Be it a small company or a multi-billion-dollar enterprise, the basic element
of any IT infrastructure is the desktop, or now, even laptops. This is perhaps
the only element that brings users close to IT. Everything else sits in the
datacenter or in switching closets. As desktops are used by both invoices and
experts alike, managing them is perhaps the most difficult of all tasks. Due to
this, the range of queries can be immense, and the problem increases with more
desktops, and multiplies when they're spread across multiple geographies. There
are so many things to manage in a desktop---configuration, rollout of OS,
applications, patches, and updates, inventory, license metering and the list
continues.
So how should you manage your desktop fleet? There are ample tools available
for the job, so it's a matter of choosing the right ones for your needs. They
can easily be broken up into management tools and monitoring tools. As the names
suggest, the former allows a two-way communication between the tool and the
desktops, whereas the latter only gathers information. The management tools by
and large require an agent to be installed on each desktop, whereas the latter
can manage without it.
We'll not get into the theory of how to choose the right desktop management
and monitoring tool at this point. Instead, we'll give you a taste of some of
the variety that's out there. We'll walk you through the nitty-gritty of
deploying them, and finding out the requirements for setting them up, so that
you understand the painpoints involved. This would help you plan your own
rollouts better. While there are lots of different tools available, we've tried
to select a good variety to give you an idea of the number of things you can do
with desktop management tools. We've also covered the hot new concept of desktop
virtualization.
After all, the proof of the puddding lies in eating it. Happy Reading!
What if one day your management decides that all users must use Thunderbird
mail client instead of all the variety currently running on their desktops. This
might be a good move from a standardization point of view, but bad news for you,
because you have to roll it out across all desktops. The more desktops there
are, the bigger your troubles. So it's better to use a solution that can do the
rollout from a central server. The concept is not new. Lots of tools can do it,
but one additional thing that tools let you do nowadays is push the
configuration changes as well. This helps from a compliance perspective. We'll
show you how to do this in this section.
Application Deployment with Altiris
Altiris has a full-featured desktop management solution using which you can
get agent-based Inventory Management for heterogeneous systems based on Windows,
Linux and Mac; SNMP-based inventory management for network devices; Patch
Management; package rule management; Software Virtualization; Software delivery;
Real Time System Management; Auto Discovery for RIM; Helpdesk and Carbon Copy
(web-based remote control for problem diagnostic and resolution etc).
Pre-requisites
In this article, we'll be using Altiris Client Management (ACM). This has a
long list of pre-requisites for smooth desktop management. First, you need a
Windows Server with ADS installed and running. Though this is not a part of the
pre-requisites, but while working on it, we felt that it becomes very difficult
to run it on a network without ADS. Second, the machine to which you are
installing ACM must be added to the domain.
The next thing you require is a Windows 2003 Server, with .NET Framework,
ASP.Net, and IIS installed on it. You also need MS SQL Server 2005, but that can
be installed on another machine in the same network and domain. But do have the
administrative rights for the same. It's always advisable that your SQL server
also authenticates through the domain. This will make sure you get a single sign
on across the ACM platform.
Installation
Once all pre-requisites are in place you have to start the installation
process. To do so copy the setup files to the machine on which you plan to
install and then run the setup file. The setup is essentially a nine-screen
wizard which will take all the information from you and roll out the
applications completely. Now by 'completely' we mean it will not only install
the server application but also roll out the agents on all the machines which
you choose during the installation process.
Follow the setup wizard of Altiris as mentioned in the screenshots to configure and deploy it on the sever and all the clients at the same time |
The first page of the installation wizard will check for all the required
components. If you have all the pre-requisites installed then most likely you
will not get any error here. But if you still get any, then the wizard will
inform you what exactly you don't have in your machine and you can go ahead and
install that component.
If you are using SQL Server which is not installed in the local machine then
the installer will not detect it, but will give you a warning. In this case you
can easily ignore the warning and continue with the installation process. Now
when the installation wizard asks you to configure the SQL server, you can
specify the remote server which is running SQL and its account credentials.
Next the installation wizard will ask you to choose which machines you want
to deploy the Altiris agents on. Once started, the installation takes time as it
is going to install agents on machines at the time of the software installation
itself.
Altiris deployment solution lets you easily migrate settings and data from an
old machine to a new one. To start in Altiris main console click on deployment
tab. A new window will appear. Here from the right pane under computers, click
on the dropdown menu and choose Add new deployment server. Now provide the IP
address and port used by the deployment server with the credentials required to
login to the server. For deployment tasks such as copying images, installing
software packages, running scripts etc. you need to set up package server which
is a component of Altiris Notification Server.
Before setting up Altiris package server, we need to set up central
deployment server library which contains the images and other package files
needed for deployment.
Creating this library is simple, just go where you have installed the central
deployment server; the default Altiris path for this is c:\Program Files\Altiris\eXpress\Deployment
Server. Here create a new folder named 'library', create subdirectories for your
images and software packages and also create a temp folder.
To set up the package server open the Altiris console and click on
configuration tab. In the new window go to server settings and open Notification
Server Infrastructure and go to Package Servers.
Now select Add Package Server. This will open Find Resource window, here
choose the domain name and click on find. This will list all the machines in the
domain running Altiris client, choose the machine running deployment sever and
click OK. Once added you can also edit the default settings of the package
server by going to settings tab. Now we need to edit DS Library package
configuration settings, for this go to Tasks and under Deploy and Migrate go to
DS Library. Now in the new window in package source option, choose Access
Package from a local directory on the Notification Server Computer and provide
the patch to the package you copied earlier, select apply to save changes.
With this we are ready to schedule the jobs (i.e. single or multiple tasks
like configuration change in a workstation) for image deployment. To schedule a
job go to deployment tab in the Altiris web console, under the jobs pane, click
on schedule job.
Now from the computer's pane, select the deployment server, the computers on
which you want to execute the job and the application files you want to deploy,
then click schedule. Similarly you can also schedule configuration changes,
image deployment etc. on the workstations.
Deploying a simple software like Thunderbird remotely is still easy. What if
you have to remotely install an OS across 500 desktops simultaneously? And that
too with a five or ten-member IT team? If you were to do it manually, you'd
retire by the time it gets over. So, in this article, we'll tell you how to use
a remote OS deployment solution. It's one of the the oldest concepts in desktop
management, and yet still holds value. We've covered remote OS deploying using
Windows based software, so this time, we'll tell you how to deploy Linux
remotely using a Linux distro. We'll do it using Fedora 7 Linux distro, which
incidentally, we've also carried on this month's DVD.
Unattended Linux deployment using Fedora 7
Suppose you have machines running Fedora Core 6 on your network, and you want
to upgrade them to Fedora 7. If you have around 500 of them to work on, then
going the traditional way would take some 5 days and require at least 10 people.
But Remote installation when coupled with unattended installation solves the
problem and makes it a breeze to rollout hundreds and thousands of machines in
very less time and manpower.
If you have a homogenous Windows network then it becomes very easy with
RIS(Remote Installation Server), which we have covered in our earlier issues.
But with Linux it becomes slightly tricky.
If you have a heterogeneous network with Windows and Linux both, and the
domain controller and a DHCP server running on the Windows, then things become
more complicated.
So, this time we decided to guide you how one can build a mass deployment
server for Linux in a Windows environment.
Installation
Get a machine and install fedora 7 on it. F7 is carried with this month's
PCQXtreme DVD, so all you have to do is pop the DVD into your machine and start
the installation process. Once the installation is done log into the machine and
install Revisor using yum. To do so execute the following command:
#yum install revisor
Around five or six components are installed along with revisor. Then go to the
Applications menu and click on the system menu. Here run the application called
'kickstart'. It will open a window which looks similar to the screens of
Anaconda. This is essentially a GUI from where you can select all your
installation options and save them to a kickstart file. The window allows you to
set all anaconda options and make the installation completely unattended. Just
make sure that you check off the option 'Enable interactive installation'. Once
you are done with all the settings you require for the system, click on the file
menu and save the file as ks.cfg on your hard disk.
Start the kickstart configuration and fill all the information shown in the screenshots to create the kickstart using file for doing unattended install |
Next you need to install a tftp-server. Again installing it through yum is a
child's play. Just run the following command and it will be done:
#yum install tftp-server
Now check whether syslinux is installed on your system or not by running the
following command:
#rpm-qa syslinux
If the command gives an output then it is installed else you have to install it
by running the following command:
#yum install syslinux
Let's now see how to do the configuration.
Configure TFTP
Once you have installed tftp server, a folder called tftpboot will be
created at your system root. Copy the pxelinux.0 file to the folder with:
#cp /usr/lib/syslinux/pxelinux.0
Now copy all the contents from the F7 DVD's isolinux folder to the tftpboot
folder by:
#mkdir /tftpboot/linux-install/pxelinux.cfg -p
#cp /media/cdrom/isolinux/* /tftpboot/linux-install
#cp /tftpboot/linux-install/isolinux.cfg /tftpboot/linux-install/pxelinux.cfg/default
Next open /tftpboot/linux-install/pxelinux.cfg/default file in a text
editor and make it look like the following:
label linux
kernel vmlinuz
append initrd=initrd.img ramdisk_size=8192 s=http://192.168.3.88/Fedora/ks.cfg
label text
kernel vmlinuz
append initrd=initrd.img text ramdisk_size=8192 ks=http://192.168.3.88/Fedora/ks.cfg
Here 192.168.3.88 is the IP address of the hosting server where tftp-server
is also installed;
You need to change the settings according to your requirements. With this you
are more or less through with the tftp-server configuration.
Configure Apache
To host the F7 installer on some shared location, we decided to use an http
share. To do so, create a folder called Fedora in /var/www/html and copy all the
contents of the Fedora CD into it. You can do so by running the following
command:
#mkdir /var/www/html/Fedora
#cp /media/cdrom/* /var/www/html/Fedora —rf
Once this is done, copy the ks.cfg file to the location so that the installer
can get all the options from the file; execute the following command for this:
#cp /ks.cfg /var/www/html/Fedora
Configure DHCP
There are two options for configuring DHCP. Either configure and run a DHCP
on the same Linux machine on which you have installed the tftp-server and apache
or configure your pre-existing Windows DHCP server to target this boot server.
We'll use both options.
DHCP on Linux
To configure DHCP on your installation server, make sure the diskless
clients get IP addresses from the RIS server and remotely boot and start the
Fedora installer. To do this open the /etc/dhcpd.conf file and add the following
lines shown below and restart DHCP server.
option domain-name-servers
192.168.3.88; #<-- RIS Server IP
option domain-name
"ris.pcquest.local";
# <--domain name
option option-128 code 128 = string;
option option-129 code 129 = text;
filename
"/linux-install/pxelinux.0"; #<- Boot image File
DHCP on Windows
This is even simpler. Go to Administrative Tools and fire up the DHCP
option. Here right click on the 'Server Options', click on the 'configure
options' and a new Windows opens up. Check two options namely '066 Boot Server
Host Name' and '067 Bootfile Name'.
For both of these give the values 192.168.3.88 and pxelinux.0 respectively.
Now just restart the DHCP server and you are done.
The Finishing Touches
Come back to the tftp-server and restart both the apache and tftp servers.
Go to any machine with a pxe bootrom and reboot it with the first boot option as
network card, and you are done.
As the name suggests, inventory management is the recording and the managing
of the desktop hardware to its component level. It is also understood as
hardware monitoring. There are two approaches to do inventory management. One,
of course, is the manual way in which you open up all the machines and check for
the available hardware and keep a note of it. But this traditional method is not
that efficient for recognising hardware changes. Let's assume you have 1 GB of
RAM in your machine and loose 512 MB due to hardware failure or some other
reason. Now unless you don't inspect the machine you will not be able to detect
the change. So, going with the other approach, i.e. doing the inventory with the
help of software would serve the purpose. Here an agent is pushed to all the
desktops and the software takes care of the rest. It connects back to a central
server and reports for all the hardware components inside each and every
machine. In case there is a change of hardware component, it immediately detects
and reports back, hence, solving the problem of changing inventory.
Inventory mgmt with PC-Duo Enterprise
PC-Duo is a centralized desktop management suite for Windows and mac OS it
comes with separate modules namely Inventory Management, Software Distribution,
Software Metering, Diagnostics, Helpdesk Issue Tracking and Remote Control. The
Inventory Management module provides detailed software and hardware inventories.
It lets you manage software policies throughout the network and also lets you
control as well as monitor software usage across the organization. You can
create Policy compliance and License compliance reports too. In Policy
compliance report it will tell you which machines are running wrong and also
about the missing and unauthorized software packages installed. In inventory
reports it also lets you compare inventory of two machines. PC-Duo can also work
in audit mode in which it can capture inventory and user details from the
workstations without installing agents on them. Software Metering module
provides analysis of software usage on the workstations. It also lets you
monitor which users are using the software and for how much time. This helps to
ensure that software is installed at its desired place, which helps to reduce
software licensing costs. PC-Duo has a web-based reporting portal which can be
accessed from anywhere, it comes with 50 predefined reports; adding to this you
can also have customized reports. It also lets you schedule all of its functions
such as inventory scans and software distributions so that they can be performed
while network usage is low.
PC-Duo extracts software inventory directly from the registry and provides the report to you in a comprehensive manner |
Site is another important component of PC-Duo which lets you organize your
workstations into business and logical groups. Each site collects data from the
assigned offline areas. Sites require an ODBC compliant database to store and
manage the data collected.
Install and config
PC-Duo can be installed on Windows 2003, 2000 and XP. Before installing
PC-Duo you need to have MDAC 2.80 or a later version of it, and for database you
need to have at least one of these-MS SQL, Oracle, MSDE or MS Access. Once
installed, the first thing you need to do is to create a Site database. This
database stores all the data collected from the clients. The site creation
wizard starts automatically when you run PC-Duo for the first time. The wizard
will ask you to specify Offline Area and Client kit locations and choose the
machines on which you want to install agents. Offline Area is basically a shared
director used by clients to store the raw data extracted from the machines. The
wizard next asks you to choose the machines where you deploy PC-Duo clients i.e.
its agents. Once you have selected the machine, click on finish, it will now
create a Site Database and install the clients on the selected workstations.
Once wizard finishes, you can see the Site in its main console, with all the
available modules. To start managing your network, go to the operations option
on the Site. From here you can perform all desktop management operations like
Inventory, Remote Control, Software metering etc. Let's do a hands on of some of
the operations you can perform.
In PC-Duo's Hardware Inventory module you can see all hardware details such as the processor, memory, printer, FSB etc |
Inventory
Performing Inventory scans and creating reports is simple in PC-Duo. To
perform an Inventory of hardware for the workstations running in your network,
select Hardware Scan option under the operations. Choose upgrade hardware
inventory , this will open a new window. Here select the workstation on which
you want to perform the scan or else you can select 'All Clients' option to scan
all the machines in the network and click OK. This will open Submit job window,
here first provide a name for the job and choose the time when you want scan to
run. You can also choose to repeat the scan everyday or week. Now click on the
logging tab, here enable the log extra detail option and click on submit button.
Now it starts scanning your workstation for their hardware inventory. Once the
scan finishes, you can see the reports from the hardware scan window. Other than
hardware summary for the whole network, you can also see the component specific
reports such as CPU, Memory and Disk. Similarly you can also perform software
inventory from the Software Scan option. The software inventory reports let you
find out software installations and patches identified from the registry with a
complete software package installation report.
This is a new concept in the world of desktop management, and there are many
different ways of doing it. Being new, there's no standard definition for it, so
different vendors are promoting their own methods for doing it. Simply put,
desktop virtualization means running more than one OS on a single desktop PC. It
may seem like ordinary virtualization, but there are different ways of doing it
to ensure smooth desktop management. For instance, suppose you were to create a
virtual machine in which you packaged the Operating System with your own
security policies and software? This would allow you to standardize what you're
giving to your users. Another form of virtualization is called Virtual Desktop
Infrastructure, or VDI. Here, there's no OS at the desktop. Instead, you run it
inside your data center, and deliver it virtually to the users. This could be
done using thin clients or from a simple desktop PC. The most well-known vendor
for VDI is VMware, but other vendors like Virtual Iron also exist.
Another concept similar to VDI is Application Delivery in which only the
application is delivered to the users instead of the whole OS. In this the
application is streamed over the network, and it is executed in an isolated
environment over the user's PC. Citrix's latest version of Presentation Server,
4.5, has this feature, and we'll tell you how to deploy it.
Application Streaming with Citrix Presentation Server 4.5
Application Streaming lets you deliver Windows-based applications to any
desktop and yet centrally manage them.
Citrix calls its Application Streaming as record, download and play
architecture. Applications to be streamed are prepared using Citrix profiler,
which
includes configuration and files required by the application to run in
isolation. The Citrix profiler creates a .CAB file which is published on a file
server. When an application is streamed, it is cached locally and users can use
it just like a normal desktop application. Application streaming lets you
install and configure an application on a profiler and then transfer it to a
file server; these applications can be streamed to a workstation from the file
server. This lets you access the application from anywhere without connecting to
the server. Now all application updations and patching can be done at one place,
instead of every workstation. Users can access the application using Citrix
program neighborhood client or a web client.
If a desktop is not in the network, applications can still be used by caching
them locally in an isolated environment. Application caching also ensures faster
access to the application whenever it is launched. When an application runs,
cached files are updated automatically in case a new version of file is
available on the server. While streaming applications run in an isolated
environment, the files, such as registry settings, INI, DLL files, required to
run an application are also isolated. This ensures that the files do not clash
with the ones running on the workstation client.
Once you have created the profile, you can see the available applications and files used by the applications |
How to implement?
Citrix Streaming Profiler lets you prepare profiles that contain
applications and settings, which will be streamed to desktops. Profiles can be
created by installing applications on an independent machine running Citrix
Streaming Profiler. You can have multiple applications in a profile with their
pre-requisites. The Profiler can be installed on Windows 2000, XP and R2 and
must have Microsoft XML 2.0. Once installed, open Citrix Profiler and from the
File Menu start New Profile wizard to create a new profile. For this first
provide a name to the file and then choose the profile security level.
Next you need to set at least one target Operating System. By default, the
wizard will choose the Operating System and language installed on the machine on
which you are running the profiler.
Next the wizard will ask you to choose whether you want to use 'quick' or
'advanced' install. Use advance install if you are installing multiple apps,
editing registry settings etc. while quick install if you are installing an app
through a single executable file. So let's deploy MS Office using quick install.
Browse to the location of the installation program, and provide command line
parameters if there are any. Then the wizard will ask you to launch the
installer and will install it in the system in which you are running profiler.
You can also choose to perform a virtual restart. The wizard also lets you run
every application, this is handy when in some applications you have to provide
serial numbers for the first time you run, or perform some one-time
configuration when they start for first time.
Lastly the wizard will ask you if you want to digitally sign the profile
using a certificate from a trusted authority, however this is optional. Once you
click on finish the profile will be created and you will be shown profiler main
console. From here you can check all the settings and save the profile to a UNC
path.
Publishing an App
In the Access Management console select the farm to publish the application.
Go to application node and select application node and from common task pane
click on new folder.
Now select this folder and choose publish application from the common task
pane, this will launch publish application wizard. The wizard will ask you to
choose application delivery method. Here you can choose between 'streamed to the
client' or 'accessed from the server'. In streamed to the client delivery method
users stream the profiled app from the file server to their workstation. For
this users need to have streaming client installed. In accessed from server
option, users launch application from the server using ICA.
In the next step wizard asks you to provide the UNC path where the profile of
application which we created earlier resides. The next step lets you choose
whether you want user to have offline access to the applications or not. You can
also choose to pre-cache the application when a user logs in, however concurrent
logins may result in huge traffic if the application being streamed is heavy.
Going further, the wizard will ask you to add users who can access this
application and lastly to choose an icon for the application and publish it.
Once you have published the application, you are done with the server part
configuration, now for users to access the published application you need to
install citrix streaming client for them. Here you have two options, first to
use Streaming client with program Neighborhood agent and second to use Streaming
client with a Web browser. In streaming client with a web browser option as the
name says, a user accesses the published app through a web browser. However in
this option offline access to applications is not supported. The program
Neighborhood agent supports all application streaming features and it requires
at least 5% or 1 GB of disk space whichever is minimum to run. Citrix streaming
client also comes with a utility called RadeDeploy.exe which lets you pre-deploy
the frequently used applications to clients. This prevents clogging of network
and the file server. In program Neighborhood client, you can easily access the
published application using application sets. Once a user is authorized, the
application sets are visible in neighborhood client. The user can simply launch
the application and start using it.