Quest KACE Systems Management Appliance (SMA) Reviews

I primarily use this solution to deploy software, to deploy patches, to deploy drivers, and to do software package updates. I'm not using all of the functionality that it has but another thing I do is push out Windows upgrades. Rather than doing them all at once, I push out the feature updates.

It is set up on a VMware virtual machine.

When I first joined the company, the director and the other help desk associates were going to each computer to do updates and patches. At the time, we had 274 computers in the building, and I felt that there had to be a way that it could be automated.

One of the problems is that in order to get the updates completed, we were coming in on Saturday, which meant that they had to pay us overtime to get things done. When I started digging, I realized that you could use the SDA for automatic deployments and things of that nature. I was able to configure it to do what I needed to do.

I set up certain floors to be deployed during the night. The schedule was to complete 30 or 40 computers a night until they were finished. Then, when my director came to ask how the progress was, and I told him that the job was complete, he was shocked. It used to take them between two and three months to do the same thing.

Especially with the pandemic, where one day I have an employee in the office to work but the next day I don't, Quest has been instrumental in completing these tasks. With a couple of mouse clicks, I can get the job done.

The single pane of glass for managing devices is helpful because it allows me to perform updates and control things without having to disturb the doctors or nurses. The update process is transparent to them.

This solution provides us with IT asset management, software asset management, compliance, and patch management. This combination of features is important to us because we are able to perform all of these tasks without interrupting anybody's workflow. The most important thing is that we don't want to interrupt a doctor when they are with a patient and without Quest, if something critical needs to happen then I might have to wait to get into the office. During this time, the system could be vulnerable. Using a system with all of these capabilities and being able to use it after hours is key in IT.

The system makes it easy to update and configure things in our environment. If you get stuck then there are well-thought-out KBs available, and you can also ask people in the community. Personally, it has made my job easier. It's not as hands-on and it's more auditable.

Quest has absolutely saved me time, which I would estimate to be between two and three hours a day, easily. With the automations, things flow the way I need them to flow. When Windows updates come out on Tuesday, rather than deploying them on the weekend, we deploy them to all of the computers every Thursday. Because there is no more work to do on the weekends, it saves the company money, especially in overtime.

The automation helps on both ends. For one, you don't have the labor costs that you have to pay for in overtime. A lot of the things that we used to have to do by hand, I can now automate through the system. Then, at the same time, the work is getting done at the time you set it for. There is no "people factor", where they may not move as fast as expected. It happens, for example, that as people get tired, they get slower. Automation greatly diminishes the time that we spend going from one desk to the next. When I do it with the click of a button, everything is going to be done at that exact moment. 

The most valuable feature is the ability to deploy Windows features during off-hours times, through all of the machines at one time versus trying to systematically do them either by area or by floor. I can set one floor to automatically update on Thursday, the next one on Friday, the next one on Saturday, and so forth until I get everybody done. Doing it this way doesn't negatively impact my productivity, nor does it affect anybody else. Updates can be done in the middle of the night.

Using this system is pretty straightforward. When I first joined the company and started using it, a lot of it for me was reading the knowledge base to find out what it was capable of doing. Originally, the only things that they were using it for were popups and ticketing. When I took over, I started the software deployment, driver deployment, updates, and those types of things.

I still don't use the system to its full potential but I now use at least 90% of it.

The systems deployment appliance (SDA) is one of the main features that I use on a regular basis. A lot of the time, I won't do a feature update using the software deployment function. Instead, I will build an image on the SDA. That way, as I need to deploy it, I can do so at will. It gives me the ability to deploy to 10 machines at a time, which means that I can complete most of the stuff that I need to do over a period of time. It's as easy as can be; I'd say that it's as simple as cutting butter.

I would like to be able to deploy an image to more than 10 computers at a time. When we have to do a rebuild on these machines, although it is rare, I would like to be able to do more than 10 at a time. With the current limit, it slows me down because I have to set up 10, then the next 10, and so forth.

My client started working with Quest KACE Systems Management in 2014 but personally, I began using it in 2016.

I have not had a problem other than just recently when I started having issues with a library and a few of the files being corrupted. But, whenever I've called technical support, they've been generally on the spot for getting things fixed, and getting me back up and running. As such, it hasn't really affected my environment much.

My downtime, the first time they had to fix it, was about a day. The most recent time, I wasn't down but I could tell that they were working. Overall, the issue with corrupted files hasn't affected me.

In an environment like this, where you can't afford to be down, it is critical that you have premium support. It is definitely a factor that should be considered when purchasing other products.

The scalability is fantastic. You can add to it and there are lots of things that you can do but it's overkill for us at the clinic.

There were two of us administering the solution and there are about 274 endpoints. Since the other administrator recently quit, it is only me doing the job at the moment.

The technical support people are awesome. In the beginning, I dealt with a few of them that seemed like they just didn't want to be there, so I just would hang up with those people. Lately, in the last couple of years, I have not had any problems. Everybody I've dealt with has been happy to be on the call and glad to help.

We use Quest premium support and the biggest thing that stands out to me is that it's available 24-7. Sometimes, things will happen outside of the eight to five range and when it does, I need that ability to be able to call them and get someone on the phone. That's the major value for us.

There are other pluses with premium support but given that we have moved it from a physical appliance to a virtual appliance, right now it's just the 24-7 support that is important for us. Having the premier support had added value to our overall investment with Quest. It's worth what you pay for it because they are literally there. In a mission-critical system, such as a clinic, you can't have wait periods of two to four hours before technical support starts working on the problem. When a patient system or a lab system is down, you can't wait around for somebody to figure out if and when they're going to call you.

They did not use a similar solution prior to Quest KACE.

When the person who set up Quest first joined the company, he wanted to modernize things. People were leaving post-it notes or written notes on everyone's desk, and he wanted to implement a system to improve the clinic's way of doing business.

When he implemented the system, he implemented it with Active Directory to make it more fluent so that when something happened, they didn't have to go from one desk to the next desk.

I was not with the company for the initial setup, although I have spoken with people about it. What I have been told is that when the system was first purchased, they paid for support to help walk them through the setup. I have not heard that it was difficult but I do recall that it took some time to get everything configured.

We purchased KACE through a reseller, Netrix.

It was deployed in-house by my former director, with assistance from technical support. At that time, it was Dell technical support.

One person is enough for maintenance because it is not hard at all. Click a button and it's updated. You also have to make sure that your host is updated. It's pretty simple.

If I was on the outside looking in, where I had never dealt with it before, based on everything it does I would think it is quite complicated to operate and keep functional. It's definitely the opposite of that.

Our clinic's ROI is a saving in time and money. Prior to having this solution, we were sometimes in a position where there would be three of us working on it, and we'll all be working overtime. When you take that away, it is a big saving. For example, I have been here for five years and if I were putting in two weekends a month over the entire time, it is a lot of money that has been saved.

In terms of pricing and licensing, my advice is that you need to assess what you need and then look at what they offer. It's easy to get caught up in the things that you want, but don't really need. You really want to assess what's best for your environment and to plan it very well.

Ideally, if there is a project manager available then they should help with the planning because you want your end goal to be in line with what you are trying to do. A reseller will try to sell you everything under the sun, so it's important that you plan well and know what is required in your environment. 

I don't believe that the company evaluated other products. My understanding is that the reseller we used made the recommendation and we went with that.

My advice for anybody who is implementing this solution is to take your time. I suggest doing it on a Saturday but if your production is in an area that can't be down because you have to sync with Active Directory, then choose a time where you won't interfere with anybody's ability to work. It may require rebooting your DC and that is something that can't be done without affecting people in your environment.

For organizations running two DCs, it probably won't affect them at all. However, in our situation, where we use single sign-on, we really want to make sure that any downtime doesn't affect our users.

The biggest lesson that I have learned from using this solution is to read the knowledge base.

We had a transitionary period where I was taking over and my director was leaving. The system needed to be updated but part of the system was not paid for. Once it was updated, I found out that they no longer support physical servers, so we had to move it to a VM. That was a bit cumbersome but the important part that I learned is to keep your licenses current. If they expire because you are behind in paying for them then it puts you in a more difficult position when you renew.

Overall, this is a good solution that saves us time and effort. Other than the limit of having only 10 images deployed at once, I don't see anything else that I want to improve. I control everything through VMware and I'm pretty good at it.

I would rate this solution an eight out of ten.

We were originally using a physical appliance and now we have migrated to a virtual appliance. We migrated to the virtual appliance three years ago.

Our primary use case is for managed installations and the software that we deploy. Our offices are scattered throughout the state and we have 103 locations that are remote. We use KACE to inventory those items. We use KACE to push updates, third-party products, and third-party software to them.

We gather inventory from them, it lets us know how many machines out there have 16 gigs of memory and who's running low in this space. Any new software that we get that the company purchases, that is how we deploy out to the masses. We do that so that we don't have to travel the state over and over again, we can do all this stuff remotely.

We also have a lot of reports that are being generated from the information that KACE has so that we can take that back to our accounting department. We can provide reports on the location of newly purchased laptops. It shows us if they're still being used and who they are assigned to.

The ease of being able to distribute software to a thousand machines from one location with just a few clicks is the most valuable feature.

KACE is super easy to use. You have to change your mental process on how to think of something and look at it as how KACE has designed it. But once you can figure out what KACE is thinking, then it is really easy to use. We've been using it so long that we don't have to write much new stuff for it. We are able to use the old scripting jobs or deployments that we had. We're able to take those and modify them with new software and then push it out that way. I learn something new every day in it. There's a lot of stuff that I probably don't know that it can do. I'm always playing with and discovering new things.

It's 90% on a single pane.

We use the Systems Deployment Appliance. It's our bread and butter. Every machine that gets imaged here in this building and out through the whole state goes through the SDA. We rely on it completely. There is no manual process of getting a laptop out of a box, plugging it up, turning it on, and waiting for Windows to start. If you were to go to Best Buy and buy a brand new laptop, you would spend the next two to three hours just setting it up. We don't do that. We get a laptop, plug it into the network, connect it to the SDA, and within about three clicks, we're done.

It takes around 30 minutes to configure our laptops. We image machines, image laptops five to 10 of them at a time. It's really great to just line them all up and power them on, hit enter, enter, enter, and then walk away. That part's great.

KACE saves us time. We've been using it for so long now it's become part of our routine. 

It has also increased the team's productivity. We've been able to create standards where we know that no matter what type of laptop it is, we can image it the same way. It has the same setup for every user kind of thing. We know we can guarantee that everybody across the state is running the same version of Microsoft Office or products like that. It has continuity. It's made it to where we are efficient across the board from high-level VP level down to standard user level. Our equipment and the way that our equipment functions is standard. It's across the board.

It makes it to where the six guys that are on our team here can step up and do the same job. We know what to look for. We know the learning curve for it. We all know what it does and how it works. If we hired a new person, they could come in and pick it up very fast and be up and going extremely quickly. We've cut the learning curve down tremendously.

I would like for there to be improvement when it comes to Microsoft and Windows updates. It has the ability to do it but the control of it is not there like I have in the Windows Server Update Services. The way KACE does it is still very granular. You don't really see the process like it is in the Windows Server Update Services. I think that would be one of the biggest things that I would like to see KACE really put some work into and really make that a big enhancement. 

I have been using KACE for seven to eight years. 

It's very stable. The upgrades and patches that they come out with only seem to enhance the product. They're not trying to fix something that's broken. It always seems like when there is a new version, it's always something that is enhancing.

We have one SDA and one SMA and it works for all 1200 of our devices that we have listed. I don't think we would ever need to scale out to anything larger than that.

When it comes to opening a service ticket or a support ticket through KACE with Quest, it's one of those that I don't cringe at. I don't mind it because I know I'm going to get somebody that's going to help me. They go above and beyond to help, unlike other companies like Microsoft or something. It's a pain to open a ticket with them because you feel like you have to sit at your phone and can't move and can't leave waiting for them. It's the complete opposite for Quest. I really like how KACE operates on the support side of things. We use their premium support.

I can open a ticket through the appliance itself or I can sign onto the Quest support website and submit a ticket that way. I know that in a very short amount of time, I'm either going to get contacted that they're working on it or we'll actually have a support technician calling me directly. I get real people. One of the biggest benefits is you get a real person. A real person who is willing and knowledgeable about the problem that you're calling about.

Having this excellent support hasn't influenced us to purchase additional products. But it has been an influence on never, not even considering, picking a different product for SMA or SDA. It's a given that it will be here and it will be here for a long time.

The initial setup was straightforward. When we got the original physical machines, it was taken out of the box, we plugged it into the rack, and got it set up. Within a day or so we had it up and running and had machines in there doing inventory already.

We had professional services assist us with the deployment. I can't remember if they actually came on-site or if we did it remotely. 

Our experience with Quest support has always been great. Any of our interactions with them have always been spot on.

The biggest thing that I've discovered from it, is to give a picture of our entire environment. In one location, I can see how many laptops we have, how many desktops we have, how many people we have assigned, and to what software we have it deployed. I can give versions. I can give so much detail on devices that I don't normally see or I don't normally touch, that are anywhere from five miles down the road to 300 miles down the road. I have the ability to see them, change them, update them, and move them. That's where the biggest bang for it comes in.

From an admin point of view, it would make an administrator's life a lot easier to be able to have that vision across their environments and know what's out there and where you stand in that environment. To know if the machines are up to date or if they falling behind, and different things like that. 

I would rate KACE a solid nine out of ten. Nothing is perfect, I think that there's always room for improvement but it would be a strong nine.

We use it for asset management for PCs and servers, and for doing updates. We also use it for monitoring all of our systems to keep them compliant with Windows updates or server updates. In addition, we use it to deploy and to uninstall software, and we use the Service Desk.

We're using Quest's K1000, which is the asset manager, and we're using the K2000, which is the deployment appliance.

The way it helps us is the easy organization and visibility that it gives into the software versions that are on our assets. It doesn't necessarily provide the solution but it provides us with high visibility into where we're at on all our assets. We can then address the different deployments to get things up to date pretty quickly.

The most valuable feature is the ability to monitor updates—the software versions—on machines so that we can keep everything compliant. We're very highly monitored because we are a financial institution. We have audits all the time and they look for vulnerabilities. So we try to keep everything to the latest software versions and firmware versions. We use KACE to monitor those.

The K1000 doesn't communicate well with some clients without SMB. There are some issues with getting things to image correctly because they rely on SMB, and SMB is a protocol that is being removed due to security reasons. Organizations are trying to rely less and less on SMB. I know Quest is aware of it. They've talked about having a new version that wouldn't rely on SMB for connection to the clients, but they haven't gotten there yet.

I've been using the Quest KACE Systems Management for four years. We're using 12.01.49 and we've been on it for about a month. We update pretty much every time updates become available.

The KACE solution is solid. We haven't had any issues with functionality.

It's definitely easy to scale out. We've had to add licenses as our environment has grown. We haven't had any problems there. We haven't hit our heads on any capacity issues.

We're using it to the capacity that we need to. We do most of our software deployment through it and we do about 150 to 200 tickets a month through the Service Desk.

Any time I've had to deal with their technical support, they've responded quickly and they're pretty thorough in getting things resolved.

For example, about six months ago, one of the updates didn't deploy correctly. I was doing it on a Saturday because I didn't want to interrupt production. It didn't go well, and a gentleman from Quest support jumped on and he went through it that day and we got it resolved. He knew what code needed to be executed manually and he worked through the problem and had us up within a couple of hours.

Positive

The initial setup is pretty involved because you have to set up Service Desk and you've got to set up all your environment labels for the different assets. As a part of purchasing the appliance, you do get to buy some services to help you get it set up in your environment, and that was a great purchase. They assisted us a lot in getting the Service Desk, and some of our labeling and environment, set up to get us going.

Between the two appliances, the deployment took pretty close to a week.

In terms of an implementation strategy, the first part was to get the Service Desk up and running on the K1000. Then we went to the K2000 with imaging and deployment through that.

We have about 85 to 90 people using the Service Desk, and we have five people in our IT department who administer the system. While they don't do so full-time, we have three people who do the admin work on the KACE appliance. One is responsible for software deployment, and the other two do most of the updates, as well as the monitoring of updates and vulnerabilities on computers, and pushing the patches through KACE. And we have four people who monitor the Service Desk in KACE. One is a basic Service Desk individual and the other three are systems admins who overlap and help out.

At the time when we bought it, it was a Dell product. Since then, Dell sold it to Quest. Dell provided a third party to help with the installation.

The solution has saved us a ton of time in several areas. We spend tremendously less time—probably 80 percent less—on updating now, versus before we had KACE.

I was using Microsoft SCCM in my previous environment and I replaced it with KACE. When I came to this new environment we put KACE in. Compared to SCCM, it's a lot better. With SCCM, when I was trying to push updates or get the stuff to function, the way it was designed it was more difficult. Usually, if I set up a script with KACE, it doesn't take long to get it to run successfully. Whether it's scripting or installing, it seems to be much smoother with the KACE product. The improvements are in deploying Windows and server updates automatically, on schedule.

We got rid of SCCM because we got out of our Microsoft licensing agreement at the time, and it was covered under that. And it just wasn't effective for us. We had a lot of issues with it.

There were a couple of us in IT who had used KACE in previous environments and we liked it, so we made the recommendation and moved forward with it.

Its ease of use is an eight out of 10. Some things can be a little difficult to find, but support's always there to help if we can't figure something out.

For both appliances, the K1000 and the K2000, make sure that you purchase the support for the deployment and get Quest's assistance in getting it set up properly for your environment. With the K2000, we got it set up with their support and then one of our technicians went in and started changing things and really set it in the wrong direction. Their support will help you start out on a firm foundation.

We Primarily use KACE as a diverse deployment and management solution. 

Our environment includes multiple locations, so having a single point of deployment for automation/patches/software/scripts and response management is ideal. 

We work in the banking industry, so having this single point and not having to worry about security is enormous. We have to go through multiple government security audits a year and our auditors are always blown away with our KACE environment. We need KACE to keep our organization going.

Previously, we were working with upwards of 200 different applications and tools, the amount of compatibility issues and clutter was unbelievable. One update on one application could ruin a whole environment at times. Thank goodness we found KACE to consolidate our environment and really cut down on resources! 

They've saved us so much time and money it's unreal. They have so much flexibility in what you want to configure or script. In some of my deployments, I've built entire applications on KACE to work with, while in others I have small built-in batch files. The only thing that limits KACE is your imagination.

The ability to build scripts right on the deployment center itself, as well as building groups that take those scripts/task chains has been absolutely invaluable and one of the most important parts of my whole environment. Without it, we would need to hire at least six to seven more employees to do what I'm able to do myself with those tools. 

On top of this, they have multiple forums that are super active. I've gone to tech support, ITninja, and even Reddit. One time, I asked a question on the KACE subReddit on how to improve a function and a KACE team member responded in five minutes. That's honestly unheard of for a company like this.

The GUI needs some work. I love all that it can do, however, it can be just be so cluttered at times. I wish we could see them spend some time improving the interface.

Sometimes when I run certain functions or need to do a one-off massive deployment, it lacks in "mobility". It can be a pain, having to go back a page and re-type in all the same information in the "run now" tab when I have a whole bunch of one-off situations. It's not like I can't do what I need to do, however, I seem to just spend more time than I'd like having to type in the same information over and over.

I've used the solution for the past five years.

In all the years we've had this product we've never had a stability issue.

The solution can scale. The product can be a help desk ticket system, all the way up to the entirety of your virtual machine environment - making updates and changes at a click of a button.

They take their role in support extremely seriously. We don't have to reach out too often due to the lack of problems, however, when we do, they respond within an hour or two at the very longest.

Positive

We did not use another solution. Once we got KACE, I just don't understand how we held on for so long without it.

We had a vendor assist us so that we never had a single hiccup during the entire setup.

The vendor was, without a doubt, an expert. We assisted and learned everything they could teach us.

We had ROI about a year into this and have saved so much ever since.

If your team is small like ours, I highly recommend working with an install vendor. For us, it wasn't as much a technically challenging thing to implement as much as what the vendor showed us during setup and installation that was just so helpful. With their help, we were able to hit the ground running and had much less of a learning curve.

Other options were discussed however, it was so long ago I can't recall what they were.

I would say start by looking at all of the services/products that KACE offers - don't feel overwhelmed as they will integrate very well with each other.

We use it for a lot of things. We use it to deploy software, configure Windows via scripts, and to deploy some certificates for our customers. We are a call center and we have a lot of large companies as clients, so we need to deploy several kinds of software, such as Office 365 and applications from our customers themselves. We use a scripting framework from our consultants and that works great.

KACE SMA is the main software I'm using. I'm responsible for the KACE solution, and if there are any questions related to it, my colleagues come to me.

We have local KACE Appliances with VMware workstations, computers, servers, and we are using OVF files.

It saves a lot of time because, in the past, before we used KACE, when we installed a new version of a given software, we had to go to each computer individually and install it manually. Now we just set the labels and the software goes by itself. It also saves a lot of money because we have time to do other jobs.

We have seven locations. In the past, if we had to deploy new software or install user PCs, we had to drive with a large number of people to get the work done quickly. Now, we can deploy the software from one desktop. One person can do it and that saves a lot of time. It makes a lot of things easier. It has had a huge impact.

Another example of a benefit is that I developed a script because my CEO wanted to know how many computers are connected to our home office network from the outside. Every hour I run the script to import the information to an external SQL Server Express with a report engine. With the KACE, you can use information for other reports.

The most valuable feature is the software deployment. That's the main thing we use, daily, all day long.

It's also very intuitive and easy to handle. It's clearly structured. For example, we are still using Microsoft Intune as our MDM software. With Intune, you get lost very quickly, but with KACE SMA, it's clearly structured and easy to understand.

We handle our local computers within the company with it. We handle our home-office computers as well. We have about 3,000 computers in SMA and, currently, about 1,200 computers are in our home office with it. Everything goes, everything's possible, without problems. We couldn't ask for more. We are able to manage all of the devices in the solution's single pane of glass. We see our computers there.

It also does patch management. At the moment, I'm rolling out a new feature update, 20.8.2, and it's a great challenge because we have to deploy it to 1,200 computers in the home office. We want to do it without interrupting production, but KACE is reliable and it's easy to adapt it to my needs for how and when to deploy the feature update.

Another feature we use is the Systems Deployment Appliance. If we install new computers, we run a script within the SDA at the end of the installation and that installs the required software for the computer, depending on which department it is part of. "Customer A" needs this set of software and we have a system image for it. And for "Customer B" we have another image with other software. We just have to start the computer, choose the required image, and everything is done automatically. There is no need to configure it. We just deploy Windows and, when that's done, shut it down, bring it to the location, connect it, and it works. Some software needs some manual configuration because it's not scriptable, but about 95 percent is automated.

KACE.uservoice.com is a platform where users can post suggestions for improving the software. A lot of ideas that have ended up in the development of KACE have come from this. For example, in version 10.2 KACE implemented the possibility of reducing the network speed of the KACE agent. You can set it so that it takes whatever network speed you want or you can set it to 5 Mb, to save network speed. You set it for all the computers, but it would be preferable to separate between VPN connections in our home office and the local area. It would be great to be able to set separate speeds for different VLANs. I posted this idea on Uservoice.

I've been using Quest KACE Systems Management for five or six years.

There have been no problems. It has never crashed. If I hadn't had to update it, it would just run.

Scaling it is easy. Last year I increased the memory because we got a lot of new computers in our company and we added some new locations. I saw it was getting a little bit slower, but I added some more memory and it was easy to scale. If you need more RAM or more CPUs, just add them and the KACE will say, "Okay, I'll take them."

Currently, we don't have plans to increase our usage.

We use their standard technical support and our experience with them has been great. Every time I have asked them something it has been perfect. I get quick answers, especially from one of the Quest technicians in Cologne, Germany.

Before I came to the IT department, we used software from CA. It was a pain. But we switched because of the price. Also, the support wasn't that good from CA, as far as I remember. That was before my time. I moved to my current position after we shut down the CA software deployment.

The initial setup is very easy. Before we upgraded to the current version—from 10.2 to 11.0—I tried it here on my local virtual machine. It took about five minutes and the SMA was running. That was how long it took from starting the virtual machine until the moment I got to the login screen. The information from Quest itself in the support area of their webpage, and on YouTube, is very effective and informative. It's easy.

It takes a little more configuration after logging in, because you have to deploy the KACE agent and create a token. To get everything working, the grids, the configuration, with Active Directory, it might take about half a day until you can say, "Okay, the KACE is working. I've downloaded the test catalog. The KACE agent is deploying on the computers and the computers are coming into the database."

My team consists of three people, including me. One person is mainly taking care of the software installations. He's looking at whether there are any new versions. I am taking care of the feature updates and software deployment, and the third person is my apprentice.

Users of SMA in our company include our service desk, our client and service first-level support. A total of about 20 people from our IT department.

The initial setup was done with our consultant, Stephan Sporrer, from OFF LIMITS IT. At that time it took five days, but at that time we also scripted all the software installations we have. He also taught us how to use it.

Setup took longer the first time because he had to teach us the whole system. Now, if I had to set up a whole new environment, it would take half a day because I know how it works.

The pricing and licensing are absolutely fair.

As far as I know there are no other costs that come with using it. It's just the licenses for the KACE based on the number of computers. Our VMware servers already existed, so there were no other costs for us.

In the future, we are looking at implementing a proof of concept for the KACE MDM, so our iPhones would be manageable with KACE SMA as well. Quest MDM is very intuitive and easy to handle. There is no comparison to Intune. If you don't work with Intune eight hours a day, every day, you get lost. In the KACE product, it's simple and easy. It's very easy for me to train new colleagues to use the KACE MDM, SMA, and SDA.

KACE MDM is also much cheaper than Intune. I calculated the savings with KACE MDM over a three-year period and they came to about €25,000, just on the licenses. That's a lot of money. And the time saved can't be measured. In the next month there will be more work with it because we have to upgrade all our iPhones. After that it will be easier because we can automate a lot of things with the policies, with restrictions and packages within the KACE MDM. When a new phone comes in we will bring it into the MDM, and the software will be automatically deployed. This will save a lot of time because Intune requires you to do a lot more steps. It's too complex for us.

We didn't evaluate any options other than KACE. The supplier of all our computers suggested KACE and that's how we came to it.

The biggest lesson I have learned from using KACE SMA is to never deploy software to many computers at one time. A few times in the past I killed the network with it. It's not good if you deploy a new Office 365 installation to about 700 computers at one time.

We're running Salesforce, which is older than the KACE, as our ticketing system. Because that ticketing system already exists, our CEO doesn't want to change it. They're planning to connect Salesforce with the SMA to grab the information from the computers. That way, my colleagues at the service desk will just have to type in the computer to see all the information that is stored in the KACE SMA. That's something that is currently planned but not implemented yet.

We use all of the SMA's functionality. We use it for inventory and for asset management. We don't really do file distribution because we use Desktop Authority Management Suite for that. We heavily use the scripting and we deploy updates using the security within. We also heavily use the support help desk section and the reporting.

We're on a legacy on-premises deployment. We're hoping to move to a cloud version in the not too distant future, but that's not on the schedule currently. Our on-premises KACE solution is a dedicated KACE SMA Appliance that was purchased from them. I don't even know if you can purchase that anymore, but it's kicking.

When it comes to the reporting for finance, it definitely helps a lot because we just run a report. It saves hours of trying to export workstation numbers out of Active Directory, and then create the Excel spreadsheets. With KACE you just run a report. I look at a couple things and, if the fields are blank I look at that, and it saves hours of time between me and finance.

It also provides us with a single pane of glass with everything we need for endpoint management of all devices. It's excellent. It enables us to analyze if there's a problematic piece of software and to upgrade it. I've even done custom fields within the software section so that it grabs the boot order from the BIOS, for example. That way, anybody needing to re-image a device can look and make sure that the boot order is correct in order for them to network-image the device. The inventory section is utilized by everyone who supports anything in IT.

It provides us with IT asset management, compliance, software asset management, and patch management. We don't use it for mobile device management. That combination of uses definitely makes it easier. For updating and configuring everything the way we need it in our environment, it's integral. It makes those processes really easy, for sure.

The help desk, first and foremost is the reason that we went to it, as well as the asset management. We have meta-reports for that, reports that we send to finance on the assets and where they are, throughout the organization. I would say those are the two big ones for the organization. We have 600 employees across the organization and everybody uses the help desk, at least.

On a personal level, the scripting and the reporting are extremely valuable to me as a systems administrator. When people are asking me questions about what devices are in management, or what devices have a certain version of a certain piece of software installed, it's super-easy for me to jump into the SQL reporting, send them the information, and have confidence that it's got some good information for them to utilize around the decisions that they're making.

The scripting and the software distribution make my life a lot easier too, because if, all of a sudden, Adobe has a vulnerability and we need to do a security patch, it makes it super-easy to do something like that, to update everything in our organization, all in one shot.

It's very easy to use. We've just been asked to create three new queues, because smaller departments within bigger departments want to use this product, due to its ease of use.

And the Systems Deployment Appliance is magical when it comes to automating deployment. Before we had KACE, we had a replication machine that would hold the master hard drive and five other hard drives, and we would manually image machines. With the deployment of KACE our lives are so much easier. Not only can we have multiple images, specific to end-users' uses, but we have a plethora of post-installation tasks to install or configure the system, tasks that can be re-used for each system. You just have one basic base image, and then you use the post-install tasks to customize everything else. It is amazing. We can send an image to 50 machines in our central operations, remotely. We don't even have to be at the same location.

I also utilize it after each Windows "patch Tuesday." I have a schedule that I have customized so that after each "patch Tuesday" it gets deployed to all of my servers. That way, I'm not manually patching my 100-plus servers. That is another amazing thing that I love about it.

I would sure like them to be able to copy and paste out of OneNote. That drives me nuts. You can't copy from OneNote into KACE. I've brought that up many times.

We've just had a major upgrade and I haven't had a chance to dig into things too much, as far as the improvements and the latest upgrades. So I can't really speak to what else might be missing.

There is a great resource for improvements that people would like to see, because Quest hosts a forum in IT Ninja where you can vote for features you'd like. When a lot of people vote on something, they roll it into their next update. There are so many good suggestions about things to add. One that I see right now is a Microsoft Outlook plug-in. There's always room for improvement, but the product that they have right now is so great, already, as it is.

I've been using Quest KACE Systems Management since I started with the company. I also used it at my previous job. The company has had KACE for about eight to 10 years. We started using SMA as a ticketing system six or seven years ago. We've been using it for quite a while and we have 26 queues throughout the organization.

It's very stable. In the 10 years, it's been down twice, and it was back up quickly. When we called support they were able to connect to it and it was fixed.

If there are any impacting outages, support is right on it. They're really good about that. I think I got locked out of the SDA for some unknown reason at one point, and support was right on it. I had it back up and going within the hour.

It supports a huge network for us and I would assume that that network has grown exponentially over the time that we've had it. There have been no implications as far as network use. It just works.

We really heavily utilize everything already. Moving to the cloud is probably the only thing that we can do differently, other than implementing the mobile device management or the file distribution. We have other solutions for those things. There isn't really anything else to expand or improve or to utilize within it because we really are using it all.

The support is good. Anytime we contact them they're always very helpful. The response time is good and they're knowledgeable.

Active Directory would have been the main solution for asset management. For a ticketing system, we used Track-It!, but it wasn't that good at all.

For the initial setups of service queues, and for setups of users, as well as for mail setup and the different control panel stuff, it's really straightforward. As far as setup of the appliance itself goes, it would be different than what we did because I believe it's mostly cloud-based appliances now, unless you're going specifically for on-premises. I don't even know if they're doing on-premises anymore.

I would guess—because I wasn't here when they stood it up—that we would have had support in setting it up because it is a KACE appliance.

When it comes to maintenance, I'm the only one required. I just did a major appliance upgrade and it may have taken half an hour. My colleague jumped in to make sure I didn't mess up any of her queues and we were good. It was done. It was super-easy.

Compared to the tools that I would have to use daily, it saves me hours every day. That is a huge return on investment, in and of itself. I'm sure that would be echoed throughout our company. Obviously, doing the reporting and the updates and all the rest of it, I'm a heavy user. I probably can't even put a number on how many hours are saved, hours that I would otherwise have to spend scripting and distributing some other way that just would not be as streamlined or easy. I script anything that has to be done more than a couple of times. That way, other teams don't have to come to me to ask the question. They don't have to try to manually fidget with things. They just run the script and it's fixed.

If you think of it in terms of time, and how it saves us hours every week, just for me and my colleague, as heavy users, a low estimate would be that it saves us eight hours each a month. That's 16 hours a month just between the two of us and we're just two of 600 people in the organization. That's a lot of money.

Even when it comes to the end-user in our organization who opens up a ticket, there is a difference between what they had to do before, when we used Track-It!, and before that when we used an email group, and what they have to do now. It has saved both the end-user, as well as the technician on the other side, a lot of time. They can respond to a ticket through Outlook. They can go through the ticket itself, they can add screenshots and attachments. It is very versatile for both sides. We're saving a lot of time with that.

The pricing and licensing are good. It's worth it. It's a core software on our system. Every single person uses KACE. Even for asset management, we have KACE Endpoint Management on each one of our devices as well. People use the help desk and we use it to track and deploy things. It's integral.

There are no costs in addition to their standard licensing fees.

We haven't had to evaluate anything else. It works great. We've got good support. The end users like it, the technicians like it. If you're happy with something, why go somewhere else?

They've got really good demos, so someone who is interested in it can watch a demo or use the trial version, and they'll know right away that it's something that they're going to like.

There is also a lot of really great, documented support throughout the IT Ninja community and KACE's own documentation. In both cases, there are all of the resources that a competent systems administrator could ever need to figure out how to do anything within SMA. Or they could ask somebody without even going to KACE's support, and that support, itself, is a whole other line of help.

The biggest lesson I've learned from using it is that it's really easy but its capabilities are totally customizable. There are tons of extra things you can dig in and do, once you get your feet wet. Once you've established yourself within the appliance, there are tons of ways that you can start utilizing it even more, such as the custom fields and the reporting, to save more time and create more efficiencies. It's a great tool for those sorts of things.

It's a great product. We really like using it. There are always improvements that can be made, but unless something doesn't work, everything that I do with it seems to be good.

I would give it a 10 out of 10 because I've never dealt with anything better in terms of the time it saves me and the ease in doing some of the things that I would otherwise have to spend a lot more time doing. I just really appreciate the system. I haven't come up against anything that I can't use it as a solution for, whether it's deploying imaging, managing, upgrading, or reporting. It's a powerhouse for me in my role. For what it offers me, it's a 10.

I use this solution for software packages, security updates, upgrades, and asset management.

The Microsoft SCCM environment is much more robust than KACE, but obviously, Microsoft equipment or Microsoft software is very expensive, so we have decided to take a cheaper alternative. It was a Dell product and we have a Dell computer base, so it was easier. There is ease of use, and its pricing was a driving factor.

Sometimes the information is not as real time as it's supposed to be. In that scenario, they have to work with Microsoft and figure it out, because I think that's the challenge that we always come across. The information we get isn't always 100% accurate.

There could be a dynamic environment where you can select what products you're using, whether it's Dell or IBM or HPE, and it creates its own repository. When there's not much internet usage, it downloads those critical patches or firmware updates so you can push it. 

I think that kind of thing will make it much better, because I think Microsoft products are only geared toward Microsoft. I think because KACE is not a Dell product anymore, it can work as a vendor independent or vendor agnostic approach where you can select which products that you are using, which models that you are using, and based on that, it can tell you there is an update or firmware upgrade that's available for this particular product or this particular model. If I forget to research what's available on the internet and the latest firmware upgrade, the tool itself could go every night and fetch whatever is the important update or upgrades that is available, download it, and tell the admin, "In your environment, these are the things that you can upgrade." Some of the work can be automated.

I have been using this solution for about 10 years.

I would rate this solution 8 out 10.

We have to do a lot of things manually, which I don't like in a tool because  automation is the key to everything. The less human interaction that a tool can provide, the better the product will be.

The use case is for organization server patching, and we also use the asset management in a smaller capacity.

For what I use it for, the solution provides a single pane of glass with everything I need for endpoint management of all devices. For the most part, it lowers the amount of time required for manual intervention. It gives me more time to work on other projects instead of consistently worrying about patching. Per week or per month, it's saving me a good five hours.

One of the most valuable features is that it natively patches third-party applications and not just a core operating system.

It's relatively easy to use and most of it is pretty intuitive. They've made things a little more involved now with the agent token that needs to be used. That means installing it from a server, from the share, is not quite as simple as it used to be, but once you know how to do it, and that it's something that has to occur, it's really not a problem.

It enables IT asset management, compliance, software asset management, mobile device management, and patch management, although we don't utilize the MDM. That's mainly due to our security requirements. But the IT asset tracking is a big segment.

And the software asset management has been a big help, even when it comes to license true-ups. I can use it to find out how many Tivoli we have, and boom, there's the number. Even if it's reporting a number that might be a little higher than what it actually is, because it's looking for one component, it gives you a good first first-hand look. As a result, we know there's something out there and this confirms we've got five of them. And you can actually click on the information about the software and it shows, for example, that these five servers are where it's being reported. If you really want, you can log in to them and validate. We have used that quite a bit.

Another segment that has really helped out is where you go in and actually use the distributions. We might have a situation where we need something installed on all 237 servers by tomorrow. I'll just go in and do a managed installation and have KACE push it out. So far, that's been pretty successful. I wish it had a little bit more ability to allow me to put something in there without saying, "Okay, we're already aware of this software. What file do you want to use?" It would be nice if it let me type it in and prompted me, when needed, saying, "We've already found that. Do you want to use this one? Yes or no?" But it hasn't kept me from accomplishing what I intended. Overall, the distribution is a pretty nice feature.

My biggest complaint is that almost every time they send out a new version, it fixes something and breaks another. Something that wasn't working in the last version now works, but something else stops; or they'll remove some dashboard that I really found to be nice and replace it with something totally different that I could care less about.

Another example of this would be that there is a set of agents where the communication between the agents and KACE is very consistent, and the patch numbers are very good. And then there will be a new agent which they say fixes this, this, and this. But then, all of a sudden, my patch numbers go down and the communication isn't as good, or they're timing-out more.

An additional instance of this is that it used to be, when you were patching, you would see how many succeeded and how many failed. You would also see which patches had failed and had reached the maximum number of attempts. Connected with that, there used to be a "reset tries" feature and that was nice because you could actually reset the attempts and KACE would try those patches the next time. Now, although "reset tries," is still there, it's grayed out. It doesn't function.

It affects usability because every time you upgrade, you don't really know what you may be getting yourself into. I wish they'd be a little more consistent and make sure it's only getting better, rather than their saying, "We had 15 known issues in the last version. In this new version, we're offering these new things, but we've still got 15 known issues."

The installs are generally very easy. You just say, "Okay, go ahead, upgrade," and they seem to run fairly smoothly with no problems. It's just that after you've done them, you have to see what is working and what's not working.

I have been using Quest KACE Systems Management for five years.

On the whole, the stability is good. Once it's up and running, it just pretty much runs. There aren't really system crashes or anything of that nature. It's a solid system that really does not encounter failures of the system itself.

Scalability is available. I have not experimented much with some of the options. For example, you can have a system at this site and have another site that doesn't have an entire KACE, but just a file share where KACE can put patches as well. Instead of servers at that site going all the way to your primary site, they just pull the patches from that local repository. Theoretically, that helps. So it can be scalable if you so choose.

In our environment we manage 237 servers. 

Their technical support is good. They're very prompt. Quest has been very quick in responding to any support cases or questions. And most of the time, the answer is very straightforward and easily executed or easily understood.

Positive

We did use something that KACE replaced, but I don't even remember what it was.

SCCM is what we use for workstations, but not for server patching. We do have WSUS (Windows Server Update Services) running as a backup in case we want to use Windows Update. We do have other options available, but for servers, KACE is the primary patching system.

I was involved in the initial setup and I found it to be relatively easy. It was pretty intuitive and straightforward.

Bringing it online to the point that I could log in took 45 minutes to an hour, and that included making sure I had DNS records so that the URL was resolving, and putting in the IPS and gateways, et cetera. All of a sudden, boom, it was up and running. 

After that, it was a matter of making sure that patches are actually downloading properly, and that the agent installs are checking in and everything is working properly. So getting it all tuned and set the way we wanted took two or three months, but the initial "it's technically functioning" was just two or three days.

We have realized a return on our investment with the solution. We are more stringent than the NSA as far as security goes. We run weekly security scans on our systems and we're consistently bringing in third-party organizations to do red-team tests where they'll try to hack in and do a lot of things to test us. Since Quest KACE Systems Management patches not just the operating system, but can also patch third-party things like Java and Wireshark if an update is detected, overall it handles everything that's detected. If possible, it will attempt to patch it.

The cost of KACE has been relatively low compared to other systems. Even if those systems have the same cost, they do not do as much of the third-party patching that KACE natively does. With a cost of less than $4,500 a year, it's been very good.

The pricing model is fair and fine. I wouldn't change anything about that.

We looked at SCCM and Qualys.

One of the reasons we went with KACE was cost. 

Another was that it patches third-party applications natively. Certain systems tend to need native operating system patching only. You can download something like a Java update and then "package it" for installation. But with KACE you can say, "If you find it and it's critical, recommended, not superseded, and it's detected on our system, download it and patch it." It's nice that it's doing third-party apps and not just the operating system.

If you're considering KACE for a large environment, come up with smart labels and patching schedules that are going to fit the number of systems that you have. The scheduling really comes into play, especially now with Windows having bundled patches. As a result, you're downloading a 1 or 1.2-gigabyte file to update the server, versus between three and seven 2 or 3 or 5 megabyte files. When there were multiple files, even if two of them didn't get uploaded, the other three did. If this one large file times out, it just does not patch. So scheduling the time to stage those and deploy on a different day is really important.

I wish we had the ability to use the mobile asset tracking and bar coding. Those are things that have been a real void in our organization. At least we are utilizing KACE for the servers and we manually input barcodes or serial numbers. Having the option to use a KACE app to input that information is nice and would save a lot of time.