Focused on using technology to improve the student experience, Loyola University's Technical Support team identified the end-user IT analytics technology from Nexthink delivered by AppsAnywhere as a way to provide the next-generation service desk for the university.

Next-Gen Service Desk at Loyola University Maryland - Video Transcription

Hello, everybody, and welcome to the AppsAnywhere Loyola webinar. This is the university next-generation service desk with Nexthink. Thank you all for joining. Just a few things to talk about before I hand over to Pat Donohue, who is going to take you through his journey and experiences with a technology called Nexthink. Before I do that, just a bit about myself, I’m Tony Austwick, one of the founders of AppsAnywhere and I’d like to tell you a little bit about ourselves before we get into it. Of course, a little bit about Nexthink as well. To do that, I’m going to share my screen with you guys, so you’ll be able to see a small presentation. Let me take you through.

I’m Tony Austwick and we’re AppsAnywhere. AppsAnywhere have been around for quite some time. We established in 2009 in the U.K., and you can probably tell from my accent that I’m not from America. We spent all of our time in the last 6 years deploying cool technology to the education sector. And in the U.K., over 50% of the universities work with AppsAnywhere around projects for deploying applications, improving the service desk—anything that improves the student experience. During that time, we’ve taken on a number of different products.

Nexthink, we started distribution of this about a year ago and when you hear the story from the guys at Loyola, I hope you realize it’s one of the coolest pieces of technology I’ve seen in years. It’s all about end user analytics. It doesn’t sound cool but what it actually does is give you a mechanism that takes on some of the challenges that are fundamental to you guys in the education sector. In many ways, it helps you create the next generation of service desk, or I like to think of it at the help desk 2.0. What user analytics actually gets you is not just another user monitoring tool for the end user state. It’s about being able to be proactive around how you deal with issues and deliver services. Because you’re monitoring the end user state, you have a number of positive side effects. There is an obvious implication around transforming IT. Understanding your end user state allows you to make better decisions. It also gives you real-time progress updates without the constant need of constant progress meetings and things like that. Another positive benefit or side effect would be around security. Again, spot any kind of unwanted or threatening behavior before it comes an actual issue within there. What I’d actually like to do now is hand this over to Pat. I’ll make him the presenter and he’ll take you through his journey with Sofware2 and Nexthink.

Hello, everybody. My name is Patrick Donohue. I am the Director of Client Services here at the University of Loyola Maryland. I’m here with a few other folks.

I’m Peter Farrell, Assistant Director of Operations.

Patrick Kelley, or PK, Client Services Engineer.

So my team and I here have seen the benefits of the product and would like to share it with you. Before we get started, here’s a little bit about Loyola University Maryland is. We’re a private Jesuit Catholic University, founded in 1852. We have 3 campuses here in the greater Baltimore metropolitan area. We have 3 main schools and they offer 35 undergrad and 9 graduate programs. Approximately 4,100 undergraduates and 2,000 grad students. We have a little over 2,000 managed endpoints, which central IT here manages on the campus. And our students bring their own devices to campus, so we treat them as unmanaged.

A little history here about how we came to find out about the product. We first started with AppsAnywhere on another product they offer called Application Jukebox. The conversation then branched out to Nexthink analytics, which we were curious about as well. I think end user analytics is a very cool term, but our challenge on why it intrigued us was everyone in their IT organization has tools to help them find information about their endpoints and it’s how well you use those tools that make you a great IT organization, at least in term of operations, service, and support. Our challenge was the time of that information. It took too long for us to investigate questions that were coming from our user community or to provide support to our leaderships for the purposes of decision making. We can use the tools that come from Microsoft, like SCCM and things of that nature to get that information, but it took a long time and with our staff constraints, we just weren’t turning over that information as quickly as we needed to for our end users or our leadership.

End user analytics also helped us with the ability to “get our eyeballs back.” We had some monitoring tools but this just added the entire breadth of our operation in one package for us. So we gained back that operating visibility and were able to see things we always wanted to and in such a nice, simple way. So what we decided to do after seeing it was a proof of concept. We did a 30-45 day engagement where we brought the product here to our virtual server and we deployed the end point total on the machines out there in our environment. When they began reporting back, we saw an immediate visibility. We were able to tell all the nuances that we couldn’t before in such a consolidated aggregate way.

It also did some other things for us. In that conceptual proof, that 30 to 45 day time period, we were able to find out how secure our machines were and respond to certain types of scenarios that come up in higher end environments. Those things are like loss or theft. We had one with an academic laptop that happened in our physics area. They have a lab, where they teach engineering students. That laptop suddenly went missing and the dean of the school over there contacted us and said, “We don’t know if we misplaced it. Can you tell us where it is?” Before, I would say “go fish,” but it would take a while to find that piece of equipment. But we knew the computer names of the machines in that area and within 5-10 minutes, we were able to tell the dean that the laptop last showed up in this area, with this user, and doing the following things. In which case, they went down their road and found a theft or a misuse of the student there. What I love about that story is we looked like an IT organization that is knowledgeable and able to respond with information in real-time, so it’s done a lot for us. It might not be a big deal to lose a physics laptop—there’s not much information on there—but where it did help us is when there’s a high security laptop. Our human resources director had their laptop go missing and then we are concerned. This person could have information on the machine that is personally identifiable to the employees at Loyola here. So the big concern from leadership was, “How well locked down is it?” We have securities we put in place, such as drive encryption, VPN software, things of that nature, and we wanted to make sure that laptop had been locked down in the way we have for our standards. We brought up Nexthink, we were able to tell last known IP, last known state, we were able to confirm the drive was encrypted, and that all the other security controls were in place. We had mitigated the risk of that machine’s setup, which put our minds at ease. We still didn’t like that we couldn’t find it but at least we were able to verify the level of risk that was going to happen.

How would you have done that before?

From a number of different systems, we would have to engage with our firewall networking personnel to determine the IP address it was last seen at, we would have to use a CCO reporting structure to see if BitLocker was enabled, what is the status of the partitions, and we would have to do a report. Those reports are done on a cyclical basis, so we only knew what the last known details of that machine were, so anything could change in that data coming back into the report engine or not. It would have been a number of steps and hours to engage with either different departments or reporting tools to get that data that we’re looking for. Nexthink actually aggregates all of the data to one source. The aggregate information was what really sped it up.

So other types of cases that we had, as far as security goes, we had an instance where a professor was teaching a class and some content came up that was not appropriate for the lecture. We were able to tell by the tool that it had been tampered with at some point, perhaps to play a practical joke on the professor, but it certainly helps the professors save face and us to assist on an uncomfortable scenario there. There’s more cases of security we’ve had.

We’ve also been able to help with our service. We have received enough complaints about technology not operating as efficiently or performing as it should be. We’re able to go back and use this product to put the technical details behind it. Why is it slow? Why is it slow today when it wasn’t yesterday? Do you think it’s because you received that e-mail? Sometimes people attribute performance problems to something that occurred that day and sometimes it’s not the right breadcrumb trail. We’re able to see exactly what’s going on in that machine and it could be the hardware CPU is low and we need to add some hardware to it. It could be that they downloaded something they shouldn’t have and there is an issue with that. But now we can tell them, “Here is the root cause and here is why,” and we can do that in a quick way. That also happened, too with people who install soft patches and things of that nature. We can determine what’s causing the problem so it has empowered our staff and leadership too. It’s allowed us to determine who is using what piece of software and where is it. That’s information we like to know at the university. Also our asset management processes, because we know when things move and where they go. We can set alerts and things of that nature. We can do that will all of our asset management tools but this one provides it in one interface, so that’s why it’s helpful here. It’s also going to help us in determining our readiness assessment of Windows 10. If we put out a Windows 10 image out there, what would it have to look like and be configured for, for the units out there? Could it handle it?

You managed to do all that in the POC, Pat?

We did most of it, except for the stuff we’re looking to do, which Pete is able to explain a little bit, but yes, all of the elements are here to get all that information in order to use it. It was very quick. We all came in, set it up, and as soon as the machines were talking to it, all these things started lighting up and it was pretty easy for us to do. And it was this plus some. There were a number of things low on the radar that we were able to have advisory visibility of. It’s just that these are the big ones we’ve encountered.

After the proof of concept, we saw the capabilities of what the software could do, we started thinking about what we wanted it to do and what it could help us with. It’s really about empowering our service staff. We’re constantly being asked to do more with less—staff cuts, budget cuts—and this tool has given us the ability to get visibility back into our systems and empower our service staff and technicians to find the information they need to troubleshoot problems, and really being proactive about fixing things instead of reactive. It was really back in the day when there was one device on everyone’s desk, it never moved, and it was always on the network. Now we’re dealing with a multitude of devices that are constantly on the move, so having this aggregated data about our devices, one place to look and get full visibility to what’s happening across the whole network, and with all of our devices has been very powerful.

In terms of looking forward, we’re constantly trying to look at our software licensing to make sure we have the proper licenses. For instance, if we have the entire full-site license for Adobe Creative Cloud suite—are people using it? We are getting the most bang for our buck or are people just using Acrobat Pro and not using the whole suite? This is giving us easy visibility into what applications people are using so we can audit and adjust our licensing as necessary.

Pat mentioned Windows 10 readiness—we are looking and testing out Windows 10. Next thing out of the box has reports for readiness where they can instantly identify which machines you’ll have issues with Windows 10, so we can make sure that problem is addressed before we deploy the new operating system and people have issues with it. We can know that ahead of time so we can address those issues. We’re working with Nexthink so we can get more granular, we can roll it out to more of our IT staff so they can get the appropriate access for their role. Not everyone is an admin, not everyone need to see everything. One of the other big areas we need to be focused on is sustainability, power consumption, things like that, so we’re hoping to be able to use the Nexthink tool to look at the power consumption of our end points and make adjustments based on that information to, you know, the power settings in group policy.

We decided we were going to initially do screenshots like the one you see here but we decided just to show you what we have here. This is what’s called the Nexthink Finder. The Finder is actually an application, but currently we only have it available in VDI security environment, not on your local machines right now. This was done in the proof of concept and I haven’t had a lot of time to fully integrate and develop this and get it out to staff on their local desktop, so it is secure and mainly because information is contained in here, we don’t want it to be proliferated. The Finder is the actual application. There’s also a dashboard, which is a web interface. This is kind of like the Google of your machines. You type in something you’re looking for, like my username, and I have a normal user, I also have an admin account, and it looks like I’ve logged into 178 devices. The Finder uses an in-memory database and you can only see a certain amount, depending on how many end points you have. I’ve logged into more than 178, but I’m able to see a three-week window of time in our current environment of what I’m looking at. It doesn’t mean that you won’t be able to see beyond three weeks. Depending on your configuration, you can go through plenty of months and have data for plenty of years. On the left-hand column, these are pre-defined and pre-organized investigations. Everything in Nexthink Finder is determined an investigation. You can click on something you’re looking for. These are 26 devices and it’s in a recent period of time, 2.6 weeks right here. You can change what period of time you’re looking for and you can start changing some stuff. Here’s the full depth of information contained in the Nexthink Finder. As you start adding more detail to the screen, obviously your estimated runtime down here is going to increase. When it gets all red, that usually isn’t great. It just means that you’re asking for a lot of detail and information but when you’re in your investigation, you can tailor what you’re looking for. The IP addresses, it’s going to find your Mac address, your wired connection, and your wireless connection. You’re going to see your boot time, number of days since your last boot time, what operating these machines happen to be a part of. A vast majority of our machines are 64-bit but where are those 32 and why are they 32? Hard disks—what capacity? Does it make sense for us to buy machines that have 500-gigs when they’re only using 100 of it? Those are the kinds of questions we can answer on the fly. The number of applications, the number of executables, the number of binaries, activity contained therein, the total number of active days that machine has been on online, the number of executions, the number of connections, the highest privilege reached, the errors, a hard reset—you can see that. When people are having issues, it’s not that we don’t believe people, it’s that we have to see it in the black and white. That really helps me diagnose the actual issue. The time, the execution duration of an executable, how long it has been on the network—with that detail, I’m going to go to the start screen here.

From the start screen, you can start a new investigation. You can custom design something, what you’re looking for. Just to show you how that goes, when you create an investigation, you can make that a standard you’re going to use a lot and you can have that in your left-hand panel. Somebody forcefully ran a command prompt and they shut down a machine, or we just recently made sure that all of our IE binaries are up to date, so everything below IE11 is not supported anymore, so we can pre-configure that to login and check that out. Our loy617, that’s our local admin account that we have. We use a local admin management utility, so we just want to make sure who is using it and how it’s being used. From that screen, we also have your device comparison. What do you want to look at? This one happens to be user login duration baseline. How long did it take for that machine to log in to where the user was actually able to use it? We have a couple of machines that are 1 to 2 minutes. This isn’t very good, 5 to 10 minutes. We can also look at the system as a whole. This is the total number of users, 5,000. Devices online, we have 2,540. We don’t have many Macs deployed at his point because it’s in testing but in that one device it works very well. Number of programs, updates; it’s pretty much going to give you the snapshot of what’s going on. From the start screen there’s some recent alerts down here. High threat level, this is virus total information. Anything that’s a high level threat is going to be characterized down here. Less than a minute ago, I had 6 of these. We now know what’s going on here. This machine here had a dangerous binary. What was that binary? It happens to be video downloader. Somebody got a toolbar and they got that. Moving on, as an example here, this is new a machine on the network here. I just installed this client before I walked downstairs here and we’re able to see a lot of detail on this particular client. I did some patching, I installed Nexthink, I installed Google, I did the GP update. You’re able to see all of that information here. This is a timeline of what’s basically going on with the machine. From our services, we’re able to monitor services that are critical to our organization, Citrix, Outlook, Skype, VMWare, Infor EAM, Colleague—our data retention service for all of our critical data that is stored in there. Is it performing well? Are they having issues with it? Is Internet Explorer doing what it needs to do? As a whole, you are able to see all this program data. When you use those as services, you’re able to have that data tracked in the portal here. The portal is great for showing and having your high level users have information they don’t need to get from the Nexthink Finder. The high level people care about this kind of data, they care about all the pretty graphs and all of these numbers. They have zero devices with issues—that’s great. Having these numbers and having these things in the green area is what’s important. This is content we have pre-published here. IT governance, device issues, application issues, malware protection. What end point protection is available? Is it having problems? How are our services looking?

It’s perfect. That’s a really good and concise overview. I just have a couple more questions. Maybe you guys can answer some of them. Can we see the data the users are accessing?

No, we cannot. We can’t see anything a traditional firewall or switch cannot see. I’m able to see what domain they have established a connection with—if the user engaged that or if it was an ad forced down. I can’t see what they looked at or any of that other stuff but I can see what domain they’ve accessed.

Technically speaking, you could put this on any device, as long as they connect to your servers. Someone is asking about BYOD and helping a student on their own device. I’ll let you guys answer that because of course it’s possible, but is it something you’re likely to do?

We’ve thought of that. It would help in that scenario for the IT folks. There’s probably a political question there that needs to be asked and transparency, since you’re now touching a personal device that was not bought by university funds. We’re not going to go down that road here, at least not now. We’re going to get our machines that we own on our own network—those are the ones we’re targeting here and we call the managed endpoints. The unmanaged endpoints happen to trickle into the university and we don’t apply it to that because there is a larger discussion with leadership that needs to occur.

Within our region in the U.K., our universities tend to be a little bit smaller than the universities in the U.S., but the largest university in the U.K. has around 27,000 students and 8,000 staff, to give you a scale. The largest user in the world is the Ministry of Defense in France and I think they’re monitoring hundreds of thousands of endpoints. And their focus is obviously on the security aspect. One final question is how does the licensing work?

It’s actually done as a device, so it’s based on the number of devices. There is the option in the U.K. for licenses. Currently, we have a 2,500 client license and 10 server licenses.

We don’t currently have any Canadian universities using the Nexthink solutions, but we do have 3 customers in Canada using the Application Jukebox solution. We’re actually going to an OUCC, Ontario University Computing Conference, coming up in May, and we’re going to be there. If there’s any interest at all, we can show you, and I myself will be going to that.

We have one question we remember asking is we’ve seen products like this before where the client engine had bogged the machine down CPU-wise. We were very surprised and pleased to find the Nexthink client is virtually unseen. It uses like 1.2 kbps of network connectivity. The actual client itself is so small no one has noticed it at all.

That echoes the experience we have over here. It does so much with so little as a client. It’s a very well designed client analytics tool. It does not require any special features. It’s one port. You have a web server and you have an engine server and depending on the number of end points that you have, depends on the number of engines you need. It gives us appliance distribution, it’s very well designed, and works very appropriately.

If anybody has any questions, please do get in touch. Thank you ever so much for joining and we’ll say goodbye now, but have a great Easter weekend and thanks so much for your time. That was brilliant. Catch you all later.