Post on 30-Dec-2015
Installing and Supporting IDX Flowcast™ Web DesktopsAlan Beckwith and Pete Chunis, Flowcast Development
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.2
No-touch Deployment
• IDX Flowcast™ goal is no-touch deployment for user
workstations End user should be able to start using IDX Flowcast™ Web Baseline
and Advanced Web without doing anything outside their daily routine
Vendor should support multiple methods to meet this goal
• Early web applications collided with tidal wave of
desktop security concerns
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.3
Secure Desktop
• Windows 2000 and Windows XP Pro offer robust
security to prevent unauthorized modification of the
desktop environment.
• Desktops configured so end-users cannot install
software are “locked-down”
• Not possible with Windows 98 or Me
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.4
IDX Flowcast™ Technology
IDX Flowcast™ uses ActiveX controls on the desktop
• ActiveX controls provide advanced features Pure server-based applications have scaling issues
Compiled functions deployed to workstation for scalability
Distributed communications – workstation to Cache server
• ActiveX control is a DLL wrapped nicely Downloaded from web server in .cab package
Uses Windows Registry to manage access and control
Internet Explorer invokes after download
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.5
The Challenge
Locked-Down desktop provides a challenge Users without local Administrative Privileges cannot
update registered components even when downloaded
from server
When an organization determines how to manage their
desktops other products and network design must be
considered
Decisions made at enterprise rather than product level
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.6
Additional Challenges
• User desktops frequently managed by different groups within
your organization Different people, application mix, policies, and tools
Desktop Support may not be as close to IDX Flowcast™ Services
Different PC images make testing difficult
IDX Flowcast™ used differently among groups
• Scale of deployment can be very large
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.7
Ongoing Change
All the pieces are undergoing rapid change Windows: security fixes, new features
IDX Flowcast™ new features
• Task Manager
• Web integration
We must manage the changes!
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.8
Solutions
• Push technology Mature tools to deliver components
Familiar to those supporting other Windows apps
• Microsoft Active Directory Microsoft’s strategic offering for desktop management
Server 2003 is much improved over AD 2000
recommended by IDX®
IDX® recommends AD and supports both solutions
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.9
Active Directory (AD)
Active
Directory
Server
System Manager defines Group Policies to determine components and settings for a machine/group
• Server and desktop negotiate missing pieces during AD login - then download and install
• Update packages delivered as .MSI files
• Works well with Win 2000 and Win XP
• Microsoft recommended/supported solution
• Support for .NET components
• Designed to work when desktop is locked down
Update Package(s)
with MSI files
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.10
Push
IDX Flowcast™ client is standard, well-behaved Windows application
Sneakernet NT Login scripts – coarse control via domain
login End user must be able to install applications – local Admin
rights
3rd party push tools Many alternatives ZENworks, LANDesk, SMS, Altiris, etc. Various levels of integration and control
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.11
Push Technology
Push Server
• Requires privileged client
• Push occurs after OS boot - installation may require another restart
• “Snapshot”: Packages can be built on a prototype desktop, changes captured and just the delta pushed to end users (several Push tools support this)
• Works best when all desktops are similar
• Oriented towards files - not settings (IE)
• Relies on 3rd party tools
Prototype
Desktop
Update Kit
Change Package
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.12
Desktop Updates
.msi files: use with Active Directory Delivered to IDX Web Framework server \WebClientFiles Normally copied to your Active Directory controller See step-by-step document to use these files with AD
Desktop Components install kit: to be pushed Install kit can be Installed or UnInstalled non-interactively using
command-line switches; see Readme for more information Snapshots possible just as with any Windows application Use with your preferred Push tool
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.13
Desktop Management
Presume locked down desktops IDX Flowcast™ will help you manage your end-user
workstations by providing several solutions Kits include all components requiring local administrative
privileges for install – excluding OS components
AD design anticipates your needs Designed to support large numbers of desktops over widely
distributed networks Designed-in robustness, scalability and fault-tolerance Flexible to support varied network topologies
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.14
Release Management
IDX Flowcast™ policy is to preserve backwards compatibility of new client whenever possible
We inform customers of compatibility issues with any release Major changes such as recent Microsoft JVM issue may
prevent compatibility
What if desktop with old components connects to an updated server?
Login triggers new component download; if download/install not allowed IDX Flowcast™ does not start
Data lives on Cache database server – cannot be touched
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.15
Upgrades
IDX Flowcast™ upgrades Built on new versions of enabling tools – IDX Web
Framework extensive project planning All deliverables available upon General Release
Integrated customers IDX Flowcast™, Imagecast™, Carecast™, Allscripts
coordinating product releases to minimize impact on joint customers
Additional coordination still required during upgrade projects
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.16
Terminal Services/Citrix
IDX Flowcast™ customers use Terminal Services for some or all their users
With Citrix Metaframe in many cases
Concerns One version of installed applications on any server Cached content must be reloaded if purged roaming profiles across multiple TS servers ref: MS KB
243535
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.17
Managing IE Security
Internet Explorer zones offer levels of security IDX Flowcast™ designed to default settings in Trusted
sites zone “Trusted Sites” zone allows different security for IDX Flowcast™ than
for your vanilla Local intranet or Internet zones
Each end-user PC must be configured correctly Active Directory policies Internet Explorer Administration Kit - IEAK
Browser security document included with Desktop install kit
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.18
Fully Qualified DNS names
For example liveserver.bigu.edu Provides unambiguous name resolution across enterprise Some load balancers have required Fully Qualified names If DNS is not working, fix DNS, or Use IP addresses – NOT simple names
Most important when network is not homogeneous Inpatient/Outpatient Remote locations Work-at-home staff
url for end users to access web serverWeb Framework: System Connections define path
desktops see to Cache and gateway servers
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.19
Trusted Sites Zone
Explicit list of addresses FQ, Simple, and IP names must ALL be listed if used, e.g. liveweb.bigu.edu, liveweb, 10.18.11.155 testweb.bigu.edu, testweb, 10.18.11.165 Interaction with .Net CLR configuration
Each Profile on desktop must be configured
Security may be fine-tuned
Managed by policies, IEAK, registry settings
Local intranet and Internet zones available for other campus-wide uses
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.20
Flowcast™ Support
Contact IDX Flowcast™ Support for the latest on using IDX® products with Microsoft hotfixes
More coming to Knowledge Center, Customer Web IDX® product groups test patches Monthly MS Security bulletins
You must decide which patches to deploy and when, based on your own security vulnerabilities
Test first!
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.21
Install Kit Contents
Desktop Components Installation Kit Includes IDX Web Framework, Flowcast™ Web
Baseline, Advanced Web, ETM and EDM applications Microsoft CLR (.NET) 1.1, SP1 NOT included
required for Framework Administrators with 3.0 and
ALL users with .Net Advanced Web and with 4.0 Sun Java Runtime Environment - EDM users only Detailed list of files and versions included Designed to be driven non-interactively: Install and
UnInstall VBscript exposes everything
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.22
References
IDX® supplied documents
Desktop Components Install kit folder Desktop Components Readme.htm Using Active Directory to Install IDX client-side
application components Browser Security
Flowcast™ Knowledge Center Microsoft Windows Patch Test Standard Patches tested and approved (coming)
describes any known issues
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.23
References – Third Party
Microsoft - Active Directory / Group Policieshttp://www.microsoft.com/technet/prodtechnol/ad/default.asp
3rd Party Tools - preparing Push Technologyhttp://www.novell.com/products/zenworks/
http://www.microsoft.com/smsmgmt/
http://www.altiris.com/products/clientmgmt
5 August 2005Copyright ©2005 IDX Systems Corporation. CONFIDENTIAL AND PROPRIETARY PROPERTY OF IDX. USE AND DISTRIBUTION REQUIRES PERMISSION OF IDX.24
Web Desktop Management