Manage Virtual Desktops Comprehensively
and Securely with IBM Tivoli

Virtual desktop infrastructures imply new endpoint management challenges

Tivoli Beat - A weekly IBM service management perspective. Endpoint management—frequently cited as a shortfall of enterprise IT—took a major step forward with the advent of IBM Tivoli Endpoint Manager. This offering gives even the largest organizations centralized command of all endpoints via a single, intelligent agent that offloads most of the work to the endpoints themselves.

Even if you're familiar with Tivoli Endpoint Manager, however, you may not realize just how well its design and feature set apply to endpoint infrastructures of all kinds.

Consider, for instance, the case of virtual desktop infrastructures (VDIs). In the VDI paradigm, user applications and data are not stored locally on each endpoint, but centrally—on servers (which can be either virtual or physical). This approach conveys many benefits; among others, the fact that user data is stored centrally means it's much easier and faster for IT to archive and restore.

VDIs also, however, imply a new set of operational challenges for endpoint management solutions to address. A short list:

If specific desktop operations such as malware scans occur simultaneously on a centralized server, they can consume too much of that server's computational capacity, and have a crippling effect on the end-user experience and productivity until they conclude.
As desktop instances migrate unpredictably across virtual servers or physical hosts, it becomes significantly harder for IT to track and manage them for best business results. This reduced insight into desktop states can easily result in a variety of problematic conditions: diminished security, failure to comply with internal policies or external regulations, inconsistent patch application, and many others.
Centralization of the user's environment via VDI does provide some elements of standardization, but the user's environment is still dynamic. Without tools that can keep up with the user's rate of change, even in a virtual instance, IT remains reactive to change, rather than proactively managing the user's environment.

In short, for organizations that have already made the leap to VDI—or are considering it—a VDI-savvy endpoint management solution would be well worth the investment.

IBM Tivoli Endpoint Manager: Virtualization-aware, yet also virtualization-transparent

Tivoli Endpoint Manager supports endpoint management functions in a way that is virtualization-transparent; whether desktops are traditional or virtualized will make no difference in how IT uses the solution to administer endpoints. IT will be empowered to track and manage all desktop instances centrally, rapidly, and comprehensively. IBM Tivoli Endpoint Manager is just such a solution. It supports endpoint management functions in a way that is virtualization-transparent; whether desktops are traditional or virtualized will make no difference in how IT uses the solution to administer endpoints.

This is because the essential Tivoli Endpoint Manager premise remains the same: a single, intelligent agent for each desktop instance. Whether a desktop instance is local, stored on a traditional server, or even migrated from one virtual server or physical host to another, that agent will continue to provide the same level of visibility and control. And it will convey the same benefits by empowering IT to track and manage all desktop instances centrally, rapidly, and comprehensively.

This implies, for enterprise-class IT, a very convenient flexibility and an exceptionally high ROI. Suppose that an organization initially invests in Tivoli Endpoint Manager to support a traditional fat-client architecture, then shifts over time to a VDI with thin clients. At every step along that transitional period, Tivoli Endpoint Manager will continue to work. No new management solution will be needed, bought, or deployed, and IT won't have to go through a new learning curve. This is a strength not every endpoint management solution can offer.

Tivoli Endpoint Manager is also remarkably scalable. Because the agent utilizes local resources (the endpoint device's CPU and memory) to perform work, not a server's resources, most organizations will only need to add a single management server when deploying Tivoli Endpoint Manager. This server is a centralized console that not only aggregates all endpoint information into a single, handy repository for complete endpoint insight, but also creates and executes policies that apply to all endpoints—up to 250,000 endpoints on average.

If the enterprise's total endpoint count grows—a common phenomenon indeed—Tivoli Endpoint Manager will simply grow along with it. In all but a few cases, the single management server will continue to suffice.

A wide variety of special optimizations make Tivoli Endpoint Manager a perfect fit for a VDI

Furthermore, Tivoli Endpoint Manager boasts many special optimizations that make it ideal for endpoint management in a VDI context. Even though it's virtualization-transparent for administrators, it's also virtualization-aware, and can thus effectively address special challenges that might otherwise arise from a VDI architecture.

For instance, Tivoli Endpoint Manager addresses security in a VDI-intelligent fashion unmatched by any competing offering. Partly, this is because its discovery features aren't affected by virtualization; they continue to apply even when desktop instances migrate across virtual servers or hosts. And when new virtual servers are created and used to drive virtual desktops, Tivoli Endpoint Manager detects and addresses them as well.

Furthermore, Tivoli Endpoint Manager can "white-list" prescanned system images known to be free of malware. By scanning only their incremental changes, instead of the image as a whole, Tivoli Endpoint Manager can accelerate scans, and reduce the number of scans needed, without introducing new security risks.

If Tivoli Endpoint Manager for Core Protection is managing desktop instances on a centralized VDI server, it will detect that fact, and won't scan all of those instances simultaneously. Instead, it will automatically scan them in series. This staggered scanning substantially reduces the total load on the server at any single point in time, preserving endpoint performance and user productivity while still ensuring that security goals are met.

Tivoli Endpoint Manager integrates with leading VDI management solutions to keep them continually apprised of each virtual desktop's status and location in the infrastructure, providing a view of guests to host relationships.

Tivoli Endpoint Manager can also assess how well physical and virtual servers comply with security policies. Should problems be discovered, the solution can provision the appropriate patches or other modifications as required in short order. Rogue devices and at-risk machines that can't be remediated can instead be quarantined, to prevent the spread of a possible security threat.

Finally, Tivoli Endpoint Manager also offers a powerful, flexible way to meet licensing and compliance goals. In a virtualized architecture such as a VDI, tracking which software assets have been deployed, and in which numbers, to which desktop instances, is no easy feat.

Tivoli Endpoint Manager simplifies matters enormously by providing real-time, accurate insight into the software inventory of each instance. When new desktop instances are created in (or removed from) the infrastructure, the Tivoli Endpoint Manager server is notified by that instance's agent immediately. Thus, IT can determine exactly which software has been deployed—to which users, and on which instances—at will.

This comprehensive, efficient design means that IT is continually apprised of software deployment at every stage of the desktop lifecycle, and can much more easily remain in full compliance with applicable regulations and policies.