Skip to main content

Posts

Showing posts from April, 2011

Booting from Network to provision bare metal computers

For an IT enterprise sizing from few hundred's of computers to thousands, deploying operating system manually on each on of them is expensive and a time consuming process.In order to install OS on bare metal machines connected to network, Intel introduced PXE (Preboot eXecution Environment) as part of the Wired for Management framework by Intel.

Wired for Management (WfM) is a hardware-based system allowing a new computer without any software to be controlled by a master computer that could access the hard disk of the new PC to copy a program. Intel developed this system in 1990's.It can also be used for software updates and monitoring the machine remotely.

WfM included the Preboot Execution Environment (PXE) and Wake-on-LAN (WOL) standards.However WfM has now been replaced by the Intelligent Platform Management Interface standard.

The real problem for most IT managers was every time a new employee is hired, a machine in work-ready state is to be provided  to the employee for doi…

What are Bare Metal machines

What is a bare metal machine ? What is bare metal hardware ?The term bare metal machine is used to refer to a machine on which there is nothing reliable but the hardware.


The goal of a bare metal install is to take any piece of hardware and install a operating system on it so that it becomes fit for its business purposes.
Typical scenarios involving bare metal machines include:
Installation of an operating system on a new machine (out of the box) Reinstallation of a damaged operating system from scratch Recovery of a damaged operating system from a system backup Repurposing of a machine (without regard to the previous operating system installed) Clean migration to a new operating system (without dependency on the current state of the system) Although some of these tasks (like repurposing or OS migration) could also be performed leveraging on a previously installed operating system, the bare metal approach is more reliable and leads to more homogeneous configurations: New mac…

Extended Software Inventory for Endpoints

In addition to normal software and hardware inventory information of an endpoint, its better that we also collect some other critical information for endpoint analysis,threat and security breach detection.

Extended Software Inventory

Users
 Collect information about user accounts on the endpoint.
 Information to collect  :

 1. User Name
 2. Domain to which the user is registered to
 3. Password Required or not
 4. Has Password expired or not
 5. Account Disabled or not
 6. User's group and quota details
 7. Status ? Account blocked due to bad password attempts etc.
 8. Last logged user

Services

 Service is a long-running executable that performs specific functions
 which is designed not to require user intervention.

 Information to collect :

 1. Display Name
 2. Service Name
 3. Path to Service executable
 4. Service type. ( eg. own process or share process )
 5. isStarted
 6. Start Mode (Manual or Automatic)
 7. State (running , paused , stopped)
 8. OwnerUserName (System , administrator)
 9. Service u…

Collecting Extended Inventory Data for Endpoints

In addition to normal software and hardware inventory information of an endpoint, its better that we also collect some other critical information for endpoint analysis,threat and security breach detection.

Extended Hardware Inventory


       Printers  Collect information about printers connected to the endpoint.
 Information to collect  :

 1. Printer Name
 2. Driver Name and Version
 3. Is Local or Network Printer.


  USB Devices  

 Information to collect :

 1. Type of USB device. eg : Mass Storage, USB Hub, smart card reader etc. 
 2. Manufacturer and Vendor ID. eg : Lenovo , Samsung
 3. Port Number on which the device is connected.
 4. Serial Number. eg: every pen drive has a unique serial number.
 5. Device Class (reserved , hub etc) and Device address
 6. USB Version (1.1, 2.0 etc) and Host Controller (generally 0 except for USBHub)


PCI Devices  


 Typical PCI cards used in PCs include: network cards, sound cards etc.
 Modems,extra ports such as USB or serial, TV tuner cards and disk controllers 
 …

Inventory Management for Endpoints

Collecting software and hardware related information of a particular endpoint (any device on a connected network) is known as inventory management or IT Asset Management (ITAM). Inventory Management is a key feature to support endpoint life cycle management.



Goals of Inventory Management

1. Gain control over assets (all elements of software and hardware) in your business environment.
2. Manage IT costs and return on investments (ROI).
3. Ensure compliance of all endpoints.
4. Risk reduction by detecting lost assets (eg. certain endpoints are not reachable for a long time indicating loss).
5. Enforcing policies on black-listed software to avoid any security breach or loss of confidential information or threat of spreading virus in your IT environment.
6. Keeping hardware and software configuration up-to-date in your environment.

ITAM helps easily track hardware information, installed software packages, and operating system settings for all IT assets in an IT enterprise.

Example to find out th…

Oracle takeover of Sun changes endpoint registration process

After Oracle's takeover of SUN MicroSystems, the registration process for Solaris OS has undergone a change as all SUN hosted sites are now linked with *.oracle.com.We need to register a Solaris endpoint with Oracle inorder to obtain updates (operating system and application patches) using the smpatch/updatemanager tool.

how to register a sun machine for patch update ?

Note : Previously registered machines now show: "No patches required"

Note : In case the registration fails with the following errors, one will need to properly register a new system :  Invalid subscription key , User access denied , Invalid Serial Number , InvalidEntitlementCodeException.

Registration process with Oracle is referenced as MOS - My Oracle Support.

So in future the new terminologies are :
Your Sun Service Plan = MOS CSI number
Sun User Name = MOS Single Sign On

Post  MOS migration, it will be important to know the system serial number when registering via Sun Update Manager (sconadm). The …

Key Market Players for Endpoint Management

PC configuration and life cycle management market is occupied by top players like Microsoft , IBM , Symantec , HP. The core functionality provided by each of them is almost same differing in scalability , usability and real-time status visibility of all endpoints.

According to Gartner Magic Quadrant the leaders in PCCLM are Microsoft , Symantec, HP and LANDesk Software. IBM is slowly moving into the leaders group due to the BigFix acquisition.
Other players include BMC , Novell , Dell , CA Technologies , Matrix42 and FrontRange Solutions.


Perimeter for Mobile Data Security - Essential Elements

Source : Verizon Wireless Security

Key Features for Endpoint Management

Endpoint Management Product should support all features starting from acquisition to retirement of the target device , a complete end-to-end solution. Some of the key scenarios include Patch Management , Software Management , Inventory Management , Security and Compliance Management and OS Deployment.
The entire process starting from acquiring a new endpoint to its retirement is known as Endpoint LifeCycle Management.



Asset Management is nothing but  managing the physical inventory in an organization. Assets include software and hardware devices like computers, switches, hubs, routers, mobiles etc.
License Management is about managing the licenses for software enabling IT to align software spending with business priorities. For example a company needs to buy licenses for windows operating system for all its computers.
Patch Management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system.
For exa…

The real meaning of Provisioning in the Computer World

Speaking in non-technical words, Provisioning means "providing" or making something available in either usable or non-usable form. Provisioning process will always have two key entities,  Provider and Consumer. For example : In the telecommunications world , provisioning would mean setting up or providing new services like GPRS , MMS for a new customer or existing customer.

Even while you are reading this article your internet browser is provisioning the web content to you in readable (usable) format. Your browser is the provider and you are the consumer. Consider the classic example of how internet works ...


Finally your browser has performed mutiple operations to just get the Google homepage displayed on your screen.

Another example is : Traffic Signals which provide a mechanism to control the road traffic in an automated way , reducing the need of human beings from doing the work of traffic control.

In short, Provisioning is nothing but automating steps of a manual process.

Ac…

How IBM is helping trace the origin of Human Family Tree

This project investigates in the history of human migration by analyzing DNA samples from millions of people living today. Launched in April 2005, the collaboration between IBM and the National Geographic Society is creating a comprehensive knowledge base of our shared genetic heritage, a unique resource that continues to refine our understanding of human history.

Ultimately we all have come from one single origin , the single unknown parent ??? Our genes have a link to this missing record and some critical information about our ancestors from 60,000 years or even more .

As project director Dr. Spencer Wells said, “The greatest history book ever written is the one hidden in our DNA.”

Traditional Endpoint Provisioning Architecture

Most traditional endpoint management products follow a client-server model wherein the Server has a front-end to manage and track all operations/tasks performed and back-end database to store the logs and history.



All endpoints have a agent which can talk to the server. The server creates tasks and sends it to the agents.Agents decode the message sent by the server and perform the necessary task.If the task was successful or not , agent reports back to the server indicating the success or failure of the task.
This data is captured in the database for future audits and analysis purpose.

Consider that the server has created a task to install "Adobe Acrobat Reader" on all the endpoints.
This task is then sent to all the agents in encoded format. Once the agents decode the message they realize that "Adobe Acrobat Reader" is to be installed.

Intelligence should be built into the agent to detect its underlying operating system , hardware architecture and other details. The ag…

What does Work-Ready Approach mean

Aim of Computer Provisioning is to bring them in a state where employees of the organization can work on , for example a computer without an operating system is of no use to the employee.


Goals of desktop/laptop/device administration are :

1. To make desktops compliant to IT policies… and know it
2. To quickly and accurately patch desktops… and know it
3. To ensure that desktops have the right software for their users at the right time… and know this is the case
4. To track the hardware and software assets that form these desktop and laptop workstations
5. To make sure our employees can get their work done using their workstations
6. To enable our end users with a self-service portal and the ability to influence desktop management agent operations when permitted

Basic Steps involved in Computer Provisioning

Typically endpoint/computer/server provisioning would involve the following basic tasks.

1. Find or Discover a machine and install an operating system
2. Install necessary device drivers, middleware, and applications/softwares
3. Configure the machine with proper network ,firewall , access control , storage settings etc.
4. Get machine working on the company's network. (might involve domain enrollment,registration)
5. Audit the system as per the checklist or minimum standards prescribed by the company policies.

Goal: All machines should be in a state where employees can work and get their workdone.
This ensures that the employee spends more time doing their work and not configuring the computer.


Related Article : Computer Provisioning