Microsoft Systems Microsoft Systems Management Server Management Server Implementation at SLACImplementation at SLAC

Freddie ChowFreddie Chow fchow@slac.stanford.edufchow@slac.stanford.edu

Stanford Linear Accelerator CenterStanford Linear Accelerator Center

ContentsContents

OverviewOverview SLAC NT EnvironmentSLAC NT Environment Current StatusCurrent Status Work-In-ProgressWork-In-Progress Some RecommendationsSome Recommendations SummarySummary

OverviewOverview

Systems management tool set by Systems management tool set by MicrosoftMicrosoft

Require MS SQL Server 6.x or 7.0Require MS SQL Server 6.x or 7.0 Current SMS Version 2.0 with SP1Current SMS Version 2.0 with SP1 SLAC uses v1.2 and working on SLAC uses v1.2 and working on

upgrading to v2.0upgrading to v2.0

Components of SMSComponents of SMS

Software/Hardware InventorySoftware/Hardware Inventory Remote ToolsRemote Tools Software DistributionSoftware Distribution SMS Installer SMS Installer Shared Network ApplicationShared Network Application Network MonitorNetwork Monitor

SLAC NT EnvironmentSLAC NT Environment

Single master domain modelSingle master domain model 13 Windows NT domains13 Windows NT domains ~1400 NT machines~1400 NT machines Windows NT is supportedWindows NT is supported

A Bit of HistoryA Bit of History

~ 2 1/2 years back searched for a central ~ 2 1/2 years back searched for a central management softwaremanagement software

Looked at NICE/NT, SMS, LANDesk Looked at NICE/NT, SMS, LANDesk Mgmt, etc.Mgmt, etc.

SMS matched SLAC environmentSMS matched SLAC environment Collaborated with BSD, project startedCollaborated with BSD, project started SLAC Computing Service and other SLAC Computing Service and other

departments wide collaboration projectdepartments wide collaboration project

SMS Architecture at SLACSMS Architecture at SLAC

2 SMS primary sites2 SMS primary sites 9 NT domains managed by SMS9 NT domains managed by SMS ~1000 Windows NT machines (~71%)~1000 Windows NT machines (~71%) Business Service Division - One siteBusiness Service Division - One site

• To support secured networkTo support secured network 8 other domains - One site8 other domains - One site

Architecture - Architecture - continuedcontinued

SLAC-wide Site SLAC-wide Site • Primary site serverPrimary site server

– Dual PP200, 256MBDual PP200, 256MB

• 3 Distribution servers3 Distribution servers– 2 Dual PP200, 256MB, RAID 5, 1 PP200, 128MB2 Dual PP200, 256MB, RAID 5, 1 PP200, 128MB

BSD SiteBSD Site• Primary site server, also distribution serverPrimary site server, also distribution server

– PII 400, 256MBPII 400, 256MB

Security ModelsSecurity Models

Integrated, Standard, Mixed modesIntegrated, Standard, Mixed modes Standard mode at SLAC on v1.2Standard mode at SLAC on v1.2

• Requires MS SQL server login + NT login Requires MS SQL server login + NT login More granular security on v2.0More granular security on v2.0

What have been done?What have been done?

Standardize on hardware and software Standardize on hardware and software configuration (on going)configuration (on going)

Software distributionSoftware distribution Use of remote toolsUse of remote tools Inventory reportsInventory reports Shared Network Application (tested) Shared Network Application (tested)

Hardware StandardizationHardware Standardization

Name brand vendor for hardware Name brand vendor for hardware Clone not recommendedClone not recommended Workstations, laptops - DellWorkstations, laptops - Dell Servers - Compaq, DellServers - Compaq, Dell

Desktop StandardizationDesktop Standardization

Scripted install of workstationsScripted install of workstations Maintain known configurationMaintain known configuration Format disk and reinstall as time Format disk and reinstall as time

permitspermits

Software DistributionSoftware Distribution

Use Package Command Manager serviceUse Package Command Manager service Unattended installUnattended install

• NT 3.51 to 4.0 upgrade, NT4 SP3, SP4, NT 3.51 to 4.0 upgrade, NT4 SP3, SP4, SP5, Post-SP Hotfixes, IE 4.x, Netscape SP5, Post-SP Hotfixes, IE 4.x, Netscape Communicator 4.x, Meeting Maker, Virus Communicator 4.x, Meeting Maker, Virus Definition Files, SolidEdge CAD Software, Definition Files, SolidEdge CAD Software, InocuLAN, Software Patches, Uninstall InocuLAN, Software Patches, Uninstall VirusScan, TeraTerm, AFS Client 3.5 (beta), VirusScan, TeraTerm, AFS Client 3.5 (beta), etc.etc.

Use of Remote ToolsUse of Remote Tools

User supportUser support• Remote trouble-shooting, user educationRemote trouble-shooting, user education

Servers supportServers support Essential tool for work-from-home Essential tool for work-from-home

adminsadmins Network Monitor - restricted usageNetwork Monitor - restricted usage

Inventory ReportsInventory Reports

Some samples:Some samples:• Check for NT Service Pack in a domain, in all Check for NT Service Pack in a domain, in all

domainsdomains• List IP address of machines in a domain (for List IP address of machines in a domain (for

network change)network change)• List CPU MHz, RAM, user, office number, List CPU MHz, RAM, user, office number,

etc.etc. Customized reports - use Crystal Reports Customized reports - use Crystal Reports

Shared Network Shared Network ApplicationApplication

Tested, but not in productionTested, but not in production

Miscellaneous IssuesMiscellaneous Issues

Locked/powered off machines resulted Locked/powered off machines resulted in failed software distributionin failed software distribution

Home connections very slow for Home connections very slow for software distribution support software distribution support

Domain administrators need to keep Domain administrators need to keep accurate machine listsaccurate machine lists

BenefitsBenefits

Shorter response timeShorter response time• Shorter downtime, higher productivityShorter downtime, higher productivity

Reduce TCOReduce TCO• No more house calls for software No more house calls for software

install/upgrade install/upgrade Quick response to security vulnerability Quick response to security vulnerability

• Apply NT hotfixes to a domain in one nightApply NT hotfixes to a domain in one night Eliminate human errors Eliminate human errors

In ProgressIn Progress

Upgrade to SMS Version 2.0 - testingUpgrade to SMS Version 2.0 - testing Develop internal training materialDevelop internal training material Evaluate complementary toolsEvaluate complementary tools Evaluate Windows2000 deployment Evaluate Windows2000 deployment

Anticipated Usage with Anticipated Usage with SMS 2.0SMS 2.0

All of the aboveAll of the above Enforcing software licensing requires all Enforcing software licensing requires all

NTs on SMSNTs on SMS Turn on software meteringTurn on software metering Fine-tune securityFine-tune security Security fixes, Service Packs on Security fixes, Service Packs on

Windows2000, etc.Windows2000, etc.

Some RecommendationsSome Recommendations

Architecture is based on environmentArchitecture is based on environment SMS 2.0 with SP1, SQL Server 7.0SMS 2.0 with SP1, SQL Server 7.0 Servers requirement sizingServers requirement sizing

• CPU MHz, RAM, disk space, RAIDCPU MHz, RAM, disk space, RAID• How many servers ?How many servers ?• Where to put which server ?Where to put which server ?

Test, test, test before deploymentTest, test, test before deployment

SummarySummary

Essential tool set for managing Essential tool set for managing Windows environmentWindows environment

Reduce TCOReduce TCO Complexity - highComplexity - high SLAC NT administrators like it SLAC NT administrators like it