Quest KACE Systems Management Appliance (SMA) Reviews

We were originally using a physical appliance and now we have migrated to a virtual appliance. We migrated to the virtual appliance three years ago.

Our primary use case is for managed installations and the software that we deploy. Our offices are scattered throughout the state and we have 103 locations that are remote. We use KACE to inventory those items. We use KACE to push updates, third-party products, and third-party software to them.

We gather inventory from them, it lets us know how many machines out there have 16 gigs of memory and who's running low in this space. Any new software that we get that the company purchases, that is how we deploy out to the masses. We do that so that we don't have to travel the state over and over again, we can do all this stuff remotely.

We also have a lot of reports that are being generated from the information that KACE has so that we can take that back to our accounting department. We can provide reports on the location of newly purchased laptops. It shows us if they're still being used and who they are assigned to.

The ease of being able to distribute software to a thousand machines from one location with just a few clicks is the most valuable feature.

KACE is super easy to use. You have to change your mental process on how to think of something and look at it as how KACE has designed it. But once you can figure out what KACE is thinking, then it is really easy to use. We've been using it so long that we don't have to write much new stuff for it. We are able to use the old scripting jobs or deployments that we had. We're able to take those and modify them with new software and then push it out that way. I learn something new every day in it. There's a lot of stuff that I probably don't know that it can do. I'm always playing with and discovering new things.

It's 90% on a single pane.

We use the Systems Deployment Appliance. It's our bread and butter. Every machine that gets imaged here in this building and out through the whole state goes through the SDA. We rely on it completely. There is no manual process of getting a laptop out of a box, plugging it up, turning it on, and waiting for Windows to start. If you were to go to Best Buy and buy a brand new laptop, you would spend the next two to three hours just setting it up. We don't do that. We get a laptop, plug it into the network, connect it to the SDA, and within about three clicks, we're done.

It takes around 30 minutes to configure our laptops. We image machines, image laptops five to 10 of them at a time. It's really great to just line them all up and power them on, hit enter, enter, enter, and then walk away. That part's great.

KACE saves us time. We've been using it for so long now it's become part of our routine. 

It has also increased the team's productivity. We've been able to create standards where we know that no matter what type of laptop it is, we can image it the same way. It has the same setup for every user kind of thing. We know we can guarantee that everybody across the state is running the same version of Microsoft Office or products like that. It has continuity. It's made it to where we are efficient across the board from high-level VP level down to standard user level. Our equipment and the way that our equipment functions is standard. It's across the board.

It makes it to where the six guys that are on our team here can step up and do the same job. We know what to look for. We know the learning curve for it. We all know what it does and how it works. If we hired a new person, they could come in and pick it up very fast and be up and going extremely quickly. We've cut the learning curve down tremendously.

I would like for there to be improvement when it comes to Microsoft and Windows updates. It has the ability to do it but the control of it is not there like I have in the Windows Server Update Services. The way KACE does it is still very granular. You don't really see the process like it is in the Windows Server Update Services. I think that would be one of the biggest things that I would like to see KACE really put some work into and really make that a big enhancement. 

I have been using KACE for seven to eight years. 

It's very stable. The upgrades and patches that they come out with only seem to enhance the product. They're not trying to fix something that's broken. It always seems like when there is a new version, it's always something that is enhancing.

We have one SDA and one SMA and it works for all 1200 of our devices that we have listed. I don't think we would ever need to scale out to anything larger than that.

When it comes to opening a service ticket or a support ticket through KACE with Quest, it's one of those that I don't cringe at. I don't mind it because I know I'm going to get somebody that's going to help me. They go above and beyond to help, unlike other companies like Microsoft or something. It's a pain to open a ticket with them because you feel like you have to sit at your phone and can't move and can't leave waiting for them. It's the complete opposite for Quest. I really like how KACE operates on the support side of things. We use their premium support.

I can open a ticket through the appliance itself or I can sign onto the Quest support website and submit a ticket that way. I know that in a very short amount of time, I'm either going to get contacted that they're working on it or we'll actually have a support technician calling me directly. I get real people. One of the biggest benefits is you get a real person. A real person who is willing and knowledgeable about the problem that you're calling about.

Having this excellent support hasn't influenced us to purchase additional products. But it has been an influence on never, not even considering, picking a different product for SMA or SDA. It's a given that it will be here and it will be here for a long time.

The initial setup was straightforward. When we got the original physical machines, it was taken out of the box, we plugged it into the rack, and got it set up. Within a day or so we had it up and running and had machines in there doing inventory already.

We had professional services assist us with the deployment. I can't remember if they actually came on-site or if we did it remotely. 

Our experience with Quest support has always been great. Any of our interactions with them have always been spot on.

The biggest thing that I've discovered from it, is to give a picture of our entire environment. In one location, I can see how many laptops we have, how many desktops we have, how many people we have assigned, and to what software we have it deployed. I can give versions. I can give so much detail on devices that I don't normally see or I don't normally touch, that are anywhere from five miles down the road to 300 miles down the road. I have the ability to see them, change them, update them, and move them. That's where the biggest bang for it comes in.

From an admin point of view, it would make an administrator's life a lot easier to be able to have that vision across their environments and know what's out there and where you stand in that environment. To know if the machines are up to date or if they falling behind, and different things like that. 

I would rate KACE a solid nine out of ten. Nothing is perfect, I think that there's always room for improvement but it would be a strong nine.

We use it for asset management for PCs and servers, and for doing updates. We also use it for monitoring all of our systems to keep them compliant with Windows updates or server updates. In addition, we use it to deploy and to uninstall software, and we use the Service Desk.

We're using Quest's K1000, which is the asset manager, and we're using the K2000, which is the deployment appliance.

The way it helps us is the easy organization and visibility that it gives into the software versions that are on our assets. It doesn't necessarily provide the solution but it provides us with high visibility into where we're at on all our assets. We can then address the different deployments to get things up to date pretty quickly.

The most valuable feature is the ability to monitor updates—the software versions—on machines so that we can keep everything compliant. We're very highly monitored because we are a financial institution. We have audits all the time and they look for vulnerabilities. So we try to keep everything to the latest software versions and firmware versions. We use KACE to monitor those.

The K1000 doesn't communicate well with some clients without SMB. There are some issues with getting things to image correctly because they rely on SMB, and SMB is a protocol that is being removed due to security reasons. Organizations are trying to rely less and less on SMB. I know Quest is aware of it. They've talked about having a new version that wouldn't rely on SMB for connection to the clients, but they haven't gotten there yet.

I've been using the Quest KACE Systems Management for four years. We're using 12.01.49 and we've been on it for about a month. We update pretty much every time updates become available.

The KACE solution is solid. We haven't had any issues with functionality.

It's definitely easy to scale out. We've had to add licenses as our environment has grown. We haven't had any problems there. We haven't hit our heads on any capacity issues.

We're using it to the capacity that we need to. We do most of our software deployment through it and we do about 150 to 200 tickets a month through the Service Desk.

Any time I've had to deal with their technical support, they've responded quickly and they're pretty thorough in getting things resolved.

For example, about six months ago, one of the updates didn't deploy correctly. I was doing it on a Saturday because I didn't want to interrupt production. It didn't go well, and a gentleman from Quest support jumped on and he went through it that day and we got it resolved. He knew what code needed to be executed manually and he worked through the problem and had us up within a couple of hours.

Positive

The initial setup is pretty involved because you have to set up Service Desk and you've got to set up all your environment labels for the different assets. As a part of purchasing the appliance, you do get to buy some services to help you get it set up in your environment, and that was a great purchase. They assisted us a lot in getting the Service Desk, and some of our labeling and environment, set up to get us going.

Between the two appliances, the deployment took pretty close to a week.

In terms of an implementation strategy, the first part was to get the Service Desk up and running on the K1000. Then we went to the K2000 with imaging and deployment through that.

We have about 85 to 90 people using the Service Desk, and we have five people in our IT department who administer the system. While they don't do so full-time, we have three people who do the admin work on the KACE appliance. One is responsible for software deployment, and the other two do most of the updates, as well as the monitoring of updates and vulnerabilities on computers, and pushing the patches through KACE. And we have four people who monitor the Service Desk in KACE. One is a basic Service Desk individual and the other three are systems admins who overlap and help out.

At the time when we bought it, it was a Dell product. Since then, Dell sold it to Quest. Dell provided a third party to help with the installation.

The solution has saved us a ton of time in several areas. We spend tremendously less time—probably 80 percent less—on updating now, versus before we had KACE.

I was using Microsoft SCCM in my previous environment and I replaced it with KACE. When I came to this new environment we put KACE in. Compared to SCCM, it's a lot better. With SCCM, when I was trying to push updates or get the stuff to function, the way it was designed it was more difficult. Usually, if I set up a script with KACE, it doesn't take long to get it to run successfully. Whether it's scripting or installing, it seems to be much smoother with the KACE product. The improvements are in deploying Windows and server updates automatically, on schedule.

We got rid of SCCM because we got out of our Microsoft licensing agreement at the time, and it was covered under that. And it just wasn't effective for us. We had a lot of issues with it.

There were a couple of us in IT who had used KACE in previous environments and we liked it, so we made the recommendation and moved forward with it.

Its ease of use is an eight out of 10. Some things can be a little difficult to find, but support's always there to help if we can't figure something out.

For both appliances, the K1000 and the K2000, make sure that you purchase the support for the deployment and get Quest's assistance in getting it set up properly for your environment. With the K2000, we got it set up with their support and then one of our technicians went in and started changing things and really set it in the wrong direction. Their support will help you start out on a firm foundation.

We Primarily use KACE as a diverse deployment and management solution. 

Our environment includes multiple locations, so having a single point of deployment for automation/patches/software/scripts and response management is ideal. 

We work in the banking industry, so having this single point and not having to worry about security is enormous. We have to go through multiple government security audits a year and our auditors are always blown away with our KACE environment. We need KACE to keep our organization going.

Previously, we were working with upwards of 200 different applications and tools, the amount of compatibility issues and clutter was unbelievable. One update on one application could ruin a whole environment at times. Thank goodness we found KACE to consolidate our environment and really cut down on resources! 

They've saved us so much time and money it's unreal. They have so much flexibility in what you want to configure or script. In some of my deployments, I've built entire applications on KACE to work with, while in others I have small built-in batch files. The only thing that limits KACE is your imagination.

The ability to build scripts right on the deployment center itself, as well as building groups that take those scripts/task chains has been absolutely invaluable and one of the most important parts of my whole environment. Without it, we would need to hire at least six to seven more employees to do what I'm able to do myself with those tools. 

On top of this, they have multiple forums that are super active. I've gone to tech support, ITninja, and even Reddit. One time, I asked a question on the KACE subReddit on how to improve a function and a KACE team member responded in five minutes. That's honestly unheard of for a company like this.

The GUI needs some work. I love all that it can do, however, it can be just be so cluttered at times. I wish we could see them spend some time improving the interface.

Sometimes when I run certain functions or need to do a one-off massive deployment, it lacks in "mobility". It can be a pain, having to go back a page and re-type in all the same information in the "run now" tab when I have a whole bunch of one-off situations. It's not like I can't do what I need to do, however, I seem to just spend more time than I'd like having to type in the same information over and over.

I've used the solution for the past five years.

In all the years we've had this product we've never had a stability issue.

The solution can scale. The product can be a help desk ticket system, all the way up to the entirety of your virtual machine environment - making updates and changes at a click of a button.

They take their role in support extremely seriously. We don't have to reach out too often due to the lack of problems, however, when we do, they respond within an hour or two at the very longest.

Positive

We did not use another solution. Once we got KACE, I just don't understand how we held on for so long without it.

We had a vendor assist us so that we never had a single hiccup during the entire setup.

The vendor was, without a doubt, an expert. We assisted and learned everything they could teach us.

We had ROI about a year into this and have saved so much ever since.

If your team is small like ours, I highly recommend working with an install vendor. For us, it wasn't as much a technically challenging thing to implement as much as what the vendor showed us during setup and installation that was just so helpful. With their help, we were able to hit the ground running and had much less of a learning curve.

Other options were discussed however, it was so long ago I can't recall what they were.

I would say start by looking at all of the services/products that KACE offers - don't feel overwhelmed as they will integrate very well with each other.

We use it for a lot of things. We use it to deploy software, configure Windows via scripts, and to deploy some certificates for our customers. We are a call center and we have a lot of large companies as clients, so we need to deploy several kinds of software, such as Office 365 and applications from our customers themselves. We use a scripting framework from our consultants and that works great.

KACE SMA is the main software I'm using. I'm responsible for the KACE solution, and if there are any questions related to it, my colleagues come to me.

We have local KACE Appliances with VMware workstations, computers, servers, and we are using OVF files.

It saves a lot of time because, in the past, before we used KACE, when we installed a new version of a given software, we had to go to each computer individually and install it manually. Now we just set the labels and the software goes by itself. It also saves a lot of money because we have time to do other jobs.

We have seven locations. In the past, if we had to deploy new software or install user PCs, we had to drive with a large number of people to get the work done quickly. Now, we can deploy the software from one desktop. One person can do it and that saves a lot of time. It makes a lot of things easier. It has had a huge impact.

Another example of a benefit is that I developed a script because my CEO wanted to know how many computers are connected to our home office network from the outside. Every hour I run the script to import the information to an external SQL Server Express with a report engine. With the KACE, you can use information for other reports.

The most valuable feature is the software deployment. That's the main thing we use, daily, all day long.

It's also very intuitive and easy to handle. It's clearly structured. For example, we are still using Microsoft Intune as our MDM software. With Intune, you get lost very quickly, but with KACE SMA, it's clearly structured and easy to understand.

We handle our local computers within the company with it. We handle our home-office computers as well. We have about 3,000 computers in SMA and, currently, about 1,200 computers are in our home office with it. Everything goes, everything's possible, without problems. We couldn't ask for more. We are able to manage all of the devices in the solution's single pane of glass. We see our computers there.

It also does patch management. At the moment, I'm rolling out a new feature update, 20.8.2, and it's a great challenge because we have to deploy it to 1,200 computers in the home office. We want to do it without interrupting production, but KACE is reliable and it's easy to adapt it to my needs for how and when to deploy the feature update.

Another feature we use is the Systems Deployment Appliance. If we install new computers, we run a script within the SDA at the end of the installation and that installs the required software for the computer, depending on which department it is part of. "Customer A" needs this set of software and we have a system image for it. And for "Customer B" we have another image with other software. We just have to start the computer, choose the required image, and everything is done automatically. There is no need to configure it. We just deploy Windows and, when that's done, shut it down, bring it to the location, connect it, and it works. Some software needs some manual configuration because it's not scriptable, but about 95 percent is automated.

KACE.uservoice.com is a platform where users can post suggestions for improving the software. A lot of ideas that have ended up in the development of KACE have come from this. For example, in version 10.2 KACE implemented the possibility of reducing the network speed of the KACE agent. You can set it so that it takes whatever network speed you want or you can set it to 5 Mb, to save network speed. You set it for all the computers, but it would be preferable to separate between VPN connections in our home office and the local area. It would be great to be able to set separate speeds for different VLANs. I posted this idea on Uservoice.

I've been using Quest KACE Systems Management for five or six years.

There have been no problems. It has never crashed. If I hadn't had to update it, it would just run.

Scaling it is easy. Last year I increased the memory because we got a lot of new computers in our company and we added some new locations. I saw it was getting a little bit slower, but I added some more memory and it was easy to scale. If you need more RAM or more CPUs, just add them and the KACE will say, "Okay, I'll take them."

Currently, we don't have plans to increase our usage.

We use their standard technical support and our experience with them has been great. Every time I have asked them something it has been perfect. I get quick answers, especially from one of the Quest technicians in Cologne, Germany.

Before I came to the IT department, we used software from CA. It was a pain. But we switched because of the price. Also, the support wasn't that good from CA, as far as I remember. That was before my time. I moved to my current position after we shut down the CA software deployment.

The initial setup is very easy. Before we upgraded to the current version—from 10.2 to 11.0—I tried it here on my local virtual machine. It took about five minutes and the SMA was running. That was how long it took from starting the virtual machine until the moment I got to the login screen. The information from Quest itself in the support area of their webpage, and on YouTube, is very effective and informative. It's easy.

It takes a little more configuration after logging in, because you have to deploy the KACE agent and create a token. To get everything working, the grids, the configuration, with Active Directory, it might take about half a day until you can say, "Okay, the KACE is working. I've downloaded the test catalog. The KACE agent is deploying on the computers and the computers are coming into the database."

My team consists of three people, including me. One person is mainly taking care of the software installations. He's looking at whether there are any new versions. I am taking care of the feature updates and software deployment, and the third person is my apprentice.

Users of SMA in our company include our service desk, our client and service first-level support. A total of about 20 people from our IT department.

The initial setup was done with our consultant, Stephan Sporrer, from OFF LIMITS IT. At that time it took five days, but at that time we also scripted all the software installations we have. He also taught us how to use it.

Setup took longer the first time because he had to teach us the whole system. Now, if I had to set up a whole new environment, it would take half a day because I know how it works.

The pricing and licensing are absolutely fair.

As far as I know there are no other costs that come with using it. It's just the licenses for the KACE based on the number of computers. Our VMware servers already existed, so there were no other costs for us.

In the future, we are looking at implementing a proof of concept for the KACE MDM, so our iPhones would be manageable with KACE SMA as well. Quest MDM is very intuitive and easy to handle. There is no comparison to Intune. If you don't work with Intune eight hours a day, every day, you get lost. In the KACE product, it's simple and easy. It's very easy for me to train new colleagues to use the KACE MDM, SMA, and SDA.

KACE MDM is also much cheaper than Intune. I calculated the savings with KACE MDM over a three-year period and they came to about €25,000, just on the licenses. That's a lot of money. And the time saved can't be measured. In the next month there will be more work with it because we have to upgrade all our iPhones. After that it will be easier because we can automate a lot of things with the policies, with restrictions and packages within the KACE MDM. When a new phone comes in we will bring it into the MDM, and the software will be automatically deployed. This will save a lot of time because Intune requires you to do a lot more steps. It's too complex for us.

We didn't evaluate any options other than KACE. The supplier of all our computers suggested KACE and that's how we came to it.

The biggest lesson I have learned from using KACE SMA is to never deploy software to many computers at one time. A few times in the past I killed the network with it. It's not good if you deploy a new Office 365 installation to about 700 computers at one time.

We're running Salesforce, which is older than the KACE, as our ticketing system. Because that ticketing system already exists, our CEO doesn't want to change it. They're planning to connect Salesforce with the SMA to grab the information from the computers. That way, my colleagues at the service desk will just have to type in the computer to see all the information that is stored in the KACE SMA. That's something that is currently planned but not implemented yet.

We use all of the SMA's functionality. We use it for inventory and for asset management. We don't really do file distribution because we use Desktop Authority Management Suite for that. We heavily use the scripting and we deploy updates using the security within. We also heavily use the support help desk section and the reporting.

We're on a legacy on-premises deployment. We're hoping to move to a cloud version in the not too distant future, but that's not on the schedule currently. Our on-premises KACE solution is a dedicated KACE SMA Appliance that was purchased from them. I don't even know if you can purchase that anymore, but it's kicking.

When it comes to the reporting for finance, it definitely helps a lot because we just run a report. It saves hours of trying to export workstation numbers out of Active Directory, and then create the Excel spreadsheets. With KACE you just run a report. I look at a couple things and, if the fields are blank I look at that, and it saves hours of time between me and finance.

It also provides us with a single pane of glass with everything we need for endpoint management of all devices. It's excellent. It enables us to analyze if there's a problematic piece of software and to upgrade it. I've even done custom fields within the software section so that it grabs the boot order from the BIOS, for example. That way, anybody needing to re-image a device can look and make sure that the boot order is correct in order for them to network-image the device. The inventory section is utilized by everyone who supports anything in IT.

It provides us with IT asset management, compliance, software asset management, and patch management. We don't use it for mobile device management. That combination of uses definitely makes it easier. For updating and configuring everything the way we need it in our environment, it's integral. It makes those processes really easy, for sure.

The help desk, first and foremost is the reason that we went to it, as well as the asset management. We have meta-reports for that, reports that we send to finance on the assets and where they are, throughout the organization. I would say those are the two big ones for the organization. We have 600 employees across the organization and everybody uses the help desk, at least.

On a personal level, the scripting and the reporting are extremely valuable to me as a systems administrator. When people are asking me questions about what devices are in management, or what devices have a certain version of a certain piece of software installed, it's super-easy for me to jump into the SQL reporting, send them the information, and have confidence that it's got some good information for them to utilize around the decisions that they're making.

The scripting and the software distribution make my life a lot easier too, because if, all of a sudden, Adobe has a vulnerability and we need to do a security patch, it makes it super-easy to do something like that, to update everything in our organization, all in one shot.

It's very easy to use. We've just been asked to create three new queues, because smaller departments within bigger departments want to use this product, due to its ease of use.

And the Systems Deployment Appliance is magical when it comes to automating deployment. Before we had KACE, we had a replication machine that would hold the master hard drive and five other hard drives, and we would manually image machines. With the deployment of KACE our lives are so much easier. Not only can we have multiple images, specific to end-users' uses, but we have a plethora of post-installation tasks to install or configure the system, tasks that can be re-used for each system. You just have one basic base image, and then you use the post-install tasks to customize everything else. It is amazing. We can send an image to 50 machines in our central operations, remotely. We don't even have to be at the same location.

I also utilize it after each Windows "patch Tuesday." I have a schedule that I have customized so that after each "patch Tuesday" it gets deployed to all of my servers. That way, I'm not manually patching my 100-plus servers. That is another amazing thing that I love about it.

I would sure like them to be able to copy and paste out of OneNote. That drives me nuts. You can't copy from OneNote into KACE. I've brought that up many times.

We've just had a major upgrade and I haven't had a chance to dig into things too much, as far as the improvements and the latest upgrades. So I can't really speak to what else might be missing.

There is a great resource for improvements that people would like to see, because Quest hosts a forum in IT Ninja where you can vote for features you'd like. When a lot of people vote on something, they roll it into their next update. There are so many good suggestions about things to add. One that I see right now is a Microsoft Outlook plug-in. There's always room for improvement, but the product that they have right now is so great, already, as it is.

I've been using Quest KACE Systems Management since I started with the company. I also used it at my previous job. The company has had KACE for about eight to 10 years. We started using SMA as a ticketing system six or seven years ago. We've been using it for quite a while and we have 26 queues throughout the organization.

It's very stable. In the 10 years, it's been down twice, and it was back up quickly. When we called support they were able to connect to it and it was fixed.

If there are any impacting outages, support is right on it. They're really good about that. I think I got locked out of the SDA for some unknown reason at one point, and support was right on it. I had it back up and going within the hour.

It supports a huge network for us and I would assume that that network has grown exponentially over the time that we've had it. There have been no implications as far as network use. It just works.

We really heavily utilize everything already. Moving to the cloud is probably the only thing that we can do differently, other than implementing the mobile device management or the file distribution. We have other solutions for those things. There isn't really anything else to expand or improve or to utilize within it because we really are using it all.

The support is good. Anytime we contact them they're always very helpful. The response time is good and they're knowledgeable.

Active Directory would have been the main solution for asset management. For a ticketing system, we used Track-It!, but it wasn't that good at all.

For the initial setups of service queues, and for setups of users, as well as for mail setup and the different control panel stuff, it's really straightforward. As far as setup of the appliance itself goes, it would be different than what we did because I believe it's mostly cloud-based appliances now, unless you're going specifically for on-premises. I don't even know if they're doing on-premises anymore.

I would guess—because I wasn't here when they stood it up—that we would have had support in setting it up because it is a KACE appliance.

When it comes to maintenance, I'm the only one required. I just did a major appliance upgrade and it may have taken half an hour. My colleague jumped in to make sure I didn't mess up any of her queues and we were good. It was done. It was super-easy.

Compared to the tools that I would have to use daily, it saves me hours every day. That is a huge return on investment, in and of itself. I'm sure that would be echoed throughout our company. Obviously, doing the reporting and the updates and all the rest of it, I'm a heavy user. I probably can't even put a number on how many hours are saved, hours that I would otherwise have to spend scripting and distributing some other way that just would not be as streamlined or easy. I script anything that has to be done more than a couple of times. That way, other teams don't have to come to me to ask the question. They don't have to try to manually fidget with things. They just run the script and it's fixed.

If you think of it in terms of time, and how it saves us hours every week, just for me and my colleague, as heavy users, a low estimate would be that it saves us eight hours each a month. That's 16 hours a month just between the two of us and we're just two of 600 people in the organization. That's a lot of money.

Even when it comes to the end-user in our organization who opens up a ticket, there is a difference between what they had to do before, when we used Track-It!, and before that when we used an email group, and what they have to do now. It has saved both the end-user, as well as the technician on the other side, a lot of time. They can respond to a ticket through Outlook. They can go through the ticket itself, they can add screenshots and attachments. It is very versatile for both sides. We're saving a lot of time with that.

The pricing and licensing are good. It's worth it. It's a core software on our system. Every single person uses KACE. Even for asset management, we have KACE Endpoint Management on each one of our devices as well. People use the help desk and we use it to track and deploy things. It's integral.

There are no costs in addition to their standard licensing fees.

We haven't had to evaluate anything else. It works great. We've got good support. The end users like it, the technicians like it. If you're happy with something, why go somewhere else?

They've got really good demos, so someone who is interested in it can watch a demo or use the trial version, and they'll know right away that it's something that they're going to like.

There is also a lot of really great, documented support throughout the IT Ninja community and KACE's own documentation. In both cases, there are all of the resources that a competent systems administrator could ever need to figure out how to do anything within SMA. Or they could ask somebody without even going to KACE's support, and that support, itself, is a whole other line of help.

The biggest lesson I've learned from using it is that it's really easy but its capabilities are totally customizable. There are tons of extra things you can dig in and do, once you get your feet wet. Once you've established yourself within the appliance, there are tons of ways that you can start utilizing it even more, such as the custom fields and the reporting, to save more time and create more efficiencies. It's a great tool for those sorts of things.

It's a great product. We really like using it. There are always improvements that can be made, but unless something doesn't work, everything that I do with it seems to be good.

I would give it a 10 out of 10 because I've never dealt with anything better in terms of the time it saves me and the ease in doing some of the things that I would otherwise have to spend a lot more time doing. I just really appreciate the system. I haven't come up against anything that I can't use it as a solution for, whether it's deploying imaging, managing, upgrading, or reporting. It's a powerhouse for me in my role. For what it offers me, it's a 10.

I use this solution for software packages, security updates, upgrades, and asset management.

The Microsoft SCCM environment is much more robust than KACE, but obviously, Microsoft equipment or Microsoft software is very expensive, so we have decided to take a cheaper alternative. It was a Dell product and we have a Dell computer base, so it was easier. There is ease of use, and its pricing was a driving factor.

Sometimes the information is not as real time as it's supposed to be. In that scenario, they have to work with Microsoft and figure it out, because I think that's the challenge that we always come across. The information we get isn't always 100% accurate.

There could be a dynamic environment where you can select what products you're using, whether it's Dell or IBM or HPE, and it creates its own repository. When there's not much internet usage, it downloads those critical patches or firmware updates so you can push it. 

I think that kind of thing will make it much better, because I think Microsoft products are only geared toward Microsoft. I think because KACE is not a Dell product anymore, it can work as a vendor independent or vendor agnostic approach where you can select which products that you are using, which models that you are using, and based on that, it can tell you there is an update or firmware upgrade that's available for this particular product or this particular model. If I forget to research what's available on the internet and the latest firmware upgrade, the tool itself could go every night and fetch whatever is the important update or upgrades that is available, download it, and tell the admin, "In your environment, these are the things that you can upgrade." Some of the work can be automated.

I have been using this solution for about 10 years.

I would rate this solution 8 out 10.

We have to do a lot of things manually, which I don't like in a tool because  automation is the key to everything. The less human interaction that a tool can provide, the better the product will be.

The use case is for organization server patching, and we also use the asset management in a smaller capacity.

For what I use it for, the solution provides a single pane of glass with everything I need for endpoint management of all devices. For the most part, it lowers the amount of time required for manual intervention. It gives me more time to work on other projects instead of consistently worrying about patching. Per week or per month, it's saving me a good five hours.

One of the most valuable features is that it natively patches third-party applications and not just a core operating system.

It's relatively easy to use and most of it is pretty intuitive. They've made things a little more involved now with the agent token that needs to be used. That means installing it from a server, from the share, is not quite as simple as it used to be, but once you know how to do it, and that it's something that has to occur, it's really not a problem.

It enables IT asset management, compliance, software asset management, mobile device management, and patch management, although we don't utilize the MDM. That's mainly due to our security requirements. But the IT asset tracking is a big segment.

And the software asset management has been a big help, even when it comes to license true-ups. I can use it to find out how many Tivoli we have, and boom, there's the number. Even if it's reporting a number that might be a little higher than what it actually is, because it's looking for one component, it gives you a good first first-hand look. As a result, we know there's something out there and this confirms we've got five of them. And you can actually click on the information about the software and it shows, for example, that these five servers are where it's being reported. If you really want, you can log in to them and validate. We have used that quite a bit.

Another segment that has really helped out is where you go in and actually use the distributions. We might have a situation where we need something installed on all 237 servers by tomorrow. I'll just go in and do a managed installation and have KACE push it out. So far, that's been pretty successful. I wish it had a little bit more ability to allow me to put something in there without saying, "Okay, we're already aware of this software. What file do you want to use?" It would be nice if it let me type it in and prompted me, when needed, saying, "We've already found that. Do you want to use this one? Yes or no?" But it hasn't kept me from accomplishing what I intended. Overall, the distribution is a pretty nice feature.

My biggest complaint is that almost every time they send out a new version, it fixes something and breaks another. Something that wasn't working in the last version now works, but something else stops; or they'll remove some dashboard that I really found to be nice and replace it with something totally different that I could care less about.

Another example of this would be that there is a set of agents where the communication between the agents and KACE is very consistent, and the patch numbers are very good. And then there will be a new agent which they say fixes this, this, and this. But then, all of a sudden, my patch numbers go down and the communication isn't as good, or they're timing-out more.

An additional instance of this is that it used to be, when you were patching, you would see how many succeeded and how many failed. You would also see which patches had failed and had reached the maximum number of attempts. Connected with that, there used to be a "reset tries" feature and that was nice because you could actually reset the attempts and KACE would try those patches the next time. Now, although "reset tries," is still there, it's grayed out. It doesn't function.

It affects usability because every time you upgrade, you don't really know what you may be getting yourself into. I wish they'd be a little more consistent and make sure it's only getting better, rather than their saying, "We had 15 known issues in the last version. In this new version, we're offering these new things, but we've still got 15 known issues."

The installs are generally very easy. You just say, "Okay, go ahead, upgrade," and they seem to run fairly smoothly with no problems. It's just that after you've done them, you have to see what is working and what's not working.

I have been using Quest KACE Systems Management for five years.

On the whole, the stability is good. Once it's up and running, it just pretty much runs. There aren't really system crashes or anything of that nature. It's a solid system that really does not encounter failures of the system itself.

Scalability is available. I have not experimented much with some of the options. For example, you can have a system at this site and have another site that doesn't have an entire KACE, but just a file share where KACE can put patches as well. Instead of servers at that site going all the way to your primary site, they just pull the patches from that local repository. Theoretically, that helps. So it can be scalable if you so choose.

In our environment we manage 237 servers. 

Their technical support is good. They're very prompt. Quest has been very quick in responding to any support cases or questions. And most of the time, the answer is very straightforward and easily executed or easily understood.

Positive

We did use something that KACE replaced, but I don't even remember what it was.

SCCM is what we use for workstations, but not for server patching. We do have WSUS (Windows Server Update Services) running as a backup in case we want to use Windows Update. We do have other options available, but for servers, KACE is the primary patching system.

I was involved in the initial setup and I found it to be relatively easy. It was pretty intuitive and straightforward.

Bringing it online to the point that I could log in took 45 minutes to an hour, and that included making sure I had DNS records so that the URL was resolving, and putting in the IPS and gateways, et cetera. All of a sudden, boom, it was up and running. 

After that, it was a matter of making sure that patches are actually downloading properly, and that the agent installs are checking in and everything is working properly. So getting it all tuned and set the way we wanted took two or three months, but the initial "it's technically functioning" was just two or three days.

We have realized a return on our investment with the solution. We are more stringent than the NSA as far as security goes. We run weekly security scans on our systems and we're consistently bringing in third-party organizations to do red-team tests where they'll try to hack in and do a lot of things to test us. Since Quest KACE Systems Management patches not just the operating system, but can also patch third-party things like Java and Wireshark if an update is detected, overall it handles everything that's detected. If possible, it will attempt to patch it.

The cost of KACE has been relatively low compared to other systems. Even if those systems have the same cost, they do not do as much of the third-party patching that KACE natively does. With a cost of less than $4,500 a year, it's been very good.

The pricing model is fair and fine. I wouldn't change anything about that.

We looked at SCCM and Qualys.

One of the reasons we went with KACE was cost. 

Another was that it patches third-party applications natively. Certain systems tend to need native operating system patching only. You can download something like a Java update and then "package it" for installation. But with KACE you can say, "If you find it and it's critical, recommended, not superseded, and it's detected on our system, download it and patch it." It's nice that it's doing third-party apps and not just the operating system.

If you're considering KACE for a large environment, come up with smart labels and patching schedules that are going to fit the number of systems that you have. The scheduling really comes into play, especially now with Windows having bundled patches. As a result, you're downloading a 1 or 1.2-gigabyte file to update the server, versus between three and seven 2 or 3 or 5 megabyte files. When there were multiple files, even if two of them didn't get uploaded, the other three did. If this one large file times out, it just does not patch. So scheduling the time to stage those and deploy on a different day is really important.

I wish we had the ability to use the mobile asset tracking and bar coding. Those are things that have been a real void in our organization. At least we are utilizing KACE for the servers and we manually input barcodes or serial numbers. Having the option to use a KACE app to input that information is nice and would save a lot of time. 

We use the KACE solution for endpoint management, since our posture is based on endpoints. We have almost 2,000 endpoints.

We have two KACE boxes. It's not a virtual appliance, it is a physical appliance.

It's not only saving time but increasing IT productivity. If you have a KACE box, you're going to save a lot. Having KACE is a blessing for IT administrators for endpoint management. They can do a lot of work remotely, as well as troubleshooting, mass deployment, and mass uninstallation. KACE is very intelligent and it has its own uninstaller.

An example of how KACE helped is that there was a McAfee service-provider who was visiting us to do a McAfee upgrade for our antivirus system. They are experienced people, the subject matter experts for deploying McAfee, the client, the agent, et cetera. He was having an issue uninstalling a McAfee firewall client. If you deploy a McAfee in your network, the uninstaller should be from McAfee, but the uninstaller from McAfee was an outdated version. Uninstalling the firewall client from McAfee requires a lot of effort. It's not impossible, but it's time-consuming and if you try to uninstall from the control panel, of course it won't allow you. There is a popup for the password and, without that, a lot of problems are going to occur. 

He told me he was facing this issue. The solution for uninstalling it was provided by KACE. I demonstrated it to him for one of our clients and he was shocked. He started writing that command, and the next day he sent me a text message, saying, "Thank you. You made my life easier." He gave that command to another customer, a client of his who is an IT administrator, to run that command via a batch file to all the end-users, because they didn't have KACE. 

For an IT department in any organization that pays for endpoint management, KACE is really a blessing for them.

The most valuable feature of KACE is the mass package deployment. There are a lot of endpoint management solutions in the market. The way KACE responds is with the installation management feature, which is done in a very intelligent way, as well as scripting. It's wow. It's really wow. On top of that, there is a mass undeployment feature as well.

For example, we had an issue a while back where there was a plugin for the SAP module being deployed to almost 1,800 computers. It was taking a backup, restarting the machine, and updating it automatically. Our end-users were complaining every day. We were receiving hundreds of calls. We found out that the issue was this plugin. It was updating and restarting machines without informing the users. When we did inventory, we started finding this application, but we didn't know about the history of that application. Luckily, KACE gave us an uninstallation path, the command line. When we deployed it, believe it or not, it worked as a massive uninstallation feature and it took care of almost 1,800 computers within one hour.

It's really very time-saving stuff. It's all up to you, how you are going to utilize KACE, but if you know the way, the features are very user-friendly and it does not require scripting. There are built-in features where you can build your own script and execute it remotely through KACE. 

I have never officially worked on the service desk model of KACE, but when I went through it, it was fine. It's good for a small IT department. It's more than enough. It has asset inventory and printer inventory. You enable the SNMP features and you can get reports on printers and even printer cartridge utilization reports. It's a very handy tool for organizations that have a lot of endpoints in place.

We also used the Systems Deployment Appliance for Windows 7. Now, we are planning to use it for the Windows 10 upgrade for the rest of our machines. If you're going to capture the image of a machine and re-image that machine, it's great. Over the network, it took us 18 minutes to deploy 19 GB of images. And that was not on the same campus. It was a remote campus. For the same campus, we also used it to deploy and it took us, I think, 16 minutes and a few seconds for almost 18 GB of Windows 7 images.

There are a lot of nice features.

There is a module for agent management when you right-click on the inventory. If you want to connect remotely you can do so. But sometimes the agent check-in does not happen. You can do the first check-in through a script, at the same time. 

But there should be a mini toolbox, like the competitors of KACE have, with the small features for KACE administrators. That would make their lives easier. If you are troubleshooting a specific endpoint, remote control is available as is Wake-on-LAN. But if you want to execute some commands, you have to use a third-party tool, the PS tool. If they would integrate those small things, it would make KACE more powerful.

I have been using Quest KACE Systems Management for almost five years.

Initially, four years back, we were having a lot of issues with the KACE agent. But as the solution has grown, the maturity level has really increased and the stability and the reliability have as well. My KACE machine has not been down for a single day in the last five years. It's a very stable product.

It's really reliable now and very intelligent on top of that. When we do a mass deployment, there isn't a single day when my network admin asks me, "Why are you deploying this?" I deployed Office 2013 with KACE, in a massive way, and our network guys never said, "Oh, we can see there is a bandwidth spike." The way that KACE intelligently deploys and manages installation is great. It's really kind of a miracle. I believe that they select a group, copy the file over the network to the cache of the local machine, execute the command, and then install the media file on the local machine.

KACE is very scalable.

We started with 700 clients and today we are at almost 2,000 clients. There hasn't been a single day where I have been concerned about the scalability or the of KACE. 

Quest Support for KACE is good. They are responsive and they always give you a solution in a  timely manner. 

We faced a problem two or three years back, an issue with the inventory of Forescout Secure Connector. We could not find out how many machines had Secure Connect Connector because it's installed as a service. It was a very complex problem for us and KACE support came up with a solution: Create a new, customized inventory to get Secure Connect to be considered as a process. On that basis, we had a new entry and this solved our problem.

We have not used another asset management solution in this organization. I did use SCCM in my old company.

For us, the initial setup was not complex. The problem was that the environment, the network we work in, is a very restrictive environment. We have a lot of firewall policies and a layer of firewalls across the network. Because of the complex network architecture, we struggled a bit with the network discovery of the endpoints. We used one of the best practices: Do auto-discovery and then apply the agents.

At that point in time, I didn't really know KACE. It was a new box. I started discovering what would be next. The next thing that happened was another blessing from KACE which was having it do the Active Directory group policy deployment for the agents. I deployed it and that discovery was running for almost a week, but we started installing the agent within about four to five days. It was time-consuming. It took us two weeks because we ran it organization-to-organization because it would have slowed down the network. We did not want to take any risks. If we had taken the risk, it wouldn't have been an issue, as far as the KACE agent deployment is concerned. 

Now, whenever a new machine comes into our network, the KACE agent is automatically installed. Right after that, KACE is installing one of our NEC client agents automatically. Then, KACE will discover that this machine is a part of the McAfee agent, and if it is not, it will automatically install the McAfee agent. Then I configure McAfee to sync with Active Directory. 

So for us, when a new machine is joining, the desktop engineer will run only one command, GPUpdate. The machine will restart and then all the group policies, the KACE policies will be deployed. KACE will then install all of our small plugins automatically and they're good to go.

One of the best parts of KACE is when you go for a version upgrade. Once you do a version upgrade for any KACE module—any KACE virtual appliance or physical appliance—it's very user-friendly. In addition, the agent upgrade is a miracle. When you do the agent upgrade for the KACE appliance for the first time, it's "super-wow". The last upgrade I did was for almost 1,900 PCs, and all the agents were updated automatically when I upgraded the agent package. It took only 24 hours.

I am the only KACE administrator in our organization, but there are desktop engineers who log in to KACE. They review machines, but I do all the administration and configuration. They use it to take inventory or check the memory and see what replacements are required. They are read-only administrators.

We have seen a lot of return on our investment in KACE. One area is headcount. We are a military hospital. Imagine having 2,000 computers on the ground in different remote locations, yet having only seven desktop support engineers. If you do the math, there should be no way that seven desktop engineers can support 2,000 endpoints. Even the best-case scenario is one engineer working with 100 desktop machines, max. That gives you an idea of the headcount savings.

We are also saving on the licensing fee, compared to other endpoint management solutions.

KACE is very easy to use and user-friendly compared to the other endpoint management tools, like Microsoft SCCM and other third-party tools, in terms of IT administration. Compared to its competitors, it's easy to get machine inventory.

If any organization wants to manage its endpoints, having KACE, as I said, is a blessing for the IT administrators.

I would give it an eight out of 10. I am being demanding because there are some more improvements that can be made. But KACE can be a superpower in endpoint management.