Altiris helps you deploy forces quickly
- By Earl Greer, Vincil Bishop
- Mar 30, 2003
As Civil War Gen. Nathan Bedford Forrest observed, the way to win a battle is to get there "firstest with the mostest." Similarly, whenever a new software vulnerability is discovered, there is a race between the hackers and the rest of us to get to our computers "the firstest." If we can apply security patches before the bad guys can exploit the newly discovered weakness, then we win.
Altiris Inc.'s eXpress Deployment Solution 5.5 first caught our eye because of its ability to deploy operating systems along with base applications to new PCs en masse. Lately, more of our attention has been focused on its ability to automatically upgrade software on our large base of desktops, servers, notebooks and handhelds.
The solution is actually a suite of products. We had to install each component separately on our Microsoft Corp. Windows 2000 server, and that confused us. If you miss a step, it may be hard to determine what went wrong, which is what happened when we forgot to install the Microsoft SQL Server 2000 Desktop engine (included on the Altiris CD). Fortunately, the installation process allowed us to apply a second installation over an incomplete one without problems. Even with this slight glitch, it took us only 45 minutes to install all required software on our server.
Consistent interfaces make the suite's features easy to navigate, and wizards help you complete common tasks. So although planning for an Altiris deployment should be left to your best and brightest team members, information technology staff should have no problem fully utilizing the product with minimal training.
Our next step was to get Altiris clients installed on our workstations. The company provides several options for doing this. For a Windows 98 client, we placed the silent installer package into an existing log-in script. For our Windows 2000 PCs, at the server's deployment console, we simply pointed the remote client installer to the workstations and supplied the administrator password. The client was installed and functional with no user notification or workstation reboot.
This is great for workstations in the lab, but what about installing clients on thousands of workstations scattered across a wide geographic area?
Actually, large numbers of workstations will be a snap if you use Microsoft Active Directory, from which workstation accounts can be directly imported into the deployment console. Additionally, you have easy access to the workstation's administrator rights through directory membership.
If you don't use Active Directory, it is still possible to install the clients automatically, but you will need a single administrator's account on all computers to be installed. In general, the more standard your network is — hardware, software and configuration — the easier it will be to manage.
With the clients installed, we turned next to creating a hard drive image that could be used to make clones of a standard workstation. Altiris gives you two choices for remote PC booting and management using these images. If your network is large, and if your Network Interface Cards have Intel Corp.'s Preboot Execution Environment (PXE), then let PXE automatically boot your remote PCs and execute programs from the file server.
Altiris also provides a hidden disk partition component it calls BootWorks, and we found this to be most convenient for our small lab network. The easiest method of deploying BootWorks to our test workstations was to package it into a self-installing executable, a program that is ready to run in a particular computer environment. A wizard in the deployment server made creating this program a snap.
The wizard allows you to choose between using a static IP address so the client can find the deployment server or using IP multicast technology. Multicasting transmits messages to multiple recipients simultaneously.
To make things interesting, we opted for multicasting.
Once the BootWorks partition is installed, it is supposed to boot the PC to the hidden partition at a specified time and check the deployment server for work to perform.
BootWorks worked like a charm on the first PC. In less than 10 minutes, we installed the Altiris client, built the BootWorks installation executable, deployed the partition, scheduled an image event and took workstation images.
Unfortunately, on the next two PCs, the BootWorks partition would not fully boot. We traced the problem to the previous use of Symantec Corp.'s Ghost in those machines' initial deployment. We can't stress enough how important it is to use just one imaging product — a consideration often overlooked in government organizations that may be required to maintain two procurement contracts where each computer vendor offers a separate integration solution.
Comparing the speed of Altiris' imaging product with other popular deployment solutions, we found its imaging engine was significantly slower. But this shortfall is redeemed when you are imaging multiple PCs. While other products may degrade after only a few connections, Altiris' use of multicast technology makes it easy to distribute images to a large number of PCs.
One area where Altiris has pulled ahead of its competition is in management of personal digital assistants (PDAs). The Deployment Solution currently supports Compaq Computer Corp.'s iPaq, Casio Inc.'s Cassiopeia and Hewlett-Packard Co.'s Jornada. Palm Inc.'s OS is not currently supported.
Altiris offers two options for installing Pocket PC Client. The first option allows users to deploy the client through an attached PC using a prepackaged CAB file, which is a Microsoft file format used to hold compressed files on its distribution disks. After we copied the client file to Microsoft's ActiveSync program on the desktop and synchronized our iPaq, we simply navigated to the CAB file on our PDA and clicked on it. But for environments with a large number of PDA devices, managing them using the Pocket PC Agent is the most efficient solution.
An administrator with average skills should have no problem using the Altiris PDA tool, regardless of prior experience with handhelds.
The Altiris Deployment Solution is more expensive than its competitors — Symantec's Ghost, PowerQuest Corp.'s DeployCenter and the Remote Installation Service, which is a component of Windows 2000 Server. Still, we recommend the Altiris product for all organizations. The features we discuss here are only a small part of the overall package. For small organizations, the cost of buying each of the parts separately would be astronomical.
Bishop and Greer are network analysts at a large Texas state agency. They can be reached at Earl.Greer@dhs.state.tx.us.