NT Applications Support – Status and Future Developments Christian Trachimow, DESY 11/7/2015 The DESY WindowsNT Group.
Download
Report
Transcript NT Applications Support – Status and Future Developments Christian Trachimow, DESY 11/7/2015 The DESY WindowsNT Group.
NT Applications Support – Status
and Future Developments
Christian Trachimow, DESY
11/7/2015
The DESY WindowsNT Group
1
The Product
NetInstall 4.2 / 5 from InstallShield / NetSupport
more than 500,000 clients in Germany
cooperation with InstallShield for worldwide distribution
price: $18 / client
Technical highlights
“Software on demand”: This feature provides a synchronization between
user part and workstation part. If a user launches an application for the
first time, NetInstall checks, which part is missing and installs it
“Local security management”: All commands which needs administrative
privileges are executed through a service without splitting installation
script
DESY
11/7/2015
The DESY WindowsNT Group
2
Classification of Support
The Fully Controlled PC
positioned for task oriented user
Centrally installed, configured, maintained and managed
Full responsibility for the PCs
The User Configurable PC
positioned for sophisticated user
Centrally installed, locally configured and maintained
Partial responsibility: availability of services, applications, etc.
The non-maintained PC
if you think you need it, OK, but abide by the rules
no responsibility taken at all, “good NT-keeping” rules enforced
DESY
11/7/2015
The DESY WindowsNT Group
3
The Yellow PC
User can be local administrator
Basic Setup can be installed on every PC
PC is managed by user or group administrator
User can install all programs at his owns risk
NetInstall is just a AddOn Service
installed applications are not affected
setup takes 1 - 10 minutes
Application Service with NetInstall
Install and uninstall whatever you want
During installation the user is asked for a local path
When applications have to be updated the user is asked at logon if the update
should be installed right now, at next logon or never
shared responsibility
DESY
11/7/2015
The DESY WindowsNT Group
4
The Green PC
User is not allowed to be local administrator
Basic setup has to be installed on plain PC
only group administrators or domain admins are in administrators group
local security restrictions to OS (parts from the ZAK)
User can only install applications, which don´t override existing files
some tools cannot be used, e.g. regedit, Service Manager, ...
Application Service with NetInstall
Some applications are preinstalled
Install / uninstall with interactive installer whatever you want
every installation restricts the file access to the files which are installed
Updates are done automatically at logon, but user can delegate it to next
logon
group admins or central services are fully responsible
11/7/2015
The DESY WindowsNT Group
DESY
5
Status
The use of NetInstall
Red
NetInstall PCs
Green
Yellow
Total Number
18 %
82 %
200
900
1400
Green PC
Number of PCs
300
1100
Hera controls (50), administration (80), other people (70)
3 NetInstall databases with 50 packages
Hamburg / Zeuthen / Hera Controls
DESY
11/7/2015
The DESY WindowsNT Group
6
Support
Yellow PC
precondition: trust between users and service providers
user has control about updates (!!!)
application support is an AddOn service
widely accepted service
Green PC
centrally supported
no trust to the user (but to group administrator)
only accepted by some groups
important for public PCs
DESY
11/7/2015
The DESY WindowsNT Group
7
Psychological Aspects
What PC users said (and still say)
PC is a universal tool that has a voice on the daily
work
The key of success and the challenge was to loose the
users distrust in central services ...
“This is my PC !” / “I need full control !” / “I need this
application now!” / “You have to support me !”
accusation: domination / dictate
... and to establish a group administrators structure
11/7/2015
They are the natural speakers of their groups
They focus the needs of their users
Help us to keep users under controls / educate their users
The DESY WindowsNT Group
DESY
8
The Role of Central Services
Democratization of the Desktop
The user has become more powerful and more independent than before the
arrival of the PC. This must actually be seen as a good thing!
Service Provider
Central Services have to offer the user community services that it needs and
that it wants to use. The services must be “sold” to the community.
Primus inter Pares
Central Services will remain an important service provider, but it will not
remain the only one, or, for a given user, the most important one. The focus
should be on services that a computing center excells in naturally.
Cooperative Computing
Rules, service designs and implementations have to be defined in close
cooperation with the user groups. An important role in future will be as
facilitator of services between local groups and as information broker.
DESY
11/7/2015
The DESY WindowsNT Group
9
Building Application Packages
Easy installation of local packages
amount of time
NetInstall script
Green PC
1. Scan PC configuration
2. Install and configure application
3. Scan PC configuration again
4. Test the script
find out which files and directories need write access
Shared installations
separate read only from write data, reengineer application
Do we need shared applications and Green PCs ?
DESY
11/7/2015
The DESY WindowsNT Group
10
Building Application Packages (cont.)
Configuring application
Maintaining applications
Needs expertise of application
problem: how to migrate user settings between different
versions
Problems with special applications
IE4: setup is dynamic, more a operating system upgrade than
an application
Office 2000: Installation with Windows Installer provides
new functionality (installation on demand, auto check, ...).
This functionality is lost when using a “static” NetInstall
script.
DESY
11/7/2015
The DESY WindowsNT Group
11
Migration to NetInstall V5
Problems with NetInstall 4
synchronization between 3 sites / databases
replication of packages between 3 sites
test / production database are separated setups
laptop support
NetInstall 5 features
Multi-Database
Multi-Server support which includes
Load balancing / fail over
Replications
DESY
11/7/2015
The DESY WindowsNT Group
12
NetInstall 5 Site Structure
ORG - DESY
OU - DESY Hamburg
SITE - backoffice
SERVER A
SERVER B
OU - DESY Zeuthen
SERVER C
DESY
11/7/2015
The DESY WindowsNT Group
13
NetInstall 5 at DESY
NetInstall 5 is used by “Hera Controls”
Each packages had to be migrated
Two servers hold packages for redunancy
Clients are migrated automatically
Migration of packages and databases in Hamburg and
Zeuthen will start in October
Add features to standard behaviour
Every package builder gets own database
Laptop support
DESY
11/7/2015
The DESY WindowsNT Group
14
Application Support in the future based on Windows Installer ?
Package contains information to install/uninstall an
application
consists of .msi file and some source files / cabinet files
.msi consists of
Installation database
Summary information stream
Data stream
Packages organized around features and components
Feature:
Component:
DESY
11/7/2015
The DESY WindowsNT Group
15
Windows Installer Features
Installation mechanism
Installer (service) is instructed to install a feature
Installer queries database to generate installation script
Installation can be performed by a process with elevated
privileges
Rollback: during installation a rollback script is generated
Advertisement
Assigning
application appears to the user (shortcut)
Publishing
Application appears to other application (published to shell: installed
by file accociation / MIME association)
DESY
11/7/2015
The DESY WindowsNT Group
16
Windows Installer Features
Installation on demand
Resiliency
Idea: recover gracefully from broken components
But: a set of API functions which has to be implemented by
software will be used only for vital components
Customization
User can call functionality in abscence of the files itself
databases can be merged or transformed
Will be used for patches / customization
database contains a state description of the
application
DESY
11/7/2015
The DESY WindowsNT Group
17
Example: Registry tables
DESY
11/7/2015
The DESY WindowsNT Group
18
Installing application with W2000
Applications will come with a description of the
installation state (.msi database)
Software management will be package oriented
Less intallation problems / less inconsistencies
repackageing or reengeneering is not needed
Local as well as shared installations can be mixed
It will take time until the spirit of the Logo program reaches
the programmers ( „Local security management“ /
„Software on demand“)
During the next two years most software will come with
„good“ databases
Installation process itself and the consistency
become less important
DESY
11/7/2015
The DESY WindowsNT Group
19
Software distribution
Additional tool to is needed for
Policy based management not clear
Configure / maintain versions !!!
Pakete erstellen, die kein .msi mitbringen
Anpassen
Patches
Migration / Pflege der Usereinstellungen
Depends on the programs
Green PC is dead / Nice concept is dead
Think of functionality (define collections ...)
More degrees of freedom:
many features are availabe/ shared vs local / on demand vbs
preinstalled
11/7/2015
The DESY WindowsNT Group
DESY
20
DESY
11/7/2015
The DESY WindowsNT Group
21