What actually drives the features needed in an RMM? MSPs and their staff certainly have a vested interested in what those features are, but ultimately an RMM is a tool used to service a client’s IT estate. It might sound obvious, but it’s important to re-iterate that as the client’s IT changes, so do the needs of the MSP, and thus the needs of the RMM.
To understand why, we have to understand what a small to medium business is likely going to look like over the coming years, and even delve in to why. Let us take a typical business of 25 users. The type of firm that is the “bread and butter” of a lot of MSPs today. 12 years ago, what would the lifecycle of a typical firm look like?
Generation 1 (12 years ago)
1-3 servers. E-mail was probably on site (Maybe Small Business Server). They likely had another server that provided their line of business application. Probably another application SQL backed. Hypervisor technology was only just starting to gain mass adoption and most servers weren’t virtualised. Powershell was in its infancy. Smartphones are kicking off big time, but there hasn’t been wide spread adoption of e-mail on phones. Software is most likely a permanent purchase. Maybe the client even had a Blackberry Enterprise Server. Maybe you, as an MSP, hated BES with the burning fire of a billion suns. The client has a basic anti-virus.
Generation 2 (7 years ago)
The servers have been refreshed, most likely virtualised. Probably on Server 2012 R2 or around that generation. Line of business applications are still the same. Probably on a later version of SQL server. Client now has a Remote Desktop Server to help with remote working. We’re now in the golden web age, everything is instant. Web frameworks are exploding. Web apps are starting to become more and more complex. Smartphone is king. 365 is starting to take off. Some firms don’t quite trust cloud technologies yet, some are choosing to put their mail in to Exchange Online. Powershell is in full swing and is getting amazing adoption. AWS/Azure are smashing it, but they’ve mostly not been implemented in to SME workloads. Most people have mail on their phone. No-one likes Blackberry Enterprise Server anymore, everyone’s buying an iPhone. The client starts buying their Office licenses through 365. Security is a problem, but nothing compared to what’s going to happen over the next 7 years. Client still has a relatively basic AV.
Generation 3 (Now)
There has been a huge fundamental shift in the needs of the client. Their Line of business application now has a web based alternative. The original line of business vendor didn’t pivot quickly enough, a competitor came along with a superior web app and now that’s what the client is using. The client is mostly using their Remote Desktop Server to access files, and that’s about it. Mail and anti-spam have been in 365/cloud for a while now. The business is now used to paying monthly, per user, for items. Security of a system is a major factor in their purchasing decisions. The client no longer wants to maintain servers and they actively want to adopt cloud technologies. They happily sign off a 365 package that utilises OneDrive, multiple layers of security, Teams, Intune/Autopilot, Information protection and governance and numerous other items. The Remote Desktop Server is decommissioned. The Domain Controllers are decommissioned. The client no longer has a standard anti-virus, but instead a solution that layers in the areas they now need for protection. The client also runs additional software like Huntress, Perch or DNS filtering type software. They may even run Microsoft Defender for Endpoint. Machines utilise Intune in combination with Autopilot to deploy almost seamlessly. All baseline configurations are based on best-practice baselines that Microsoft have put together. Setting up a machine is as simple as turning it on, and signing it in. All software deploys automatically. Devices that have fallen out of compliance are automatically prevented from accessing company resources. All files are readily available, and synced across devices. Users see a familiar desktop and documents are automatically synced. The users can now collaborate with ease.
The danger for MSPs
That clients network has now become far easier to support. Much stricter security baselines means the endpoint is (broadly speaking) less likely to break. The conversation and work is much more about delivering a configuration as a service, and less about monitoring the endpoints. That’s mostly done with conditional access preventing access to machines that don’t meet the baseline standards. The client can work easily on different devices. A lot of the work the MSP is doing surrounds 365, broader security and fixing Outlook/e-mail/teams. Broadly speaking, a lot of the difficult work is in the initial baseline configuration of 365. The client starts looking at the value they are getting out of their MSP. MSPs that are not providing value beyond “giving them 365 licenses and support” will start to find it much harder to justify their packages.
Where does that leave the current mainstream RMMs?
It leaves all of them stuck in the past. Some more than others, but as I see it right now, every mainstream RMM is somewhere between meeting the needs of Generation 1 and 2. None of them are positioned properly to help MSPs deliver Generation 3. Why? Many reasons. Complacency with their position, Lack of innovation, Private equity/cost cutting, slow development cycles, legacy tech debt, too much focus on acquisition. Lets look at what MSPs are using their RMMs for nowadays, and how Generation 3 aligns with those features.
Device Hardware Monitoring: A combination of huge jumps in processor performance, SSDs and cheap upgrades leaves monitoring for the hardware performance of standard workstations a relatively moot point. Server monitoring is not a problem if you don’t have servers. Hypervisor management? There isn’t one to manage.
Patching: Something that most RMMs have never truly gotten “right”, but now much easier with Windows 10, and you can deploy patches through Intune. Most importantly, instead of having to monitor for this, I can simply apply much stricter security, or even block entirely, machines that are not patched properly.
Encryption Monitoring and Configuration: Completely handled in Intune, and handled far better than any current RMM can do it.
Security based Configuration Monitoring: Things like is Autorun on, is the Firewall on, is UAC on – all mostly redundant as they are enforced as the baseline standard.
Software Deployment: Can all be done in Intune, albeit not with the same flexibility as an RMM (yet).
Backup Management and Monitoring: Because 365 is being backed up directly from the tenant to an external provider, backups once setup properly require almost no maintenance.
Active Directory Monitoring: Not needed, everything is in Azure Active Directory.
AV Deployment: Something like Microsoft Defender for Endpoint is deployed through Intune, enforced through conditional access policy.
Reporting: It makes more sense to start using something like PowerBi. Instead of being limited to one data source, you can use the flexibility of PowerBi to tie into many data sources and as a benefit of that you don’t have to use your RMMs complex or poorly written reporting solution.
Scripting: I can deploy PowerShell scripts through Intune.
Suddenly, my RMM is starting to look quite redundant. What is it doing for me? It’s acting as a Remote connection tool and it does a much better job of taking automation and scripting and applying it against multiple clients at once. That’s about it. It’s still doing plenty for my remaining on-premise clients, but very little for clients utilising 365/Intune. I can’t even monitor the services that most of our clients already have in 365 like Exchange Online as there is no native connection into the MS cloud. What it is doing very well for all clients where I have an agent is providing an avenue of opportunity for a hacker to ransomware all my agents because of the legacy tech debt in most RMMs, some more than others.
Why most people should not be happy with their RMM
This is not a black and white thing, and I recognise that, but you’re broadly going to be in one of two camps. You either recognise the change that is coming, already occurring actually, and recognise your RMM tool is likely sub-standard. It’s not really helping you with cloud or security, and it’s not providing you with a good enough framework to deliver either. Or the other camp, you think on-premise is still the way forward for SMEs in which case you’re in for a rude awakening over the next 2-3 years. This is why you really shouldn’t worry about what RMM to pick if you are currently shopping. They are all lacking. The conversation is not the RMM anymore, it’s what value you can provide to a client beyond basic RMM. If you are currently in the position of picking an RMM, pick the one that has a public roadmap that shows how it’s going to adopt the changes in Generation 3. Pick one that puts its people and its product over $$$. Pick one that understands your needs as an MSP and is adaptive and reflective of those standards. Pick one that will allow you to exit your contract early if they get taken over by private equity.
2021 – the year of the RMM disruptor
This is going to be the year several mainstream RMM providers put their cards on the table and outline how they will start to adapt to these changing requirements. It’s also going to be a year where providers not pulled down by legacy tech debt step up with innovative new ideas, not even necessarily based on the typical RMM, maybe we are now beyond RMM. It’s why I am not moving RMM this year. I am going to sit back and watch what happens. By the start of next year, I will have a pretty good idea of what I need to do next to make sure I keep our MSP in the game. I have been saying for years that the RMMs that will win in this industry going forward will be the RMMs that have the tightest integration in to Security, 365 and Intune. It’s going to be a proverbial blood-bath in this sector over the next few years, and I can’t wait. It has been needing it for the last 7 years.
If you’re a vendor/RMM provider reading this and you think you tick these boxes with your product, then please contact me because I know of hundreds if not thousands of other MSPs who will be interested.