NASA Workstation Management Guide.



Mike Conroy

Workstation Management Expert Center

Executive Summary

This document is produced and maintained by the NASA Workstation Management Expert Center, by the direction of the NASA Lead Center for Workstation Hardware and Software. It identifies standard tools and methodologies that can be used to effectively manage Civil Service and Contractor workstations and allow NASA to take advantage of advancements in IT technology without the excessive deployment costs typically associated with large scale migrations.

There are sections of this document dedicated to:

Sections will be added as need, and detail will be provided where the community determines that it is necessary. This is not an Executive Notice, it is a repository for collective knowledge and expertise. The end result should be an environment where problems can be solved quickly, easily and globally.

Philosophy

The goal of workstation management at NASA is to develop an environment where IT enhancements can be quickly and easily provided across the agency. There are many potential sources for these enhancements, the Expert Centers, the Centers themselves, the Local Service Providers, and the users. The delivery of these enhancements can be facilitated by the use of common tools and methodologies throughout the Agency. This is not to say that everything needs to be the same across the board. It just needs to be similar in the areas that count. This gives someone that is developing an enhancement some idea of what the potential customer base looks like, and allows the customer base to expect that the enhancement can be deployed without significant adverse impact.

This document, and a few others that it references, are intended to provide an infrastructure that will allow NASA to quickly and easily take advantage of advancements in the IT arena. The Workstation Management Expert Center (WMEC) will attempt to provide the blueprint for this infrastructure, as well as assist in the implementation. This maintenance and evolution of this document will be a part of that attempt. It is our belief, that the manpower and expertise exists in NASA today to accomplish this goal for the Agency. We just need to do it, together.

The Scope of Workstation Configuration Management

Workstation configuration management is an agency wide activity. The benefits identified in the Workstation Management Benefits Document help make the case for agency wide participation.

There are groups that need to work together in this effort, the Workstation Management Expert Center and the Local Service Providers. Their roles are briefly outlined below:

Workstation Management Expert Center (WMEC)

The Workstation Management Expert Center will work with the users, the Local Service Providers, the other Expert Centers, and the CIO structure to help define and develop an environment that will allow the application of a set of configuration service tools throughout NASA in a cost effective manner. Deliverables from this process include:
The Workstation Management Expert Center will support CIO's and service providers in implementing recommended configurations and policies using the suggested Workstation Management tools.

Local Service Providers

Local service providers own the workstations and have the ultimate authority and responsibility for their system's configuration. The Workstation Management Expert Center will support non-standard configurations developed by the local service provider where possible, but support for recommended configurations will take priority.

Roles and Responsibilities

Workstation Hardware/Software Lead Center

Responsible for making all of this work together.

Workstation Management Expert Center

Responsible for identifying tools and methodologies for successfully managing end user workstations. Additionally, the WMEC is tasked to collect and generalize different solutions from different Centers and provide/maintain a forum for sharing this information [the nasa.infosystems.workstation-management news group, workstation management conferences, e-mail lists, this document].

Expert Centers

Responsible for providing common solutions to common problems that fit within the NASA workstation management infrastructure.

Local Service Providers

Responsible for meeting user needs. Hopefully this can be facilitated by utilization of tools and methodologies provided by the various Workstation Hardware/Software Lead Center and the various Expert Centers.

End Users

Keep the Local Service Provider apprised of what is wanted and what is needed, and differentiate between the two.

Feedback Path

The feedback path is backwards, right up this list. Users to Local Service Providers, to Expert Centers to Lead Center.

Ground Rules and Assumptions

This effort is based on a few basic principles.

Local Workstations Owned by Local Service Provider

The end user receives support from the local service provider. The activities of the Workstation Management Expert Center will not change that. Efforts will be directed towards providing tools, techniques and capabilities that will allow the local service provider to more effectively support the end user.

The solution must take into account diversity across the Centers

An Agency wide Workstation Management Architecture must address the different needs across the different Centers as well as within the Centers. One Center may have a centralized Information Systems organization for the entire user base. Another, may have a distributed set of Service Providers set up in the various organizations. A large organization may be able to absorb the costs associated with local workstation R&D efforts, while a smaller one may not. These differences may also exist across Centers as well as within Centers. A solution must be scaleable across this environment.

Efforts will be focused towards selected tools and processes.

The WMEC will direct it efforts towards supporting the solutions provided by the Workstation Management Expert Center. Non-standard tools and implementations will be supported as time allows.

Phasing / Priorities, in order

The Management and Distribution Infrastructure

The identification of tools and processes, as well as sharing information on the configuration of the tools and processes, will be the top priority for the WMEC.

Windows 95, Windows NT

Windows95 has been identified as the primary goal focus for this effort. In this case, the upgrade to Windows 95 presents a significant opportunity to commonize/standardize configurations and interfaces across NASA. These common/standard configurations are required to leverage the capabilities of the other Expert Centers. This is facilitated by the definition of a baseline Windows 95 configuration by the Windows 95 working group.

MAC

Standards are dependent on the development of a baseline configuration for this platform

UNIX

Standards are dependent on the development of a baseline configuration for this platform

Implementing Workstation Configuration Management

The Philosophy

NASA workstations fall into three general categories: PC, MAC and UNIX. Each of these categories has the same general requirements: an Inventory Management Tool, a Configuration Management Tool, and a Reporting Tool. The specific applications are outlined below.
Workstation Management is the job of the Local Service Provider. They are the people who field users calls, and provide direct support. The developed architecture will have to meet their needs. And, it will have to provide more value added than the existing system, if one exists. The benefits should be in the form of: reduced time to market for new applications, higher reliability, higher availability, and increased user satisfaction with the overall solution. All of this can be accomplished through a tiered set of services that will allow the Local Service Providers to decide for themselves where to hop on the Workstation Management bandwagon.
An Agency wide Workstation Management Architecture must address the different needs across the different Centers as well as within the Centers. One Center may have a centralized Information Systems organization for the entire user base. Another, may have a distributed set of Service Providers set up in the various organizations. A large organization may be able to absorb the costs associated with local R&D efforts, while a smaller one may not. These differences may also exist across Centers as well as within Centers.

Workstation Management Tools

The primary tools to be utilized for management of NASA workstations are listed below. These tools are further defined and discussed in the Attachments.
Microsoft Systems Management Server
SMS provides the basic inventory and package assignment capability for PC's and MAC's.
Digital Alta Vista for Back Office
CA PAW provides reporting tools for all platforms, provides for software utilization tracking, and extends SMS capabilities to UNIX workstations.

Creating the Managed Workstation Environment

Understand Center Policy

Each Center has a different workstation policy. These policies range from the user owning the workstation completely with the service provider not even allowed access unless it breaks, to the other extreme where the workstation belongs to the service provider, and the user is only allowed access to the keyboard and mouse. Current funding and personnel shortages are probably going to force more and more Centers to the latter.

The Workstations

Almost by definition, workstations throughout the Agency will be different. These differences may be caused by the adoption of different applications, the costs associated with upgrades (licensing and hardware), the history of the computing culture, or the various differences across the user community. The challenge is to minimize or control those differences in such a way that the majority of the users are satisfied with the outcome.
Windows95
Windows 95 is where the majority of the INTEL workstations are going, at least for the next year. However, this is just an interim step. In the future, it is expected that most, if not all, of these workstations will migrate to NT, or be replaced with NT workstations. Given this, it is suggested that the number of workstation configurations based on Windows 95 be limited, and custom configuration efforts be centered on NT 4.0.

There exists a baseline configuration for Windows 95 workstations. It was developed and documented by the Windows 95 working group. As luck would have it, it is also similar to what most of the Centers have already installed. The efforts of the Workstation Management Expert Center will be centered on this baseline configuration.

One of the primary requirements of a managed workstation is to know what is installed on the workstation. This is the basis of any future modifications, and must be documented. The Windows 95 working group has identified the basic components of a Windows 95 workstation. It is expected that each of the Expert Centers will provide this type of information as well for their components of the NASA workstation.
In addition to knowing what is installed on a workstation, the service provider need to know where it is installed. By being able to assume a location of important files, the task of updating those files is greatly simplified. The job is hard enough without having to take into account multiple locations for system, application and data files.

Windows NT
Windows NT is where the majority of the INTEL workstations will be in about 2 years. It is expected most, if not all, the Windows 95 workstations will migrate to NT or be replaced by NT workstations. There is a group working to develop the necessary standards for NT. Getting manageable configurations established before NASA migrates to the new operating system, as opposed to playing catch-up as we had to do with Windows 95, should make the NT migrations much easier than the Windows 95 migration.

A baseline configuration for NT 4.0 does not exist. However, this is being addressed through the Hardware/Software Lead Center at this time. The efforts of the Workstation Management Expert Center will be centered on the configuration developed by the NT 4.0 working group.

One of the primary requirements of a managed workstation is to know what is installed on the workstation. This is the basis of any future modifications, and must be documented. The NT 4.0 working group will be identifying the basic components of a Windows NT 4.0 workstation. It is expected that each of the Expert Centers will provide this information as well for their components of the NASA workstation.

In addition to knowing what is installed on a workstation, the service provider need to know where it is installed. By being able to assume a location of important files, the task of updating those files is greatly simplified. The job is hard enough without having to take into account multiple locations for system, application and data files.

MAC
At this time, there are no standards or configurations available for the MAC. As these are developed, by the Workstation Hardware/Software Lead Center and MAC Expert Center, they will be included in this document. It cannot be emphasized enough that until standard configurations are developed (even Center specific ones) workstation managementon MAC platforms should be limited to inventory activities.
Philosophy
Baseline Configuration
Installed Components
Directory Structure

UNIX
At this time, there are no standards or configurations available for UNIX. As these are developed, by the Workstation Hardware/Software Lead Center and UNIX Expert Center, they will be included in this document. It cannot be emphasized enough that until standard configurations are developed (even Center specific ones) workstation management on UNIX platforms should be limited to inventory activities.
Philosophy
Baseline Configuration
Installed Components
Directory Structure

Attachment 1

Recommended Methodologies

The information provided below is based on lessons learned from several areas, as well as experience in this area. A lot of it is on the conservative side, but I think that is justified. These types of tools let you do a lot in a very short period of time, a lot of good, or a lot of damage, they do not differentiate.

Change Control Process
Peer Review
Look at each others work. Remember, you will all have to support it.
User Review
Let the users see what is coming. This can be in the form of optional downloads of "Beta" releases to loads. They do not have to know that it is the real load that you are testing. Let them think they are a part of the development process. They will like it. If they break it, it reall was only Beta, and you found out for free.
User Representatives
Someone needs to speak for the user community. It can be in the form of a local Network Coordinator (a process we use), or some other avenue.
Testing
There is nothing else to say but make sure you test enough. You will know if you tested enough about a third of the way into a release. You will never know if you tested too much.

Scheduled Releases

Any change to the users workstation is traumatic to that user, especially when they are not accustomed to change. There are some techniques that can be used to make the user more comfortable with the change.
Thursday Night Updates
Schedule updates for Thursday night. People are more likely to take Friday off, and that will reduce the number of potential victims. Further, if it really flies apart, you get the weekend to fix it.
Monthly Updates
Several small updates are better than on one big one. Eat the elephant one bite at a time. One method may be to schedule 10 small updates and 2 major updates a year. Divide the work among the updates and publish the plan. That way there are no surprises.
8:30 am Updates
When you turn on a big update, wait until the after the first logon wave has gone by. You will get a chance to watch your update perform under lighter loads before the rest of the world tries it.
Split Updates
Use SMS to divide your workstations up. Select only workstations with a 3 as the last digit of the MAC address, and try the update there first. That will give you a pretty uniform sample to test with.

Minimize Number of Configurations

There is a tremendous temptation to tailor configurations to user groups. If at all possible, fight it. If you lose the fight, attempt to relate the configurations as closely as possible to each other so they are not really different, they are the same with options installed.

Local Updates for Large Packages

Make the workstation the file server for the update by transferring the data to a reserved area on the machine over several days, then just kick off the process. This will help avoid the network congestion associated with large downloads to hundreds of workstations.

Attachment 2

Workstation Configuration Management Activities as Responsibilities

The goal is still, Common Solutions to Common Problems. The way to do this is to make ourselves, and keep ourselves, as common as possible.
Create Packages
Workstation Management Expert Center
The Expert Center for Workstation Management will have an ongoing responsibility for monitoring software update plans and configuration management requirements for the Agency. Initially, as requirements are identified this expert center will develop the packages to support software upgrades, configuration policies and workstation inventories.
Expert Centers
The various Expert Centers supporting the Hardware/Software Lead Center will ultimately become the producers of the distribution packages for their area of expertise.
Service Providers
Because of the diversity in the Agency's activities service providers will have responsibilities in unique areas which require development of their own packages for maintaining their systems. Assistance will be provided by the Workstation Management Expert Center whenever possible.

Test Packages

Workstation Management Expert Center
The WMEC will test the functionality of Workstation Management Expert Center developed packages, as well as review/test the initial packages from the other Expert Centers. This review/test will diminish as others develop expertise in package development. Additional support, by request, will be provided to the Service Providers whenever possible.
Another role of the WMEC will be to maintain a test capability that will allow through testing of configuration packages across as many different Center workstation configurations as possible. This capability will be made available to all of the Expert Centers.
Expert Centers
The various Expert Centers will initially work with the Workstation Management Expert Center to test and verify their installation packages. The involvement of the WMEC will diminish as the Expert Centers gain experience and begin to provide packages directly to the service providers.
Service Providers
The Local Service Providers should test everything before deploying it in their environment, no matter who it comes from.
Workstation Hardware/Software Lead Center
The Lead Center will provide a repository for all configuration packages, as well as a distribution mechanism. All products will be released through the Lead Center.

Packages Distribution to the Service Provider

Configuration Packages will be provided through the Workstation Hardware/Software Lead Center, most likely through a Web page or FTP site. In the spirit of common solutions to common problems, it is expected that any locally produced configuration packages will be provided to Workstation Management Expert Center for distribution to interested parties.

Training

Workstation Management Expert Center
The Workstation Management Expert Center will provide a list of recommended training as well as maintain this document. Additional training activities will depend heavily on provided budget and availability of travel funds.
Expert Centers
The Expert Centers should provide documentation on what they produce as well as identify any training requirements. Additional training activities will depend heavily on provided budget and availability of travel funds.

Consultation

Workstation Management Expert Center
Whenever possible, the WMEC will provide consulting services to anyone who asks. When travel budgets allow, we will provide on-site services.
Other Configuration Package Providers
It is expected that anyone that provides a Configuration Package will be available for consultation on that package. The only exception would be a package developed by a local service provider. If there is enough interest in a package provided by a Local Service Provider, the WMEC will probably take responsibility for that particular package.

Maintain WM Guide

The Workstation Management Guide will be maintained by the Workstation Management Expert Center.

Manage / Coordinate Inventory Efforts

The Workstation Management Expert Center will attempt to coordinate NASA wide workstation inventory efforts.

Identify Special Requirements

There will always be special cases or special requirements that fall outside the standard configurations. These will be identified by whomever finds them, and forwarded to the Workstation Management Expert Center. Resources will be applied as available, and the nature of the problem will be shared with others in the hopes that a solution already exists.

Feedback Path

The primary support organization for NASA workstation management is the Workstation Management Expert Center. However, there are only so many people working this issue. Additional support is available from the rest of the people in the Agency that are doing this same job. The nasa.infosystems.workstation-management news group will be one of the primary communications mediums for discussing problems, developing solutions, and sharing those solutions. Additionally, there are news groups for SMS that are maintained by Microsoft.

Attachment 3

Glossary of Terms

Workstation Management

Maintaining and enhancing a known configuration on a workstation or set of workstations

Expert Center

A NASA center which has the responsibility and ability in an area of expertise of providing products and services to the Agency.

Inventory Management

The process of knowing quantities and locations of resources.

Computer Associates Polycenter Assett Works (CA PAW)

A Digital Equipment Corporation product, described in more detail earlier, which enhances the capabilities of the SMS.

System Management Server

A Microsoft product which affords automated inventory and maintenance of networked workstations.

Local Service Provider

An organization or individual who has the maintenance and configuration responsibility of workstations.

Configuration Package

A set of files which will allow the installation of software. The files consist of product files, scripts, configuration files and information files used by install utilities.

Primary Site Server

An SMS Server that maintains a SMS Server database. This server also reports its data, and receives updates from, higher level Primary Server

Secondary Site Server

An SMS Server that does not maintain an SMS Database.

Central Site Server

A Primary Site Server that is at the top of the tree. It is the final repository for all SMS data, and has the potential to control all the lower level Site Servers.

Attachment 4

Tool Utilization Concepts

What To Do

What Not To Do

Attachment 5

Component Configurations

This section describes, in detail, what makes up the various types of servers in the solution.

SMS and CA PAW

The workstation numbers provided in this section are best estimates and are based on the assumption that the server is a Digital AS-1000 4/266 with a minimum of 128MB RAM running NT version 4.0.
SMS / CA PAW Primary Site Server Configuration A
CA PAW/SMS/SQL Server all running on one server accepting data directly from between 1,500 and 2,000 workstations. The data will be rolled up to a higher level server.

SMS / CA PAW Primary Site Server Configuration B
A CA PAW /SMS Server using a remote SQL Server to accept data directly from between 2,000 and 4,000 workstations. The data will be rolled up to a Primary Site Server.
SMS / CA PAW Center Primary Site Server Configuration C
A CA PAW /SMS/SQL Server accepting data from several other Primary or Secondary Site Servers and consolidating it for reporting purposes and to allow Center wide assignments of updates. The total number of workstations supported is primarily limited by disk space and memory. Typically, this configuration will manage data for 10,000 workstations. Additionally, it will roll data to the NASA Central Site Server.
SMS / CA PAW Secondary Site Server Configuration D
A CA PAW /SMS Server accepting data from 1,500 to 2,000 workstations and forwarding it to a Primary Site Server to store in its SQL Server Database.
Distribution Server, Configuration E
An NT Server that provides disk shares utilized by update packages. The distribution of the update packages is managed by SMS.
Central Site Server, Configuration F
a CA PAW /SMS/SQL Server that accepts data from Center Primary Site Servers and serves as a reporting and distribution vehicle for the Agency.

Workstations

SMS Administrators Console
This is an NT box running the SMS Administrators Console application.

Attachment 6

Supported Packages

This section will outline the packages that have been developed and tested as a part of the Workstation Management effort. It is expected that this section will be very fluid, and may shift to an on-line version in the future. With all of the work being done at this time on the EN's and what they are becoming, this section is being left blank. It will be filled in when things settle down a bit.

Attachment 7

Installing SMS and Its Components

This section will detail installation procedures to be used. For the most part, the procedures will be those identified in the package. The goal will be to stay with the "out of the box" configuration. Any deviation will be documented, with the reasons why.

Attachment 8

PC / Windows / NT Workstation Management Tools and Configurations

Computers running Windows and Windows NT make up the majority of the workstations in use at NASA. NASA, through the efforts of the Windows 95 Working Group, has created a baseline Windows 95 workstation configuration. Most Centers are basing their implementation on this configuration. This is expected to greatly simplify workstation management and the deployment of new technology over the coming years. This group is also expected to provide a baseline Windows NT version 4.0 configuration in the next several months. It should be noted that Configuration Management Tool activities require a stable, known baseline workstation to be effective. Configuration Management activities should be limited to areas where workstation configuration baselines exist and have been implemented.

General Description

The Windows / Windows NT solution is based on two tools, Microsoft System Management Server (SMS) and Computer Associates Polycenter Assett Works (CA PAW). The SMS product provides the base functionality for this effort. The CA PAW product extends the functionality of SMS with improved reporting and software utilization tracking.

Inventory Management Tool

The NASA standard Inventory Management Component for Windows / Windows NT is SMS version 1.2 or greater. In areas where software utilization tracking is required, CA PAW version 2.1 or greater will be added to the standard.

Reporting Tool

The NASA standard Reporting Tool for Windows / Windows NT is CA PAW version 2.1 or greater. The SMS product provides only rudimentary reporting capabilities. CA PAW provides a large number of canned reports as well as report customization tools to build additional reports.

Configuration Management Tool

The NASA standard Configuration Management Tool for Windows / Windows NT is SMS version 1.2 or greater. SMS provides the ability to deliver a software application to a selected machine and to run that application on the selected machine. The application delivered performs the software installation. The creation of these installation applications will be accomplished with tools and methodologies outlined in the NASA Workstation Management Guide.

Tool Installation

SMS
The SMS Client is installed on all workstations
The SMS Server is installed on the Servers
CA PAW
The CA PAW Client is optional and is installed on workstations that required software utilization tracking.
The CA PAW Server is installed on SMS Servers that need a reporting tool, and on SMS Servers that have CA PAW clients. It is likely that this tool will only be installed on the highest level servers at a Center.

Attachment 9

Macintosh Workstation Management Tools and Configurations

The Apple Macintosh makes up a significant portion of the NASA workstations in use today. However, to date, baselines have not been developed to address configuration issues (operating system versions, applications, disk/folder structure, networks, ...) The Workstation Hardware/Software Lead Center (LeRC) is working to develop these baselines at this time. It is recommended that Configuration Management Tool activities be limited to areas where workstation configuration baselines exist and have been implemented.

General Description

The Macintosh solution is based on two tools. Microsoft System Management Server (SMS) and Computer Associates Polycenter Assett Works (CA PAW). The SMS product provides the base functionality for this effort. The CA PAW product extends the functionality of SMS with improved reporting and software utilization tracking.

Inventory Management Tool

The NASA standard Inventory Management Tool for the Macintosh Platform is SMS version 1.2 or greater. In areas where software utilization tracking is required, CA PAW version 2.1 or greater will be added to the standard.

Reporting Tool

The NASA standard Reporting Tool for the Macintosh platform is CA PAW. The SMS product provides only rudimentary reporting capabilities. CA PAW provides a large number of canned reports as well as report customization tools the build additional reports.

Configuration Management Tool

The NASA standard Configuration Management Tool for the Macintosh platform is SMS version 1.2 or greater. SMS provides the ability to deliver a software application to selected machines and to run that application on the selected machine. The application delivered performs the software installation. The creation of these installation applications will be accomplished with tools and methodologies outlined in the NASA Workstation Management Guide.

Tool Installation

SMS
The SMS Client is installed on all workstations
The SMS Server is installed on the Servers
CA PAW
The CA PAW Client is optional and is installed on workstations that required software utilization tracking.
The CA PAW Server is installed on SMS Servers that need a reporting tool, and on SMS Servers that have CA PAW clients. It is likely that this tool will only be installed on the highest level servers at a Center.

Attachment 10

UNIX Workstation Management Tools and Configurations

The UNIX Workstation Management Tool Standard comes in two flavors. The first is for NASA Centers that are primarily PC and MAC based, and whose Support Providers are primarily familiar/comfortable with those platforms. The second is for NASA Centers that are primarily UNIX based, and whose Support Providers are primarily/comfortable with UNIX platforms. In cases where PC/MAC's are in the majority, the UNIX solution will fit underneath the PC/MAC solution. In cases where UNIX is in the majority, the PC/MAC solution will fit underneath the UNIX solution.

In either case, it should be noted that baselines have not been developed to address general UNIX configuration issues (operating system versions and types, application standards, interoperability satisfaction methodology, applications, networks, ...). The Workstation Hardware/Software Lead Center (LeRC), and the UNIX Expert Center, are working to develop these baselines. It is recommended that Configuration Management Tool activities be limited to areas where workstation configuration baselines exist and have been implemented.

General Description

PC and MAC Based Centers
The UNIX solution for PC and MAC Based Centers is comprised of two tools. Microsoft System Management Server (SMS) and Computer Associates Polycenter Assett Works (CA PAW). The SMS portion is the SMS Server that provides data storage for the PC and MAC workstations. The CA PAW portion consists of both the Client (for the workstation)and Server (for the SMS Server) components.
UNIX Based Centers
TBD

Inventory Management Tool

PC and MAC Based Centers
The NASA standard Inventory Management Tool for UNIX Platforms is SMS, version 1.2 or greater coupled with CA PAW version 2.1 or greater. CA PAW will gather the data and report it to SMS.
UNIX Based Centers
TBD

Reporting Tool

PC and MAC Based Centers
The NASA standard Reporting Tool for UNIX platforms is CA PAW. The SMS product provides only rudimentary reporting capabilities. CA PAW provides a large number of canned reports as well as report customization tools the build additional reports.
UNIX Based Centers
TBD

Configuration Management Tool

PC and MAC Based Centers
The NASA standard Configuration Management Tool for UNIX platforms is CA PAW version 2.1 or greater. CA PAW provides the ability to deliver a software application to a selected machine and to run that application on the selected machine. The application delivered performs the software installation. The creation of these installation applications will be accomplished with tools and methodologies outlined in the NASA Workstation Management Guide.
UNIX Based Centers
TBD

Tool Installation

PC and MAC Based Centers (SMS Server)
The SMS Server is installed on the Servers.
PC and MAC Based Cetner (CA PAW)
The CA PAW Client is installed on all workstations.
The CA PAW Server is installed on SMS Servers that manage CA PAW Clients, and on SMS Servers that need a reporting tool.
UNIX Based Centers
TBD

Attachment 11

SMS and CA PAW System Configurations

Worst Case

This design was driven several issues. The primary driver was the suggestion that there may be a very limited number of domains available at each Center. In the case of Centers with de-centralized IT management, this eliminates the ability to segment SMS based on domains. In this case, several of the options are turned off in SMS (manage all servers for one), and multiple SMS servers are located in each domain (a big no-no in the SMS book). It has been tested in the lab, and seem to work. If someone is considering implementing this on a Center-wide basis, additional testing should be performed both at the WMEC and at that Center (we may be trying this at KSC sometime soon). The testbed model has been implemented as if it were KSC, so the server names and descriptions are KSC related.

The Servers

KSC - Master Domain
- KSC_SMS Server
KSC Primary Domain Controller
SQL Server
SMS Primary Site - K99
Capabilities
This server is a "data only" server. All configuration control options have been turned off. It is a repository for all KSC data.
KSC Resource Domain
IND - Resource Domain (trusts KSC domain)
- PAY_SMS Server
IND Primary Domain Controller
SQL Server
SMS Primary Site - P00 - Payloads
This is the Primary Site Server for the Payloads organization. It will handle all SMS tasks, and will report data up to KSC_SMS. This server will be used to assign updates to Payloads workstations. It will also serve up login scripts for users. The login scripts that it provides for Payloads users will point to PAY_SMS for SMS data (call \\PAY_01\SMS_SHR\RUNSMS.BAT).
- PAY_01 Server
IND Backup Domain Controller
SMS Logon Server Only - Payloads
This server is a backup domain controller in the IND Domain. It will serve up login scripts for users. The login scripts that it provides for Payloads users will point to PAY_SMS for SMS data (call \\PAY_01\SMS_SHR\RUNSMS.BAT).
- DE_SMS Server
IND Backup Domain Controller
SQL Server
SMS Primary Site - D00 - DE
This is the Primary Site Server for the DE organization. It will handle all SMS tasks, and will report data up to KSC_SMS. This server will be used to assign updates to DE workstations. It will also serve up login scripts for users. The login scripts that it provides for DE users will point to DE_SMS for SMS data (call \\DE_01\SMS_SHR\RUNSMS.BAT).
- DE_01 Server
IND Backup Domain Controller
SMS Logon Server Only - DE
This server is a backup domain controller in the IND Domain. It will serve up login scripts for users. The login scripts that it provides for DE users will point to DE_SMS for SMS data (call \\DE_01\SMS_SHR\RUNSMS.BAT).
Outside testbed scope:
- KSC SMS Site would report to NASA SMS site
- KSC Domain would trust NASA Domain, other Center Domains
- KSC would have 2 additional resource domains, "39" and "Other", all trusting KSC domain
A Picture
The Model
The above servers all fit into either the high level KSC domain, or a KSC Industrial Area Domain. The IND domain is shared by several organizations with potentially different configurations and different workstation management requirements. Also involved is a significant fear across the board that someone with the right permissions will inadvertently trash their workstations. This model uses the login script to assign the workstation to an SMS Server based on the users ID.

Optional Server Assignment, slightly better

Based on concerns that different centers or organizations will be updating each other workstations, most likely with unpredictable results, we are looking at the utilization of variables to point to servers and provide configuration information. These variables may be in the form of environment variables, or some form of data file. Suggestions are listed below:
SMSSERVER
This would be hard coded, on the workstation, to a specific SMS Server. In this scenario, the workstation belongs to a specific network and server, regardless of the user. Yes, there would be an error if the server were down, but the same problem exists for the logon script option.
WSCONFIG
This would be hard coded as well, and would identify the workstation configuration in cases where the Center, or Organization has multiple configurations. The first few characters should comply with whatever naming convention the Center is using for servers, with an extension of the Local Service Provider's choice. For example, KPayEng for KSC Payloads Engineering Workstation.
WSCFGVER
This is expected to be a version number, probably along the lines of XX.YY.Z. It may make sense to combine this with WSCONFIG, but for now the proposal is to keep them separate.

Best Case

Install it per the book.
Use the WSCONFIG and WSVER variables to track the workstation status.

Attachment 12

Contact List

Nick Paladino

SMS and NT
nickolas.paladino-1@ksc.nasa.gov
407-867-4252

Darrell Thomas

SMS, NT, CA PAW
darrell.thomas-1@ksc.nasa.gov
407-867-4252

Mike Conroy

System Design, Tool Application, Consulting
michael.conroy-1@ksc.nasa.gov
407-867-3526

Jerry Barnes

Complaints
jerry.barnes-1@kmail.ksc.nasa.gov
407-867-3811

Attachment 13

Tips and Tricks

This section is a collection of solutions to particular problems.

Configuration Package Development Example.

To develop and install new software or updates to existing Windows-based machines automatically over the network,the following procedure can be used. After the COTS product is received from the manufacturer, an installation monitor utility like Cleansweep 95 can be used to run the application setup program on a single machine. This machine must be configured as a standard machine. The installation monitor program will report on what files where copied or changed, what directories were created, what Windows system files were modified, and what changes were made to the Windows Registry (if any). With this information at hand, another utility, one that allows you to generate native Windows Setup programs like InstallIt or Visual Basic 4.0 can be used. Once the Setup program (script) has been created and tested thoroughly on all intended platforms, the new application or update can be distributed using SMS or Norton Administrator for Network distribution facilities.

Use of System Policies

Force Logon
Neat tool, dangerous, maybe use only part time.

Run a Batch File as a part of Windows95 Setup

To those who might be interested, here is a way to get a batch file to run during the execution of a Windows 95 installation:

1. Create an INF file with entries for the files you wish to copy during the installation (these will be copied to the Windows directory or where ever the setup script tells setup to put the Windows 95 files). See the INF file listing I created to make this work below (the file itself is called cpbatch.inf):

********************CPBATCH.INF****************
[version]
LayoutFile=layout.inf
signature="$CHICAGO$"
SetupClass=BASE

[BaseWinOptions]
Copy_App_Batch

[Copy_App_Batch]
CopyFiles=Copy.Install.Batch,Copy.INF.File

[DestinationDirs]

[Copy.Install.Batch]
coninst.bat
coninst.pif

[Copy.INF.File]
cpbatch.inf

[strings]

******************************************************

2. Create the batch file you would like to run. I created a batch file that calls another (see below).

*******************CONINST.BAT*****************
@echo off
REM Connect to installation service and install local
REM applications.
net use w: /d >nul

echo ... Installing Supported Application Software
net use w: \\titan02\beta%%beta pilot95
w:
cd\scripts
call instapps.bat

exit
****************************************************

3. Create a PIF file that calls the batch file and that specifies that the DOS window be closed upon exit. This is needed because otherwise the installation will pause at this stage until you manually close the window.

4. Using the INFINST tool that comes in the Windows 95 Service Pack, incorporate the new INF information into the server-based setup of Windows 95 (Windows 95 distribution service). In order to do this, you must first copy the INF you created, the batch file you wish to run and the PIF file that calls the batch file into their own directory. then you can tell INFINST to integrate the INF file along with the batch file into the distribution service.

5. Add an entry to the [Infgen.addreg] section of the INF file you are using to automate the installation of Windows 95. Note the entry for CONINST.BAT below:

[Infgen.addreg]
HKLM,Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup,"Remove MSN From Desktop",,"rundll.exe setupx.dll,InstallHinfSection DefaultInstall 132 d:\infgen\addon\extras\del_msn.inf"
HKLM,Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup,"Installing Supported Applications",,"coninst.bat"

6. Rerun the setup and it should work.

Attachment 14

Directory Structures

This needs to be finished up with JSC data, and configuration data from workstation management conference.

Attachment 15

Organizational / Operational Issues

Access To Data

Data Base Management
Package Assignment
Reporting
Trouble Desk

Access to SMS Configuration Tools

Attachment 16

SMS ID Codes

One of the biggest concerns with SMS, when you try to roll-up site information, is the Site Code. The Site Code has to be unique in order to be able to roll-up the data. Something I thought I did several months ago, and only now realized I did not do, is try to add some structure to NASA Site Codes.
The Site Code is a 3 character alpha-numeric string. It is identified when the SMS server is initialized, and is the basis for all of the SMS ID's associated with that Site.
The Center Designator can be one of two things. Randomly assigned, or somehow attached to the name of the Center. The latter makes the most sense, but we have Lewis and Langely, White Sands and Wallops to worry about.

Proposed SMS ID Assignments

The proposal for all new Site Codes is a one letter Center Designator, followed by two alpha-numeric 1 - Z. The proposed assignments are listed below:
Axx- Ames
Dxx- Dryden
Exx- Edwards
Gxx- Goddard
Hxx- Headquarters
Jxx- JSC, also PS1, PS2, PS3, PS4, PS5, PS7, PS8, PS9, P10 and P11
Kxx- KSC, also LON, BOC
Lxx- Lewis, except LON (used by KSC)
Ixx- MSFC, also GHC
Nxx- Langley
Oxx- Wallops
Pxx- JPL,also PS1, PS2, PS3, PS4, PS5, PS7, PS8, PS9, P10 and P11
Txx- Stennis (need to stay away from default S)
Wxx- White Sands
Zxx-Agency Wide Servers
B, C, F, M, Q, R, S, U, V, X, and Y are reserved

Site Codes Used At KSC
Site CodeDate Issued SMS ADMINISTRATORORG Codes Used
LON,KDx9/01/96Brian Montgomery PZLON
K0x4/01/95Kirk Bigelow DEK01
K1x1/10/97Dave Ungar IMK10
K2x1/10/97David Knoblock BBK20
KFx3/14/97Carl Thorn ECKF0
KOx1/22/97Larry Jewell USAKO1
KTx3/19/97Thomas McArdle TLCKT0
KZx1/10/97Patrick O'Rourke WMECKZZ
BOC12/01/95Allen Gallbreath EGGBOC

Attachment 17

Why do Configuration Management

Benefit to the User
One of the most significant tools provided to the NASA worker over the past several years is the personal computer. In some cases, it is also the biggest impediment to performing their job. The user's primary goal is to effectively accomplish their job in the easiest and quickest way possible. This does not include spending long hours resolving workstation configuration problems. The user needs to have a functional workstation which allows effective communications with others. The provision of a interoperable, reliable and supportable workstation is a key to making our personnel more effective and efficient. The most effective way to meet these ends is to take advantage of common solutions to common problems and allow local service providers time to address new problems as opposed to re-solving the same reoccurring ones. A configuration managed workstation environment, at least for common tools, will go a long way towards freeing up the local service providers to more effectively provide service.

Benefit to the Service Providers
In order to leverage common solutions to common problems, we need to ensure that the common solution can be effectively applied to all of the common problems. A configuration managed workstation goes a long way towards ensuring that this is possible. Further, it is much easier to provide enhancements to a set of configuration managed workstations as opposed to a set of workstations in unknown configurations. An installed base of configuration managed workstations is a prime candidate for automated software updates, automated inventory management, rapid problem resolution, and the increased support efficiency associated with these capabilities.

An Agency wide workstation configuration program will allow the creation of ready to install software modules that can dramatically reduce the service efforts associated with the deployment of new technologies, both in hardware and software. An infrastructure that provides the local service provider with complete control over local workstations, while providing access to a distribution mechanism that allows him to take full advantage of agency wide shared solutions, will give the Service Provider the best combination of global participation and local control.

Benefit to the Expert Centers
The NASA Workstation Hardware/Software Lead Center and Expert Centers have been charged with developing common solutions to common problems. This effort can be facilitated by providing a set of tools, as well as an infrastructure, that allow for the rapid deployment of new technology across a set of workstations. The knowledge that all of the candidate workstations are in the same configuration, or different but highly related configurations, allows the development and deployment a single solution to a problem.

Benefit to the Agency
NASA is downsizing at a remarkable rate. As we focus on our core functions and deal with the trend to do away with personal services contracts we need to do more with less. IT support is one area where automation can make personnel cuts less severely felt. The only way for this type of automation to be effective, is if NASA's workstations are receptive to common solutions to common problems.

Benefit to the Government
With the recent changes associated with the Brooks Act and the Cohen Bill, Federal IT control has shifted from GSA to OMB. OMB is looking to re-define Federal IT policy, and, in some sense, is looking to NASA for help in this area. A successful workstation standardization effort in NASA, coupled with Workstation management tools and methodologies, has applicability across the Federal Government.

Benefit to our Customers
NASA customers often deal with multiple areas within the Agency. Rarely is the IT infrastructure for these different areas sufficiently similar to allow the customer to communicate with the different NASA organizations in the same way. A common infrastructure in NASA will simplify customer access to our services and capabilities and allow us to focus on satisfying their needs as opposed to expending precious resources on integrating dissimilar systems.

Benefit to our Contractors
Our contractors are dealing with the same budget pressures that we are. In many cases, the areas that have taken considerable reductions have been IT related. Continual IT investment provides long term benefits, and in many cases, the benefits will be realized past the end of a contractors performance period. The availability of a complete, engineered, supportable and managed set of workstation configurations, for little or no cost, will allow the Contractor community to take advantage of IT savings without the necessary initial investment.

Another benefit of the availability of complete, engineered, and performant solutions is that they can be used to provide interoperability between NASA and contractor workforces as well as between the various contractor workforces.

It should be noted that the cost savings to our contractor community will quite probably never be acknowledged by that community. However, it should allow for the realization of the benefits identified above.

Cost

The cost item is made up of several components, some readily definable, some more difficult to assign a specific dollar amount to. The general cost requirements are identified below.

Leverage existing personnel to the maximum extent possible.

In these days of declining budgets and reduced manpower, support personnel are taking on more and more tasks. It is important that new tools that are intended to reduce costs and efforts do not do the opposite. A solution that requires all of the service providers to learn new operating systems, commands, tools, and interfaces before realizing any benefits is not a good solution. It will never be successfully deployed. The Workstation Management Tool must take advantage of existing skill sets within the Service Provider community wherever possible.

Leverage existing equipment to the maximum extent possible.

NASA's existing workstation infrastructure (workstations, networks, servers, protocols, WAN's) is extensive and already provides connectivity to almost all users. A solution that requires significant perturbations to this infrastructure is not a good solution. In these days of declining budgets and declining manpower, it would never be successfully deployed. The Workstation Management Tool must effectively and efficiently utilize NASA's existing workstation/network infrastructure to the maximum extent possible, both to reduce costs associated with modification of the infrastructure and to reduce the costs associated with deployment.

General / Functional

The General / Functional Requirements are directed primarily at the basic functionality provided by the Workstation Management Tool.

Inventory Management

OMB and NASA ADP Inventory requirements, as well as reductions in budget and manpower, are driving the Agency to automated inventory management tools. It simply is not feasible to manually collect this type of data any more. Further, the requirement to "Buy Smart" creates a need for near real time data. The Workstation Management Tool must collect data on PC's, MAC's, and UNIX boxes without the significant manpower associated with manual methods.

In addition, the inventory cycle must be tailorable to a cycle determined by the Service Provider as well as being executed on demand, as in after maintenance is performed.

Workstation Management

With reduced budgets and reduced manpower, Information Systems Service Providers are having to work harder and harder just to maintain existing levels of service. One area where significant savings can be realized while maintaining or even improving service is in the area of automated workstation management. The Workstation Management Tool must provide the capability to selectively (by organizational group, by workstation configuration, or by workstation capabilities as identified in the database) apply system upgrades to specific workstations with little or no touch labor at the end user site. It should be noted that this requirement has an implementation specific component. The Service Provider needs to collect and maintain this data.

The tool must allow updates to be scheduled with options like, but not limited to: mandatory update, must be performed now; user can decline update for up to X days/weeks before it will become mandatory; or user can schedule the update.

Data Storage

This data also needs to be collected and accessible at the Organizational, Center, Agency, and Government level. This will most likely be a function of the implementation of the tool, as opposed to the tool itself, but the need still exists (local Service Providers may decide not to report data). Data access should be controllable to limit organizations to access to their own data. Additionally, the capability to distribute pre-defined reports should be provided.

During the life-cycle of a workstations, there are numerous opportunities for the configuration to change in such a manner that any Workstation Management Tool will be unable to detect the difference between a new machine, and one that has simply been significantly altered. The tool must provide tools, or methodologies that will allow the detection and correction of these duplications.

It is important that all information collected on a workstation, or a set of workstation, be easily accessible. To this end, the data storage component of the Workstation Management Tool must either utilize a relational SQL Database, or provide access to the data through an SQL interface.

The reporting component must support the ability to produce ad-hoc reports as needed on an organizational or enterprise wide level as well as provide the ability to incorporate these reports in to the standard set of reports.

User Support of Windows workstations

One of the significant benefits of these types of tools is the ability to remotely control a users workstation. The tool must provide a tool that will allow the workstation to be remotely controlled (see screen, execute applications, edit files, re-boot workstation). In addition, provisions must be made to allow the user to refuse this capability either at initiation of the session, or at any time during the session.

The tool must provide the capability to perform remote diagnostics on the workstation to gather data such as: memory utilization, hardware diagnostics, re-verification of inventory data.

Often, user problems may be related to activities on the network. The tool should provide the capability to utilize the users workstation as a remote network monitor. Data to be collected should include: network traffic levels, basic packet analysis for TCP/IP packets as well as Novel IPX and Appletalk packets.

Network protocols

TCP/IP is the standard protocol for agency wide access. Support for other protocols is desirable.

License Management

There are several approaches to shared software applications. They generally fall into two different philosophies, Hard Metering, and Soft Metering. Hard metering is limiting access based on a set number of packages that cannot be exceeded at any time. Soft metering is simply tracking the number of licenses in use at any one time so the Service Provider can accurately determine when additional licenses need to be procured. The tool, at a minimum, must provide the ability to track the number of licenses in use at any one time on Windows and MAC workstations as well as the user (for server based applications).

An additional desired capability is the ability to share applications, and manage the sharing of application, through the use of the tool itself.

User Related Requirements

Many users are mobile. Often, mobile means that the user is at the end of a low speed interface. The system must make provisions for users who do not have high speed access to the system so as to not significantly impact their capabilities.

Some users will be located in non-networked areas. Provisions must be made to collect data on these systems.

Implementation Requirements

The implementation of the tool must allow the local Service Provider sufficient flexibility to manage their workstations in whatever manner they choose. If they want to maintain dozens of configurations, and perform the overhead required to track the evolution of these configurations, the tool should not preclude this, even to the extent of tracking and managing multiple versions and configurations of the same product on the same workstation.

Inventory Management

Data to be collected must include what is needed to effectively manage the workstations. Minimum data to effectively manage workstations, including replacement and procurement decisions, is divided into three primary types of data: data that can be detected, data that can be inferred (through access to other data stores), and data that the user can supply. Additionally, some types of data only apply to a specific class of workstation or server.

Required Data to be Detected

Hardware
CPU Type and speed
Memory, Real and Virtual
Disk Capacity and Configuration
Network Interface card and addresses
Video Card
Software
Operating System

Desired Data to be Detected

Hardware
SCSI Information
Interrupt Assignments
LPT and COM data
Other Detectable Peripherals
Software
Applications
Name

Revision Level

Patch Level, if applicable

License Number, if applicable

Serial Number, if applicable and detectable

Components/Modules Installed, if applicable

Customized Features, if applicable

Desired Data to be Tracked

Hardware
Modification History (maybe)
User History (maybe)
Monitor Data, through ECN number
Equipment Age, through ECN, sometimes misleading
Failure History, through Help Desk Application
Peripheral Data, through ECN most likely
Software
Modification History (may be from packages run)
Other
Provision of customizable, user completed forms.
Property
This type of information is very useful in determining where and how a workstation is used. This type of data will allow integration with financial data so that a complete cost picture can be developed. It is expected that much of this data will require the user to periodically fill out a simple, on screen, form.

User Name
ECN
Room Number
Machine Function
Implementation Specific Items
Hardware
BIOS Dates and Versions
Disk Controller Types
Software
Shared Versions
Keyed Versions
Software/License Expiration Dates

Scalability

NASA Centers vary in size and complexity. In addition, Centers are often divided internally in numerous groups, often with different sets of requirements.
Provide for various workstation group sizes
 The Workstation Management Tool must provide provisions for groupings of workstations as small as 20 users to the entire NASA installed base (projected here to be at least 50,000 workstations).
Provide a hierarchy of data and control
 Often a Center will have small groups with special data access or security requirements. A hierarchy of data and control must be provided in order to allow Center Service Providers to either perform the entire job themselves, or delegate portions to Service Providers within the Center.
Multi-Platform
 NASA's workstation requirements vary from program to program and Center to Center. This has led to a diverse collection of workstation technology that can be loosely collected into three groups: PC, MAC, and UNIX. Inventory Management and Workstation Management requirements are pretty much the same across all of these groupings.

PC

Windows95
WindowsNT
Other standard supported configurations as determined by the Windows Expert Center.

MAC

Standard supported configurations as determined by Macintosh Expert Center.

UNIX

Digital UNIX
ULTRIX
HP-UX
IBM AIX
SunOS
Sun Solaris
SGI
Other standards as determined by Unix Expert Center

Alternatives Analysis
NASA workstations mainly fall into three classes, PC, MAC, and UNIX. Our ultimate objective is to find an off the shelf product that will afford us the ability to manage hardware and software, distribute desktop configurations and software, and provide a good reporting tool, across these classes. Because of the pre-ponderance of PCís in the overall NASA user population, the overall solution strategy has been to address the PC universe first, while ensuring that management of Mac and Unix systems are integrable by use of other Commercial Off The Shelf products. Workstation Management software systems such as Tivoli, CA-Unicenter, HP Open View, and others are being investigated. Of the products focused on the PC (and Mac) environments, the following did not fit the requirements:

Intel's LANDesk Manager- This product provided detailed information on a variety of system resources, had good software distribution support. However this product is designed for all Intel based PCs and servers. It's server management is based on Novell Netware. In the NASA community Netware is overshadowed by Windows NT. No support for MACs or UNIX at present.

McAfee Associates' Saber LAN Workstation - This product is very good at desktop management and software distribution, but was deficient in hardware inventory and ease of use. It also lacked support for UNIX and had limited support for MACs.
Segate Frye Utilities - This product has good hardware inventory and software distribution, but is cumbersome to use in both cases. The product uses a DOS user interface that really makes the complete package difficult to learn and use.

Symantec's Norton Administrator - This product is not sophisticated but is very good at hardware and software inventory, software distribution and metering. It has an appearance of ease of use, but doesn't hold true throughout its' use. Support for UNIX is nonexistent. KSC, MSFC, and HQ are moving away from this product and have chosen to use Microsoft's System Management Server.

Microsoft System Management Server - Implementation of this product will allow for an effective base workstation management environment and appears to be capable of integration with the key overall systems administration tools known.