Symantec's Total Management Suite might be a most popular option for existing Symantec desktop security customers because it integrates the client management bits the company acquired last year with the Altiris buy with the company's antimalware and vulnerability scanning tools.
In addition to the antimalware links, the Total Management Suite also carries with it the strong asset inventory and software distribution features known of Altiris's product line. However, the Symantec Total Management Suite lacks network access control, backup/recovery, intrusion detection and USB port management. (Note that Symantec offers separate products for all but the last of these functions but they were not included in this test. We've previously tested its NAC product.)
Total Management Suite's Notification Server, the heart of the product, uses plug-ins called Solutions -- such as Deployment Solution, Software Virtualization Solution, Carbon Copy Solution, Inventory Solution and Patch Management Solution -- to perform desktop management functions. Symantec recommends using SQL Server, which you need to separately license, as the desktop data repository for all but the smallest companies. Notification Server runs on Windows Server, and clients must run Windows. However, Deployment Solution can distribute both Windows and Linux OS images. The Handheld Management Suite accurately detected and tracked our handheld PCs and PDAs.
The Symantec suite's discovery process was quick and accurate. It used IP address ranges, domain names or computer names that we specified in order to locate client machines. Installation of client side software agents (termed agent rollout by the vendor) via the central console's push function was a breeze. Using the console's list of discovered desktop PCs, we only had to pick the management functions we wanted to enable, such as remote control, application usage tracking, patch management, asset inventory and application deployment, and then select the clients to receive the agents. We also noted that we could add management functions to agents later, if we wished.
Asset inventory was always accurate and up-to-date. We liked the database relationships the Total Management Suite set up for asset details. These relationships let us explore the database to find out, for instance, which of our desktop clients used AMD CPU chips. License tracking and software usage metering were similarly top-notch.
Application deployment and patch management were strong suits for Symantec Total Management Suite. We used its Wise Package Studio component on the Notification Server to productively build application images for distribution, and the Deployment Solution rapidly transferred the applications to our chosen clients. The erstwhile Altiris suite also detected and managed our VMware-based virtual machines.
The Altiris vulnerability analysis tool, Security Expressions, did an excellent job of examining our desktop PCs for potential security problems. Total Management Suite recognized and integrated with Symantec's Endpoint Protection antimalware tool running on our desktop PCs. However, Total Management Suite does not integrate with third-party antimalware tools.
We also used the Software Virtualization Solution to deploy applications in a virtualized client environment. This client environment gave us the ability to enable or disable a specific application, thus making the application visible or invisible to users, and the virtual execution world created by the Software Virtualization Solution kept the application from conflicting with or altering a client's base Windows configuration. And we appreciated the PC Transplant Pro component's allowing us to migrate one machine's files and configuration to another machine.
Remote control, via the venerable Carbon Copy utility that Symantec acquired from Intel, was straightforward and unsurprising.