This content is part of the Essential Guide: The complete guide to Windows 10 security tools

Essential Guide

Browse Sections

Windows application management software comes to IT's aid

Application management software is a necessity for organizational continuity and security. Without any such software, absent patches threaten end users' applications.

Managing enterprise apps manually presents increasing logistical challenges, so organizations turn to Windows application management software for help.    

The application profile of organizations today is a jumble of native, third-party, modern, legacy and cloud-hosted apps, each of which requires different methods of troubleshooting, patching and updating. For IT to successfully manage this array of apps on its Windows desktops, it must either invest significant labor into application oversight or find an automated management product that fits its needs. App administration without any automation is a tall order.

"To put it plainly, it's a nightmare," said Kevin Dill, senior systems administrator for the city of Springfield, Mo.

The challenge of diverse applications

Today, Windows desktops run third-party apps from a variety of software providers, legacy apps, which likely require additional vendor support or virtualization if Windows does not support them, and modern apps, which require the latest application programming interface (API) to function properly on the Windows OS. Modern apps run on the Win64 API, a 64-bit processor, while many legacy apps run on 32-bit and sometimes even 16-bit processors.

Organizations do not host web apps and SaaS apps, but they present management challenges, too. For SaaS applications, IT can use automation to configure all endpoints to meet the software's requirements. The software can also monitor sessions to help improve the user experience through gathering performance data. Though some application management software can monitor browser performance, it has less of a role when it comes to web apps because the organization has minimal control over how they are deployed.

This dissonance causes problems for IT pros as they determine app access and permission for desktops with different processors. Virtualizing these applications is IT's first step toward compatibility, but even a virtualized app has certain management constraints because it cannot live on the desktop.

Microsoft recently announced the MSIX file packaging format for Windows 10, which can serve as an alternative to virtualization. MSIX aims to smooth the transition for Win32 apps on 64-bit desktop devices by making them compatible with management programs and the desktops themselves.

Despite these innovations, mixing modern and legacy apps with third-party and Windows apps still results in a mess of software, which requires different management approaches for each category. Without strong Windows application management software, IT would need different programs and processes for budget rendering, taking inventory of the app versions and available updates, monitoring app performance and especially patching apps.

How Windows application management software can help

Performing manual troubleshooting and patching often means app management isn't timely and effective. More automated management can ease these challenges, especially for today's IT professionals that tend to wear many hats, said Maxine Holt, a research director at Ovum.

Windows application management software can run logon simulators to test desktop deployment speed, for instance, automatically alerting IT to the root cause of network issues. Patching in particular can be a tedious task to complete manually because software providers release patches at a fast pace. Automated patching saves IT time by applying patches across an entire network.

"Otherwise [IT] would be simply inundated with the patches that vendors and software providers are putting out on a very regular basis," Holt said.

While any automation can help, not all Windows application management software is created equal. Some services and software lack third-party app support, comprehensive inventories or sufficient patch automation. Dill ran into these problems with Windows Server Update Services (WSUS), Microsoft's free app management program.

"It did OK as far as Windows patches, and that's probably being a little generous," Dill said. "As far as third-party apps, it was a huge pain."

With WSUS, Dill had to go through each app provider, such as Adobe or Java, for updates and patches. Further, he had to enter his company's information for each instance, a task that other software can easily automate.

Users' sporadic downloading of applications can also leave IT administrators unsure of which desktops have which version of software.

"Flash, Acrobat and Java have so many different versions or iterations that are not always centrally deployed," said Geoff Green, CTO at MCPc, a Cleveland-based technology services and consulting firm.

Without sufficient third-party support and a comprehensive inventory of what applications and versions an organization has installed, IT is in the dark. A few devices could require an upgrade, or the entire organization may need a patch deployment.

"You really want to be able to control what version of each app and OS you're on," Dill said.

No matter what you want to do on the endpoints, you can do it on one pane of glass.
Kevin Dillsenior systems administrator, city of Springfield

Confusion with one or two apps is no cause for alarm, but dozens of apps that require individual attention become a major time investment. Infrequent patching updates and a low priority on app management is a recipe for disaster, however, as massive attacks on the unpatched systems of Equifax and Sports Direct proved in recent years. Both companies suffered massive breaches because they neglected to stay up to date on patching.

"Sometimes IT just has too much on [its] plate, and patches drop in priority," Holt said. "When the lack of patches is affecting the company's finance and reputation, you can bet that patches will go way up in priority."

For many organizations, a reactive approach is not enough, and choosing the right Windows application management software has become a priority topic in the board room, Green said.

The city of Springfield, for example, now uses ManageEngine's Desktop Central to manage around 2,000 endpoints. It has made a huge difference in how efficiently Dill manages the organization's applications, particularly because of the suite's centralized management console, he said.

"No matter what you want to do on the endpoints, you can do it on one pane of glass," Dill said.

Paid Windows application management software is an option for larger enterprises, but small and midsize businesses can't always afford to invest in such tools. Vendors including ManageEngine, PDQ and Comodo now offer free app management software to help organizations with less financial flexibility. IT pros have many options for both free and paid automated app management.

"There's really no reason for IT not to use it," Dill said.

Dig Deeper on Application management

Virtual Desktop