90 likes | 251 Views
Mobile Device Management. Central Management of Wintel Laptop Software and Hardware in a Secure Environment. Background. Desktop Systems Council Upgraded infrastructure systems increased flexibility offered potential for more efficient managed support using fewer resources
E N D
Mobile Device Management Central Management of Wintel Laptop Software and Hardware in a Secure Environment
Background • Desktop Systems Council • Upgraded infrastructure systems increased flexibility offered potential for more efficient managed support using fewer resources • Software Deployment Strategies Evaluation Project • Departments became vocal about their specific business needs for mobile computing
Historical Issues Including Laptops in a Managed Environment • Current Managed Environment’s Deployments & Backups Evening/Night/Weekend Schedules • Application Upgrade/Patches Software Distribution (SMS & GPO) • MS Critical Updates (WSUS) • Incremental backups (TSM) • Systems objects for Bare Metal Restore (TSM) • Laptops Availability • Software Deployments and Backups • Conferences, workshops, leaves, sabbaticals, etc. • Wireless Issues • Backing up and deploying software over wireless not ideal • VPN Server connection contention
Project Evaluations • Hardware Requirement • Application Upgrade/Patch Solutions Current and Future Models • TSM Backup Solution • VPN Contention • Local Administrator Password Management
DeSC Local Administrator Password Management Background • LAPM System and DeSC Clients • Access to LAPM Web Application • Quarterly Password Update • Out of Office Laptops • Best Practices Guidelines
Laptop Best Practices Guidelines • Laptop models proposed by the DeSC Hardware Sub-committee and approved by the Desktop Systems Council are the only notebooks allowed in the DeSC environment. The Dell Latitude D610 and D620 are currently the only authorized models. • It is against DeSC policy for users of DeSC machines to have access to local administrator privileges on a DeSC machine • The laptop will be the user’s primary machine • User would need to have slightly higher understanding of computers and be more conscientious then the average user, willing to be responsible for and aware of their role in ensuring their laptop is available to the network for maintenance on a daily basis. • For large GPO updates (Dreamweaver, Photoshop, etc) SFI laptop users on a 10mps network connection will receive notification one week before, along with the rest of users of DeSC machines, and an additional reminder on the day of the evening of a push. DeSC will request that the user leave their laptop in the office plugged in so that their laptop will received the distribution during the evening hours. • To reduce contention for the limited VPN server connections, the Council crafted a “Best Practices Guidelines for DeSC Laptop Network Use” document for when users are at their desk. Some of these “best practices” are: • The Ethernet cable will be utilize for network connectivity whenever the user is at their desk. • Port Replicator are a strongly recommended option. • TSM server will be restricted from accessing Dormnet wireless subnets • A laptop account will be moved out of the DeSC environment and to the user’s department container after thirty (30) consecutive days of not contacting the SMS server unless an exemption has been received by and approved by the DeSC Security Sub-Committee. • If an employee, with a laptop which has been removed from DeSC, is away and needs the local administrator password, the SCAD/DCS member should request a department LAPM DeSC password change from DeSC or OIT Software Support and after all of their DeSC machines’ local admin passwords have updated give the previous password to user. • A laptop joining DeSC for any reason will require a re-image with the DeSC image to maintain the integrity and security of the DeSC environment. • DeSC mandates a data protection solution in case of loss or theft of a laptop participating in DeSC. • Users and departments requesting a “Laptop in DeSC” must demonstrate that the user requires access to university applications and has a business need for mobile computing
Outstanding Issues/Evaluations • Tool to automate disabling/enabling of wireless NIC. • Managing Lost or Stolen Laptops • “LoJack” service & Hard disk wipe • Encryption of data on hard drive • Vendor Evaluations • Data Protection and Asset Location Services • Smart Card Solutions
Proposed Timeline • December 2006-March 2007 • Formal Pilot for “Wintel Laptops in DeSC” • Spring 2007 • Dell Latitude D620 replacement model • Late Spring 2007 • DeSC Approve Windows Laptops models inclusion in DeSC managed environment • January 2008 • Vista Migration commences in DeSC managed environment
Questions Charlayne Beavers Princeton University cbeavers@princeton.edu (609) 258-6034