Introducing StacksWare

Who uses this application?  How often are they using it?  Are we getting business value out of the licensing we purchased?  Is our licensing right-sized for our usage or environment?  How do we effectively track application usage in the era of non-persistent virtual desktops with per-user application layers?

These are common questions that the business asks when planning for an end-user computing environment, when planning to add licenses, or when maintenance and support are up for renewal.  They aren’t easy questions to answer either, and while IT can usually see where applications are installed, it’s not always easy to see who is using them and  how often they are being used.

The non-persistent virtual desktop world also has it’s own challenges.  The information required to effectively troubleshoot problems and issues is lost the minute the user logs out of the desktop.

Most tools that cover the application licensing compliance and monitoring space are difficult to set up and use.

I ran into StacksWare in the emerging vendors section at last year’s VMworld, and their goal is to address these challenges.  Their goal is to provide an easy-to-use tool that provides real-time insight into the   The company  was started as a research project at Stanford University that was sponsored by Sanjay Poonen of VMware, and it has received $2 million in venture capital funding from Greylock and Lightspeed.

StacksWare is a cloud-based application that uses an on-premises virtual appliance to track endpoints, users, and applications.  The on-premises portion integrates with vSphere and Active Directory to retrieve information about the environment, and data is presented in a cloud-based web interface.

It offers an HTML5 interface with graphs that update in real-time.  The interface is both fast and attractive, and it does not offer a lot of clutter or distraction.  It’s very well organized as well, and the layout makes it easy to find the information that you’re looking for quickly.

image

Caption: The StacksWare main menu located on the left side of the interface.

image

Caption: Application statistics for a user account in my lab.

image

Caption: Application list and usage statistics.

StacksWare can track both individual application usage and application suite usage.  So rather than having to compile the list of users who are using Word, Excel, and PowerPoint individually, you can track usage by the version of the Microsoft Office Suite that you have installed.  You can also assign license counts, licensing type, and costs associated with licensing.  StacksWare can track this information and generate licensing reports that can be used for compliance or budgetary planning.

image

Caption: The license management screen

One thing I like about StacksWare’s on-premises appliance is that it is built on Docker.  Upgrading the code on the local appliance is as simple as rebooting it, and it will download and install any updated containers as part of the bootup process.  This simplifies the updating process and ensures that customers get access to the latest code without any major hassles.

One other nice feature of StacksWare is the ability to track sessions and activity within sessions.  StacksWare can show me what applications I’m launching and when I am launching them in my VDI session. 

image

Caption: Application details for a user session.

For more information on StacksWare, you can check out their website at www.stacksware.com.  You can also see some of their newer features in action over at this YouTube video.  StacksWare will also be at BriForum and VMworld this year, and you can check them out in the vendor solutions area.

Hands-On: The Dell Wyse Cloud Connect

Sometime in the last couple of weeks, $work picked up a Dell Wyse Cloud Connect.  The Cloud Connect is essentially a thin client as a stick – it looks like an oversized thumb drive with an HDMI connection where the USB connection would be.

IMG_20140306_215853

The old saying goes “Big things come in little packages.”  The package is little, but the only big thing that comes with it is potential.  The idea behind Cloud Connect is very sound, but the execution is lacking.  It is a first generation product, so there is plenty of room for improvement.

Hardware Overview

Cloud Connect packs a good bit of hardware into a very small package.  The system is built around an ARM Cortex-A9 system on a chip with Wireless-N and Bluetooth.  Other features on the device include a Bluetooth connection button for pairing devices, a mini-USB port for power, a Micro-USB port for connecting a peripheral device such as a keyboard or mouse, and a microSD port for expanded storage.  It can hook up to any display with an HDMI port and provide 1080P graphics with some 3D support.

Operating System

Cloud Connect runs Android 4.1 Jelly Bean.  The interface of the device I used was the standard Android interface, and it wasn’t optimized for keyboard and mouse usage.  It was difficult to navigate through the menus when hooked up to a 1080P TV, and I had trouble finding various menus because the icons were too small.  While I love Android, the combination of an older version of the Android OS and an interface that was optimized for touch usage means that there is a lot of room for improvement in this category.

Apps

Cloud Connect comes with a few standard apps that are mainly there to allow users to connect to various virtual desktop environments.  Those apps are:

  • Pocket Cloud Standard Edition
  • Citrix Receiver
  • VMware Horizon View Client

The version of the View Client that was installed on the device was version 2.1.  This client was a few releases behind, and I was not able to connect to the Horizon View 5.3 environment in my home lab.   I was unable to update the client to the most recent as the Google Play store claimed that the app was not supported on my device.

Another disappointment of this device is that it does not come with the Professional Edition of Wyse PocketCloud.  The standard edition has a reduced feature base – it is limited to one saved connection and can only connect via RDP or VNC.  PocketCloud Professional can utilize the PCoIP protocol for connecting to remote desktops and allows multiple saved connections.

Impression

I’m going to turn to the wise sage and critic extraordinaire Jay Sherman to sum up my thoughts on the Wyse Cloud Connect:

jay_sherman_it_stinks_xlarge1

Frankly, it just didn’t work.  I wasn’t able to connect to virtual desktops in my environment.  I couldn’t update the old versions of the software to fix those issues, and the interface was painful to navigate because it was the standard Android interface with no skinning or overlay to improve the experience for keyboard and mouse use.

That’s not to say that this device doesn’t have potential or some great use cases.  I can see this being a good option for school computer labs, business travelers who do not want to carry a laptop, or even as a remote access terminal for teleworkers.  It’s just that the negatives for this current version outweigh the potential that this device has.

Recommendations for Improvement

So how can Dell fix some of these shortcomings?  The area that needs the biggest improvement is the user interface.  The standard Android interface works great for touch devices, but it’s not user friendly when the input device is something besides a finger or stylus.  Dell needs to build their own skin so they can optimize the experience for TVs, monitors, and projectors.  That means bigger icons, adding keyboard shortcuts, and making the system menus more accessible.

Addressing the user interface issues would go a long way towards improving this product.  It won’t fix all the issues, though, such as the View Client being listed as incompatible with this device in the Google Play Store.

Nervepoint Access Manager

Account lockouts and password resets are two things that IT support personnel frequently deal with.  In my experience, these two tasks make up a large chunk of help desk tickets.

Self-service account management tools do exist, but many of these tools are expensive, and the cost can put them out of reach for small businesses and non-profits.

That is where Nervepoint Access Manager(abbreviated NAM) comes in.  NAM is a Linux-based virtual appliance that provides web-based self-service password reset and account unlock utilities.


Download and Setup
NAM can be downloaded from the Nervepoint website.  The download file is a TAR that contains the VMware vmx and vmdk files, so you will need a program like 7-zip to extract it.  Once downloaded, you will need to upload these files to a datastore in your VMware environment and add the virtual machine to your inventory.

Once the VM is powered on, it will grab a DHCP address.  My test network is small, so I was able to easily find it and log into the administrative web interface to configure my network adapter.  This may be an issue in larger environments or in data centers without DHCP, but there is a community forum post that describes how to configure the network adapter from the console.

Configuring access to Active Directory is fairly easy too.  Opening your web browser and browsing to the Nervepoint appliance will bring up a first-time setup screen.  It will use DNS to detect any Active Directory domains in your environment and connect to them.  You will also need to set up a service account that has permissions to change passwords on any OUs that contain users.

In order to successfully connect to an Active Directory domain, it will need to have LDAP over SSL configured.  For larger environments, this won’t be a problem as they will likely have an Active-Directory integrated PKI environment set up.  For environments that don’t have PKI, it will require at least one Enterprise CA and a Windows Server Enterprise license or a 3rd-party certificate.

Once configured, it is fairly easy for end-users to use.  They will need to log in to configure their answers to the questions that will be used to verify their identity.  Password changes and account unlocks are simple affairs – a user only needs to answer three of the five questions correctly to perform a password reset.


Nervepoint Pros
Despite being a beta, there are several things I like about the Nervepoint appliance.  It is a fairly small VM that uses less than a gigabyte of RAM.  It is suitable for production use in smaller environments, and it is very easy to use.


Nervepoint Cons
Even though I like this appliance a lot and would consider deploying it in my production network, there are a couple of areas for improvement.

For starters, there is very little documentation.  There are no install or administrator guides, and the forums don’t have a lot of information yet.  There is a FAQ section of the website, but it doesn’t have a lot of information in it either.  There is no read-me or license information included with the appliance either.
The VM doesn’t have the VMware tools installed.  I believe that this is something that should have been done by the developers before shipping the appliance.  It’s not a huge deal, but it would help with managing the VM.

I don’t have the ability to customize the security questions that my employees are asked or set the number of questions they must answer correctly.  The ability for administrators to customize these settings may be important in some environments.

And finally, the distribution method for this appliance leaves something to be desired.  The VM is downloaded from the Nervepoint website, and it took multiple attempts to correctly import the virtual machine into my test environment.  A better option might be to package the appliance as an OVF template and list it on the VMware marketplace.


Conclusion
Despite the cons, the Nervepoint Access Manager is a fairly decent little Self-Service Account Management appliance, and I would strongly consider deploying it in my production network in the future.

Edit:  It was brought to my attention by the developers of this product that the license and the default questions can be changed during the initial setup.  I did not have these two items in my notes, and I apologize for the error.