to and use of only authorized applications. The Dell KACE K1000 Management Appliance has the ability to natively update third party anti-virus/ malware protection software, including solutions offered by F-Secure, McAfee, Microsoft, Sophos, Symantec, and Trend Micro. LANDesk, Microsoft, and Symantec require the additional purchase of their respective security management platforms to update malware protection agents. Mac OS X Patch Management Vulnerability Scanning with Automated Remediation Application Black Listing Application White Listing Full Patch Management for Mac OS X is supported by Dell, LANDESK, and Symantec. While Microsoft SCCM does have the ability to deploy non-windows patches as a software update, the solution does not directly download patches and patch meta-data from a Microsoft hosted environment, requiring SCCM customers to also have service contracts with various OS vendors in order to receive patches. Additionally, SCCM does not provide any patch compliance reporting capabilities for non- Windows systems. EMA believes this limited support does not rise to the level of providing true Patch Management and is more appropriately identified as Software Distribution, for which Microsoft has been given full credit above. All but Microsoft also extend vulnerability scanning and remediation capabilities to the MAC platforms. Dell supports application black listing on Macs, and LANDESK supports both black and white listing on Macs. Linux Patch Management Vulnerability Scanning with Automated Remediation UNIX Patch Management Vulnerability Scanning with Automated Remediation LANDESK and Symantec extend patch support to Linux platforms, while LANDESK alone patches UNIX clients. As noted above, Microsoft can deploy patches to non-windows clients as a software deployment, but this does not qualify as providing true Patch Management. Vulnerability scanning on Linux devices is supported by LANDESK, and Symantec provides this feature for both Linux and UNIX endpoints. Page 9 Page 9

12 Third-Party Patch Management In addition to the core operating system patching functionality, many management solutions also support the direct patching of third-party applications. The advantage of this approach is that it greatly reduces the impact of a broad number of patch deployments since the patch source is hosted locally (rather than on a remote third-party vendor server) and can be managed with the same scheduling and policies that govern system patch deployment. Although Microsoft SCCM does not natively support patching of third-party packages, Microsoft can import third-party updates into System Center Updates Publisher (sold separately) to perform this functionality. The chart below lists a selection of 25 common third-party applications that can be patched by the Dell, LANDESK, and Symantec management suites on Windows and Mac endpoints. EMA selected this application list to provide an indication of the level of support provided by each platform, but it is by no means a complete list. EMA strongly recommends organizations to investigate which of their business-critical applications are supported by each vendor when evaluating solutions. Windows Mac Dell LANDESK Symantec Dell LANDESK Symantec 7-Zip Adobe Reader Adobe AIR Adobe Flash Player Apple Creativity Apps Apple QuickTime Apple Safari Cisco WebEx Citrix XenApp Citrix Receiver Foxit Reader Google Chrome Microsoft Exchange Servers Microsoft Internet Explorer Microsoft Office Microsoft Silverlight Microsoft Skype Microsoft SQL Server Mozilla Firefox Oracle Java RealVNC VMware Fusion VMware Player VMware Server & Workstation WinZip Page 10 Page 10

13 Configuration Compliance and Remediation Windows Policy-based Software Configuration Checking and Enforcement Automated Configuration Remediation Password Enforcement (hard disk, power-on, screen-saver, policy) Scanning and Quarantine of Non-compliant Systems Active Directory Integration LDAP Integration Remote Control Intel vpro Integration (Reporting) Intel vpro Integration (Management) Automated Power Management All reviewed solution sets are able to monitor and report on Windows endpoint configurations that do not conform to established policies, and all solutions will automatically remediate any clients that fail to meet configuration standards. Additionally, all four solutions provide password policy enforcement capabilities for Windows clients. The LANDESK and Microsoft platforms can natively protect the network by automatically quarantining systems that are out of compliance. Group and individual policies and permissions can be imported through direct integration with Active Directory by all four solutions, and all but Microsoft can also acquire this information through integration with LDAP. Tools for remotely accessing Windows endpoints are also commonly offered by all the management platforms as is direct integration with Intel vpro to enable out of band reporting. All but LANDESK can also leverage vpro to perform management tasks such as remote power control (power on/off, hibernate, sleep, etc.), remote diagnostics and repair, and network filtering. Automated power management can significantly reduce energy costs by powering down systems when they are not actively being used. All the evaluated solutions extend this support to Windows clients. Mac OS X Policy-based Software Configuration Checking and Enforcement Automated Configuration Remediation Password Enforcement (hard disk, power-on, screen-saver, policy) Scanning and Quarantine of Non-compliant Systems Remote Control Automated Power Management Software Configuration checking and enforcement policies as well as automated configuration remediation are also supported on Mac OS X platforms by all four evaluated solutions. Password enforcement is supported on Macs by all but Microsoft. Scanning for non-compliant systems is only performed by LANDESK while the remote control of Macs is supported by Dell, LANDESK, and Symantec. Automated power management of Macs can only be performed by the Dell and Symantec management platforms. Page 11 Page 11

14 Linux Policy-based Software Configuration Checking and Enforcement Automated Configuration Remediation Linux platforms are supported by Dell and Microsoft for Configuration checking and enforcements, and both Dell and LANDESK provide automated configuration remediation features. None of the evaluated solutions natively provide configuration compliance and remediation capabilities for UNIX platforms. Process Automation and Service Desk Includes Process Automation or Orchestration Capabilities Wizard-based Scripting Integrated Service Ticket Creation, and Tracking Workflow Connects Directly with Integrated Service Desk Self-Service User Portal Direct integration with Community Services All the reviewed solutions except Microsoft SCCM natively provide some process automation to make routine tasks faster, easier, and more accurate. However, Microsoft extends this functionality through integrations with the separately offered solution set, Microsoft System Center Orchestrator. Microsoft SCCM is also the only platform that does not include wizards for assisting in the creation of custom scripts. Dell KACE, LANDESK, and Symantec all include built-in end-to-end service desk automation for ticket generation and problem tracking. Although not native to SCCM, Microsoft does offer this functionality in the separate System Center Service Manager solution. Logically organized sets of tasks called workflows are natively creatable and integrated with the vendor s service desk with all the solution sets but Microsoft SCCM. Again, Microsoft offers this functionality separately with the adoption of third party integration with System Center Service Manager. All four solutions provide an integrated software catalog and a portal that allows end users to initiate software installations, maintenance activities and/or repair requests for their workstations. Only Dell KACE includes a portal that directly integrates with a community service (ITNinja.com) to deliver easy access to industry IT management recommendations, best practices and expertise. Microsoft and Symantec, however, host a community service portal on their respective web-sites they are just not directly accessible from the management consoles. Page 12 Page 12

15 Interfaces and Reporting Web Browser-based Administration GUI Mobile Console Access Role-based Administration, with Pre-defined and User Defined Roles Pre-Defines and Customizable Web-Based Reports Data Export for OEM Reporting Customizable reporting based on SNMP object data Log Monitoring System Performance Monitoring 3 rd Party Application Monitoring Microsoft Exchange SQL Server Hyper-V Active Directory Microsoft Internet Information Server (IIS) Dell KACE and LANDESK allow all of their solution s functionality to be accessed via a web console. Symantec offers a web interface that can perform the majority of essential reporting and management functionality, but advanced features need to be accessed through a Windows-based console. The Microsoft SCCM console is not fully web accessible and an interface needs to be manually installed on clients in order to access reports and management features; however, a web-based dashboard is provided to report on software deployments, system health, and compliance status. Dell KACE uniquely offers a mobile application that is specifically designed to remotely perform console tasks from smartphones and tablets. All solutions provide role-based access to customize user views based on their job function and allow data to be exported for OEM Reporting. The Dell and LANDESK management solutions can also create custom reports based on SNMP object data. This is important because non-computing devices (i.e., printers, projectors, UPSs, etc.) rarely store attribute and status information in accessible log files. In order to get actionable information from and maintain connections to non-computing devices requires the ability to collect and record data by connecting to an SNMP agent running on those resources. Alarms and reports can be generated by all four solutions based on the state of system performance and/ or log entries. Key third-party server applications can also be directly monitored by Dell, Microsoft, and Symantec. Microsoft s management support for Active Directory is provided in the separately available System Center Operations Manager. Page 13 Page 13

16 Financial Comparison Pricing Models The chart below identifies license and maintenance costs models for the four evaluated solutions. Pricing information is based on publically available information and manufacturer suggested retail prices (MSRP), though it should be noted that vendors and their channel partners all offer discounts on bulk orders that can substantially reduce the final cost of the solution suites. Check with the individual vendors for an accurate price quote when evaluating solutions. Dell KACE List Price Management Appliance: two versions are available to accommodate organizations of different sizes: K1100: $8,900 includes licenses for 100 computing devices and can support up to 1,000 devices. K1200: $38,900 includes licenses for 1,000 endpoints and can support over 10,000 devices. Additional endpoints for both appliances are $31 each. Deployment Appliance: two versions are available to accommodate organizations of different sizes: K2100: $4,500 includes licenses for 100 endpoints and can support up to 1,000 devices. K2200: $17,900 includes licenses for 1,000 endpoints and can support over 10,000 devices. Additional endpoints for both appliances are $13 each. Bundle Pricing: a 20% discount is applied when both a Management Appliance and a Deployment Appliance are purchased together. Server Log Monitoring: $2,000 includes licenses for monitoring 200 servers Asset Packs: $1,250 includes licenses for inventory of up to 250 Chromebooks and non-computing devices (e.g, printers, projectors, switches, etc.) Maintenance 17.5% purchase price annually (for a 3 year contract) LANDESK $56 per managed endpoint (MSRP); discounts available 22% purchase price annually Microsoft SCCM Configuration Manager Client MLs : $62 per managed client endpoint (i.e., PC devices), including licenses for both SCCM and System Center Virtual Machine Manager Standard Server MLs: $1,323 per managed server for every two physical processors and every two hosted (i.e., virtual) operating system environments Datacenter Server MLs: $3,607 per managed server for every two physical processors and an unlimited number of operating system environment All prices are MSRP and discounts are offered through various channels 25% purchase price annually Symantec Altiris CMS $95 per managed endpoint (MSRP); discounts available 25% purchase price annually Page 14 Page 14

17 Infrastructure Cost Comparison License purchases constitute only a portion of the total cost of ownership of a lifecycle management solution. In particular, infrastructure costs should also be considered when evaluating solution suites. The chart below indicates how the most significantly impacting infrastructure cost elements compare across the product sets. As an appliance-based solution, the Dell KACE platform has the advantage of self-containing the majority of infrastructure software and hardware components. Microsoft, by contrast, requires separate servers installed at each logically segmented site, although they can collectively all be controlled from a Central Administrator Site that this evaluation assumes functions on a single physical server. With the release of SCCM 2012, Microsoft included a Runtime Edition of its SQL database at no additional cost. However, the Runtime Edition has a 4GB size limit that makes it impractical when performing database replication (necessary for transferring site configurations and settings), so Microsoft recommends the Standard Edition be employed for this purpose on central servers, but secondary servers will operate well with just the Runtime Edition. In the charts below, it is assumed that SCCM environments that are managed by multiple servers will require a Standard SQL license on the central server. Perhaps the most significant infrastructure cost factor for SCCM is with the need for Microsoft Client Access Licenses (CALs) which can add up very quickly to extensive costs in large support stacks. Standard CAL costs have been assumed in this evaluation, but organizations could potentially reduce overall costs if they adopt Enterprise or Core CALs that include licenses for a number of Microsoft products, including SCCM. Server(s)/Console(s): Cost estimated at $2,000 per server to meet common requirements Server/Console OS: Windows Server 2008 R2 Standard ($1000 each) Client Access Licenses: Pack of 20 ($800 each) Server/Console SQL License: Microsoft SQL Server 2008 Standard ($2,750 each) Server/Console Maintenance Microsoft Software Assurance (25% p.a) for OS & SQL Dell KACE LANDESK Microsoft SCCM Symantec Altiris N/A $2,000 $2,000 $2,000 N/A $1,000 N/A N/A N/A $2,750 N/A $ per year $1,000 per server $800 for every 20 endpoints $2,750 for primary servers performing replication $ per server per year $1,000 N/A $2,750 $ per year Total Implementation Costs Bringing together all the disparate cost elements provides a more complete depiction of the total cost of implementing a client management solution. However, it should immediately be evident that the size of a support infrastructure will affect the expected costs since each product scales differently. Below are cost calculations for four different support stack sizes. Maintenance costs have been annualized over a period of three years to show their expense over time. Since each environment will have unique requirements, EMA recommends each business perform its own cost analysis when evaluating products. Page 15 Page 15

18 Very Small Support Stack Including costs for all infrastructure resources necessary to implement the client management solutions suites to support 200 PCs and 10 servers systems at 1 location over 3 years: Dell KACE LANDESK Microsoft SCCM Symantec Altiris Management Solution $15,840 $11,760 $38,860 $19,950 Management Solution Maintenance for 3 Years $10,395 $7,762 $29,145 $14,963 Infrastructure Costs $0 $8,563 $12,550 $8,563 Total Cost $26,235 $28,084 $80,555 $43,475 Small Support Stack Including costs for all infrastructure resources necessary to implement the client management solutions suites to support 500 PCs and 25 servers at 1 location over 3 years: Dell KACE LANDESK Microsoft SCCM Symantec Altiris Management Solution $26,400 $29,400 $97,150 $49,875 Management Solution Maintenance for 3 Years $17,325 $19,404 $72,863 $37,406 Infrastructure Costs $0 $8,563 $25,350 $8,563 Total Cost $43,725 $57,367 $195,363 $95,844 Medium Support Stack Including costs for all infrastructure resources necessary to implement the client management solutions suites to support 1,000 PCs and 50 servers at 10 different locations over 3 years: Dell KACE LANDESK Microsoft SCCM Symantec Altiris Management Solution $47,040 $58,800 $194,300 $99,750 Management Solution Maintenance for 3 Years $30,870 $38,808 $145,725 $74,813 Infrastructure Costs $0 $8,563 $84,713 $8,563 Total Cost $77,910 $106,171 $424,738 $183,125 Large Support Stack Including costs for all infrastructure resources necessary to implement the client management solutions suites to support 10,000 PCs and 200 servers at 50 different locations over 3 years: Dell KACE LANDESK Microsoft SCCM Symantec Altiris Management Solution $363,840 $571,200 $1,149,200 $969,000 Management Solution Maintenance for 3 Years $238,770 $376,992 $861,900 $726,750 Infrastructure Costs $0 $8,563 $600,313 $8,563 Total Cost $602,610 $956,755 $2,611,413 $1,704,313 Page 16 Page 16

19 Non-Computer Device Support The Dell KACE appliances and the LANDESK Management Suite both natively provide capabilities for monitoring and managing non-computer devices (i.e., printers, projectors, UPSs, etc.). The cost comparison charts below layer support for non-computer devices on top of the management, maintenance, and infrastructure costs for each support stack model: Very Small Support Stack Supporting 200 PCs, 10 servers, and 10 non-computer devices at 1 location over 3 years Management Solution Management Solution Maintenance For 3 Years Infrastructure Costs Dell KACE $17,090 $8,972 $0 $26,062 LANDESK $12,320 $8,131 $8,563 $29,014 Small Support Stack Supporting 500 PCs, 25 servers, and 25 non-computer devices at 1 location over 3 years Management Solution Management Solution Maintenance For 3 Years Infrastructure Costs Dell KACE $27,650 $14,516 $0 $42,166 LANDESK $30,800 $20,328 $8,563 $59,691 Total Cost Total Cost Medium Support Stack Supporting 1,000 PCs, 50 servers, and 50 non-computer devices at 10 locations over 3 years Management Solution Management Solution Maintenance For 3 Years Infrastructure Costs Dell KACE $48,290 $25,352 $0 $73,642 LANDESK $61,600 $40,656 $8,563 $110,819 Total Cost Large Support Stack Supporting 10,000 PCs, 200 servers, and 500 non-computer devices at 50 locations over 3 years Management Solution Management Solution Maintenance For 3 Years Infrastructure Costs Dell KACE $366,340 $192,329 $0 $558,669 Total Cost LANDESK $599,200 $395,472 $8,563 $1,003,235 Page 17 Page 17

20 Operational and Training Costs There are a number of additional factors that should also be considered when performing a cost analysis related to on-going operational expenses. For instance, the complexity of a solution will directly affect the number of support personnel that will be needed to administer the solution as well as the amount of experience and training they will need to meet business requirements. EMA research shows that administrator wages and other compensation average around $300 per full time employee (FTE) per day, and training expenses during deployment will cost around $3000 per day or more. Including on-costs (e.g. cost of benefits, vacation time, payroll tax, etc.) of around 25%, one week of training and a two-week deployment (a very conservative timeframe for most software-based solutions) by two administrators will therefore total over $40,000 during the solution implementation (and likely even more if vendor professional services are also used). As an appliance-based solution, however, Dell KACE incurs no additional hardware or software costs, no procurement delays, and while training is still required, Dell KACE provides 10 hours of Web training for $5280, which is more than sufficient for bringing multiple administrators up to speed. In addition, on-going patching and software updates are much easier to perform with Dell s appliance solution. The Dell KACE appliances automatically download updates, and administrators simply press a button to apply patches to all components including the operating system, database, web server, and applications. This is in contrast to software-based solutions where each component must be patched and maintained separately. EMA Perspective Since the inaugural edition of this document, Dell KACE has made significant strides in improving functionality to achieve a comprehensive solution on par with Altiris, LANDESK and Microsoft SCCM in critical disciplines, while at the same time managing to actually reduce the cost of its management solution. As an appliance-based solution, Dell KACE avoids the high hardware and software infrastructure costs (as well as related maintenance efforts) required by software-based solutions. Factoring in these expenses, Dell KACE appliances can cost 60% less than rival solutions. With its ease of use and fast time-to-value, KACE appliances present a very attractive alternative to LANDESK, Microsoft SCCM, and Symantec Altiris CMS, particularly where financial limitations are a major consideration. Mid-sized organizations in particular will appreciate the superior return on investment the KACE platforms provide as they are more often challenged with budget constraints and expansive IT business requirements. Of course, it is important to note that this evaluation does not present a complete feature listing from any of these four vendors. Indeed, all four solutions offer some unique features that are not available in comparable products. Additionally, this review did not evaluate how well the solutions perform each feature, only if they include the functionality. As such, this paper should be used as a starting point for IT organizations to evaluate products based on their own specific needs, rather than as a definitive and universal recommendation. Nevertheless, the results of this product review indicate the Dell KACE appliances as strong contenders for achieving comprehensive lifecycle management automation. EMA recommends any organization looking to achieve enterprise-wide systems management goals investigate the Dell KACE appliances for their excellent balance of broad functionality and cost effectiveness. Page 18 Page 18

21 About Dell Dell is a global provider of innovative technology and services designed to help customers do and achieve more. The award-winning Dell KACE family of appliances delivers easy-to-use, comprehensive systems management capabilities. Dell KACE customers typically install in one day and enjoy a low total cost compared to software alternatives. Dell is headquartered in Round Rock, Texas. To learn more about the Dell KACE application solution, please visit or call MGMT-DONE. Page 19 Page 19

22 About Enterprise Management Associates, Inc. Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help EMA s clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at or blogs.enterprisemanagement.com. You can also follow EMA on Twitter, Facebook or LinkedIn. This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. EMA and Enterprise Management Associates are trademarks of Enterprise Management Associates, Inc. in the United States and other countries Enterprise Management Associates, Inc. All Rights Reserved. EMA, ENTERPRISE MANAGEMENT ASSOCIATES, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc. Corporate Headquarters: 1995 North 57th Court, Suite 120 Boulder, CO Phone: Fax: