Presented by: Christopher Diachok, CMS Consulting Inc.

BDD Real World Best Practices

Microsoft Infrastructure and Security Experts Active Directory - Windows Server - Exchange - SMS - ISA MOM - Clustering - Office – Desktop Deployment - SQL – Terminal Services - Security Assessments - Lockdown – Wireless

Training by Experts for ExpertsMS Infrastructure – Security - Vista and Office Deployment

Visit us online: www.cms.caDownloads – Resources – White Papers

For Security SolutionsFor Advanced InfrastructureFor Network SolutionsFor Information WorkerFor Mobility Solutions

CMS Consulting Inc.

Session Goals

Common ways of doing things today…and “best practice”What’s new in desktop lifecycle management?What is image life cycle?What is BDD?What is so cool about the new tools? Why should I care about image lifecycle?

Agenda

Quick Survey

Who knows what BDD is?

How many users in your organization:< 100100 – 500500 – 5000> 5000

How many images do you currently have1-55 – 2525 – 50> 50I don’t know

1. ~~~~~~~~~

2. ~~~ ~~ ~~

3. ~~~~

Desktop Management

Level 1: Chaotic: Uncontrolled with little planningNo standardization in imaging/deploymentsManual deploymentsNo images

Level 2: Some standardization: Limited standardizationLimited process knowledge

within teamManual deploymentsMultiple images

Level 3: Manual deployments: Some standards in placeProcesses are documentedManual deploymentsMultiple images

Level 4: Some Automation: Standards are in placeProcesses are documentedAutomated deploymentsReduction in image count

Level 5: Fully Automated Standards are in placeProcesses are documentedAutomated imagingAutomated deploymentsReduction in image count

Migration Roadblocks

I don’t know if my applications will work with the new operating systemUpgrades cost me a lot of money!Upgrades take too long, its easier to stay where we are atI don’t have the staff for a long projectI have no easy way to deploy a new operating systemThis stuff only works with Microsoft technologies

Vista

Typical Image Count by OS

Operating System Quantity

Windows NT 20 – 40

Windows 2000 10 - 20

Windows XP 3-5

Windows Vista 1-2

Today’s Desktop Lifecycle Management Strategies

Hardware & OS

Applications in Image

Core Applications

Sales ApplicationsFinance

ApplicationsHR Applications

DevelopmentApplications

On

e O

ff

Ap

plc

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

On

e O

ff

Ap

plic

atio

n

Its not just about the imageImage reduction however will save moneyGlobal image

End to End management of the desktop environment

Image inception to end of lifeApplication PackagingApplication deploymentsPatch ManagementDesktop securityNext generation OS

What is BDD 2007

Business Desktop Deployment 2007 provides prescriptive guidance, tools, scripts for desktop deployment lifecycle managementSupports deployment of Vista and XPDeployment tool agnosticCentralized storage of source filesAutomated creation of base images

Saves time

Standardization Equals $$$$ savings!!!

Includes tools such as BDD WorkbenchUpdate rollup released June 14 2007 – KB937191

New Image Lifecycle Tools

Application Compatibility Toolkit 5.0BDD 2007 WorkbenchSystem Image ManagerWindows Automated Installation Toolkit

ImageXPEImg

Windows Deployment ServicesUser State Migration Tool 3.0Group Policies

Collect Data Analyze Test

Inventory Applications and Devices

Gatherhigh-level compatibility data

In-depth testing with test tools

Log test data

Build and Test mitigations

Prioritize and Categorize

Synchronize data with Compatibility Exchange

Identify high-level issues

Application Compatibility Toolkit 5.0 Methodology

Log Processing Service

Agent Framework/Compatibility Evaluators

Europe North America

Desktop Topology

Internet

HR Finance

Application Compatibility

ManagerLocal ACT DB

Inventory IE UAC UCE Etc…

Compatibility Exchange

`

`

WilmaBetty

1

2

3

4

Application Compatibility Toolkit 5.0 (DEMO)

Imaging: BDD Workbench (DEMO)

Imaging infrastructureGUI interfaceEasy driver installationCan add applications and patches to imagesSupports XP and VistaCan be used to deploy operating systems in small environments

Windows System Image Manager (DEMO)

Quickly create an unattended Windows Setup answer file

View all of the configurable settings in a Windows image

Easily update an existing answer file

Add third party drivers, applications, or other packages to an answer file

Create a Configuration Set

User State Migration Tool 3.0

Tool to automatically migrate user settings and data during an enterprise migration projectMigrates Windows 2000 SP4 and > to Windows XP or VistaUses XML files instead of infScanstate and Loadstate /config option can be used for excludesRequires elevated mode in Vista (due to User Access Control)

Windows Deployment Services (DEMO)

Runs on Windows Server 2003/2008Replaces RISNew Features:

Native support for Windows PE as a boot operating system.Native support for the Windows Imaging (WIM) file format.An extensible and higher-performing PXE server component.A new client menu for selecting boot operating systems.

Benefits:Deploys Windows Vista and Windows Server 2008 to "bare metal" computers (no operating system installed). Supports mixed environments including Microsoft Windows XP and Microsoft Windows Server 2003.

Provides an end-to-end solution for deployment of Windows

operating systems to client and server computers.

Boot Click F12

Applynew image

Boot Image

PXE BootCalls Boot image from WDS

Scripts Run

Boot image loadsUser State migratedCalls defined WIM File

New WIM installedOperating System and base applications

Supplementary applications installed

Desktop

Windows PE

Vista OS

Install Applications

ConfigureOS

Unattend.xmlDrivers added

Build required file structureUser state restored

Lite Touch Deployment Sequence

Microsoft’s offering in “Desktop imaging”Adds support to SMS 2003 for deploying new OS images to desktops in a distributed environmentIntegrates with SMS 2003 to improve functionality

Inventory-based planning and targetingCentralized tracking and statusReplication of images throughout distributed enterprisesOpen architecture Partitioning capability (using Diskpart)

Uses WIM image format: No need to delete system partition – data can stay localCapable of new computer install and refreshes OSSupports custom scripts and migration toolsInstalls into SMS 2003

Requires SMS 2003 Service Pack 1 or 2

SMS 2003 OS Deployment Feature Pack

SMS OSD and Zero Touch Installation

Extensions to the OS Deployment Feature PackDesigned to completely automate three scenarios:

New ComputerRefresh ComputerReplace Computer

Designed to extend OSD capabilitiesComputer renameGreater control over the process: dynamic USMT state backup location, Sysprep.inf editingCentralized monitoring and controlProgress reporting and alerting (SMS, MOM)

1

BDD Deployment BDD Deployment –– Refresh ComputerRefresh Computer

Client receives advertisement to init OSD, determine Package/Program to install and run USMT state captureValidation Phase

1

State Capture:Variables and UNC path for migration store set, Capture run

2

Boot to WinPE3

Compressed WIM OS image is downloaded & installed4

Post Install:Script: Modify

Sysprep.inf, run Mini Setup, reboot

5

6 State Restore:SMS delivers role based applications & post OS config.

7

State Capture: 1.2 CMD: User State data stored

State Restore CMD: User State restored

State Capture:1.1 Script: Set System variables

USMT Data File Server

SMS 2003 SP1OSD FP

MOM 2005Server

8

BDD

Script/RulesMonitor Status

Script/RulesLog Activity

SMS OSD ZTI Scenario

Why should I care?

OS platform standardization easier management of the desktopLower TCO

Reduction in images reduced ongoing image support costsReduced complexity

Desktop security more secure desktop landscape

Automation more rapid, less expensive OS deploymentsRepeatable processes

1 yr 2 yrs 3 yrs 4 yrs 5 yrs$0

$200

$400

$600

$800

$1,000

$1,200

$1,400

Support CostsHardware Costs

Desktop PC Replacement Age (lifecycle)From: MS/Intel Strategic Mgmt of the PC Install Base Whitepaper

Number of Deployed PC Hardware Configurations

Estimated Annual Support Cost Reductions

Current Target Percent $ / PC

10 5 23% $64

20 10 23% $121

50 25 51% $346

Hardware Configuration Reduction Reduces Costs “Lowering the number of configurations by half can cut

support costs by 25 – 50%”From: MS/Intel Strategic Mgmt of the PC Install Base Whitepaper

How BDD has helped Organizations

Major Canadian BankReduction in images from 18 worldwide to 2 (XP)Provides increased standardization and automation

Large Canadian RetailerPrevious chaotic state is now a managed desktop infrastructureSignificant reduction in images to a single image (XP) Image build is automatedDeployment with SMS is automated

Toronto District School Board50 images has been reduced to 1 VistaAutomated image creation takes less than 1.5 hours (previously several days)Deployment reduced to 2 hours from approximately 16Lab built over lunch Recently highlighted at the Vista launch in Toronto

Security Education Conference in Toronto

November 20 – 21, 2007, MTCC, Toronto, ON, Canadahttp://www.sector.ca/

CMS Training Offerings

INSPIRE Infrastructure Workshop4 days of classroom training - demo intensiveAD, Exchange, ISA, Windows Server, SMS, MOM, Virtual Server

Business Desktop Deployment – Deploying Vista/Office3 days of classroom training - hands on labs (computers provide)Business Desktop Deployment Concepts, Tools, Processes, etc. Vista and Office

Securing Internet Information ServicesSecuring ActiveDirectorySecuring Exchange 2003

1 day classroom training per topic

TRAINING BY EXPERTS FOR EXPERTS

@Contacting Us.

Brian Bourne, President – brian@cms.caRobert Buren, VP Business Development – robert@cms.caChristopher Diachok, Senior Consultant, MCSE, MCT – christopher@cms.ca

CMS Consulting Inc. – http://www.cms.ca/

CMS Training – http://www.cms.ca/training/

Toronto Area Security Klatch – http://www.task.to/

Q & AThank You!

Visit: CMS Consulting at http://www.cms.ca

Join: Toronto Area Security Klatch at http://www.task.to

Register: Security Education in Toronto at http://www.sector.ca

CMS Consulting Inc.CMS Consulting Inc.