Search
Close this search box.
Take a tour
  • 1E

Part 1: A comparison of Configuration Management tools’ policy engines

A-comparison-of-Configuration-Management-tools -policy-engines 2x
  • Managing an estate of devices on the network has always been a challenge to infrastructure administrators. In today’s world, we deal with real threats from bad actors, a multitude of everchanging devices, and complex remote work scenarios driven by Covid-19. Are the traditional tools like Microsoft’s Group Policy, Endpoint Manager, and PowerShell enough to manage a modern workforce?

TriCon Elite Consulting recently conducted a review of the following Configuration Management tools:  

  1. Group Policy 
  2. PowerShell DSC/Azure Automation
  3. Endpoint Management Compliance MGR 
  4. 1E Tachyon Guaranteed State

In this blog, we’ll explore TriCon Elite’s analysis of these vendors’ policy engines and their effectiveness around: 

  • Check Rules 
  • Onboarding
  • Device Status 
  • Cross-Platform Support 

Check Rules 

A Check Rule is defined as “the configuration item that builds rules for success and failure criteria.” Interestingly, TriCon found that this concept of a Check Rule is different between the four solutions evaluated. For example, Group Policy settings are configured in a Group Policy Object. Once applied to a target, this feature will sometimes remove the ability to change a configuration, thus nullifying the requirement for check and fix rules. The remaining three solutions, including PowerShell DSC, MEM-CM and Tachyon Guaranteed State, all have similar needs to build checks.
The logic defined in the check typically asks a question like; is this service running, does this registry key exist, does this file exist, etc. Once the question is asked, then code can be derived to take action to remediate the issue.  
TriCon’s verdict: Each solution presents “excellent” configuration options for Check Rules. 

Onboarding 

An agent is typically required for most configuration management tools. For instance, an agent is required to extend PowerShell DSC with Azure Automation State Configuration. Agents are also a requirement of MEMCM and Tachyon Guaranteed State. The only exceptions here are Group Policy and PowerShell. Both of these solutions are inherently included inside of the Windows Subsystem (Kernel).  
TriCon’s verdict: The ability to be always on from the time an Operating System is deployed gives a great advantage to Group Policy. 

Device Status 

Once an agent (either built-in or deployed) registers with its service, it needs to provide device status. Device status/checking in isn’t built into Group Policy’s functionality. As a result, when the policy is deployed, it relies on the built-in agent to be in good working order. If not, the ability to provide enterprise-wide compliance is greatly limited. In MEM-CM and Tachyon Guaranteed State, both agents routinely check-in and their compliance and status are displayed in universal dashboards. This can also be reported on from a device health perspective. 
TriCon’s verdict: Tachyon Guaranteed State is best designed to provide real-time device status reports. 

Cross-Platform Support 

Cross-Platform support is a big issue for most enterprise organizations. This becomes even more evident with organizations adding mobile devices at such a rapid pace.  
Probably one of the most significant drawbacks for an organization is with hybrid management. This typically requires more than one tool, and rarely can a single pane of glass be viewed for holistic management. Both Group Policy and MEM-CM cannot manage much other than Windows systems without extensive third-party solutions. (Although Mac support is included with MEM-CM, it is rarely seen in use.) 
TriCon’s verdict: PowerShell DSC, including Azure Automation, is able to support a broad range of non-windows platforms, but Tachyon Guaranteed State is the most extensible of the pack. 

How Tachyon Guaranteed State ranked in the Policy Engine category

Configuration Manager
Based on their evaluation, TriCon determined that the strongest contender in the Policy Engine category is Tachyon Guaranteed State. Based on its ability to scale to support 5000,000+ devices, TriCon considered the solution to best meet the needs of enterprises with a complex ecosystem of remote and office-based devices.
Tachyon Guaranteed State’s engine is also able to deliver instruction sets without impacting the existing network or core infrastructure, using microagent communications. According to TriConwhat pushed it to the top of this list was its extensive non-windows Cross-Platform support. It also integrates with MEMCM, BigFix, ServiceNow, and PowerShell.  
You can read the full comparison report and learn how the vendors stack up for other evaluation criteria, here. 

Report

The FORRESTER WAVE™: End-User Experience Management, Q3 2022

Download now
The FORRESTER WAVE™: End-User Experience Management, Q3 2022

Related Blogs

Blog

Digital Workplace Productivity Killers and How to Combat Them

Read now
Know About Hardware Assets Management
Blog

Mastering Hardware Asset Management: Benefits, Challenges, and Solutions

Read now
Blog

Why Opt for Service Desk Automation? Top Strategies for Streamlining IT Support Operations

Read now
1E Logo
Linkedin-in Facebook-f Youtube
Solutions
Compare
Platform
Pricing
Customers
Resources
About
Join our newsletter

Copyright © 1E 2024 All Rights Reserved