Network Computingwww.networkcomputing.com

Given the boom in enterprise laptop usage, chances are you'll be managing mobile units--possibly including PalmOS and Microsoft Windows CE and Pocket PC PDAs (personal digital assistants) and palmtops--sooner rather than later. Fortunately, you can call upon an armory of robust, full-featured solutions to cope with this mobile onslaught. These indispensable management tools boast features such as transparent, automated software distribution; remote configuration management; data backup; automated software/hardware inventory; and remote event scheduling. Clearly, they can make or break your enterprise's mobile-systems deployment.

Testing Lineup

All four of the management products we tested in our Washington Real-World Labs® are dedicated mobile-system-management packages that offer software-distribution features and handle remote-system management, such as hardware and software inventory and configuration management.

The system that made managing and deploying Windows-based laptops easiest, XcelleNet's Afaria 3.0, won our Editor's Choice award, just beating out Mobile Automation's Mobile Automation 2000 Enterprise Edition and Callisto Software's Orbiter 3.5. All three of these products offer roughly similar levels of overall functionality, though they differ somewhat in focus and particular strengths. Orbiter is the easiest product to use and is the most transparent from the mobile end user's point of view. Mobile Automation 2000 is our Best Value award recipient and has an edge in security features.

If keeping critical application data up to date among servers, PDAs and laptops is your top priority, however, Synchrologic's iMobile Suite is the best choice. It provides unparalleled support for field-level data exchange and synchronization between corporate databases and remote users, on not only Microsoft Windows PCs, but PalmOS-based and Windows CE-based units as well. It also focuses on software and data distribution and file backup, but it lacks the depth of detailed device-management functionality offered by both the Mobile Automation and Orbiter packages.

Common Ground

All four products we tested have server components that run only under Microsoft Windows NT 4.0 or Windows 2000 Advanced Server. Two of the solutions, iMobile Suite and Mobile Automation 2000, require Microsoft's Internet Information Server (IIS) to function. The "channel" paradigm and Microsoft's Active Desktop Objects (ADO) are dominant in these products.

Likewise, the other two solutions, Afaria and Orbiter, support only Microsoft Access and SQL Server for their data stores. If you need to deploy or support mobile systems based on Linux, Apple MacOS or any other operating system, you're out of luck. Although iMobile Suite and Mobile Automation 2000 do support PalmOS and Windows CE devices to some degree (Afaria has a standalone sister product to do so), true cross-platform capability on either the server or the client side is lacking in all four products. We hope future versions will address this shortcoming.

Scalability is a serious concern with all these remote-management packages, particularly because for the most part they rely upon a single Windows NT or Windows 2000 server. Mobile Automation, however, has implemented some server clustering in its new Enterprise Edition. The field of mobile-device management is also relatively immature; at this point, however, most of the critical functionality is in place, and these products are starting to address the crucial enterprise issues of security, manageability, scalability and fault-tolerance.

Another area of common ground is the products' network-layer transport mechanisms. All except Mobile Automation 2000 can communicate over dedicated TCP/IP and/or UDP (User Datagram Protocol) ports, their most efficient means of operation. All but Orbiter support HTTP tunneling (HTTP 1.1), to allow operation through a corporate firewall. Orbiter, the exception, reverts to an asynchronous, e-mail-based queued transport mechanism.

That method requires the use of Microsoft Exchange/Outlook, Lotus Development Corp. cc:Mail or Lotus Notes by all of your enterprise's mobile users to guarantee delivery and execution of data transfers and administration--unless your users will always be dialing into a modem pool or accessing your server via a VPN (virtual private network), for instance, in a configuration that bypasses your firewall.

The prior version of Mobile Automation 2000 also used an e-mail-based transport system, but the company switched to HTTP tunneling in the current release. Neither method is necessarily superior--it depends on your network setup, infrastructure and preferences. If you need to manage remote users who will be accessing your corporate servers over the Internet, for example, you may not want to leave open gaps through your firewall. On the other hand, arbitrary HTTP tunneling isn't the speediest technique and has other drawbacks, but it is probably somewhat more flexible in execution than e-mail-based transport.

All four products support a core set of features that, taken together, greatly enhance their management appeal: Data compression, file differencing (delta) technology and checkpoint restart go a long way toward making these systems more useful, especially over low-bandwidth connections, such as standard analog telco lines.

File compression is self-explanatory, though the level of compression may vary depending on the type of data or file being sent. File differencing, a key feature, establishes a database of all remote machines' file contents and, when updating or modifying those files, sends only the byte-level deltas (the difference between the remote device's current state and the desired state), instead of sending the entire file contents over the wire. Checkpoint restart ensures that if a transmission is terminated before completion, it will continue where it left off the next time a connection is made between that remote machine and the central server, instead of requiring a complete restart of the transfer.

File differencing and checkpoint restart can reduce necessary data transfer time dramatically. With Afaria, for instance, file differencing reduced the necessary data transfer from more than 2 MB to less than 300 KB between the first and second time a laptop connected to the network. The other products showed similar performance gains, with file differencing significantly reducing file sizes during transfers.

Finally, all four products automate software distribution (using file differencing) and handle two-way data file updates (both from the server to the clients and from the clients back to the server). Distribution is important when sending new applications to the field. For example, when distributing an update--such as virus-table updates--to an existing program, differencing will significantly reduce the amount of download time. Data-file updates ensure that users have the most recent version of corporate data and that updated data on the laptops returns safely to the enterprise network.

Sought-After Features

Aside from inventory/asset management and centralized troubleshooting, these are the most useful features of the systems: the ability to unobtrusively distribute programs, patches, drivers, updates and virus definitions to remote users, and to collect critical data backups and configuration file snapshots from mobile users while they are still in the field. All four products can take snapshots of the files on a user's machine and provide solid asset-tracking features as well.

Another potential use in environments with tight configuration management is to detect and prevent accidental or unauthorized end-user modifications to desktops and critical configuration files, such as drivers and *.ini files. Once a snapshot of a given user's machine has been taken, the file-distribution mechanisms in all four of the packages we tested can be configured to overwrite any improperly changed files with the original version. Not all shops will need or want this level of control, but it's a big selling point for those that do.