I'm looking for advice from anyone who has experience with building or supporting endpoint management systems. We recently had an internal project to implement ManageEngine for endpoint management but, at the last minute, our management decided to pivot to a fully open-source solution. This has put a lot of pressure on my small team, as we are now tasked with designing and building an endpoint management platform from the ground up for our fintech company based in Bangalore, India.
We need a solution that can manage about 150 Windows laptops, 200 Ubuntu laptops, and 75 macOS laptops, while ensuring core functionalities like OS patching, third-party application management, remote monitoring, and basic policy enforcement. Our environment is regulated, so we require strong auditability and traceability, and we're integrating with existing security tools like SentinelOne and CrowdStrike Falcon.
I'm at the design stage and I want to avoid costly mistakes. I'm particularly interested in understanding:
1. Is a fully open-source endpoint management solution realistic for our scale? Are there hidden operational costs we should consider?
2. What common failure points exist with Linux and macOS patching in heterogeneous environments?
3. Where do teams typically underestimate complexity in tools like Salt, Munki, and internal repositories?
4. If you were in my position, what would you simplify or steer clear of?
5. Any advice for someone transitioning from support to sysadmin under pressure?
I'm keen on learning from your experiences and appreciate any blunt feedback or war stories you can share. Thank you!
4 Answers
Honestly, your manager might not realize just how complex this will get. Managing the cybersecurity side is great, but if your team is too small to support all this, you'll be in trouble. Consider advocating for some budget to hire additional help, especially for development.
From what I can tell, you're diving into a pretty tough project. Before you go full steam ahead, you might want to ask your manager how this will really benefit the company. It sounds like you're trying to reinvent the wheel here when a commercial solution already exists. Just remember, any time spent fixing bugs or dealing with unexpected issues can pull you away from your main responsibilities. Going with something already built might save you a ton of headaches in the long run.
You could totally use tools like Ansible or Salt to start building your solution, but be ready for a lot of maintenance. It will be time-consuming, so think about potential hidden costs in terms of staff hours.
Your management is making a questionable call here. It feels like they expect you to replicate a robust system without giving you the resources to do it. If you can, lay out the costs of this endeavor versus sticking with a proven tool. That might open their eyes to the reality of the situation.
Totally agree. Building it from scratch sounds like a nightmare, especially if you have to balance it with your daily support work. You might end up spending more time fixing problems than if you had just used a ready-made solution.