Windows Desktop Deployment Service (DDS) 1.1 at LANL
Mark Wingard
Departmental Computing Services
Los AlamosLA-UR 09-03038
DCS-1
Departmental Computing Services
AgendaDCS-1
Departmental Computing Services
• Purpose of DDS
• DDS background
• Image configuration
• Challenges• Future
Purpose of DDSDCS-1
Departmental Computing Services
• Automate Windows installations
• Ensure desktop meets security compliance requirements
• Provide a consistent Windows desktop configuration on the unclassified network
• Meet the needs of field support techs
Microsoft DeploymentDCS-1
Departmental Computing Services
• Microsoft Deployment Toolkit Free download from Microsoft Customizable Scripts and best practices Network based
‒ Images, scripts, drivers, applications Windows Automated Installation Kit
‒ WinPE, Sysprep, ImageX Lite Touch boots from CD Zero Touch integrated with SMS/SCCM
‒ DDS uses Lite Touch
DDS HistoryDCS-1
Departmental Computing Services
• Fall 2007 – Beta 1 using BDD 2007 Only static IP addresses supported No ability to add additional applications New ISO/CD required when any changes were made Support for handful of Dell workstations
• NLIT 2008 - Beta 2 using MDT 2008 DHCP via firewall/routers Support for additional applications Support for “Refresh” option More Dell workstations added
DDS History Cont’DCS-1
Departmental Computing Services
• Fall 2008 - Production version 1.0 XP SP2 configured to NIST 800-68 Up to 16 applications available More Dell workstations and VMWare added
• Spring 2009 – Version 1.1 XP SP3 Office 2007 replaces Office 2003 on OS w/ Apps Added support for laptops and some HP models Application versions upgraded
Development ProcessDCS-1
Departmental Computing Services
• ½ FTE during Beta development 1 ¼ FTEs currently
• Change Control Board Official mechanism for changes to central services
Each field team gets one vote - DDS configurations vetted• Information Architecture Team
Sets standards for applications and configurations Initially voluntarily, slowly becoming mandatory Working on Default Configuration
• E-mail list for DDS questions & requests Field techs can make requests Questions guide changes
• Rigorous Testing Development server Performance, functionality and compatibility tests
ImagesDCS-1
Departmental Computing Services
• 2 Flavors of XP SP3 Plain OS OS with Applications
• Universal Settings: STOW-XP - NIST 800-68 settings minus LANL specific
changes Administrator autologon w/ blank password Latest patches Pre-installed utilities:
‒ SMS 2003 client and Toolkit‒ Windows Defender 1.1.1593.0‒ Windows Media Player 11‒ Cisco IPTV 3.5.1.5‒ Adobe Flash Player 10.0.22.87‒ Internet Explorer 7‒ ESD Net Installer 2.0
Images Cont’DCS-1
Departmental Computing Services
• Folder on Administrator’s desktop with installers Tivoli client (backups) Cisco VPN client QWS 3270 WS-FTP BC WipeVB script to rename and disable the built-in Administrator and Guest accounts
Images Cont’DCS-1
Departmental Computing Services
• OS with Applications image Universal Settings plus:
‒ Microsoft Office 2007 w/ SP1‒ Adobe Acrobat Standard 9.1‒ Citrix ICA client 10.1.5
• Symantec AntiVirus Client 10.1.6 set to install automatically on either image
Soon to be replaced w/ Symantec Endpoint Protection
Optional ApplicationsDCS-1
Departmental Computing Services
• Adobe Acrobat Standard 9.1 (pre-installed on OS w/ Applications)
• MS Office 2007 Pro w/ SP1 (pre-installed on OS w/ Applications)• Citrix ICA Viewer 10.1.5 (pre-installed on OS w/ Applications)• MS Office 2003 Pro w/ SP3 and the Office 2007 Compatibility
Pack• Firefox 3.0.10• Thunderbird 2.0.0.16• HyperSnap 6.31.01• MeetingMaker 8.6.2• Oracle JInitiator 1.3.1.25• WinZip 11.0
Task SequencesDCS-1
Departmental Computing Services
• New Computer Wipes computer clean and installs XP
o Formats and partitions hard drive via Diskpart
• Existing Computer Used to replace Windows on an existing computer
while retaining the user’s settings and data Does not format or partition hard drive
System RequirementsDCS-1
Departmental Computing Services
• Memory - 512 MB minimum• Hard disk - no size limitations
New Computer:‒ Partitioned into a single, C: partition with NTFS
• Supported Dell Models OptiPlex 745, 755, 760, GX260, GX270, GX280, GX620 Precision WorkStation 360, 380, 650, 670, T5400 Latitude laptops D600, D610, D800, D810, D830, E6500, E4200
• Supported HP Models Workstations XW4300 and DC7900 NW8440 Laptop
• Other makes/models may also work, but not yet tested• New models added as drivers are acquired
DDS ChallengesDCS-1
Departmental Computing Services
• Education Techs confused
‒ Installing same applications from menu on top of OS w/ Applications image
‒ Not using Refresh option
Hands-on Training Class in development
Visits to field teams for QA sessions
Web site w/ step-by-step instructions‒ (Requires reading)
DDS Challenges Cont’DCS-1
Departmental Computing Services
• Competition Standalone BartPE image developed by field support
‒ Not tested‒ Not secured to FDCC standards‒ Takes twice as long to deploy as DDS‒ Loaded w/ extra applications‒ Patches not current‒ 2000+ installations to date vs. 700+ for DDS
o Management has not mandated DDS
DDS Technical ChallengesDCS-1
Departmental Computing Services
• Drivers Manufacturers constantly changing hardware Driver packages inconsistent New models released without notification
• Applications Some are not network/automation-friendly Constant upgrades MDT Lite Touch menus not very flexible
• USMT (User State Migration Tool) Techs don’t understand options No standards for where users store data Can be slow depending on amount of data
• Testing on New Models No budget for continually buying the latest hardware New purchasing restrictions may help limit models
Future ChallengesDCS-1
Departmental Computing Services
• Integrating with SCCM Lite Touch fits LANL’s decentralized support model Still need to upgrade to SCCM
• PXE Boot capability No DHCP in place at LANL
• Getting Management Support Multiple installation methodologies promote desktop chaos Central deployment solution meets accreditation requirements
• What will the next OS be? Vista still in Information Architecture “do not use” category Will Windows 7 come soon enough?
• Resource limitations Hiring freeze Constant stream of ‘crises du jour’
QuestionsDCS-1
Departmental Computing Services