IST 346

Lecture #2, Chapter 3

 Workstations
• What is a workstation. As defined on
page 41, a workstation as “computer
hardware dedicated to a single
customer’s work”. This could be
extended to include a thin client and /
or virtual workstation, a laptop, or even
a smart cell phone will custom
applications installed.
• Managing workstations boils down to
completing 3 tasks
– Loading the System OS (operating system)
and software
– Updating the System OS and software
– Configuring or reconfiguration network
parameters
 Workstations
• Rules apply to managing a few dozen
workstations to a few thousand
workstations.
• The concepts and processes are the
same, independent of what OS your
using (Windows, LINUX, Mac, etc).
Doesn’t matter.

• The name of the

game is consistency.
How is consistency
achieved?
 Consistency
• Can be achieved at many levels
– Loading the OS and deploying patches
– Loading and updating the applications
– Loading network configurations
– Loading and updating printer drivers and printer
driver configurations (paper trays, color settings,
duplex settings, etc)
– Having the same helpdesk staff answering the
phone and desktop support staff visit the same
users / PC’s.
• Managing systems and applications through
their lifecycle.
• Lifecycle is defined as: The useful life of an
information system; either hardware or
software.
 Lifecycle Management
• Project how long hardware and software will last
• Divide the cost of the resource by this number.
• This is how much per year you will need to spend on the
resource
• Example: A PC costs $1,200 new and has a expected
lifecycle of 4 years. You will need to budget or save
~$300 per year to replace this device once its lifecycle
has ended.
• Again, this applies for software as well as hardware.
• Combination of hardware and software form the
“platform” on which your company functions.
Lifecycle Management
Evard’s Life Cycle of a PC
 Evard’s Definitions
• New: A completely new machine, just delivered etc.
• Clean: A machine with only the OS installed on it.
• Configured: A machine with all configuration and software on it.
Only usable in this state ! (hint: good quiz question)
• Unknown: A polluted machine. Extra applications installed, extra
files etc. The machine has an unknown state in the administrators
perspective.
• Off: A retired machine.
• Build: The process of installing the Operating System for the first
time.
• Initialize: Could also be called Configuring, installing required
software and configurations.
• Update: Applying patches, configuration updates, extra software
etc. Moving to a new known state
• Entropy: The process of polluting a system. During this time, the
system is said to be degrading.
• Debug: The process of removing the pollution from the system.
• Rebuild: The same as build, but from another state than “New”.
• Retire: Removing a machine from the system
 User Rights to the Workstation
• The more rights or permissions a user has to the
system, the quicker the system will degrade.
• There are generally two states in which new
systems are deployed to users
– When the user is an Administrator or administrator
equivalent.
• Can’t install software, make changes to the system settings,
or change the network configuration
– When a user is only a ‘user’.
• Can you launch and run applications.
• Can’t install any patches, updates, or new applications
– Pro’s and Con’s for each case
 Pro’s and Con’s
• Being an administrator
– Pro’s
• Can quickly and easily install and update applications
• Users can configure the workstation how they need with
minimal help from an SA
• Plug-ins, vendor updates, etc can be easily installed.
– Con’s
• Workstations quickly become customized and fall into the
Unknown state
• More susceptible to viruses and spyware. Require periodic
maintenance to (could be automated) to ‘clean’ the system
after it becomes polluted.
• More difficult to deploy centralized updates because the state
of the system is unknown. Helpdesk will receive more calls
after central updates are deployed due to unknown state of
workstations.
• Software may get installed that was not acquired via ‘legal’
means.
 Pro’s and Con’s
• Of being a ‘user’
– Pro’s
• The state of the machine is known so less chance of centralized
updates causing a ‘flood’ of helpdesk calls.
• Only software that is licenses and centrally deployed is installed on
the workstations
• Less virus infections and spyware infections
• Shared machines are more stable because 3rd party software can’t
get installed
– Con’s
• Need to implement centralized workstation and software deployment
servers (Windows Server Update Services - WSUS)
• More helpdesk calls because users can’t install applications. (good
and bad)
• Some applications will not properly run with the user only having
‘user’ level rights. May need to implement various ‘tricks’ or ‘fixes’ as
to get these applications to work
– RunAs
– Wrapping with custom EXE to run the application with elevated rights
– Application virtualization
 Loading the OS
• Step #1, flash the BIOS. When, always
• What is the BIOS. What does it mean to ‘flash it’
– The BIOS is a program pre-installed on Windows-based
computers (not on Macs) that the computer uses to start up.
The CPU accesses the BIOS even before the operating
system is loaded. The BIOS then checks all your hardware
connections and locates all your devices. If everything is OK,
the BIOS loads the operating system into the computer's
memory and finishes the boot-up process.\
– Flashing the BIOS is the process of updating this pre-
installed program to the newest version provided by the
vendor
– BIOS’ are unique to the hardware. They are not generic
– http://www.youtube.com/watch?
v=BSL0P82PhL4&feature=related
– http://www.youtube.com/watch?v=uNr1sse2LiU&list=QL
 Loading the OS
• The process of installing the operating system onto the
computer.
• Automate, automate, automate. Spend the time in creating a
totally hands-off process for loading the OS.
– Can be done either by automating the manual installation
or ‘cloning’ the OS with 3rd party tools.
• Creating an automated windows OS installation can be
done by creating an unattended file that “answers” all
the questions that windows asks during installation.
• Using tools such as Ghost or DriveImage XML to
deploy a pre-tested OS image to all workstations.
• Like everything, pro’s and con’s to both processes.
• I prefer the cloning process to the automated
installation. We use Dell workstations and keep a
‘build’ machine on hand either on a shelf or deploy it to
someone that can give it up for new clone OS build
and test processes.
– Ultimate goal is to eliminates the ‘one off’ or as I like to call
them the ‘white elephant’ installations.
– Even the best SA will make mistakes in loading an OS and
applications. This lead to no uniformity.
• Will take more time up-front but will pay off “10x” over time.
 Loading the OS
• Which ever way you decide to deploy the OS in corporate
environment, get everyone involved with the process. This
includes:
– Helpdesk staff
– Desktop support staff
– Other SA’s
– The entire team will be supporting the user / system so get everyone’s
buy-in and sign-off (either verbally or physically) saying that this new
process or build is ready for production.

• Test, test, test. Get staff not involved with the creation of the
image or process to test it.

Try to think of where the loading process will get

hung up and engineer around it. Again, the
better you plan and more time you put into
debugging your OS loading process, the most
trust you will have in it and the more uniform
your users workstations will be.
 Loading the OS
• Never, when never, use a vendor’s
pre-installed OS in production
– Installation can change over time as
new drivers, service packs, etc. are
released.
– Trial ware applications installed. These
include time stamped (run for a set
amount of time, then quit working)
copies of anti-virus, spyware detection,
etc software.
– It has been known to happen that pre-
loaded OS’ from the vendor have had
virus infections.
 Updating the OS
• Operating systems require updates. This is
true for ALL OS’, not just Windows

• Invest the time and money in implementing an

update system such as Windows Server
Update Services – WSUS. Allows for not
only the deployment of critical patches, but
also, service packs, and some non-OS
updates such as Microsoft Office updates,
Windows media player, and IE.

• 3rd party applications available that allow you

to manage both the OS and the installed
applications. Mentioned a few of these in last
week lecture. Can anyone remember some
of them ?
 Loading the Applications
• Many ways to get applications
installed onto a workstation
– Manually with a stack of CD’s and a desktop
visit
– Creating automated installations that occur
during a login process. These may require the
user being a local administrator for the
installation to be successful.
– Using windows group policies objects (GPO’s)
and windows installer (MSI) packages to ‘push’
software packages and updates to
workstations.
– Again, 3rd party management packages
available.
Testing Your Automated Installs
• Test, test, test…
– The more time you put into the testing and refining
process, the less problems you will have
afterwards.
• One, Some, Many
– Use a staggered approach to deploying software.
– This is true even after the testing is complete and
your very confident in what you’ve built
– Think about it, don’t deploy Microsoft Office 2007
onto 1000 PC’s all at the same time, stagger the
installation over 2 weeks (10 days) and do 100 per
day. Less of a load on the network and
Testing Your Automated Installs
• One
– When testing for the first time, test on one
machine. Use a dedicated test machine
that can be quickly reverted back to a
known stable state. Use a snapshot.
– A virtual machine works great for this
process.
– May wish to test on different platforms as
to gauge how a low end, mid-end, and
high-end system will perform.
Testing Your Automated Installs
• Some
– Once your convinced that your packages are
working as designed, test with some more
users. This could be your support team, a
training lab, or your home department. If your
installation fails on 10% of this group,
chances are that it will fail on 10% of all your
users. Determine why the package failed on
these 10% and fix it !
– 10% doesn’t sound like a lot but 10% of 500
desktops is 50 machines. This could equate
to 50 users being down or your desktop
support staff running around to 50 machines
which may take weeks to complete
depending on workload and staffing.
Testing Your Automated Installs
• Many
– Once you’ve convinced that your in the high
90’s% success rate, you can communicate
your intentions to your target users, schedule
a deployment date, and deploy the software.
Publish the schedule on a website and refer
your users to this page.
– This is the time when having an effective
communication process is vital, not only to
‘get the word out’ to your users but to field
calls if it is determined that the update is
causing problems.
– Don’t deploy software on a Monday or Friday!
Your automated update has the potential of
causing massive damage. Monday’s are
generally not good days to make system
changes. Generally I like to do this on a
Tuesday, Wednesday, or Thursday and avoid
the beginnings and ends of the week.
Questions so far?
 Network Configuration
• Large Workstation populations require the use of
automated network configuration tools. These
are commonly known as DHCP and DNS
services.
• Dynamic Host Control Protocol (DHCP). Process
in which the workstation obtains its IP address
information
• Domain Name System (DNS). Process in which
domain names such as www.google.com are
resolved to IP addresses and servers and
workstations communicate between each other.
• We will discuss these in more detail later in the
semester.
 DHCP
• DHCP server: a server that assigns the IP
address, subnet mask, gateway address,
and DNS server addresses to a
workstation
• Typically workstations use DHCP vs. static
or hard coded IP information.
• Servers (next chapter) typically use hard
coded IP information, but not always.
 DHCP IP Information Assignment

Lease Information
 Single Slide Example of DNS
• Think of it as a large ‘look-up’ table where the
computers name and IP address exist within the
table
• Example
– www.google.com -> 66.249.81.104
– www.syr.edu -> 128.230.18.35
– When you enter a URL in a web browser, you need to
remember only the name, not the IP address, of the
server you wish to talk to (easier to remember name).
Your computer will ask the DNS server what IP
address your website is located at and return that
information to your workstation. Your workstation will
go to that IP address and download the page.
– You can simply go to the IP address of the server if
you know it. For example, launch internet explorer
and go to http://128.230.170.39. What happened?
 DNS
• As your IP address may change via DHCP, your DNS
entry in the DNS table illustrated previously will need to
be updated.
• This is why most servers use a static or non-changing IP
address so once the DNS entry is in place, it doesn’t
need to be updated !
• DNS is used by Windows Active Directory servers (later
in the semester) to keep track of all workstations on the
network and allow them to work efficiently together to
deliver applications, login, print, etc.
• Question, is DHCP a required component on a Windows
network? Is DNS?
 Conclusion
• Workstation consistency is the magic that makes
managing hundreds or thousands of
workstations ‘manageable’. Even if a post-
installation problem arises, if all workstations
exhibit the problem, a ‘fix’ can be created and
deployed to all machines.
• Automate as much as possible to reduce
inconsistencies in your workstations.
• Test, test, test. You can’t test too much!