Post on 16-Jan-2016
Presented by: Christopher Diachok, CMS Consulting Inc.
BDD Real World Best Practices
Microsoft Infrastructure and Security Experts Active Directory - Windows Server - Exchange - SMS - ISA MOM - Clustering - Office – Desktop Deployment - SQL – Terminal Services - Security Assessments - Lockdown – Wireless
Training by Experts for ExpertsMS Infrastructure – Security - Vista and Office Deployment
Visit us online: www.cms.caDownloads – Resources – White Papers
For Security SolutionsFor Advanced InfrastructureFor Network SolutionsFor Information WorkerFor Mobility Solutions
CMS Consulting Inc.
Session Goals
Common ways of doing things today…and “best practice”What’s new in desktop lifecycle management?What is image life cycle?What is BDD?What is so cool about the new tools? Why should I care about image lifecycle?
Agenda
Quick Survey
Who knows what BDD is?
How many users in your organization:< 100100 – 500500 – 5000> 5000
How many images do you currently have1-55 – 2525 – 50> 50I don’t know
1. ~~~~~~~~~
2. ~~~ ~~ ~~
3. ~~~~
Desktop Management
Level 1: Chaotic: Uncontrolled with little planningNo standardization in imaging/deploymentsManual deploymentsNo images
Level 2: Some standardization: Limited standardizationLimited process knowledge
within teamManual deploymentsMultiple images
Level 3: Manual deployments: Some standards in placeProcesses are documentedManual deploymentsMultiple images
Level 4: Some Automation: Standards are in placeProcesses are documentedAutomated deploymentsReduction in image count
Level 5: Fully Automated Standards are in placeProcesses are documentedAutomated imagingAutomated deploymentsReduction in image count
Migration Roadblocks
I don’t know if my applications will work with the new operating systemUpgrades cost me a lot of money!Upgrades take too long, its easier to stay where we are atI don’t have the staff for a long projectI have no easy way to deploy a new operating systemThis stuff only works with Microsoft technologies
Vista
Typical Image Count by OS
Operating System Quantity
Windows NT 20 – 40
Windows 2000 10 - 20
Windows XP 3-5
Windows Vista 1-2
Today’s Desktop Lifecycle Management Strategies
Hardware & OS
Applications in Image
Core Applications
Sales ApplicationsFinance
ApplicationsHR Applications
DevelopmentApplications
On
e O
ff
Ap
plc
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
On
e O
ff
Ap
plic
atio
n
Its not just about the imageImage reduction however will save moneyGlobal image
End to End management of the desktop environment
Image inception to end of lifeApplication PackagingApplication deploymentsPatch ManagementDesktop securityNext generation OS
What is BDD 2007
Business Desktop Deployment 2007 provides prescriptive guidance, tools, scripts for desktop deployment lifecycle managementSupports deployment of Vista and XPDeployment tool agnosticCentralized storage of source filesAutomated creation of base images
Saves time
Standardization Equals $$$$ savings!!!
Includes tools such as BDD WorkbenchUpdate rollup released June 14 2007 – KB937191
New Image Lifecycle Tools
Application Compatibility Toolkit 5.0BDD 2007 WorkbenchSystem Image ManagerWindows Automated Installation Toolkit
ImageXPEImg
Windows Deployment ServicesUser State Migration Tool 3.0Group Policies
Collect Data Analyze Test
Inventory Applications and Devices
Gatherhigh-level compatibility data
In-depth testing with test tools
Log test data
Build and Test mitigations
Prioritize and Categorize
Synchronize data with Compatibility Exchange
Identify high-level issues
Application Compatibility Toolkit 5.0 Methodology
Log Processing Service
Agent Framework/Compatibility Evaluators
Europe North America
Desktop Topology
Internet
HR Finance
Application Compatibility
ManagerLocal ACT DB
Inventory IE UAC UCE Etc…
Compatibility Exchange
`
`
WilmaBetty
1
2
3
4
Application Compatibility Toolkit 5.0 (DEMO)
Imaging: BDD Workbench (DEMO)
Imaging infrastructureGUI interfaceEasy driver installationCan add applications and patches to imagesSupports XP and VistaCan be used to deploy operating systems in small environments
Windows System Image Manager (DEMO)
Quickly create an unattended Windows Setup answer file
View all of the configurable settings in a Windows image
Easily update an existing answer file
Add third party drivers, applications, or other packages to an answer file
Create a Configuration Set
User State Migration Tool 3.0
Tool to automatically migrate user settings and data during an enterprise migration projectMigrates Windows 2000 SP4 and > to Windows XP or VistaUses XML files instead of infScanstate and Loadstate /config option can be used for excludesRequires elevated mode in Vista (due to User Access Control)
Windows Deployment Services (DEMO)
Runs on Windows Server 2003/2008Replaces RISNew Features:
Native support for Windows PE as a boot operating system.Native support for the Windows Imaging (WIM) file format.An extensible and higher-performing PXE server component.A new client menu for selecting boot operating systems.
Benefits:Deploys Windows Vista and Windows Server 2008 to "bare metal" computers (no operating system installed). Supports mixed environments including Microsoft Windows XP and Microsoft Windows Server 2003.
Provides an end-to-end solution for deployment of Windows
operating systems to client and server computers.
Boot Click F12
Applynew image
Boot Image
PXE BootCalls Boot image from WDS
Scripts Run
Boot image loadsUser State migratedCalls defined WIM File
New WIM installedOperating System and base applications
Supplementary applications installed
Desktop
Windows PE
Vista OS
Install Applications
ConfigureOS
Unattend.xmlDrivers added
Build required file structureUser state restored
Lite Touch Deployment Sequence
Microsoft’s offering in “Desktop imaging”Adds support to SMS 2003 for deploying new OS images to desktops in a distributed environmentIntegrates with SMS 2003 to improve functionality
Inventory-based planning and targetingCentralized tracking and statusReplication of images throughout distributed enterprisesOpen architecture Partitioning capability (using Diskpart)
Uses WIM image format: No need to delete system partition – data can stay localCapable of new computer install and refreshes OSSupports custom scripts and migration toolsInstalls into SMS 2003
Requires SMS 2003 Service Pack 1 or 2
SMS 2003 OS Deployment Feature Pack
SMS OSD and Zero Touch Installation
Extensions to the OS Deployment Feature PackDesigned to completely automate three scenarios:
New ComputerRefresh ComputerReplace Computer
Designed to extend OSD capabilitiesComputer renameGreater control over the process: dynamic USMT state backup location, Sysprep.inf editingCentralized monitoring and controlProgress reporting and alerting (SMS, MOM)
1
BDD Deployment BDD Deployment –– Refresh ComputerRefresh Computer
Client receives advertisement to init OSD, determine Package/Program to install and run USMT state captureValidation Phase
1
State Capture:Variables and UNC path for migration store set, Capture run
2
Boot to WinPE3
Compressed WIM OS image is downloaded & installed4
Post Install:Script: Modify
Sysprep.inf, run Mini Setup, reboot
5
6 State Restore:SMS delivers role based applications & post OS config.
7
State Capture: 1.2 CMD: User State data stored
State Restore CMD: User State restored
State Capture:1.1 Script: Set System variables
USMT Data File Server
SMS 2003 SP1OSD FP
MOM 2005Server
8
BDD
Script/RulesMonitor Status
Script/RulesLog Activity
SMS OSD ZTI Scenario
Why should I care?
OS platform standardization easier management of the desktopLower TCO
Reduction in images reduced ongoing image support costsReduced complexity
Desktop security more secure desktop landscape
Automation more rapid, less expensive OS deploymentsRepeatable processes
1 yr 2 yrs 3 yrs 4 yrs 5 yrs$0
$200
$400
$600
$800
$1,000
$1,200
$1,400
Support CostsHardware Costs
Desktop PC Replacement Age (lifecycle)From: MS/Intel Strategic Mgmt of the PC Install Base Whitepaper
Number of Deployed PC Hardware Configurations
Estimated Annual Support Cost Reductions
Current Target Percent $ / PC
10 5 23% $64
20 10 23% $121
50 25 51% $346
Hardware Configuration Reduction Reduces Costs “Lowering the number of configurations by half can cut
support costs by 25 – 50%”From: MS/Intel Strategic Mgmt of the PC Install Base Whitepaper
How BDD has helped Organizations
Major Canadian BankReduction in images from 18 worldwide to 2 (XP)Provides increased standardization and automation
Large Canadian RetailerPrevious chaotic state is now a managed desktop infrastructureSignificant reduction in images to a single image (XP) Image build is automatedDeployment with SMS is automated
Toronto District School Board50 images has been reduced to 1 VistaAutomated image creation takes less than 1.5 hours (previously several days)Deployment reduced to 2 hours from approximately 16Lab built over lunch Recently highlighted at the Vista launch in Toronto
Security Education Conference in Toronto
November 20 – 21, 2007, MTCC, Toronto, ON, Canadahttp://www.sector.ca/
CMS Training Offerings
INSPIRE Infrastructure Workshop4 days of classroom training - demo intensiveAD, Exchange, ISA, Windows Server, SMS, MOM, Virtual Server
Business Desktop Deployment – Deploying Vista/Office3 days of classroom training - hands on labs (computers provide)Business Desktop Deployment Concepts, Tools, Processes, etc. Vista and Office
Securing Internet Information ServicesSecuring ActiveDirectorySecuring Exchange 2003
1 day classroom training per topic
TRAINING BY EXPERTS FOR EXPERTS
@Contacting Us.
Brian Bourne, President – brian@cms.caRobert Buren, VP Business Development – robert@cms.caChristopher Diachok, Senior Consultant, MCSE, MCT – christopher@cms.ca
CMS Consulting Inc. – http://www.cms.ca/
CMS Training – http://www.cms.ca/training/
Toronto Area Security Klatch – http://www.task.to/
Q & AThank You!
Visit: CMS Consulting at http://www.cms.ca
Join: Toronto Area Security Klatch at http://www.task.to
Register: Security Education in Toronto at http://www.sector.ca
CMS Consulting Inc.CMS Consulting Inc.