&nbsp; --- # Windows Desktop Service ### From computer to user centric IT ##### Sebastien Dellabella - CERN - IT-CDA-AD ###### Hepix - Spring 2021 --- ### Agenda - The "CERN-managed devices" model - The new management model - What are the motivations behind this change? - What are the user's needs in this new model ? - New services available - Soon to come --- ### The "CERN-managed devices" model #### Overview - Every single Windows computer needing direct access to central resources was enrolled into the CERN Windows domain <img src="https://codimd.web.cern.ch/uploads/upload_bfcf9ece26c15c536b8af95101fa4946.png" width="33%"> --- #### Everything was restricted - Domain GPOs to apply restrictions and security settings - Domain GPPs to modify defaut settings and populate resources such as network drives - Software installation performed using a "Deployment Software Tool" (CMF at CERN) - Security updates managed by WSUS but distributed using CMF on a forced schedule - **Everything was monitored, under control, and we liked it...but at some point, we thought we could propose something better.** --- ### The new management model - We are now proposing a **new management model** for both CERN-owned and user-owned Windows computers called **"self-managed devices"** - This new model **give back the power to the user and let him manage his machine at his own pace** - Users opting for this model receive - same support - same software offer than for the traditional management model - **The current restricted model remain available** for tightly controlled machines (control rooms, experiments) --- ### What are the motivations behind this change? - Nowadays, people are used to share usage of their devices between work and private life (smartphones, laptops) - Users can bring their own devices (BYOD) onsite - With actual IT resources and new ways of work, such as teleworking, the user's office with a workstation is not anymore the only place someone can work and be productive - **It's the user, not the computer, that needs to be the center of attention** --- #### Software licences assignment scheme changed from "per machine", to "per user". - **Microsoft, Adobe, Autodesk, etc.**, a lot of editors changed the rules and propose now **"per user" subscription by default** - The same software can be available on different platform such as desktops computers, mobile devices or even online as a website, everywhere with the same licence. - **Usages patterns have changed, more flexibility is both possible and required** --- #### Windows 10 proved more security-aware than any other version before - Better antivirus protection (Microsoft Defender) - Better identity protection (Windows Hello) - Better data protection (Bitlocker) - Better overall security (UEFI, secure boot) - etc. --- ### What are the user's needs in this new model? - Installing/using CERN software remotely - Keeping the machine secure - Accessing personal/shared files remotely - Printing --- #### How do we address them? - Based on existing services such as: - CERNBox - DFS Gateway - And new services created (or under development) around this vision - Streamlined Windows Setup (SWS) - CERN Appstore - Print4Visitors (to be renamed) - EDR --- #### Streamlined Windows Setup - The place where everything begins (https://cern.ch/sws) <img src="https://codimd.web.cern.ch/uploads/upload_8e133054b8a7678b757cf93affa2e08d.png" width="60%"> --- ### Installing/using CERN software remotely #### The CERN Appstore <img src="https://codimd.web.cern.ch/uploads/upload_abb8f07170af1cbdf0877da4d0d9463f.png" width="50%"> --- - Only require installation of a client on the machine <img src="https://codimd.web.cern.ch/uploads/upload_8c112e49c3212fae7d1249ad7cdfe67b.png" width="65%"> --- - Update itself automatically <img src="https://codimd.web.cern.ch/uploads/upload_369d73177be968e17f7a13b34cb3496c.png" width="85%"> --- - Comprehensive UI with categories on the left tab and search bar at the top <img src="https://codimd.web.cern.ch/uploads/upload_a5ff29fdf37f771c43e3a08330221ab7.png" width="75%"> --- - Major part of applications are available both in CMF and the CERN Appstore <img src="https://codimd.web.cern.ch/uploads/upload_920e800fcc59b01f2395ae0c0ca6988e.png" width="75%"> --- #### The CERN Appstore - The CERN Appstore is based on: - Chocolatey (https://chocolatey.org) - Nexus repository (https://www.sonatype.com/) - It uses chocolatey community feed for well-known packages - CERN specific feed for CERN licenced softwares - It's multi-platform : Windows, Android, Linux, etc. - **It's open-source !** - The gitlab will become public in the first half of the year --- ### Keeping the system secure #### System updates - Switching back to vendor update mechanism - With follow-up, if necessary #### EDR - Endpoint detection and response: technology to continually monitor and respond to mitigate cyber threats. - Selection process is in progress - With the intention of making it availale to both CERN-managed and Self-managed devices --- ### Accessing personal/shared files remotely #### CERNBox - Access personal files from any platform (Web, Windows, Mac OS, Linux, Android, IOS) and from anywhere <img src="https://codimd.web.cern.ch/uploads/upload_9310bfd9d1fd6049ed1ae2b58cae1ac7.png" width="45%"> --- - OpenXML (.docx,etc.), Open Document Format (.odt,etc.), Draw.io files, all of them can be opened and edited directly in CERNBox <img src="https://codimd.web.cern.ch/uploads/upload_3401406b36cd6ee21a13f48aa363c6d2.png" width="65%"> --- - Sync personal files locally with the CERNBox client <img src="https://codimd.web.cern.ch/uploads/upload_0f5426a15f09b911b1a22d2fbdfa8768.png" width="65%"> --- #### CERNBox - CERNBox includes also other functionalities: - Online editors and viewers - Collabora Online - ONLYOFFICE - Draw.IO (now called Diagrams.net) - Gantt Chart Viewer - Image files viewer - CodiMD (markdown editor) - File sharing - File versioning --- #### CERNBox for homefolders - CERNBox is now the default solution for user home folders on **"CERN-managed devices"** - On **"self-managed devices"**, CERNBox is the way to keep your CERN files secure and share your work --- ### Printing #### Print4visitor <img src="https://codimd.web.cern.ch/uploads/upload_3e726f18b57c1caa329fd3685b61a2ae.png" width="55%"> --- #### Print4visitor - Automatically propose the nearest printers for a one-touch installation - **It's open-source** - The gitlab will become public in the first half of the year - Yes, we'll rename it soon --- ### Soon to come - Enabling the possibility for existing machines to switch from one management model to another - EDR to be distributed both on "self-managed" and "CERN-managed" devices - Make available the Gitlab for both the CERN AppStore and the Print4visitors software - More applications in the CERN AppStore to be completely in line with CMF --- ### Questions ? ---
{"title":"Windows desktop service from computer to user centric IT","tags":"Windows","type":"slide","slideOptions":{"theme":"cern3","transition":"slide"}}
  668 views