Embed Size (px)
Citation preview
Lawrence Livermore National Laboratory
Centralized Desktop Management at LLNL
A Major Paradigm Shift
CDM
David Frye
This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344.
Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551
What is CDM?
Centralized Desktop Management Project started in April, 2008 Centralize desktop management for basic IT functions:• Patch Management• Security Configuration• Software Distribution• Antivirus• Active Directory
Initial scope: 1 Principal Directorate (PD), ~2,000 PCs
UCRL: LLNL-PRES-413001
CDM: Part of a larger whole
CDM
Centralized
Networks
Central Help Desk
Change Managem
ent
Service Catalog
Service Level
Agreements
ITIL based framework End-to-end managed
computing environment Centrally controlled
UCRL: LLNL-PRES-413001
Why CDM?
Cost savings• Greater automation• Reduced people/process redundancy
Greater IT Efficiency• Stronger security• More consistency and cohesion• Greater innovation
Tighter Dev/Ops relationship
UCRL: LLNL-PRES-413001
Stated CDM Success Metrics:
CDM Version 1:• 80% of all CDM clients will have Microsoft critical
patches applied within 30 days of release from Microsoft (initial value: ~40%).
CDM Version 2 (10/2008):• 90% of all CDM clients will have ALL Microsoft
security patches applied with 15 days of release from Microsoft
• 3rd party security patches will be applied for: AdobeReader/Flash, Java, QuickTime, Firefox
UCRL: LLNL-PRES-413001
Desktop Management – Traditional Model
NIF
Delegated IT OperationsCentral Services PD IT
OPS
…
Admin
Admin
Admin
• No central implementation• Loose integration of services• Inconsistent feedback cycle• Redundancy of effort
OP
ER
AT
ION
S
UCRL: LLNL-PRES-413001
New Paradigm: CDM
Remove Operations Wall
Move Admin Operations into ITSD
Maintain Tier 2 support in PD
Establish cooperative management team
Directorate IT
Admin Tier 2 Support
UCRL: LLNL-PRES-413001
CDM: The People
2 People Brought in from PD• 1 for Patch, A/V, Compliancy, SW Distribution• 1 for Active Directory administration• Both reported to respective service leads for
technical direction Tier 2 desktop support consolidated under single
manager
UCRL: LLNL-PRES-413001
CDM: The Process – System Binning
Instrumented via Active Directory Groups Categorization based on Efficiency:
High
Most computers Focus on automation Little end user control
Mobile computers/VIPs Focus on flexibility More end user control
Critical Systems Focus on Impact Total end user control
Medium Low
UCRL: LLNL-PRES-413001
CDM: Service Contract
Service Behavior based on Bin
UCRL: LLNL-PRES-413001
CDM: Tools
SelfPatch Presence Awareness
COEConfig SLAM
UCRL: LLNL-PRES-413001
CDM: Dashboards
Summary Information
Key Performance Indicators
Trending
Internet Monitoring
Critical communications tool
Keeps everyone on same page
Demonstrates effectiveness
UCRL: LLNL-PRES-413001
CDM: Results
1st 3 days of CDM v1
1st 3 days of CDM v2
Tangible Results Low user impact Centrally managed
UCRL: LLNL-PRES-413001
CDM: Future
More Services!• Improve A/V & Active Directory Offering• User Data Management• NAPS compliancy automation• System Performance Management (“govinator”)
More Customers• Expand to more PDs• Apply same binning, service contract and tools
UCRL: LLNL-PRES-413001
Questions?
THANK YOU!
UCRL: LLNL-PRES-413001
