IST346: Workstations

Slide 1

IST346: Workstations

AgendaLook at the computer from the administration viewpoint.Discuss common workstation operating systemsDiscuss computer workstations, their role in organizations, and strategies for their administration.

Workstations

Do you own a computer?How long did it take you to install all the stuff you need on it?Did you do it yourself or did someone else assist you?Do you backup your data?If you lost your hard disk right now, how long would it take to get everything back?This slide helps the student understand the issues and impact of information technology (IT) administration.

It is one thing to be responsible for your own IT, it is entirely different when you need to consider a large scale of users.4Now imagine being responsible for these computers.

What is a workstation?A workstation is a computer dedicated to a single customers work.Typically a notebook or desktop computerComponents of a workstation:Workstation configuration Per End User rolesTask worker Use IT to perform their job specific job function. Easy to manage in numbers of users, since the IT role is well defined.Eg. Call centers operators , insurance claims, accounting clerksKnowledge worker Use IT to create knowledge and solve problemsChallenging to manage in quantity users since each user has unique needs. Eg. College professors, business analysts, systems administrators The configuration of the workstation is dependent on the role of the end user.The effort associated with supporting workstations depends on the number of different roles as opposed to the quantity of actual users

Task workers are easier to support than knowledge work7IT Economics: Workstation Lifecycle MgmtGoal: How do you budget adequately for workstations?#1 Project how long the workstation will last?3 years? 4 years? 6 years?#2 Calculate the direct costs of the workstation #3 Annual budget = #2 divided by #1

Example: A Computer lab workstation Costs $2000 in hardware & software and has a useful expectancy of 4 years. You should budget $2000/4 = $500/year.Evards Cycle (for Workstation configs)NewCleanOffConfiguredUnknownBuildRebuildUpdateInit.RetireRetireEntropyDebugNew new machineClean new machine with OS and applications installed, but no localizations.Configured machine it tailored for use and operational environmentUnknown computer is micsconfigured, has malware, or is out of dateOff computer is retired.9Workstation management is difficult. Hence, our sponsor of the week

The Microsoft for the next decade.

Approaches to Building workstationsManualMost error prone and time consuming methodDocumented manual processes are less error prone, but still time consumingUnattendedAutomating the manual processWindows: Unattended / Group Policy, Linux Kickstart / yum.CloningDuplicating the disk of a clean computerSome automation required to get to configured state.Eg. Ghost, Acronis, Clonezilla

Building a workstation means loading the operating system, applications, initial customizations12Techniques to minimize entropyReactive approaches:Anti virus / Anti Malware software Desktop firewallsUndo software: deepfreeze, steady stateProactive approaches:Apply automate changes, updates and patches using the one some - many approachPrinciple of least privilege give the user only enough access to operate the system, not change it.A combination of all of these approaches is the best method.The Harsh Reality of Least PrivilegeThe more rights the user has to the workstation, the more quickly the system will suffer entropy.Users who are not Administrators or root cannot install software and change many of the system-wide configurations. This greatly helps reduce inadvertent changes to the system and malware installs.Some configurations are difficult to use under least privilege (Windows on a notebook)Better approaches are becoming available:Windows: User-Account-ControlLinux: sudoThe automated update processOne Some ManyOne. Test the automated update on one computer (usually a test machine). Document the impact of the update.Some. Apply the update to a few computers. Usually, the reaming test machines of various configurations and always to the computers in the IT department. (We call this dogfooding eating your own dog food.)Many. Apply the update to the rest of the organization, making sure to inform users of the potential impact of the update.

Automated Patch Management Options For Popular Operating SystemsWindowsWSUS: (Windows Software update Services)For One System:wuauclt.exe /resetauthorization /detectnowFor Some / Many: (WSUS Server) http://technet.microsoft.com/en-us/wsus/default.aspx LinuxYum (Yellow dog Update Manager)For One System: yum updateFor Some / Many: (Roll your own yum repository)http://www.linux.com/archive/feature/37660 CustomizationsCustomizations are the final step in the build process. For all the things that are the same about a computer, there need to be certain things that are unique to each system.What needs to be customized?Name of computerIP address of computerSID (Security identifier) of a windows computerOther settings based on the computers role:Is it a lab workstation?Is it a notebook?EtcAutomating CustomizationsThere are numerous tools for automating customizations. Customize IP Address, using the DHCP service to dynamically assign an IP address at startup.Computer Name / host name, using the DNS service which resolves IP addresses to host names.For windows operating systems the Sysprep tool can assist with computer naming and SID (security identifier generation). Startup scripts can help with the last bit of customizationsIf youre lucky.It is just as important to automate customizations as it is to automate the build process. Example: ghostreg system for the iSchool labsWe will explore DHCP and DNS in detail later in the semester.18Automated Customization Example:GhostRegA home-grown customization utility for computers that are imaged with Ghost.The Mac Address (Unique 48-bit number embedded into the computers network card) is used to identify the physical computer.After imaging is complete Script run to Generate a new SID,Read desired computer name from Ghostreg database,Assign desired computer name to computer, andAdd computer to active directory in the appropriate place, which in turn controls any additional configurations.References / Further ReadingTPOSANACh. 3Least Privilege (great links in article)http://en.wikipedia.org/wiki/Principle_of_least_privilege DHCPDHCP FAQ: http://www.dhcp-handbook.com/dhcp_faq.html DNSBrain, Marshall. "How Domain Name Servers Work." 01 April 2000. HowStuffWorks.com. http://computer.howstuffworks.com/dns.htm 19 August 2009.

Questions?