How do you take care of a network's worth of PCs if you are short of time and resources?

Recently, I have been looking at the kinds of tools that systems administrators need and have come to the conclusion that for those who are time-poor and overworked, GFI Cloud ticks several of the important boxes.

The purpose of GFI Cloud is simply to manage and secure a Window-based network of desktops and servers. With GFI Cloud, the sysadmin can ensure that they are properly maintained and that nobody has done anything outrageously stupid to them.

GFI Cloud currently does not support any operating systems except Windows (although it does offer patching on third-party software). However, none of the others needs management nearly so desperately. Nor are any of them so widely distributed among small and mid-sized businesses.

Secret agents

There are two different ways to implement a cloud management service: single agent or per-system agent. Talk to various cloud management companies and you will get impassioned speeches about why one method is better than the other.

The first requires you to run a single agent on a network and poke holes in the firewall of every other system so that they can be managed by this agent.

In my opinion, the single-agent approach is a terrible plan for the kind of customer who would want the simplified management services provided by GFI Cloud. Fortunately, GFI seems to agree.

While it may seem onerous at first blush to install an agent on every system to be monitored, I believe this is significantly less problematic than managing firewall and security settings across one's entire estate. It is much easier to have the widget live on the system and call back to the cloud management server over HTTP.

In a nod to mid-sized environments, agents can be deployed through group policy as well as through the incredibly simple manual download. For me, the install process serves as a metaphor for the entire product.

GFI Cloud was designed to be simple and easy to use. It was targeted not to compete with the likes of Microsoft's System Center but with "nothing at all".

Additional features and more enterprise-class management capabilities are being slowly added as the product matures but GFI is clearly aware of the balance between feature richness and ease of use.

Many of these more advanced features are buried a few levels down, seemingly so that they can gather information and feedback on making them optimally easy to use before promoting them to first-class button-worthy features.

When something is more complicated than "push button, receive bacon", GFI sticks a warning label (advanced!) on it. Even then, it has made the process of deploying the agent via GPO the simplest that I have encountered to date.

Buttons and tiles

You start off with the dashboard which gives you an overall view of all the devices on your network. The dashboard is well constructed, offering a simple, timeline-like view that lists the issues you need to address, colour codes them and gives you a big fat button to fix the problem.

Everything is packaged up in an interface that uses the least possible space for controls, leaving the maximum amount of space for the information you actually care about.

Rather than use the popular flattened-tile interface, GFI takes the novel approach of shading its interface options so as to make it obvious which elements are intractable user-interface services.

It pains me that this has become a reviewable point in modern software; however, it is nice to encounter a user interface that is actually intuitive.

For those who prefer a tiled interface, fear not: the network button gives a summarised view of the health and state of your network. Individual tiles list the computer name, along with the number of action items for you to care about and the number of services monitored.

The antivirus button provides the equivalent of a primitive enterprise management console that is capable of managing anti-malware products from multiple companies.

This is especially useful for smaller observations making use of Microsoft's free Essentials antivirus, as management of that product tends to be on a system-by-system basis.

The concept of having your Windows event logs displayed in a single pane of glass interface is quite novel

The monitoring tab is more of an event viewer than anything else, listing things such as backup checks and errors in services like Windows Time.

It might seem simplistic, but the concept of having your Windows event logs parsed and curated across all systems and displayed in a single pane of glass interface is quite novel for many small and medium businesses – and there are a lot more of them than enterprises.

The patch management button is another item that does exactly what it says on the tin. GFI Cloud's patch management is simpler than Windows Server Update Services and is integrated into the single management interface with the other options available.

Device squad

Buried in the interface (currently the best way to access is to click Network and then a computer name) is asset tracking. To my mind this is one of the most useful features for sysadmins.

Push the asset-tracking button, select hardware and suddenly you know everything there is to know about the bits that make up that system. Similarly, you can pull full software information for that device.

Also Teamviewer is integrated into the device view – just push the button labeled Teamviewer and GFI Cloud will send you a .tvc file with the information to log into that system.

Poking the monitoring button in Device view also gives you access to performance charts for CPU, memory, disk busy time and disk queue length.

Here is where I run into one of the more curious design choices for this service. Why is performance information not available from the main monitoring button, but available on a per-device basis?

I understand that performance information for multiple systems is unrealistic to display for large groups of devices. Still, given that GFI Cloud encourages you to separate your systems into different groups, I would love to see the monitoring button contain aggregated performance statistics.

Similarly, I don't understand why something as important as asset tracking doesn't have its own button on the main panel or the ability to be viewed in aggregate form. I would, for example, like to know how many computers in a given group have 4GB of RAM and how many have only 2GB.

If you nose around in reports you can pull the relevant information but I believe it needs to be promoted to first-class status within the interface. Asset management is simply too important to be buried.

The per-device view of GFI Cloud also gives you the interface for assigning individual systems to various groups. This is critical not only for being able to display information about different groups of systems, but also for applying antivirus policies, patch management policies and web protection policies.

Strong protection

I have saved the best for last, largely because the web protection feature of GFI Cloud is entirely deserving of its own category in this review.

I have been doing IT for more than two decades and even I can't say that I can keep up with the rapid pace of changes on today's internet. So I cannot honestly claim that my custom-secured Firefox browser would be proof against all threats.

If I am not certain that I can defend my own Windows system from all of the creepy-crawlies on the internet, what chance does an overworked sysadmin have of defending an entire network?

GFI Cloud's web protection is a simple and well implemented corporate web filter. Put your computers in a group and allow or deny access to different categories of website. Servers are classified by default based on operating system.

Server operating systems by default have a far more restricted set of sites to which they are allowed access. As an example, my personal desktop operating system happens to be a copy of Server 2008 R2. Imagine my surprise when, after installing GFI Cloud's agent, I couldn't access The Register!

The category News and Media is blocked by default on server systems. Other categories that you will need access to – such as Computer and Internet Info – are enabled by default for servers.

This all strikes me as pretty rational: most people logged into a server probably shouldn't be browsing a social media sites or reading the latest tech news.

The majority of GFI Cloud users will probably never futz with the defaults in Web Protection as they are pretty well thought out. Malware, phishing sites, spyware, adware and other nasties are blocked by default.

Bandwidth usage can be viewed as an aggregate or on a per-system basis and reports pulled by group, by category and going back 30 days.

Much as I dislike the concept behind such centralised web filtering, I acknowledge that in today's world it is an absolute necessity. GFI Cloud offers by far the simplest implementation of this concept that I have seen, and it is exactly the kind of security precaution that businesses need to be taking.

Buy one today

GFI Cloud is not just a simple management interface for the overworked sysadmin. Far more critically, it also functions as a checklist of the basic items that need to be covered to keep your network functioning.

Make sure your antivirus scans are run, keep your patches up to date, find out why Windows Time isn't working, and so on and so forth.

There remains room for improvement. On my first pass through, I didn't even notice that updates were managed for anything beyond Microsoft's offerings. The patch interface shows a sea of Microsoft patches and it isn't until the fifth page that I could see a non-Microsoft patch, hidden among the waves.

GFI claims support for more than 50 third-party applications. That is fantastic and on its own makes this offering worth the sticker price for many businesses.

Still, I'd love to see the interface updated so that it was easier to see the third-party patches needed. Ideally, I'd love a summary view. For example: "patches for Computer A, 45 Windows (35 critical), 2 SQL patches (0 critical), 3 Java Patches (3 critical, also: you have Java installed. That's a terrible plan.)"

You can get some of this information from the patch management report, but not quite. My grouse here is something of an exercise in picking nits. I am irked by an interface design choice, but it certainly doesn't detract from functionality.

GFI cloud is the kind of management tool that offers that first step away from constantly fighting fires towards getting IT under control. It is so easy to deploy that you start seeing benefits within minutes of signing up.

Other tools are more powerful but they require a lot more configuration. This poses a barrier to entry for the overtaxed or inexperienced sysadmin.

If you are still at this firefighting stage of systems administration, GFI Cloud is exactly the sort of product you should be out there buying right now.

Others will turn to GFI Cloud as part of a more comprehensive strategy. They will use it in conjunction with other tools because it makes the task of dealing with Windows systems easy.

We all have better things to do than play nursemaid to Windows. GFI Cloud removes the need to do so. ®

You can trial GFI Cloud for free for 30 days. Here is a Reg promo link for you.

Related stories

• It's a pain in the ASCII, so what can be done to make patching easier? (10 September 2014)

  https://www.theregister.com/2014/09/10/software_patching/

• Should you entrust your systems management to the cloud? (24 June 2014)

  https://www.theregister.com/2014/06/24/cloud_security/

• Let cloud apps manage your systems – if you have nothing to hide (12 June 2014)

  https://www.theregister.com/2014/06/12/system_management/

• Readers' choice: What every small-business sysadmin needs (28 May 2014)

  https://www.theregister.com/2014/05/28/tools_redux/

• Why it's time to wrap brains around software-defined networking (26 March 2014)

  https://www.theregister.com/2014/03/26/its_time_to_begin_preparing_to_contemplate_sdn/

• A sysadmin always comes prepared: Grasp those essential tools (20 March 2014)

  https://www.theregister.com/2014/03/20/sysadmin_security/