cern - european organization for nuclear research cern windows 2000 migration wrap-up hepix-hepnt...
TRANSCRIPT
CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
CERNWindows 2000 Migration
Wrap-Up
HEPiX-HEPNTFermilab, October 2002
Frédéric Hemmer – CERN IT Division
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 2CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Outline
• Key design choices• Mass Migration• Difficulties• Current Status• Next steps• Conclusion
CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Design Choices
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 4CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Key Design choices• Single Domain
– In place upgrade CERN domain to cern.ch– Using Unix Bind DNS’s– Done in July 2000
• Computer creation immediately stopped to work• New user registration was half broken for 15 days• Web redirection immediately stopped to work
• Migrating Servers from NetWare/NT4 first– Allowed for Active Directory in Native mode– Very difficult and time consuming Netware migration– Mac namespace migration problematic
• Mac services using > 140 MB system memory• Eventually splitted the home directories given the little use
• Development of Web Based Management tools– To reduce support costs– Integrated with corporate DB’s (HR, Network, etc…)– Allows for privileged operations delegated to the users
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 5CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Key Design choices (II)• Home directories
– My documents redirection to 8 servers or more– Dfs name space (\\cern.ch\dfs\Users\<letter>\<username>)– Offline folders enabled
• But not enforced
• SMS for desktop management– All Hotfixes, SP’s and tweaks deployed thru SMS– NOT for application management
• Application management thru Group Policies– Combined with Security Groups for flexibility
• E.g. GP Deny Office 2000 vs. GP Apply Office XP• Solves the controls PC problem
– Only Office, NAV, WinZIP, PrintPackage, RealPlayer and CERNWak assigned to machine• Application installation thru MSI
– When available or packaged when needed– Using ZAP files for the others (but still published thru GP’s)
• Rationalization of Applications negotiated with Users and Management– Allowed for a comprehensive documented support model– E.g. Adobe Photoshop discarded in flavor of Corel PhotoPaint
• Reformat hard disk– Not a smooth update/migration– Clean base, solves multiple partitions problems introduced with Windows 95
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 6CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Three Installation Methods• With standard Floppy/ Network:
– Works for all supported platforms.– To be started in parallel on several PCs when possible
• With CERN-made CD’s – when possible:– Based on SYSPREP and cloning software– Specific to each type of motherboards– Much Faster (90 mn -> 20 mn) - Allows to give more time to user.– 3 generations of CDs were produced for 6 motherboards.– Installations performed one at a time.– Well adapted to single installations, as well as “bulk” migrations (no
network/server contention).• With CERN-made Disk Images for new machines
– Now standard method for any new PC delivered– Image shipped to supplier– Installation completed in less than 10 mn– Sensitive to hardware changes
• For all the other cases … unsupported– Although Windows 2000 boot disks and/or Windows 2000 CD’s have been
used
CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Mass Migration
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 8CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Mass Migration
• Decision in 1Q2000 to limit the migration duration for 18 months
• Decision in 1Q2001 to split system teams and deployment teams– Focus on coordination with user groups– Focus on optimizing installation speed and
quality– Decided in 2Q2002 to outsource the routine
work to an external company• CERN requires competitive tendering …• Globally positive but lead to extra overhead and
some bad experiences• Some clashes with the existing outsourced
desktop support contract
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 9CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Migrating Users
• Not only Installing an Operating System:– User’s basic environment (IE and Outlook settings)– Users need a short hand-on session (Outlook)
at the end of the migration.
• Several Training Initiatives– Seminar campaign in Divisions– Sessions for local administrators– New W2K courses organized with Technical Training.
• Pilot migrations– Organized in Spring 2001
• Time spent per User: • 2.5 h with Floppy/network (standard method)• 1.5 h with CERN-made Image CDs (where possible) • => 2 h per user on average
• Exhaustive Migration Procedure and related doc. published at: http://cern.ch/W2Kmtf/Docs
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 10CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
End User Migration Difficulties
• Many local files (on C:), including local Email folders !• Forgotten Mail passwords…• Obsolete Hardware & LHC Budget Reallocation Crisis
– Very slow PCs take longer to migrate (133 MHz, 200 MHz)– Caused Paragon to do overtime,
controlled by reducing the number of daily migrations.
• Delayed Application availability (e.g. MP5)• Reaching common agreement within
divisions/groups takes time.• Existing Diversity…
– Non-standard hardware,– Non-standard configurations (Dual-boot, etc…)
– Diversity comes progressively, but has a cost during mass migrations.
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 11CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Paragon Statistics
Over 7 months: 1005 PCs were migrated by Paragon
W2K Migration by Paragon TeamMonthly Breakdown
90 88 87 82
265 259
134
0
50
100
150
200
250
300
350
Oct'01 Nov'01 Dec'01 Jan'02 Feb'02 Mar'02 Apr'02
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 12CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h User Survey (I) (234 answers - http://cern.ch/w2kmtf/Docs)
CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Some Difficulties
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 14CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Infrastructure problems• Macintosh support
– Macintosh Services are not solid• Could use SMB, but no Mac dfs client
– Logical name space broken• NFS support• Last Login date
– When using ancillary services• NTFS Static inheritance
– Leading users to make mistakes• Legacy data
– Not integrated in the dfs name space• Application repository
– Too large for backup to complete– Splitted on different servers, but replication sometimes
problematic
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 15CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h Application and desktop management
problems
• SMS software metering does not scale– But needed for our license agreements
• Office redeployment– Redeployed at every service pack or hotfix– Take 30 minutes
• Roaming profiles– Slow down considerably logins– Aggravated by large Outlook .pst files– Leave undeletable prfxx.tmp files
• Laptops– Standby/Hibernate problems
• Causing a blue or black screen (not the BSOD)• Probably caused by graphics drivers
– Unable to save in My Documents
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 16CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Application problems
• Outlook pst files– Even worse when in the roaming profile
• Norton AntiVirus– Resources used
• Takes 45 minutes to complete• Schedule not flexible enough
• Applications not using MSI– E.g. Oracle which required a parallel
infrastructure
• AFS client– Installation not automated and complicated
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 17CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Microsoft related problems
• Way hotfixes and Service Packs are deployed– Difficult to test Office SP’s without deploying to
everybody– They do not seem to use their own technologies
(or the teams do not talk to each other)– Seems to be targeted at the consumer
• Rapid changes– E.g. Office 2000 will be n-2 in 2Q2003
• Licensing– Difficult sometimes to be able to pay their
licenses!
CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Current Status
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 19CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Windows 2000 Evolution
4446 W2k Workstations @ 6:00:01 PM - Sunday, October 20, 2002
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 20CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Evolution
1121 1058
1435
2729
1006
2056
2350
869
2552
1835
645
1511
558
3274
1279
553
3578
1057
446
3684
977
433
3827
923
385
3814
892
374
4098
813
335
4216
762
329
2887
940
2552
1699
2867
0
500
1000
1500
2000
2500
3000
3500
4000
4500
NICE 2000 NICE 95 NICE NT
Operating System
# W
ork
stat
ion
7-Aug-01
24-Sep-01
23-Oct-01
22-Nov-01
28-Jan-02
25-Feb-02
25-Mar-02
3-May-02
27-May-02
24-Jun-02
31-Jul-02
20-Aug-02
30-Sep-02
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 21CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Divisions Progress
3062
8 9
1652
423
70 49
143
491
581
206
414
565
107
382
23
92
0
10
20
30
40
50
60
70
80
90
100
AC AS DG DSU EP EST ETT FI HR IT LHC Other PS SL SPL ST TH TIS
Divisions
Pro
gre
ss
0
200
400
600
800
1000
1200
1400
1600
1800
Wo
rkst
atio
n #
September 2002: 79.4% of 5307 machines have been migrated
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 22CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
ATI Technologies Inc. 3D RAGE PRO AGP 2X
Rage Fury Pro/Xpert 2000 Pro (English)
ATI Technologies Inc. RAGE P/M Mobility AGP 2X
NVIDIA RIVA TNT2 Model 64/Model 64 Pro
ATI Technologies Inc. 3D RAGE II PCI
ATI RAGE MOBILITY-M PCI (English)
ATI RAGE MOBILITY-M AGP (English)
Rage Fury Pro/Xpert 2000 Pro
ATI Technologies Inc. 3D RAGE II+ PCI
Cirrus Logic 5446 Compatible Graphics Adapter
ATI Technologies Inc. mach64 GX PCI
NeoMagic MagicGraph128ZV/ZV+/XD driver
NeoMagic MagicGraph256AV driver
3D Prophet II GTS Pro
ATI Technologies Inc. ATI-264VT2 PCI
ATI Technologies Inc. 3D RAGE IIC AGP
ATI Technologies Inc. 3D RAGE PRO PCI
Creative GeForce3
Windows 2000 Graphic Card Types
159 Graphic Card Types
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 23CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
276
81
72
Hewlett-Packard HP OmniBook PC
FUJITSU SIEMENS LIFEBOOK S Series
Unsupported models
Windows 2000 Portable Computer Types
44 Portable Computer Types (429 Portables in total)
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 24CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Next Steps• Windows XP
– Is compatible with our infrastructure– ~100 PCs are currently running NICE XP prototype– Really a must for laptops– Not supported yet– Need to develop a SMS upgrade procedure
• Office XP (or Office 11?)– We will propose to deploy it in the coming months
• to anticipate Microsoft “version n-1” support policy.
• Long term Strategy: Avoid O/S migrations– Have new PCs delivered with Windows installed by the manufacturer – New PCs join CERN domain to get CERN environment and applications– Old PCs get progressively replaced over 3 (5) years.
• Evaluate SMS “Topaz”– Could solve application usage monitoring problems
HEPiX-HEPNT, October 2002 Frédéric Hemmer - CERN/IT 25CE
RN
- E
uro
pea
n O
rga
niz
atio
n f
or
Nu
cle
ar
Re
sea
rch
C
ER
N -
Eu
rop
ean
Org
an
izat
ion
fo
r N
uc
lea
r R
es
earc
h
Summary
• W2K Infrastructure
– Apart serving Windows desktop and applications, is now becoming the foundation for:
• CERN Web Services• Exchange 2K Mail pilot • ACB & VPN prototype• E-groups (role based management)• Authentication Service
– Good Manageability– Efficiency in operating the service
• Various management tools• “3rd level Staff / Desktop” ratio very low (~6/5000)
• Real “Mass” Migration to Windows 2000 is complete– Remaining NICE 95/NT systems will be migrated using
traditional channels • Local support• Progressive PC replacement
• But ~1000 PC’s remains to be migrated … or switched off