A new adventure: Dell KACE appliance
Recently, we have decided to make the jump from LANDesk to KACE. We had owned LANDesk for the past 3 years, and initially, the product was great. Without getting into too much detail, unfortunately, the more LANDesk updated their product, the buggier it started getting. Issues with Antivirus was getting worse and worse. Our agents started growing beyond 1.6 to 2.0Gb, and some of the scans were taking up hundreds of megabytes of RAM, and often times, bringing the user’s workstations to a screeching halt. Getting hit with the KIDO (Conficker) virus while LANDesk AV was installed (and not detected) was the straw that broke the camel’s back.
Not to completely diss LANDesk, as they have served a good 3 years at our district, but we felt that it was time to look at different solutions, as the combination of the LANDesk agent, and the LANDesk antivirus was just way too taxing on all the workstations.
Our new adventure: KACE management from Dell, combined with Nod32 for the Antivirus product. Happy to report that the performance and foot print is TINY! If you have followed any of my previous posts, you will find that I am also a VMware (View) shop, and I am very interested in having management capabilities, and AV on the VM workstations, while keeping performance acceptable. we have gotten the KACE 2000 box as well, though I don’t do a whole lot with it; same with the Nod32 which I don’t manage. So, in this article, and the upcoming ones, I will be concentrating mostly on the KACE 1200 (Management and Patching box)
The KACE agent is literally taking about 11Mb of space on the hard drive, and when idle, takes up about 5-7Mb of RAM, and when performing an inventory or a distribution, the usages goes up to 25-30Mb of RAM.
The one thing that is lacking at KACE, unfortunately, is the documentation, and the knowledge base. KACE admits to that, and is currently working on it, hence my series on my blog. When I first installed the box and started looking at the possibilities, I realized that they’re literally endless. The blessing and the curse of this box is in its flexibility. I call it a WYSIWIG box, and that, in itself is the curse and the blessing. If you write the scripts for it correctly, it’s a beautiful thing. For that to happen, you need to understand how it works, and understand how to do scripts that will do the job correctly. However, if you don’t, then the KACE box does not have mechanisms built in to handle certain things, and it could cause un-necessary traffic on your network, or even worse, break stuff; Essentially, KACE is just a medium for distributing stuff.
An example for this is in order. The most common one is the installation of the VNC client, since almost everyone is going to choose a remote control solution. KACE does have a built in wizard that allows the creation of a preliminary script that install VNC. What it does not do, is perform any sort of error checking. So let’s say we create a script to install VNC, and target 50 machines. If ran as it, and the script succeeds on 25, the remaining 25 are still left to be installed within that same task. Without any additional modifications, when the script is ran again, the task will apply, and install on all 50 again! So at this point, you have to think about a method to check for the existence of VNC in order to install it on a machine where VNC already exists.
In that same manner, another script would have to be written, with the same base, but different error checking conditions, that will force an upgrade if VNC is exist, but is of an older version, for instance.
The reason for these examples, is the purpose of the upcoming articles. I just got the KACE box, and will be heavily involved in writing the scripts for my environment, and I will be sharing some of the practical methods that I used to make this work for me. In addition, I have tons of questions, very few of which, are answered in the documentation, and the knowledge base, so my answers either come from KACE support, or trial and error. So perhaps my articles will help some KACE newbies avoid some of the pitfalls, or get some of the functionality questions answered.
Meanwhile, there are some resources that you can use, which are provided by KACE, though if you are like me, you will be disappointed in them (at least at the time of writing of this article. I will list them some of the most prominent ones here anyway:
KACE AppDeploy – http://appdeploy.com: this one is probably the most content-rich site that will help with deploying applications
KACE Knowledge base – http://www.kace.com/support/kb/index.php?action=show : this is less than satisfactory knowledge base, but is there nonetheless.
KACE Documentation – http://www.kace.com/support/documentation : This is the official KACE documentation.
KACE Tutorials – http://www.kace.com/support/tutorials: This section has some videos, but I found that most of them are for the much older versions of KACE, and will be harder to follow if you have a new version of the appliance.
Please check back often for any updates, even better, take the time to subscribe to my blog (on the right) to get notified of new posts.
Related posts:
About Me
Georges Khairallah
What doesn't kill you... makes you stronger
I'm a husband. I'm a musician.
I'm a technologist. I like to network.
I like to blog. I own a business.
my garden is my bliss. my camera is my escape.
let's connect!
RSS 2.0 Feed URL
I am confused. (1) You stated your main reason to leave LanDesk was the anti-virus solution, yet LanDesk does not have a 'choose one' anti-virus solution. You could use any AV you want. (2) The least significant factor is RAM. The more important factors are CPU or even worse (most critical) IOPS (individual operations per second) of disk IO (input/output). (3) While VNC is operating system agnostic, it is BY FAR the slowest and least desirable remote control option. It was good 5 to 8 years ago and is nowhere near a reasonable solution today. You picked an SMS software solution. SMS is Systems Management Solution. The key elements are operating system deployment, patch management, power management, application deployment, virtual application deployment, etc, etc. It is weird that you dropped LanDesk for AV when AV is not a significant option (directly). Kace also requires an appliance which by its very nature gets old in 1-3 years. Did you factor replacing it in 3 years? Software solutions just upgrade. Honestly, the most time consuming elements that justify an SMS you didn't mention and it seems you wasted money. Why did you get an SMS solution? From what you describe, you should have used Spiceworks for inventory, licensing, alerts, etc (its free). Then you should have bought a standalone AV product (Kasperky, AVG, or whatever you like best). And then, you should have chosen a remote access solution (again, VNC is a pile of slow, horrid dogfood). If you are windows only and in a single local domain use RDP its the best hands down. Otherwise, do some research for remote access solutions over the web. Can you give Dell their Kbox back?
Trevor, (1) Regarding A/V, yes, that's true that I could've used any AV I wanted, and we were using Sophos before, and had problems with it, so I was looking for a solution that could be centrally managed, as I have a huge environment, while severely understaffed, so my decisions have to factor in those variables. (2) RAM is absolutely a factor. I have a lot of old PCs in the environment, and even though CPU matters, RAM was just as important when a machine still has 512Mb in it. Both of those were bringing the machines to their knees. (3) You have read an older article, and since then, I have moved to use Dameware as my primary remote control solution, as I found it to be more reliable, deployable, with an overall better usability, and yes, I do agree that VNC isn't quite up to par to deploy in the enterprise. To clarify, I didn't drop LANDesk solely due to AV, but rather because I spent most of my time troubleshooting issues with the LANDesk engine itself, which eventually became counter productive to what I'm trying to do. As for replacement, I'm running my KBOX on a virtual appliance in a VMware cluster, so replacing it is not an issue. I can keep updating the software, and the hardware will take care of itself, as I upgrade the rest of my server farm on my normal refresh cycle. I ended up not going with Spiceworks or a free solution because: 1) I'm running an enterprise, with about 6000 nodes, and I can't rely just on community support for help. I have much more mission critical things to deal with to take a free solution, especially that I wear some 150 hats in my job, so I try to get as much backing as I can whenever I can get it. 2) I was trying to get a solution that was fairly simple, while being able to tie in everything to it. It's true I still ended up with 3 products, Kace, Dameware and ESET Nod32, but the former 2 are pretty well integrated, and AV is what it is. So, to answer your question, no, i'm not wasting money. My LANDesk bill was close to $90,000 / year for my enterprise. KACE doesn't even come close to that, including A/V, and, as a matter of fact, is now doing a much better job than LANDesk ever did. It does take more work to get it configured, but once that's done, things work ok. Why would I want to give Dell their Kbox back?