Desktops

 

Introduction.  Managing desktops can be fairly well organized into dealing with three basic situations.
  1. Initial loading of systems software and applications
  2. Updating systems software and applications
  3. Configuring network parameters and connectivity

 

Automating Processes.  If a site is to be developed as cost effectively as reasonable these tasks should be automated for any platform that is widely used at a particular site.  Usually it is extremely difficult to justify automating these tasks for platforms that aren't very prevalent.

In some instances it can be extremely difficult to fully automate these processes.  If you are ever buying a new product one important characteristic to always look for is whether these processes can be automated with the product.  Rapid deployment is becoming more and more important in product development and vendors are building in or supplying these capabilities.

Some of the major advantages to automating are

  • Likely to save time
    • manual processes are likely to require a lot more direct labor
  • Likely to result in fewer mistakes
    • manual processes are more likely to result in errors
      • helps avoid misconfiguration
    • automated processes are much more likely to have been tested and used repeatedly
  • Likely to result in greater uniformity between installations
    • who knows how it has really been configured when it is done manually or by the end user
  • More likely to be idiot proofed
    • the processes should be developed so that there are many fewer chances for problems

Again, the more these processes can be automated the better.  While it can take considerably more time to develop the automated processes initially they should save considerably more time when implemented.

Cloning Hard Disks.  Some sites set up cloned hard disks which implies setting up a host with the exact configuration for all its deployments.  This can have its disadvantages because of dealing with a variety of platforms.  There is likely to be a need for more than one configuration due to things like platforms, settings and  other things.  Some operating system vendors do not support cloned disks because their software installations make decisions at installation time.

It may be possible or essential to strike a balance.  Some sites choose to clone disks to establish a minimal standard install and then use automated software  to layer in other applications as needed.

Vendor Installations.  One of the biggest questions a system administrator needs to consider is, "Should you trust a vendor's installation?"  In what is likely to be a high quality, but more demanding answer, reloading the OS yourself is usually better for several reasons.

  • you probably have to deal with loading other applications anyway
  • their standard setups may not be what you want
  • when you load from scratch YOU know the initial state of every machine
  • if you have to later reload you are not in as good a position if you need reload the vendor's software

Updating Installations.  Unfortunately, new bugs, security holes and fixes are occurring in software all the time.  It is important to remember the ways in which an update is different from an initial install.

  • the host is in a usable state - updates are usually done on machines that are in good working order
  • the host is in an office - update systems need to be able to perform the job on the native network of the host
  • no physical access - updates shouldn't require a physical visit
  • the host is already in use - updates need to occur quickly enough since the user is going to need to get back on the machine as soon as possible
  • the host may not be in a "known" state - the operating system or applications may have decayed since its initial install
  • the host may have live users - some updates cannot occur while a machine is in use
  • the host may be gone - the host is not necessarily on the network at a particular point in time for any number of  reasons
  • the host may be dual boot - the update systems need to make sure they can verify that they've reached the operating system they need to perform the update

Many system administrator's reduce the risk of failed updates by using what may be called a one - some - many approach.  This may be summarized in the following bulleted list.

  • One, update one machine.  You may well update your own machine first.  If it fails improve the process until it works for a single machine without fail.
  • Some, try this update on a few other machines.  Maybe these machines are in your neighboring cubicles or for other system admins.
  • Many, work to larger and larger groups.

An automated system that is poorly developed has the potential to cause massive damage.  The following are the likeliest steps in an update process.

  1. Create a well defined update that will be distributed to all hosts.  Set it forward as ready for distribution.  Use this to develop buy-in/approval from all stake holders.
  2. Establish a communication plan so that those affected don't feel surprised.  Maintain consistency in your execution.
  3. When you're ready to implement the "some" phase think about using some metric to asses success rates.  If there are no failures make each subsequent group about 50% larger than the next.
  4. Finally, you need a way for your customers to stop the deployment process if things go disastrously wrong or get you re-involved if their update fails.

Network Configuration.  You also need an automated way to update how the desktop should interact through the network.  This can also be characterized as updating network parameters.

The most common process for updating these is through DHCP - Dynamic Host Configuration Protocol and making use of DNS - Domain Name Service.  This is used so that IP addresses can be both dynamic for some hosts and static for others.  Due to the form of IP addresses, a DNS entry is almost always used to make it easier to establish connections with more frequently used hosts.

DHCP has many options and features and as usual it is best to keep things simple and effective.  One of the major features that is very often used is to hand out available internal IP addresses from a pool as users login to the network.   Fortunately, it is possible to use static addresses with other properties for more frequently used hosts such as e-mail servers, database servers and printers.

If a host is running services, it should receive a permanent DHCP lease and always have an appropriate name.  Hostnames should be controlled by a centralized authority so there are no conflicts and the naming conventions help users determine what sort of services are being provided.

The Icing.  One of the main things to create in any installation process is a high confidence in completion in success.  A very major component of this is involving the customers in the specifications and designs.  They need to feel they are getting what the need and desire. 

It is also important to have a reasonable variety of standard configurations available.  Some people need primarily office related tools, some need engineering related software, others might need marketing analysis programs.  There can also be some basic differences in configuration needs such as processor speeds, video cards, CD ROM capabilities and different operating systems.  Obviously, the greater the diversity in such standard configurations the greater the work for the system admins.  Though on the other hand, these sorts of things are some of what they are getting paid to provide.  But there are also many other more sophisticated ways that system admins should probably be spending their relatively high priced time.