227 Volts

Let's Talk Tech

Posts Tagged SCCM

SmartDeploy – Part 2

Apr 28

Posted by Justin in Deployment, Technology Related | 2 Comments

When you grow up, your parents always tell you (or mine did), be careful what you say or what you wish for…Well, last week I made a posting on SmartDeploy, stating I was going to check the software out and find out what it had to offer in comparison to other imaging products or what in fact made it so unique…That’s what my mum meant when she said, be careful what you say or what you wish for…The guys from Prowess saw the post and they’re keen on the follow up. Good news is they’re open to feedback good or bad, so at any rate, here goes what I’ve found out and what might be interesting to you.

That Golden Image

The thing we all have a problem with isn’t necessarily knowing what we want in the “golden” image, rather it’s figuring out what is best to make the golden image around. You’ve seen it and if you’re in IT, you probably still do it or live by it…You know what I’m talking about…You make the deal with your vendor to try and ensure you have the same hardware delivered each and every time. In the days of past when Compaq (before HP bought them) made components, we could ensure for a few years, the chipset, the innards, all the bits surrounding our “DeskPro EN” were all the same. Well, not anymore and for that reason, most IT departments have (secretly stashed) a “reference machine” that the golden image is made from. It’s got the OS (including drivers), it’s usually got most of the latest patches and updates and quite often it has the basic Line-Of-Business (LOB) apps…

Well, with SmartDeploy, that’s where the similarities begin and also where they end.

As with the “secret machine” in most IT departments, there is also some flavor of desktop virtualization software. It might be VMware, it might be Sun Virtual Box, it might be Virtual PC, it might be Hyper-V (ok, technically this isn’t a desktop virtualization software…), but any rate, a virtualization software of some type exists in the IT room.

This is where SmartDeploy really “works” in my mind. You build the “golden image” with your virtualization software. No reliance on drivers, no reliance on hardware, you simply build a virtual image and that’s what it really is. In fact, most IT departments have these around for the “golden image” anyways as they probably do regression testing on new software on these images, right?

For my first test with SmartDeploy, I used Sun’s Virtual Box, for my second test I used VMware and both worked flawlessly…In fact, like I said above, I’ve already had images along the “golden” sort from my regression and stress testing of software I often deploy. “Golden” images ready to be captured, the next part was a breeze, it was just waiting for the progress bars that took the most time…

Capturing (a.k.a. rezipping)

Once the reference machines were ready, the next step was as simple as finding the virtual hard disk and having a Starbucks. Fire up the capture wizard, point to the .vmdk, .vmx, .vhd, tell it what .wim file you want created to or appended to (we’ll talk more about this in another topic I think)…, name it and this is where Starbucks comes in…Go get a coffee, because it will a bit of time to “regeerate” the new .wim file and when you get back, you’ll need the power of the coffee to figure out the platform packs or how you want to best try and utilize them…

The Platform Packs

The fun part of making an image is doing just that, making it…Now that the fun part of creating it and capturing it is complete, what is left is usually the most tedious process and the one that makes people lose hair and go grey much earlier in life than planned – the deployment stage.

If you’re using a technology to deploy .wim files already, such as SCCM, you can simply use the .wim you created above as part of the capture stage, however the platform pack stage, whilst a bit complex, is one of the more powerful features of Prowess’ SmartDeploy offering. Now, in lieu of going grey in 5 years of being in IT, you’ll add an extra 3 years to the process (essentially the timescale between this deployment and the next OS release ;)

If the machines you plan to deploy to are fairly standard, you’ll probably have the chance to pull a “Platform Pack” from their website. If your machine isn’t on the list, you can mail their support team and work through it with them (they’re really good and quite responsive) – this is what I did for non-standard machine 1, or alternatively you can go about creating your own platform pack. One thing to note though if we take one of these platform packs at random – let’s say the Lenovo ThinkPad T500 – the pack is 207MB! Caution: These packs are very powerful but also can be very bulky. The bulkiness though and the flexibility of these packs is what make the Prowess tool so powerful.

With SCCM or other technologies, you have to rely on putting the drivers in to the image or hoping plug and play detects the drivers. With the Platform Packs, you simply generate an iso containing not only the image itself (the WIM we just created), but the files you want “injected” at build/deploy/image time (the platform pack). With SmartDeploy, it sends the image down vanilla, but as part of the first boot sequence, it injects the files from the Platform Pack in to the image, so that the next reboot (well two if you have it joining a domain), all of the drivers are installed … all without your interaction. This brings up an interesting discussion we’ll continue on later – Platform Packs 101…

Welcome Windows 7

So, after all of the above, you’ve got your  new image and for the most part the deployment was fairly hands off. You can automate it as much or as little as you want. You can deliver it using many mechanisms but the idea is fairly simplistic:

  1. Build your image in a virtual environment
  2. Use SmartDeploy’s Capture Wizard to extract the contents of the virtual machine to a .wim
  3. Bundle the new .wim with a platform pack containing the destination driver set(s)
  4. Distribute how you’d like (SCCM, WDS, Burning DVD’s, USB)…

Conclusion

From what I can see, there’s major benefit in being able to make the “golden” image in a virtual environment…It’s so much easier to keep a virtual image up to date and not have to worry about physical hardware nor drivers…Like stated earlier, most likely you’ve got the virtual images anyways for UAT and regression testing, so build on what you’ve already got and use the tools for what they’re worth.

I’d be interested in any feedback you’ve got and also the team at Prowess wouldn’t mind your feedback either :)

Tags: , , ,

Deploying with a Twist – SmartDeploy

Apr 22

Posted by Justin in Deployment, Windows 7 | 1 Comment

cds For many years I was a principal consultant with Altiris (in the US and EMEA) and when XP was released I oversaw more deployments than had hot dinners. I got deployment burn out and went to work for a smaller IT company to try to gather my thoughts (and get of the IT radar) only to find myself now 6 years later faced with the same scenario I had back then, deploy and stay up with the times (i.e. Windows 7) or potentially go unsupported (XP SP2) – and getting off the IT radar, yeah I’ve only involved myself more…

At any rate, enter the imaging and deployment contenders – all names we’ve heard of before, right? Altiris, Acronis, and SCCM – the big boys.  That was until I did a bit of research and came across a product called SmartDeploy from Prowess. From the outside what it seems you do is create a VM and then take an image of that VM, which subsequently makes a .wim file you then deploy, the twist being that it injects the drivers at boot time in it’s own version of WinPE, giving you added flexibility. Pretty cool. There seems to be a scripting environment too, but I haven’t gotten that deep yet…

Altiris as we all know builds images and they do that really well, but their images are akin to trying to kill a mosquito with a cannon ball, they not only want to do imaging, but they also want to do inventory, system management, anti-virus, essentially be the one stop shop, which – don’t get me wrong, one vendor is good for some things, but all your eggs in one basket in this arena…I’m not too sure. Plus, their images are still a big and bulky format – not .wim files – which with today’s hardware means a minimum of two images (an x86 and and x64), not to mention a larger pipe for deployment and more disk space to save these images…

SCCM and the Microsoft deployment tools, they’re great too, but they’re more focused at the big league. To get the most benefit from anything Microsoft you have to be either really good at it and focus 110% of your time and efforts on it, or be an enterprise organisation with an EA SA VL and a few other acronyms, ensuring you get the licensing you need when you need it.

Acronis, personally I’ve never used them but every time I look at their marketing efforts or see them mentioned, it seems they’re focused at helping John Doe make an image of his home PC so in case it breaks he’s got a backup…I could be wrong, but that is what their marketing seems to give me the impression of…

Now, here is where SmartDeploy seems to fit in. From what I can gather their licensing model is based on IT head count that will use the product rather than desktop deployments and their sweet spot is the SME market which other guys tend to leave behind or don’t fully address. Often, I find the SME market seems to include government and schools too, which it seems SmartDeploy have a few case studies on, so I can’t be too far from wrong ;)

At any rate, over the next few days (ok, weeks) I’m going dust off the deployment gloves and see what Prowess has to offer because we all know that the Windows 7 migration and imaging jobs can’t be avoided too much longer and a new contender to the market is always welcome as is a fresh set of ideas, not to mention yet another alternative to add to my imaging tool belt…

If you’ve used their tool or know any more about it, please let me know too as I’d be interested!  Watch this space…

Tags: , , , , ,

Getting Started with Intune

Apr 21

Posted by Justin in Applications, Springboard, Technology Related, Troubleshooting, Windows 7, Windows General | Comments off

Earlier this week Microsoft announced a new program called Windows Intune:

intune logo

The concept behind it is simple…Management via the cloud – including licensing. Now, that simple sentence means a lot more under the hood.  Let’s take a look at what Intune is and what it has to offer.

Licensing

One of the more difficult things SME (small / medium enterprise) customers have is getting the right software licensing.  Intune helps address this by giving you a license to Windows 7 Enterprise and also includes in it the rights to Software Assurance. Right away you should be jumping up and down…Why?  Because SA includes MDOP, a small set of tools that have more bang for their buck than you know.  If you’ve not heard of MDOP before, check it out and if you’ve got SA, try and get your hands on it to learn more about it (you can also test the bits via MSDN and TechNet).

Interface/ux/ui

Ok, so we now know what the licensing is like, how does it work? As with more and more tools these days, Intune is a cloud based service.  Simply navigate to a URL and you’ve got your management console in one location.  The biggest benefits to this are Anywhere access and the lack of need for a complex back end infrastructure (you don’t need your own SQL server, you don’t need your own SCOM server, you don’t need your own…). So, you want to know what it looks like?

intune console

Simply login using your LiveID and away you go…More in to management with LiveID’s later…

It runs entirely on Silverlight so no need for ActiveX components of old (yay), which also means for those of you who prefer to use something other than Internet Explorer, yep, it works in Firefox (p.s. say hello to cookie monster there ;-) :

console firefox

What’s Included
software reporting

So, you now know about the licensing and the console, what is it that’s under the hood that Intune can do for you? First off, it does Inventory…For those of you familiar with MDOP you’ll recognise some of the screens to be similar to the AIS (Asset Inventory Service). It tells us the software title, publisher and a category as well as the count of computers it’s installed on:

intune software listing

Further, we can drill down on the software title and get more information on it if the software title offers it up to the agent/console.

licensing amalgamation

Wow, Microsoft teams are starting to collaborate (joke). No, really though, for years we’ve had eOpen, we’ve had tool B and then we’ve had the different licensing agreements from here there and everywhere…Well now with Intune, there is a licensing module that will bring all of that mess tidily (is that a word?) under one roof. Simply import a .csv file with the agreement and license numbers or if you don’t have that, manually add them and watch your licenses appear magically in the same console that manages the software (woo hoo!!):

intune licensing

software update management

As noted above, one of the biggest challenges for smaller organisations is infrastructure. To get the functionality of what Intune offers, you’d need SQL, SCOM, SCCM, WSUS and a full time position (benefits, health care, pension, vacation pay, agro)…Intune takes care of that and software management is no exception. With Intune you can manage software updates with a simple click, no need for the infrastructure and even better yet, no need for the disk storage to hold all of the potential updates!

intune updates

and again, as integration is key, simply click on any update to get further information about it:

update drilled down

You can also approve and decline updates on a one-by-one basis this way too (don’t worry you can globally manage multiple updates too).

reporting

So, all of the above is great (as an IT person) however what about the people in management who want pretty reports? Yep, Intune has those as well. Three basic categories:

  • Update reports
  • Software reports
  • License reports

As they allude to, the first one tells which machines (based on your filtering criteria) meet or don’t meet specifications of a certain classification, status or grouping.

The software report does what it says on the tin – reports on the software you’ve got installed. Again, filter on the publisher, category or specific computer groups/departments.

software reporting

And then the licensing reporting, the most critical to the number crunchers…Installation report and puchase report – again filtered against all agreements or selected agreements, depending on what is entered in to the licensing module (explained above).

Interaction

Ok, so there is loads included above but what determines how this information gets to Intune and how exactly does it get there? Well, similar to GPO’s, Intune has policies that are controlled by it’s agent. Simply download the x86 or x64 client from the administration area and install it (from what I can tell it embeds your Intune information in to the .msi installer). No questions, simply double click the installer, reboot and let a few more updates trickle down and presto, you’re Intune. All traffic to and from Intune is encrypted over an HTTPS tunnel to keep it secure, and once an agent checks in, it can, like GPO’s be assigned policies, when to update, what to include and what software/patches to send to the machine.

Further one cool thing is the agent allows the user to request remote control from the administrator over this SSL connection. They simply open their Intune agent locally (on the desktop by default) and click on Microsoft Easy Assist:

intune agent launch 

This triggers an email to whomever is set up in the console (in their language even), with detailed information about the remote control request and includes a link to directly remote control the user:

intune error

Summary

So, to wrap it all up, Intune is the remote system admin toolkit without the need for local infrastructure and expertise.  It gives you:

  • Windows 7 Enterprise Licensing
  • MDOP
  • Software Assurance
  • Inventory
  • Patch Management
  • Reporting
  • Remote Control
  • Monitoring & Alerting
  • Malware Protection
  • Licensing Control

…all in one simple location for one simple price.

Tags: , , , ,

T-180 and counting Heathrow (and that’s not a terminal or gate number)

Mar 12

Posted by Justin in Technology Related, Troubleshooting, Windows General | Comments off

So, travelling to Seattle today I got the joy of using London Heathrow’s new Terminal 5 for the first time.  Normally I fly with Virgin, so I’m usually flying from Gatwick or the posh terminal 3.  However today saw me seeing this:

DSCF1021 (1024x768) DSCF1022 (1024x768) DSCF1023 (1024x768)

I must say, two thumbs up to the architects.  Clean, airy, light, fancy.  However, beauty is only skin deep right?  Let’s look at the monitors:

DSCF1018 (1024x768)

Oh, well done.  Nothing on them but an XP task bar.  First off guys, you do know that XP support ends soon?

http://windowsteamblog.com/blogs/springboard/archive/2009/12/06/windows-2000-server-windows-2000-client-and-windows-xp-sp2-support-ends-july-2010.aspx

Good news is though, they didn’t reveal too much in the task bar.  There’s sound on these machines and one other small applet, but aside of that, there’s nothing revealing security wise like the folks in Las Vegas have.

http://www.227volts.com/?p=1373

What is more worrying though is that I think they need a System Management Package (have you guys heard of System Center), because it seems they knew about these problems, but had to record it manually.  What do I mean…Well, covert ops photos show us the following:

DSCF1027 (1024x768)

 DSCF1028 (1024x768)

See the bloke in the two photos above staring at the two “broken” monitors (revealing the XP task bar)?  Yep, he’s one of the IT guys at Heathrow doing asset control and what does he have?  You guessed it, pen and paper!

I guess looks can be deceiving.  Beautiful airport strung together with IT that is powered and audited by sneaker net.

Tags: , , , , ,

Like System Center/Centre? Like Drawing?

Jan 7

Posted by Justin in Applications, Technology Related, Windows General | Comments off

sccmbetalogo The System Centre team has developed some more fancy shmancy icons for us. This time it’s System Center Service Manager (SCSM) visio stencils:

http://blogs.technet.com/servicemanager/archive/2010/01/04/service-manager-shapes-visio-templates.aspx

You can either go over to their blog, read their post, or here, courtesy of them, is a direct link to the stencils :)

http://blogs.technet.com/servicemanager/attachment/3303593.ashx

Cheers guys!

Tags: , ,

Hot off the VPC press…SCE 2007 SP1

Mar 11

Posted by Justin in Technology Related, Windows General | Comments off

logo-header-sc-essentials-dg

For those of you in the SME market, if you’ve never had a look at System Center Essentials, you ought to, and what better time than now? 

What is SCE you ask?  Well, it’s a bit of SCOM and a bit of SCCM bundled up in a neat little package for those companies with less than 500 machines and 30 servers.  It was updated to SP1 to fix a few bugs, massively increase speed and just make things work better. It’s such a cool tool that Microsoft ship it with Essential Business Server 2008 now to help you manage the environment. 

At any rate, the point of this posting is to let you know not only is there a virtual on-line lab, but now Microsoft have produced a demo VHD you can download to give SCE 2007 SP1 your own test drive…Definitely cool and something you ought to consider if you manage a SME environment.

Tags: , , , ,

Stystem Center in a week!

Dec 11

Posted by Justin in Technology Related | Comments off

system-center-alone So, I’ve had a systems management backround for a while now and have worked in system management and it’s hard to ignore the momentum Microsoft System Center and its suite is gaining, so I figured I’d set myself a challenge…System Center in a week. Yup, try to learn the bulk of the products, how to install them and how they work – ALL in one week!

So far, I’ve done SCVMM 2008 (pretty cool and definitely useful) and I’ve also done SCDPM 2007 (not yet with SP1 though I’ve read a bit up on it). If you don’t have DPM installed in your environment and you use Windows Server – either 2003 or 2008 – I would definnitely suggest you try this software. Cheaper than BackUp Exec and much more friendly and works more streamlined and efficiently and effectively.

I digress, at any rate, time to learn SCOM and SCCM now…See ya later!

Tags: , , , ,