It's six months since Symantec closed its January purchase of client management software developer Altiris, and therefore six months since Greg Butterfield, the former CEO of Altiris, took up his new job as the group president of Symantec's Altiris division.

Not too surprisingly, Butterfield is keen to stress how beneficial the combination has been, and how despite some product overlaps between the two, Altiris has grown since being acquired - partly because the division took over some Symantec development teams.

"A year ago we had a hard decision - either to take an acquisitions path to collect enough technologies to build together, or to join with a bigger company," he says.

"I believe it was a good decision for Altiris to join up with Symantec. This transaction really is a no-brainer - there is very little technology overlap, and we have similar go-to-market strategies."

The goal is for Butterfield's division to tie together all the technologies needed to deploy, manage and secure endpoints. Today that term means PCs, Macs and some Linux desktops, but in the future it will also take in mobile devices and other potentially vulnerable devices too, from printers onwards.

He says the group has already assembled many of the tools needed to do endpoint management, taking them in from both Symantec and Altiris, although there have been casualties along the way.

"There were four areas of overlap. In remote control, it took a couple of weeks to decide to end-of-life CarbonCopy in favour of PCAnywhere," he explains. "In imaging we had Altiris Deployment Server and Ghost, the strategy is to continue with both formats and support the Ghost format in Deployment Server.

"We also end-of-lifed Symantec Livestate Delivery and picked partners to help customers migrate to [Altiris] Client Management Suite. And we moved security and compliance over to the Symantec team."

He adds, "We provide over 60 different web services, Symantec has probably double that. The vision for Symantec and Altiris is fewer agents, one pane of glass, common consoles."

Vision or reality?

However, talking to others around the Altiris organisation reveals that while some progress has been made - it has developed a software connector that allows an Altiris user to drive Symantec's Endpoint Protection Manager anti-virus software, and has demonstrated another for Backup Exec - other parts of that vision are still a fair way from reality.

"There is no integration with Symantec NAC yet, though we have had conversations with the NAC team," says Altiris senior product manager Stephen Brown. "Initially their rules engine will drive the process and we'll provide remediation, for example with SNAC calling the patch manager."

The difficulty, he adds, is that the Patch Manager tool was built to deliver staged, or pre-defined, software updates. However, NAC requires ad-hoc remediation - systems may connect in any sort of state, so the patches required must be assembled on the fly.

"NAC needs to be a seamless process, but if the patch hasn't been staged, you need to trigger a number of processes," Brown notes. "It's quite different doing a planned workflow versus real-time.

"We're trying to drive our products towards real-time. We believe Patch Manager just needs modification, in the shape of additional interfaces, not a complete rewrite."

He adds that while a lot can be done in the meantime using software connectors, a common Symantec/Altiris platform for endpoint security and management could be 12 to 18 months away.

Fortunately for the company, users at the recent Symantec/Altiris ManageFusion conference seemed to accept that while they would have preferred the company to be further down the convergence path, it has only been six months after all. And as one added, knowing that they do have a plan is good.

Part of that plan is co-operating with other tools by sharing data, says Altiris CTO Dwain Kinghorn - and that in turn means ensuring that the configuration management database (CMDB) is up to the job.

"As the CMDB becomes more critical to business operations, proper access controls and security are needed," he explains. "We have to make sure our customers have the right level of access. We give people an organisational view, so for example an Asia-Pac admin only gets to see the relevant resources."

Federated technology will also help here, he says: "We see a federated CMDB working in both directions. We will have connectors for other directories to bring in data, so a smaller customer might use Altiris only, and bring information in using connectors, while others want to take our information and use it to populate their main CMDB. The difficult part of federation is reconciliation - that's what the connector is designed to do."

A virtual future

Greg Butterfield reckons there is a lot more to the Symantec/Altiris deal than just doing a better job of endpoint management, though. He says it should allow his group to offer Altiris technology to customers outside its SME heartland.

"In the datacentre we have leading technologies for provisioning blade-servers, for instance, also for managing VMware GSX and ESX servers," he claims. "Now we're looking at consumers offerings and locking down PCs, and a more robust platform for managing virtual machines.

"In the large enterprise segment, our limiting factor has been our size, so one of the key benefits of Symantec is size and scale."

He adds that as well as Altiris building Symantec's desktop tools into a complete "endpoint management life-cycle", he sees other Symantec divisions drawing on Altiris technology - in particular, its SVS (software virtualisation system) which allows applications to be packaged as protected virtual layers.

"A smaller company has limited resources. As part of a bigger company, we can use SVS in other business units - we are exploring how it can add to existing technologies and how we can virtualise in other ways too," he says.

"There's no formal product announcements on the consumer side, but the challenge is there. For example, you could maybe deliver Norton 360 in a virtual layer. There's a lot of opportunity for virtual applications."

So could this be a company acquisition tale with a happy ending for all concerned? It seems hard to believe, but then stranger things have happened.