1 / 45

Best Practices Guide to Managing Applications

Required Slide. SESSION CODE: WCL304. Best Practices Guide to Managing Applications. Dan Holme Director of Training & Consulting Intelliem. Dan Holme. Consultant & Trainer at Intelliem www.intelliem.com Fortune-caliber business, academic & government clients

washi
Télécharger la présentation

Best Practices Guide to Managing Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Required Slide SESSION CODE: WCL304 Best Practices Guide to Managing Applications Dan Holme Director of Training & Consulting Intelliem

  2. Dan Holme • Consultant & Trainer at Intelliem • www.intelliem.com • Fortune-caliber business, academic & government clients • Microsoft Technologies Consultant, NBC Olympics • Contributing Editor, Windows IT Pro magazine,SharePoint Pro Connections magazine • www.SharePointProConnections.com • Author: Microsoft Press • MVP: Directory Services (2007)SharePoint Server (2008-2010) • danh@intelliem.com • http://www.intelliem.com/resourcekit

  3. Application Management • The perfect world of application deployment • Application is easy to package • Application configuration is straightforward • Package is easy to deploy, upgrade, and remove • The perfect world of application management • Application lifecycle is straightforward (upgrade everyone) • Application licensing is easy to manage • Information about applications is readily available • Who should have the app? • Who does have the app? • What is the compatibility of the app? • What issues have been discovered?

  4. Application Management • Deployment • Package • Deploy + Configure • Repair (Reconfigure, Redeploy) • Upgrade • Remove • Configuration • Preferences (Defaults) • Policies (Permanent) • Licensing • Compatibility Testing • Lifecycle Management • Organizational characteristics • Directory Services • Group Policy • Desktop Services: deploy, support • Unit Support: site, business, dept. • Tools • Budget • Skillset • Time

  5. Fire Hose “On" • Goals of session • Show you things you may never have been told and might never find out about anywhere else • Address both technical issues and “meta” issues (business) • Demonstrate (and give you) valuable scripts & tools • Cover key tips, tricks & traps • Very important resources • http://www.intelliem.com/resourcekit • Enhanced slides with details & step-by-steps • Scripts and tools! • Windows Administration Resource Kit

  6. Prepare the Back End Create a managed software distribution point Demo

  7. Prepare the Back End Demo Takeaways • Create a rule-based software distribution point • Leverage DFS-N and DFS-R • Enforce discipline • Requirements to consider • Dependencies may necessitate hanging on to specific versions of an app • Often what you want to deploy is the current version

  8. Package applications Sequence, Consistency, Automation Demo

  9. Installation commands • setup.exe /q • setup.exe /qn • setup.exe /s • setup.exe /s /v"/qb- parameter=value REBOOT=ReallySuppress" • msiexec /i TRANSFORMS=transform.mst /qn • jre-6u3-windows-i586-p-s.exe /s /v"/qb- IEXPLORER=1 REBOOT=ReallySupress" • setup.exe -s -f2"c:\temp.log“ • setup.exe /SP- /SILENT /NOICONS

  10. Packaging must support • Sequencing • Pre-installation steps • Prerequisites • Installation • Configuration • Ongoing maintenance • Reconfigure (set to baseline) • Redeploy • Upgrade • Uninstall

  11. Abstract the Complexity with CompanySetup.vbs • Structure of script • Company_Setup.vbs is placed in the application folder • The lines of code you need to change are the installation command block(s) • sWorkingDir = "%CD%“ Generally doesn’t need to change • sCommand = "%WD%\setup.exe" Path and command for setup • sCommandArgs = "/S" Arguments to pass • sCommandType = "EXE" Type of command • sSuccessCodes = "0,3010" Generally doesn’t need to change • Call Install() Does not change • Repeat installation blocks to sequence an installation • Company_InstallerCore.vbs goes in the root of the software distribution • Contains the common engine and processing for various types of commands • Sample supports exe, msi, msp, msu, cmd (.bat, e.g.), and others

  12. Customize the Deployment of Microsoft Office Demo

  13. Microsoft Deployment Toolkit (MDT) Managing Applications Demo

  14. Microsoft Deployment Toolkit Demo Takeaways • Add application • Point to DFS location (do not copy) • Create a task sequence • Standard Client Task Sequence • Post OS Installation Task Sequence • Task sequence options • Install application (registered in MDT) • Run command • Install multiple applications • Managing task sequences • XML Notepad • Sort: See script at http://share.intelliem.com Blog • Back up first!

  15. Self-Staging Change Control demo

  16. Self-Staging Change Control Takeaways • Use database-driven change management • Active Directory groups are an ‘obvious’ solution • Groups contain computer security principals, typically (licensing) • Provide self-managing, self-documenting change management • Log changes that are made

  17. Do-It-Yourself Software Deployment Software_Deploy.vbs demo

  18. Do-it-yourself software deployment • The script • Configuration block • Executes of setup.exe • Logs results • Moves computer into managed groupthat indicates success or failure • The log • Excel (or other) • Network accessible with Authenticated Users::Allow::Write • The groups (global security) • CCM_Application Deploy • APP_Application • ALERT_Application Deploy

  19. One-Off Installation demo

  20. Scheduled task • Command • schtasks.exe /create /s desktop101 /tn "Deploy Application" /tr "cscript.exe \\domain\software\Application\CompanySetup.vbs" /ru SYSTEM /sc ONCE /ST 12:14 [/v1 ] • Where • ST : start time • /V1 : required if using a Vista system to create a scheduled task on an XP system • Cannot do the reverse: If using XP to create task on Vista, usepsexec \\desktop101 schtasks.exe /create… • If there are spaces in the path to your script • http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7035 • Enumerate members of the CCM_Application Deploy group and execute schtasks.exe on those systems

  21. PSExec • Command • PSEXEC \\computername [–s | –u domain\username –p password ]cscript –s “\\domain\software\Application\CompanySetup.vbs” -s: run as System account. Required to install Office and change group membership or -u & -p: username and password (administrative credentials)

  22. Drop-Box • Create a folder for application installation instructions • C:\Program Files\Company_AppInstall • Secure it so that only SYSTEM and Administrators has Full Control • On demand • Drop setup manifest or script into folder • Process looks to that folder and executes installation • Startup • Scheduled task

  23. Deployment Options Discussion

  24. Deploy an application • When? • As part of image (“thick” or “hybrid” image) • Post-image, pre-delivery (“thin” or “hybrid” image) • On demand • By whom? • By user or by support (administrator) • To what? • User system, remote desktop, remote application, local VM, App-V, hybrid • How? • Automated vs. Manual • Over-the-network vs. local (media or download) • When? • User-controlled vs. defined

  25. Deployment Options • One-off • Sequenced or automated: CompanySetup.vbs • Built into image: Microsoft Deployment Toolkit • Managed: Group Policy Software Installation or System Center Configuration Manager • Remote • Remote application (Remote Desktop Services) • Remote desktop (Remote Desktop Services or dedicated machines) • Virtual desktop (Hyper-V) • Local virtual machine (MED-V) • Virtualized application (APP-V)

  26. Role-Based Management Demo

  27. Role-Based Management Takeaways • Active Directory groups scope application deployment • APP_Office2010 • Disciplined naming convention • Prefix (APP) delimiter (_) descriptor (Office2010) • Groups contain computers • If adding members manually, click Object Types, select Computers check box • Computers (DESKTOP101)  Roles (COMP_Finance)  Apps (APP_DynamicsGP) • All groups are global security groups (for GPO filtering) • Copy group membership • To a new computer with similar roles • To a replacement computer for same user

  28. Application Lock-Down Discussion

  29. Application Lock Down • Blacklist • Whitelist • Managed (dynamic) environment

  30. Application Management

  31. Application Lock Down in a Dynamic Environment • Least privilege • Users are not administrators – severely restricts their ability to install apps • Windows 7 User Account Control • Configuration management infrastructure to deploy apps where needed • Automated configuration management – role-based management • Exception management • One-off installation • Inventory management

  32. The Business of Application Management demo

  33. Application Management

  34. Don’t bite off more than you can chew

  35. Application Management Lifecycle • Identify application • Already managed • Identified in environment • Requested by user • Triage application: Disallowed, Unmanaged, Managed, • Compatibility testing • Package application • Research unattended installation • Automate installation • Automate configuration • Document application

  36. Application Processes • Application management lifecycle tasks • Identify, Triage, Test, Package, Document, Manage (Licensing, Support, etc.) • Deployed application lifecycle • User request • Deployment & Configuration • Support: Knowledge • Support: Technical - Reconfigure, Repair, Reinstall • Upgrade • Remove

  37. Application database • Software information • Vendor, application, version • Installation information • Knowledge gained about packaging / unattended installation • Dependencies • Validation information • Prioritized list of things to check to make sure the app installed correctly and meets enterprise functionality expectations • Scripts used for validation • Licensing information • Support information • Vendor, internal • Help Desk integration • Tickets, KB, help desk scripts, etc. • User self-help portal • FAQ, Q&A, tools & templates, etc.

  38. Wrap-Up demo

  39. Resources • Windows Administration Resource Kit: Productivity Solutions for IT Professionals • Windows IT Pro magazine • Blogs • http://www.intelliem.com/resourcekit • danh@intelliem.com

  40. What is the Springboard Series? The Springboard Series IT pro experience offers dynamic content and structured guidance across the adoption lifecycle • Inside of Microsoft we are • A turnkey IT pro engagement platform for depth and breadth • The program to mobilize MS marketing and field to focus on desktop OS IT pros • To the IT pro, our goal is • Be the definitive resource for Desktop IT pros • Open, honest; show don’t tell • Information at right time, right level across Adoption Lifecycle DISCOVER EXPLORE PILOT DEPLOY MANAGE How does it change my work? How do I maintain and optimize? Is it worth the pain? Is our environment ready? Is the organization ready? Weekly, Monthly and Quarterly Rhythm of Topical Content Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides one-Windows TechCenter in 10 languages TalkingAboutWindows Video Blogs Virtual Roundtable Events Visit the Springboard Series on TechNet at www.microsoft.com/springboard

  41. Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn

  42. Required Slide Complete an evaluation on CommNet and enter to win!

  43. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year

  44. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

  45. Required Slide

More Related