- What's the difference? Azure AD registration vs. Azure AD join - Tue, Feb 9 2021
- Configure hybrid identity with Azure AD Connect cloud provisioning - Tue, Feb 2 2021
- Two ways to integrate GitHub with Azure DevOps - Tue, Jan 12 2021
Group Policy can take us only so far. Many Windows systems administrators nowadays turn to solutions such as Microsoft Intune or the System Center suite to administer desktop and mobile device management (MDM) in their organizations.
After all, our environments are much more complex now, aren’t they? You may be responsible for managing any of the following device type combinations:
- Windows, OS X, and Linux servers and desktops
- iOS, Android, and Windows Phone smartphones and/or tablets
My issues with Microsoft’s first-party solutions can be summarized as follows:
- The licensing is expensive, both for on-premises systems and cloud service subscriptions.
- The setup is intrusive and overly cumbersome, especially in hybrid cloud/federated scenarios.
- Microsoft has a business stake in providing the best support for Microsoft desktop and mobile operating systems.
Today I’ll introduce you to a simpler, but no less powerful, alternative.
Desktop Central features ^
Desktop Central offers the following desktop administration features for Windows, OS X, and Linux managed systems:
- Patch management: Deploy updates for first- and third-party applications.
- Software deployment: Automate software installation and maintenance.
- Remote control: Control desktops remotely with multi-user access and screencast recording.
- Asset management: Control software metering, manage licenses, and track inventory.
- Windows configurations: Choose from more than 25 prebuilt configurations optimized for different desktop use cases and IT security policies.
- Service pack installation: Scan, detect, and remediate missing service packs and test them prior to deployment.
- Active Directory reports: Gain infrastructure insight with more than 100 prebuilt reports.
- User administration: Implement Delegated Desktop Central administration and role-based access control (RBAC).
- USB device management: Prevent rogue external USB drives from infecting your network or internal data from “walking away.”
- Power management: Get system uptime and shut down inactive hosts.
If you have experience using Microsoft’s own management tools, such as System Center Configuration Manager (SCCM), Windows Server Update Services (WSUS), and Windows Deployment Services (WDS), then you’ll doubtless be impressed with the breadth and depth of Desktop Central’s feature set.
An important note: Desktop Central has limited support for OS X and Linux managed systems. Specifically, OS X clients support patch management, software deployment, remote control, configurations and basic asset management. Linux clients support only basic asset management.
Installation and configuration overview ^
The fact that you don’t need to deploy a multi-tier architecture to get Desktop Central on its feet is pretty amazing to Microsoft specialists like me. In a single-site environment, all you need is one server running Desktop Central Server and lightweight agents installed on all managed devices.
Of course, this ultra simplicity has an important trade-off, which I’ll disclose at the end of this product review.
For multi-site organizations, you can install remote Desktop Central distribution servers in each location that serve as a local administrative and deployment point of presence. Check the documentation for details; be aware that Desktop Central (in both LAN and WAN scenarios) requires access to some non-standard TCP and UDP ports to support the Desktop Central infrastructure.
In my lab environment, it took me all of 10 minutes to download Desktop Central on a Windows Server 2012 R2 domain server and start the web console. By the way, Desktop Central Server runs on Windows Server 2003 all the way up to 2012 R2.
Desktop Central uses a web-based management interface.
One of my (minor) criticisms of Desktop Central is that ManageEngine doesn’t provide enough architectural detail in its documentation. For example, it took me quite a bit of searching to determine that Desktop Central uses PostreSQL as its back database end and Apache as its HTTP(s) server.
Although you can migrate the Desktop Central database to SQL Server or MySQL, you cannot use Microsoft Internet Information Services (IIS) as a web server under any circumstances.
Desktop Central’s reliance upon Active Directory means that, as long as you give the server domain administrative credentials, you can click a couple of buttons to detect all Windows systems and automatically deploy the agent.
One of Desktop Central’s selling points is that you can also manage OS X, Linux, and mobile operating systems as well, in keeping with the 21st century’s push for mobile device management (MDM), bring your own device (BYOD), and vendor interoperability. Pushing the agent software to Macs and Linux boxes isn’t totally “hands off” as it is with Windows machines, and mobile device enrollment is beyond our scope here. As always, “read the friendly manual” (RTFM) for details!
For completeness, let me list the operating systems that Desktop Central supports:
- Windows XP through Windows 8.1
- OS X 10.6 through 10.10
- Linux Ubuntu 10.04, Red Hat Enterprise Linux 6, CentOS 6, Fedora 19, Mandriva 2010, and Debian 7
- iOS 4 and above
- Android 2.2 and above
- Windows Phone 8 and above
In my lab environment, I performed an Active Directory scan and “automagically” deployed the small agent software to all hosts in a matter of another 10 minutes.
All managed devices must have the Desktop Central agent installed.
By default, the Agent shows up in the notification area; right-clicking the agent gives administrators the ability to view host-specific metadata. Of course, you can lock down and/or hide the agent icon on end-user devices if you so wish.
The Desktop Central Agent can display a lot of client-specific metadata.
Administering and auditing with Desktop Central ^
Regarding day-to-day systems management with Desktop Central, the two main planning points for you are scope of management and delegated administration.
Scope of management simply refers to organizing your managed devices according to classifications that make business sense to you. For instance, if your company involves a central site with three branch sites connected via WAN links, then you’d probably organize managed agents by site.
For shops that support the BYOD scenarios, it makes sense to create host lists based on hardware platform or OS version. After all, you’ll apply policy to Macs and Linux boxes in a slightly different way from how you’ll apply policy to Windows machines. That rule certainly applies to managing, say, iPhones and Android tablets and smartphones.
To deploy a Desktop Central user distribution agent, you simply install the Distribution Agent bits to an existing agent (typically a dedicated member server in the remote office that has a static IP address). Thus, it’s important to note that the Distribution Agent is not a fully-installed Desktop Central server.
The Distribution Server agent for remote office servers is different from the ordinary Desktop Central agent.
Finally, I want to say a word about reporting and alerting. As long as you point Desktop Central Server at a Simple Mail Transfer Protocol (SMTP) server, you’ll receive status messages from Desktop Central.
Of course, you can always log in to the web console, navigate to the Reports tab, and view pre-built reports on Active Directory, configuration details, patching/inventory data, and so forth.
You can schedule report generation in the same way that you can schedule other administrative tasks such as Active Directory scanning and inventory collection.
We can schedule, publish, and deliver reports in different formats and covering different types of management data.
For small businesses, I unreservedly suggest that you consider Desktop Central as your desktop/mobile device management solution. It’s fast, easy, and trouble-free. ManageEngine even has an online demo so you can log in and “kick the tires.”
As an enterprise IT guy, my first thought as I worked with Desktop Central was “What happens if the Desktop Central box goes offline?” Try as I might, I could find no definitive guidance in the documentation as to how we can implement load balancing and/or clustering to protect the Desktop Central server.
Ultimately, I suggest that you reach out to ManageEngine directly for answers to your questions as well as a customized price quote. Speaking of price, Desktop Central is sold in one free and four paid editions:
- Free edition: Allows you to manage up to 25 desktops and 5 mobile devices at no charge
- Patch edition: Includes only patch management features
- Professional edition: Determines price based on the number of managed hosts you have
- Enterprise edition: Includes all features of the Professional edition plus bandwidth management for WAN scenarios
- Mobile Device Management add-on: Is available for all other editions at extra cost
You can get specific pricing by reading ManageEngine’s Desktop Central Edition Comparison Matrix; however, as I said earlier, your best bet is communicating with ManageEngine directly. In closing, I’ll leave you with some documentation links that I found particularly helpful. Thanks for reading and take good care!