Centralized Desktop Deployment and Management Institute of Computer Science - Masaryk University Radim Janča janca@ics.muni.cz Presentation overview • Introduction of university IT environment • Services and technologies with Demos • Tour around computer studyroom • Discussion System Administration Dpt. • Primary focus on MS Windows technologies • 182 MS Windows servers, 2228 desktops • Centralized desktop management • MS O365 – university workgroup solution • Support services Central Management Service • More than 40 000 active students, 5000 employees • Dozens of localities such as faculties, institutes, departments, offices etc. • Goals: • transparent and straightforward working environment for all students and employees • unify the IT environment • allow access to the centralized IT resources • define administration rights and rules • provide all practices and technologies to the interested localities Services provided • management of authentication via UCO and secondary password • management, monitoring and backup of servers • management of workstations’ unattended installations • management of the basic set of software • local distribution of hotfixes and updates for Microsoft products • local distribution of updates for Eset anti-virus products Services provided • availability of printers • management of student profiles • management of guest profiles • troubleshooting – solution of serious and critical software problems on workstations • general consultations concerning the area of IT Terms of Service • the local administration departments are responsible for: • management of the extended set of software, which is not distributed • centrally reaction to the UCN administrators’ requests • reporting of occurring problems to the UCN administrators • management of the network infrastructure of local workstations and servers • complaints related to the locality’s hardware So what you really get… • Unattended installation of workstations (including drivers, no OS images) • Regular update of centrally provided OS • Regular update of centrally provided software (around 25 standard + 100 specialized) • Monitoring • Connection to the centralized printing systems = uniform payment using an ISIC card (via SUPO account) and standardized printing environment • Special modes for exams • And more… later in technical solutions Main benefits • Higher security and uniformity of provided services • Constantly up-to-date environment without the need for any user interaction • Unified environment of the MS Windows OS • Standardized set of installed software • Centralized printing • Unified logon Localities • Currently deployed over a half of the organization units of MU • The rector’s office • Institute of Computer Science • Faculty of Science • Faculty of Law • Faculty of Arts • Faculty of Education • Faculty of Social Studies • Technology Transfer Office • University Campus Bohunice • Faculty of Medicine localities • University Computer Centre • University Centre Telč • Accomodation and Catering Services of MU Division of localities • Study Rooms, Classrooms • roaming profiles, access to shared storages and printing devices, basic set of software and selected software related to their subject of study • Employees’ workstations • access to the SW associated with their work requirements (economic software, asset management, etc.). • local storagespace, access to central storages, printing devices, remote desktops, network backup storage, local profiles University central network University central network • Windows forest with central domain ucn.muni.com • All user accounts (students, employees, guest, other) • Provides authentication to multiple systems: Workstations, terminal servers, network data storages ,VPN, web applications via shibboleth • Servers • Standard SW GPOs • Multiple subdomains • Workstations • Printservers Identity Management Technical solutions • Unattended Installation of operating systems • Software Distribution • User Profile Administration • Remote Wake-up and Shutdown • Examination Modes • Monitoring of Localities • Server backup Unattended OS Installation • opsi (open pc server integration) • Windows 7 support (W10 in plan) • Drivers included in installation • Up to date images • Computer deploy 15min -1hour • Permission management Unattended OS Installation • Automatic connection to domain • Out of domain instalations • 1 a 2 disk part installations • Memtest, diskcleanup • Simple solution for nontrivial bugs/infections • Demo Software Distribution • Standardized set of software • Extended set SW • Software deployed through Group Policies • Software is installed after PC restart • Regular updates twice a month User Profiles • Roaming profiles for students • 1GB of storage per profile • Clustered storage • 1GB not enough? -> cloud services (o365/google) • Local profiles for employees • Automatically connected network storage • Local profiles stored on secondary partition Remote Wake-up and Shutdown • Centrally controlled • Scheduled • Computers are waked and updated at night • No waiting for updates • Remote reinstallation of study rooms Examination Modes • Mainly used in study rooms • Two modes: • Questionnaire • Examination • Windows app • Demo Server Backup • Actual state • Backup system based on Powershell scripts and WB admin • Simple setup, basic scheduling • Regular over night backups • Nagios probe checking • Simple webpage check Server Backup • Planned state • Shrodingers backup • Dual backup of VM machines (Vmware + WBadmin) • Demo Monitoring of localities • Application Frank • Monitoring for information and security purposes • Computer state • Information about logged users • Information presented in real-time • History is logged • Demo Remote connection Strong tools for troubleshooting Windows remote desktop Team Viewer • App distributed through ICS web – remote connection to user session • TeamViewer installed as a service – remote connection resistant to user logoff Active Directory DEMO University Computer Study Rooms • Allows students access to university resources • Workstations, connection for laptops, WiFi • CPS open 24/7 • Print services • Often used for presentations, workshops and exams • Tour Thank you for your attention. Radim Janča janca@ics.muni.cz