Client Management
Our goal is for GNOME to be the most beautiful, most powerful, and easiest to use operating system. This is true, not only, for the user experience and the developer experience but for the administration and management experience as well.
GNOME is a client operating system. We will attempt to identify some of the most important aspects of the client management problem space.
From a system manager's perspective there are a number of ways to make a system more desirable. It can be made easier to use so that the training time and costs are reduced. It can be made more secure so that risk exposure is reduced. It can be made more robust so that downtime is reduced. These intrinsic properties are essential - but not the focus of this document. Our focus here is on how an individual GNOME client operates within a system.
Some of the keys to scaling the management of a single GNOME client to a field of many, perhaps, thousands of clients are:
- Delegation
- Automation
- Integration
- Reporting
Delegation is when a single point of control gives authority and responsibility to another for a certain task. This is important because rarely are the two extremes of management, full user control or full central control, adequate. A fully static, locked down, and centrally managed system is appropriate for only the most harsh environments. It naturally involves a lot of overhead, and therefore cost, for any change that is needed. The other extreme, of full user control, implies transfer of all responsibility - in essence ownership - to the user and is inappropriate for most large scale deployments. In most cases, the final authority and ultimate ownership of the system is retained by the central management but authority over many day to day aspects of the operation of the sytem are delegated to the user. Which just makes everyone's life better. Some of these things include: setting up printers, connecting to networks, personalization settings, installing approved applications, performing updaters, setting the timezone, etc.
Self service is another highly desirable form of delegation. It is often easier to send a new / unconfigured system directly to a user when doing a hardware refresh and have them do the data migration on their own.
Automation allows a system manager to turn costly manual tasks into simple automatic ones. For instance, updates being installed or prepared automatically is better in many cases than manually having to check for, download, schedule, and install centrally. Automatic data migration at first startup is easier than getting access to both old and new hardware, manually transferring information, and doing verification. Other areas where automation is crucial include: system install, problem reporting, diagnostics.
Integration is the degree to which the client can be incorporated into existing systems. Thus reducing the need for special cases and extra costs.
Reporting is a way for the primary owner / manager of the system to gauge how well they are performing their responsibilities. This is particularly important when much delegation, automation, and integration put these out of immediate view.
Configuration and Deployment
- New system / "Factory Install"
- Whole disk encryption keys?
- Repurpose existing system
- Clone existing system
- Information (settings, data, apps, user) migration
Application Installation
- Install apps remotely
- App store
- Allow safe install of trusted/approved apps to make people more productive but no "crazy stuff"
- Allow safe removal of (only) user installed apps without impacting OS
Software Updates
- Vendor
- Custom in-house software
- Third-party
Enterprise Login and Central Management
- Authentication
- Initial setup of KRB password
- Access restrictions
- Least privilege
- Disk encryption keys
- System and Application settings
- Apps in launcher
- Company bookmarks (with ability to make changes)
- Screen locking
- pre-set vs locked down settings
- root user keys and passwords
- update SSL / GSSAPI settings
Integration with Enterprise Systems
- Exchange
- Active Directory
- Virtualization
- Google Drive / Dropbox
- VPN
- Printers
- File Sharing
- Encryption
- Directories
- Backup
Remote Troubleshooting
- Central logging
- Diagnostics
- Remote Access
- Screen Sharing
- Proactive problem solving
Inventory and Asset Management
- Hardware utilization (to determine insufficient/inefficient)
- Track systems location / lifecycles (time leased systems)
- Monitor and verify compliance
- Inventory coupled with usage and monitoring
- Even self-managed systems should still integrate with asset management
- Reports