Home > Reviews > KBOX IT Management Suite 2.0

Note: This version of the AppDeploy KBOX IT Management Suite 2.0 product review is an update to the previous KBOX 1.5 review and reflects recent changes made to the KBOX product.

The KBOX IT Management Suite 2.0 is delivered as an easy to deploy, rack-mount server device that is managed using a web console. It performs several desktop related services including scheduled actions such as inventory and software delivery. It is aimed at small to mid-sized organizations wishing to get a handle on software deployment and asset management.

For the growing number of people out there fond of open-source technologies, you’ll be pleased to hear that KBOX makes use of several freeware and open-source elements including Apache, FreeBSD, PHP, Sendmail and ZipLib. It also includes paid license for MySQL and RLib (purchased and embedded by the vendor).

Overall I was very impressed with the power and simplicity of this solution. In this review I will begin by discussing the installation of the server and the client software. I’ll then go into its key capabilities, and some other features. So let’s check this thing out…


  Home > Reviews > KBOX IT Management Suite 2.0

Server Installation
Considerable effort has gone into making this system easy to install and manage. However, getting any such system installed and then becoming familiar with it can be a real speed bump- one which KACE addresses by offering an easy installation and by providing a 1+ hour installation and training session to its customers.

Click for full size viewYou can either connect to the KBOX by configuring a workstation to communicate with it at its default network address or by using the provided crossover network cable. Once able to communicate, you may log into its admin web console and specify a desired network address on your network.

The KBOX runs on FreeBSD and contains three 160gig drives (providing a second mirror drive and a separate backup drive.) Backups are handled during the night to the backup drive. In the event of a failure, these files may be restored to a replacement system which contains configuration and operational data to facilitate a full recovery.

Client Installation
KBOX supports Windows 98 and later systems. A simple logon script is provided by the people at KACE that may be used to deploy the client software. It requires the Microsoft .NET Framework, so the provided script checks for and installs this prior to the KBOX client installation. If there were anything lacking in KBOX, it would be an option for server managed delivery of the client software. Although KBOX does not target large enterprise networks where it is more often the case, I do not believe it common today for users to have the administrative rights necessary to allow such installations via a logon script. The preferred method now provided by KACE with the new version 2.0 is a batch file which uses the PSExec utility from Sysinternals to remotely perform the installation. 

That said, most environments will have some method of deploying the client available or are accustomed to handling manual installations anyway (the old way) - the good news being, this is the last item you would need to install the old way!

  Home > Reviews > KBOX IT Management Suite 2.0

Organizing Client Systems
In KBOX, clients are not placed in groups, but have “labels” applied to them. The concept is just a little bit different Click for full size viewas compared to the more common “group” method, but the result is the same. A client may have any number of labels applied to it, and it is these labels you specify when performing operations such as deployment or inventory.

Some very good news here: KBOX truly does support Active Directory (LDAP). Many products claim support, but I am often disappointed to learn the implementation is no more than a static import of the hierarchy which is either a one-time manual operation or employs some sort of internal caching mechanism. I’m glad to report that this is not the case with KBOX which allows you to apply filter rules in order to dynamically apply labels to clients based on Active Directory. This means any changes in AD are reflected in KBOX right away with no need for further intervention.

Inventory is just as detailed as you would hope, with hardware and software details provided for all managed systems.

Reports may be generated in a HTML, PDF, CSV or TXT formats. A good number of helpful reports ship with the product, and if you are familiar with SQL, KACE publishes their database schema to customers to facilitate custom report generation. Not familiar with SQL? Support will create a custom report for you, and then place that custom report information on their support site so that all KBOX customers may take advantage.

Software Deployment
All software deployment is configured as a command line installation. In an interesting approach, you actually base deployment packages on existing software inventory information. Click for full size viewIn the software inventory record for any item, you can associate files that are uploaded to the KBOX. You are then able to create a deployment package by choosing the software from a drop-down box and specifying the desired command line parameters that will dictate the installation and how it is performed/automated. It is quite simple, but there are other options you can specify as well, including a message to display before or after, an option to allow user to delay the installation, valid installation times, etc.

Deployments are then directed to systems, normally to a specific label (group). The clients check-in at a configured interval (also taking into account a configurable offset to help avoid too many systems trying to install at a time). Additionally, KBOX offers a throttling option- not bandwidth throttling, but an option to limit the number of clients receiving a package at one time. For example, if you set the throttle to 75, and 75 clients are receiving a package, the next client to attach will be deferred until one of the existing deployments is complete.

Because packages are download to the clients and executed locally, you have the option of specifying if these source files should remain on the system or not. For MSI packages, the source location for repair and install on demand features is automatically updated to reflect the location of the source files on the KBOX (there is also an option to specify a secondary location when configuring the package in the web console).


  Home > Reviews > KBOX IT Management Suite 2.0

Other Features
As you might expect, there are quite a number of features provided; clearly too much to cover here, but for some highlights…

Client Features
The client software reports in specified intervals with a configurable offset. It does not sit in the system tray, and is transparent to the user. When testing, you can simply double-click the client executable to trigger a check for tasks and inventory. Further, an optional debug mode is available which provides some very helpful logs for what is happening. For example, if you are having trouble with a command line installation, the log will let you see just what command line is being executed and when.

MIA Clients
Always a problem over time, what machines have disappeared from the network? Have they been removed, off for an extended period or rebuilt? Note that “rebuilt” is a scenario covered by this product by associating client records with the first reported MAC address and not a computer name or IP address. This view lets you easily identify machines the server has not heard from in a configurable amount of time.

Client Portal
Your clients can visit the KBOX in their browser (see image at right) and have access to any software you specify. This provides a nice alternative to automating installations that are for a small number of users. Even more appealing, the installations triggered by the Client Portal use the KBOX client (local system credentials) to perform the installation.

Alerts and Bulletins
You can send messages to specified computers using the IT Advisories feature. Alert messages appear on targeted client systems, or may be sent via email, and you may also post bulletins to the client portal.

  Home > Reviews > KBOX IT Management Suite 2.0

KBOX 2.0 Updates
There are a number of new features provided in this release. To summarize:

  • Patch Management - security patches from Microsoft may be reviewed and easily downloaded to the KBOX for deployment (see image here for snapshot).

  • Remote Control Integration - easily use Remote Desktop (or another specified remote control solution such as VNC) to manage the clients by clicking an icon image that appears by each computer entry in the KBOX Management Center.

  • BITS download support - BITS allows intelligent background downloading of files to clients so you can push large packages with minimal impact (with automatic download restart) on systems with both fast and slow network connectivity.

  • Updated Reporting System - improved layout and several more canned reports.

  • Security Policies: Using the new Security Policy feature you can enforce desired settings using any of the many built in wizards:

    • Enforce Internet Explorer Settings - This policy allows you to control users' Internet Explorer preferences (now supports configuring the PopUp Blocker)

    • Enforce XP SP2 Firewall Settings - Allows you to configure several options including remote desktop, SMI traffic, file and print sharing, Universal PnP, inbound port exceptions and more.

    • Enforce Disallowed Programs Settings - This policy lets you list disallowed programs by file name.

    • Enforce McAfee AntiVirus Settings - This policy allows you to configure what McAfee VirusScan features are installed. This policy works with McAfee VirusScan version 8.0i.

    • McAfee SuperDAT Updater - Another policy option for McAfee users, this one allows you to manage the installation of SDAT or XDAT files.

    • Enforce Symantec AntiVirus Settings - Don't use McAfee? Your still covered This policy allows you to configure what Symantec AntiVirus features are installed.

    • Quarantine Policy - Have a system behaving badly? This policy can disable all network traffic from the target machine. It will permit access to the KBOX Server Name to allow the KBOX send a Run Now event to the machine to un-quarantine it (which is provided as another options here: Lift Quarantine Action).

I started by stating the KBOX IT Management Suite is aimed at small to mid-sized organizations, but they reportedly have customers with as many as six to seven thousand clients! KBOX is a powerful and easy to use system that addresses key desktop management areas. A client deployment method integrated with the management console is the biggest missing feature that stands out here- and the workaround provided to initiate remote client installations with PSExec is a suitable substitute. A drawback of many competing solutions is in their installation and configuration which is virtually eliminated by the KBOX appliance solution. Next, having to maintain a database, server operating system, etc. is also not an issue here. All this does not come at the expense of a powerful feature set.

There really is not sufficient room here to go into all the features offered and how customizable some of these features are. If this sounds like something you are interested in, I encourage you to schedule a demo of your own where you can see it first hand and ask questions that relate to your desired implementation.

Bob Kelly
12/7/05 (updated for version 2.0)