The purpose of this article is to give you a technical (sorta) primer on the reasoning to look into the RES Dynamic Desktop Studio. This is the combo of the two flagship products of RES Software; Workspace Manager and Automation Manager, which, if I may emphasize: is freely available for download and evaluation from RESsoftware.com, unlike the practice of certain other vendors, ha! The article is a collection of thoughts and views that I often share with course participants during training, so I hope they may be useful or at least interesting for you too. Finally it is my ambition with some examples at the end to set you well on the shortest path to use the RES products for the benefit of yourself and your organization.
Even though the RES products are very logical and stuctured to work with, the first steps with any product that's new to you, can be a challenge. It's kinda like getting into a new car model you haven't driven before. You need to spend a few moments familiarizing yourself with the vehicle, find the knobs for seat adjustment, mirrors etc. You already know what you want to do, but need to figure out how it's done in the product at hand. With the RES products it's the same deal, albeit there are slightly more knobs, dials and levers to get aquainted with.
So, where are you at now?
For the purpose of continuity, I will presume that you are at least half way through the stage where you're considering RES Workspace Manager and/or RES Automation Manager as the right way going forward for you. Suffice to say, if you are merely looking for a quick fix or point solution to deal with one problem, the pletora of features which are to be found under the hood of both Workspace Manager and Automation Manager, may seem overwhelming at first. I trust you'll see where I'm comming from in the following rant:
We all know the type: The overworked and underpaid IT guy (believe me, been there, done that). In this role, due to the never-ending workload we tended on the daily to look for hand-to-mouth solutions: quick fixes to quell current pains and put out fires, hoping in futility that we eventually could get on with dealing with all the other crap that's piling up on our desks. We rarely get the opportunity to pause, step back and look at what may be wrong with the big picture. Usually something major has to break before that happens, some heads may even roll and only then we may get a brief window of opportunity to obtain a fresh perspective on how we manage our IT.
If that scenario sounds all too familiar, it is imperative to seize those rare oportunities to ask the questions: Are we doing this right? And are we using the right tools for the job?
The tools of the trade
My favorite analogy here is: Okay, so you're a carpenter. You need to bang a nail into the wall but you can't find your hammer. Right, a screwdriver handle can do as a hammer in a pinch. Job done. Next day you've got 20 nails to hammer in. You're probably better off getting a new hammer at this point. The week after, somebody asks you to hammer in 2000 nails into a new house. This is where you want to consider a nailgun. The morale of the story is twofold:
- There's no magic-bullet-product that will make all your pains go away
- Use the right tool for the right job.
At this point you might stop to think; "Well that's a load of BS, because I've got a swiss army knife, a LM SuperTool or some other multi-thingamagoo that let's me do many things with one tool!". Yep and those are indeed great tools which all belong in any well equipped carpenters toolbox. No argument there. See below.
To make my point: On my planet, The RES Dynamic Desktop Studio is a Swiss Army Nailgun! Complete with lasersight and extra powerpack! :-) Yeah, let me explain that: It's specialized for the purposes of Workspace and Automation Management, yet contains all items necessary to accomodate pretty much any kind of Windows environment it may encounter. Hence, it's not a point solution. There are however a few certain things you cannot do with the Dynamic Desktop Studio, where you would need an old fashioned "hammer". An example is currenty bare metal deployment/PXE boot. Per design RES doesn't currently do this, as there are dozens of products out there (of which several are free) that does this very well. RES Software focuses on producing the best specialized tool around to deal with the challenges of the Dynamic Desktop.
Policies, policies policies
When adapting a new tool like this, something which may work against us, is the fact that for the last 15+ years we've been schooled in the Art of Windows; that the main way to manage Windows centrally is through our friends; the Policies. The main challenge with policies is that conceptually they are all over the place. There's very little structure. Sure, if you do nothing but manage policies all day long, I guess you might disagree as you eventually got it all figured out. The rest of us may have considerable challenge juggeling loopback policies, gpresults, inherritance and a load of other interesting things. Besides that, in one policy template you may have settings for both the computer and the user, which can be applied seperatly. Finally, there's the way policies are applied. I believe MS tells us that a policy should be applied after max 15 minutes after logon, and will be re-applied every 90 minutes or so. But hey, they come standard out of the box and you can do a lot with them. So why look elsewhere?
Well, I can only give you a subjective answer to that. In short, policies were never my weapon of choice. It was my feeling that I had to jump through way too many burning hoops to actually reach the goal I was trying to accomplish in the first place. Second, policies could only bring us so far. Exhibit A: Hiding driveletters was a royal pain in the butt as one usually had to hack the policy template .adm file in order to get the desired results. Also it's far from all apps that can be controlled with policies.
These are the two primary reasons why I started using RES products back in the day. The major differentiator, which in my humble opinion makes the RES Dynamic Desktop Studio great, is a clear and sound technical strategy behind the products:
One product is all about the users and their needs in their workspace. Everything from configuration, security and performance, to documentation and much much more. All in ONE console. The other product is similar only as it's strictly dedicated to dealing with all things system: Computers, Servers, AD, Databases and many other things.
As with all significant tasks before you, it is very important that you sit down for a minute and think about what you actually want to do specifically. And of all those wonderful things, what do you want to do first. If you have no clue, RES suggests in the getting-started guide that you follow the steps of Desktop Transformation:
- Install the desktop sampler and collect some data,
- Import this data into the workspace designer and start laying out some ground rules.
- Finally you use the Workspace Model feature to enable those rules one at a time until you have a managed workspace.
That's all fine and good, but it may not necessarily apply to our current scenario or expectations, as we may have other initial purposes which we want the product to serve. Desktop Transformation is a great way to get things started though as it will allow you to scope out the state of things and gather intelligence before you do anything else. However, let's have a look at the scenarios which we may run in to. I've organized these under statements which you may perhaps be able to identify with, in no particular order. With the
Initial purpose #1: "We want to manage our profiles". This is one of my favorites – First of all, we need to qualify the above statement a bit. First of all, what kind of profiles are you using, what's your perceived problem, and how & why do you want to manage it in the first place? The most common reasons is obviously profile bloat and/or corruption, which there has been written countless articles about on the net already. The way the RES Workspace Manager addresses these issues is NOT to manage the profile. The profile itself is actually quite uninteresting from the workspace's point of view is merely a container/storage object. What's interesting and necessary to deal with are the actual settings within it. Erwin, Paulina and the rest of the gang over at the RES Support blog have written a series of great articles on the usage of Zero Profiling technology. I suggest you check them out here. At a later stage it is my ambition that myself or somebody else writes a Zero-profiling 101 article with some simple 1-2-3 how-to's to follow.
Initial purpose #2: "We want to merge local apps with a remote desktop". This is a classic case of need for the Virtual Desktop Extender aka VDX, which RES Software holds a patent on. If you haven't heard about it before, it's the ability to do "reverse seamless windows", i.e. making a locally running rich application seem like it's embedded inside a remote desktop. I have previously written an article, available here, which explains in detail how to set up a VDX demo that will knock your socks off!
Initial purpose #3: "We want to migrate our XP workstations to Windows 7/VDI". The need for migrating away from Windows XP will become more and more pressing as time goes on. We can be damn sure this isn't something that will go away. For this purpose you really need to consider the Desktop Transformation described above. The more you know about the existing environment, the easier it will be to re create that within the managed context of the Workspace Manager. Second Zero Profiling technology is your friend as it will allow you to carry settings across the respective OS platforms in realtime.
Initial purpose #4: "We want to lock down our user environments to a varying degree". Not all environments needs the same degree of lockdown. At the most restrictive end of the scale, we find the Server Based Computing environments (TS, Citrix) which is essentially an environment where both the HKLM registry and the OS/file system is shared among multiple users. Suffice to say if such a system is left unmanaged and not secured properly, you will eventually run into trouble. The RES Workspace Manager has 5 independent security subsystems which will enable you to control exactly what is allowed in terms of process launches, filesystem, filetypes/folders, sessions, removable disks and network security. The beauty of using these security systems is that you won't break anything as they are applied as a seperate layer on top of what you're already using. That means that there is no tatooing of NTFS or similar, which you may encounter using a traditional lockdown methodology. I've written a primer on working with the RES Security model. The article is available here. The last thing I want to add to the discussion about security lockdown. Remember to look at the Workspace Models located under the Setup node in Workspace Manager. Using the PlusMenu at the top, you can make exceptions for given environment, so for example your workstations aren't locked down as hard as your TS/Citrix servers.
Initial purpose #5: "We want to get rid of all the scripting". Who can blame you?! That's why I looked at the RES products back in the day, in the first place. The best place to start is to take the bull by the horns. Print out a hardcopy of your loginscript (this is where a good old matrix printer with fanfold paper would be a blessing :) Pick out all the easy wins, meaning go after implementing all the easy stuff first. Start with drivemappings for example. There are usually a ton of "IF MEMBER OF <some group> THEN MAP X: to \\Server\share. Those are easy-peasy to configure in the Workspace Manager in the Composition|Files and Folders|Drive and Port mappings section. Start there and work your way trough your reghacks (use Composition|Other|User registry), file copying (use Composition|Other|Execute command, custom resources or Automation Manager Integration) and whatever else your login script does. Keep your eyes peeled on this topic as I will bring something interesting up here right after xmas.
Initial purpose #6: "We want try out the RES products, where do we start?". First of all – We wouldn't have it any other way! The more potential customers kicking the tires and taking the products for a spin, the more folks to potentially join the extended RES family. Installing the software is the easy part, as there's a nice and easy-to-follow quickstart guide available for download here. After that the fun starts. However you really gotta have a sense of what you want to try out. As we discussed at the begnning of this article, that can be tough if you are new to the product and don't know what it can do. A colleague and I are currently writing our own "guided tour" article based on experience in the field, which may help you with this. Stay tuned for an article update on this!
There are plenty of other initial purposes besides the 6 listed above, especially when we dive into the abilities of RES Automation Manager. However with the above article I hope to have given you a little bit better understanding of what RES Software does and why we do it.