Book a Demo
Request a Callback

IT Administrator Article: Deskcenter Management Suite 11.0

    Broadly based

    by Dr. Christian Knermann

    With its modular structured Deskcenter Management Suite, the German manufacturer of the same name has started to implement comprehensive client and IT service management. For software deployment and patch management, the focus is particularly on Windows endpoints. IT administrator decided to take a look at how this versatile suite fares.

    Under the heading of unified endpoint management (UEM), the Leipzig-based provider Deskcenter is compiling its portfolio for comprehensive IT operations management. Deskcenter conforms to the IT Information Library (ITIL), and thus to the internationally recognized de facto standard in the IT service management domain. In its maximum configuration, Management Suite therefore covers all ITIL core areas. The suite has a modular structure, and the system’s core forms the inventory. In this case, the manufacturer has decided on the one hand on managed assets, thus end devices, which blend into software deployment and patch management, and on the other hand on unmanaged assets. Deployment of operating systems, of software and of patches is available as individual building blocks, licensed per managed asset. The same applies to license management as well as the application metering, AppCloud and DNA software catalog functions, which we will come back to soon. The service desk licenses Deskcenter for each support employee based on the concurrent use principle.

    Deskcenter offers all licenses either as a one-time purchase, plus annual costs for support and maintenance, or through leasing. For leasing, support and maintenance as well as the DNA software catalog are included.

    Bild 1: IT Administrator 07/21

    Windows, macOS und linux Inventory

    In terms of inventory and asset management, Deskcenter is proving to be highly flexible and ensures agentless recording of Window clients and the software installed on them. This works as long as the clients communicate via Windows Management Instrumentation (WMI). Deskcenter officially supports Windows versions from Vista and Server 2008 onward. Furthermore, since the earliest version of Management Suite, the manufacturer has also integrated Apple macOS via Mac Inventory as well as various Linux distributions by means of a component called Script Inventory. Both detect data about the hardware and the software locally on the client and send it to the Deskcenter server for further processing.

    The software management area is a focus of the suite and therefore of our test, too. Here however, Deskcenter is restricted to Windows endpoints. Management Suite handles the initial rollout of the operating system and drivers, packaging and deployment of applications, as well as patch management. The suite also requires the proprietary SDI Agents on the clients. Deskcenter handles Windows updates autonomously, i.e. without requiring Microsoft Windows Server Update Services (WSUS). However, the suite can also integrate with an already existing WSUS installation on demand. In terms of the backend, Deskcenter also relies on Windows. As a basis, the servers use a Windows server with Microsoft SQL Server and IIS, and they synchronize user as well as computer accounts with an Active Directory.

    Scalability and multi-tenancy

    The suite’s architecture is scalable and can map both organizationally and geographically larger organizations (Image 1). At least one Data Service instance forms the core of the system. If multi-tenancy is required, and therefore organizationally independent units want to manage their IT operations partially or fully independently, then they can each use a separate Data Service subordinate to a central instance. In such a structure, sub-tenants are playing their cards close to their chests, but the Master Data Service maintains an overview and can, for example, centrally manage licenses or make pre-packaged applications available to all tenants.

    However, if this only involves managing a distributed infrastructure, additional Data Services are not required. The Data Service controls one or more instances of the Worker Service, which is responsible for the scanning and inventory of clients and the deployment of software and updates. In this case, Deskcenter is addressing the trend for distributed work. Provided that there is an installation of the Worker Service in the DMZ and the SDI Agents on the clients, new software packages and updates, also those from outside the corporate network and without VPN, can find their way to the endpoints.

    ready for operation within a few hours

    As part of the test, we installed Deskcenter Management Suite in our own infrastructure with a domain controller and a server for the Deskcenter Services, both in Windows Server 2019, and clients in Windows 10 20H2. Furthermore, the manufacturer granted us access to its test environment so that we could gain an overview of the functions also in a larger environment.

    The PDF guide for setup and initial configuration comprises 76 pages, and the comprehensive user manual is 942 pages long. However, anyone wishing to attempt installation should not be discouraged by this wealth of information. Both demonstrate that the manufacturer has painstakingly documented all aspects of this complex product suite. Furthermore, the manufacturer supports the first setup with regard to a proof of concept (POC), so in our case too. A complete setup right through to the first feeling of success with the initial deployment of software on the clients is achieved in half a working day. SQL Server and IIS served as a basis. We had already prepared our domain controller, and also another server, which should provide all Deskcenter services and the database. For productive operation, the manufacturer recommends at least the standard edition of the database server and from 350 clients upwards on separate machines: one for the database and another for the Deskcenter services. On our very small scale, a VM together with the free Microsoft SQL Server 2019 Express edition sufficed. Per Deskcenter guidelines, we had installed the database server and the web server (IIS) role with all required role services and features. In addition, we configured Windows firewalls on all systems per the Deskcenter specification. In this case, too, we could refer back to the manufacturer’s comprehensive information. The required port scope relates, on the one hand, to the SQL server, to which only Deskcenter Data Service and Management Studio (but not the clients) require access, and, on the other hand, to Deskcenter services.

    We configured the firewalls of the clients centrally by means of a group policy, for which all ports and protocols from the file and printer sharing, remote services management and Windows Management Instrumentation (WMI) groups are only required in the case of an agentless inventory. Clients with SDI Agent installed typically access the Data Service via TCP port 81, but they only require this as a fall-back option, in case the responsible Worker Service is not available. The latter uses configurable TCP ports from 7000 upwards for the TLS-encrypted communication with the agents.

    In this way, the clients transmit their inventory data to the Worker Service and receive software jobs. The installation files and patches themselves call up the clients from the points referred to in Management Suite as software shares. In the simplest case, a software share is an SMB share that can naturally only be reasonably used in the internal corporate network. Alternatively, the agent obtains software from software shares also, which are accessible via FTP(S), HTTP(S) or WebDAV.

    Auf diesem Weg übermitteln die Clients ihre Inventardaten an den Worker und erhalten Software-Aufträge. Die Installationsdateien und Patches selbst rufen die Clients von in der Management-Suite als Softwareverteiler bezeichneten Punkten ab. Im einfachsten Fall handelt es sich bei einem Softwareverteiler um eine SMBFreigabe, die aber natürlich nur im internen Unternehmensnetz sinnvoll einsetzbar ist. Alternativ bezieht der Agent Software auch von Softwareverteilern, die per FTP(S), HTTP(S) oder WebDAV erreichbar sind.

    Data Service, Management Studio and Webfrontend

    Thus equipped, we could begin to install the Deskcenter infrastructure, starting with the Data Service. In the process, the setup routine requested a license file, which Deskcenter had provided for 100 clients and for all aspects of the software deployment. This also included Application Metering and AppCloud functions. The former helps with cost optimization and also determines if and for how long distributed applications are used. This happens aggregated in terms of data protection; the system only records the usage duration within the last 90 days without an exact time and anonymizes usernames if desired. AppCloud is an online service with which Deskcenter makes ready packages available for numerous applications (more on this later).

    Then we installed Deskcenter Management Studio, which is the central management interface of Deskcenter Management Suite, followed by the optional Deskcenter.Web. This ASP.NET web application forms the basis for the Servicedesk system including Knowledge Base and for the self-service for the installation of applications. The web application setup also took care of the REST-API inventory.

    Wizard-guided initial configuration

    Now we were able to log in to Management Studio using the initial admin account that we had created during installation. In Studio, a wizard guided us through the total of 16 dialog steps for the initial configuration—a comprehensive list of working points, some with additional sub-points—at the end of which, Management Suite was immediately ready for use. After the welcome window, we specified a default user for remote access on the client. Inventory and software deployment also use the context of this account, which requires at least local admin rights on the clients.

    In the next step, we created an initial Worker Service, to which we assigned all inventory tasks via IP scan and AD Sync as far as the endpoint for SDI Agents. Depending on the size of an infrastructure and logic or geographic segmentation, Deskcenter alternatively allows the tasks to be distributed on multiple Worker Services on different servers.

    Next, we defined two time plans for hourly and daily execution by way of an example, with Deskcenter proving to be extremely flexible in this respect. The system can execute tasks on a one-time basis, or according to minutely, hourly, daily, weekly or monthly intervals. It can be set to use either universal time or the clients’ local time. Each individual task, such as synchronization with the Microsoft Update Catalog, download of updates, or also patch scans of clients and servers, runs on demand according to its own time plan. Optional time frames with daily, weekly or monthly intervals give the time plans a framework, thereby restricting execution to defined time frames.

    Comprehensive online software catalog

    The optional DNA catalog is an online database that helps Management Suite identify, on the software installed on the clients for the inventory, license management and also patch management. Per details supplied by Deskcenter, the database recognizes 1.5 million fingerprints of individual files belonging to 400,000 products from 16,000 manufacturers. To activate this option, we had to assign one of the previously created time plans and opted for update compilation of the catalog once per day.

    The following dialog step prompted us to create one or more inventory groups. At least one such group must exist, since Management Suite automatically assigns all recorded systems to a group. How can there be multiple groups? The inventory group determines which method is used for the inventory, either the agentless recording by means of Worker Service and WMI or the SDI Agent. In both cases, deviating from the global default user, we were also allowed to enter the login information of a different account. This would be practical in terms of considering clients that do not belong to the AD domain.

    Also worth mentioning is the “Create monitors as asset” option. With this, the inventory on the client records additionally connected external monitors on demand in asset management. The file scan establishes the directories where Deskcenter should search for installed software and permits inclusions and exclusions.

    In the course of the inventory, Deskcenter can execute any further actions as script in the system or user context on the clients. We had to specify a script such as Visual Basic, C#, PowerShell or batch code.

    Management Suite uses separate groups for clients with installed SDI Agents. For example, one of these groups determines whether the local agent loads the optional user module, and therefore informs the end user about upcoming installations, or runs completely hidden in the background. Furthermore, the group assigns one or more Worker Service instances to the agents. This is useful for large infrastructures, so that clients only connect to Worker Services in their vicinity.

    We continued with the software share, where we configured our previously created SMB scope. At this point, we could also specify an alternative connection via FTP(S), HTTP(S) or WebDAV. A third type of group, known as software groups, assigns the software share to the clients.

    Numeros inventory methods

    The next points of the initial configuration serve to record, as completely as possible, the surrounding IT infrastructure for Management Suite. An IP scan searches by time plan in defined subnetworks to inventory endpoints. In addition, the system synchronizes user and computer accounts with an Active Directory, on demand also only with a specific OU.

    Furthermore, Deskcenter also reads hosts such as VMs from virtualization infrastructures and is compatible with VMware ESX/vCenter, Microsoft Hyper-V and Xen-compatible solutions. As an additional source, Deskcenter uses a Microsoft DHCP server to determine assigned IP addresses. Finally, we were allowed to store SMTP configurations, so that Management Suite can also send information via email.

    Well-structured complexity

    This completed the basic configuration, and we were able to focus on the well-structured Management Studio, which divides the complex scope of function into logically traceable and, after a brief familiarization, controllable areas. The main navigation is arranged horizontally at the lower edge of the image, which leaves space at the upper edge for one icon bar per specific area. We were able to subsequently change any decisions that had previously been made in the wizard in the “Configurations” area. Here, we were also allowed to create SNMP groups, including version community, in order to inventory SNMP-able endpoints such as printers and IP telephones.

    In the “Infrastructure” area, Management Suite had a pleasant surprise in store with its wealth of information about our environment that Deskcenter had detected automatically. The system had now imported all our users and computers existing in the AD, VMs existing on virtual hosts, in Hyper-V and in the Xen descendant, XCP-NG, and found network printers not represented in the AD by means of IP scan. All objects were therefore also usable in the Organization and Asset Management area. In doing so, we were allowed to configure which attributes from the AD correspond to which ones in the Deskcenter database. On demand, Deskcenter can either synchronize in one direction only or bidirectionally so that information, for instance about a user’s department or location, only has to be maintained in one place. Since we had already filled out these fields in the AD, our organization was quickly displayed in Deskcenter. Deskcenter had used WMI to determine which software was installed on our clients. We only had to enter the number of available licenses in the license management area.

    New installation per mas

    Even the complete new installation of a client is by no means difficult. For the installation, Deskcenter uses the common PXE method and also installs a PXE Service on the Worker Service. The clients find it by the usual route, via DHCP Option or IP Helper. If neither is possible, then an ISO boot image will help.

    Ready-made packages from Appcloud

    After we had equipped out clients with the SDI Agents, we could finally focus on the installation of applications in the “Software management” area. Here too, Deskcenter Management Suite proved to be aimed at the requirements of larger environments. The smallest unit is a software package. This involves a single installation routine, thus an EXE or MSI file, such as an installation command for unsupervised installation. If there is no installer with corresponding parameters available, then Deskcenter offers the option of purchasing a license for Package Studios, which supports the creation of an installation package. One or more of these packages form a compilation, which integrates the 32- and 64-bit variants of an application, for instance. In turn, software bundles tie up multiple compilations to larger units.

    We were able to understand how everything works in practice by looking at examples in the “AppCloud products” catalog (Image 3). There, we found numerous ready packages for software. For each item in this catalog, we were able to create a compilation in our system, select the desired software share and also define whether the software should go only to the test group or be transferred immediately into production as a release. Once we had used the software rule groups to assign clients and compilations to each other, we saw firsthand how Deskcenter successfully generated corresponding software jobs and deployed the software on our target computer.

    Installation per graphical execution plan

    In the case of more complex applications, we were able to edit compilation and edit as we saw fit. One particular strength of Deskcenter is the execution plan, which controls the progress of an installation in the form of a graphical editor. The ready-made compilation of the popular source code editor Visual Studio Code then queries the architecture of the client before installing either the 32- or 64-bit setup matching this. We were able to upgrade such an execution plan almost arbitrarily, first checking disk space or RAM hardware of the target computer, before or after registry key installation, as well as reading and also writing to folders and files.

    The editor also builds a bridge to the other areas of Management Suite. In this way, license actions check whether a license is free beforehand and assign these automatically following successful installation. If an installation fails, then the execution plan will also create a ticket for the helpdesk on demand (Image 4).

    Conversely, the web frontend of the helpdesk offers end users a self-service function that they can use to order software for installation. This requires them being entered as the main user of the target system in Asset Management. However, software jobs that do not run fully automatically, for instance because the software is chargeable, must currently be authorized by an IT employee. According to the manufacturer, an upcoming version should finally offer approval processes for superiors.

    CONCLUSION

    Very similar to software management, we were able to create OSD configurations in the “OS Deployment” area. Such a configuration consists of the setup of the desired Windows version, one input for partitioning and one answer file for the unsupervised installation. It is worth mentioning here that the answer file did not have to be painstakingly written by hand. Deskcenter assisted us by providing a generator, offering us input fields and dropdown boxes for all Windows setup settings, and it automatically generated a suitable answer file from this. Optionally, we were also allowed to tie up drivers to driver packages and integrate into the process, execute scripts as part of the installation and also install the SDI Agents and other software.

    Describing in full all aspects of Deskcenter Management Suite’s functionality would far exceed the scope of this article; however, this suite maps all the relevant areas of ITIL-oriented IT operations. Hardly any assets were missing from the comprehensive inventory with its numerous methods—IP scan, DHCP, SNMP, WMI, inventory—which makes Deskcenter an optimal basis for any additional modules. The building blocks for deployment of operating systems, applications and patches are convincing, yet they only address Windows clients. The tools referred to here are extremely practical—particularly the graphical editor for the execution plans and the AppCloud—and they simplify the deployment of applications for admins.

    This might also interest you

    How can we help you?

    Just get in touch by phone or e-mail.
    We look forward to hearing from you!

    Share via
    Copy link
    Powered by Social Snap