Altiris eXpress 5: A Solution To Help a Stupid User

Articles and Tips: article

Blaine Homer

01 Feb 2001

I often wonder why I chose a career as a networking professional--a career where a day is determined to be successful, not by my accomplishments but rather by how many holes in the "dike" I plug. Why did I chose a career where nothing ever works right the first time--a career where I am continuously figuring out just what part of a new technology solution is real and what part is marketing hype?

Whatever my reasons, my life is full of endless technical inconsistencies, "fixes" that just cause more problems, drivers that don't work, documentation and a knowledge base that are two generations behind, and worst of all, the endless bombardment of questions from seemingly stupid users.

Recently, however, I have come to the conclusion that maybe that is allIam--a stupid user. Maybe I should take a step back and focus on what I am trying to accomplish for those I help. Maybe I should stop beating my head against the wall and make technology work for me instead of me working for technology.

What triggered this epiphany? I reviewed Altiris eXpress 5, a new revision of a product that can help any networking professional's quest for a simpler career. This product enables you to deploy and migrate systems more quickly and can also help you perform day-to-day management tasks.

I had actually planned to review Altiris eXpress 4, but as I started the review process, Altiris made a couple of significant announcements: First, the company announced that it was merging with Computing Edge Inc., and second, the company announced the availability of its new product, Altiris eXpress 5. In addition to explaining the significance of this merger, this article focuses on the new product Altiris eXpress 5. (For a complete list of system requirements for Altiris eXpress 5, see "System Requirements.")

HOW COMPATIBLE ARE ALTIRIS AND COMPUTING EDGE?

Altiris develops and markets PC management and deployment solutions designed to minimize the cost of deploying software, maintaining PCs, migrating operating systems, and teaching with PCs. Altiris' flagship product is Altiris eXpress, which is an integration of several Altiris products. (For more information about Altiris, visit www.altiris.com.)

Founded in 1994, Computing Edge creates solutions for system management, including hardware and software inventory, software delivery, and help-desk support. (For more information about Computing Edge, visit www.computingedge.com.)

Altiris and Computing Edge completed their merger on September 30, 2000. The purpose of this merger seems to be to take advantage of the synergy between the two companies' products. Although I haven't reviewed any of Computing Edge's products, the product descriptions suggest that the merger makes sense.

In fact, as I reviewed Altiris eXpress 5 (which is a suite of Altiris products), I felt that Altiris had built its products around the concept of individual PC management. Altiris' products focus on deploying, cloning, configuring, updating, and migrating software on PCs. However, Altiris' products seem to lack strong network management features, such as hardware and software inventory, software monitoring, and help-desk support. In other words, all of the areas that I found to be weaknesses in Altiris' products are claimed to be strengths in Computing Edge's products. Consequently, the "new" Altiris may be able to provide total management solutions, instead of just PC deployment solutions.

ALTIRIS EXPRESS 5

Altiris eXpress 5 is designed to help companies cut the costs involved in PC ownership. To do this, Altiris eXpress 5 provides tools that allow you to remotely manage PCs throughout the deployment process. In particular, Altiris eXpress 5 excels in the areas of software deployment, disaster recovery, and operating system/hardware migrations. Altiris eXpress 5 includes functionality from the following Altiris products:

PC Transplant Pro. PC Transplant Pro uses a wizard to enable you to identify and capture a PC's unique files, directories, desktop settings, network settings, and application settings. This utility also simplifies the migration of operating systems because it clones and transfers operating system settings and each PC's unique name and IP address (or Dynamic Host Configuration Protocol [DHCP] settings).

PC Transplant Pro automatically creates a user account with network rights and printer drivers. In addition, PC Transplant Pro converts all of these files, directories, and settings into a compressed, self-extracting file that Altiris calls aPersonality Package. This Personality Package enables you to store or back up the files and settings that make a PC unique.

PC Transplant Pro is a powerful and useful utility, but it would be nice if this Personality Package could be stored on a web site. Personal settings and information would then be available to users regardless of what workstation they use: Users could log in to the web site and have "their personalized computer" available anywhere, anytime.

Obviously, some technical limitations that restrict this ideal environment from becoming reality still exist, but PC Transplant Pro is a step in the right direction. An Altiris spokesperson says the company is exploring the possibility of web enabling Altiris eXpress.
RapiDeploy. RapiDeploy is a utility that allows you to rapidly image PCs. You simply select a PC you want to clone and then make a few other selections, such as if you want the imaging process to run now or run later. When you perform an operation using RapiDeploy, the process is stored as an Event, which can then be easily repeated.

After RapiDeploy creates the image, you can push it out to additional PCs. You can distribute this image to PCs individually, by group, by Media Access Control (MAC) address, and so on. You can even select multiple PCs and drag-and-drop your selection to the image event. This action starts a multicast imaging session, which in theory means you can image as many PCs on a LAN segment as you want and consume no more bandwidth than you would if you were imaging one PC. In my tests, I imaged as many as 10 PCs at the same time and had no problems.

Note. If your company uses switched networks or networks that filter and drop multicast traffic, you may have to install eXpress servers in strategic locations throughout the network.

I was impressed with RapiDeploy's performance and capabilities and believe this utility could significantly reduce the time it takes to deploy and maintain a PC-based environment. In fact, if Altiris eXpress 5 included only the functionality of RapiDeploy, the product would be worthwhile.
RapidInstall. RapidInstall picks up where RapiDeploy leaves off. After you deploy a "least common denominator" image to all of the PCs on your company's network, you can use this image as a baseline. You can then install an application that you want to deploy on one PC. After you install this application, RapidInstall creates a RapidInstall Package (RIP)--a file that contains all of the changes you made to the baseline image.

You can then send this RIP to any other Altiris-managed PC. Again, you can deploy RIPs to individual PCs, to groups, by MAC address, or by an event. You can also build autoexecuting RIPs to distribute applications, updates, and registry changes to mobile users.

I thought RapidInstall was fast and impressive. In fact, I don't think I will install Office 2000 again any other way. You can even build RIPs to uninstall applications, to update virus DAT files, or to change specific hardware configurations, such as adding a new printer driver. In addition, RapidInstall can use RIP files to make registry changes.

NEW FEATURES IN ALTIRIS EXPRESS 5

Like any new product, Altiris eXpress 5 includes enhancements over the previous version. Specifically, Altiris eXpress 5 includes the following enhancements:

Support for multiple consoles and more complex network environments
New installation wizard with remote client installation
Hardware and software inventory
Software management
Remote control and chat
Enhanced security for the Altiris client
Virtual computers
Support for conditional events
Integration with Compaq Insight Manager LC

Multiple Consoles and More Complex Network Environments

Altiris eXpress 5 supports multiple eXpress servers and consoles. As a result, you can manage PCs within a LAN segment by setting up an eXpress server on that segment.

In addition, you can separate or distribute the functionality of Altiris eXpress on multiple servers. With previous versions of Altiris eXpress, you had to load the Altiris DHCP server, Altiris PXE server, and Altiris eXpress server on the same server.

This enhancement allows you to bypass the multicast limitations on some networks. You can have only one DHCP server but install eXpress console servers on each side of the router. You can then use multicast to distribute images or applications within each LAN segment. This enhancement provides scalability, allowing Altiris to advertise Altiris eXpress as an enterprise utility rather than a lab tool.

Installation Wizard

In the past, installing Altiris eXpress has supposedly been the most difficult part of using Altiris eXpress. For this review, I installed both the old and new versions. Although I found neither installation particularly difficult, the improvements to Altiris eXpress 5 were welcome.

In the previous version of Altiris eXpress, the installation wasn't necessarily the difficult part. The difficult part was the time it took to set up the Windows NT server exactly right. For example, loading the Domain Naming Service (DNS)/DHCP server and the PXE support could supposedly be problematic.

Again, I did not find these tasks particularly difficult; I just had to complete all of the recommended installation tasks to use all of Altiris eXpress' features. (PXE is part of Intel's Wired for Management specification, which defines standards for compliant hardware to start up and boot from a network server rather than from a local hard drive. PXE is based on industry-standard Internet protocols and services, such as TCP/IP, DHCP, and TFTP.)

Altiris eXpress 5 includes an installation wizard, which is basically an HTML/Flash interface that allows you to pick one of two options: You can install the DHCP server, PXE server, and Altiris eXpress server on the same server, or you can install the DHCP server, PXE server, and Altiris eXpress server on different servers. If you choose the Simple Install option, Altiris eXpress 5 automatically installs and configures everything on one server.

Hardware and Software Inventory

Altiris eXpress 5 gathers basic information about the PC's hardware and software configuration. For example, Altiris eXpress 5 gathers the following information:

General properties such as name, MAC address, and operating system
Hardware information such as processor, RAM, monitor, manufacturer, and serial number
Applications installed including description, publisher, version, and product ID
Configuration such as TCP/IP information, NetWare client settings, and user settings
Devices installed

I am not sure I would say Altiris eXpress 5 provides a complete inventory package, but it does provide some basic functionality to identify and track PCs on your company's network. As I mentioned earlier, the merger between Altiris and Computing Edge should address this area.

With its limited inventorying capabilities, Altiris eXpress 5 does provide enough information to help you assign a specific PC to a "group" that you will have Altiris eXpress 5 execute events on. This limited inventorying also lets you create conditional events that will execute only on PCs with a specified configuration (based on similar hardware and software).

Software Management

Altiris eXpress 5 can also automate the management of software configuration for PC labs. Altiris eXpress 5 allows you to install and/or restore any operating system, application, and/or computer-specific registry settings to an entire classroom of PCs. To test this function, I installed Altiris eXpress 5 in a PC lab at a local college. This particular PC lab consisted of 25 identical PCs, all running Windows 98.

The challenge of managing a PC lab is keeping the PCs consistent from day to day: After the students use the PCs, at the end of the day, without exception, not one PC has the same configuration it had in the morning.

One solution to this problem would be to use Windows polices to restrict the students from making changes. However, this solution defeats the goal of a teaching environment. Instead, in the morning, I used Altiris eXpress 5 to deploy a new image and to distribute the applications students needed. At the end of the day, Altiris eXpress 5 restored each PC to its pristine state. Furthermore, I could have just as easily changed the Windows 98 lab into a Windows 2000 lab.

Remote Control and Chat

Assuming you have rights to the eXpress console, Altiris eXpress 5 now allows you to remotely view another PC's screen and to remote control that PC's keyboard and mouse. Unlike traditional remote-control packages, Altiris eXpress 5 allows you to transfer control back and forth between your PC and a user's PC. As a result, you can watch exactly how the user is performing a task (the user can work normally on his or her workstation as you watch). Watching the user work may help you determine the cause of the problem.

Altiris eXpress 5 also allows you to take control of a user's PC and to demonstrate to the user the appropriate method of performing a specific task. I noticed that when the administrator was in control, the user was restricted from performing any tasks, but by pressing the Ctrl-Alt-Del keys, the user regained control of the PC--a feature that I am not sure I liked.

For this review, I ran the Altiris eXpress 5 remote-control functions over an 11 MB wireless network and over a 100 MB wired network. In the wireless environment, performance was unacceptable. In the 100 MB wired environment, the response was exceptionally good. However, I did not experiment with heavy network loads to determine how the response would be affected, nor did I attempt to determine exactly what kind of overhead remote control actually produced. You should explore these two issues if you are considering using any remote-control product in a production environment.

If the Altiris client is loaded, the eXpress console operator can initiate remote control; no consent is required from the client. The Altiris client does include an option to prevent remote control. However, the eXpress console operator could easily delete the Altiris client and install a new client with remote control enabled.

As a result, a sneaky network administrator could, without any consent by a user, read documents, peek at e-mail messages, or see anything else a user is working on. The only indication that a PC screen is being watched is a flashing icon in the lower right taskbar. And a sneaky network administrator could even turn off this flashing icon. (Another minor indication that a screen is being watched is that a user's mouse hesitates for a fraction of a second--an event not many users would notice or attribute to being "spied" on.)

The remote-control feature could put sensitive company information at risk. For example, suppose the CEO is writing a memo to the Human Resources department and this memo contains information that no one--not even the IS department--should read. (In fact, perhaps the e-mail contains information about the CEO's desire to fire the network administrator for his problem with computer screen voyeurism.)

Altiris eXpress 5 also allows you to instigate a remote-chat session. Unfortunately, the remote-control feature is not tied to the remote-chat feature. I would have preferred that Altiris eXpress 5 force the eXpress console operator to initiate a chat session before he or she could remotely control a PC. (I would sacrifice some functionality for security.)

If the eXpress console operator wanted to control a PC when a user was not using it, the operator could request the user's permission in advance. Altiris eXpress 5 already allows you to defer events to a more convenient time. According to a Altiris spokesperson, Altiris plans to improve security for remote control in upcoming releases of Altiris eXpress.

Altiris Client Security Enhancements

With Altiris eXpress 5, passwords and usernames are encrypted, providing better security for information as it passes across the wire. In addition, you can password protect the Altiris eXpress 5 client to ensure that the client is not inadvertently or intentionally removed. You can even hide the icon in the taskbar.

As a network administrator, I like this feature: I like that I always have access to a PC. I can download software, images, updates, and virus DAT files, and I control the PC anytime I want. As a user, however, I do not like that I have no control over what the network administrator does to my PC or sees on my screen.

Virtual Computers

With Altiris eXpress 5, you can set up virtual computers before the actual PCs are put online. For example, if you needed to deploy 10 PCs, you could take a bar code scanner and walk down the line of boxes, scanning in the serial numbers or bar code of each of the new PCs. You could then associate the serial number to a virtual computer (before you put the actual PC online). You could even assign the PCs to an individual, a group, or an Altiris event.

You could then send the new PC to its destination (without taking it out of its box). When the PC is hooked to the network and booted (if the PC is PXE capable), you could use Altiris eXpress 5 to install the operating system, applications, and utilities. In other words, depending on who the user is, what groups the user belongs to, or what the PC's configuration is, Altiris eXpress 5 will deploy the appropriate image created with RapiDeploy and any additional RIPs.

If you do not create a virtual computer and the PC boots to DOS, a list of available unmanaged computers will be displayed on the Altiris eXpress console. You can then select which PCs will get which images.

I do have one item for a wish list: I wish wireless network interface cards supported the industry standard PXE. You could then use RapiDeploy, RapidInstall, and other utilities to deploy and manage wireless devices.

Conditional Events

Because Altiris eXpress 5 supports conditional events, you can schedule actions to be executed only on PCs that have a specified configuration. This feature allows you to create custom conditions using any combination of the gathered hardware and software inventory information.

For example, you could create an event that indicates the following: When a new PC is plugged in to the network and it boots via PXE, Altiris eXpress 5 should deploy a Windows 2000 image to PCs that belong to Group One. Altiris eXpress 5 should then deploy a Windows 98 image to PCs that belong to Group Two. Finally, Altiris eXpress 5 should deploy the specified applications to PCs that have at least 64 MB of RAM.

Integration with Compaq Insight Manager LC

If Altiris eXpress 5 detects Compaq agents on a PC, an option is added to the eXpress console menus and tool bar. This option launches the Insight Manager console, allowing you to diagnose and upgrade drivers on Compaq PCs.

CONCLUSION

After reviewing Altiris eXpress 5, I decided that I have been managing PCs the hard way. For those of us who have the dubious honor of being a networking professional, Altiris eXpress 5 can bring order to the chaos we face in managing PC environments.

Altiris eXpress 5 supports both new and legacy PCs in mixed operating system environments, and Altiris eXpress 5 can support laptops via self-extracting software distribution packages that can be e-mailed or copied on to a CD.

Overall, I found that Altiris eXpress 5 was a very capable, easy-to-use application that once implemented certainly made this stupid user's life as a networking professional a lot simpler.

Blaine Homer is CTO of DirectPointe, a subscription-based computing company that is based in Orem, Utah. You can contact Blaine Homer at bhomer@directpointe.com.

System Requirements

Before you begin to install Altiris eXpress 5, you should ensure that you have the following hardware and software running on your company's network.

MANAGEMENT AND SERVER COMPONENTS

Altiris eXpress 5 management and server components require a Pentium II, 233 MHz (333 MHz or faster recommended). You can install these components on one server, or you can distribute these components among multiple servers to increase performance and scalability.

CONSOLE REQUIREMENTS

Windows 2000, NT (workstation or server), Millennium Edition (ME), 98, or 95
At least 32 MB memory and 3.5 MB free disk space

EXPRESS SERVER REQUIREMENTS

Windows 2000, NT (workstation or server), ME, or 98
At least 64 MB (Win ME and 98) or 128 MB (Win 2000/NT) memory and 2.5 MB free disk space

PXE SERVER

Windows 2000 or NT (workstation or server)
At least 32 MB memory and 25 MB free disk space for boot files
A Dynamic Host Configuration Protocol server on your company's network

DATABASE

Altiris eXpress 5 includes Microsoft SQL Server 7 MSDE, which can be installed in an existing SQL Server 7 database.
Windows 2000, NT (workstation or server), ME, or 98
64 MB memory and 55 MB disk space

FILE SERVER

NetWare or Windows 2000, NT (workstation or server), ME, or 98
100 MB free disk space for eXpress program files, plus space for storing files (images, boot files, RapidInstall Packages (RIPs), and so on)

Note: Note. If you use Windows ME or 98 as an Altiris eXpress server component, remote install and PXE are not supported, and you are limited to reliably handling 30 clients.

CLIENT COMPONENTS

Client PCs can be any Pentium-class PC running Windows 95 or above.
The Altiris client requires 5 MB free disk space and BootWorks. Note. The Altiris client can use BootWorks or PXE but not both (since both technologies perform the same task). (BootWorks is patented Altiris technology that allows you to remotely manage a PC before the operating system loads. For example, BootWorks enables you to configure a PC's IP address before Windows loads.) If the Altiris client is installed to the local hard drive, the client requires 5 MB contiguous disk space.

Novell Connection, February 2001, p. 44

* Originally published in Novell Connection Magazine

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.