Symantec Management Platform at BOP Polytechnic
Content
Symantec Management Platform at BOP Polytechnic
Background BOP Polytechnic currently utilises Symantec Management Platform with the following modules incorporated and licensed: y y y y y y y y y Software Management Solution Inventory Solution Inventory for Network Devices PCAnywhere Real-Time System Manager Deployment Solution Patch Management Solution Windows Patch Management Solution Mac Patch Management Solution Linux
We have 875 device licenses for the above with the exception of Real-Time System Manager of which we are licensed for 10 devices. The infrastructure resides on two virtual servers running MS Windows Server 2003. Notification Server runs the software management, patch management and inventory solutions, while Deployment Server manages the deployment of Windows XP SP3. Notification Server by default is also a Task Server and OOB management server.
With well over 1000 different devices incorporating 800 PCs, 100 Macs and 150 mobile devices, the requirement to effectively and efficiently manage these is paramount to the day to day functioning of the Polytechnic. We currently manage around 670 of these devices through SMP. These are primarily student computers and exclude Macs and mobile devices. This may change in future as requirements change. Software delivery is done via Microsoft s App-V Server 4.5 and MS App-V client 4.6. Virtualisation of software is the best and most efficient way of delivering software to lab environments and requires very little interaction from the rest of Customer Services. Whilst this has proven to be effective thus far, other technologies within the SMP framework will increase efficiency and stability. Despite this, there are still certain applications which must be installed on the base image. These include : y y y y y y y MS Office Java runtimes Agents (Virtualisation, Desktop, Deployment, Patch Management) Drivers for hardware / software Antivirus Multimedia packages Visual Studio runtimes and redistributables
Currently, an Access database is used to hold licensing and ownership details. There is also a centralised licensing server model in place which holds details for the following : y y y y y y y PASW 16 - 19 Solidworks Minitab Lectra Citrix EdgeCAM Typequick
Ideally a mechanism to manage and control all licensing from MS products to MYOB is required. SMP 7.1 has a module available for asset management including software licensing. Building this asset database up will enable us to generate and catalogue our software and services for publication if required. See attached documentation for quotations as provided by Gen-I.
Reports thus far are non-existent and we are not utilising the tools within SMP to its full capability. Version 7.1 introduces us to IT Analytics which is effectively drag and drop reporting for high level reporting and overviews. The upgrade from 7.0 7.1 is a pre-requisite in this occurring. Remote management is done via PC Anywhere with newly SMP d machines. Existing Ghost machines utilise VNC. Whilst VNC is very good at what it does, PCAnywhere is quickly becoming the industry standard for remote management. Within the polytechnic, the agent is deployed to each desktop at build time and properties set to enable remote access. Customer Services dekstops will require PCAnywhere to be installed. This can be deployed via SMP quickly and without fuss. Patch Management is done on an as required basis. Patches are pushed out to all machines with the Patch Management agent installed. As this is installed at build time, there should be no machine missing out on any updates. Whilst this is an important part of machine health and maintenance, more time needs to be invested in Patch Management for it to be effective. Adobe updates are done when they are recognised as being released. Microsoft updates are done on a monthly basis after testing of any patches that are deemed required, including but not limited to : y y y Hardware updates Security updates Application updates
Software Virtualisation We currently are running Microsoft s APP-V Server and Client on desktops for virtualised software delivery. Whilst this has been effective, the SMP framework tools are integrated into the suite and can be managed by varying security roles. With well over 300 applications delivered virtually the management of these applications has been rather manic and not thought out well. Integrating software virtualisation into our software delivery mechanism makes sense at this point in time. App-V is currently only able to be delivered on a user / security group basis and does not allow us to target specific computer labs. i.e. H237 & H241a where CAD packages are required. These two rooms also have hardware specific requirements to enable the most out of the software. Symantec Workspace Virtualisation (SWV) allows us to target specific rooms or teams for delivery. This would ensure that any hardware requirements are met prior to deployment. We can limit delivery to model if required or component requirements. E.g. we can deploy to any machine with more than 2GB RAM, and 2 or more processors. The granularity of SWV makes it a perfect solution to our requirements. App-V currently has a 60% virtualisation ratio where SWV has a 95% virtualisation ratio. Whilst there are some limitations to both solutions, SWV does have the edge on successful virtualisation of software. SWV can give us the ability to virtualise MS Office 2010 and run in parallel to MS Office 2007, something that App-V cannot do as of yet. Whilst only one version of Outlook can be present on a system at a time, running the other applications are seamless and do not interfere with locally installed packages. The ability to do this gives us a great advantage when we look at areas within the Polytech, such as D06, which is being used as a testing environment. We can virtualise software and then restore to a very clean image as nothing has touched the base image. I envisage that this would vastly speed up ISS response to requests such as software upgrades and installations which typically are left to the last minute. Virtualisation can also be performed on our existing and new Citrix Farms. This enables certain software packages to be delivered quickly to the end user and provide a level of confidence in the installation, where doubt may be cast on the reliability and stability of the installation otherwise. Either solution, SWV or App-V, would give us the ability to deploy quickly and seamlessly to the desktop, but only SWV gives us the granularity that we rely on for the diversity of our environment.
Software Licensing / Control / Lifecycle We currently utilise a MS Access database to hold details about software purchases / licenses and deployment. While this works, it does not give us the ability to monitor what licenses are used and give us a baseline for justification of new / additional purchases. The limitations of not controlling application access, is one of the main concerns with the existing process. SMP offers, as mentioned, an Asset Management module that can be utilised with deployment. This module offers the ability to monitor application usage and adhere to licensing obligations. It can also give us a much higher overview of what software is available on network and where it is being utilised. This can offer a timeline to enable us to see where and when our licensing is renewable. The Lifecycle side of software management is required for upgrade paths. I have recently been made aware that we are running a piece of software which is 7 versions behind. This is unacceptable for the tutors responsible and also unfair to the students. While this can be rectified relatively simply by upgrading, advance warning of expiration of license would enable us to investigate any upgrade paths in a timely fashion and reduce the number of requests pertaining to upgrades at the end of each year. Application metering can be set up to monitor application usage. This can be implemented very quickly, but caution must be exercised when doing so to ensure that only the applications required to be monitored are. A discussion regarding which applications require metering should be undertaken. I would suggest where applications that are limited by license in the first instance i.e. Endnote, Adobe Suite. The log files for this will quickly grow to an unmanageable level and cause performance issues. We currently monitor a number of the MS Office suite that can be reported on.
Reporting / IT Analytics As of SMP 7.1, IT Analytics are included in the product at no further cost to the licensee. This enables dashboards to be created for users to be able to see a higher level overview of what is occurring on the corporate infrastructure pertaining to desktop and laptop machines. IT Analytics is software that enhances the reporting available and incorporates a graphical component paired with multi-dimensional analysis. This multi-dimensional form of reporting is primarily based on pivot table technology. Each solution within SMP has it own IT Analytics Pack which contains cubes . These cubes contain certain criteria specific to each solution. The solutions which currently have packs available are : y y y IT Analytics Client Management Suite IT Analytics Symantec Endpoint Protection IT Analytics Symantec Service Desk
As we only utilise CMS, only the top pack would be of interest to us. I have been led to believe these are available for download using the Symantec Installation Manager (the primary installation method for SMP). Our existing method for data extraction and analysis is using SQL queries directly from the CMDB database. Whilst this has the potential to provide large amounts of data, detailed and specific requirements are necessary to provide any useful data that is required. Knowledge of SQL is also assumed and expected when managing reporting in this method. Reports can be scoped, that is, users will only see information that they have access to see. For instance, Desktop Support user A may have access to see and manage only Bongard student machines, any report will provide information on those machines only. Whereas, a manager may see much more information. A report can be set up to run automatically which is not scoped therefore providing all information available to the database, this would be done for auditing purpose rather than on going day to day management. Moving forward, the utilisation of the reporting features within SMP will become paramount to managing demand and supply scenarios as required by BOPP partners.
Prerequisites and moving forward Upgrade Before we can move forward the upgrade to 7.1 must occur. This involves migrating jobs / tasks to the new server, moving all agents to the new server, and migrating all management features to the new server. Subsequently any scheduled reports and automation policies must be re-created and tested. I envisage a workload of 4 days for this, encompassing an initial period of documentation and planning. This will be ratified and checked by key members to ensure consistency and no room for error. The purchase of SMP Asset Management Solution module would be beneficial but can be post-implemented pending funding. A further 3 days of scripted installation migration would be required. An external resource should be contracted for this purpose.
Report Planning A workshop to determine reporting and access requirements should be scheduled to maximise output from Symantec reporting features. A list of potential reports can be provided. Longer term, if the integrated SMP tools are not sufficient, looking at SQL Reporting Services is an option. The database is a standard SQL database so that we can glean information out in varying methods.
Training As with all technology there is always a requirement for training. The following is a list of training that would be required: y y y 21167406 - Altiris Client Management Suite 7.x Core Administration ** 21178713 - Altiris Deployment Solution 7.x Administration 21178868 Altiris Asset Management Suite 7.x Administration
** Mandatory course for efficient utilisation of SMP 7.1
Succession Planning Having a single resource manage the core infrastructure of desktop deployment is not a wise option. I would suggest a discussion over extra resource be had with relevant parties. This may involve upskilling and progression for existing resource.
Quotation Prepared for:
Bay of Plenty Polytech
Tuesday 1 November 2011 Description Contact Phone Fax Email Asset Management Suite Sean Liddall 5440920660 (07) 578 0656 [email protected] CLIENT TO COMPLETE IF FAXING ACCOUNT ID: ORDER NUMBER: APPROVED BY: ORDER DATE: 3000040 Gen-i Bay of Plenty Contact AM Phone DDI Mobile Email Fax Sales Support Phone Email Gen-i Ref. Bruce Colstick (07) 578 0664 (027) 298 1275 [email protected] (07) 578 5664 Sanela Paris (07) 547 4276 [email protected] 457032
Please Note: Prices are based on latest supplier pricing. Fluctuations in exchange rate may affect these prices. Gen-i reserve the right to change pricing should these factors change between the date of this quotation and the date of order of the product or if there is an error in the price quoted. All prices quoted exclude GST and freight unless otherwise stated.
QUOTATION FOR YOUR REQUIREMENT IS AS FOLLOWS:
Product Code Y1KNXZF0-EI1AS
Description ALTIRIS ASSET MANAGEMENT SUITE 7.1 XPLAT PER CONCURR USER BNDL STD LIC ACAD BAND S ESSENTIAL
Buffer -
Qty 1
ETA from Order Date 17-May-11
Your Unit Price $14,974.57
Your Price Total $14,974.57
Sub-Total ex-GST GST @ 15% Total incl GST
$14,974.57 $2,246.19 $17,220.76
Non Faulty Products Products received and not required, need to be returned to Gen-i, unopened and in the original condition and packaging within 12 days of receipt or the client will be billed. Opening of the box will deem the goods non-returnable. For goods returned outside of this timeframe a Restocking Fee may apply. Faulty Products Products that are deemed faulty and are under warranty can be returned to Gen-i for replacement. No replacements or credits will be issued if the fault is as a result of misuse or incorrect usage.
Background BOP Polytechnic currently utilises Symantec Management Platform with the following modules incorporated and licensed: y y y y y y y y y Software Management Solution Inventory Solution Inventory for Network Devices PCAnywhere Real-Time System Manager Deployment Solution Patch Management Solution Windows Patch Management Solution Mac Patch Management Solution Linux
We have 875 device licenses for the above with the exception of Real-Time System Manager of which we are licensed for 10 devices. The infrastructure resides on two virtual servers running MS Windows Server 2003. Notification Server runs the software management, patch management and inventory solutions, while Deployment Server manages the deployment of Windows XP SP3. Notification Server by default is also a Task Server and OOB management server.
With well over 1000 different devices incorporating 800 PCs, 100 Macs and 150 mobile devices, the requirement to effectively and efficiently manage these is paramount to the day to day functioning of the Polytechnic. We currently manage around 670 of these devices through SMP. These are primarily student computers and exclude Macs and mobile devices. This may change in future as requirements change. Software delivery is done via Microsoft s App-V Server 4.5 and MS App-V client 4.6. Virtualisation of software is the best and most efficient way of delivering software to lab environments and requires very little interaction from the rest of Customer Services. Whilst this has proven to be effective thus far, other technologies within the SMP framework will increase efficiency and stability. Despite this, there are still certain applications which must be installed on the base image. These include : y y y y y y y MS Office Java runtimes Agents (Virtualisation, Desktop, Deployment, Patch Management) Drivers for hardware / software Antivirus Multimedia packages Visual Studio runtimes and redistributables
Currently, an Access database is used to hold licensing and ownership details. There is also a centralised licensing server model in place which holds details for the following : y y y y y y y PASW 16 - 19 Solidworks Minitab Lectra Citrix EdgeCAM Typequick
Ideally a mechanism to manage and control all licensing from MS products to MYOB is required. SMP 7.1 has a module available for asset management including software licensing. Building this asset database up will enable us to generate and catalogue our software and services for publication if required. See attached documentation for quotations as provided by Gen-I.
Reports thus far are non-existent and we are not utilising the tools within SMP to its full capability. Version 7.1 introduces us to IT Analytics which is effectively drag and drop reporting for high level reporting and overviews. The upgrade from 7.0 7.1 is a pre-requisite in this occurring. Remote management is done via PC Anywhere with newly SMP d machines. Existing Ghost machines utilise VNC. Whilst VNC is very good at what it does, PCAnywhere is quickly becoming the industry standard for remote management. Within the polytechnic, the agent is deployed to each desktop at build time and properties set to enable remote access. Customer Services dekstops will require PCAnywhere to be installed. This can be deployed via SMP quickly and without fuss. Patch Management is done on an as required basis. Patches are pushed out to all machines with the Patch Management agent installed. As this is installed at build time, there should be no machine missing out on any updates. Whilst this is an important part of machine health and maintenance, more time needs to be invested in Patch Management for it to be effective. Adobe updates are done when they are recognised as being released. Microsoft updates are done on a monthly basis after testing of any patches that are deemed required, including but not limited to : y y y Hardware updates Security updates Application updates
Software Virtualisation We currently are running Microsoft s APP-V Server and Client on desktops for virtualised software delivery. Whilst this has been effective, the SMP framework tools are integrated into the suite and can be managed by varying security roles. With well over 300 applications delivered virtually the management of these applications has been rather manic and not thought out well. Integrating software virtualisation into our software delivery mechanism makes sense at this point in time. App-V is currently only able to be delivered on a user / security group basis and does not allow us to target specific computer labs. i.e. H237 & H241a where CAD packages are required. These two rooms also have hardware specific requirements to enable the most out of the software. Symantec Workspace Virtualisation (SWV) allows us to target specific rooms or teams for delivery. This would ensure that any hardware requirements are met prior to deployment. We can limit delivery to model if required or component requirements. E.g. we can deploy to any machine with more than 2GB RAM, and 2 or more processors. The granularity of SWV makes it a perfect solution to our requirements. App-V currently has a 60% virtualisation ratio where SWV has a 95% virtualisation ratio. Whilst there are some limitations to both solutions, SWV does have the edge on successful virtualisation of software. SWV can give us the ability to virtualise MS Office 2010 and run in parallel to MS Office 2007, something that App-V cannot do as of yet. Whilst only one version of Outlook can be present on a system at a time, running the other applications are seamless and do not interfere with locally installed packages. The ability to do this gives us a great advantage when we look at areas within the Polytech, such as D06, which is being used as a testing environment. We can virtualise software and then restore to a very clean image as nothing has touched the base image. I envisage that this would vastly speed up ISS response to requests such as software upgrades and installations which typically are left to the last minute. Virtualisation can also be performed on our existing and new Citrix Farms. This enables certain software packages to be delivered quickly to the end user and provide a level of confidence in the installation, where doubt may be cast on the reliability and stability of the installation otherwise. Either solution, SWV or App-V, would give us the ability to deploy quickly and seamlessly to the desktop, but only SWV gives us the granularity that we rely on for the diversity of our environment.
Software Licensing / Control / Lifecycle We currently utilise a MS Access database to hold details about software purchases / licenses and deployment. While this works, it does not give us the ability to monitor what licenses are used and give us a baseline for justification of new / additional purchases. The limitations of not controlling application access, is one of the main concerns with the existing process. SMP offers, as mentioned, an Asset Management module that can be utilised with deployment. This module offers the ability to monitor application usage and adhere to licensing obligations. It can also give us a much higher overview of what software is available on network and where it is being utilised. This can offer a timeline to enable us to see where and when our licensing is renewable. The Lifecycle side of software management is required for upgrade paths. I have recently been made aware that we are running a piece of software which is 7 versions behind. This is unacceptable for the tutors responsible and also unfair to the students. While this can be rectified relatively simply by upgrading, advance warning of expiration of license would enable us to investigate any upgrade paths in a timely fashion and reduce the number of requests pertaining to upgrades at the end of each year. Application metering can be set up to monitor application usage. This can be implemented very quickly, but caution must be exercised when doing so to ensure that only the applications required to be monitored are. A discussion regarding which applications require metering should be undertaken. I would suggest where applications that are limited by license in the first instance i.e. Endnote, Adobe Suite. The log files for this will quickly grow to an unmanageable level and cause performance issues. We currently monitor a number of the MS Office suite that can be reported on.
Reporting / IT Analytics As of SMP 7.1, IT Analytics are included in the product at no further cost to the licensee. This enables dashboards to be created for users to be able to see a higher level overview of what is occurring on the corporate infrastructure pertaining to desktop and laptop machines. IT Analytics is software that enhances the reporting available and incorporates a graphical component paired with multi-dimensional analysis. This multi-dimensional form of reporting is primarily based on pivot table technology. Each solution within SMP has it own IT Analytics Pack which contains cubes . These cubes contain certain criteria specific to each solution. The solutions which currently have packs available are : y y y IT Analytics Client Management Suite IT Analytics Symantec Endpoint Protection IT Analytics Symantec Service Desk
As we only utilise CMS, only the top pack would be of interest to us. I have been led to believe these are available for download using the Symantec Installation Manager (the primary installation method for SMP). Our existing method for data extraction and analysis is using SQL queries directly from the CMDB database. Whilst this has the potential to provide large amounts of data, detailed and specific requirements are necessary to provide any useful data that is required. Knowledge of SQL is also assumed and expected when managing reporting in this method. Reports can be scoped, that is, users will only see information that they have access to see. For instance, Desktop Support user A may have access to see and manage only Bongard student machines, any report will provide information on those machines only. Whereas, a manager may see much more information. A report can be set up to run automatically which is not scoped therefore providing all information available to the database, this would be done for auditing purpose rather than on going day to day management. Moving forward, the utilisation of the reporting features within SMP will become paramount to managing demand and supply scenarios as required by BOPP partners.
Prerequisites and moving forward Upgrade Before we can move forward the upgrade to 7.1 must occur. This involves migrating jobs / tasks to the new server, moving all agents to the new server, and migrating all management features to the new server. Subsequently any scheduled reports and automation policies must be re-created and tested. I envisage a workload of 4 days for this, encompassing an initial period of documentation and planning. This will be ratified and checked by key members to ensure consistency and no room for error. The purchase of SMP Asset Management Solution module would be beneficial but can be post-implemented pending funding. A further 3 days of scripted installation migration would be required. An external resource should be contracted for this purpose.
Report Planning A workshop to determine reporting and access requirements should be scheduled to maximise output from Symantec reporting features. A list of potential reports can be provided. Longer term, if the integrated SMP tools are not sufficient, looking at SQL Reporting Services is an option. The database is a standard SQL database so that we can glean information out in varying methods.
Training As with all technology there is always a requirement for training. The following is a list of training that would be required: y y y 21167406 - Altiris Client Management Suite 7.x Core Administration ** 21178713 - Altiris Deployment Solution 7.x Administration 21178868 Altiris Asset Management Suite 7.x Administration
** Mandatory course for efficient utilisation of SMP 7.1
Succession Planning Having a single resource manage the core infrastructure of desktop deployment is not a wise option. I would suggest a discussion over extra resource be had with relevant parties. This may involve upskilling and progression for existing resource.
Quotation Prepared for:
Bay of Plenty Polytech
Tuesday 1 November 2011 Description Contact Phone Fax Email Asset Management Suite Sean Liddall 5440920660 (07) 578 0656 [email protected] CLIENT TO COMPLETE IF FAXING ACCOUNT ID: ORDER NUMBER: APPROVED BY: ORDER DATE: 3000040 Gen-i Bay of Plenty Contact AM Phone DDI Mobile Email Fax Sales Support Phone Email Gen-i Ref. Bruce Colstick (07) 578 0664 (027) 298 1275 [email protected] (07) 578 5664 Sanela Paris (07) 547 4276 [email protected] 457032
Please Note: Prices are based on latest supplier pricing. Fluctuations in exchange rate may affect these prices. Gen-i reserve the right to change pricing should these factors change between the date of this quotation and the date of order of the product or if there is an error in the price quoted. All prices quoted exclude GST and freight unless otherwise stated.
QUOTATION FOR YOUR REQUIREMENT IS AS FOLLOWS:
Product Code Y1KNXZF0-EI1AS
Description ALTIRIS ASSET MANAGEMENT SUITE 7.1 XPLAT PER CONCURR USER BNDL STD LIC ACAD BAND S ESSENTIAL
Buffer -
Qty 1
ETA from Order Date 17-May-11
Your Unit Price $14,974.57
Your Price Total $14,974.57
Sub-Total ex-GST GST @ 15% Total incl GST
$14,974.57 $2,246.19 $17,220.76
Non Faulty Products Products received and not required, need to be returned to Gen-i, unopened and in the original condition and packaging within 12 days of receipt or the client will be billed. Opening of the box will deem the goods non-returnable. For goods returned outside of this timeframe a Restocking Fee may apply. Faulty Products Products that are deemed faulty and are under warranty can be returned to Gen-i for replacement. No replacements or credits will be issued if the fault is as a result of misuse or incorrect usage.
