When it comes to management software, there's something to be said for double dipping.
Take Aram Eblighantian's experience consulting for mailing giant Pitney Bowes.
He bought the BigFix Enterprise Suite last year to help his client get its patching processes under control. Never did he anticipate that he'd be using the same package to standardise client and server configurations across the company's network.
"I would have definitely considered buying another product, especially to collect and standardise configurations," he says. "Because [the BigFix suite] is agent-based, it can return a fair amount of information on the clients and systems in the organisation, down to the hardware properties, the locations of the machines and who logs on to them. From there it segues into asset management, then change management and so on."
While budgets have loosened some in the past year, many IT shops remain in "get more for less" mode. This is encouraging companies to look closer at software that can be used not only for management, but also security, compliance and other jobs. Industry watchers say that vendors are even getting into the act.
"Every vendor is worried about keeping their customers and keeping them happy," says Jasmine Noel, a principal analyst at Ptak, Noel & Associates. "They will work to uncover hidden capabilities to ensure their product does not become shelfware."
Companies such as Altiris, Peregrine Systems and BMC Software have started pitching compliance with their desktop and systems management wares. Security information vendors such as ArcSight, Network Intelligence and OpenService are packaging their security event filtering products to also alert IT managers of compliance rules.
The key issue for customers is whether they risk stretching a product too far, says Stephen Elliot, a senior analyst at IDC. "IT managers need to determine if, say, a network management tool that can collect log data will give them the visibility they need into the security logs on network devices."
Before they start shopping for compliance tools, IT shops also might look closely at their current management tools to determine whether these products might help meet regulations such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. AMR Research recently forecast that U.S. companies will spend about $15.5 billion on compliance-related activities this year.
"There are tools that have strong workflow processes that can be used to address compliance," says Audrey Rasmussen, a vice president with research firm Enterprise Management Associates (EMA). "Some products are being sold as 'process out of the box' to simply document processes. Service management products can do that now, and the majority of vendors would support configuring their software to meet compliance goals."
Seek other information sources
Jason Kennedy, senior analyst and system engineer at Tsunami Communications in Vancouver, says syslog collection tools, such as HP Network Node Manager, also could be put to work on compliance projects.
"If you have a syslog-enabled device, such as a firewall, you can point a monitoring tool at it to collect syslog data, and it will comb the data and flag anything that doesn't sync up with compliance or security policies," he says. Kennedy says SNMP-based monitoring tools could also be used to compile an inventory of IT assets to document for potential audits.
"For smaller companies, rolling out an agent-based asset management tool is just too much of a time and cost expense. Monitoring tools like WhatsUp Gold can poll devices and get information such as the make and model number, and what's in the [management information base]," he says.
"If you toy around with most tools and approach them creatively, you can find a few different angles to take and get more out of them," Kennedy adds.
Lynn Nye, president of research firm APM Advisors, says companies don't need to look too far to find a management tool that can serve multiple purposes.
"The Swiss Army knife of our industry is still the Sniffer where people never seem to run out of uses for it," he says.
"You can do more than just see traffic," Nye says. "Instead of buying software to see what's coming in and out of your network, you can use a Sniffer to develop a way to compare flows on both sides of devices so someone could analyse what is going on across a switch or router."
Make do and patch
Companies also might find they don't need to buy special patch-management tools.
"People have a lot of different management tools, and one real good way to reuse your software distribution tool is for patch management," says Debbie Joy, director of next-generation networks for the western region of Unisys in Phoenix. "There is a lot of duplication among products."
"It's rare for IT departments to inventory the tools they have across the silos. It would be more practical to purchase a patching module from your systems management vendor than create a new relationship with a patch management vendor, and vice versa," she says.
Stretching management tools to handle network-security tasks is only natural, some experts say.
"Security management tools, including vulnerability and patch management, grew out of network management tools," says Scott Crawford, a senior analyst with EMA. "[Intrusion-detection systems] and [intrusion-prevention systems] are based on the ability to look at a packet, which is network traffic analysis."
He says though that security is a sensitive enough area that not everyone will be sold on double dipping.
"IT managers will buy a tool labelled 'security' because it's an area where they feel they can't get by with just a 'good enough' solution," he says.