open mtip meeting april 5, 2000. issues with current lab setup (from last meeting) easier/faster...
Post on 12-Jan-2016
215 Views
Preview:
TRANSCRIPT
Open MTIP Meeting
April 5, 2000
Issues with current lab setup (from last meeting)
• Easier/faster application deployment and maintenance
• Client diversity• Education• Auditing• Universally accessible file system • Workstation maintenance (ties with security)
Today’s focus
• Easier/faster application deployment & maintenance
• Workstation maintenance (ties with security)
• Client diversity
Solution overview
• Use ZENWorks 2 for Desktops to deploy, configure and maintain applications, to assign apps to workstations rather than users, and manage application security
• Use the Novell GINA rather than the NCSUGINA
• Novell Client v4.6 SP 2 for Win NT (not 4.7!)
• NT labs: Transarc AFS client; Departmental Win9x labs: SAMBA, if dept. provides
Issue: Applications are too hard to deploy and maintain.
• Installs require administrators to physically visit machines.
• Lead time on new apps is too long/too few people create applications.
• Workstation security interferes with application functioning.
(Apps too hard, continued)
• Application assignment to .USERS is all-or-nothing, and can only be done centrally.
• Locally desired apps must be installed manually/icons can’t be in NAL.
Zen 2 Application Deployment
• Configure as “Install/run” rather than having a separate Install and Run
• Assign applications to workstations and labs, not to users
• Run as “Unsecure User” applications that can’t run with restrictions
Unattended (by administrators) application installations / repairs
• ZENWorks 2 for Desktops offers scheduled, “lights-out” installations.
• Install/Run ZEN apps let users initiate installation of new or updated software.
• Install/Run also enables “self-healing” feature for ZEN applications.
• Force-run/run-once technologies offer additional possibilities for installing ZEN apps.
Shorter lead time for deployment
• Application assignment to workstations means that testing need not be global.
• Local apps can be created by local admins who are most familiar with configuring and installing them.
• ZEN Install/Run can ship apps anytime, without need to do an install step. First user to run app pays install time penalty.
(Short lead time, continued)
• Ability to run apps as “unsecure system user” means no real development time devoted to security fix-ups
Purpose of security
• Make sure students get the access for which they paid.
• As a secondary goal, make life easier for the administrators.
Workstation security
• ZEN option to run as “Unsecure System User” allows applications to run with admin privileges: user can only access what the application can access while the app runs.
• Continue to use current approach for labs where running applications with admin privileges is not appropriate.
(Workstation security, continued)
• For extremely secure systems, use current approach plus a faceless “Secure System User” app to unlock only those keys/files only while the application is running.
Use Imaging for faster workstation rebuilds
• Set up a “hidden” partition in the first 2 GB of a workstation’s disk drive
• When booted from this partition, automatically run Ghost to restore image from the partition or from a network server
• After Ghost completes, set the partition to invisible and boot the OS partition
• First boot of OS partition runs any fixup or re-registration chores
Issue: Client Diversity
• Zen 2 works for all Windows platforms, Windows 3.1, Windows 95/98, Windows NT 4, and Windows 2000 (with service pack)
• ITD still focusing on NT 4 in the short term, to have an AFS client
• Many applications will also run under Win95/98 or Win2K
Remaining Issues
• Universal File System– Zip drives being ordered for ITD labs– Looking into Web accessible file systems
• Education– Working to have regular Zen classes offered by
ITD– Working on web site to consolidate information
(Remaining Issues, continued)
• Auditing– Site License for “Audit Login” software to
account for NetWare file servers– Working on auditing method for all platforms
Features
• Zen 2 provides the core functionality needed to make applications easier to maintain and deploy; enhances app security options, and supports client diversity
• Zen 2 is on our site license, so it’s a cost effective solution
• Zen 2 has significant on campus expertise, and allows us to leverage external resources (other institutions/groups, vendor support)
(Features, continued)
• Zen 2 has additional functionality, such as Inventory and secure Remote Control, which were not identified as “critical” but are definitely desirable.
• We won’t disrupt existing setup - faculty can continue to run NCSUGINA and run applications from AFS space.
Gotchas & anti-features
• Can’t get single sign on to AFS and NetWare (2nd login to get to AFS space)
• No hesiod group functionality will be implemented initially
• No auto synchronization of NT profiles between NW and AFS after initial migration
• Netscape bookmarks don’t follow from Solaris to NT until NetWare 5.1
To Do/Status List
• Contextless login: waiting on new hardware for replica servers, but have a contingency plan should hardware not arrive before deadline; cannot test effectively without this.
• Profile storage: waiting on new hardware to hold the NT Roaming Profiles, can test with a test account configured to store on a different box
(To Do/Status List, continued)
• Workstation registration: every machine will need to be registered/imported into the tree - user policy package for admin accounts in the workstation containers
• Imaging: Ghost images/Restore mechanism for workstation-specific info / Need input from COM on hidden partitions; need file space to store lab images for multicast
(To Do/Status List, continued)
• Applications: modify existing apps to store settings in NW profile space
• No new apps for Summer created by ITD.
• Migrate settings from AFS space to NW profile space- need to wait for semester break when labs are closed
(To Do/Status List, continued)
• Copy app files from AFS to NW space- need to set up space for them
• User policy package assigned to .USERS modified to store Roaming Profiles on NW server / need to wait for semester break when labs are closed - use a test user account to test beforehand.
Timetable
• Spring exams end May 16. Summer begins May 24.
– Apr 15 Contextless Login– May 1 Profile Storage– May 1 Application modifications completed (note:
existing apps will be duplicated and changed, not replaced!)
– May 1 Application servers online, application files copied from AFS space
– May 1 NT Roaming Profiles policy for .USERS
(Timetable, continued)
– May 17-19 AFS NW migration for NT profiles– Workstation Registration: local schedule– Ghost Images: local schedule– Hidden partition: work to be done during the
summer, for release in the fall
Worst-case scenario
• No contextless login no move to Zen 2
• Roaming profiles may not migrate properly from AFS versions
• Others?
How to deal with workstation registration
New apps - you do them, and you CAN do them
Documentation on the web
top related