Comprehensive solution for managing patches, event viewing, change management, inventory, etc

Question

I'm looking for a solution that incorporates most or all of the following:

Patch Management, Server event viewing/tracking, AD change management, ticketing and internal/external kb, remote access - ability to shadow user sessions or create new ones, imaging, and inventory.

Our environments contains Windows Servers and ESXi Hosts (We're not completely virtual, but we're moving that direction). Various Cisco and Linksys switches and firewalls.

This is a tall order, and I don't know if it can be done on a reasonable budget.

I've looked and found some questions on SF that deal with some of this:

Active Directory management tools for medium sized forest (less than 1000 users)

Are there any tools to do change management with Active Directory / Group Policy?

What is a good patch/update management server?

What I'm ideally looking for is a reasonably cheap solution that integrates the features into a central interface. We're a non-profit, so money is a limiting factor (the cheaper, the better; but we have a max of $15k). What we are trying to avoid is having to deal with multiple vendors, while maintaining scalability (we're creating more sites that we'll have to manage).

Is this possible, or will we have to cobble together something to make it work for us?

Edit: Even if this is a pipe dream for us, is there anyone out there offering this type of solution at all?

Answer 1

Short answer is that I think you'll spend more time, effort and money on chasing this than you ever would save by implementing it. There are few products that can unify management of a disparate collection of technologies, and of the few that exist I can't think of any that are inexpensive or straightforwards to implement. They're typically the kinds of products that starry-eyed execs at large companies roll out under the assumption that it'll magically make IT simpler and allow them to lay off some techs.

Given the constraints/circumstances you listed, IMO your best approach would be to focus on reducing/unifying your systems to cut down on variety. Some examples:

• No fancy KB, just a document share.
• No password manager app, just a secured spreadsheet
• Maintain the smallest number of disparate technologies as you can. Favour products from vendors you already deal with over new vendors. For example, dump the linksys switches and buy entirely Cisco (or vice versa!). Make sure your workstations are only a couple of different models, and bought in small batches if possible.
• Chase the 100% virtualisation ideal, at least as far as feasible. License up vCenter so you can live migrate servers, which will allow you to knock an ESXi host off entirely and re-image it when it needs an update. Having a single vCenter hanging over the top of all your ESX hosts at all your sites makes management & monitoring much easier. Pays for itself.
• Outsource the straightforward services that are 'off the shelf'. For example, go google apps or office live for your email solution. Go to a company like Beetil for your helpdesk solution. Go to a company like OpenAir for your timekeeping/payroll. There are some real cost and time savings to this if you keep it simple.
• If you're running a mix of OS versions, standardize onto a single version. Got some 2000 and 2003 boxes floating about? Get them all up to 2003 (or 2008 if it's feasible). Running some XP and some Vista workstations? Take them all up to 7 or knock them all down to XP.

These are all examples which will cost some money and effort to implement, but the cost is recouped after the changes because your environment becomes much more straightforwards to manage. Not having to dedicate as much headspace to the exceptions and gotchas of running lots of disparate kit is really good for your stress levels, too.