Symantec Enterprise Architecture

Claim: Symantec intends to build an enterprise asset and change management architecture. It will combine products from PowerQuest, ON Technology, pcAnywhere, and Ghost into a single framework known as LiveState. Eventually, asset protection will be automated so that newly discovered threats can be proactively mitigated.

Context: Security vendors and incumbent asset management vendors are working to create more integrated asset protection solutions. Most enterprises have some type of asset management solution, so in order for Symantec to successfully compete, it will need to unseat incumbent vendors. Therefore, its value over the incumbents must be significant.

Credibility: Symantec has brought together a stable of best-of-breed products. Its challenge will be to maintain a competitive edge, while simultaneously integrating the products into a single architecture. Few vendors have successfully done that.

Regardless of whether you're a glass-half-full or glass-half-empty type, Symantec's future promises to be challenging. Arguably, the company's anti-virus business amounts to a license to print money, which the company exercised to the tune of $1.8 billion in 2004. On the other hand, signature-based attack detection isn't perceived to be as useful as it once was, and Microsoft is poised to enter the market. However, Symantec's business is still strong and growing, so it has the wherewithal to drive into new markets and use its lead in security to stay a step ahead, even with the Redmond mob on its tail.

To that end, the company announced its Symantec Enterprise Architecture (SEA) platform this past April and is beginning to deliver products based on that announcement now. According to Symantec, SEA will bring together network, storage, and systems management to enable a better managed--and therefore more secure--enterprise infrastructure. By integrating existing security products with newer administration tools, Symantec believes it can increase its foothold in the enterprise.

Symantec faces some monstrous challenges because this market already has some well-entrenched players. Symantec's goal is to parley its security relationship with many midsize and large companies into a broader asset management relationship. It plans to do this over the next two years by building an infrastructure management solution that takes desktop and server systems from purchase to production to retirement.

SYMANTEC'S SEMANTICS

Symantec must first deal with the fact that the industry tends to think of network, storage, and systems management differently than it does. The company still sees its business through a security lens. To Symantec, storage management means protecting data through security-driven snapshots and backup, not managing a complex storage environment such as a SAN. Systems management means provisioning and patch management, not user and application access administration, or server utilization and virtualization. Finally, network management to Symantec means network-born threat management, not managing infrastructure gear such as switches and routers.Despite these nomenclature issues, Symantec is out to solve an interesting problem. SEA's grand vision combines inventory, disk imaging and provisioning, patch management, software distribution, and backup and disaster recovery management all under one umbrella. This bundled functionality will take the name LiveState and seek to manage systems from cradle to grave. Symantec is looking to do this for Windows servers, desktops, and handhelds in the first quarter of 2005, Linux servers late in the year, and Linux desktops should the market ever present itself. There are no plans to bring Macs under management.

Symantec's next step is to increase the level of automation for tasks within its architectural framework. For example, it will automate the generation of system snapshots before new software or patches are rolled out. Also to that end, the architecture will see improved process management functionality late in the year, standardizing such processes as how IT departments handle newly released patches, and how new systems are configured to meet corporate guidelines.

All these features are essentially table stakes to compete in the asset management market. To differentiate itself, Symantec will begin integrating the threat discovery side of its business with its enterprise administration side some time in 2006. The goal is to assure security policy compliance, as well as automate the protection process when new critical vulnerabilities are discovered. For instance, the discovery of new self-propagating malware such as a worm can prompt Intrusion Prevention Systems (IPSs) to lock out any attacks, and imaging software to generate system snapshots of potentially affected systems with greater frequency until a patch is developed.

FIRST, THE PIECES

Before Symantec could build its enterprise asset management brainchild, it needed to gather up the right set of components, so off on a buying spree it went. Adding to its previous acquisitions of Ghost and pcAnywhere, Symantec more recently purchased ON Technology and PowerQuest. ON's iCommand product forms the basis of Symantec's LiveState products. Ghost provides imaging and image deployment, pcAnywhere provides remote control, and PowerQuest brings sector-based backup and disaster recovery to Symantec.iCommand, which will take the name LiveState Delivery, is a centralized configuration management and process automation system. It uses agents and a typical three-tier architecture to centrally manage geographically distributed environments. The primary management interface is a snap-in to the Microsoft Management Console (MMC). There's also a Java interface and a command line interface and scripting language. While iCommand can be used to adjust parameters on servers and workstations or deliver packaged software to them, ON had positioned the product mostly as an enterprise-wide end-user configuration and software management tool.

ON's approach made a lot of sense. While there's a significant need for provisioning and system configuration management in the data center, the tools typically look different and come from a different set of vendors than end-user system management tools. Provisioning in the data center must take into account more than the security posture of systems, and the process becomes more manual the closer it gets to the unique application end of the stack. By contrast, rolling out patches, OSs, and new applications to users and devices around the globe is a sweet spot where tools such as iCommand truly shine.

ON realized what it was up against in the data center, so rather than compete it included the ability to integrate with systems management frameworks such as IBM's Tivoli, HP's OpenView, and Computer Associates' Unicenter. Symantec plans to carry this practice forward as it releases new versions of LiveState Delivery.

PowerQuest's disk-to-disk backup and recovery technology is a logical compliment to iCommand's functionality. PowerQuest isn't intended to replace offline backup systems; instead, it can be used to rapidly create snapshots, either on a regular basis or before new software is deployed on the system. Renamed LiveState Recovery, PowerQuest's technology also captures system state information so that a recovered system can be ready to run immediately.

PowerQuest's arsenal also featured a number of other tools, including disk partition managers. These will have a home in Symantec's product line as standalone products.

THEN THE PRODUCT

The challenge for any company attempting to buy its way into a new market is deciding how to treat the product lines of the new acquisitions. Putting an emphasis on integration usually means slowing the development of new features, giving the competition a chance to catch up. The alternative--allowing development as usual without regard for broader integration--defeats the original purpose of the purchase. Symantec has taken something of a hybrid approach, integrating technology from PowerQuest, Ghost, and pcAnywhere into iCommand, while allowing those products to continue on in their development.

The result can be confusing to the marketplace, however. In patch management, for instance, Symantec has two solutions. iPatch was part of the ON purchase and continues to be developed. However, LiveState, with its iCommand and Ghost technology, is the real enterprise-capable solution. Ghost by itself is widely used to deploy system images across servers and tightly controlled end-user systems such as point-of-sale devices. Here again, LiveState is touted as the better enterprise solution because it addresses much more than image distribution. Then again, that's a bit like saying a Swiss Army knife is a better knife than a scalpel because it does more than just cut stuff.

The road to Symantec's vision of asset management nirvana isn't particularly short. iCommand will re-emerge as Live-State Delivery around April, but Symantec doesn't expect all products to adhere to its new user interface specification until roughly a year later. The next release will still be based on MMC. However, Symantec wouldn't say whether MMC would remain the primary management framework in subsequent versions.

THE COMPETITIONWhile Symantec is certainly spinning an interesting story, it's also going up against some formidable competition from the likes of LANDesk Software, Novell, Altiris, and Microsoft. To a large degree, enterprises interested in structured asset management have already picked a vendor, so Symantec's job is to convince enterprise architects that since they're already buying Symantec's anti-virus software, they may as well limit the number of vendor relationships they have and trust Symantec with asset and change management, too.

The Holy Grail for Symantec is integration with its threat discovery and security management business. The problem is that this won't be a reality for two years. Meanwhile, Altiris is already there with software distribution, asset discovery and management, remote control, backup, and configuration management. Are the tools in Altiris' arsenal as good as Symantec's best-of-breed products? Possibly not in all cases, but Altiris' solutions are already integrated and only need a connection to a third-party threat discovery operation to have everything Symantec hopes to have. Also, since Symantec plans to continue to produce standalone versions of its systems, it's likely that the versions of pcAnywhere or Ghost found in LiveState won't be as capable as the standalone versions.

Furthermore, Altiris has a better to story to tell with regard to server management, including broad Unix support and a joint development arrangement with HP.

LANDesk will also lay claim to all the critical systems management pieces (other than backup), as well as take the additional step of managing non-computer assets, including phones and other office equipment.

The company is also venturing into Symantec's space with its recently announced Security Management Suite. The new product seeks to find and remove malware and spyware, improve patch management, block unwanted applications such as peer-to-peer sharing programs, and more. This eats into some of the value that Symantec brings to the table.Novell's ZENworks recently got Linux support and better patch management through the company's continued partnership with PatchLink. ZENworks isn't for everyone. It requires Novell's eDirectory and Console-One, but for those shops that remain loyal to Novell, ZENworks is a logical choice.

Finally, you can't count out Microsoft. Its Systems Management Server (SMS) continues to mature as an asset and change management platform. Of course, cross-platform support to Microsoft means Windows CE, Windows 98, and Windows 2000, but for many smaller enterprises that's just fine. For those that have chosen to broadly use Microsoft's end-user and back-office applications, SMS is certainly a valid choice.

Editor-in-Chief Art Wittmann can be reached at [email protected].

Symantec Gets Its SEA LegsJune 1998:

Ghost acquired December 2003:

PowerQuest acquired February 2004:

ON Technology acquired April

2004:Symantec Enterprise Architecture (SEA) announced

October

2004:

pcAnywhere gets Linux and handheld capabilities Late Q1 2005:

LiveState Delivery scheduled for releaseQ1 2006:

All LiveState products get a common user interface

Late 2006:

LiveState integrated with Symantec security services