200 likes | 346 Views
Windows 2000 Consoles. The opera Environment & the Deployment of Operational Software. Windows 2000 Consoles. Set up of user opera Set up of Operational Consoles The Administration Software Deployment Java Web Start Deployment Circuit Deployment Requirements
E N D
Windows 2000 Consoles The opera Environment & the Deployment of Operational Software Eugenia Hatziangeli (SL/CO/AP)
Windows 2000 Consoles • Set up of user opera • Set up of Operational Consoles • The Administration • Software Deployment • Java Web Start • Deployment Circuit • Deployment Requirements • Launch of the Operational Applications • Security • The team • The work • Examples Eugenia Hatziangeli (SL/CO/AP)
Set up of user opera • Mandatory roaming profile: • Centrally based profile • local profile does not overwrite central profile • Limited privileges • No software installation privileges (Add/Remove) • Start/Run command disabled • Cannot edit local registry • All folders are online • Deny log-on on non-operational consoles Eugenia Hatziangeli (SL/CO/AP)
Set up of Operational Consoles • Only authorized users are allowed to log on operational consoles: • opera • biswop (+btexpert) • local administrators • Assigned software (Exceed, Mathematica, JaWS, JVM, …) is installed automatically after each reboot • Web page with Operational software is part of active desktop • Mount of operational SMB server hpdepot: • Access to Unix file system • SPS Zone consoles: • Automatic log off after 30 min. Eugenia Hatziangeli (SL/CO/AP)
The Administration 1/2 We have defined 2 security groups: • Control room users and computers: • PC0PCR01, PC0PCR02, PC0PCR03, PC0PCR06, C1MMCR • opera • Non-control room users and computers: • C1SBA1 (BA1 C.F) We have defined group policies, applied to individual groups: • Control room operations • Assign[obligatory]/publish[optional]/deny all necessary application • Installed at boot (m/c) or at login time (user) • Apply desktop settings • Apply security settings Eugenia Hatziangeli (SL/CO/AP)
The Administration 2/2 The reasons: • A new console needs only to be added to a corresponding group and it will receive all applications and resources needed, after a reboot. • Any change or addition in our policies will be send down to all our computers after a reboot. No manual intervention is necessary. • All is automatic. Eugenia Hatziangeli (SL/CO/AP)
Software Deployment “It is the process of systematically moving software applications or components from a central source to the target community of end-users.” Develop Developer End User Run Publish Distributor Install Distribute Eugenia Hatziangeli (SL/CO/AP)
Java Web Start • Java applications are deployed via Java Web Start (JaWS) • Automatic installation of any resource (Jar files, extension, native libraries, JREs) • Centralized management of different JRE version • Security feature: • Signed jars => signed applications • Permission tuning => Implement different levels of restricted execution environment • High startup performance • Applications run locally, but upgrade automatically if new version • Ease of use for developers and end-users • hpdepot provides access to Unix file system (data, configuration) • slwww is the operational web server for JaWS Eugenia Hatziangeli (SL/CO/AP)
Java Web Start - Benefits • No installation phase • Simply downloads and cache the application’s resources. • The user does not need to be prompted about install directories and the like. • Transparent update • It checks the currently cached resources against the versions hosted on the Web Server and transparently download newer versions. • Incremental update • It only needs to download the resources that have been changed when an application is updated. It reduces the amount of data that needs to be downloaded when upgrading to a new versions of an application. • Incremental download • No need to download an entire application before it is launched. Able to specify resources are needed before an application is launched (eager), and later (lazy). • Offline support • It can launch an application offline if a sufficient set of resources are cached locally. Eugenia Hatziangeli (SL/CO/AP)
Release tool Extract release from Razor Compile on OP platforms Install new version Publish public deliverables Deployment Circuit Razor repository PCROPS Operational distribution area (Jars, JNLP files) Development software PCROPS Operational software Web (slwww) http http Eugenia Hatziangeli (SL/CO/AP) W2K Operational console
Deployment Requirements Requirement for Java developers: • Applications should be published as a set of JAR files • A special Java Network Launch Protocol (JNLP) file has to be created(one for each application) • Examples and help available • All JARS files should be signed with our SL certificate • CERN SL certificate owned by pcrops • Certification tool & instruction available in pcrops • All applications should be published (released) on an operational HP-UX server (recommend: pcrsrv1 under user pcrops) • Examples and documentation on release available Eugenia Hatziangeli (SL/CO/AP)
Launch of the Operational Applications All available applications are launched via the PCR Operational Web Page Eugenia Hatziangeli (SL/CO/AP)
Security • All operational consoles are on the Controls network 128.142.#. • Machines outside CERN cannot access our PCs • No Internet access • Only authorized users can log in to Operational consoles • Deny log on for opera to non-operational consoles • Non SL authenticated applications will run in a restricted environment and resources • access to the local disk and the network is restricted for non-trusted applications • Change of password for operaon Unix and Windows Eugenia Hatziangeli (SL/CO/AP)
Work achieved Pass to the maintenance phase of the project Work ongoing User documentation: under preparation Integrate rest of consoles in our existing or new security groups C1W055, C1W064 (BA 180), C1W141 (BA 183), C1WT61 (BA 814) Allow access to slwww page to dev. Computer on 137.138.#.# via a password Maintenance/support of the users and computers security groups Done by: 1 SL/CO/AP Eugenia (+ student (Sebastian)) and 1 SL/OP (2x½ SL/OP Markus, Guy) Areas for further work Security implementation in the application server and device server The work Eugenia Hatziangeli (SL/CO/AP)
The team The Project Team SL/CO • Eugenia Hatziangeli • Sebastian Lopienski SL/OP • Markus Albert • Guy Crockford Collaborators • Ivan Deloose (IT/IS) Collaborators (support) • SL/CO/FE • SL/CO/WS Eugenia Hatziangeli (SL/CO/AP)
Launch of the Operational Applications – First Time Eugenia Hatziangeli (SL/CO/AP)
Launch of the Operational Applications – Repeated Launch Eugenia Hatziangeli (SL/CO/AP)
Launch of the Operational Applications – Error in Start up Eugenia Hatziangeli (SL/CO/AP)
Example of a JNLP file <?xml version="1.0" encoding="utf-8"?> <jnlp spec="1.0+" codebase="http://slwww/~pcrops/apps/" href="production/BISCoTO/JAVA/xpos/xpos.jnlp"> <information> <title>XPOS GUI</title> <vendor>CERN - SL/BI</vendor> <offline-allowed/> </information> <security> <all-permissions/> </security> <resources> <j2se version="1.3"/> <jar href="production/BISCoTO/JAVA/xpos/cern.bisw.xpos.jar"/> <jar href="biswop/uk.co.ist.mwt.jar"/> <jar href="biswop/jclass.jar"/> <jar href="biswop/cern.bisw.JavaSkel.jar"/> </resources> <application-desc main-class="cern.bisw.xpos.Xpos_panel_c"/> </jnlp> Eugenia Hatziangeli (SL/CO/AP)
Windows 2000 Consoles Thank you Live Demo Eugenia Hatziangeli (SL/CO/AP)