We are convinced that a directory-integrated package is the most effective approach to workstation management. Why? Because effective workstation management is policy-based and because directory-integrated solutions are tied to users as well as workstations, both of which are objects in your directory. Also, critical information relating to your policies and workstations is contained in an existing replicated database that doesn't require additional tinkering. And finally, directory-integrated management moves you one step closer to a single point of administration for your computing environment, which comprises users, software, hardware and policies.
In our Syracuse University Real-World Labs® we tested two directory-based workstation-management packages: Novell's ZENworks for Desktops 3.2 (ZfD3) and Microsoft Corp.'s IntelliMirror, which is built into Windows 2000 and requires Microsoft's Active Directory (AD). The current versions of Intel's LANDesk and Microsoft's SMS (Systems Management Server) are examples of mature standalone products that offer many -- but not all -- of the workstation-management features included in these directory-integrated packages. If you're using these systems, you're on the right track, but you're still sitting in the caboose. Because these products aren't directory-integrated, they didn't pass our filter for this review.
Microsoft tossed SMS administrators a bone last summer by releasing a tool that enables batch imports of some information from AD, thus helping stratify software deployment based on AD organizational units and group membership. This isn't what we have in mind when we say directory-enabled, but Microsoft does plan to upgrade SMS users' tickets to first class sometime late this year or early next year with the release of a directory-enabled version of SMS: 3.0.
ZENworks and IntelliMirror are tightly tied to NDS and AD, respectively. In fact, these products are proprietary in the sense that Novell's ZENworks works only with NDS, and Microsoft's IntelliMirror, for the most part, works only with AD. Microsoft and Novell clearly have a vested interest in producing applications that leverage their particular directories while excluding other directory services, but third-party developers would like to provide products that run in any environment.
To date, vendors without directory offerings have been content to equip their desktop-management products with single-use information stores that are dedicated to the needs of their particular workstation-management solutions and not integrated into any enterprise directory service. Perhaps data interchange between the directory service and the management suite via XML (Extensible Markup Language) is a methodology that third-party developers can adopt as a first step to producing directory-agnostic, directory-enabled solutions. For this class of application, we think the issue is how to integrate into the enterprise directory, not whether to integrate.
Watching the Storage
On the data-storage front, the Desktop Management Task Force (DMTF) has published an extensible schema for storing workstation-management data, among other types, via the CIM (Common Information Model). Version 2.5 of CIM was released in February; both Novell and Microsoft are members of the DMTF and are actively incorporating CIM into their products. Novell uses the CIM schema, with additional extensions, to store workstation-inventory information as it is automatically gathered throughout the enterprise. Likewise, Microsoft's SMS stores hardware information using the CIM schema. Why is CIM important?
In a word, interoperability. Any management application you implement that understands CIM data can use your workstation information.
Microsoft's IntelliMirror technology manages only Windows 2000 machines and doesn't include even half the capabilities of ZfD3, which says more about the richness of ZfD3 than about IntelliMirror's shortcomings. ZfD3 supports Windows 9x, Windows NT and Windows 2000 systems. In fact, a comparison between these two products is somewhat unfair, since IntelliMirror is included in every copy of Windows 2000 Professional and Server, while ZfD3 is an add-on product that carries a per-client charge as high as $59 retail. It would be fairer to compare IntelliMirror with the ZENworks Starter Pack, a freely available download from Novell that provides a severely restricted subset of ZfD functionality. However, our intent here is to highlight the benefits of directory-integrated workstation management, not to conduct a head-to-head comparison between IntelliMirror and ZfD3, so you won't find a report card or comparative charts.
Imaging
Microsoft and Novell have taken different paths to address the need for placing corporate-standard OS images on systems. Each path has its merits and shortcomings, but both make use of the directory to determine which users or workstations have rights to which particular images. Because applications are part of your images, your organization can use the directory to ensure that your users have access to the applications they need without cluttering their desktops and hard drives with applications they'll never use. Your marketing group gets access to the image designed for marketing personnel and your accountants get access to the accounting image; the directory identity determines which is which.
Remote Installation Services (RIS), Microsoft's IntelliMirror imaging tool, is simple and effective but does require some hands-on intervention. RIS uses the Desktop Management Interface's PXE (Preboot Execution Environment) to supply the client with a boot image that queries the user for authentication to AD, determines identity and then presents a menu of images available for that user based on a directory lookup. Once the user selects an image, a mini-Windows setup routine starts, and five minutes later your client is up and running, complete with a specialized set of applications. We like that RIS uses PXE, because PXE is built into nearly every desktop NIC and some PC Card NICs. Also, your users and technicians don't need to possess boot disks or CD-ROMs to get the imaging process started. PXE is simple and effective.
In contrast, ZfD3 by default uses a customized Linux boot process that is initiated from floppy, CD-ROM or, preferably, via a specially prepared boot partition on the workstation's hard disk. We were glad to see, however, that Novell has added PXE support as a $10-per-client add-on to ZfD3 in version 3.2. Our experience in the lab left us intrigued by the possibilities of Novell's Linux approach to imaging but disappointed with the complexity involved and basic problems with reliability.
The reliability problems boiled down to one class of hardware configuration in the lab failing to boot from the Linux partition about 50 percent of the time. We ran out of time while debugging this glitch, but given that we were using plain-vanilla hardware, we feel it shouldn't have been a problem in the first place. Novell created unnecessary complications by tying its solution to a separate boot partition that relies on yet another OS and needs to be created and managed on each workstation. Novell can do some cool things with the Linux approach, such as offer completely unattended imaging, but for such a critical service the $10-per-client price for PXE is worth every penny.
On the intriguing side of the equation, Novell has developed a hands-off imaging solution that makes excellent use of the directory. When the solution works as it's supposed to, your workstation boots to Linux and an application kicks off that checks the workstation's directory object to see if there is any work to do, such as sending or receiving an image. If the administrator has assigned imaging work to the workstation, those tasks are carried out. If there is no work to do, the boot partition is switched to the primary OS partition and the machine reboots to Windows.
Novell provides a tool that enables you to edit stored images by adding or deleting files. ZfD3 also supports a directory-based imaging policy that lets you automatically associate an image with a workstation that meets certain criteria, such as processor speed, amount of memory, hard disk size and so on. For example, the policy could say that workstations with 64 MB of RAM or less get an image based on Windows 98, while workstations with more than 64 MB of RAM get a Windows 2000 Professional image.
RSS
