Deploying XP on a diskless network?

[JB]

Hi all, I need a little help here. I am a low level system admin, and
I just
got a huge promotion to the Sr. System Admin. Along with the promotion

came
a requirement to development and deploy a network with 44 desktops, 25
operational by October 1, 2006, with an Exchange and a file server,
backup servers for failover, and a connection to our WAN

Doesn't sound too bad, I have basic knowledge and skills, but here
are a couple of more
requirements. All workstations need to run Windows, and (the big one)
no
data may be stored outside of the vault / server room. That means I
need a
diskless network running WindowsXP pro, or I need removable hard drives

that
would require a huge amount administrative paperwork in order to track
and control.


Nothing is currently in place. I can build or buy whatever I want at
this
point, but I need to get an idea of what I'm going to need, and how
much it's
going to cost so that I can get a budget started.


Any guidance would be great! If someone could just point me to some
resource in print or on the web, I would be very grateful!


JB

 

[DL]

Perhaps outsource to Dell / HP

 

[Robert Moir]

Nothing is currently in place. I can build or buy whatever I want at
this
point, but I need to get an idea of what I'm going to need, and how
much it's
going to cost so that I can get a budget started.


Any guidance would be great! If someone could just point me to some
resource in print or on the web, I would be very grateful!

If I had to implement something like this, I'd probably consider PC Blades.

http://www.clearcube.com/controller/hardware.php


--
--
Rob Moir, Microsoft MVP
Blog Site - http://www.robertmoir.com
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
I'm always surprised at "professionals" who STILL have to be asked "Have you
checked (event viewer / syslog)".

 

[Adam Leinss]

All workstations need to run Windows, and (the big one)
no data may be stored outside of the vault / server room. That means
I need a diskless network running WindowsXP pro, or I need removable
hard drives

Can you clarify this a bit? Are the users allowed transfer the data
over the wire to their PC, modify the document and save it back inside
the vault? You can lock down the C: drive so they cannot save
documents to C:. That's what we did at the hospital. The only
possible place that users could store files locally was in their own
profile directory. If you are worried about that, you can set them up
with mandatory profiles.

If the data cannot leave the vault under any circumstances, I would
setup the Windows XP machines to boot right into a RDP client
(MSTSC.EXE). The user will then be forced into a RDP session on the
server and their Word, Excel, Powerpoint, etc. programs will all run
within the RDP session right on the server in the vault.

Of course, all of your applications have to be able to run with in a
RDP session.

One other note: removable harddrives are generally insecure. We used
them at the hospital and all used the same key to lock them in place.
The key was not unique to our company, so anyone with a bit of
intelligence could easily remove them.


Adam

 

[Hunter01]

Hi all, I need a little help here. I am a low level system admin, and
I just
got a huge promotion to the Sr. System Admin. Along with the promotion

came
a requirement to development and deploy a network with 44 desktops, 25
operational by October 1, 2006, with an Exchange and a file server,
backup servers for failover, and a connection to our WAN

Doesn't sound too bad, I have basic knowledge and skills, but here
are a couple of more
requirements. All workstations need to run Windows, and (the big one)
no
data may be stored outside of the vault / server room. That means I
need a
diskless network running WindowsXP pro, or I need removable hard drives

that
would require a huge amount administrative paperwork in order to track
and control.


Nothing is currently in place. I can build or buy whatever I want at
this
point, but I need to get an idea of what I'm going to need, and how
much it's
going to cost so that I can get a budget started.


Any guidance would be great! If someone could just point me to some
resource in print or on the web, I would be very grateful!

Thin clients and Citrix would be one way to go.

 

[JB]

The systems can not have a hard drive attached if there is no one
within eye sight of the unit.
It's more then saving documents, not even system configuration
information can be stored on the systems.

I believe that Hunter01 has the right idea. Does anyone know of a
white paper or other information on Citrix and Thin Clients?

 

[DL]

http://www.thin-world.com/ ?
http://www-03.ibm.com/systems/bladecenter/

 

[Al Dykes]

http://www.thin-world.com/ ?
http://www-03.ibm.com/systems/bladecenter/

Deploy normal PCs for the general purpose applications and everything
that *doesn't* need Top Sekret security.

Put a Big Server in the vault with your secure application and data on
it and set your users up to get at it via Remote Desktop. None of
your critical data will leave the vault. You're users will have *much*
better performance and you won't have a central box as a complete
bottleneck.

There might be some scraps of data in pagefile on the desktop and this
may not meet NSA's highest requiremenst but if you are playing in that
league you have *lots* of things to worry about, not just your C
drive.

I bet there is an XP setting to zero the pagefile on shutdown.

 

[Hunter01]

The systems can not have a hard drive attached if there is no one
within eye sight of the unit.
It's more then saving documents, not even system configuration
information can be stored on the systems.

I believe that Hunter01 has the right idea. Does anyone know of a
white paper or other information on Citrix and Thin Clients?

Send me an email, I use my real address, can give you the lowdown on the
Citrix side as it's worked for us (we only use it for VPN because
funding not available for anything bigger than that yet, and since the
processing grunt needs to be available server side with a citrix
solution we have a problem there, limiting to 50 concurrent out of 1500+
employees at this point), sure you can find Thin Client info on the net
elsewhere though.

I'm more interested in the blade PC idea that someone else mentioned,
after a bit of looking it seems one of our traditional suppliers (HP)
are moving into that market, pity we're vetoing them at the moment due
to their piss-poor Indian call centre support. Spose we'll have to see
how the future pans out....

 

[JB]

As my day wore on, I have moved more towards the Blade idea myself. I
have contacted HP and Clear Cube and requested proposals. We'll see
what they give me.

I'm not a HP fan, and Clear Cube lists some of my past employers as
clients. I hope that this means they will understand my security
requirements, and have a COTS product ready to deploy.

Thanks for your help,

I'll let you know how it turns out.

 

[JB]

Clear Cube looks great, then you get to the price! They are talking
about $4k per user... not counting storage, back-up, and disaster
recovery.

Still a very nice product, but unless Im able to work up some cost over
lifecycle savings, no way I can pay that.

Still waiting on HP to get back to me.

 

[Hunter01]

Yeah, price completely blows us out of the water too. We're already
about to move to a SAN environment, and the back-up side of things is
already catered for, so I think this is a brilliant way to move, which
will hopefully happen somewhere further down the track.

Somewhere when we've already got the SAN bedded down and paid for, when
the next big PC replacement cycle hit us (we're in the middle of one
now, so probly about 3 - 4 years down the track), and most importantly,
hopefully when the price has come down!