Review: KBox by Kace

If you're familiar with Microsoft SMS (SCCM), Altiris, or LANDesk, then you're familiar with the space the KBox plays and what intrinsic value these products bring to an enterprise. The problem with the traditional aforementioned products, besides enormous cost, is complexity of architecture, deployment, and management. Don't get me wrong, these products do what their intended purpose is and do it well, but let's face it, people can and do make careers from supporting SMS infrastructures. They are large, distributed architectures that are not easily managed. Enter the KBox by Kace, an appliance based solution that can be scaled horizontally with add-on modules and additional appliances. The hardened, FreeBSD-based platform sets up in a snap and contains everything you need in a single unit.

There is a lot to like about the KBox but simplicity is what really stands out. There are 3 primary flavors the platform can be had in: 1100, 1200, and v-KBox. The v-KBox is the appliance in VMware VM form that is intended to integrate into an existing ESX/Vi3 environment. The 1100 and 1200 appliances are 1U server boxes that differ in CPU speeds, RAM, power, and disk configurations. The 1100 can manage 3000 nodes while the 1200 can scale to 30,000 and supports system segregation for distributed IT departments. All platforms are built on FreeBSD and include other features and packages required to complete the solution: MySQL, Samba, etc. The KBox can manage all Windows versions, Mac, and Red Hat Linux.

Initial setup consists of naming the KBox, assigning IP information, then after a quick reboot it is ready to go. You browse to the IP or name (if you created an A record) and start managing. Because the KBox is module-based what you see next will vary depending on what you've purchased. Included in my demo I have the core Management Appliance as well as the Asset Management and Help Desk add-on modules, version 4.3.20109. Additional capabilities include OS deployment, Security Audit and Enforcement, and iPhone Management. Once logged in, on the home page, you will see news, faqs, alerts, and general status of your managed nodes.

The KBox can be configured to integrate with LDAP (Active Directory) or you can create and use local accounts contained within the appliance database. The local admin account will always work in either mode, but if LDAP mode is selected no other local account will be granted access. In either mode, role based access can be granularly configured to delegate very specific accesses to any number of users.

Client management is agent based and can be easily pushed from the KBox. This can be done ad-hoc, targeted to a group of computers, scheduled, or staggered. Once the client is pushed you can check the Provisioned Configurations job progress to watch which step in the process is under way and the results of each step.

Once your clients have successfully checked in with the KBox you will see them as managed nodes in the Inventory pane. You can view detailed information about each node by drilling down into each. The amount of available information is vast. All software, processes, services, and hardware are available for easy scrutiny.

Labels are at the core of the KBox management system and determine in how much detail you can manage. You can create any number of labels for literally anything. Users, business units, software, hardware, locations, anything. Labels can be used to group assets, in filters to drill down in software updates and reporting, and serve as the basis to which actions can easily be applied. For instance you could run a software removal script against all nodes running Limewire (label=limewire), or push patches to all Vista desktops (label=vista), or run a report to show all tickets opened by the sales team (label=sales). Labels are created within the Inventory context.

One of my favorite sections of the appliance is software distribution. Kace has acquired and has provided easy integration with the KBox. is a fantastic website that houses extensive information for almost any application you can think of. KBs, switches, install strings, gotchas. No other vendor in this space can provide you with such detailed information usable to create and deploy software packages. Once the KBox has been set to use AppDeploy Live (configured in system settings), you can see detail for each software item in the inventory. This free feature saves a ton of time when configuring deployment/ removal packages.

Distributable software packages include .exe, .msi, or .zip and can be stored on the KBox or referenced on another server. The easy way to deploy software is to first install it on a managed client then let the KBox discover it. Find the application in the software inventory and associate the installation bits by uploading the install package or specify an alternate location via UNC, a DFS source, or HTTP location.

The Asset Management module is one of the more expensive add-on options as module price points are based off of number of managed nodes. Compared to the Help Desk module (also licensed per managed node) the Asset module is over 50% more in cost. It builds on the native Inventory function allowing the creation and storage of additional item types. Vendors, licenses, locations, etc. Software keys, serials, and vendor contacts can all be stored within. Software metering is a useful feature of this module allowing for the usage monitoring of specific software on managed nodes. All said and done, from where I'm sitting, it looks to be really a big, very expensive data repository which is another database instance in the common MySQL database. Not so sure it's worth it, but it does provide a nice feature.

The scripting features are particularly powerful providing easy customized executions on the managed nodes. The sky is the limit here as files can be pushed on the fly which can be set to follow strict policy and job rules that include verification and remediation options. Three different scripting options are available.

The patch management offering is extensive providing support for both OS and application patches. Once an OS is selected all available updates, both OS and application, are cataloged but application updates have to be expressly allowed to download. The KBox will download ALL cataloged applications which will include those that you do not own. Each update can be marked active (ready to deploy), or inactive (ignored). Every update can be assigned to a label and the KBox keeps detailed track of which updates are installed on what computers. Patches can be deployed forcing reboots or allowing an active user to snooze. 250GB is not really a very large disk anymore so I have concerns of overfilling from downloading every patch and update under the sun. Kace tells me that they haven't had any issues with disk space shortages yet.

Reporting options are ample and can be generated in a variety of formats for 75 items out of the box. Custom reporting, including direct SQL queries, are available as well.

Finally, if you're looking for another bird to kill, the Help Desk module can provide you with an enterprise ticketing system. Pricing is definitely industry competitive with the added benefit of no additional hardware or OS licensing to procure. The interface is completely customizable, integrates with AD, can be delegated at very granular levels, and includes a knowledge base system to boot.

My setup as tested including 100 managed nodes, a year of support, after discounts, is roughly 50% less than a similarly configured SCCM solution with an add-on ticket system. You can do the math on this. Enterprise management is not a cheap buy-in and for the SMB the KBox makes mind numbing sense. I'd be interested to see how well the solution scales in a big enterprise because the platform is stable, user friendly, cost effective, and powerful. If you have deployed or managed SMS you can appreciate how easy this setup is. If you're in the market to implement an enterprise management solution, I encourage you to give Kace a shot and do a Pepsi challenge with any other vendor you're considering.


  1. Here's an update on pricing: Now that Dell bought KACE, all KBOX modules are included now in the base price (priced per-seat). I've been demo'ing a KBOX 1000 for a couple days, since I'm unhappy with the new interface Symantec put on my current mgmt product, Altiris Deployment Soln.

    I think the KBOX is powerful, but the interface isn't intuitive to me at all. I've been doing IT for 15 years, and pretty much know what I'm doing, so that surprised me after all the KBOX marketing about how their customers LOVE the KBOX. Though I watch KACE's YouTube webinars and read the admin guide, I still can't intuitively figure out how to do most things on it. I end up having to contact their free demo tech support. Nevertheless, I'm thinking if I can get past the learning curve it will probably turn out to be a good management tool for me.


Powered by Blogger.