Some Microsoft servers were hit by the "Slammer" worm due to them running unpatched versions of SQL Server. And hackers twice hit Mitnick's company Web site due to unpatched Internet Information Server software.
Yes, asset management poses problems for kings and commoners alike. It is most obvious with large deployments such as a Windows 2000 migration, which some companies are still immersed in three-and-a-half years after the OS release. But just as frustrating and troublesome are the daily stream of updates and patches issued vendors.
"Managing software licenses and updates is a serious problem for administrators," says Paul Mason, group vice president of Infrastructure Software Research at IDC in Framingham, Mass. "Any tool that can automate software inventory management and keep the technology current and performing these actions remotely will save companies enormous amounts of money."
Given the size of the problem, it's no surprise that companies spent $2 billion last year for Asset Management software.
"Administrators know that they are at risk," says Jason Sherman, system manager at Indiana's Purdue University. "Aside from keeping up with licenses, it's simply an impossible task to manually track and monitor inventory."
Added to the inventory and licensing problems is the time consuming process of going around to each desktop and installing the software. The Information Architecture team at the Department of Energy's Los Alamos Laboratory in New Mexico, for example, determined that it would take 87 full-time staff to manually load just one new virus definition, one OS patch and one browser patch per month on each of its 11,000 desktops. The fact is that, without some method of remotely managing desktop and server assets, they inevitably fall out of date.
As a result, about 85 percent of the large-site market already uses asset management tools such as Computer Associates Unicenter Asset Management, IBM's Tivoli, LANDesk Software's LANDesk Management Suite and Microsoft's Systems Management Server (SMS).
These products do far more than the basic functions of inventory, license management and software deployment. That means a high price tag and/or complexity. As a result, small and medium sized customers often leave these tools alone.
"SMS is far too complex and pervasive for our enterprise," says Mike Duffy, IS Manager for Unisea, in Redmond, Wash. "You really have to spend a great deal of time just to learn how to use the software and it requires user intervention/cooperation to make it work."
At the lower end are smaller-scale asset management products such as Asset Insight Express, ISTRIA Finance & Technology's Trackbird Standard Suite, ATConsulting's E-Z Audit, and GASP 6 suite. Many of these tools are limited to inventorying and license management.
Between the two extremes lie products that offer both inventorying and deployment, and sometimes other functions such as license tracking or remote support. In this category come NetSupport TCO, Sitekeeper 2.0 from Executive Software, Vector Network's PC-Duo Enterprise, and Client Management Suite from Altiris.
Making the Selection
Anything larger than a home office needs some sort of asset management solution in place, but it doesn't need to be a nightmare to set one up. The first issue to address is the inventorying for license compliance.
"As the war against counterfeiting heats up and enforcement activity increases, enterprises must ensure their interests are not damaged," says Gartner analyst Frank Kenney. "Enterprises must conduct aggressive audits to ensure that they have valid, up-to-date licenses for all their installed software products."
Even if a company knows it has the licenses for all the software it installed on its computers, without inventory software it won't know what other products the users may have installed, but for which the company will still be held liable if it's on the company's equipment.
If license compliance is all a company needs, then one of the inventorying tools mentioned above may do the trick. At the other end of the scale, some larger enterprises require a full-fledged solution that integrates with their network and systems management, help desk and other enterprise management software.
But in between, come the bulk of firms in the range of a few dozen to a few thousand desktops. They typically require more than software inventorying but don't tend to have the need, budget or staff to support a Tivoli or Unicenter.
That was the case with Unisea, a fish products company with LANs at its facilities in the Aleutian Islands and Redmond, Washington, connected by satellite link. The company tried SMS and some other products before selecting Sitekeeper as its asset management package.
"It was a piece of cake to install and implement," says Duffy. "It is really intuitive and there was very little trial and error to get it running."
Duffy was certain that the company possessed enough licenses for everything that he was using and the inventory confirmed this. But the added bonus, and something which many other firms will discover, was that he found that he was actually paying for more licenses that he was using. In addition, he finds it useful to detect unauthorized software on the system.
"Users are prohibited from installing anything on their machines, but in some cases some shareware and other junk can be installed without admin privileges," says Duffy. "But now these can be detected and uninstalled."
In addition to ensuring license compliance and hardware/software inventorying, Unisea also uses the tool for software deployment.
"In the last 60 days, there have been two critical Internet Explorer Security patches, and Microsoft decided to release separate patches for each version (4.0, 5.1, 5.5, 6.0)," he says.
Previously, this would have entailed him and his staff either staying late or coming in at four in the morning to manually move from box to box installing the patches. Instead he was able to inventory which machines had which versions of Internet Explorer and remotely deploy the right patches to the right boxes. The process took about one hour at each location and was done during normal working hours.
"It is likely that some of the myriad of recent patches and security updates would not have been installed were if not for Sitekeeper's PushInstall feature," Duffy concludes.