ZDNet Australia looks at software deployment packages designed to help you reduce network administration costs.

We all know that the purchase price of a computer system is just the beginning. The support costs generally outweigh the capital outlay by about 4:1, but some of the products in this roundup may be just what you need to bring your rollout and supports costs back into line. Having said that, there are enterprise packages, which require a significant investment in training, learning and Testing, Testing, Testing. None of the enterprise systems is the sort of thing you can set up in a day. Testing your setup cannot be reinforced enough; you don´t want to become the IT manager who has to go before the CEO and say: “We rolled out the new image today and everything went fine, except for the 50 people just the other side of the black stump, whose machines won´t boot. We´re dispatching a technician now.”

Software deployment is all about getting the right software on the computers of the right people. Whether it is deploying a series of new point-of-sales systems, migrating the general manager´s laptop to Windows XP, or just installing the latest bug patches to Microsoft Outlook to keep the nasties out, a standard software base is essential in order to manage a large fleet of computers.

There are many levels of software management, but we have decided to concentrate this review on a few of the SME-level applications that allow for the in-house deployment, migration, and management of your desktop Standard Operating Environment (SOE).
There are three main stages of creating a Standard Operating Environment:

• Deployment Getting the initial image out onto the desktop.
  
• Management Keeping the image up to date and secure.
  
• Migration Moving on to the next Operating System.

Deployment
The first port of call when creating an SOE is to survey the user base and ascertain which applications are required, and by whom. This can also be a great time to look at your software licensing, as you have a fairly complete inventory of how many copies of each package you are running and how many you may need in the future.

The next step is to create an image for your systems with the required applications. This is where the headaches can start, as there are three main approaches, each with pros and cons:

• One size fits all: Everyone gets all the applications across the enterprise. This is easy to manage, but the image will probably be very large, the licensing costs may be enormous, and there is a risk that people will start playing with the application just because it is on their machine.
• Multiple SOEs: If you are running multiple images they can be a nightmare to update, but at least everyone get only what they need.
• Base SOE + Apps: This gives everyone the same base, and then rolls out specific applications just to those that need them.

Management
The next problem becomes one of how to manage updates. Not only do you need to make sure those updates are installed on the existing machines, but you need to make sure new machines created get all the patches they require as well.

Migration
When our friends in Redmond release a new operating system, there is a huge process involved in testing and training for the new OS, but you have to get it out to everyone too (eventually). Several of these packages provide migration tools that make the job simpler for the administrator and also retain many of the users´ settings which they have come to love, like the desktop pictures of their children and their Lord of the Rings screensaver.

Like many software solutions, software deployment and management need to be evaluated on a case-by-case basis. There are many pitfalls (including special licensing agreements and serialised license keys) that many be specific to your organisation. This roundup covers some of the available tools for maintaining the desktops in your organisation and the sanity of your administrators.

Altiris Intuitive > Manageability
Altiris has a four quadrant approach under the banner of its Intuitive > Manageability product line. These quadrants are:

• Deployment and Migration
  
• Software and Operations Management
  
• Inventory and Asset Management
  
• Help Desk and Problem Resolution

We concentrated our research on the Deployment and Migration and Software and Operations Management suites, in particular, looking at the Deployment Solution, Migration Toolkit, and the Client Management Suite.

Installation consisted of Microsoft SQL, then the base Notification Server and then the Deployment Server. The install asks for Win95/8 CD or boot floppy so it can make bootable images. A remote install of clients on NT/2000/XP machines is possible.

Altiris supports both new and legacy PCs in mixed hardware and OS environments. It supports Intel´s Pre-boot eXecution Environment (PXE), Wake on LAN (WOL), and Boot Integrity Services (BIS), and allows you to deploy and manage new PCs right out of the box. Altiris´ BootWorks technology provides similar capabilities for legacy PCs without needing to go to each PC with a boot disk.Once the system is deployed, you can reduce help desk calls and technician visits with remote software deployment (for printer drivers, patches, and applications), detailed system properties (including hardware and software configurations), LAN-based remote control and chat, and the ability to restore a computer to a known working state with a single click.

The Migration Toolkit is designed for organisations that have a desktop management solution, but who want to simplify their migration to Windows 2000 or Windows XP. The Migration Toolkit provides all the tools necessary for a complete OS migration, including Web-based Windows 2000 hardware and software readiness assessment and reports.The software distribution system enables you to package and distribute applications, patches, and updates on Windows and Unix systems throughout the enterprise, including remote/mobile systems.

This can be combined with Altiris´ inventory discovery software to better enforce corporate software standards, minimising software conflicts and ensure that the latest, most reliable software is installed throughout the enterprise.

The Altiris suite is relatively easy to use and provides an excellent range of features for deployment, management and migration of workstations.

Microsoft RIS, SUS, AND SMS

Remote Installation Services (RIS) is an optional Windows 2000 service that enables you to set up new client computers remotely, without the need to physically visit each client machine. It is specifically designed to install operating systems on remote boot-enabled client computers simply by connecting the computer to the network, starting the client computer, and logging on to the network.

Installing an RIS server combines diskless booting of the client (fitted with a PXE-compliant network card or using a boot disk with a PXE emulator) with a fully automated, network-based mechanism for deploying Windows (2000 only). When installing using RIS, all files are transferred across the network to the local system, and the standard Windows 2000 setup process runs in unattended mode.

RIS is closely related to the IntelliMirror technology. RIS provides fast workstation OS recovery in the event of a critical system failure. In a tightly managed environment and coupled with the IntelliMirror technologies (which restore applications, user documents, and user settings), a user could immediately and automatically completely recover his or her system, even if the local machine had been irrevocably destroyed.

The RIS server must be a member of an Active Directory domain (either a domain controller or a member server). It can´t be a standalone server. It is also strongly recommended that the RIS directory be on its own partition. If RIS and DHCP reside on the same server, the DHCP service must be authorised in the Active Directory before either service will be permitted to respond to client requests.

The RISSETUP application has a wizard to walk you through the initial configuration, starting with confirmation that you want the system to run on startup when the install is complete. The next screen requests the Windows 2000 Professional installation files, either on a network share or requests the insertion of the Windows 2000 Professional CD.

After selecting the source files, the next screen requests a Windows installation image folder name, and a name and description.

Once the wizard has completed, the files needed to create a basic image are available on the server. This image uses a generic answer file, but a custom remote install answer file can be created through the Setup Manager Wizard and associated with the default CD image.

Software Update Services (SUS) are designed to simplify the process of keeping IT administrators up to date with the latest critical updates. They enable administrators to quickly and reliably deploy updates to their Windows 2000-based desktops and servers. Basically they synchronise with the Windows update site to deliver updates either automatically, or manually by the administrator. Once the updates are downloaded, the administrator can test them and decide which ones to install.SUS consists of two downloadable components:

• Microsoft Software Update Services. This is the server component installed on a computer running Windows 2000 Server inside the corporate firewall. It synchronises with Microsoft´s Windows Update site to provide all critical updates for Windows 2000 and Windows XP. The synchronisation can be automatic or completed manually by the administrator. When the updates are downloaded, the administrator can run a local test to see that the updates run smoothly in their environment before deciding which updates to approve for installation throughout your organisation.

• Automatic Updates. This is the Windows client software for installation on Windows 2000 SP2 desktops and servers as well as computers running Windows XP Professional. This software connects to a server running SUS and receives any updates. You can control which server each Windows client should connect to as well as schedule when the client should perform all installations of critical updates, either manually or via an Active Directory Group Policy.

You cannot install the SUS service on a server that is functioning as an Active Directory Domain Controller (DC), or Small Business Server (which is a DC), you can however install the client on your DC in order to keep it secure and up-to-date with the latest patches that you have approved.

SUS supports the following update types:

• Windows Critical Updates
  
• Windows Critical Security Updates
  
• Windows Security Roll-ups

It is not possible to use SUS to deploy Service Packs, other Microsoft products such as Microsoft Office, SQL Server, or Exchange Server, or integrate your own updates or third-party updates.

Systems Management Server (SMS) is designed to be used by large-scale enterprises to deploy applications, software updates, and operating systems over their networks. Other features of SMS include:

• Discovery and tracking of all distributed Windows-based software and hardware assets: laptops, desktops, and servers alike.
• A suite of tools to help IT administrators troubleshoot and solve common problems with Windows-based systems—all from a central location.
• By combining system inventory and software distribution, SMS can show which computers need critical system and security updates, and then distribute the updates efficiently.

Administrators can confirm their installation using the comprehensive reporting structure of SMS.

Systems Management Server is designed to keep your systems up to date and provide complete software management, including the ability to quickly respond to security and virus issues.

Deployment products continued

Norton Ghost 2003 and symantec ghost corporate edition 7.5

Norton Ghost 2003 is an excellent package for desktop deployment, providing the ability to clone a system onto another disk.

The Symantec Ghost Corporate Edition 7.5 has even more features including:

“Remote Boot” Technology. By scanning the network, an IT administrator can use the Ghost Console to browse for and locate PCs on the network in order to deploy the Ghost client. Once installed, the Ghost client can on demand create a “virtual partition” which contains a fully functional Ghost boot environment thereby eliminating the need to visit the host PC with a boot diskette or deploy a physical boot partition.

Client initiated Tasks. These provide an optional secure method to perform console tasks at a workstation, which eliminates the need for an IT Administrator to return to the Ghost Server Console to perform a task, saves time, and enables an end user to “help themselves” by initiating cloning, application pull tasks, as well as user migrations from the workstation.

GhostCast Server. Provides three methods of Ghost image deployment, allowing an IT administrator to choose the method that best meets their bandwidth requirements:

• Multicast: The simultaneous deployment of one image to many computers
  
• Unicast: The deployment to a single client
  
• Subnet Targeted broadcast: Selective deployment based upon subnet grouping

GhostCast Throttle. Allows you to “throttle down” the multicast speed so you can reduce the amount of network bandwidth consumed during multicasting for improved network performance.

Ghost provides support for Windows 2000 Professional and Server, Windows XP Pro and Linux EXT2/3 file systems.

Ghost is very easy to use and is excellent for software deployment from five machines up to many thousand.

PowerDeploy suite 2.0
The PowerDeploy Suite from PowerQuest offers a complete solution to manage the lifecycle of your computer systems, including imaging and deployment, system migration, management of system updates, and system retirement.

The PowerDeploy Suite includes PowerQuest DeployCenter, PowerQuest Migration Manager, DataGone, and a centralised and secure Web interface console known as PowerQuest ControlCenter ST. From anywhere in the world you can create, schedule, and execute management tasks including imaging, deploying, restoring, and managing networked systems.

DeployCenter can deploy Windows 2000 Server, Windows 2000 Advanced Server and Windows NT Server machines around the organisation. It can even automatically convert a PDC (Primary Domain Controller) to a BDC (Backup Domain Controller) when you restore the image file. The Deploy Centre uses a variety of features to deploy software images:

• Virtual Floppy: Eliminates the need for boot disks by providing a DOS floppy boot environment on the client computer´s hard disk.
  
• DeltaDeploy: Automates software distribution, installation and configuration across the network and Internet. Note: DeltaDeploy does not support Windows XP/2000.
  
• PXE and Wake-On-LAN: Introduce new systems to the network without having to physically visit them through support for Intel´s Wired for Management technology.
  
• ImageCenter: Create, deploy, and restore exact images of your hard disk or partitions within minutes.
  
• SmartSector Technology: Copies only the sectors containing data thus minimising wasted disk space and preserving your system optimisations and Windows performance enhancements.

Migration Manager complements the deployment process by minimising the task of system migration. It also allows IT professionals to quickly and efficiently create a standard operating environment for your organisation. The results are reduced downtime, less impact on user productivity and the ability to easily migrate system, network and Windows settings. Objects that Migration Manager can transfer include the following:

• Desktop settings, including Active Desktop, colours, desktop icons, display, screen saver, and Wallpaper.
  
• Personality Settings, including printers (local and network), Start Menu, keyboard, mouse, and user profiles.
  
• Connectivity Settings, including computer description and name, DNS configuration, TCP/IP configuration, mapped drives and shared folders, and drives.

The DataGone application offers data removal so sensitive information is removed before a machine is moved/sold or redeployed. Data Gone offers a choice of five write methods for overwriting data, including:

• The NSA method of writing two random patterns followed by zero to each byte on the drive.
  
• The DoD Method, which is to write a random value, then its complement, then a different random value to each byte on the drive.

Data Gone runs in DOS mode to ensure no other operating system or program is running while DataGone executes.

ControlCenter ST is the secure, Web-based console that acts as the central point to intelligently create, schedule, and execute PC management tasks, including imaging, deploying, restoring, and managing networked systems. It provides Scheduled Task Execution to execute a task now or at a later time for any client or group of clients. You can also set these tasks to repeat at regular times such as daily, weekly, or monthly. ControlCenter ST provides information on the status of the execution of tasks on client systems, including automatic e-mail notification when the task is complete, as well as a history of scheduled tasks.

Other products
There are various other suites available that will provide a similar service to the ones we have looked at.
These include:

• Novell ZENworks for Desktops 4:
  ZENWorks is Novell´s software management package which has a number of excellent features, including its ability to create a snapshot image, which is created by looking at the differences in registry entries and files installed before and after an application is installed on a system. This allows just those changes to be sent to any computer and the software is “installed”.

• IBM Tivoli:
  IBM´s Tivoli suite is designed to manage software on a very large scale. It can deploy a software update, check systems for viruses and security breaches, and even keep tabs on your applications.

  Tivoli has been around since 1989 and is a solid and dependable product for managing all your systems from the basic desktop PC, through all your Intel-based servers to the really big stuff like storage management and mini/mainframes.

Extend the life of yourlegacy apps

But you have a better alternative: the Application Compatibility Tool. The Application Compatibility Tool, a utility included with Windows 2000, is designed to run legacy applications in a Windows 2000 environment without relying on virtual machines. It overcomes some of the most common issues that prevent an application from running under Windows 2000.

Installing the Application Compatibility Tool
Although the Application Compatibility Tool is included with Windows 2000, it isn´t installed by default. Instead, the tool is included in the Windows 2000 Support Tools. You can install the Windows 2000 Support Tools by inserting your Windows 2000 CD, navigating to the \Support\Tools directory, and running the Setup.exe program. Once you´ve installed the Windows 2000 Support Tools, you can find the Application Compatibility Tool in the \Program Files\Support Tools folder. You can run the Application Compatibility Tool in either GUI mode or in command-line mode.

GUI mode
You can run the Application Compatibility Tool by entering the Apcompat.exe command at the Run prompt. When you do, Windows will load the utility´s GUI. You can use the Application Compatibility Tool to force legacy applications to run in Windows 2000.

Using the Application Compatibility Tool is pretty simple. You first begin by specifying the path and filename of the application that you need to run. You can use the Browse button to make locating the application easier. Once you´ve specified the application, you must specify the operating system the application needs to think it´s running in. Some applications won´t run under Windows 2000 because they check to make sure that a specific version of Windows is running. This is especially true for a lot of applications designed to run under Windows 95. When Windows 95 was released, many developers included checks to make sure that the application was being run under Windows 95, as opposed to Windows 3.x. Many of these checks never anticipated future versions of Windows, and therefore, if any operating system other than Windows 95 is detected, the application won´t run. You can use the Application Compatibility Tool to fix the problem by specifying the operating system that the application is looking for.

Check box definitions
After the operating system section, there are four check boxes that you can use to correct common compatibility problems.

• Disable Heap Manager On Windows 2000. One of the biggest problems with running older applications in Windows 2000 is that Windows 2000 uses memory differently than previous versions of Windows. Because of this, it´s possible to receive memory-related errors when running an application that you never saw under the old operating system. If you see these types of errors, you should select the Disable Heap Manager On Windows 2000 check box. Disabling the heap manager usually gets rid of these errors. Unfortunately, it also means that Windows won´t use memory as efficiently, so using this switch may result in a slight drop in overall system performance.
  
• Use Pre Windows 2000 Temp Path. Lots of applications still rely on temporary files. The problem is that many older applications either hard code C:\Temp as the temporary files´ location, or they impose a limit to the number of characters that can be used in the path to the temp directory. If you encounter such a problem, you can easily fix it by selecting the Use Pre Windows 2000 Temp Path check box. This check box tells the Application Compatibility Tool to trick the application into thinking that all temp files should be placed in C:\Temp. If C:\Temp doesn´t exist on your system, then the utility will create it for you.

• Correct Disk Space Detection For 2 GB+ Drives. There was a time, many moons ago, when a hard disk partition couldn´t exceed 2GB in size. Thus an older application that checks the amount of free disk space often lacks the necessary code for disks with over 2GB of space. When an application encounters a situation like this, the free disk space is often calculated incorrectly, and a PC with 70GB of free disk space might appear insufficient to the application. Checking the Correct Disk Space For 2GB+ Drives check box fixes this problem and allows your older application to interact with today´s jumbo hard drives.
  
• Make The Above Check Box Settings Permanent. If you find that specific settings within the Application Compatibility Tool allow a legacy application to run, then you probably don´t want to have to use the Application Compatibility Tool every time you use the application. Instead, you can use the tool to “fix” the application. To do so, simply select the required options and then select the Make The Above Check Box Settings Permanent check box. All of the other options that you´ve chosen will be written to the system registry. When you run the legacy application, all of the necessary compatibility tweaks will be automatically set, and you won´t have to open the Application Compatibility Tool. The tool will run in thebackground, completely out of sight.

Subscribe now to Australian Technology & Business magazine.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.