Embed Size (px)
Citation preview
IST 346
Lecture #2, Chapter 3
Workstations
• What is a workstation. As defined on page 41, a workstation as “computer hardware dedicated to a single customer’s work”. This could be extended to include a thin client and / or virtual workstation, a laptop, or even a smart cell phone will custom applications installed.
• Managing workstations boils down to completing 3 tasks– Loading the System OS (operating
system) and software– Updating the System OS and software– Configuring or reconfiguration network
parameters
Workstations
• Rules apply to managing a few dozen workstations to a few thousand workstations.
• The concepts and processes are the same, independent of what OS your using (Windows, LINUX, Mac, etc). Doesn’t matter.
• The name of the game is consistency. How is consistency achieved?
Consistency• Can be achieved at many levels
– Loading the OS and deploying patches – Loading and updating the applications– Loading network configurations– Loading and updating printer drivers and printer
driver configurations (paper trays, color settings, duplex settings, etc)
– Having the same helpdesk staff answering the phone and desktop support staff visit the same users / PC’s.
• Managing systems and applications through their lifecycle.
• Lifecycle is defined as: The useful life of an information system; either hardware or software.
Lifecycle Management
• Project how long hardware and software will last• Divide the cost of the resource by this number. • This is how much per year you will need to spend on the
resource• Example: A PC costs $1,200 new and has a expected
lifecycle of 4 years. You will need to budget or save ~$300 per year to replace this device once its lifecycle has ended.
• Again, this applies for software as well as hardware.• Combination of hardware and software form the
“platform” on which your company functions.
Lifecycle Management
Evard’s Life Cycle of a PC
Evard’s Definitions• New: A completely new machine, just delivered etc.• Clean: A machine with only the OS installed on it.• Configured: A machine with all configuration and software on it.
Only usable in this state ! (hint: good quiz question)• Unknown: A polluted machine. Extra applications installed, extra
files etc. The machine has an unknown state in the administrators perspective.
• Off: A retired machine.• Build: The process of installing the Operating System for the first
time.• Initialize: Could also be called Configuring, installing required
software and configurations.• Update: Applying patches, configuration updates, extra software
etc. Moving to a new known state• Entropy: The process of polluting a system. During this time, the
system is said to be degrading.• Debug: The process of removing the pollution from the system.• Rebuild: The same as build, but from another state than “New”.• Retire: Removing a machine from the system
User Rights to the Workstation
• The more rights or permissions a user has to the system, the quicker the system will degrade.
• There are generally two states in which new systems are deployed to users– When the user is an Administrator or administrator
equivalent.• Can’t install software, make changes to the system settings,
or change the network configuration
– When a user is only a ‘user’.• Can you launch and run applications.• Can’t install any patches, updates, or new applications
– Pro’s and Con’s for each case
Pro’s and Con’s• Being an administrator
– Pro’s• Can quickly and easily install and update applications• Users can configure the workstation how they need with
minimal help from an SA• Plug-ins, vendor updates, etc can be easily installed.
– Con’s• Workstations quickly become customized and fall into the
Unknown state• More susceptible to viruses and spyware. Require periodic
maintenance to (could be automated) to ‘clean’ the system after it becomes polluted.
• More difficult to deploy centralized updates because the state of the system is unknown. Helpdesk will receive more calls after central updates are deployed due to unknown state of workstations.
• Software may get installed that was not acquired via ‘legal’ means.
Pro’s and Con’s• Of being a ‘user’
– Pro’s• The state of the machine is known so less chance of centralized
updates causing a ‘flood’ of helpdesk calls.• Only software that is licenses and centrally deployed is installed on
the workstations• Less virus infections and spyware infections• Shared machines are more stable because 3rd party software can’t
get installed– Con’s
• Need to implement centralized workstation and software deployment servers (Windows Server Update Services - WSUS)
• More helpdesk calls because users can’t install applications. (good and bad)
• Some applications will not properly run with the user only having ‘user’ level rights. May need to implement various ‘tricks’ or ‘fixes’ as to get these applications to work
– RunAs– Wrapping with custom EXE to run the application with elevated rights– Application virtualization
Loading the OS• Step #1, flash the BIOS. When, always• What is the BIOS. What does it mean to ‘flash it’
– The BIOS is a program pre-installed on Windows-based computers (not on Macs) that the computer uses to start up. The CPU accesses the BIOS even before the operating system is loaded. The BIOS then checks all your hardware connections and locates all your devices. If everything is OK, the BIOS loads the operating system into the computer's memory and finishes the boot-up process.\
– Flashing the BIOS is the process of updating this pre-installed program to the newest version provided by the vendor
– BIOS’ are unique to the hardware. They are not generic– http://www.youtube.com/watch?
v=BSL0P82PhL4&feature=related– http://www.youtube.com/watch?v=uNr1sse2LiU&list=QL
Loading the OS• The process of installing the operating system onto the
computer.• Automate, automate, automate. Spend the time in creating a
totally hands-off process for loading the OS.– Can be done either by automating the manual installation
or ‘cloning’ the OS with 3rd party tools.• Creating an automated windows OS installation can be
done by creating an unattended file that “answers” all the questions that windows asks during installation.
• Using tools such as Ghost or DriveImage XML to deploy a pre-tested OS image to all workstations.
• Like everything, pro’s and con’s to both processes.• I prefer the cloning process to the automated
installation. We use Dell workstations and keep a ‘build’ machine on hand either on a shelf or deploy it to someone that can give it up for new clone OS build and test processes.
– Ultimate goal is to eliminates the ‘one off’ or as I like to call them the ‘white elephant’ installations.
– Even the best SA will make mistakes in loading an OS and applications. This lead to no uniformity.
• Will take more time up-front but will pay off “10x” over time.
Loading the OS• Which ever way you decide to deploy the OS in corporate
environment, get everyone involved with the process. This includes:
– Helpdesk staff– Desktop support staff– Other SA’s– The entire team will be supporting the user / system so get everyone’s
buy-in and sign-off (either verbally or physically) saying that this new process or build is ready for production.
• Test, test, test. Get staff not involved with the creation of the image or process to test it.
Try to think of where the loading process will get hung up and engineer around it. Again, the better you plan and more time you put into debugging your OS loading process, the most trust you will have in it and the more uniform your users workstations will be.
Loading the OS
• Never, when never, use a vendor’s pre-installed OS in production– Installation can change over time as
new drivers, service packs, etc. are released.
– Trial ware applications installed. These include time stamped (run for a set amount of time, then quit working) copies of anti-virus, spyware detection, etc software.
– It has been known to happen that pre-loaded OS’ from the vendor have had virus infections.
Updating the OS• Operating systems require updates. This is
true for ALL OS’, not just Windows
• Invest the time and money in implementing an update system such as Windows Server Update Services – WSUS. Allows for not only the deployment of critical patches, but also, service packs, and some non-OS updates such as Microsoft Office updates, Windows media player, and IE.
• 3rd party applications available that allow you to manage both the OS and the installed applications. Mentioned a few of these in last week lecture. Can anyone remember some of them ?
Loading the Applications
• Many ways to get applications installed onto a workstation– Manually with a stack of CD’s and a desktop
visit– Creating automated installations that occur
during a login process. These may require the user being a local administrator for the installation to be successful.
– Using windows group policies objects (GPO’s) and windows installer (MSI) packages to ‘push’ software packages and updates to workstations.
– Again, 3rd party management packages available.
Testing Your Automated Installs
• Test, test, test… – The more time you put into the testing and refining
process, the less problems you will have afterwards.
• One, Some, Many– Use a staggered approach to deploying software.– This is true even after the testing is complete and
your very confident in what you’ve built– Think about it, don’t deploy Microsoft Office 2007
onto 1000 PC’s all at the same time, stagger the installation over 2 weeks (10 days) and do 100 per day. Less of a load on the network and
Testing Your Automated Installs
• One– When testing for the first time, test on one
machine. Use a dedicated test machine that can be quickly reverted back to a known stable state. Use a snapshot.
– A virtual machine works great for this process.
– May wish to test on different platforms as to gauge how a low end, mid-end, and high-end system will perform.
Testing Your Automated Installs• Some
– Once your convinced that your packages are working as designed, test with some more users. This could be your support team, a training lab, or your home department. If your installation fails on 10% of this group, chances are that it will fail on 10% of all your users. Determine why the package failed on these 10% and fix it !
– 10% doesn’t sound like a lot but 10% of 500 desktops is 50 machines. This could equate to 50 users being down or your desktop support staff running around to 50 machines which may take weeks to complete depending on workload and staffing.
Testing Your Automated Installs
• Many– Once you’ve convinced that your in the high
90’s% success rate, you can communicate your intentions to your target users, schedule a deployment date, and deploy the software. Publish the schedule on a website and refer your users to this page.
– This is the time when having an effective communication process is vital, not only to ‘get the word out’ to your users but to field calls if it is determined that the update is causing problems.
– Don’t deploy software on a Monday or Friday! Your automated update has the potential of causing massive damage. Monday’s are generally not good days to make system changes. Generally I like to do this on a Tuesday, Wednesday, or Thursday and avoid the beginnings and ends of the week.
Questions so far?
Network Configuration
• Large Workstation populations require the use of automated network configuration tools. These are commonly known as DHCP and DNS services.
• Dynamic Host Control Protocol (DHCP). Process in which the workstation obtains its IP address information
• Domain Name System (DNS). Process in which domain names such as www.google.com are resolved to IP addresses and servers and workstations communicate between each other.
• We will discuss these in more detail later in the semester.
DHCP
• DHCP server: a server that assigns the IP address, subnet mask, gateway address, and DNS server addresses to a workstation
• Typically workstations use DHCP vs. static or hard coded IP information.
• Servers (next chapter) typically use hard coded IP information, but not always.
DHCP IP Information Assignment
Lease Information
Single Slide Example of DNS• Think of it as a large ‘look-up’ table where the
computers name and IP address exist within the table
• Example– www.google.com -> 66.249.81.104– www.syr.edu -> 128.230.18.35– When you enter a URL in a web browser, you need to
remember only the name, not the IP address, of the server you wish to talk to (easier to remember name). Your computer will ask the DNS server what IP address your website is located at and return that information to your workstation. Your workstation will go to that IP address and download the page.
– You can simply go to the IP address of the server if you know it. For example, launch internet explorer and go to http://128.230.170.39. What happened?
DNS
• As your IP address may change via DHCP, your DNS entry in the DNS table illustrated previously will need to be updated.
• This is why most servers use a static or non-changing IP address so once the DNS entry is in place, it doesn’t need to be updated !
• DNS is used by Windows Active Directory servers (later in the semester) to keep track of all workstations on the network and allow them to work efficiently together to deliver applications, login, print, etc.
• Question, is DHCP a required component on a Windows network? Is DNS?
Conclusion
• Workstation consistency is the magic that makes managing hundreds or thousands of workstations ‘manageable’. Even if a post-installation problem arises, if all workstations exhibit the problem, a ‘fix’ can be created and deployed to all machines.
• Automate as much as possible to reduce inconsistencies in your workstations.
• Test, test, test. You can’t test too much!
