IT Administrator Article: Deskcenter Management Suite 11.0
by Dr. Christian Knermann
With its modular structured Deskcenter Management Suite, the German manufacturer of the same name has started to implement comprehensive client and IT service management. For software deployment and patch management, the focus is particularly on Windows endpoints. IT administrator decided to take a look at how this versatile suite fares.
Under the heading of unified endpoint management (UEM), the Leipzig-based provider Deskcenter is compiling its portfolio for comprehensive IT operations management. Deskcenter conforms to the IT Information Library (ITIL), and thus to the internationally recognized de facto standard in the IT service management domain. In its maximum configuration, Management Suite therefore covers all ITIL core areas. The suite has a modular structure, and the system’s core forms the inventory. In this case, the manufacturer has decided on the one hand on managed assets, thus end devices, which blend into software deployment and patch management, and on the other hand on unmanaged assets. Deployment of operating systems, of software and of patches is available as individual building blocks, licensed per managed asset. The same applies to license management as well as the application metering, AppCloud and DNA software catalog functions, which we will come back to soon. The service desk licenses Deskcenter for each support employee based on the concurrent use principle.
Deskcenter offers all licenses either as a one-time purchase, plus annual costs for support and maintenance, or through leasing. For leasing, support and maintenance as well as the DNA software catalog are included.
windows, macos and linux inventory
In terms of inventory and asset management, Deskcenter is proving to be highly flexible and ensures agentless recording of Window clients and the software installed on them. This works as long as the clients communicate via Windows Management Instrumentation (WMI). Deskcenter officially supports Windows versions from Vista and Server 2008 onward. Furthermore, since the earliest version of Management Suite, the manufacturer has also integrated Apple macOS via Mac Inventory as well as various Linux distributions by means of a component called Script Inventory. Both detect data about the hardware and the software locally on the client and send it to the Deskcenter server for further processing.
The software management area is a focus of the suite and therefore of our test, too. Here however, Deskcenter is restricted to Windows endpoints. Management Suite handles the initial rollout of the operating system and drivers, packaging and deployment of applications, as well as patch management. The suite also requires the proprietary SDI Agents on the clients. Deskcenter handles Windows updates autonomously, i.e. without requiring Microsoft Windows Server Update Services (WSUS). However, the suite can also integrate with an already existing WSUS installation on demand. In terms of the backend, Deskcenter also relies on Windows. As a basis, the servers use a Windows server with Microsoft SQL Server and IIS, and they synchronize user as well as computer accounts with an Active Directory.
scalability and multi-tenancy
The suite’s architecture is scalable and can map both organizationally and geographically larger organizations (Image 1). At least one Data Service instance forms the core of the system. If multi-tenancy is required, and therefore organizationally independent units want to manage their IT operations partially or fully independently, then they can each use a separate Data Service subordinate to a central instance. In such a structure, sub-tenants are playing their cards close to their chests, but the Master Data Service maintains an overview and can, for example, centrally manage licenses or make pre-packaged applications available to all tenants.
However, if this only involves managing a distributed infrastructure, additional Data Services are not required. The Data Service controls one or more instances of the Worker Service, which is responsible for the scanning and inventory of clients and the deployment of software and updates. In this case, Deskcenter is addressing the trend for distributed work. Provided that there is an installation of the Worker Service in the DMZ and the SDI Agents on the clients, new software packages and updates, also those from outside the corporate network and without VPN, can find their way to the endpoints.
ready for operation within a few hours
As part of the test, we installed Deskcenter Management Suite in our own infrastructure with a domain controller and a server for the Deskcenter Services, both in Windows Server 2019, and clients in Windows 10 20H2. Furthermore, the manufacturer granted us access to its test environment so that we could gain an overview of the functions also in a larger environment.
The PDF guide for setup and initial configuration comprises 76 pages, and the comprehensive user manual is 942 pages long. However, anyone wishing to attempt installation should not be discouraged by this wealth of information. Both demonstrate that the manufacturer has painstakingly documented all aspects of this complex product suite. Furthermore, the manufacturer supports the first setup with regard to a proof of concept (POC), so in our case too. A complete setup right through to the first feeling of success with the initial deployment of software on the clients is achieved in half a working day. SQL Server and IIS served as a basis. We had already prepared our domain controller, and also another server, which should provide all Deskcenter services and the database. For productive operation, the manufacturer recommends at least the standard edition of the database server and from 350 clients upwards on separate machines: one for the database and another for the Deskcenter services. On our very small scale, a VM together with the free Microsoft SQL Server 2019 Express edition sufficed. Per Deskcenter guidelines, we had installed the database server and the web server (IIS) role with all required role services and features. In addition, we configured Windows firewalls on all systems per the Deskcenter specification. In this case, too, we could refer back to the manufacturer’s comprehensive information. The required port scope relates, on the one hand, to the SQL server, to which only Deskcenter Data Service and Management Studio (but not the clients) require access, and, on the other hand, to Deskcenter services.
We configured the firewalls of the clients centrally by means of a group policy, for which all ports and protocols from the file and printer sharing, remote services management and Windows Management Instrumentation (WMI) groups are only required in the case of an agentless inventory. Clients with SDI Agent installed typically access the Data Service via TCP port 81, but they only require this as a fall-back option, in case the responsible Worker Service is not available. The latter uses configurable TCP ports from 7000 upwards for the TLS-encrypted communication with the agents.
In this way, the clients transmit their inventory data to the Worker Service and receive software jobs. The installation files and patches themselves call up the clients from the points referred to in Management Suite as software shares. In the simplest case, a software share is an SMB share that can naturally only be reasonably used in the internal corporate network. Alternatively, the agent obtains software from software shares also, which are accessible via FTP(S), HTTP(S) or WebDAV.