Life After Novell

Based on the Ramblings of:Mark KnaackBranch ISD

(Ghost Written By Aaron Cummings)

History

• Started using Novell in the 3.X days (1994)• We used a large part of Novell’s Services– Netware– GroupWise– Zenworks– BorderManager– Suse Linux

• My Head Start Server has not been rebooted in over 1100 days!

The Decision Process: OES Linux vs. M$

• Either way you will be switching, and both changes require a rip and tear

• We documented Services and did a full evaluation of both solutions for our environment.

• Originally we decided to stick with Novell Suse. (Remember my presentation at MAEDS last year, Sorry about that, my bad!)

Why did we finally change?

• Limited Labor Market– We lost a Technician, he was stolen by a Hospital that plans to

stay with Novell• Always playing catch up with new desktop releases

– How long did it take to get a stable Vista/7 client?• Limited support for 3rd party hardware, applications etc.

– If one more software company asks me what a NLM is I think I will weep

• EES Pricing (more on that later)• The Sell Off (Out!) although this happened after we

made our decision

The Punch List of Services• Directory Services, LDAP, Authentication• File Shares• Managed Printing -iPrint• Email with Workgroup Capability - Groupwise• Workstation Management - Zen• Remote Support and Spying - Zen• Remote Access - Netstorage• Imaging - Zen• Windows 7 and Beyond (Client Support both Desktop and Zen)• Web Hosting – Apache and FTP sites• Scan to Email, Disk• If it’s not mentioned here I probably already moved it to Windows or

Suse

The Directories: NDS vs. AD

• This was easy, they are both just proprietary versions of LDAP. Authentication is Authentication

• NDS is a true tree– You can have 2 things with the same name in

different folders (organizational units)• AD is still flat. – We made an issue of this, it wasn’t.– Ou’s in AD are groups without security rights

More on Directories

• AD=NDS– Password policies– Workstation Restrictions– Time Restrictions

• AD < NDS– Restrict to Single login

• AD>NDS– No more blank stares when I ask a vendor to integrate

with me.• One did slap me once until I explained further!

File Shares

• File Sharing in Microsoft is way more complicated than it needs to be– Step 1 Create Share– Step 2 Assign Share Rights– Step 3 Create Folders– Step 4 Assign Folder Rights– Step 5 Pray!

• We truly had to work hard at getting this simple process working how we wanted– A class may have helped!!!!

More on File Shares

• Volume space limits work• No Salvage, Microsoft has Shadow copy but it

is different (I miss this!)• Bonus, restrict files by type– Sounds great on paper but we have found limited

uses, we prune backups instead.• Redirected Folders– Desktop, favorites follow the user!• Also makes reimaging easier

Network Printing

• We have always managed our printers –iPrint• Process is the same– Create the printer– Find the 32 and 64 bit drivers– Decide who gets it– Push it out

• Where it can get ugly– Frozen Machines

• Novell pushes printers after login completes -Zippy• Microsoft holds the desktop until all policies finish. (2 minute

logins)

Workstation Management

• Policies Rock!– No Zen client needed– No Zen Server needed (repurposed as a FOG

server)• We plan to phase out Deep Freeze using

policies– Restricted users– Volatile profiles– Mandatory Profiles

Remote Support and Spying

• We have 350 staff in 19 locations, remote support is critical

• We also used this with students, for support and disciplinary reasons

• There are some Microsoft solutions but we elected to go 3rd party – Screen connect.com– No directory needed– Cross platform– Cheap– Come see my Lightening Round!

Remote Access

• We loved NetStorage– We have a locked building policy so teachers have

no network access after hours.• We are using File Synchronization for staff

with laptops– This is a little buggy

• We are planning on implementing Direct Access this winter– Silent VPN to mapped drives!

Imaging

• Imaging Win 7 is closer to a scripted install if you do it correctly– By correctly I mean how Microsoft wants you to do it

• Windows Deployment Services– Truly a scripted install with add on images– This is the Holy Grail if you can figure it out!

• FOG– Must import a machine before you can image it

• Same in WDS, we just didn’t need to do this with Zen• A good naming convention is essential

– Very Fast – We can image a machine in about 10 minutes (20Gb image on a 1Gb link) YMMV• 20 minutes total with FOG renaming the workstation and joining it to the

domain

But, How do I….

– Remember the promise (NWAdmin, ConsoleOne, Imanager) will be the only tool you need!

– Microsoft Management Console• Users and Computers• Print Management• DCHP and DNS• Group Policy• IIS Web Manager

– For us old school guys we get PowerShell– We did purchase a 3rd party tool for Mass Creation

• AD Bulk Users by Dovestone• We did with Novell as well

But how do you….

• For security reasons I am a User on the network.– A domain admin should never log into a workstation in my

opinion.

• We do all administrative tasks on the server via Remote Desktop– Remote Desktop Connection Manager make this simple– Remote Desktop for iPad, android etc….– Also nice when helping an end-user, no log on/off of the user,

just RDP the server– The servers do not have Internet on them beyond patching,

once we get a WSUS working again internet will go completely away

Email

When we did have network problems (both times) the phone call would begin with “I can’t get my GroupWise”*GroupWise was the Killer App for most of our employees!• GroupWise vs Gmail vs Live@Edu– Feature by Feature comparison Live@edu with

Outlook 2010 won hands down!– That said it is not a full Google Docs solution.

How we did it

• We built a Parallel Network and tested (3 times)• We rolled Email first during school to Outlook Web

– Mainly because Outlook and GroupWise do not share a workstation well

• We rolled Buildings every 2 or 3 days during the summer (5 buildings total)– Day 1 re-image working staff– Day 2,3 etc Reimage the rest of building and assist staff that rolled

on day 1• 2 Guys, 500 Desktops, 250 Staff, No Overtime, No Network

Downtime– No vacations either

Costs 5 year cycle

Item Cost over 5 Years

SLA Licensing @ $2.50 per student

$13,700

Office (500 Machines @ $50) $25,000

5 Year Totals $38,700

• Stuck with old or mixed versions of:– Office– Windows

• No Guarantee where Novell will be in 1,3,5 years

Small LEA using SLA and REMC* 1100 Students, 100 Staff, 500 Desktops

EES over 5 years

Small LEA using EES through REMCItem Cost over 5 Years

EES pricing at $43.60 per Staff Member

$21,840

• Includes latest or mixed versions:• Desktop• Office• Server and Cal’s

• Potential additional Savings: Purchase home version of windows on 500 workstations, Save $25 X 500 = $12,500. Reduces cost to $9,340

Questions

The discussion will continue in the Hospitality Suite later this evening!!!