1 / 20

Managed Workstations: UW Nebula

Managed Workstations: UW Nebula. Brian Arkills Software Engineer, LDAP geek, AD guy, Chief Troublemaking Officer Windows HiEd Conference 2006. Goal and Philosophy. Goal: To provide easily-supported, reliable, secure, flexible, networked computing to end users

aspen-sanders
Download Presentation

Managed Workstations: UW Nebula

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managed Workstations: UW Nebula Brian Arkills Software Engineer, LDAP geek, AD guy, Chief Troublemaking Officer Windows HiEd Conference 2006

  2. Goal and Philosophy Goal: To provide easily-supported, reliable, secure, flexible, networked computing to end users Philosophy: Solve general problems, rather than specialized problems: “economy of scale.” Nebula isn’t for everyone

  3. Core Components • Support Infrastructure • Governance • Service Model Definitions • Software Distribution Mechanism • Patching Mechanism • Popular Application Service Offerings • Detailed Reporting • Tools and Infrastructure Glue

  4. Support Infrastructure • Support Groups (SGs) for Client Interactions • Experts at workstation support and people skills • Engineering Group for Escalation • Experts at tools, infrastructure glue, and troubleshooting non-simplistic problems

  5. Governance • A planning or governance group helps prevent a number of problems. • Membership: • Each Support Group has one member on Planning group • Engineering sends as many as needed • One additional Support Group member serves as a facilitator • Managers of each group can attend • Policy document (and exceptions)

  6. Service Model Definitions • Standardization=clarity=supportable expectations • Two general categories of models • Managed • Gold workstation • Kiosk • Managed servers • Loosely managed • Bronze workstation • Local servers • Loosely managed servers • Mac workstations

  7. Numbers • 1 SG member per 250 workstations • 1 engineer per 1000 workstations • 1 software package per week • 2800 computers in domain, 2200 users, 1200 groups; 1 sister domain • Cost: • $52/month:gold desktop (2055) • $58/month:gold laptop (329) • $26/month:bronze (135) Doesn’t include hardware, add ~$30/month for hardware • 4.53 terabytes of file storage, 2.95 terabytes in use

  8. Software Distribution • Nebula provides: • Core apps that everyone wants (office, email, calendaring, etc.) • Any app that more than 5 computers need and meets our definition for “packagable” • Part-time students create software packages • SG members: • sponsor each package • provide installation settings desired • ensure that adequate testing happens

  9. Patching Mechanism • Doesn’t matter what you use, as long as: • You have some kind of reporting for clients that haven’t gotten the patches • You have some kind of reporting for clients that haven’t been talking to your patch solution for awhile • Nebula uses WSUS with custom-written code that generates these reports • http://viewpoint.cac.washington.edu/blogs/wsus

  10. Application Service Offerings User need determines our offerings. We usually consume a service offering from central IT. • Stuff we consume: • Calendaring • Mailing lists • SQL hosting • BlackBerry • Stuff that we float just for Nebula: • File services with 2 week user-retrievable snapshots • Print services • Unix shell account • VPN

  11. Detailed Reporting • Reporting is as important as features • Focus is: • General info for troubleshooting Computer or user specific web-based queries with department awareness • Policy exceptions Email-based report that warns of problem • Security exceptions Email-based report that warns of problem and possible implications • All our code is available under an apache-style license

  12. Web-based Reports • Computer info query: Name, IP address, MAC, support group, test group, purchase date, dept, last user, chassis, model • Department summary: number per model, number per service, warranty end • Software package assignments • Up-to-the-minute patch status • Installed application query • Service and program classification query • AU configuration for all servers in domain • Oracle calendar usage reports • Billing reports

  13. Email-based Reports • Patching Status: Not Seen in 14 days • Bronze Missing Managedby • Missing or Unknown LAG members • Computers with remote management issues • Unused Nebula Accounts • Old OS

  14. Email-based Reports • Port scan • System Services • Missing Patches • Prohibited Programs • VirusScan DAT version

  15. Report Code Logic For each SG (Support Group) grabAllComputersUnder(SG)—sorted by dept For each computer • gatherComputerInfo • checkForException • addExceptionToReport mailExceptions(SG)

  16. Report: “adminCheck” • Checks LAG group of every computer for: • Expected: domain admins, SG admins (context specific), local admin • Prohibited: authenticated users, anonymous logon, domain users, everyone, unresolved sid, any principals outside domain • Uses winnt: provider. Syntax Example: "winnt://NEBULA2/domain admins“ • Adds/Removes members as needed

  17. Report: Prohibited Programs • Uses a DB to store: • List of installed programs per computer across all of nebula—this is the basis for a web report • List of permitted/prohibited programs per model and per computer and per computer group • Uses the registry to find installed programs • Reports evil and unknown on managed • Reports evil on unmanaged

  18. Tools and Infrastructure Glue • Calendaring service + AD + Unix requires “glue”: a DB to link them • Functionality add-ons: • UW white pages sync • dell warranty info harvesting • automatic wireless MAC registration

  19. The End Brian Arkills barkills@cac.washington.edu http://viewpoint.cac.washington.edu/blogs/winauth Author of LDAP Directories Explained

More Related