Slides from a talk at the Common Solutions Group (CSG) meeting at UC Berkeley, January 2015.

This is the story of the Berkeley Desktop which was a key component enabling the success of Berkeley’s IT Shared Services through the introduction of automation, bringing stability and security to computer / endpoint management as a service.

Berkeley Desktop service homepage — “the campus-wide standard environment for desktops and laptops” — with sections for Software, Hardware, and Services.

Let’s start at the beginning…

The Phoenix Project book cover (rebranded with the Cal logo) next to a photo of a giant inflatable Cal Bear collapsed on its side outside Memorial Stadium.

Fall 2011

Photo of a laptop fully engulfed in flames on a desk.

OMG Version 0.1

  • Everything is broken or breaking all the time
  • No time for staff to work on solutions
  • “Owned” (compromised) machines
  • “Standard image” doesn’t work on laptops
  • “Standard image” too hard to change
  • “Standard image” BSODs because of new hardware, drivers
  • Laptop users told to buy a desktop with the “standard image” to RDP into

Disaster Girl meme: “Worked Fine in Dev / Ops Problem Now.”

The Problem

Imaging a machine circa 2011: 4 hours of senior tech time.

  • Varying hardware standards
  • No significant automation
  • Manual work; no checklists
  • Frontline support team includes senior techs
  • Frontline support diverts the Brents to support most important and/or loudest senior executives

Conference room photo of team members hunched over laptops at a long table.

Slide titled “The Present State: Planet Crazy” with a collage of legacy desktop tools — Norton Ghost, Tivoli Storage Manager, Symantec AntiVirus, BIGFIX, Cisco VPN — alongside images of old Macs, error messages, and a frustrated user. Caption: “Desktop PC support for haves; the rest do what they can.”

Slide “The two sides of EUS” — Desktop Design and Engineering (IST-Lead): future state, tools, how to get there. Operations and Support (CSSI-Lead): what Shared Services End User Support needs to look like.

Lego scene meme: a tradesman pushing a cart with square wheels asks two figures dragging round wheels if they want to switch. They reply “No thanks!” and “We are too busy.” Caption: “Are you too busy to improve?”

Tackle the Things That Increase Costs

  • Labor
  • Productivity loss
  • Change
  • Variance

Finally… on the path to DevOps

  • Culture
  • Automation
  • Monitoring
  • Instrumentation
  • Reporting
  • Agile

Joint Administrative Computing Standard

Berkeley Desktop JACS Configurations page showing Dell OptiPlex 9020 SFF and iMac 21.5" standard models with full hardware specs.

Reimaging a workstation — legacy process

Flowchart of 17 sequential steps: Acquire Workstation → Image Machine using ImageX → Set up first user account (delete-me) → Install Drivers → Install Custom Applications → Look up data port number to name machine → Name Machine → Register Mac address if new machine → Create machine object in AD → Join to domain → Remove first user account → Activate Office → Update Windows → Tag TEM building → Tag TEM department → Set up end user profile → Restore user data.

Release timeline slide: 1305-01 (May 2013) Built using Microsoft Deployment Toolkit, GUI/Wizard Enabled Interface; 1305-02 (Mar 2013) Auto-install Microsoft Apps and EEI custom apps via TEM offers; 1305-03 (Apr 2013) Auto-join AD, Check supported hardware automatically, Auto-install VMware Office/Windows; 1304-05 (Apr 2013) Auto-install Office and Windows updates via the image; 1306-04 (Jun 2013) CPM pre-installed in the image, Added auto-install ability to install monitoring, Additional usability improvements (remove first-run wizards), TEM tagged to right OUs and groups; 1308-03 (Aug 2013) PostDeploy updated by version 5.0 with improved user experience; updated/descriptive logging; Added support for locally-stored AD Joiner; Added auto-tagging interactions; deferred reboot and time-tracking with Calnet ID of users.

Reimaging a workstation — EEI process

Flowchart of 8 streamlined steps: Acquire Workstation → Delete machine object from AD (if present) → Register Mac address if new machine → Boot up using MDT ISO → Install custom applications using TEM offers → Move machine to right AD container → Tag TEM building → Set up end user profile.

Workflow Automation Tools

X All The Y meme: stick figure shouting “AUTOMATE ALL THE THINGS.”

New Employee Workflow Automation

Flowchart: Move User object from _Staging OU → Query LDAP and auto-fill name attributes → Add standard security groups → Create Home Folder on NetApp CIFS → Permission Folders → Set Home Drive → Copy log to clipboard.

2014

PostDeploy 3.0 application screenshot. Primary user, Division/OU tag, Department/OU tag, Building Code, and Location are set; status log shows “Completed: William Allison’s computer Division: IST,” “Completed: William Allison’s computer Department: IST_IO,” “Completed: Adding 1095 to UCBBuilding,” “Completed: Adding Hearst to UCBLocation. Thank you for completing all the steps…!” Footer logos: Berkeley desktop IMAGE, BIGFIX, USER.

Time to Manually Complete Tasks

Two tables. Top — Baseline task / Time to Complete Manually: Coordination in Building 15 minutes; Coordination Outside of Building 30 minutes. Bottom — Task / Time to Complete Manually: Install Photoshop 30 minutes; Install Microsoft or Visio 15 minutes; Configure RDP 15 minutes; Configure Printers 5–15 minutes; Berkeley Desktop Image and Hardware 1 hour; Berkeley Desktop Image Other Hardware 2–3 hours; Other Image Other Hardware At least 4–5 hours.

2014 — Self-Service for Windows

IBM Endpoint Manager Support Center screenshot listing self-service software offers: Skype, Cyberduck, EMET, HyperSnap, RemoteApp shortcuts, Microsoft Project Professional 2013 (selected), Outlook 2010, Apple iTunes, Java 7, Host Explorer, Apple Quicktime, 7-Zip. The lower pane shows the Microsoft Project Pro description.

& a big win for CSS, Depts and campus

Time for self service? 1 minute, no ticket.

Software install counts

Horizontal bar chart of self-service install counts: Firefox 1684, Java7 956, Microsoft Visio 2013 752, 7Zip 569, Microsoft Project 2013 493, Hypersnap 461, HostExplorer 428, Skype 410, Apple iTunes 319, Microsoft Outlook 2010 309, Notepad++ 267, Apple Quicktime 255, BoxSync 240, Adobe CS6 Photoshop 228, Adobe CS6 Illustrator 184, Adobe CS6 InDesign 151, Druva 136, Adobe CS6 Dreamweaver 109, Cyberduck 99, Adobe CS6 Premiere 91, Adobe CC2014 Photoshop 84, Adobe LiveCycleDesigner 77, Adobe CC2014 Illustrator 55, Adobe CC2014 InDesign 44, Adobe CC2014 Lightroom 39, Adobe CC2014 Premiere 29, Adobe CC2014 Dreamweaver 28.

Self-Service for OS X

macOS Self Service window populated with installable Adobe CC 2014 apps (Audition, Bridge, Dreamweaver, Flash, InDesign, Media Encoder, Photoshop, Prelude, Premiere, SpeedGrade) plus AnyConnect VPN, Apple Software Updates, Box Sync, Cyberduck, Dropbox, Druva inSync, Firefox, Google Drive, Java SE 7u65, LastPass, ReadyTalk Quick Launcher.

Coming soon…

Berkeley Desktop Printer Self-Service portal: a navigable building/floor tree (UC Berkeley Campus → 2195 Hearst → 2nd Floor) over a floor plan with room numbers visible.

More Technical Components

  • Zabbix
  • Splunk
  • Powershell / Sapien
  • GitHub
  • Vagrant
  • Docker
  • Jenkins CI
  • HA-Proxy
  • Idonethis.com

Architecture diagram: Active Directory Management and User Storage Management at top, both connecting to a green Bastion Host (Windows Server 2012 R2, PowerShell Remoting Endpoint, Elevated RunAs SysAdmin Credentials, Log transactions). A Tier 3 Support technician at the bottom runs a packaged PowerShell exe over HTTPS to the bastion.

The Berkeley Desktop Ecosystem

Diagram with the Berkeley Desktop at the center, branching to Software (Anti-virus & Anti-malware, Software Central, Self-service Installation, Backup, Preconfigured Operating Systems — Windows, Mac), Hardware (JACS UCB / UCSF Standards Program), and Services (Updates & Patching, Inventory, User Environment Management, Remote Support Infrastructure, Power Management).

Email to: wallison@berkeley.edu

Original slide deck (PDF)