Case Studies - AppDirect

Device42 User Case Study – AppDirect

  • Company: AppDirect
  • Industry: Cloud Application Delivery
  • Location: International; HQ in San Francisco, CA
  • Solution: Device42 Core

Device42 helps AppDirect, a cloud service commerce company powering the future of software delivery, efficiently manage their large hybrid inventory and ensure compliance with the requirements of the Center for Internet Security (CIS) Security Controls


AppDirect, headquartered in San Francisco, California, is a cloud service commerce company that is powering the future of software delivery. AppDirect offers a cloud service marketplace and management platform that enables companies to distribute web-based services. The global network of AppDirect-powered marketplaces allows businesses to find, buy, and manage the best applications the cloud has to offer.

AppDirect’s Asset Management Challenges

As AppDirect’s business grew and continues to grow, the number of assets (servers, software, applications, network components, storage, and so on) powering the IT infrastructure grew and continues to grow dramatically. This made it difficult for the data center operations team to maintain a single source of truth concerning IT assets that was available to all authorized personnel. These challenges fell into three categories:

  • Managing the Asset inventory - The data center operations team was using Excel spreadsheets to document and track data center assets. This involved a very manual process and regular human intervention to gather, update and manipulate the data into a useful format. Worse, the spreadsheets were outdated shortly after they were completed or updated. As the infrastructure grew, this manual effort became more and more difficult, time-consuming, and prone to error.
  • Maintaining compliance with security standards - As a cloud infrastructure provider, AppDirect must provide a high level of security and adheres to the CIS Security Controls standard. They need an anytime, accurate inventory of all devices, unauthorized and authorized, and software, authorized and unauthorized to meet the requirements of CIS Security Controls. They were concerned that the significant manual effort and the resulting risk of manual error might put their security compliance at risk.
  • Powering IT decision making - Though spreadsheets tracked physical devices, they did not provide detailed room, rack, or device visualization necessary for capacity planning. There was no application dependency map or network map that could be used for remediation and/or migration planning. There was a software inventory but it was very difficult to get an up-to-date view of what software was running on what machines and what was authorized and unauthorized. Worse, making decision based on an integrated view of physical and cloud assets was even more difficult.

Solution Requirements

Recognizing that this issue would only get worse as the company grew, AppDirect began a search for a tool to automate the inventory process and reduce or eliminate the manual effort and set out to evaluate the market’s offerings, taking a security-based approach to the evaluation. At minimum, an acceptable solution needed to:

  • Agentless and agent-based discovery scans - AppDirect recognized that it was just impractical to put discovery agents on every machine especially cloud-based virtual machines. That said, there were also machines in sensitive locations that could only report out and therefore required discovery agents. So AppDirect required a solution that supported both agent-based and agentless discovery scans.
  • Meet CIS Security Control requirements - AppDirect approached this project with a “security first” mindset, and the ability to meet the standards set forth in CIS’ Security controls was a must for a winning solution.
  • Operate in a modern, hybrid environment - As a cloud-based company, it was extremely important to AppDirect that the solution they chose was designed to fully support discovery and tracking of physical, virtual, and cloud assets. They did not want a solution that only supported cloud functionality as an afterthought.
  • Grow with them - It was very important to AppDirect to be able to form a lasting relationship with the vendor they would choose to work with. They envisioned a vendor that would partner with them, who would both listen to their feedback and take it seriously.

The Device42 Solution

After evaluating a group of market leaders in the CMDB space, AppDirect began to narrow down their options. They liked the fact that Device42 was developed from the ground up to support integrated discovery and visualization of physical, virtual, and cloud assets.

“We got the feeling that the other alternatives on the market were built for legacy data centers … and not for today’s hybrid and cloud based data centers”

Due to their focus on security, Device42’s availability of both agentless and agent-based autodiscovery was critical. For the same reason, they also liked that Device42 was available as a 100% on-premise solution, and that their confidential inventory data didn’t have to leave their premises. They also liked the fact that Device42 is provided as an easy-to-install virtual machine with no other software to install.

Also important was Device42’s ability to assist AppDirect in meeting the requirements of CIS’s security controls.

“Take security requirements into account from the beginning - Don’t take security lightly, and don’t treat it as an afterthought. Security is not only important when someone is asking for the results or auditing you, but should instead be taken into account every day, with everything you do. Implement a tool that satisfies security requirements from the beginning so you don’t find yourself in a bad place, failing an audit, or worse...”
- AppDirect on security

To get up and running with Device42 took AppDirect less than one hour. Because Device42 is delivered as a virtual appliance, the setup was easy. The VM was imported and booted, and required minimal configuration aside from standard DNS entry creation and SSL certificate setup for secure HTTPS communication to the appliance. Device42 support offered to assist if at all necessary, but AppDirect didn’t need any help to get it running and had an autodiscovery going quickly. AppDirect estimates that within approximately 3 days of installation, they had a full inventory.

“Device42 was obviously built with the hybrid and cloud-only environments in mind, and if you run a hybrid or cloud-only datacenter, Device42 is a great choice. They also offer stellar support, and really value customer feedback & requests - We knew they were the right choice when they offered to let us pilot their Agent Based Discovery, and we couldn’t be happier with the results.”
- AppDirect on their experience working with Device42