Windows Desktop Deployment Service (DDS) 1.1 at LANL Mark Wingard Departmental Computing Services...

Windows Desktop Deployment Service (DDS) 1.1 at LANL

Mark Wingard

Departmental Computing Services

Los AlamosLA-UR 09-03038

DCS-1


AgendaDCS-1


• Purpose of DDS

• DDS background

• Image configuration

• Challenges• Future

Purpose of DDSDCS-1


• Automate Windows installations

• Ensure desktop meets security compliance requirements

• Provide a consistent Windows desktop configuration on the unclassified network

• Meet the needs of field support techs

Microsoft DeploymentDCS-1


• Microsoft Deployment Toolkit Free download from Microsoft Customizable Scripts and best practices Network based

‒ Images, scripts, drivers, applications Windows Automated Installation Kit

‒ WinPE, Sysprep, ImageX Lite Touch boots from CD Zero Touch integrated with SMS/SCCM

‒ DDS uses Lite Touch

DDS HistoryDCS-1


• Fall 2007 – Beta 1 using BDD 2007 Only static IP addresses supported No ability to add additional applications New ISO/CD required when any changes were made Support for handful of Dell workstations

• NLIT 2008 - Beta 2 using MDT 2008 DHCP via firewall/routers Support for additional applications Support for “Refresh” option More Dell workstations added

DDS History Cont’DCS-1


• Fall 2008 - Production version 1.0 XP SP2 configured to NIST 800-68 Up to 16 applications available More Dell workstations and VMWare added

• Spring 2009 – Version 1.1 XP SP3 Office 2007 replaces Office 2003 on OS w/ Apps Added support for laptops and some HP models Application versions upgraded

Development ProcessDCS-1


• ½ FTE during Beta development 1 ¼ FTEs currently

• Change Control Board Official mechanism for changes to central services

Each field team gets one vote - DDS configurations vetted• Information Architecture Team

Sets standards for applications and configurations Initially voluntarily, slowly becoming mandatory Working on Default Configuration

• E-mail list for DDS questions & requests Field techs can make requests Questions guide changes

• Rigorous Testing Development server Performance, functionality and compatibility tests

ImagesDCS-1


• 2 Flavors of XP SP3 Plain OS OS with Applications

• Universal Settings: STOW-XP - NIST 800-68 settings minus LANL specific

changes Administrator autologon w/ blank password Latest patches Pre-installed utilities:

‒ SMS 2003 client and Toolkit‒ Windows Defender 1.1.1593.0‒ Windows Media Player 11‒ Cisco IPTV 3.5.1.5‒ Adobe Flash Player 10.0.22.87‒ Internet Explorer 7‒ ESD Net Installer 2.0

Images Cont’DCS-1


• Folder on Administrator’s desktop with installers Tivoli client (backups) Cisco VPN client QWS 3270 WS-FTP BC WipeVB script to rename and disable the built-in Administrator and Guest accounts

Images Cont’DCS-1


• OS with Applications image Universal Settings plus:

‒ Microsoft Office 2007 w/ SP1‒ Adobe Acrobat Standard 9.1‒ Citrix ICA client 10.1.5

• Symantec AntiVirus Client 10.1.6 set to install automatically on either image

Soon to be replaced w/ Symantec Endpoint Protection

Optional ApplicationsDCS-1


• Adobe Acrobat Standard 9.1 (pre-installed on OS w/ Applications)

• MS Office 2007 Pro w/ SP1 (pre-installed on OS w/ Applications)• Citrix ICA Viewer 10.1.5 (pre-installed on OS w/ Applications)• MS Office 2003 Pro w/ SP3 and the Office 2007 Compatibility

Pack• Firefox 3.0.10• Thunderbird 2.0.0.16• HyperSnap 6.31.01• MeetingMaker 8.6.2• Oracle JInitiator 1.3.1.25• WinZip 11.0

Task SequencesDCS-1


• New Computer Wipes computer clean and installs XP

o Formats and partitions hard drive via Diskpart

• Existing Computer Used to replace Windows on an existing computer

while retaining the user’s settings and data Does not format or partition hard drive

System RequirementsDCS-1


• Memory - 512 MB minimum• Hard disk - no size limitations

New Computer:‒ Partitioned into a single, C: partition with NTFS

• Supported Dell Models OptiPlex 745, 755, 760, GX260, GX270, GX280, GX620 Precision WorkStation 360, 380, 650, 670, T5400 Latitude laptops D600, D610, D800, D810, D830, E6500, E4200

• Supported HP Models Workstations XW4300 and DC7900 NW8440 Laptop

• Other makes/models may also work, but not yet tested• New models added as drivers are acquired

DDS ChallengesDCS-1


• Education Techs confused

‒ Installing same applications from menu on top of OS w/ Applications image

‒ Not using Refresh option

Hands-on Training Class in development

Visits to field teams for QA sessions

Web site w/ step-by-step instructions‒ (Requires reading)

DDS Challenges Cont’DCS-1


• Competition Standalone BartPE image developed by field support

‒ Not tested‒ Not secured to FDCC standards‒ Takes twice as long to deploy as DDS‒ Loaded w/ extra applications‒ Patches not current‒ 2000+ installations to date vs. 700+ for DDS

o Management has not mandated DDS

DDS Technical ChallengesDCS-1


• Drivers Manufacturers constantly changing hardware Driver packages inconsistent New models released without notification

• Applications Some are not network/automation-friendly Constant upgrades MDT Lite Touch menus not very flexible

• USMT (User State Migration Tool) Techs don’t understand options No standards for where users store data Can be slow depending on amount of data

• Testing on New Models No budget for continually buying the latest hardware New purchasing restrictions may help limit models

Future ChallengesDCS-1


• Integrating with SCCM Lite Touch fits LANL’s decentralized support model Still need to upgrade to SCCM

• PXE Boot capability No DHCP in place at LANL

• Getting Management Support Multiple installation methodologies promote desktop chaos Central deployment solution meets accreditation requirements

• What will the next OS be? Vista still in Information Architecture “do not use” category Will Windows 7 come soon enough?

• Resource limitations Hiring freeze Constant stream of ‘crises du jour’

QuestionsDCS-1


Windows Desktop Deployment Service (DDS) 1.1 at LANL Mark Wingard Departmental Computing Services...

Documents

Transcript of Windows Desktop Deployment Service (DDS) 1.1 at LANL Mark Wingard Departmental Computing Services...