Device Management and Provisioning
Summary: The term "provisioning" for a device means to evolve a device to a state in which it can be handed-off to an end user, or end-user team, for their specific use in a functional manner. The device could be a desktop, laptop, server, or mobile device. (6 printed pages)
Having lived through an unprecedented housing boom in the country over the last decade, everyone will agree that the process of building houses is something that has been optimized in this country. From initial planning to architecture, governance, construction, and final delivery, the process of "provisioning" a house is quite complicated, but very repeatable and scalable, as the housing market boom has clearly shown.
The provisioning of a house starts with the zoning or rezoning of a parcel or lot, and ends with the final closing in an attorney's office whereby the house is "handed-off" to the owner. Throughout this entire process, a number of players, agencies, and businesses come into play in a specific order with a shared specific goal, and work within a standard framework and process to deliver the end goal efficiently. To name a few, the players are builders; subcontractors, such as plumbers, electricians, and architects; governance folks, such as city planners and inspectors; attorneys; and, of course, the consumer. The tasks performed by these players are numerous and varied. Some of these tasks are serialized (for example, walls can be put up only after framing, plumbing, and wiring), while other tasks can be carried out in parallel (the consumer can work on financing while the builder is building, for example), but they all tend to happen according to a plan and all come together at the end with few surprises.
After it has been "delivered," a house must be managed—not only for its proper functioning, but also for the good of the overall neighborhood and community. This monitoring, or management, is carried out by the builder (warranty), consumer, and other organizations—such as homeowners associations, architecture committees, and county and municipal bodies—that ensure that covenants and other regulations are followed.
Devices in the IT world are provisioned and managed in a similar conceptual manner, although different in scale and timelines. The term "provisioning" for a device means to evolve a device to a state in which it can be handed-off to an end user, or end-user team, for their specific use in a functional manner. The device could be a desktop, laptop, server, or mobile device. In this context, provisioning could include, at least:
- Wiring appropriate electrical power.
- Cabling the physical location for communication ingress and egress.
- Populating data-center racks with appropriate server hardware, power supplies, and other appliances.
- Configuring the internal network.
- Deploying storage appliances.
- Installing operating systems.
- Deploying software services, Web servers, or database servers.
- Setting up user access and privileges (on devices, or centrally).
- Installing appropriate business applications.
Various players act at different times, accomplishing specific tasks to provision a device. To name a few, these can be:
- Procurement agents.
- System administrators.
- Application developers and deployers.
- Operations technicians.
- Storage engineers.
- Network engineers.
The tasks performed by these players are as varied as the tasks involved in building a house. Again, some tasks may be serialized (for example, the application cannot be deployed and configured until the operating system has been installed and an IP address assigned to the appropriate servers), while other tasks can run in parallel (user accounts can be provisioned at the same time as external storage is being provisioned, for example).
For simplicity, let's limit the term "device" to mean hardware or a computing device that is capable of running a business application. For instance:
- A desktop running office applications
- A database server, to enable internal finance and accounting departments to keep track of general ledger entries
- A server hosting a data warehouse for an enterprise
- A BlackBerry enabling an executive to stay in touch with e-mail and calendar while on the road
For simplicity, we will ignore for now other devices that also make up the IT ecosystem, such as storage devices (disk arrays and cabinets), network devices (routers and switches), peripheral security devices (firewalls and antispam/antivirus appliances), and other peripheral devices (printers and scanners).
The provisioning of computing devices primarily has been a manual process. The tools that have existed in this space have been either very vendor- or technology-specific or limited in scope. However, lately, many players have developed new tools, or existing players have extended their offerings, to raise the level of automation in managing and provisioning computing devices. The tools and vendors to look at in this space are BladeLogic, Opsware, IBM Tivoli suite, HP Openview suite, and Altiris, among others. Many mobile-device and service providers offer their own proprietary mobile-device provisioning. Big names include RIM, Good Technology, Nokia, and Microsoft (Mobile 5.0). To better understand the problem space of device management and provisioning for computing devices, let's classify computing devices into three types:
- Server devices (in a data center or a lab environment)
- Workstation, desktop, and laptop devices (specific to users)
- Mobile devices (smart phones, PDAs, and BlackBerry devices)
We can also classify provisioning tasks into the following:
- Provisioning the operating system (OS)
- Provisioning system software and other common components (device personality)
- Installing and configuring application code and its associated content
Let's look at these in some more detail.
Servers tend to be the most difficult devices to provision. The process starts with data-center or lab preparation: finding rack space, cabling for power, network and storage, and appropriate cooling. After this has been accomplished, the aforementioned software stack is provisioned.
Provisioning the Operating System
Servers are quite heterogeneous devices, as they might have subtle configuration variances and specific devices attached that might require scripted installs. Servers are updated frequently with security and OS patches and configuration updates, often requiring rebuilding of OS images. Network settings, service-specific users/passwords, and other parameters are bigger issues on servers versus desktops, because of the higher degree of configuration complexity, as well as unique security and network settings.
Although disk cloning is slightly faster than unattended scripted installation, it is recommended only for the OS layer of server provisioning where server hardware is similar, and only for the base network configuration. Unattended scripted install has the benefit of allowing for parameterization of unique server differences, as well as the ability to invoke the hardware-vendor-recommended system utilities that participate in the unattended install process.
Provisioning System Services and Common Components
This involves installing such things as monitoring and backup agents (BMC and Symantec) and middleware/infrastructure software (such as Microsoft Exchange, Oracle, BEA, Microsoft Internet Information Services (IIS), and so on), and should be accomplished by using scripted installs. A master script or formatted configuration file calls the individual software packages or scripts in the appropriate sequence, passing server-specific environment parameters (host name, IP, DNS server, location-specific parameters, and so on) as each step occurs. This approach allows server personalities to be modified easily. Script parameters are the only things that must change when the same layer is installed on another server, which greatly improves efficiency and reduces storage costs.
Application Code and Content
This layer of provisioning prepares a server to run the specific business functionality for which it is being provisioned. This includes the application code, application configuration, and any content (text files, documents, and multimedia files) that might be needed to run the application. Installing these should also be accomplished by using a collection of unattended scripted installs. While few companies make investments in standardizing the packaging and deployment of this layer, doing so allows for the automation of the entire server-stack provisioning process.
For the system layers, a scripted install is recommended in most cases. For application updates, a scripted install is always recommended, if only because the pace of change at this layer is so high that a disk-cloning approach will result in an exploded collection of images. The benefits of provisioning each layer in an automated manner and combining them into a fully automated process are a great increase in IT agility and consistency of server and application builds.
Workstations are typically homogeneous devices. An enterprise has more workstations than servers, but they all typically look quite similar—not just at the OS layer, but also at the application layer. Two approaches for installing the OS exist: disk cloning and unattended scripted install [Manwani 2004]. For desktop provisioning, disk cloning is the primary approach for installing not just the OS, but also the entire desktop image, because of their homogeneity. There will be a need by some users to have special software or configuration for their workstations. This can be accomplished by having user- or role-specific suites installed in these exceptional cases, after the disk image has been applied. In some cases, these exceptional requests could be fulfilled through a self-service mechanism that allows special users to self-download and install (through an automated package) these one-off applications.
The nature of mobile devices, smart phones, PDAs, and Blackberries makes it really challenging to manage them. These devices are not set in a location that can be tracked physically. Also, the users of these devices are on the road most of the time, and certain updates like antivirus and security patches cannot wait for users to return to the IT operations department in order to receive them. Thus, most provisioning and management of mobile devices must happen "over the air." Currently, all work that is associated with provisioning and managing mobile devices is carried out through the use of tools that are specific to the vendor of the device (RIM, Nokia, and so on). This makes the solutions proprietary and places the enterprise in a vendor lock-in scenario.
Device management has become a generic term for the set of tools that can be used to configure, manage, and update mobile devices on behalf of or by the users. Through the use of device management, operators or service providers can help the users to start using new services and to modify the configuration of existing ones effortlessly. Typical scenarios that constitute device management—whether performed by a service provider for individual end users or by an operations group for corporate users—are as follows:
- Configure new devices
- Upgrade software on devices and apply patches
- Deploy new applications
- Perform backup and restoration
- Track hardware inventory
- Collect data from the devices for monitoring, reporting, and business intelligence
- Control devices remotely (for example, wipe the disk if the device is reported stolen or lost)
- Service discovery and provisioning
Currently, there are several proprietary protocols available to manage devices from various device vendors and service providers, but there is no current industry-standard device-management protocol. This could potentially lead to major interoperability issues with managing these devices. The SyncML Initiative [Guru 2003]—led by more than 640 companies, including Ericsson, IBM, Nokia, and Motorola—has designed a highly interoperable device-management (DM) protocol. The initiative successfully created an industry-standard data-synchronization protocol. Now, industry leaders in both the client and server segments are in the process of designing and promoting the SyncML Device Management Protocol, in hopes of making it the future standard.
The SyncML Initiative is now part of the Open Mobile Alliance (OMA), which consists of groups like the WAP Forum, Location Interoperability Forum, and MMS Interoperability Group. By being a part of this widespread industry organization, SyncML's acceptance as a standard device-management solution likely will increase significantly.
- [Guru 2003] Guru, Rajkiran. "SyncML Device Management: An Emerging Protocol Standard for Managing Devices." IBM developerWorks, April 1, 2003. [Cited January 10, 2007.]
- [Manwani 2004] Manwani, Vijay. "Provisioning Windows Servers." NetworkWorld.com, June 28, 2004. [Cited January 10, 2007.]
- Lin, Stephanie, Steven Jiang, Hicks Lin, and Jeffrey Liu. "An Introduction to OMA Device Management." IBM developerWorks, October 31, 2006. [Cited January 10, 2007.]
- Richter, Ursula, John Reif, and Luis Ostdiek. "Provisioning Best Practices for On-Demand Data Centers." IBM developerWorks, July 6, 2004. [Cited January 10, 2007.]
About the author
Rajiv Virmani is an Information Technology Director and Principal Architect with over 14 years' experience in the IT industry for employers like Delta Technology (a wholly owned, IT-focused subsidiary of Delta Air Lines), SunTrust Bank, and others. He has held positions with varying degrees of responsibility in enterprise middleware, technology infrastructure, application development, and architecture groups. Rajiv has successfully executed the roles of Manager of Technology, Resources and departmental finances, Lead Architect, and Planner for application development and engineering-related technologies and solutions.
This article was published in Skyscrapr, an online resource provided by Microsoft. To learn more about architecture and the architectural perspective, please visit skyscrapr.net.