Windows Server Provisioning

If you find yourself in need of server provisioning, you probably need it badly. The ability to quickly deploy additional servers or to replace failed servers can be a crucial component of your efforts to keep business applications running. Add to this functionality the ability to keep a library of standardized servers (servers preconfigured to fill specific network roles such as file and print, email, or database serving), and you have a versatile tool that can save scarce IT manpower resources both when recovering from a failure and when expanding your business network. Server-provisioning tools can also be a stepping-stone toward more complete automation of your network server maintenance and monitoring. Let's take a look at two complex server-provisioning products: VERITAS Software's VERITAS OpForce 3.2 and Altiris Server Management Suite 6.0. (For a listing of other products that offer server-provisioning capabilities, see "Other Server-Provisioning Products.")

OpForce 3.2
OpForce, VERITAS's multiplatform server-provisioning software, is designed to speed up the deployment of server hardware with an emphasis on bare-metal provisioning both for new servers and for disaster-recovery purposes. This database-driven provisioning tool supports Red Hat Linux, SUSE Linux, IBM's AIX, Sun Microsystems' Solaris, and Windows Server platforms and includes the ability to detect and provision major vendors' blade servers.

The real power of this server-provisioning tool is its ability to quickly deploy a server—to go from bare metal to a functioning server in just the length of time necessary to get a server image onto completely unconfigured hardware. For companies that have standardized server configurations and hardware, this benefit is incredible.

OpForce creates a snapshot of a functioning server installation. That snapshot contains all the server's information, from every OS setting (and the OS) to all the installed applications and personalization information—the details that make up the server identity. This functionality lets OpForce restore a crashed server to new hardware, returning to the network a functional server that's as recent as the most current incremental snapshot. (After the software takes a full snapshot of a server, future snapshots are incremental and grab only the changes since the last snapshot.)

But you might be more likely to use this functionality to deploy new servers than to perform disaster recovery. You can use OpForce to create a library of snapshots that are essentially the default configurations of servers that play various roles in your network. Do you need a new mail server? Simply plug a bare-metal box into the network (as long as OpForce supports the hardware and the BIOS supports direct Preboot Execution Environment—PXE—boot), pull the mail server's basic configuration snapshot from the library, and blast it onto the new server. Once you have OpForce running and you've built your catalog of snapshots, it's really as easy as that.

Installation
OpForce is a complex product with a detailed feature set, but it's remarkably straightforward to install. Walking through the steps outlined in the thorough Windows Installation Guide (included as a PDF on the distribution CD-ROM), I was quickly up and running. The software prefers that its database run on the same computer, and although it will work correctly if you use an existing database server on another computer, the automated installation simplifies the installation of the version of PostgreSQL that ships with OpForce. (At press time, PostgreSQL is the only database that OpForce supports in the Windows environment.)

In my tests, running the database and provisioning software on the same server presented no problems. Then again, I wasn't provisioning a large corporate enterprise with hundreds or thousands of servers. In my test environment, installing OpForce on an older dual-Xeon server with 1GB memory and an available 76GB stripe set gave me more than adequate performance.

The first installation step was to install the database software. Because I elected to use the included PostgreSQL software, I simply let the included setup program install the database server software and configure it for use with OpForce. Launching the OpForce installer made me glad I chose to use the default PostgreSQL installation: All the default prompts for configuring the provisioning software's database access presume that you've installed the database locally. And although you can change every entry if necessary, simply accepting the defaults made this part of the installation quick and painless.

The next installation step was configuring Lightweight Directory Access Protocol (LDAP) authentication. At this point, I cheated a bit. Although OpForce supports Active Directory (AD)—as well as Novell Directory Services (NDS) and Sun ONE Directory—I selected the Default Authentication option. This option uses the built-in OpForce user database to perform authentication. I would expect a corporate enterprise to use a directory service for authentication purposes, but for my testing the default model was sufficient.

The remainder of the installation is to simply create a Web server—which uses standard ports for communication—and permit the installer to copy all the files to the appropriate locations on the server and create the usual program groups and icons. Because I accepted all the defaults and used the most basic installation, the entire installation process was no more difficult than that of any simple piece of application software—not often the case with products that are this inherently complex.

Administration
You administer OpForce via a Web browser interface. In my case, I simply used the IP address of the OpForce server (i.e., http://192.168.1.154:8080) to access the administration console, which Figure 1 shows. The first time I accessed the console, the software required that I enter the product key for the Windows Server platform. This is a one-time event, but remember to keep your product key handy when completing the installation.

I don't have a huge network available to test all the provisioning features, but I could perform some basic testing. After running the server-discovery process on my small test network, I took a full snapshot of a server that had been running Windows 2000 Server for about 2 years. To determine how effectively OpForce could restore the running server, I shut down the server and replaced the disk drives with identical—but empty—hard disks.

Once the server no longer had any data or OS, it was effectively a bare-metal box. OpForce had no trouble recognizing the server and, at my command, applying the snapshot I created, bringing up an identical twin of the server I'd intentionally removed from the network. The network hardware must support PXE preboot; the OpForce server provides the boot data and connects the hardware to the OpForce server to push the snapshot.

OpForce documentation is in the form of PDF files on the distribution media. The documentation is very clear and provides good, detailed information about installing and using the software. I required only occasional references to the documentation while getting OpForce up and running.

Pricey but Impressive
I've discussed only a few of OpForce 3.2's capabilities. Although it's a pricey tool, the capabilities that it brings to server provisioning—especially if your business runs a mixed Linux, Solaris, and Windows Server environment—are quite impressive, and are helpful for far more than just software provisioning.

Altiris Server Management Suite 6.0
Although Server Management Suite 6.0 provides server-provisioning capabilities that are similar to those of OpForce 3.2, the Altiris Server Provisioning component is just one part of the complete server-management product. You might think the differences between the two products are minor, but they aren't. Whereas the OpForce provisioning solution is incredibly powerful and worked very easily in my tests, the Altiris approach is much more holistic—server provisioning as a small part of the systems management model. Server Management Suite provides a centralized console that lets you run separate applications—for example, Deployment, Inventory, Software Delivery, Application Management, Patch Management, Site Monitoring, and Recovery—that you can apply to server management.

Installation
For the purposes of this review, I focused my testing primarily on getting the suite running and deploying a fully provisioned server. Getting the product running proved to be more complex than actually using it. Also, although the OpForce software gives you the feeling that the Windows environment is just one of many OSs the product runs on, the Altiris software is the epitome of a Windows Server product.

All product installation occurs via the Altiris Notification Server, so you first need to install this software. The Notification Server is your first clue that you aren't looking at a simple provisioning tool. Using the Altiris software requires buying into the entire Altiris infrastructure model. You install the Notification Server, then add Altiris solutions—in my case, the Server Management Suite, which includes the aforementioned capabilities, appearing as discrete components once I added them to the Notification Server.

Installing the Notification Server is no simple task. One amusing moment during testing was running the Software Prerequisite Wizard, which checks the hardware you want to install the Altiris products to ensure that it has the necessary software to support the installation of the products. Because I hadn't done anything but install the basic OS on the hardware, the wizard essentially presented me with a long list of errors and warnings—that is, a list of missing pieces, such as Microsoft SQL Server, the correct version of Microsoft Data Access Components (MDAC), Windows .NET Framework 1.1, and so on.

Many of the services that the Notification Server needs (e.g., Microsoft IIS, Microsoft Internet Explorer—IE, Windows Installer Service—WIS) are standard on Windows Server systems, but I also had to install Framework 1.1 and a copy of SQL Server 2000 Service Pack 2 (SP2). You can use Microsoft SQL Server Desktop Engine (MSDE) instead of SQL Server, but MSDE isn't recommended in a production environment. Thus, the server must be capable of running SQL Server and the Notification Server, and the user must have sufficient expertise to install SQL Server prior to installing the Altiris software.

My test server was adequate for the installation of the complete Server Management Suite; however, the 1GB of memory is the bare minimum that the product requires. Altiris recommends lots of memory, as well as the fastest processors, to support large networks that have thousands of managed computers.

After I satisfied the demands of the Software Prerequisite Wizard, I began the installation of the Notification Server. The server software installation was relatively painless and led me to the configuration of the Notification Server with little trouble. Configuring the Notification Server was quite simple, and I was happy to discover that I didn't need to create a complex SQL Server database; I could simply identify the SQL Server instance I wanted to use and tell the wizard to create a new database.

Administration
Finishing the Notification Server installation wizard brought me to the Altiris Deployment Web Console, which Figure 2 shows. This console—aside from now giving me the opportunity to install the Server Management Suite—let me know that I'd correctly installed the Notification Server. If it hadn't been correctly installed and configured, I wouldn't have seen the Web console. Installing the solutions themselves was straightforward; I clicked Upgrade, Install Additional Solutions and followed the directions to install the Altiris Server Provisioning component.

Using the Management, Inventory, Deployment, and other applications of the Server Management Suite requires installing an agent on any target computer. You can push agents from the Altiris server, or you can pull them by having someone log on to the target computer and install them.

Using the Altiris server-provisioning functionality was a bit more complex than I expected, but the results were similar to those of OpForce. As with OpForce, you don't see much when you select the server you want to configure. The Altiris software simply pushes the required OS and applications to the target hardware, preparing the box to become a functioning server in your network environment. After I mastered the Altiris console's Task Tree model, I saw that the logic of the process was consistent throughout the product. A huge amount of information was available at my fingertips, and deciding what information I actually needed was a project in and of itself.

If I could point out only one standout feature of the Server Management Suite, it would be its incredibly comprehensive Web-based reports. It seemed that, if I wanted, I could generate a report about every detail of server operation, and any user with sufficient access rights and a Web browser could access that report. In the short time I had with the software, this was truly an embarrassment of riches. I could have used all the space available here to evaluate just the provided reports.

Altiris provides documentation in the form of PDF files on the distribution media. I strongly suggest that you read through all the supplied documentation so that you can become familiar with the Altiris infrastructure prior to beginning the software installation. The individual components don't require frequent references to the documentation, but getting everything configured to the point at which provisioning is possible requires a thorough understanding of the Altiris software model.

Reasonably Priced Overkill?
Server Management Suite is considerable overkill if all you're looking for is a server deployment tool. However, if you're looking for a reasonably priced enterprise server management suite, this is one product you should definitely take a look at.