Configuresoft powers S.C. National Guard

Because spreading configuration changes through a network is one of the most time-consuming tasks administrators face, software that automates the process is a valuable item.

Officials at Configuresoft Inc., a small company in Woodland Park, Colo., hope federal agencies will find their offerings as compelling as commercial clients do. A few government agencies already use their Enterprise Configuration Manager and Security Update Manager.

"We're just getting our act together" with the government market, said Alex Goldstein, the company's chief executive officer.

Saved time is the value of both products, said Capt. David McNamee, secu-rity manager for the South Carolina Army National Guard. He bought Security Update Manager when there were no good tools for sending hot patches to machines on a network. Because the guard covers the whole state, sending technicians out to manually update each of its 2,000 computers takes about six weeks.

"That's the way we used to have to do it," he said.

After working with the security product, McNamee learned about Configuresoft's main offering: Enterprise Configuration Manager. The National Guard implemented the system and used it to upgrade the network servers from Microsoft Corp.'s Windows NT to XP. The system allowed network managers to assess computers on the network from a single location, even if the computer was located across the state.

"It helped us find which machines needed to be washed out," he said. "Some of the old machines didn't have enough memory to function properly with XP installed."

Businesses and agencies are likely to continue to demand configuration software for some time, said Dana Gardner, an analyst of application infrastructure and software platforms for the Yankee Group in Boston.

Manually updating systems can account for 80 percent of the cost of any upgrade project, he said. "A solution where you can configure and automate [the spread] makes a lot of sense."

Configuration errors account for many security weaknesses, said Randy Streu, Configuresoft's vice president of product development.

"The machine's not patched, or you've left services running that shouldn't be," Streu said. "People just do things to their machines that break them."

By definition, networked computers don't run in isolation, he added. The company's software can track gradual changes as computers interact with one another, and it can guide network administrators to keep the computers properly set.

"They know what they want on their machines," he said. "They spend a lot of time getting their machine ready, then they stick it out into the real world and it begins to change over time."