totalnetsolutions.net

In the Windows world, tools like Group Policy, System Center Configuration Manager, and DesktopAuthority, among others, have been around for 8 or more years to allow fast simple deployment of software and updates to remote computers, or force tasks to be run on remote computers.

For the Unix/Linux world, there doesn’t seem to be as much available.

If you have a pure HP-UX shop, there is HP Systems Insight Manager (SIM) with plug-ins available for software deployment, and I believe IBM Tivoli has a function or sub-product which does the same thing if you have all AIX systems. Red Hat Network has a feature to allow commands to be run on your servers, but only whenever they check in with the RHN or your internal Satellite Server (much like Group Policy, except GPO doesn’t allow “in the middle of the day” script creation without GP-Preferences). So what’s available that’s like SCCM or DesktopAuthority – a “click now and do this thing” tool?

A bunch of my customers just have various levels of logging and processing that come down to being a big for loop that ssh’s into a server and runs a command:
for i in `cat server-list.txt` ; do scp scriptname $i:/root/; ssh $i "/root/scriptname" | tee logfile-$i.log; done;
While it works great for smaller commands. if you have a mixed environment, the “scriptname” script has to be intelligent enough to know what it’s running against, or your “server-list.txt” has to be broken up by class of system. In either case, if you have 200 systems in the list, and the task takes 5 minutes per server, a single install will run for 16-17 hours.

Software like Likewise Enterprise which allow Group Policy management to remote computers is great, because you can have guaranteed delivery and execution of your script or command in (by default) 30 minutes, but my problem is how to get it there in the first place?

So, administrators out there in companies with 1000, 4000, 10000+ servers (or even Desktops), what mutli-threaded or multi-process tool are you using to tackle this timing/resouce problem? Please post below!

So, any regular readers might have noticed that the posts have been slow coming the past few months.  Hopefully you don’t think that the depth in those few posts has been lacking.  I’ve been struggling with how to report that I took a new full-time job in April.  Obviously, it’s not stopping me from writing, but has slowed me down a bit.

As you may remember, back in January I was invited to speak at Directory Experts’ Conference, 2008. If you weren’t there, I spoke about integrating 30+ Linux servers with a 2000-user Active Directory forest at one of the U.S.’s biggest home improvement providers. At the time, we had used Centrify DirectControl 4.0 to accomplish this integration, and they were the ones who invited me to speak at DEC.

As part of my preparations, I reached out to Quest Software to ask about Vintella, now renamed “Authentication Services”, and to Likewise Software, who sent me software and support contacts (at my request), so that I could learn Likewise Enterprise as well as I knew Centrify DirectControl. That was a very tall order for Likewise Software to fill, as I had spent the past 6 months learning DirectControl inside out.

After 4 weeks of building demonstration machines (with both products), capturing video in case the demos crashed (which they didn’t), and building a presentation and practicing it, DEC was upon us.  I gave two presentations, one specifically for Centrify on Monday, and the primary one on Wednesday.  At the end of both presentations, we recieved a lot of great questions which Centrify’s Director of Product Development helped answer.

At the end of the conference, Likewise offered me a job. After many discussions with them, my friends and family, and my customers, I decided to take the opportunity. This is not a decision I made to slight Centrify, who’s support of me through my time as a customer was amazing, and who’s assistance through the presentation was fabulous. It’s just one of those opportunities that comes along that I couldn’t pass up.

So for the past 6 months I’ve been the Project Manager for Deployments for Likewise Software. I’ve been on the road about 80% of the time, working with customers to install our software in their environments. Many of the posts I’ve made in that time have been in response to an issue we’ve seen or avoided at a customer of Likewise. I will continue to write these, and I’ll work on doing so at my old (2007) pace of about 3-4 posts a month, since they have been (according to my stats) useful to many people, which is the point of writing this blog.

That means, no changes here compared to last year, but I will have a wider variety of topics, and I’ll likely start mentioning our software specifically. I want it to be clear it’s not advertising, but just the state of what I’m working with. Again, Centrify makes a great product, and I was very happy to have chosen it for my needs at my previous employer.  However, I’ve chosen to move forward with this open source company (Likewise Software) for the next stage of my career, and will continue to write about software and integration with a view towards open source software.

Thanks for continuing to read!

Robert Auch

More and more of my customers are (rightly) installing 64-bit versions of Windows for critical systems like Domain Controllers, File Servers, and Database Servers.  The increased memory access for user-mode programs (and increased file cache size for file servers) is a huge help for heavily used systems.

But there are are still a lot of tools only written for 32-bit systems.  That is to say, MMC consoles and VBScripts that just act… funny on 64-bit servers.  So, here’s some errors, and how to quickly fix them.

For VBScripts, you’ll often just get an error similar to:
scriptname.vbs(48, 1) Microsoft VBScript runtime error:
ActiveX component can't create object:
It doesn’t matter what the object is, and if you register the supporting DLL or reinstall the application that provides the function, it still won’t work. The fix? c:\windows\syswow64\cscript scriptname.vbs or c:\windows\syswow64\wscript scriptname.vbs, depending on if you want it run in a console (cscript) or popup windows (wscript). I personally write everything for cscript, cause I can redirect the output to a log file. This trick I found here, and reminded me to write this up with my next fix.

For MMC consoles, what often happens is you just don’t see the tab you’re looking for, or you can’t even find the console to add the snap-in to the MMC. No error messages, and nothing shows up that you’re looking for. Luckily, this is also an easy fix. Click the Start button, then “Run…” then type in “mmc /32″ or “mmc -32″ in the box and click “OK”. You’ll now be presented with an empty MMC, but you can now add the snap-ins you want, and the 32-bit programs (such as the “Additional Account Information” from acctinfo.dll from the Windows Resource Kit Tools) will have their tabs show up properly.

I see the Ubuntu battery life topic has gotten a litle more attention than normal lately, and we’re happy to have new visitors. I have several new posts in draft right now, work is just keeping them from being published immediately, so come back soon!

I drafted something on November 2nd about problems with Fedora 7 and SELinux. This still exists on Fedora 9, by the way. Just a quick “FYI” that there’s a big new technical fix posted, and your RSS reader probably didn’t pick it up (Google reader and Akregator didn’t).