Today's world demands that administering entitlements and access to computer resources be efficient, accurate, and secure. As more and more computing is done remotely, and as organizations grow in size and complexity, these challenges continue to grow. Multiple waves of technology have left most organizations with IT infrastructure that is complex, inflexible, and expensive to run. People, devices and applications are tightly coupled making it difficult to roll out new applications or support new work patterns. IT organizations within corporations have to manage a hundreds if not thousands of applications, based on divergent technologies, and run thousands of PCs and servers, each with its own operating requirements and idiosyncrasies.
Maintaining software on a distributed PC or other access device is expensive and time-consuming. As the number of applications and services provided through the PC grow, the complexity of the PC configuration increases.
Historically this problem has been addressed by ‘locking down’ the PC to limit the changes that can be made to it. Products have also been introduced to ‘push’ software to physical devices but these approaches depend on there being a small, well-defined number of access devices as well as a relatively infrequent update cycle. Until a few years ago this was difficult but achievable in a well-managed environment. However, an explosion in the number and type of access devices (which now encompass devices such as PCs, laptops, PDAs and mobile phones) combined with a need for frequent, real-time updates (e.g., to protect against viruses, worms and security loopholes) has rendered such an approach unworkable.
In large organizations, the problem of access device diversity is compounded by the fact that end users use applications that run on many different platforms. Some run on the user's PC, some run centrally as terminal applications, thin clients or web services and some run on virtual machine technology. Previously, the infrastructure for supporting and managing these applications was entirely separate.