Lowering the total cost of ownership (TCO) of a network operating system is a significant driving factor for the IT departments in many organizations. One of the most efficient ways to reduce TCO is via centralized change and configuration management. In this scenario, administrators have complete control from a central location over the desktops within their organizations. Key functionality that should be present in any feature-complete centralized change and configuration management implementation includes the following:
User Data Management Services to mirror/cache user configuration files and data between their desktop and the server, allowing for enhanced performance and reliability.
Desktop Application Management provides administrators with the ability to deploy software automatically without having to visit PCs. In addition, applications should automatically fix themselves upon corruption or removal of necessary files.
Operating System Installation services should be provided to allow the administrator to automatically deploy operating systems over the network (either via special boot floppies or network boot-capable systems) to eliminate the need for individual desktop visits.
User Settings Management should be provided to allow administers to centrally control and store the user’s work environment. The administrator should be able to control what aspects of the operating system a user can access (eliminating unnecessary help desk calls by inexperienced users mistakenly configuring their systems), centrally define preferences such as printer paths, and ensure that a user’s environment is replicated when moving from machine to machine to eliminate the need for constant environmental reconfiguration.
For the most part, the desktop management capabilities of Solaris 7 are weak. However, Solaris 7 does support remote operating system installation and remote desktop application management. These features are implemented through Solaris Web Start and the Solaris Web Start API.
With Solaris Web Start, administrators can remotely install the Solaris operating system. With the default installation option, the operating system and all bundled software packages are automatically installed on the remote system. With the custom installation option, administrators can select software to install and configure the Solaris installation. The option to format and configure file systems is also available. Online help can guide inexperienced administrators through the installation process. Finally, secure authentication ensures that only authorized personnel can remotely install the operating system.
The Solaris Web Start Wizards can be used to install and update software remotely using Solaris Web Start technology. When doing so, administrators can use default or custom installation options and must also authenticate themselves prior to execution. Using the associated developer toolkit, third party vendors can add Web Start support to their applications as well.
Windows NT Server 4.0 Implementation Details
Windows NT 4.0 also has weak desktop management capabilities. No user desktop management solution is provided, leaving administrators and clients with no real solution to manage user data files between the local machine and the server. No desktop application management solution is provided with Widows NT Server 4.0 either. However, this functionality is available with Microsoft Systems Management Server.
Change and configuration management on the Windows NT Server 4.0 platform is accomplished with the addition of a freely available add-on – the Zero Administration Kit (ZAK). The ZAK is a set of tools, methodologies, and guidelines for IT managers that incorporates and supplements existing Windows technologies to simplify the implementation of a centralized, policy-based change and configuration management model on the Windows NT 4.0 platform.
At a high level, the ZAK provides the following functionality:
Centralized Configuration – Administrators can specify exactly what business applications the user is allowed to run, the look of the desktop, and where the user data is allowed to reside. This is all managed centrally requiring no visit to the desktop. This helps ensure worker focus and productivity.
Elimination of Local Access to the Desktop – Users are prevented from installing applications on their desktops or making any changes to the system configuration, preventing costly downtime.
It should be noted that ZAK only provides user/desktop settings management functionality. Specifically, ZAK enables administrators to lock down desktops and prevent end user operations that result in help desk calls, eliminate end-user access to system files and features, remove the ability to install unapproved applications, and provide centralized configuration of the desktop. Software distribution is not a feature of ZAK, instead customers have to look to Microsoft Systems Management Server (SMS), which fully integrates and compliments ZAK, for this type of functionality on the Windows NT Server 4.0 platform.
By default, the Zero Administration Kit operates in one of two modes – each one providing varying degrees of control over the user’s desktops. These modes can be summarized as follows:
TaskStation Mode is an ideal configuration for a “Tasked Oriented” worker, such as an order entry clerk or bank teller that requires access to a single line of business applications. It provides complete lock down of the desktop. The Windows user interface is disabled, which prevents a user from accessing any additional applications or data including the Start button, the Taskbar, the Task Manager, the Control Panel, and the file system.
AppStation Mode is designed for the typical worker who runs multiple applications but does not need or have the experience to access system configuration options or install other applications. It boots the desktop into an administrator constrained Windows interface, providing users with access to just the business applications that they need. Access is restricted to Task Manager, Control Panel, and the file system.
Additionally, both the TaskStation and AppStation mode can be fully customized to provide a solution that meets the exact needs of the customer. Other desktop management functions are accomplished via the System Policy Editor, which allows all operating system policies and settings to be centrally managed. The storage of user profiles on network servers allows user profiles (and all associated restrictions) to roam with them from workstation to workstation, ensuring that settings and restrictions are maintained between systems. With the ZAK feature-set in conjunction with the Windows NT system policies configured in the System Policy Editor, the administrator has complete, centralized control over the desktop and what users can and cannot do on his network, helping to reduce administrative overhead and lower TCO.
The necessary templates and other infrastructure pieces are also provided to allow administrators to deploy ZAK itself as well as ZAK-enabled versions of the Windows operating system. An automated setup program creates server shares and unattended client installations to ease and automate the deployment of ZAK within an environment
Windows 2000 Server Implementation Details
Windows 2000 Server provides an exceptionally comprehensive desktop management solution – IntelliMirror management technologies. Designed to lower total cost-of-ownership of Windows 2000 Server-based networks, IntelliMirror provides a unique management solution that combines with advantages of centralized computing with the performance and flexibility of distributed computing.
User Data Management
User data management features support mirroring of user data to the network and local caching of selected network data. The following capabilities are supported:
Data resides locally for offline use.
Data resides on the server for protection.
Data is mirrored so that it exists in both the local computer and on the server.
Data can follow the user if the user moves to another computer.
These capabilities provide the following advantages to the system administrator:
Increased data protection by using Information Technology-managed backup.
Increased accessibility so any computer on the network can be used to access data.
Increased availability means that caching maintains data on the local computer even when it is disconnected from the network.
Desktop Application Management
Windows 2000 Server IntelliMirror management technologies software has been designed to facilitate application installation, updates and repairs, and un-installations in managed environments. System administrators can use the Software Installation and Maintenance features to deploy or upgrade applications in any of the following ways:
Advertised Applications allow administrators to advertise an application during logon at a workstation. When an application is advertised, the shortcuts for the application are added to the appropriate locations (including the Start menu or the desktop), and the appropriate registry entries for the application are added to the local computer registry. The applications administrators assign to computers are automatically installed.
Assigned Applications allow administrators to match applications with users who require them to perform their jobs. For example, if everyone in an organization requires a particular order entry application, administrators can assign that application to everyone – this process assigns the application and makes it available on everyone’s desktop.
Administrators can also assign applications to specific workstations, in which case the application will install automatically the next time the computer is restarted. It should be noted that when an application is assigned to a user, it is actually being advertised by creating shortcuts and updating the registry for such things as file associations. With the advertisement information stored on the local computer, the application itself will be installed when the first request to activate the application occurs, such as the user selecting the icon from the desktop or Start menu or by opening a document associated with the assigned application.
Additionally, if an administrator assigns a newer version of the application (an upgrade), the upgrade is advertised the next time the user logs on and the upgrade itself is installed the first time the user invokes the application. It should also be noted that when an application is assigned to a workstation instead of a user, it is installed automatically the next time the computer is logged on to the network. Finally, it should also be pointed out that assigned applications are resilient – if a user deletes an assigned application it will automatically be readvertised and reinstalled.
Published Applications allow for applications to be stored as Group Policy Objects associated with users in Active Directory containers. Published applications do not appear to be installed on the local computer; no shortcuts appear on the user’s desktop and no registry entries are made in the local computer. Published applications are advertised to Active Directory rather than to the local computer registry. Published applications can be installed in one of two ways – user’s can open files associated with the application or select it from a list via the Add/Remove Programs tool in the Windows 2000 control panel.
User Settings Management
IntelliMirror includes functionality that allows administrators to centrally manage user and computer settings. With IntelliMirror, user settings are mirrored to the network, and administrators can define specific computing environments for users and computers including:
Add new users and computers remotely.
Define settings for groups of users and computers.
Apply changes for groups of users.
Restore user’s settings if the user’s computer fails.
Ensure that a user’s desktop settings follow the user if he or she moves to another computer.
Similar functionality to the features offered by the ZAK on Windows NT Server 4.0 are also present and integrated into the operating system to allow administrators to lock-down and centrally control a user’s desktop configuration to prevent unnecessary help desk calls.
Remote Operating System Installation
In addition to the IntelliMirror feature-set, Windows 2000 Server provides a remote operating system functionality to remote install capable clients from Windows 2000-based servers configured with this feature. The remote installation process installs an operating system on the local computer’s hard disk using a remote source (CD image on a server). Normally, a workstation that is participating in the remote installation model is set to boot off of the local disk. However, in remote installation mode, the workstation first boots from the network to get the operating system installed on the local disk. The network boot is initiated either by the BIOS or by a special boot floppy. In either case, the network boot is controlled by boot code that adheres to the Net PC specification. The preferred BIOS boot model for this environment is one in which the BIOS gives the user a small window prior to booting off the disk in which a special key press causes a remote boot and installation off of the network.
In a Net PC-compatible network boot, the boot code uses the Dynamic Host Configuration Protocol (DHCP) and boot information negotiation layer (BINL) to get an IP address for the workstation and find a boot server. The boot code then uses the Trivial File Transfer Protocol (TFTP) to download a boot program from the remote installation server and transfers control to it for operating system installation to commence.
Desktop Management Summary
For customers seeking to reduce TCO via centralized change and configuration management, Windows 2000 Server provides a number of features and capabilities within this realm. It features two-way mirroring/caching of user data between the client and the server, which provides many benefits to the administrator including canalized backup of user data and easier machine replacement. Its software installation and maintenance infrastructure is also the most sophisticated, which supports the publishing of applications – where users can see that a package is available and then choose whether or not to install it. Windows 2000 Server also offers tight directory integration with its software deployment solution, making it easy to administer. Windows 2000 Server enables the centralized management of the user’s desktop and features a set of comprehensive management. Finally, the Remote Operating System Installation feature provides many benefits to system administrators seeking to roll out operating systems on managed PCs – a feature that is unmatched by the two other solutions.
Windows NT Server 4.0 provides neither software distribution capabilities nor user data management feature-sets. Instead, with the addition of Zero Administration Kit, the operating system desktop can be centrally controlled and move with the user from computer to computer as part of the operating system’s roaming profile support.
The desktop management capabilities of Solaris 7 aren’t very extensive. Still, Solaris 7 does support both remote operating system installation and remote desktop application management, making the operating system a better choice than Windows NT 4.0 if you need remote installation capabilities. However, in other areas, such as desktop configuration and controls, Windows NT 4.0 excels and Windows 2000 supports all these features and more.