Personal Data Recovery The pain of laptops
Overview • A bit about our environment • The problems we face • What we need to get rid of them • What we are looking at and have implemented so far • Questions
What do we have? • ~12000 computer objects in Active Directory • ~1500 laptops in AD. + An unknown number of laptops not in AD. (For various reasons) • Our laptop-users are both researchers out in the field, home-users, and the ”executive type” running between meetings. • We have a centrally managed policy for which computers can be bought, that also dictates installation of our OS-image.
The issue • Most of our users have a managed desktop at the office. But many also have a laptop, and they want everything they get at the office on that laptop. (Plus some extra freedom since they use it at home.) • How do we replicate the environment from the office computer to that laptop? • How do we backup the data? • How do we protect the data from being stolen? • The applications and the operatingsystem needs some love too.
Typical examples • A department keeps a few spare laptops in a closet. ”Just in case”. Of course they expect it all to work when they just grab one and fire it up. • A user takes a trip to Hawaii for 6 months to do some ”research”. • A user prefers the desktop for ”storage space”, works at home for a week on his laptop, shows up at work, and calls the helpdesk demanding to know what the **** we have done to his documents. • And the ususal backup-issues... • We have laptops that are on site, but they are on the wireless network, from which we dont allow laptops to log into active directory or map printers and drives.
So how would we like to solve it all? • Networked storage for the laptops • Printer access. • Encryption software • Synchronisation software • Software maintenance that works on a roaming client. • A way to make some of the laptops more ”managed”
What actual solutions do we have? • Our own image, with local GPOs as well as AD-GPOs • WSUS-server (Windows Server Update Services) • Some applications with automatic update functionality • VPN • Synchronisation software
What are we looking into? • WebDAV, Web-based Distributed Authoring and Versioning • IPP, Internet Printing Protocol • NAC, Network Admission Control (Cisco) • NAP, Network Access Protection (Microsoft) • Encryption software, in essence; Bitlocker • Tivoli for mobile endpoints • Two SSIDs for the wireless network. Managed/Unmanaged
And my favourite (for some users)…. • Remote Desktop! • Full access to all your apps, often already running, on your personal office computer • Your laptop can be cheap; wont need that much computing power. • If you loose it or break it, replacement is much less hazzle. All you need is a few basic applications. • Your data are safely tucked away at a network-drive mapped up to your office computer. • The communication is encrypted, if you worry about the encryption being broken, add another layer by tunneling it all through SSL.
Thats it. Questions? • anders dot vinger at usit dot uio dot no