CLM Cooperative Lab Management
This page describes a partnership between CLC and other administrative units for the joint management of student computer labs and classrooms.
Contents
Purpose
There are multiple reasons for this project, including:
- Providing a consistent user interface for students among the cooperating campus and public labs and classrooms at University Park. When students become familiar with the lab environment at one location, they can use the facilities at another location with very little difficulty.
- Leveraging CLC's tools and infrastructure for managing student labs can provide a more adaptive, secure environment and free up time for managing staff and faculty computers.
- Having flexibility in deploying applications, last minutes fixes, and moving applications.
Background
CLC manages 2200+ Windows XP lab and classroom computers throughout University Park using distributed and scalable technologies. These technologies allow CLC to manage each workstation remotely, requiring CLC staff to typically touch the physical machine once per year and allowing a customized application software suite depending on the hardware and the workstations' location. Enhancements made to the process in 2005 make it feasible to consider extending CLC methods, processes, and infrastructure to support labs primarily run by other administrative departments. Also, various "homegrown" tools and our backend database have matured to the point that sharing the use of them has become feasible. Sharing the individual tools outside our environment/infrastructure is, however, not feasible.
Tools and Infrastructure
The various components that make this an attractive arrangement include:
- CLC Build Key: a custom image on a 2GB USB flash drive that can build a machine in as little as 3 minutes of staff time.
- Remote rebuild: computers can be remotely scheduled to rebuild themselves if they're really "screwed-up" or if a new set of application suites is to be deployed.
- Highly locked-down and secure workstations: the file system and the XP firewall are very secure and difficult for end users to "mess up".
- Active Directory and Group Policies: computers join an OU defined for each room in the labs.win.psu.edu domain. Applications are deployed by links to Group Policy Objects, allowing packaged to be easily updated throughout the academic year
- Shared application packages: GP deployment requires applications be packages as "MSI"s (Microsoft Installer files); some applications come that way but many have to be repackaged and tested; CLC shares application packages with CLM participants and vice versus (application licenses are still purchased by each administrative unit).
- OS Updates - CLC tests and deploys patches via WSUS (Windows Software Update Service).
- Users login with their PSU Access Accounts using the dce.psu.edu Kerberos realm; these credentials allow access to resources in other domains that also trust the dce.psu.edu Kerberos realm such as local domains or access.psu.edu.
- User tools include:
- Roaming profiles - contain user preferences and application settings that follow the user from computer to computer; these are defined for all users and are automatically moved to local servers or back to UP if the student transfers.
- User Setup - let's users define their home folder, name, and news settings; displays new news titles at login
- Clear Profile - a web-based utility to clear or reset the roaming profile, for when application settings get very screwed up
- Classroom Control - for use by the instructor from a podium computer in a classroom to lock student screens, send messages, reboot, etc.
- Current Lab Use - users can see how busy a location is before going there
- Lab Hours - a database-driven web application for finding rooms based on hours, equipment, and other parameters.
- News - news and reminders specific to the administrative unit's area
- CLC Inventory: a comprehensive database of all computers provides
information on several levels:
- Computer Lists: lists of computers can be generated by administrators given many different criteria, such as those not answering "ping" for x days; those no one has logged onto for x days; those with "incorrect" DNS entries; etc.
- Computer details (first level): platform, attributes, room, OU, when added, when verified in AD, status (active, broken, etc.), repair records, IP address, DNS, local admin password changed/queried, last reply to ping, last user login/logout; link to detailed inventory.
- Detailed inventory - collected every night from every (Windows) computer: all hardware and software installed.
- Lab Commander - Windows application for administrators to control lab computers (query, schedule reboot, issue commands, etc.). This talks to the . . .
- Update Service - A Windows service written by CLC for managing the computers; responds to commands from Lab Commander.
- Lab QP - Web app for administrators to query local admin passwords (which are changed frequently to random strings).
- Lab News - administrators publish, via a web application, news about their facilities. Users automatically see new news titles at logon via the User Setup application.
- Lab Use Data - CLM partners automatically get access to session data and summary information.
- Keyserver - An optional component that allows for application usage tracking and has the ability to allow pooling of software licenses using concurrent, if allowed by the applications EULA. This component is licenses per workstation and also has a yearly renewal cost.
- Printing chargeback - A feature easily added once it is available to the University as a whole.
Current Participants
- Department of Chemistry, in the Eberly College of Science
- Digital Library Technologies - All library locations
- The College of Communications
- The College of Earth and Mineral Sciences
- Morgan Academic Support Center for Student-Athletes
- Penn State Dickinson School of Law - Carlisle and University Park
- Penn State DuBois
- Penn State Harrisburg
- Penn State Lehigh Valley
- Penn State Mont Alto
- Penn State Wilkes-Barre
- Penn State Worthington Scranton
Benefits
- Participants benefit from the availability of the tools and infrastructure described above by having more reliable facilities that are easier to setup and manage.
- The students and faculty experience a more consistent computing experience when moving between campuses or around University Park.
- Once an environment has been migrated into CLM, some participating unit's have reported a decreased in the time needed to support their facilities.
Cost
ITS does not charge any unit for this service, however there are some hardware and software costs.
Hardware
Unit's at University Park can leverage CLC existing server
hardware.
Campuses are required to have a single file server on their campus dedicated to
the project. The typical cost of such a server is normally $5k-$6k and typically
has a 3 year life cycle.
Software
If a unit's software package needs go beyond what CLC already has package, the unit would be required to package the application using a MSI packaging tool. CLC currently uses Wise Package Studio Professional and we encourage unit's to purchase this product so we can provide the units with support, and occasionally training, when it is needed.
Sassafras Keyserver is an optional component that a unit can elect to use. For ease of administration we run a central keyserver for this purpose and coordinate the purchase of licenses and renewals. Keyserver is licensed per workstation and each license has a renewal cost per year.
Each workstation apart of the project must have a Symantec Ghost software license.
If you would like to know the cost of these software packages and their renewal cost, please email admin at staff.win.psu.edu.
Limitations and Requirements
There are some limitations with this service that need to be considered by potential participants:
- Hardware: only certain models of computers (Dell Optiplex models, 260 and newer) can be supported because drivers have to be inserted in the base image, and the BIOS has to support booting the USB key in a certain way.
- Server: a modest local server is required; specifications are provided when a campus begins discussions with us.
- Networks: several requirements for networking the lab computers to the server will be provided when a campus begins discussions with us.
- Applications not already in CLC or CLM partners' labs will probably have to be repackaged as MSI's; this can be time-consuming, and the best software for doing it is costly.
- Dual-booting a different OS with XP is not secure and as such is not supported.
- We support Linux by the user using the CLC's Linux cluster. A graphical user interface to the Linux environment is available through VNC.
- The CLC build and computers joined to labs.win.psu.edu may not be used for individual faculty and staff.
Partners are required to:
- Have their dean or chancellor sign a "memo of understanding" defining responsibilities for CLC and the administrative unit.
- Register all administrators with CLC.
- Agree not to share CLC administration tools with non-administrators or other locations.
- Participate in regular meetings (usually by video conference).
- Purchase all hardware and software (there is no charge for CLC software or these services).
- Provide or purchase a server to house roaming profiles, print services, and application distribution shares, if the labs are located at a campus other than University Park.
- Share application packages with other partners when feasible and legal.
- Use the dedicated mailing list for discussions and reporting problems.
- Visit the dedicated SharePoint web site regularly to review documentation and announcements.
Further Information
Questions from potential partners about this program can be addressed to admin at staff.win.psu.edu.
This site maintained by the Classroom and Lab Computing group of Information Technology Services.
Suggestions and comments about this web site: CLC Webmasters; Other contacts here.
This page was last modified: 9/5/2008 7:39:57 AM.