extreme deployment n.
Skip this Video
Loading SlideShow in 5 Seconds..
eXtreme Deployment PowerPoint Presentation
Download Presentation
eXtreme Deployment

Loading in 2 Seconds...

play fullscreen
1 / 27

eXtreme Deployment - PowerPoint PPT Presentation

  • Uploaded on

eXtreme Deployment. Distributing and Configuring 450 Student Notebooks in Five Hours E. Axel Larsson & Russell Sprague Drew University. Drew University Computer Initiative. Started 20 years ago in 1984. First liberal arts university to give all students computers.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'eXtreme Deployment' - milos

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
extreme deployment

eXtreme Deployment

Distributing and Configuring 450 Student Notebooks in Five Hours

E. Axel Larsson & Russell Sprague

Drew University

drew university computer initiative
Drew University Computer Initiative
  • Started 20 years ago in 1984.
  • First liberal arts university to give all students computers.
  • Switched to laptops in 1988.
  • Around 600 computers purchased per year.
  • Computers a major part of the curriculum.
    • Educational software delivered over the network.
    • Laptops often brought to class.
campus networking
Campus Networking
  • A residential network drop was not in all student rooms until Fall 1998.
    • Students accessed email, campus directory, and other services on a central VMS machine via a digital phone system.
    • “Client software” consisted of MS Kermit / Kermit 95.
  • Campus networking extended to “one port per pillow” from 1997-1998.
campus networking cont d
Campus Networking (cont’d)
  • Novell eDirectory is the primary campus directory service.
  • Single-password access to most services. Single-sign-on when possible.
    • File/print, e-mail, web proxy, etc.
    • Novell iChain for web applications (webmail, Blackboard, etc.)
  • Identity-based services.
    • Departmental space.
    • Space for courses, based upon enrollments.
campus networking cont d1
Campus Networking (cont’d)
  • Clients prior to 2002
    • Win 9x clients only. No support for Win NT, 2K on end-user machines.
    • Novell Client software only.
    • No need to join workstations to a Windows domain.
    • No need to manage local accounts on the workstations.
campus networking cont d2
Campus Networking (cont’d)
  • Management of workstations
    • Novell ZENWorks for Desktops
      • Application launcher delivers apps to users “on demand”.
      • “Force run” apps deliver needed patches and updates.
      • Limited use of user policies and 95/98 workstation policies.
  • Limited deployment of Win2K in labs
    • ZENWorks “dynamic local user” feature to manage local user accounts.
      • Limited ability to manage DLU on a per-workstation basis. Other deployment difficulties.
first use of windows xp
First use of Windows XP
  • August of 2002 on student laptops
    • Used a local administrator account.
    • Students logged in as “Drew User” in Windows.
    • Students logged in as themselves in Novell eDirectory.
    • Machines weren’t customized to the student owner.
    • Very similar to the way a 9x machine is set up.
problems with this setup
Problems with this setup
  • Lack of security.
  • Users unintentionally locking themselves out.
  • Not using the same name for both logins.
  • Not in domain.
  • Harder to manage.
  • Cannot utilize all features of Windows XP.
    • File sharing.
    • Separate user profiles for separate users.
active directory @ drew
Active Directory @ Drew
  • First campus Active Directory domain in 2002.
    • Mirrors eDirectory tree. All users and groups (except course groups) synchronized between eDir and AD using Novell DirXML.
    • Password synchronization provided by Novell DirXML Windows Password Sync product.
    • Windows XP workstations created in the domain.
    • Users log into eDirectory and an AD domain account when logging into XP workstations.
initial use of active directory
Initial use of Active Directory
  • Microsoft’s Sysprep tool.
  • Used with faculty/staff desktops and updated laptop configuration.
  • Machines run through mini-setup.
  • Process executed by CNS staff, not the end user.
  • Configuration found to be far superior than using a generic account.
problems with using sysprep for student handout
Problems with using Sysprep for student handout
  • Required a level of access to domain.
  • No enforceable way to mandate naming convention.
  • Needed to give the owner administrative access and Administrator password.
  • While user-friendly, a manual process susceptible to user error.
alternatives considered
Alternatives considered
  • Manually provisioning every machine.
  • Using Altiris Deployment Solution.
  • Using ZENworks.
  • Other commercial imaging packages.
  • Having vendor customize each machine.
our conclusion rolling our own solution
Our conclusion: rolling our own solution
  • Requirements:
    • Standard image placed on every machine by the vendor.
    • “Just in time” personalization for every user.
    • User friendly, wizard based.
    • Reproducing at least all that Sysprep does.
    • Modular and re-usable.
    • Integrates with uTrack, our existing home-grown asset tracking package (SQL Server based).
using existing skills
Using Existing Skills
  • Experience with web-based applications.
    • Lots of experience developing database driven web applications in PHP, Perl, and Python.
    • Very little in house experience with Windows application development.
  • Limited time-frame mandated skill reuse.
    • 3 weeks to design and develop the complete solution.
  • Decided upon a web based client.
backend tech requirements
Backend Tech. Requirements
  • Had to talk to an existing database for computer inventory tracking (uTrack)
    • MS SQL Server based.
    • ODBC accessible.
  • Active Directory
    • Accessible via LDAP, but some of the attributes are really only usable via Microsoft’s ADSI (i.e. ntSecurityDescriptor)
  • Result: Windows server backend.
deployment server tech
Deployment Server Tech.
  • Windows Server 2003
  • Apache web server exposing an XML-RPC interface (SSL wrapped) to deployment clients.
  • XML-RPC methods written in PHP.
  • PHP ODBC support to talk to the uTrack inventory database.
  • PHP COM bindings enabled the use of ADSI for talking to AD from within PHP scripts.
deployment server tasks
Deployment Server Tasks
  • Provides updated versions of the XD client components to clients.
  • Provides an XML-RPC interface to the clients in order to:
    • Query the inventory database for computer ownership.
    • Query AD for information about computer objects.
    • Securely store workstation Administrator passwords.
  • Provides a web-based admin interface to the helpdesk.
    • Add and remove PCs from the domain and deployment database.
client technology
Client Technology
  • Presents a browser based interface.
    • Full screen IE browser.
    • Local self-contained Apache serves up the UI.
    • Just presents the UI. No ActiveX controls. The PHP scripts (under Apache) actually touch the PC.
  • Local self-contained Apache/PHP
    • Use a combination of COM and simple command line utilities to configure the PC.
    • Local Apache serves up pages to the local PC only, and only runs during deployment (Apache runtime).
client tasks
Client Tasks
  • Use the BIOS asset tag information to query the deployment server for owner information.
  • Set the computer name.
  • Change the SID. (calls Sysinternals NewSID)
  • Join the domain.
  • Add the computer owner’s domain account as a local administrator.
  • Setting the Administrator password; escrow.
the process
The Process
  • Most students receive their notebooks at an annual computer handout event.
    • One day event. 450+ computers distributed in 5 hours.
    • Up to six stations operating at once accessing a web-based application.
      • Notebook and printer serial numbers are barcode scanned into the form.
      • Inventory database is updated.
      • Computer object created in Active Directory.
      • Contract printed and signed.
      • Student returns to their room and boots their PC for the first time…
extreme deployment in action
eXtreme Deployment in action

User is prompted with data about the computer from the database.

extreme deployment in action cont d
eXtreme Deployment in action (cont’d)

User is prompted to join the computer to the domain.

extreme deployment in action cont d1
eXtreme Deployment in action (cont’d)

User is presented with the Administrator account’s password.

  • 2003 handout a success
  • Students deployed from dorms or the lounge
  • Over 450 computers deployed in 5 hours
continued use of extreme deployment
Continued use of eXtreme Deployment
  • Used with all Windows XP configurations
  • Helpful ability to update layers
  • Ease of obtaining Administrator password securely