nt desktop project summary by huanghengdong


									         CDC North America
   Information Technology Group
Windows NT Managed Desktop Rollout
        Project Plan Summary

     Prepared by Darow Han and Devon Ramsundar
                    December, 1998
                                               CDC North America
                                             Information Technology
                                             Current Project Summary
                                         Windows NT Desktop Management

                                                      Darow Han

I.        Objective

       The objective of the Windows NT Desktop Management project is to establish a centrally managed standard
Windows NT desktop environment which delivers improved functionality and reliability to all CDC users while
reducing administration and support costs.

      Specific objectives include:

     Develop robust, locked-down desktop operating system build for all current and new PC’s
            Standard Build
            NT Server Based Policies and Profiles
            Effective use of NT and NTFS security

     Improve security and fault tolerance of desktop PC’s
            Move all user files to server
            Roaming Profiles
            NT Policies

     Develop centralized, automated, simplified model for managing desktop PC configurations
            Client side scripts
            Policies and Profiles
            Remote Management and Remote Control

     Establish procedure for remotely installing software applications using standard packaged configurations,
      including advance testing to verify proper installation and operation
             Application Packaging and Packaging templates for new and existing apps
             Logging of application specifics (files, reg. Entries, etc) to a database
             Rigorous testing on standard build prior to deployment
             Automated, Remote deployment (with rollback)

     Deploy tools for maintaining software and hardware inventory of desktop PC’s
            Desktop agent for remote monitoring and configuration

II.       Project Sponsors

     Ray Testa – ITG
     Drew Hiltz – ITG
     David Kadow – ITG

                                                        Page 2
III.    Background

        The current Windows NT Workstation desktop architecture at CDC North America lacks standardization
and suffers from poor documentation and inventory. Supporting this environment has become exceedingly cost-
intensive due to the spiraling complexity, quantity and variety of systems. Very little support can be done in a
remote, automated fashion, which results in the inefficient deployment of highly trained NT administrators to
troubleshoot problems in person. This manual support method often causes disruption and lost productivity to
desktop PC users in the middle of a workday. In addition, once solutions to common problems are found, deploying
the solution is extremely labor-intensive, requiring administrator visits and downtime at each user desk.

         A primary support challenge in the current environment includes the wide variation found in software,
hardware and operating system configurations. For instance, as most CDC users have been given local systems
administrator privileges, many of the security benefits built into Windows NT Workstation have been lost, allowing
users to install untested software, which may destabilize their environment. Harmful configuration changes can also
be made by users to their desktop environment. Several users apparently store data on their local hard drives. This
practice is risky because local PC data is not backed up, does not have the protection of fault tolerance, and may
cause system problems if disk capacity is exceeded. Additionally, the storage of NT user profiles on the local machine
complicates the recovery of a desktop computer in case of hardware failure.

         Studies done by the leading IT research organization, Gartner Group, displayed in the above graph, illustrate
that a bulk of the desktop computer “total cost of ownership” or TCO is composed of “soft costs” including end user
operations, and additional administrative and technical support. End user operations costs include lost productivity
caused by an unmanaged, non-locked down environment, which allows unauthorized software installations and
changes to system configuration. These actions also require additional administrative and technical support resources
to remediate resulting problems.

                                                       Page 3
IV.     Approach

          A prototype of the new standard Windows NT Workstation desktop has been in limited deployment to
production machines for over two months. This build includes significant improvements over legacy desktop
configurations, including a standard documented operating system configuration, management hooks, improved
reliability and performance, and a set of base universal applications, such as Netscape Communicator and
Hummingbird Exceed. However, this prototype requires additional upgrades, including Microsoft Office 97,
Windows NT Service Pack 4, and an improved NFS client, before it can be considered feature-complete. The initial
base build has proven to offer an acceptable level of stability, but the addition of these critical components will
require further testing.

         Software Packaging
         The entire set of custom and shrink-wrapped applications at CDC will be packaged by a standard software
packaging utility. These packages will be grouped into sets specific to particular departments or business units,
allowing new or upgraded desktop PC’s to be installed according to the user’s department. Replacement of failed
machines will also be simplified, as ITG will simply automatically recreate a PC with the appropriate departmental
profile. Manual steps will be greatly reduced from the current procedure, and server-based storage of all user
settings and data will allow a rapid recovery. Using a tool called Wise InstallManager, any application to be installed
on a user’s machine will be documented in advance to a database listing which systems files are required. This
method will significantly prevent various system problems which have occurred at CDC when deploying new
applications, by allowing ITG to rigorously test software installations in advance.

        Software Distribution
        Delivery of software packages to users’ desktop computers will be handled by a tool known as Tivoli IT
Director. This tool uses an advanced method of distribution which allows the full software configuration to be
delivered on a scheduled basis, for instance in the late evening or on weekends, to target computers without any
additional intervention from the user or help desk personnel. In cases where the user operates the latest Compaq
desktop PC, the Deskpro EN 350, software can even be installed if the PC has been turned off, using technology
which will “wake up” the inactive PC. The benefit of this approach is that the often intrusive, time-consuming and
error-prone method of having help desk personnel manually install software for the user is replaced with a faster,
safer and more efficient method. Pre-testing the software installation beforehand will prevent potentially distruptive
system conflicts which may have otherwise occurred. The Tivoli IT Director tool will also be used to manage desktop
hardware and software, allowing widespread software upgrades to be launched based on specifications of minimum
system requirements. IT Director also provides a useful feature in remote control, which allows help desk staff to
quickly respond to user support requests by taking full control of their desktop computer from a remote location.

         Pilot Deployment
         Once the base NT desktop image has been upgraded, initial test deployment will begin to the ITG
department. The testing will also include additional components to the upgraded user environment, including NT
system policies for registry standardization and lockdown, server-based user profiles for fault tolerance, and logon
scripts mapping common drive letters.

        Hardware Inventory
        A critical factor in completing migration to the managed NT desktop will be determining the number of
legacy PC’s which do not fulfill minimum hardware requirements established for proper installation and usage of the
image. This number relies on the results of the Tally Systems inventory of CDC completed in mid-November.

       Desktop Inventory
       A critical stage prior to full production deployment will be thorough data collection on each user’s desktop
environment, including any unique application settings, local data files, and hardware such as modems. Only a
complete pre-deployment data collection, signed by the user for accuracy, will insure a smooth transition to a new
desktop system.

                                                        Page 4
         Management Server
         In advance of desktop deployment, the Tivoli IT Director desktop management NT server must be built and
tested for proper operation, including tests of all critical components such as software distribution, remote control,
and inventory to be utilized in the CDC environment. In addition, the migration from the Novell Netware
application server to a dedicated NT application server, an intermediate solution prior to full migration to NFS, must
be completed. This will allow the removal of the Netware client software, IPX protocol, and aging Netware server,
which has become an administrative burden. In concert with the migration to the Microsoft Office 97 suite, existing
macros in Lotus 1-2-3 must be migrated to Excel 97. Training will be necessary for users migrating during this
process, in addition onsite and CBT-based training should be provided for all users in Microsoft Office 97 and
Outlook 98.

        Total Cost of Ownership
        Anticipated reduction in annualized desktop TCO is estimated to be between 15-20%, according to studies
completed by Gartner Group and Microsoft, using recommended best practices such as centralized network
management and desktop, remote control, standardized desktop, policy-based management and inventory. Applied
to the Windows NT Workstation environment, these best practices are to a large degree subsumed under Microsoft’s
own Zero Administration Windows initiative. Key components of the proposed CDC NT managed desktop are
functionally equivalent to Zero Administration Windows, including Office 97, system policies, logon scripts,
automated software distribution, scripting and a standard base OS build.

       A number of desktop machines at CDC will need to be replaced to properly support the standard base NT
OS image, which is required for full Y2K compliance, and future ability to handle Windows 2000/NT5, which
provides euro currency support. In addition, the minimum requirements reflect a combination of accepted industry
standards for optimal usage of NT Workstation 4.0 and specific demands of the CDC environment.

        The minimum hardware requirements are:

        CPU – Pentium II-266
        Memory – 64 MB RAM (128 MB for Compaq Deskpro EN 350 model)
        Hard Disk – 4 GB SCSI hard disk
        Controller – SCSI controller
        Network card – 10/100 mbps NIC

       According to the above graph published by Microsoft and the industry research group Interpose, the current
desktop computer environment at CDC could be characterized as “32-bit Windows loosely managed.” The
combination of NT desktop management initiatives being proposed is essentially equivalent to the “ZAK 32-bit

                                                       Page 5
Windows tightly managed,” and in fact the desktop initiative builds up several utilities and methodologies from
ZAK (Zero Administration Kit).
         Therefore, the estimated reduction in cost from moving from a loosely managed 32-bit environment to a
tightly managed 32-bit environment is approximately 20%. Reducing this figure to a much more conservative
estimate of 15% savings annually, we reach the following conclusions for CDC North America:

        Total number of NT desktop computer: 250 (approximate)
        Average annual total cost of ownership per PC (Gartner Group estimate): $10,000
        Estimated reduction in TCO from managed desktop solution: 15%

        Initial total cost of ownership = 250 * $10,000 = $2,500,000
        Reduced cost of ownership = 250 * $8,500 = $2,125,000

        Annual total savings = $2,500,000 - $2,125,000 = $375,000

                                                      Page 6
 Page 7
VI.         Cost Analysis

Item                          Units      Price   Ext.     Justification
Compaq Proliant 3000R         2          $3900   $7800    Scalable Compaq server-class
server                                                    machine, built with latest Pentium
                                                          II technology; parallel PCI
                                                          motherboard; rack mountable
Smart-2DH Array               2          $1800   $3600    High performance RAID controller
Controller                                                with 16 MB cache; excellent
                                                          reliability and compatibility with
                                                          Compaq Proliant line; allows online
                                                          configuration for added disks
Ultra Wide SCSI hard disk     6 for NT   $1094   $12000   Top performance hard disks,
                              app                         configured in RAID5 for maximum
                              srvr, 5                     fault tolerance; includes one hot-
                              for                         swappable disk (per array) for high
                              Tivoli                      availability
256 MB RAM                    2          $1352   $2704    Error correcting (ECC) RAM,
                                                          Compaq quality
Redundant power supply        2          $527    $1000    Fault tolerant component for power
for Proliant storage system                               supply, required to support 10K
                                                          RPM hard disks
Redundant power supply        2          $999    $2000    Fault tolerant component for power
for Compaq Proliant 3000R                                 supply, hot plug function insures
                                                          continued non-stop operation
Redundant fan                 2          $173    $350     Fault tolerant internal component

Wise InstallManager           1          $1200   $1200    Manages system dll’s for software
(upgrade option)                                          packages
Tivoli IT Director software   220 lic.           $32K
KeyVision NT Registry         1          $1500   $1500    For remote registry management
TOTAL                                            $64000

                                                     Page 8
VII.       Attachments

A.     Matrix of NT Desktop Management Software Solutions
B.     NT Desktop Management Architecture diagram
C.     Customer References for Tivoli IT Director
D.     Overall NT Desktop Rollout Project Detail (Microsoft Project)

                                                     Page 9
                                             Tivoli IT Director                                     Intel LANDesk                                Seagate Desktop Mgmt Suite
Clients supported           NT, Netware, Win95, Win 3.1, OS/2                      NT or Netware clients
Server                      SNMP support incl.
Database                    SQL Server, Access                                     SQL Server, Sybase, ODBC, Access                     SQL Server, Sybase, ODBC, Access
Minimum Hardware            Pentium Pro-200, 128 MB RAM                            Pentium II, 256 MB RAM
Server installation         Very easy                                              Rapid, easy
Agent installation method   Logon script                                           Logon script, requires reboot                        Can be run remotely
Software Distribution       Runs as service                                        Does not run as a service, requires user input; if   Does not offer good monitoring off jobs in
                                                                                   you manually uninstall app, must run a removal       progress
                                                                                   package to be able to reinstall pkg
Software Packaging          Can trigger off of Installshield config files; or do   Does NOT accept Winstall or SMS .pdf package         May force a silent reboot of remote PC without
                            custom installs from our info; or PDF files (from      files                                                alerting user
                            Microsoft), or from WinInstall; MS Project
                            template for software dist. already included
Remote control              Yes                                                    Yes
Inventory                   Limited, no DMI support yet                            Yes, including DMI support                           Inaccurate; very poor- no real integration with
                                                                                                                                        WinInstall, SMS integration at same level
Licensing                   No                                                     Yes                                                  Yes
Reporting                   None currently, must use Crystal Reports or                                                                 Yes
Other features              Server monitoring; can restart stopped svcs;
                            WakeOnLan support

Console                                                                            Right-click inconsistently supported
Software Distribution       excellent, works as service; reliable                  Packager is difficult to use, generates unnecess. User-based install requires creation of new
                                                                                   Error messages; non-intuitive; very slow          groups, can't use existing NT user groups
Remote control              slow, promise to improve                               Works fine, but no security; can configure for
                                                                                   user permission
Inventory                   limited for hardware
Licensing                   none currently
Security                    Has native security - second login required            Poor, no added security layer or granularity         Poor, install of client service requires clear-text
                                                                                                                                        NT admin password
Performance                 Poor, because of Java code                             Good
Documentation               Unknown                                                Good                                                 Poor
Support                                                                                                                                 Poor
Integration                 Planned support for Compaq Insight Manager             Unknown                                              Unknown
Server license              $9000 for one server, incl. 20 nodes
Client licenses             $10,000 per 100 nodes                                  $4000 per 100 nodes
Consulting fees             $3,000 for two days, incl. training                    N/A                                                  N/A
  Total Cost of Ownership                                                $40,000                                             $12,000

                                                                                                 Page 10
                                        McAfee Zero Administration                              Microsoft SMS 1.2
Clients supported
Server                       Appears to favor Netware
Database                     SQL Server, Access                                  SQL Server
Minimum Hardware
Server installation          Easy                                                Several steps required
Agent installation method    Does not require reboot                             Logon script
Software Distribution        Requires user to log in, jobs queue up
Software Packaging           Works with SMS, includes packaging component
Remote control               N/A
Inventory                    Very limited, only capures most popular apps
Licensing                    Yes                                                 Yes
Reporting                    Yes                                                 Yes
Other features

                             Very slow; Novell-centric; software distribution

Console                      Easy to use
Software Distribution                                                            works as service, but slow, difficult to set up
Remote control               Must be purchased separately                        quite fast with SP4
Security                     No                                                  Good - SQL based security
Documentation                Average                                             Average, good online resources
Support                      Very limited on-line                                Poor, requires MS support
Integration                  Unknown                                             Strong integration with Compaq Insight Manager

Server license                                                                   $700/SMS Server, $800 For SQL Server
Client licenses              $50/node                                            $55/node
Consulting fees              N/A                                                 N/A
  Total Cost of Ownership                                              $15,000                                              $18,000
               (300 nodes)

                                                                                                Page 11
                                    Architectural Overview
                                 Managed Windows NT Desktop
                                     CDC North America

                                                                      Server-based User Profiles

                                User Environment
                                                             NT System Policies - for O/S and application

                                                          NT Logon Scripts - Common drive letter mappings

 User-specific applications                               Windows Scripting Host (VBScript, JavaScript) and
                                                                   Perl for Win32 - for scripting

   Department-specific                                      Automatic Software Distribution - packaged, pre-
applications (dept. profiles)                            tested, deployed on initial builds based on department

Global applications (included                                 Tivoli IT Director Agent - supports software
       in base image)             Applications                 distribution, PC inventory, remote control

                                                                          NTP Time Service

                                                            Compaq Desktop Insight Agent - hardware level
                                                               desktop management and monitoring

                                                         SNMP - supports Compaq Insight Agent and SNMP-
                                                                       based management

                                                              Base Build - Windows NT Workstation 4.0,
                                                                  Service Pack 4 (Y2K Compliant)
                                                              Locked down desktop and local hard disk
                                                                         Base Applications *

                                                            Base Hardware: Two supported configurations
                                                           1. Pentium II-266, 64 MB RAM (subj. to change)
                                                           2. Pentium II-350, 96 MB RAM (subj. to change)
                                                                         4 GB SCSI hard disk
                                   Hardware                                   10/100 NIC
                                                                     Matrox or ATI Rage SVGA

                                                             * Microsoft Office 97, Outlook 98, Netscape Communicator
                                                             4.06, NFS client, Hummingbird Exceed, Adobe Acrobat

                                               Page 12
                                       Customer Reference #1 for Tivoli IT Director

Name: Jessica Lauman
Job Title: Network Administrator
Company: Criton Corp.
Phone Number: (619)715-7233

Number of users and PC’s: 120, dispersed between four sites globally

Server configuration: Pentium 133

Desktop configuration: Windows NT Workstation 4.0

Product used for how long: Several months

What used for: Primarily for software distribution and remote control; planning to implement remote monitoring; with
software packaging, used template for Lotus Notes, InstallShield file for McAfee VirusScan, and Custom editor for
McAfee .DAT signature files

Experience with reseller: Excellent, very helpful and knowledgeable; forwarded problems reported with Java to Tivoli;
acts as advocate for client to vendor; does testing himself

Pros: Like software distribution and remote control; inventory useful

Cons: Sometimes service on IT Director server hangs with Java error

                                                         Page 13
                                       Customer Reference #2 for Tivoli IT Director

Name: Mike Markowitz
Job Title: Network Administrator
Company: Central Freight Line
Phone Number: 254-741-5327

Number of users and PC’s: 450 users in current deployment, increasing to 650 in next phase, distributed at 70 geographic
sites, mostly over 56K WAN links

Server configuration: Single NT server

Desktop configuration: Windows 95

Product used for how long: Several months

What used for: Limited software distribution jobs, remote control, inventory

Experience with reseller: Positive, helpful

Pros: Has generally met expectations; any problems with software distribution jobs were generally not related to IT
Director product, but to network or desktop PC load issues; Tivoli has been responsive to feedback

Cons: Inventory of software has required manual definition in several cases; problems deemed to be primarily Novell-
related; remote control performance could be better

                                                         Page 14

To top