Device management using Bcfg2
m |
m |
||
Line 1: | Line 1: | ||
=Under Construction= | =Under Construction= | ||
- | This | + | This article contains information about using [http://trac.mcs.anl.gov/projects/bcfg2 Bcfg2], an open source configuration management system in management of Maemo based devices. |
+ | == Scope and terminology == | ||
+ | |||
+ | Scope of the article is using Bcfg2 to manage Maemo devices of employees at a fairly large company, where the number of devices is counted on hundreds or thousands. In a private use, or in small companies things covered here hardly make any sense. | ||
+ | |||
+ | In the remainder if this document, following terminology is used | ||
+ | |||
+ | {| class="wikitable" border="1" | ||
+ | |- | ||
+ | ! Term | ||
+ | ! Description | ||
+ | |- | ||
+ | | Device | ||
+ | | Maemo based handset, such as Nokia N900 | ||
+ | |- | ||
+ | | Enterprise | ||
+ | | A large company ot other organization that wants employees to ba able to acces company IT systems using Maemo based devices | ||
+ | |- | ||
+ | | Desktop computer | ||
+ | | A full-size computer (traditional desktop or laptop) used to access corporate IT systems | ||
+ | |- | ||
+ | | Enterprise configuration | ||
+ | | A set of applications and configuration values which the Enterprise wants to deploy into the Device as a prerequisite for accessing corporate IT systems. Usually includes hardening the device security. | ||
+ | |- | ||
+ | | Provisioning | ||
+ | | The process which equips the Device with Enterprise configuration | ||
+ | |} | ||
+ | |||
+ | |||
+ | == Why manage devices == | ||
+ | |||
+ | Provisioning Devices without management is like standing on the waterfront, throwing rocks in to a lake trying to get them into a bucket at a bottom. The throwing movement can be very controlled and calculated, but once the rock is released from hand, all control and traceability is lost. As a result, we do not really know if it ever hit the bucket. And if it did not, there is no way to get it there. Not to mention ability to move it into another bucket if so desired. Over time, we also inevitably lose track of how many rocks have we have thrown. | ||
+ | |||
+ | Hence, Provisioning-only approach leads at least following shortcomings | ||
+ | * No statistics about Devices Provisioned | ||
+ | * No information about success of the Provisioning | ||
+ | * No method to fix failed Provisioning | ||
+ | * No method for managing changes at Enterprise configuration (other than publish a new release hoping users will pick it up) | ||
+ | |||
+ | Using the rock analogy, in Device management approch we never completely release the rock. We tie a thin nylon line into each rock before throwing it. The line helps us to track whether the rock hit the bucket or not. We can use the line to lift misses to the bucket. We can also use the line to move them to another bucket if so desired. We can also have statistics about the rocks thrown easily; just count the lines. | ||
+ | |||
+ | It should be also noted that there are legislations such as Sarbanes-Oxley which mandate keeping track of computers able to access and store corporate data. | ||
+ | |||
+ | == Why Bcfg2? == | ||
- | |||
https://bugs.maemo.org/show_bug.cgi?id=5102 | https://bugs.maemo.org/show_bug.cgi?id=5102 |
Revision as of 17:13, 22 March 2010
Contents |
Under Construction
This article contains information about using Bcfg2, an open source configuration management system in management of Maemo based devices.
Scope and terminology
Scope of the article is using Bcfg2 to manage Maemo devices of employees at a fairly large company, where the number of devices is counted on hundreds or thousands. In a private use, or in small companies things covered here hardly make any sense.
In the remainder if this document, following terminology is used
Term | Description |
---|---|
Device | Maemo based handset, such as Nokia N900 |
Enterprise | A large company ot other organization that wants employees to ba able to acces company IT systems using Maemo based devices |
Desktop computer | A full-size computer (traditional desktop or laptop) used to access corporate IT systems |
Enterprise configuration | A set of applications and configuration values which the Enterprise wants to deploy into the Device as a prerequisite for accessing corporate IT systems. Usually includes hardening the device security. |
Provisioning | The process which equips the Device with Enterprise configuration |
Why manage devices
Provisioning Devices without management is like standing on the waterfront, throwing rocks in to a lake trying to get them into a bucket at a bottom. The throwing movement can be very controlled and calculated, but once the rock is released from hand, all control and traceability is lost. As a result, we do not really know if it ever hit the bucket. And if it did not, there is no way to get it there. Not to mention ability to move it into another bucket if so desired. Over time, we also inevitably lose track of how many rocks have we have thrown.
Hence, Provisioning-only approach leads at least following shortcomings
- No statistics about Devices Provisioned
- No information about success of the Provisioning
- No method to fix failed Provisioning
- No method for managing changes at Enterprise configuration (other than publish a new release hoping users will pick it up)
Using the rock analogy, in Device management approch we never completely release the rock. We tie a thin nylon line into each rock before throwing it. The line helps us to track whether the rock hit the bucket or not. We can use the line to lift misses to the bucket. We can also use the line to move them to another bucket if so desired. We can also have statistics about the rocks thrown easily; just count the lines.
It should be also noted that there are legislations such as Sarbanes-Oxley which mandate keeping track of computers able to access and store corporate data.
Why Bcfg2?
https://bugs.maemo.org/show_bug.cgi?id=5102
Bcfg2 was chosen as the first try-out candidate because
- All logic possible is performed at the server end, making the client lightweight
- Device management is a special use case, fair amount of tailoring is anticipated. Bcfg2 is very tailor-friendly. Nearly all components are replaceable
- Implementation language is Python, which was already familiar
apt-get install python tar zxvf bcfg2-0.9.6.tar.gz cd bcfg2-0.9.6 python setup.py install --install-layout deb --record /root/bcfg2files
Note, Category is intentionally broken, this is not in any shape for showing up yet
[[
Category:Power users
]]