Enterprise IT • 58:35
Tiger makes it easy to manage dozens or even thousands of desktop systems. Learn integration techniques for easing the load with Tiger Server. Also learn best practices and tips and tricks for using Apple Remote Desktop and open source tools to make imaging, packaging, delivery, and troubleshooting of systems as automated as possible
Speakers: John DeTroye, Steven Doyle
Unlisted on Apple Developer site
Transcript
This transcript was generated using Whisper, it has known transcription errors. We are working on an improved version.
I'm John DeTroye, Senior Consulting Engineer for Apple. I'm the Client Management Specialist and this is not a repeat of Wednesday's session. What we're going to talk about for the next six or seven hours since you stayed is we're going to talk about the client management stuff. For those of you that missed it on Wednesday or were sleeping or didn't get it the first time, I'm going to very quickly go through the system lifecycle, task list, and so forth. But the key for this afternoon's session really is I have two really cool people that are going to join me up on stage, or I'm going to send up on stage, and I'm going to go over there and nap for about 40 minutes.
I have Steven Doyle, came all the way from Australia to talk to you about all the awesome stuff that he's doing with client management and help desk tools. And James Reynolds came not quite as far from Utah to talk about what they're doing out at the university out there for client management. The focus on this afternoon is going to be on the open source stuff.
We did commercial stuff on Wednesday, and yes, Richard, I got your hint. You know, that's the whole deal. We'll combine it and do maybe everything. Next year. But then from the feedback session that we just went through, I got a feeling that you guys would really like me to be doing hands-on client management from A to Z next year.
Now to torture those of you that aren't in education, I will let you know that for those of you that are in education, if you contact your account execs and tell them you would like a free walkthrough for six or eight hours on client management with me leading the charge, all you have to do is contact your account exec and because I work in the education division, I can go and do that. For those, well for the enterprise guys, you have to beg a lot harder, but I'm sure we can make it, we can make something happen. I mean, you know, I travel.
I have United Miles and Hilton Honors Points so we can do that. So, lots of them. The, so, anyhow, let's get on, let's get going for this afternoon, we'll have some fun. What is the system life cycle? What, you know, what is all this stuff? This is stuff you guys do all the time.
How many of you saw this on Wednesday? How many of you haven't seen it at all yet? How many of you are doing email and you still haven't seen it? Yeah, yeah, yeah, yeah, yeah. The whole, there's always somebody in the audience that's just got to, the whole idea is this is the task that we go through from an IT perspective. The things that we have to accomplish on a regular basis. We have to go through, we cycle through all the, you know, bring in the hardware, bring in the software, evaluate it, deploy it, manage it, evaluate it, deploy it, manage it.
And it keeps cycling around in how we deal with it. We cannot escape from this. The tasks that are required. The tasks that are associated with this. These are things that you might ignore, but they still exist. We cannot get away from the fact that we have got to do asset management. We have got to do imaging.
We have got to do software distribution above and beyond those two things. We've got to do remote control tasks of some kind, whether it's in training or help desk or whatever. We've got to do usage management of some sort. We've got to do license management. We definitely need patching and upgrading, despite the fact that we ship our software. the fact that we ship our OS in the most perfect state possible. The, it's all that third party stuff. The, and we do help desk management even if it consists of the t-shirt that says let me drop what I'm working on and handle your problem. Okay.
Evaluation. We go through this at least once a year in education and sometimes every six months, sometimes once a week in some businesses where you have to look at what do I have to do to maintain my status. I'm looking back at everything that's been going on. What do I need? How much manpower? What's happening in my world? How do I perform these tasks? And the last bullet is pretty much universal.
The deployment side, all the things that I have to do to get this stuff out. I mean, what am I going to do? How many system images am I going to maintain? You know, it's great to think about a universal system image, but it never works out. You always end up with unique images based on different criteria and so forth.
How many systems am I deploying as I walk through these cycles? How do I get through this? And how much of this deployment is things that I'm going to do manually or am I going to do it network wise or we just run around and say, here, quick, grab the firewire drive and run down the hall.
It happens. Or you could be up in the state of Maine where we did it at 244 distinct sites with nothing but firewire drives to 27,000 computers. And by the way, to get to one of the school districts, you had to fly on the mail plane as the co-pilot. Yeah.
It was fun, actually. The, well, I'm an ex-paratrooper, so, you know. They wouldn't let me jump. The, Hey, no. And the whole idea of how long it takes to cycle through this. I mean, imagine right now if somebody came back and said, you know, we've been troubleshooting all the machines in our building for ages and everything.
What if we just re-image them this week? That's when you find out how much sick leave you have stored up. And how often am I going to refresh the systems, right? So then we maintain the stuff. We get them deployed, we've done the evaluation, we get them deployed, and then we have to turn around and maintain them.
And the whole idea here is systems management stuff. Are we going to centralize this or are we going to let somebody down at the different departments or schools or different sections of the campus have their own management? Are we going to do training for that? How are we going to handle licenses? How are we going to handle the system software and the updates and stuff, the day-to-day things, third-party apps? What about help desk ops? You know, are you going to do help desk operations based on, well, who's in the office today or do we actually have a help desk team to do this stuff? What about all the workflow management and client management stuff? That's beginning to really pop up because, you know, there's two distinct thoughts on client management.
Some people do client management from what I call the replacement mechanism. We don't manage the systems, we just rebuild them on a regular basis, right? And in some cases that could be at every login. Well, that's one way to do management. The other way to do it is to actually control the systems and who has access to what. And that's another mechanism for doing it.
But which one are you going to use and how are you going to do it? And once again, if you're going to do all this stuff and somebody says, you know, you can only have three people to help you, then, you know, are they going to pay you enough to have somebody else paint your house? Because you're not home for it.
The life cycle in action, simple walkthrough, right? We review the systems, we evaluate them, we evaluate what our users need, we determine the hardware and software we want, then we start creating our images, we cycle back and forth in the test mode. And that's something that's come out this week where a lot of people that have been questioning, you know, how do I go about doing that? If you don't have a test environment, if you don't have a testing lab, and I'm not talking about beta testing with your own users, okay? I'm talking about actually having a lab environment that you can go out and run and test this stuff in.
The most successful sites I've seen just in education alone are schools that have their, are schools and campuses where they have a dedicated testing environment where they have a sample set of what they run every day and they actually run it through the pattern before it makes it out to the general public. They are very good at maintaining stability in their environments.
On the other hand, the guys that go to the warehouse the week before school starts, they're not going to be able to do that. They're going to be able to run it through the pattern before school starts and unbox 3,000 new computers, tend to be a little frazzled.
We deploy the systems, manage them, update them, and so forth, and then we're back to square one. Some of the examples we do for tasks based on the tools that Apple provides for this, obviously asset management, remote control, help desk operations we can use remote desktop for. We can image systems using Net Install and the new ASR Multicast. We can do software distribution with ARD and Net Install. Usage management is Work Group Manager and the Manage Client Settings and all the stuff in the preference manifest and everything that's built into that now. Patching and updating ARD again and using the Net Install, Netboot technology.
Pick the solutions that match the needs. This is one of those things where you know we have solutions out there that are the self-proclaimed I do everything tool or whether or not you want to use that or subset that into well I'll use that for fifty percent of my tasks but I've got some best of breed tools I want to mix and match for that too.
You may want to do that. The other thing is cost of ownership versus IT expertise. I hear especially in education a lot of times people saying well we don't have the budget for but think about it if you're gonna if you say well we don't have the budget for the commercial tool but I'm gonna spend the next 900 hours tweaking some open source tool to make it work.
That's a budget thing too, unless they're not paying you, in which case there's something really weird going on here. The task versus the tool. If you have to do imaging, then focus on imaging and pick the right tool for it. If you have to do updates, management, and so forth, focus on the result.
The real end result of this is, can the users do what they're meant to do? We're back to that, is the purpose of the IT staff to play with lots of cool technology and tell the users what they can do? Or is it the purpose of the IT staff to be able to support the end users in accomplishing their job? It depends on the organization you're in, I guess. The 90-10 rule still lives.
You do 90% of the work, so your users do 10% or less. And that has been the way it's been for decades. And if you can make that work, then use the right tool for it. Asset management as a tool, as a task example, look at what we can do with Remote Desktop. Has anybody here not seen Remote Desktop? yet.
I think everybody got a good shot at it this week. Okay, there's a lot of cool stuff you can do with that. Imaging systems using Net Install with all the installs, all the be able to do core installs, application update installs and so forth. It's there. The tools are built in. You get the server, you get the ability to do that.
For usage management, doing the manage client stuff with the preference tools and being able to add those in and do the really nice preference manifest. How many of you attended the preference manifest session yesterday? Okay, how many of you knew there was one yesterday? Or how many of you didn't know there was one yesterday? See? We actually did a session yesterday that showed you how to create preference manifests for applications so that you could manage applications remotely on your network for a thousand users at once. and it was hidden under the title of writing network friendly applications.
Yeah, well, that's all right. We'll publish the details. All you do is go to the developer website and actually search on the term preference manifest and then you mail that to your favorite developer and say, I want to manage 2,000 users and I want to set these specific things for these users and to do that, you guys need to implement a preference manifest for your application. And the best part is for them to do it, it involves at most maybe seven lines of code they got to add to their application in order to make it work. It's very cool.
So what we're going to talk about though, we're going to spend most of our time on open source tools for lifecycle tasks. And so I've got James and Steven are going to come up here and take you guys through what they do using the tools that are available to them. A mix of open source, a little bit of commercial stuff, a little bit of ARD and everything else and tell you what they do for their stuff. So the first person I want to bring up is Steven. If everybody will say hey. Come on Steven.
Yeah, cool. Wow, the lights are bright up here. We did get feedback. Yeah, okay, cool. Okay, that's me. I am Steve Doyle from Edith Cairn University in Perth, Western Australia. Okay, it's better that way. Okay, so Edith Cairn University in Perth is a very large university. The School of Communications and Multimedia has over two and a half thousand students. I'm having mic issues and they're going to yell at me. Okay, we're the largest first year uni- we run the largest first year communications school in Australia and we run a lot of disparate schools.
So one of the reasons that I put this slide up is to tell people the stuff that I have to put up with on a day-to-day basis. We run streams from advertising through to hat making. I run professional recording studios down to HDTV. I have people call me to say the textile machine is stuck with a sewing machine needle. At the same time, people are saying the TV station is crapping out. Oh, I wasn't going to like to swear. We run a lot of disparate machines. We're an entire Mac faculty. We have over 600 machines. We're completely Mac in server and client.
John put this slide up before and I think it's probably the most perfect illustration of what I do. I've never seen anything hit it quite as much. Every single component of that slide is my day-to-day job from asset management, which I despise, through to looking after the clients and the machines. We have some significant problems with our machines. The main problems are how do we image the machines. We have 16 different labs. I have 16 different SOEs, which always makes me smile. You have a standard operating environment, but you have 16 of them.
Once I've done that, we give each one of our students a gigabyte of network homes. We have a whole big rack of XSERVs and XSERV RAIDs to do this. So I need to keep the machines imaged. The students are the most demanding group on the planet, apart from maybe academics, who the students also want everything new. If the new iTunes comes out, if there's an upgrade to Final Cut, they want it yesterday. We have to keep these machines imaged and up to date.
Once they're imaging up to date, my concern is monitoring them. We have an awful lot of hardware in our facilities, but we have a higher management who tend to judge this by walking up and down the corridor and saying, "Well, no one's using the computers. I saw them. The lab was empty." I pointed out that it was five o'clock on a Friday afternoon and people have better things to do, but clearly not everyone has better things to do at five o'clock on a Friday.
And my personal favorite, asset tracking. I despise asset tracking with all my heart. I'm probably the most untidy person in the world. My idea of asset tracking is throwing the paper in a corner somewhere and hoping no one ever asks about it. However, apparently auditing don't like that so much.
And then once I've got those machines done and in, I want to see who's using them. Our students are a wonderful group of people, and I adore them. But it seems very strange to me that they'll only use the same computer for the three years of their degree. The fact that we have updated that machine and moved it and changed it around, they'll follow the same computer. Most odd.
I want to see who's using our lab. Why did we schedule the Final Cut lab in the three-year-old iMac lab instead of putting it in the G5 lab? Okay, once we've got the machine problem sorted, we have a user management problem. We have a very transient student population. We have a large group of Norwegian students who come in. And I have no problems getting the technical support team to run induction courses with the Norwegian students. They're very helpful in that regard. Our students demand 24/7 access to all our facilities, 365 days a year.
Students who are paying $1,000 a semester for a unit don't want holidays. When I was a student, I didn't really want to go to university. These kids are paying for it and they want to be there. They want high availability for all their machines. We have software licensing challenges. We use Key Server to address some of this, but I need to keep track of who's using the licenses and how many licenses have been used. Our students are smart. They go and tell their parents that they need a PowerBook and an iPod to do this degree.
Mum and Dad are so happy that they've got into university, they tend to buy them. We get lots of students who are bringing their own machines. And of course, we're higher ed. We're looking at one-to-one as well. And we have the reluctant students. We have students who have bought PCs who want to integrate them into our facilities to access their documents. And they also want to know why Final Cut won't run on their Dell.
Still not solved that one yet. So these three are separate yet they're connected areas. It's all IT management related. It's all something that comes across my desk. A lab isn't a lab anymore. When I started doing this, we had labs. You'd go into a Final Cut lab or whatever it was at the time lab. It's not the case anymore. We get students who will bring three or four machines in together and hook them up and make their own rendering lab.
We don't get continual workstations. We have people who job share and they computer share and they have a system that I don't know anything about. So what they'll do is if someone's working Monday through to Wednesday, they'll have that PowerBook. And then on the way home on Wednesday night, they'll drop it at the other person's house, stop off for a beer, and then that machine will be the other person's. I don't know where all my machines are going.
And if it's got a microchip in it, it is ultimately my fault. This applies to Xboxes and PlayStations. If people can't get it to work and it's got a chip, we're the IT people. We can fix everything. So it comes across my desk at some point. It's sad, but true. I think. I said it happens to you guys as well. I'm not surprised.
And as I said, I really am probably the most unplanned person in the world. But I can't do my job properly. I can't manage these machines I've got because the ground rules are changing. I can't control the machines. I do know where they are. I can't forecast how many more machines I need.
And I can't make any planning decisions. So I got really, really cross one day. And people don't believe me when I tell them this. This was written out of complete laziness. I do not enjoy leaving my desk. It interferes with my iChatting and my movie downloads. I want to run everything from my desk.
So we wrote a help desk system. It's completely open sourced. I've been copying some heat because I haven't released the source code. My PowerBook died. I intend to do it very, very soon. For my Australian friends in the audience, that's very, very soon. It's all written in PHP and MySQL with some shell scripting. I am not the world's greatest programmer.
In fact, I'm probably one of the top five worst programmers in the world. However, it kind of works. And it leverages heavily on the ARD2 stuff. So I'm going to talk through that really quickly. Why did I write it? I didn't like any of the off-the-shelf help desk systems. Is anyone here a professional commercial help desk system developer? I'm going to get so burnt on this one day.
Every system that I saw was really, really expensive. It was designed for a per-client basis. It was costing too much money to deploy. It didn't really seem to get me what I wanted to do. So I locked myself away for three months in my office and wrote a new one.
And they didn't meet our needs. That's why they weren't flexible. They didn't scale. And as I said, 600 machines that come in and out. They get loaned out. We do test one-to-one deployments. Sometimes an academic will take them and lend them to a school so they can do a trial. There were no scalability in that. in the systems I looked at.
Okay, the other reasons. I seem to see the same set of data entered in the same place all the time. We enter the information to a purchasing system to say we've bought it. We enter it into the login system to say that we're allowed to use it. We enter it into a management system to say that we know where the machine is.
And then someone would come in with a computer and say, hey, do you know where this computer turned up from? I would have staff who I have never heard of ringing me to support a computer that I'd never heard of in a building I didn't know we supported. It's quite difficult to do that.
And it's not the staff member's fault. They didn't understand that we hadn't been informed of this information. And I'd see machines go missing and I'd have new machines magically appear. Okay, so I'm going to talk about the feature summary. I can talk about this for about six hours. John wasn't kidding. So I'm going to speak fast and just hit the high points. Okay, so it's all MySQL. It's got PHP.
There is zero documentation so far. And people laugh. I'm not kidding. There isn't any documentation at all apart from swear words in the comments when I couldn't get bits to work. Before I release it, I will remove the swear words. Okay, I was lying. I'm going to put the swear words in.
It's completely modular based. The idea of this was written for me in higher ed, but I work a lot with K to 12, and I work a lot with my enterprise colleagues. It's completely module based. If you need a module to do it, you can just add the module into it, and it's applicable to all the other areas. So we've already seen some of the universities and some of the Mac enterprise group offer to write modules for it. So completely module based and scalable.
And it was designed for my helper monkeys and I'm taking credit on record for the term helper monkey. We run a tier one support level where we have students who do assistant tasks. The problem we were having was that more and more of the jobs were being escalated up to tier two and tier three because the tier one group didn't have the skill set to re-image a lab. What I wanted to do was be able to delegate some of these tasks to them and do it from a central administrative console.
and we just call them helper monkeys to annoy them. I'm just going to talk about the ARD stuff today though. Okay. So I didn't realize we were going to see such extensive ARD stuff at the conference so I won't go into this as much as I thought. But ARD is a killer product. It's got some seriously powerful hardware searching. You can do some really nice lab organization and imaging options with this stuff.
I can integrate into it with Workgroup Manager. I can check for machine and network status for the help desk system. I can control how I image each one of my labs through the help desk system and I deal with package making as well, which has always been the voodoo art that I've never been able to get working properly.
Okay, so ARD2 runs on a client server model as most of you know. It comes with a data collection model as well. It currently stores data in a centralized server. It would be nice if we could leverage that in a future version to store it in one spot. And it runs in Postgres.
which of course I knew nothing about. So when you look at the ARD information that's stored in the Postgres table, this is just a screen grab of some PHP stuff, it's sorted into two separate tables, a property name map table and a systems information table. When you break it down a little bit more, you can see it stores the object name, the property name, and the property map ID.
In the systems information table it stores a little bit more information though. We get the computer ID, the object name, the property name, an item sequencer, the value, and the time it was last updated. So if we drill down some more, you can see I get some really useful data about the information.
So I can look at each machine and see if there's a wireless card installed or if Apple Talk, remember Apple Talk, is active. I can look to see what the boot ROM version is. I can look at the processor speed. I can look at the machine serial number. Some really granular data there.
And because the stores are last updated, I can run scans on this information and do a state check to see if this information has changed. So if someone unplugs a network card or someone plugs in a wireless card, if I compare the two scans that I perform, I have a change state. And that's what we leverage off.
So we leverage completely off the information that ARD stores. So you do need to set the system to scan your machines on a specified basis. I do it every two hours. We're working with Apple to try and make this a little bit more automated, but you can set how often you want to check the information on the machine. I don't touch anyone else's data, so I take this information and put it into a centralized MySQL database. I'm also better at writing MySQL stuff than I am Postgres.
The goal for it was to be a one-stop console. So it's all web-based. You can run it from BlackBerrys. You can run it from wireless palms. You can run it from everything. So you can control it all from a web-based console. And the tagline was powerful for the powerful, simple enough for the delegation or helper monkeys.
So basically the workflow that we follow is our faculty is called CCI. So we scan through the help desk and look for the machines on the CCI subnet. So any machine that's got an ARD active, the system scan will find it and store the information into the Postgres table. What I then do is suck that information out from the Postgres table in ARD and put it into my own MySQL help desk database.
Yes, I already said that. So when you look at the Postgres information that's stored, it stores 79 separate pieces of information currently about each one of the machines. I tend to look for these seven, but in the help desk system you can turn on and off which one of those 79 pieces of information you want tracked.
So I look for the web sharing status of the machine, the free RAM slots in the machine, and I was telling a funny anecdote the other day of I found students putting RAM into the machines because they wanted them to render faster. This system will actually check and look at the status of the RAM in case normally people are stealing the RAM.
It looks for drive free space, so you can specify a warning flag if the drive volume falls under 5% or 10% free. You can look at the wireless status of the machine. You can look at the SSS status. This is too hard. System versions and Samba sharing status.
We use it to allocate machines into labs. One of the best things that I ever did was paint the color of each one of our labs One wall in the lab a different color, so I have a green lab, a blue lab, a pink lab. It's an absolute wonderful tool for help desk because the students are trained to look at the wall and tell us what room they're in.
Honestly, I'm not kidding, genius. Sure you still get the students who go the walls are white and you say which wall and they go back and they check and go no still white. They're not quite smart enough to look at all four walls but they're okay. Honestly, try it.
It works. So what we allow to do is to allow the machine, to allow how to allocate machines to a lab. So from the help desk system we can say any machine in Green Lab will be net booted from this image, from this server with this image, and away it goes. The new version of the system is also running with 10.4 multicasting as well.
So you can say I want these three servers to push all the network imaging. So what I can do is I can delegate to a helper monkey. I can say, okay, we're teaching a final class in the Green Lab at 2 o'clock. Reimage the lab. Previously that was a task as John would say I'd have to send a swarm of monkeys with firewire drives to reimage them or we'd have to do it ourselves and set up the net restore service to do it.
What I can do now is send a delegated admin to a web page to say, and it goes from a pull down menu, say pick Green Lab, pick the image, make it restore fast, click a button, the machines will reboot. We use some custom SR hacks to get it going and away we go. So we've delegated some tasks down really nicely.
My personal pet hatred was entering computer lists into Workgroup Manager. It's a funny beast. It forgets what it knows or sometimes denies knowledge. What the help desk system allows you to do is scan the machines in with ARD and it clicks a button called suck which works nicely for the auditing process as well.
I just picked it at random. It clicks a button called Sark and sucks all the computer list information out into the two text files that Workgroup Manager uses. You export them to your desktop and import them into Workgroup Manager and you've automatically got computer list management based on the stuff that was set up in the help desk. So for us to set up our labs, we say Green Lab, allocate to Green Lab, click Sark, information, and then Workgroup Manager allows us to do our computer list MCXing from the Green Lab.
Okay, so yeah, we do a lot of machine tracking. As an IT manager, I like to be proactive. So what we do is do a lot of the information and try to do it on a proactive basis. So we specify how often ARD scans our network. For this case, we do it every 60 minutes.
And it searches the Postgres database and it searches the MySQL database, looks for change dates. I track back to 10 different change dates, so I can go back and say, well, hang on, the last 10 times we scanned the network, this machine had no one using it or it had all its RAM in.
But now something has changed and we can look at that. It looks for missing machines and extra machines. So if a student brings a machine in on the network and they've got ARD turned on, we can know, we can find it, we can track where they were and what they were doing with it.
But the cool thing that it does is the machine monitoring stuff. I like to be able to get out to the machines or send a helper monkey to the machines when I know something's wrong rather than waiting for someone to report something in to me. So what it does is it watches for the change states and then alerts the helper monkeys or the help desk system of the change state.
One of the things that we'd see a lot of was students would come in and disconnect the projectors from the projector machines, hook them up to their own laptop, play Halo for six hours from 12 to 6 a.m. Go home and say they need an extension for their assignment.
The lecturer would come in, I wouldn't know how to plug the projector back in. They would scream that nothing ever worked. My boss would scream at me. I'd scream at the help of monkeys. It was just sad and I thought we could do that in a better way.
So we looked at how the students were altering the machine settings. If students are going in and turning web sharing on or SSH sharing on or Samba sharing on, they're probably doing something they shouldn't be doing. We're looking for theft and damage. And my personal favorite of hatred, I would go into labs and students would have taken the left mouse cable from one, move it across, stretch the cable, pull the padlock, put it into the other side, and then try and use the machine left-handed. And I would say, "Why don't you use the mouse on the computer?" And they'd say, "It doesn't work." And I'd say, "Did you tell anybody?" And they'd say, "No, we thought you knew." Because we're IT, we know everything. We don't know everything.
So what the system does is proactively tells me when it sees any change states in any of this information. It sends an iCal to the nominated on-task, on-job help desk person. So when the help desk person wakes up in the morning and goes to work, in their little iCal is all the computers that have found something wrong with them. So Green 12 schedules a job for them to fix the mouse. It has an integrated knowledge base, so it sends a hyperlink with this. So it says, you know, the last four people who fixed this problem fixed it by plugging the mouse back in.
Oddly enough, it didn't fix it for one time. I've never quite worked out what that problem was. So it sends an iCal event. That's great for me because I can see an overview of the helper monkeys. It's great for my boss because he can see an overview of the helper monkeys and ask me what I'm doing.
Because this is a, and I didn't talk about this, this is a completely fully functional help desk system. We're talking about job tickets, asset tracking, the whole thing. It's got an F12 dashboard widget so students on the machines, when we roll to Tiger on the desktop, when the students hit F12 they'll be able to log their own jobs into the system. It automatically logs that into the help desk system so I can get a feel for the trend of the machine.
If the machine's mouse keeps breaking and the staff keep plugging it back in again, it might not just be the mouse. We might have some USB problems so I can get a state of the machine. It sends an email to me and our help desk team so everyone knows all the different jobs that they're across. It can do a combination.
The management team adore it. We can keep track of what our staff are doing. We're so quickly to the desktop, it's amazing. So the students don't know things are broken most of the time before we've even fixed them. And I had it sending SMSs, but I got begged to have that turned off. So when the mouse got unconnected in G14, the helper monkey would get a page. But at 3 in the morning they didn't seem to care so much about that. So if you want to do that, you can actually turn that on as well.
So the sample alerts that I look at, as I have 3 minutes to go. I look at drive free space. So I specify I want to know every machine on my network that I'm managing that has less than 10% drive free. Remember I can track back and I can see where the drive space has gone.
So I can look at states, okay, it's all been stored in the correct folder or hang on, somebody has snuck something in that they shouldn't have done. I can change an SSH status. I look at the system version. That's great for managing academics machines when they start to install new versions of the operating system and claim they didn't do that. We can say, well, hang on.
So that's what you did. We look at the free RAM slots in case people are nicking RAM. Web sharing, window sharing, wireless status and mouse. But this can work for any of the 79 features that ARD tracks. So if you find people are randomly turning Apple Talk on, you can go and ask them why.
The black voodoo art of package making is handled by the help desk system. One of the tasks that is always bumped up the scale to tier 2 or tier 3 is making packages. What we've done is written a whole pile of code that leverages the package maker command line tool.
So it runs a series of scripts and makes its own packages that the helper monkeys can push out with ARD. And that's a pretty cool demo, which I don't have time for. So, for example, I can get the helper monkeys to change a desktop pattern. I can get them to set the volume on different machines or a whole lab of machines, which is great when you need to reboot a lab which is next to a lab which is doing a hearing test. And it builds a library of scripts. So if you need to go back and say, oh, I remember that script that we used to repurpose our OD, remake the package for me and send it back out.
And it basically allows us to have a full automation process. The machine gets delivered to us. We scan the barcode in. The data is automatically entered into the help desk system based on the barcode so we can track the serial number, the rest of the information. We select the allocation of the lab, so we say this machine is going to be a staff machine, it's going to Green 14, it's going to be a Final Cut machine in the purple lab.
The machine net boots, queries the help desk, says hello, I'm new here, what should I do? The help desk system says, well you're in Green 13 my friend, I'd like you to boot from this server, this is the software image that you're having, and away it goes. It logs how long it took to image, when it re-imaged its last time.
And we run a whole pile of user interactions which I don't have time to talk about. So it stores user data, how many pages they printed, what applications they launched, what they did, and we're looking at expanding that. So we get some really serious granular data of what students are doing. And this is all in a SQL database. You can write, and we will be writing, a whole pile of XML code to suck it out and give you live reports of what your machines are doing. And remember, you haven't left your desk yet.
The stuff I didn't talk about, it's an entire asset management system. It deals loans, it deals bookings, it does the whole IT management stuff that I didn't like. And it's an extremely customisable and fully fledged help desk system. Everything that I didn't like about the other help desk systems we've written. So I only talked about the AOD stuff because that's the coolest, but it is a help desk system. It allows you to manage all of this stuff and all your machines from your chair.
Okay, James is going to come up next, but if you scroll down my contact details or John will have it afterwards in the slides I put up. I'm quite happy to talk to people about this stuff and we're going to hang around for a little bit afterwards. So now I'll hand over to my friend and colleague James Reynolds.
I'm James Reynolds. I'm going to talk a little bit about RadMine and uLab. And first about RadMine. I'm not really going to say anything new to anyone who already knows how to use RadMine. Hopefully there's people in the audience who-- actually, let's ask, how many people use RadMine right now? How many have not used RadMine but have looked at it? Okay, how many have not used it because it looks too hard? Okay, all right.
So I'm gonna talk a little bit about RadMine. Hopefully I can get people to use it. It's wonderful, it's great. We love it. If anyone has managed Mac OS 9 and used, what was it called, RevRDist, this is very similar to RevRDist, only in my opinion, it's a lot more powerful. And I would almost say easier to use than RevRDist. I think the learning curve on RevRDist was probably harder than RadMine. So RadMine, let me come over here so I can see.
It's command line tools basically. There's no GUI, there's no anything else. It's just a bunch of command line tools. They manage files on the hard disk. It's the main component of RadMine. There are lots of other things that help you with RadMine that are GUI tools, but the main component of RadMine is a couple of command line tools.
So the features, of course, it's free. We really like that. There's no per machine licensing, so we can scale it as large as we want. It is very popular. There are a lot of people who use it, and it is open source. And there are several people who are modifying the code for their particular needs.
It runs on many Unix platforms, so if you don't have an X server, any other sort of Macintosh server, you can run it on Linux or several BSD variants if that's what you have. SSL is supported, so you can have encryption on all your network transfers. And it's very easy. You can get very detailed configurations. Not easy, but it's very-- it is easy to specify exactly what machine gets what. So where Steven was talking about, he has 16 standard images. That actually is fairly easy to do with RadMine.
I'll talk about that. Also, it's very detailed hard disk management. So every single file on the hard disk is cataloged and stored on the centralized server so that you have access-- you basically know exactly what's on your computer's hard drives. And you can-- I mean, that's often how I debug problems.
Someone says there's a problem with this machine. I go to the server half the time before I actually go to the client machine to see if there's actually a difference. 'Cause most of the time, I can see exactly what's on the machine just by looking at the server.
So the command line tools, the main one that resides on the server, that runs on the server, is RadMine. It's what talks to the client tools. And so the RadMine's process is always running. It opens a port, and it listens for the client tools. The client tools, fsstiff, it doesn't talk over the network.
Basically, all it does is it scans the hard disk. It's kind of like a camera. It just takes a snapshot of the hard disk. And it's configurable. You can tell it, you know, what exactly to look at. You can tell it to look at the whole hard disk or specific folders or just one file. LApply undoes changed files. LApply does talk over the network. It talks to the RadMine server.
LCreate uploads changed files to the server. Again, it talks over the network again. I'll talk more about what LApply and LCreate do. KT Check, it talks to the server, and it downloads descriptions from the server basically a description that says what should be on the machine. Their descriptions are called transcripts, which is part of an overload.
So fsstiff, how does it know what is changed? Basically, fsstiff, the first thing you do is you're going to scan the whole hard disk. And that scan becomes what's called your base load. When you scan your hard disk, you basically have no idea what's on the hard disk. It just scans the whole file system from beginning to end, and then it's cataloged. Everything's there.
So now it knows what was there at that time it was scanned. Then what you do when you want to make an image of that, you basically just upload that all to the server all at once. And so you've basically got a copy of that file system on the server. All scans after that first scan are differences. And they are -- let's see -- they're uploaded -- they're uploaded with Lcreate, and they are called overloads.
So you have your base load, and then you have overloads on top of that. So like with Steven, where he has the 16 standard images, what we do, we have one standard image, and then we have all kinds of overloads for each different configuration that we want to have.
So when I scan with fsstiff, there's two ways I can scan. I can scan -- so I've got my base load. I scan the whole hard disk. And then I can get differences from that first scan. Those differences can either be uploaded with Lcreate or they can be undone with Lapply. And so the new files are deleted, and the missing and modified files, they're redownloaded from the server. So some examples.
The simple example, create your first scan, your base load. You change something with the finders or any other app. You just change stuff, you know, create a bunch of new folders. That's the easiest example. Then you scan the whole hard disk again. And then you're going to get a list of what's changed.
Those basically -- every single file that you've modified, you can then remove those files with Lapply. You run Lapply specifying, you know, here's the changes that I found. And Lapply will go and it'll just start deleting all the files or redownloading files as it sees it needs. So if you deleted a file, it will redownload it from the server.
Okay, a more detailed example. So bringing a machine to a known state. So I can take any one of your guys' laptops and I don't have to know what was on your laptop before I get it. It doesn't even matter. I can download my descriptions of my machines from my server on your machine.
With those descriptions, I can then scan your whole hard disk, find what's different on your hard disk with what I have on my hard disks, and I can find every single file that's different. So then what I can do is basically I can undo all those differences so that I can basically borgify any one of your laptops into one of my lab machines. So that's a great way to do it.
So I can download my descriptions of my machines from my server on your machine. So I can download my descriptions of my machines from my server on your hard disk, find what was on your hard disk, find what was different on your hard disk, and I can then scan your whole hard disk.
[Transcript missing]
This always throws me off. When at the login panel. Okay. Yeah, so that's what I just described. When logged in, what I really meant was when you're logged in the machine, we have an icon that we double click and then we'll log the machine out and begin running RadMine. So both at login and logout, we can run RadMine and basically we can leave the machine and not worry that someone will come and interrupt the process.
Also, we can do this remotely so that we can be anywhere we want and we can start running RadMine on our machines. And then also we run it at a specified time with Cron so that all of our machines everywhere, they just update themselves periodically, automatically. And then we like to ensure that RadMine finishes by running it at startup and this stops.
I remember in the old OS9 days, students would come and just force restart the machines because it was running maintenance and they wanted to use it, so they forced restart it and it would boot up and they could then use it. So we run RadMine at startup and that's pretty much solved that. I don't think I see our students doing this anymore ever.
[Transcript missing]
So in OS 9 days, users would come to the machine and they would mess stuff up constantly. The next user would come in and, oh, the machine doesn't work, and they would blame us. But by managing the home folders at every login, we are pretty much guaranteed it always works.
It's also secure and private, so what the last user did isn't going to be available to the next user. We do cache the home folders, so basically we move them to a private location, and when that user comes back, they can add them to the next user. We can access their old files, and this is especially important if the machine restarts. That way their files aren't deleted and they can never get them again.
I have had a student cry because she lost her term paper, so that was very important for us to have. The security audits, we scan our computers for world-writable files and folders and they are reported to us. This is part of the reason why we have the something blank apps webpage. I don't know if anyone is familiar with that.
Yeah, so we know a lot about this because we watch for it. I remember when we first started watching for the writable files and folders, I mean, we thought we were doing good and we just found our hard disk was just full of them. If you aren't watching, you're going to have all kinds of them basically. We had to go through great steps to stop our apps from doing this and so there's just too many out there that not only installs world-writable but make sure that they're not going to be used for writing files and folders.
So many of them require world-writable files and folders in order to actually run. We also check open from our password because that is the only stop gate you have from users having root access if you want to stop them from having root access, which is highly recommended. And again, same scenario.
When we first started doing this, we thought we were good and we were just horrified how many machines had open from our password off. Then we also contact a web server for theft prevention. We manage printer settings so that one user can't modify the printer settings for the next user so the settings are restored to every login.
And then we also restore resolution settings so that if a user changes the resolution setting, it's restored for the next user. We also run in a kiosk or other automated drone. So we load a web browser instead of the finder. We get rid of the dock, prevent the finder from running for the user, but if the admin user logs in, they get that.
We load a web browser instead of the finder. We also make sure the web browser window is always open. And we clean up the history and cache folder when the screensaver activates, and this is for privacy. And here's a picture of our lab machines just running screensaver over the login panel.
Not very fantastic, actually, but this is a little bit more interesting. Our internet kiosk, all that's running basically is Safari. There's no dock, no finder, and we've changed the permissions on the finder so that there's no workarounds to actually getting around that. This is our library search catalog.
And then these are the same sort of setup except they point to a different web page. This is for our reserve desk so that users can come search a web database to find materials in the reserve collection. And then this is one, we have a display that basically loops through presentation stuff for students to see when they come in. And this is similar to the kiosk, but it's a little bit different. And it runs automated. It's actually really nice.
We have -- we have AFP turned on on it, and the way it's managed that one of the supervisors who's not very -- you know, they don't do AFP very much, but they basically just mount the AFP volume. They copy the new presentation file to the machine, and it -- the machines detect that there's a new presentation file there, and they just swap files basically.
ULabMint is a super, super hack and totally unsupported by Apple. So when I showed this to John, he just kind of, he was just kind of, he gave me a little bit of flack. Also, Tiger is not supported yet, but will be in a few weeks. For more information, you can go to our website. And the documentation is still in progress. There is some, but it's, some of it's a little out of date. And there are many expected changes that are going to happen for Tiger support. So get on the mail list if you're interested in that.