Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management Sebastien Dellabella, Rafal Otto Internet.

Published byAmie Fisher Modified over 9 years ago

Similar presentations

Presentation on theme: "CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management Sebastien Dellabella, Rafal Otto Internet."— Presentation transcript:

1 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management Sebastien Dellabella, Rafal Otto Internet Services Group IT Department

2 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 2 Agenda Components of the Windows application management activity at CERN –Application pool –Deployment tools –Monitoring tools –Managing updates and communicating with the users community Case Studies –Acrobat Reader : responding to vulnerability disclosures –Microsoft Office : follow up of the product evolution –Java : how to manage unmanaged?

3 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 3 Overview Snapshot of the environment –~ 6000 managed Windows machines 95% of Windows XP Sp2 5% of Windows Vista –~40 different sets of computers Having different sets of applications “Local administrators” can manage them using a delegation mechanism –Typical managed computers have access to 20 core applications ~100 applications are available “on demand” In addition: updates, service packs or patches

4 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Application Support Levels Examples Windows Desktop Applications Life-cycle Management - 4 InstallationUsageForced Updates Optional Updates E-mail Notifications Microsoft Office XXX Hummingbird Exceed XXX Adobe Flash Player XX Sun Java XXX Apple QuickTime X

5 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Application Support Levels Examples Windows Desktop Applications Life-cycle Management - 5 InstallationUsageForced Updates Optional Updates E-mail Notifications Monitoring Microsoft Office XXXX Hummingbird Exceed XXXX Adobe Flash Player XXX Sun Java XXXX Apple QuickTime XX

6 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Processes and Tools Windows Desktop Applications Life-cycle Management - 6 Deployment CMF Group Policy Monitoring CMF Inventory Antivirus Stats Security and Editors Websites Users feedback Reacting Upgrade Uninstall Block Warn users

7 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 7 Deployment Tools CMF: Computer Management Framework –Application deployment system used at CERN Address requirements of Control community in context of CNIC More flexible than previously used solution (especially for delegation) –Used to deploy all applications at CERN Group Policies –Used to deploy all settings and preferences –CMF client is deployed using Group Policies

8 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 8 Monitoring Tools Key components of our monitoring activity CMF Inventory Statistics Websites Users Feedback Monitoring

9 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 9 Monitoring Tools Key components of our monitoring activity CMF Inventory Statistics Websites Users Feedback Monitoring

10 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 10 Monitoring Tools Key components of our monitoring activity CMF Inventory Statistics Websites Users Feedback Monitoring

11 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 11 Monitoring Tools Key components of our monitoring activity CMF Inventory Statistics Websites Users Feedback Monitoring

12 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Monitoring Tools Statistics Windows Desktop Applications Life-cycle Management - 12

13 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Monitoring Tools Statistics (2) Windows Desktop Applications Life-cycle Management - 13

14 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Reacting Windows Desktop Applications Life-cycle Management - 14 Upgrade smoothly: –We group mandatory updates every month –Optional updates may be published anytime –Progressive deployment Send email alert and/or schedule update: –If an exploit is in the wild for a monitored software (i.e. Java) Block an installed software: –If a vulnerability is widely exploited and no update available SEVERITYSEVERITY

15 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 15 Agenda Components of the Windows application management activity at CERN –Application pool –Deployment tools –Monitoring tools –Managing updates and communicating with the users community Case Studies –Acrobat Reader : responding to vulnerability disclosures –Microsoft Office : follow up of the product evolution –Java : how to manage unmanaged?

16 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Case Studies Acrobat Reader: Reacting to vulnerabilities Windows Desktop Applications Life-cycle Management - 16 Deployment –Supported application preinstalled on each Windows computer by default Monitoring –Arbitration to stay with version 7.0.9 and being able to upgrade to version 8.0 if required. Version 7.0.9 was working fine but: –4 critical vulnerabilities since 01-2007 Version 8.0 solved vulnerabilities but: –Printing problem with version > 7.0.9 –Only first page of the document printed when Postscript driver used Reacting –Decided to upgrade to version 8 at the end of 2007 Migrate Postscript drivers to PCL first

17 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Case Studies Microsoft Office (in 2007): Product evolution Windows Desktop Applications Life-cycle Management - 17 Deployment at CERN (2007) –Office 2003 as default Office suite preinstalled on each new computer –Office XP still supported and installed widely at CERN Monitoring –Microsoft released Office 2007 (11-2006) –Big change in functionality –Suitable only for powerful computers (> 1GB of memory) –Increasing user demands for the new version “Wild” installations started to appear Reacting –In order to limit number of supported Office suites –Office 2007 deployment combined with Office XP phase out –Package for Office 2007 has been prepared and optional upgrade announced –New training courses were organized –After some time (08-2007) Office 2007 became the default Office suite preinstalled on all computers having at least 1 GB of RAM

18 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management - 18 Deployment at CERN (2008) –Office 2007 default Office suite on new computers (03-2008) –Office 2003 SP2 installed on 80% of computers Monitoring –Microsoft releases monthly security patches –Microsoft released Office 2003 SP3 and Office 2007 SP1 (09-2007) Reacting –Gradual deployment of Service Packs on centrally managed computers –Updates proposed to “local administrators” to schedule them according to their needs Case Studies Microsoft Office (in 2008): Product evolution

19 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Case Studies Microsoft Office (in 2008): Follow-up evolution Deployment progression of MS Office Windows Desktop Applications Life-cycle Management - 19

20 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Case Studies Sun Java: manage the unmanaged Windows Desktop Applications Life-cycle Management - 20 Deployment –Three branches of Java are packaged by us and made available for installation (1.4.x, 1.5.x and 1.6.x) Monitoring –Computers very often have multiple versions of Java installed –We cannot force updates Many critical experiment applications require a particular version of Java –Vulnerabilities are disclosed almost every month! Reacting –Packages for each new version are created –E-mail notifications are sent automatically to owners of vulnerable computers –E-mail notifications are sent automatically to “local administrators” encouraging them to deploy new packages

21 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Mail sent to “Local administrators” Windows Desktop Applications Life-cycle Management - 21 Case Studies Sun Java: manage the unmanaged

22 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Mail sent to computer’s owners Windows Desktop Applications Life-cycle Management - 22 Case Studies Sun Java: manage the unmanaged

23 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Summary Application lifecycle management –Application monitoring activity increased over the years Statistics, Websites, RSS Feeds, etc. Monitoring is now focused on security rather than application improvement. –Deployment is easier Packaging technologies are now mature –Our tools allow us to react fast and with modularity Making a package and deploying it CERN wide is possible in 30min ! Presentation title - 23

24 CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Questions ? Presentation title - 24

Download ppt "CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Windows Desktop Applications Life-cycle Management Sebastien Dellabella, Rafal Otto Internet."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
The Evolution of Managing Windows Computers at CERN Ivan Deloose Internet Services Group Department of Information Technology CERN 7 April 2006 – HEPix.

The Evolution of Managing Windows Computers at CERN Ivan Deloose Internet Services Group Department of Information Technology CERN 7 April 2006 – HEPix.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.

Microsoft ® Application Virtualization 4.5 Infrastructure Planning and Design Series.
CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/it IT Forum, June 2011 Software and Hardware Inventory Initiatives Computer Security Team,

CERN IT Department CH-1211 Genève 23 Switzerland IT Forum, June 2011 Software and Hardware Inventory Initiatives Computer Security Team,
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Windows Server 2008 Chapter 11 Last Update 2012.06.07 1.0.0.

Windows Server 2008 Chapter 11 Last Update
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
Group Policy in Microsoft Windows Active Directory.

Group Policy in Microsoft Windows Active Directory.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
16.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
Deploying and Managing Software by Using Group Policy.

Deploying and Managing Software by Using Group Policy.
Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t OIS Web Content Management System Discussion.

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Web Content Management System Discussion.
CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Next generation of virtual infrastructure with Hyper-V Michal Kwiatek, Juraj Sucik, Rafal.

CERN IT Department CH-1211 Genève 23 Switzerland t Next generation of virtual infrastructure with Hyper-V Michal Kwiatek, Juraj Sucik, Rafal.

Similar presentations

Ads by Google