Table of Contents
In this article we'll review ManageEngine Desktop Central, an innovative Unified Endpoint Management (UEM) solution that brings the traditional desktop management service approach to a whole new level, offering a rich set of features and customizable options, as well as flexible versions and pricing to meets the requirements (and the economic capabilities) of most organizations.
In the first part of the article we'll briefly enumerate the most distinctive features of the product; right after that we'll perform a product test drive on some Virtual Machines hosted on Microsoft Azure and then release a final verdict where we'll share our thoughts about the whole experience. Are you ready? Let's go!
Let's start with the available deployment models: as most IT management software nowadays, there are two main paths to choose from:
- Desktop Central Cloud, a cloud-based edition for those who want a SaaS approach.
- Desktop Central On-Premise, an appliance-based solution for those who prefer to host the platform on their own server.
Both editions come with their own set of features, but the main difference can be summarized by the following key points:
- Cloud Edition has only text-based remote communication channels (voice and video call are not available);
- Cloud Edition Linux Agents (including the ones under distribution server) only support direct download of patches from the vendor (no automatic install/updates of third party software);
- Cloud Edition doesn't have the OS deployment features (OS imaging and deployment, remote office deployment, hardware-independent deployment), as well as the Endpoint Security add-ons (vulnerability assessment and threat mitigation, browser security, application control, BitLocker management);
Cloud vs On-Premise
Does it mean that the On-Premise edition is "better"? That's hardly the case, considering that Cloud Edition is a manged solution that will save you (or your System Administrators) a lot of work: furthermore, being on the Cloud, some resiliency features (such as the failover server and the secure gateway server) are not required.
As a matter of fact, we think that the Cloud Edition might be a better fit for most companies, as long as they require a Unified Endpoint Management service without having to employ (or burden) a dedicated IT staff to perform the required management and maintenance regular tasks. That's also the reason why we've chosen to go with the Desktop Central Cloud to perform our test drive, as we'll see in a short while.
Here's a list of Desktop Central Cloud most distinctive features for desktop & mobile devices, as shown in the official page:
- Patch Management. Automate patch deployment related to OS and other third party applications to shield Windows and Mac machines from security threats.
- Software Deployment. Automation tasks to install and uninstall software with templates support to standardize the creation of pre-defined application packages.
- Remote Desktop Sharing. A feature that can be used to remotely connect to desktops with a lot of useful collaboration features (file transfer, video recording, and more).
- IT Asset Management. Fully featured IT Asset Management capabilities with Software Metering, License Management, blacklisted software, and more.
- Desktop Configurations. More than 50 pre-defined configuration templates, including Power Management, USB Device Management, Security Policies, and so on.
- Service Pack Installation. An auto-update feature that will scan and detect missing service packs of Operating Systems and Applications to minimize the impact of zero-day vulnerabilities.
- Active Directory Reports. A wide range of built-in reporting templates of the whole network infrastructure.
- User Administration. UAC features with roles and permissions, allowing to configure least privilege accesses for any user or group.
- OS Deployment. Automation tasks to image and deploy OS without user intervention.
- USB Device Management. A security feature to limit and monitor the usage of USB Devices in the network at user and/or computer level.
- Power Management. Fully customizable power management features that allows the SysAdmin to define power schemes, shut down inactive computers and get system up-time report.
- Mobile App. A native OS mobile app for iOS and Android devices that allows to use the software on the go.
Mobile Devices Management
- Device Enrollment. Enroll devices manually, in bulk or make users self-enroll their iOS or Android devices with two factor authentication.
- App Management. Distribute both in-house and store apps to devices, remove/disable blacklisted apps, assign redemption codes for commercial apps, and more.
- Profile Management. Create and configure policies and profiles for different departments/roles and associate them with appropriate groups.
- Asset Management. Scan to fetch the details of installed apps, enforced restrictions, installed certificates and device hardware details.
- Security Management. Configure stringent security policies such as passcode, device lock to protect corporate data from outside threats.
- Audit and Reports. Audit mobile devices with out-of-the-box reports such as Rooted Devices, Devices with Blacklist Apps, etc.
Other notable features include: Endpoint Security, a set of add-ons that can be used to proactively detect and defend against cyber threats; System Integration capabilities with other ManageEngine solutions (such as AssetExplorer and Servicedesk Plus) as well as third-party products (Jira, ZenDesk, SpiceWorks, and so on); and much more.
Let's start our Desktop Central Cloud Edition test drive report.
The first thing you need to do is create an account on the official website, which offers a 30-day free trial for both the Cloud and On-Premise edition. Click to the Cloud edition and fillup the free trial request form, as shown in the screenshot below:
After filling up the form, click to the SIGN UP button and wait for the confirmation e-mail to hit your mailbox. Click the Confirm Account button and you'll be brought back to the platform website, when you can choose a password and perform your very first login and access the Getting Started page. Well done: you've just activated your 30-day trial!
The Getting Started page is your Desktop Central main entry point: from there you can follow the on-screen instructions to perform all the required tasks to make the framework able to properly fullfill its management job.
As we can see by looking at the above screenshot, we basically have three tasks (or group of tasks) to do: Install Agent, Manage Desktops and Reports. Let's see how to handle them.
Downloading the Agent
In order to be able to manage our devices, Desktop Central requires the presence of an Agent: a small piece of software that needs to be installed on each single device and that will not only communicate with Desktop Central, yet also locally execute its various tasks (scanning, detect vulnerabilities, applying patches, and so on). This means that installing that Agent on our desktop machines will be our top priority.
In order to do that, click to the Agent tab on the top menu, then go to Computers: once there, click to the Download Agent button located on the top-right corner of the screen. A popup window will appear, allowing you to download the Agent installed package.
As soon as the Agent download is complete, an informative message will appear notifying us on what to do next.
As we can easily understand, installing the Agent won't be enough: for obvious security reasons, we'll also need to manually approve each of our machines, to confirm that we want to manage them using Desktop Central. This can be done as soon as we complete the installation phase, which is the next thing to do.
Installing the Agent
Once we have the executable we can install the Agent on all our clients: in our test drive we did that on two Windows 10 machines, which we've called DYTROS and AZATOTH.
To install the Agent, simply copy its executable file to the machine FileSystem and then double-click to it: a typical installation wizard will start, asking for administrative permissions (since the Agent will need to have admin rights to be able to perform its job).
As soon as the Agent installation is complete, we can refresh the Agent > Computers page: if everything went good, we should have two Waiting for Approval requests, corresponding to our two machines:
From that window we can Approve them and bring them both to our machine pool and start to manage them. Before going further, let's quickly check that these desktop machines have been properly added. Go to Agent > Computers again and check them out.
Let's now try to use Desktop Central's Patch Management feature with our newly added machines. As the name clearly implies, such feature allows the SysAdmin to automatically (or manually) install and deploy OS and third party application patches to update the machine and shield it from most security threats.
Here are the main phases of the Patch Management feature:
As we can see, the first thing to do is to Scan Computers using the Agent. In order to do that, click to the Patch Mgmt tab, then click the Systems menu item and then click on the Scan Systems link.
The scanning process will take some minutes, depending on the OS, disk size and CPU speed. Once As soon as the scanning ends, the Patch Management dashboard will be populated with useful info, such as: Windows version, number of installed patches, number of missing patches, and so on. There are also some interesting parameters (that can be configured via the Settings tab) that will automatically label each machine as "Highly vulnerable", "Vulnerable" or "Healthy" depending on which patch is installed or not.
As we can see from the report, our AZATOTH PC is missing 20 patches, while DYTROS only lacks 6: let's take the chance to fill both of these gaps! Select both the machines by clicking on the checkbox to their left, then click to the Deploy Missing Patches button to go to the Manual Deployment form.
From that form we can choose between a wide number of patching methods, including scheduling, retry attempts, and so on. For the sake of simplicity, just leave all the default options as they are, choose a suitable Deployment Policy (such as "Force reboot excluding servers") and then click on the Deploy Immediately button to start the patching process.
A new screen will open, containing some useful info about the patching tasks.
Now we just have to wait until the magic completes: in a nutshell, the Agents installed of the two machines will seamlessly download and apply the patches using the Windows internal commands, and then reboot the machine to have them installed (as planned by the choosen Deployment Policy, since they are not servers).
The Agent progress can be monitored by refreshing the Execution Status - Summary window: as times passes by, it will go from Yet To Apply to In Progress, and then - eventually - Succeeded, Failed, Not Applicable or any other status, depending on what will happen during the attempt. The other tabs (Configuration Details, Execution Status, and so on) will give additional details on what's going on.
As soon as the process completes, if everything goes as smooth as expected, we'll be able to see the following results:
Now that our Test Drive ended, it's time for our honest (and unbiased) evaluation: in our humble opinion the software fully meets the expectations, offering a wide range of features that should satisfy most of the typical needs of those looking for a solution for centralized control of endpoints. Even the aspects related to the installation and configuration of the Agents are satisfactory: the installation guidelines are easy enough to follow for the average IT staff and the on-screen Knowledge Base is good enough to solve most of the typical installation, configuration & troubleshooting issues.
The only thing that really concern us is the pricing model, which depends on the number of endpoints and therefore will arguably go high for those small and medium companies that use a lot of clients, servers and/or mobile devices without having a significant budget to live with. However, there is little doubt that - with the exponential growth of cyber attacks in recent years and the consequent need to defend oneself in the best way, especially at the level of prevention - the costs associated with the operational management of any device or endpoint are inevitably destined to increase. From this point of view, the ManageEngine solution could prove to be a convenient opportunity for most companies, as it allows them to centralize a series of operational, control, monitoring and maintenance tasks without having to invest in multiple licenses, solutions and/or security and compliance frameworks.
That's it, at least for now: we hope that our review of ManageEngine Desktop Central will help other System Administrators to objectively evaluate one of the many available alternatives to manage servers, laptops, desktops and mobile devices from a centralized location.