Slashdot Mirror
Cisco IT Manager Targeting 70% Linux
RMX writes "LinuxWorld Australia has an
interesting article discussing Linux Desktop adoption in Cisco.
Cisco "already converted more than 2,000 of its engineers to Linux desktops...plans to move many laptop users to the platform over the next few years...the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops.'"
Ha, 40:1 ratio for desktop support personell for windows? Tell that to alot of IT managers, in particular, my former employer. Try 200:1
Don't Tread on Me
That is the worst support ratio in history. I hate Windoze, but no large support org has that bad of ratios. Mine are approx. 250:1 for a Win2k shop, which is pretty average.
- Erst kommt das Fressen, dann die Moral
because Cisco is now a security company?
So, Linux TCO is greater, eh?
Now Balmer is going to get on a plane and install Ad-Aware and SP2 on their machines to help with tech support.
So when linux reaches critical mass and people spend as much time searching for/writing worms for it as they do for windows, how's that support ration going to look?
What gets me is that what they describe could be done with Active Directory and group policies.
I wonder if those microsoft studies that show Windows' TCO better than Linux's account for the "productivity" of a linux engineer...
What i'm sure it doesn't show is that a linux engineer handling 200 computers can provide a much better service (due to the fact that more is "known and controllable" in linux than windows) than a windows sysadmin handling the same amount of computers, resulting in lower costs of security, less costs related to spywares, viruses, user support calls, etc.
There are two kinds of people in the world: Those with good memory.
but microsoft is more secore according to microsoft... /sigh what to do
40 to 1. Man.
Christ at some point, even if you've really cobbled something together in an awful manner, you can start delegating some of the busy work with taskpads.
I am sure they (CISCO) have some Mozilla/Firefox on these PCs. Question is: How have they decided o manage it? Central managing of Mozilla/Firefox is still not [officially] possible now. Any ideas?
They obviously don't know their own department. I worked as a contractor for them a couple years ago. I was the only onsite tech support person for two sites with a total of 250 users, with 99% of those being windows. I was also part of the support teams initial Linux push, and I can tell you that the biggest driver from a customer (end user) perspective was the idea of using cheap Opteron workstations instead of uber expensive Sun stations. A Sun dual CPU workstation at the time with 12GB of ram was over $50k dollars, whereas an Opteron station with more cpu power and the same amount of ram was under $10K. That is a huge difference in price. The biggest factor stopping it from becoming a reality was the fact that at the time the Clearcase tool chain and support tools weren't fully functional under Linux. So I doubt the driver was so much lower desktop support costs as it was lower equipment costs.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
> That is the worst support ratio in history.
Why am I not surprised...
One could tell by the price of their products... Inefficient bastards.
"... the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops."
Isn't this still Cost Savings, when you don't need to hire as many admins?
We're typically 1:30 for local areas which is basically admin of the LAN, user applications, etc. Add to that central security, networking, hardware support, and we're down to 1:15.
Including in-house bespoke application support (specialist programmers emplyed under an IT remit, rather than technically able and active users) and you're down to 1:6 in some areas. On the other hand we have specialist terminals (with high maintainence requirements as well as user training etc) which are more like 1:90.
Inefficiency abounds in some companies.
the driver for Linux on the desktop is not cost savings, but easier support. Manning estimates that it takes a company approximately one desktop administrator to support 40 Windows PCs, while one administrator can support between 200 and 400 Linux desktops.'
And this does not represent a cost savings?
You see? You see? Your stupid minds! Stupid! Stupid!
If i support 200 Windows PCs now - am I doing the work of a team who supports 1000-2000 Linux workstations? Seems like Cisco is starting to pinch pennies. The easiest way for a company to make a quick $50k+= is to lay someone off and not replace them. More power to 'em, but i feel sorry for the people who will lose their jobs.
The group I work has two engineers and ten help desk guys to support 2500 desktops and 3000 users on Windows.
The use of Active Directory woudl address some of the issues in the article.
Ass hat moderator!
Apart from the ease of creating a company software update ftp (apt-get, yeast, swaret, slapt-get, etc), I really think the license and CD administration to be a pain in the Windows admin's butt.
My Windows co-workers often need a CD either because they need new software, or due to their computer requesting a CD due to some function not already installed. Finding the RIGHT CD (they are like 1000 cd's every month, and they are neatly marked in INVISIBLE, but very fancy, writing) is a total pain. Then, there is the issue of which key is used for this one (oh, you used the english version!) really turns this into a nightmare.
Folks running windows run all kinds of different versions of their software. Why, upgrading costs time and money. On my Slackware machines, swaret has done all upgrades for me, totally automatically! Just upgraded one PC from Slackware 9.0 to 10.1 - swaret --upgrade wait for a while (was a 200mhz...) and reboot when all is done. No keys, no CDs, no cost. Totally brilliant!
A clever person solves a problem. A wise person avoids it. -- Einstein
but usually patches for OSS vulnerabilities are not bundled along with all sorts of other updates. This means that far less testing is usually needed for OSS security patches. (Or, that's the theory, anyway.)
HAND.
Linux is easier to maintain than Windows, largely thanks to IBM. Linux is more reliable and is less prone to infection by viruses and malware (e.g. spyware) than Windows. IBM ensures that any OS (whether it is commercial or free) shipped to customers on its computer systems meets stringent requirements for reliability.
IBM has been vindicated. IBM initially tried to dethrone Microsoft by producing OS/2, but it was a failure. Now, IBM has thrown its weight behind a product (i.e. Linux) developed outside of IBM, and that product is succeeding in hurting Windows.
.. and I have to say that their Linux Workstations are extremely well deployed and managed. The desktops themselves are Dual-CPU 3G boxes running a customized version of Red Hat Enterprise Linux. Red Carpet is used to manage packages, supported by really nice internal mirrors providing fast access to everything you need to get the job done. The default install even includes acess to Microsoft Office and Internet Explorer. Not sure if this is through Crossover or something -- it is so well integrated that I've never had to look under the covers to see how it is done. Having worked at other networking companies where Linux is the default engineering desktop, I have to say that Cisco really gets it when it comes to desktop linux.
... for all those Linksys cards.
We have 600 desktops and 1700 users, we are only 5 persons managing all desktops and server + support.
AND we are absolutely not overworked.
This is Windows 2000 and Windows 2003 running programs from Autocad 2004, eletronic circuit simulations to ship navigation.
Why not install Linux to our users and open their mind to what is happening int he World? This can give you more ideas to products and uses of Linux facilities on another products. It's a great idea that will bring more opportunities to Cisco and new products.
http://www.michel.eti.br
A competent *nix or GNU/Linux geek with the right productivity tools [multihost ssh, yum, and some custom scripts in your favority scripting language{TM}] could maintain 800-2000 servers and workstations particularly if those use the same distribution.
On the other hand a pesky virus/trojan/worm etc can tie up a Windows admin for hours or even days if the compromised machine cannot be simply wiped out and reinstalled. Unfortunately this is also true for other OSes, however in my personal experience it takes a LOT longer to perform simple admin tasks on Windows systems than *nix or GNU/Linux systems.
lists and you'll find that most vulnerabilities are either buffer overflows or string format vulnerabilities. There are very few circumstances where fixing those with a one-liner patch would change behavior in a way that other code depends on. If there were any such code then that in itself indicate possible data corruption bugs in the currently running software.
In short: When you don't bundle fixes you typically have one-line fixes which don't break code which isn't already broken (by relying on buggy behavior). Hence, testing time is minimized.
HAND.
So if a sys admin can handle more computer then a company will need less tech support staff. Wouldn't you think every sys admin would want to use Windows instead - JOB SECURITY :-P
What about this idea...
If a support tech can only support 40 windows PCs, but another support tech can support 200 Linux PCs, is the difference the amount of support or the intelligence of the tech.
Now I run windows, and have administered windows and I develop software for windows. However, Linux is not as straightforward to administer as windows. I think it requires someone with more skills to administer a Linux box than a windows box.
Someone with more skills will likely be better at administration in general, regardless of which OS. So it is kind of a split problem. To administer linux boxes, you need someone with a good skill set, but they can administer more boxes, but probably at a higher salary. To administer windows boxes, you may not have to pay as much but each tech supports fewer boxes.
It is dangerous to be right on a subject on which the established authorities are wrong. - Voltaire
At my company, we have over 5,000 Windows XP workstations; notebooks and desktops. A team of about 10 people manage the entire system.
With the help of Active Directory, some really neat software (Marimba) and some planning, you can manage thousands of Windows workstations with a minimal staff.
You lock down the machines (no admin logins) you manage the software versions and patches (centralized software distribution) and you don't allow users to install software on their own.
Denying admin logins alone stops 95% of all spyware.
40 workstations without any control WOULD be all an admin could handle, but when you deploy them correctly you can support over 10x that - just like any other system.
- It's not the Macs I hate. It's Digg users. -
I work for a Cisco reseller, and I see Cisco sales guys all the time.
There are rumors that the CallManager software (Cisco's IP PBX) will be ported from Windows 2000 to Linux. As it is, to run this box safely today requires having the box on its own subnet with access lists, running anti-virus software on the box(es), running Cisco Security Agent (looks for anamolous behavior of running programs), and running the boxes in a redundant fashion. Not that porting to Linux would solve all problems, but a box that runs a web server, SQL2000, and Windows 2000 has a fair number of issues that could r0x the b0x. Not the least is that if you download a patch from Microsoft that Cisco hasn't approved, and it breaks the box, Cisco TAC will wash its hands of you.
However, Cisco and Microsoft are not only in bed with each other, they are spooning. Part of Cisco's new security initiative involves running Cisco software on desktops to check if the anti-virus and CSA software are up to date, and not allow them to join the network until they are. This is part of those Cisco commercials where the "Self-defending Network" comes in and stops attacks. Getting Cisco software to use the Microsoft API in a world where MS could simply roll their own software just like it for free is a tricky business. Cisco needs to know what Microsoft is doing, and Microsoft could just as easily start doing more business with Juniper should they want to.
What I'm saying is that Cisco uses Linux today for a good number of its products (Content Networking, CallManager, etc) because of its stability. However, the aims of this guy to publically change internal desktops to Linux would be nullified by just one phone call from Gates to Chambers (Cisco CEO).
The video covers Linux specifically, though the ideas can be used on just about any project. Very slick.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
>>Denying admin logins alone stops 95% of all spyware.
Hmm. Are you sure that wouldn't be 96.3% or 93.7%, or did you just pluck that percentage out of thin air?
OF COURSE no sysadmin worth the name (and its not much of a name in the first place seeing as how they are the bottom feeders of the IT world) would allow admin privileges for standard logins.
What do those 15 people do that requires 1 person to look after them.
Get your ex boss to drop me an email and I'll cut the administration and support down by say 70%, just by getting the desktops locked down.
Last place I worked for had 40 employees in the office, we had someone visit for no more than one day a week, about one security issue a week (lost password, new password etc...) and in the two years + I worked there we had a network upgrade that took two people half a week, and about a weeks work fixing a broken SDLC card.
So, for 40*5 = 200 days of employee we had 2 days of sysadmin, for a 1:100 ration.
thank God the internet isn't a human right.
From the article:
"Factors that even out the Linux/Windows desktop costs include retraining employees, installing applications that support Windows applications on Linux, and support subscription fees from Linux vendors such as Red Hat, which are necessary for software updates and patches, Manning says."
Why? We used RH before we migrated to Debian and we now find Debian to be better AND easier to administer than RH. I think it a mistake on behalf of Cisco that they, seemingly, disregarded Debian as a desktop option.
I think the most damage to the reputation and progress of linux is that this comparison gets the imprimatur of syndication and publication in "respected" newspapers. (Of course, nestled in the byline, one may notice the AP reporter is from Seattle, hmmmmmmm). For those who may not have read the article, it is worth the read.... and if you have thoughts about this (as in, IMO, it's a puff piece for Microsoft), note that the column thoughtfully includes the e-mail address (I'll include here for even MORE convenience: Brier Dudley) for the reader to easily contact the reporter...
Where are Microsoft's facts when you need them? They said they were more secure. They said they were cheaper (to buy, to run, the electricity cost less in their world...). They said they were more maintainable, and weren't communist, and wouldn't make you go blind... Surely to goodness William Henry Gates III didn't lie to us, did he? I mean ok, they get the odd virus or two more than other systems, and their product isn't as stable as other systems, and if you compare their earnings against other companies they *have* to be charging more in order to be making more, and sure their eulas are a bit restrictive, and XP server doesn't scale as well as SAMBA, and yeah their products are built from scratch to be incompatible (even with their prior products), but surely to goodness their admins and point and click 5000 times and update 40 machines faster than it takes someone to write a short shell script to update 400.....or maybe not. But Microsoft said dammit@!!!!
...Properly support firefox, konqueror and safari on your CCNA curriculums!
Firefox seems to be working fine but i don't take risks and use IE when taking the exams.
Open Source Java Web Forum with LDAP authentication
My company's (a very very large retailer) Cisco engineer has Fedora Core 2 running on his laptop. We've actually had a number of discussions with him about it. From what he said, it's not officially supported at Cisco, but no one had a problem with him experimenting. So far, he's been very happy he switched.
:-) He's got one of the other engineers on my team thinking about installing Linux on his work laptop as well. The word from our PC support team is "you can do it if you like, just don't expect support". I wonder if this is how conversions will happen in large corporations: early adoption (okay, not that early by now) by a select few leading to greater acceptance within the organization.
For how he uses a laptop (email, browsing, serial terminal emulation), it suits him just fine. And it's cool.
My UID is the product of 2 primes.
as, according to MS, Linux admins are more expensive than Windows admins. I guess its because Linux admins are paid with money, rather than the odd banana and a tyre to swing in. :)
... and this 70% number is news to me. The article makes it sound like this is (at best) a corporate inititive to convert Windows desktops to Linux. The keyword here is "an" as in "an IT Manager". This may be a goal of this particular manager but there are a lot of IT managers.
Linux is an option, something that has come about in the past couple of years. It's up to the individual what they choose (Windows ro Linux). Those 2k users switched because they wanted to.
I also question the 1:40 ratio mentioned. This implies that there are (# of users / X = 40) people sitting around waiting for Windows to break but that's not case. Those IT engineers do a lot more than support windows machines, many do varying levels of hardware support (users are hard on laptops you know.)
Bottom line is that 70% is going to be difficult to acheive. Many engineers have a Sun workstation as well as a laptop running Windows. Those who are Linux advocates have already converted their laptops. The rest probably aren't going to covert until they are forced to do so.
I support over 1,000 desktops and a majority of those are Windows machines, Im willing to say about 700 Windows machines and and about 250 Linux machines a handful of Macs and the rest Sun Solaris. The Windows machines in my opinion are much easier to support. I have had no viruses, I have no spyware. Where manning is getting his figures I dont know, but seeing how he is part of the OSDL steering commitee, Im willing to say his logic is very flawed.
I hear this secretary vs. technical staff argument all the time, but in truth it's the techies who think the are immune to virus and such, and head out on the net to surf willy-nilly,picking up communicable diseases and bringing them home to the network.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Now if they'd just port Notes to Linux then I could switch the majority of my company's desktops to Linux.
As the poster says, the driver for Linux on the desktop is not cost savings, but easier support
And EVERYONE knows that easier support doesn't save any cost.
Active Directory would only address the issue if it was deployed in a homogenous Windows environment. Since Cisco have decided to have at least some Linux workstations, Active Directory is effectively useless, since it is not possible (AFAIK) to have true single sign on in an Active Directory domain on a Linux box.
Actually, you can use AD as a single signon with Linux by authenticating against Kerberos, extending AD to include the LDAP-NIS data, and configuring nsswitch to use LDAP for information. It isn't that hard.
However, it creates a different problem. This is that you have the lock-in issue--- do you really want to be locked into Microsoft on the server side?
LedgerSMB: Open source Accounting/ERP
I work for an engineering company and we MUST have the ability to install software on our machines. We tried not allowing people installing abilities and it ended up being more painful and productivity took a HUGE hit.
The downside that people don't talk about is that denying people the ability to install software other than the IT blessed software is that they are stuck doing things in the approved way. That means that you have a chosen few people who decide how things are done rather than letting people play and decide for themselves. Not everyone would do this anyway, but you have always have people who do figure out better ways of doing things and then the whole company benefits.
It basically boils down to this, in order for a Windows machine to be secure and easily managed, you have to strip people of their creativity.
For some companies and departments this is probably ok, for others this is a death nail.
I work for a school district. We have thirteen field technicians to support 25,000 desktop computers and approximately 2000 network printers. We have at least eight different Apple platforms (5260/5400/5500, beige G3, "new world" G series towers, iMacs of each vintage, and the eMac), and thirteen different PC platforms from NEC (1), Compaq (4), ABIT (1), ASUS (1), Dell (2), and Intel (5), plus all of the proprietary crap that people bring in. Our computers run everything from Windows 95 through XP, MacOS 7.5.3 through 10.4. Somehow we're still averaging 24 hour turnaround on our initial appearance, despite having about 100 sites (85 schools, fifteen or so admin sites) over a 20 mile wide area.
I have absolutely no sympathy for people who can't support their fifty computers because it's too hard for them. I would love it if we were down to less than 500:1 or if we could exchange 90% of the equipment to standardize on two or three Macs and two or three PCs, but it'll never happen.
Do not look into laser with remaining eye.
Cisco is one of our clients. We started using Meeting Maker for calandering after using it with Cisco. Meeting Maker supports Linux, and Mac OS (which is what we are using it on, so obviously I must be wrong about everything).
The word is Cisco just dropped the cross platform solution and went to Outlook.
nnooiissee
Are your users happy with your level of service? How much money have you spent on desktop management? Are all your users local administrator? Cisco does not allow users to be local administrator...
Your Average Joe
I work on the Unix/Linux side of one of the IT departments at my work. We have about 25 admins for 180+ servers and 900+ workstations, plus a beowulf cluster and associated SAN/NAS devices. And we actually have free time to work on other projects (like in-house software development/support, training, and learning/developing new technologies to roll-out). The PC group has about 80 people to support ~700 PC's and 70 servers. Do the math...
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
You make a valid point. What exactly you're dealing with, what your logistics are makes a huge difference. We're about 50:1 - we do everything from plugging in the cable that a user somehow got unseated and where did my cat/dog/wizzard annoying office assistang go? to seting up their desktops and servers, linking up multiple offices of the same company, sometimes on either sides of the ocean (with out actually going overseas).
And this is just on the support side - the same guys also do work like build custom firewall solutions for ISPs.
On top of that our clients are spread over a 120km radius, most of them no more than 15 computer users per company, so a lot of time is lost to travel. At 50:1 the pressure is pretty high, and that doesn't really reflect on the support guys' competence, seeing as most of the support calls is for petty nonsens and PEBCAC problems.
sigaar
We're in a team of 10, there is another team of 30 and we share 5 IT admins. A breakdown of our team of 10's problems over the past week, please multiply 4 times to get a guage of problems experienced. One of the IT admins is supervisor of the other 4 and mainly does upward and downward reporting. Add a senior manager and their secretary of which about 20% of their team falls under these 5 admins.
This is not to justify the situation, just a list of problems and what was done to solve them.
Monday:
AM. Came into work, our email client was not working. There was some problem with the server, apparantly. Takes an admin to 'unblock' the email server, takes 2 hours. Takes a further 2 hours to retrieve emails accumulated over the weekend (probably about 2000 for the 10 of us - mostly news bulletins). Later arises the email server ran out of disk space.
PM. Aside accumulated emails spilling into the afternoon, no problems.
Tuesday:
AM. Someone complains they've not received the laptop they've been promised for several weeks. IT say someone is 'building' it, but 'specifications are non-standard' and its taking a while in order to integrate with core systems. From a user perspective around 0 to 400 hours have been spent 'building' this computer.
PM. Someone has a problem with ODBC drivers in an application they're using. Turns out the drivers client application drivers were out of date for the server application (shouldn't have been), takes 5+ hours to find a solution.
Wednesday. AM. Nothing.
PM. Nothing.
Thursday (enjoy this)
AM. Someone's computer reset overnight (they've not logged out for months). They remember their password but not their username(!). No one knows it. Guesses fail. Takes several hours of one admin trying and failing. Supervisor admin get involved, unrelated central IT get involved, senior IT manager get involved, still fail. After several hours of several people working on the problem someone thinks to check the server logs. Problem resolved.
PM. User complains of persistent popups on IE on various websites. IT admin recommends installing Google Toolbar (!). Popups persist. Admin spends several hours analysing situation. Admin is clueless why these happen. Admin installs anti-spyware programs, no fix. Admin checks security on the workstation, notices it has not received patches pre-SP1(!). To this day that computer has not been patched.
Firday.
AM: Network folders seem slow (30+ secs to browse a folder with few files). Admins are baffled. Network engineers (additional to admin team) are equally baffled. No idea why the problem came about. Fiddle with router settings, problem reduced but to this day (again) unsolved.
PM: Trouble recieving attachments in emails, takes several hours to partically resolve.
This is out local IT admin. The organisation has a workforce of ~1800 in head office (very small other offices) and shares central IT roles. Split these between.
Network systems. Around 10 full time staff on networking hardware, policies, etc.
Security systems. Around 20 people ranging from reading peoples' emails to trialing quantum cryptography (yes).
Project management. Around 20 from central projects, such as document management systems, to analysis of project requirements in local areas (this excludes specific development or project management of local area IT projects).
IT management and admin. Probably 15 from senior management to secretaries making sure IT staff do their jo, fill in their timesheets and provide paper trails.
Plus we have ad-hoc application development, sometimes carried out by users and sometimes by IT staff. Plus migration issues around major new systems. If anything 1:30 is an underestimate.
However, these people are wrong, and your organization is suffering because of it. Why are your staff "playing" with software instead of getting on with their work? Are they all professionally engaged as software testers?
Surely, if the software is considered valuable to productivity, it should be up to the organization to identify it, obtain it, and maintain it in a consistent and reliable manner.
It's extremely inefficient to have each user figure out how to do this individually, since such an arrangment offers zero economies of scale. Never mind that this kind of chaos creates barriers to integration, produces inconsistent results, induces support costs, and compromises security. The direct loss of individual productivity and cost control should be obvious to anyone responsible for the computing environment.
Typically, the problem is that nobody is properly responsible for the computing environment, or they have inadequate resources. Under those conditions, of course users will be on their own, and then they have a legitimate reason for doing as you describe. But all that's happening is that the organization has pushed the support costs down onto the users.
Now you've got some engineer earning six figures whose salary is being spent in playing with software instead of working on projects that earn revenue for the organization. And you say that every other engineer is doing some personal variation of the same thing? Anything strike you as odd about this picture?
Parity: What to do when the weekend comes.
A 40-to-1 ratio just means that Manning has seen a workplace where the NT admins have been able to get away with laziness and overstaffing. Obviously, he doesn't have much experience in a wide range of workplaces.
/. or burning CDs...whatever.
I have seen places where Unix admin support is a 400-to-1 ratio. I have seen one place where it was a 1-to-1 ratio. The difference between those places was, primarily, the ability of the admins to "justify" bringing in more people and management falling for it. The admins could then spend their time on
I have seen similar trends amongst Windows admins...just not as much since I deal more with Unix. Still, I would say all other things being equal a server-to-admin ratio comes down to the admins' political acumen and management's cupidity.
I managed 0ver 300 Win2K clients all by my lonesome as my last job. And with superior tools like Active Directory, Exchange, Remote Installation servers, auto-update servers, PKI and proper permission sets, I ran my shop with 99.6% average uptime on all servers and workstations. I guess Linux has it's own brand of FUD afterall.
End of Line.
Some random asshat claims rediculous figures that are completely contrary to what the man in charge of the cisco IT department says, based on his possibly having been a contractor at some point, but maybe its just made up, and you fucktards mod this informative?
I see a lot of misunderstanding in comments. Slahdot readers believe that this is all about converting from Windows. No. Cisco uses Solaris on SPARC heavily and this is an issue because they compile a lot of huge projects every day on several packs of computers, and you know how cheap Sun hardware is. Solaris on x86 is apparently not an alternative.
Then I wonder how much better OSX would be. Without Remote Desktop's features like managing a ton of screens at once and installing software on groups of machines at the same time remotely, I would imagine it would be easier. Plus setting up networking etc is usually just a matter of plugging it in.
My advice, and that of serious Windows support pros I've worked with: Do it over the network. All of it. Even OS installs. Slipstream service packs and fixes into your build image, along with your base software etc. Install packages automatically on login using AD. You can do all this... and it'll save you a lot of pain. Hell, you don't even need to worry about your CD key, you can do that as part of the automated network install script.
I'm using Linux thin clients for most of my basic needs users at work. They're getting pretty good now, but I'm still running into a frustrating number of stupid bugs. I think I spend about an equal amount of time supporting them and the win98 users - at "near zero". Ditto our one and only XP user now that I've got the bugs ironed out. Most of my time is wasted supporting the MacOS 9 desktop publishing staff due to the nightmarish OS and apps involved there.
If you think Windows is hard to manage, try MacOS. ARRGGGGHHHHHH. MacOS/X is a little better, but still pretty awful IMO.
Microsoft is also pretty reasonable with CD keys etc compared to many companies. QuarkXPress and Adobe Photoshop both scan the network for other copies, interrogate them for their CD key, and refuse to run if they find it's the same. This makes image based installs impossible since they don't provide any way to install and configure the app, then "de-personalize" it so all you have to do to get it working is enter the CD key. (You can do this with Windows, BTW). Those apps are a nightmare and in comparison Windows looks absolutely lovely to manage.
I'm also finding my trials with OO.o and GNOME for our journalists pretty dismal so far. All sorts of weird bugs keep on turning up and I'm about to give up and get them Windows boxes. I use Linux at home without issues, but these uses can and do break stuff all the time.
In the end, I guess it comes down to picking the right tool for the right job. MS desktops, managed well, are OK. I don't like them, but they work. Especially if you lock IE down so hard the user can't even run it, and if they figure out how to run it anyway, can't visit anywhere or do anything. Too bad they cost so bloody much and still insist on bundling IE, Outlook Express (Yes you can remove it, but it'll be back every time you patch the damn OS), etc.
Well, the company I worked for was so large that they had there own IT maintenance company.
/.
... From a user perspective around 0 to 400 hours have been spent 'building' this computer.", so what did you do with the rest of the morning apart from a 10min phone call.
/.
at most we needed 2 people got the office to get the required skills base, so as a standalone company I'd say you need
1 person = 30 employees, or 1:15-1:40
3 people for 50+ employees, or 1:16
after that you can start to drop the ratios down quite quickly because you've got enough people for a reasonable problem.
'AM. Came into work, our email client was not working. ',....' Later arises the email server ran out of disk space.' isn't that the first thing you check?
Put quotas on all servers, and have them email you an alert when they start to run out of space or something sits at 100% CPU etc... also make sure all email accounts have a fixed quota, and try to make the quotas total no more than 150% of the disk space on the server.
This would have turned you Monday into an occasional job of fitting a new disk or emailing everyone holding lots of email telling them to clean it out or face the rm -rf *.
pm, browsed
"Someone complains they've not received the laptop
PM. Someone has a problem with ODBC drivers in an application they're using. Turns out the drivers client application drivers were out of date for the server application.
Lock down the clients, no problem.
Wednesday.
Thursday.
'Someone's computer reset overnight ', all computers should be turned off at night and screen locked when the user is away from them.
It is a fire and security hazard to leave a pc on overnight.
'They remember their password but not their username(!)',
How?, don't you assign someone a user name when they get the job and keep records. Also try looking on one of the access logs of a server they used to get the users name. Failing that you'll find it recorded in the windows system log, of the pc, logging as admin and take a look.
PM.
'User complains of persistent popups on IE on various websites'
I recommend locking down the workstations,
Patching shouldn't be critical, you do run a firewall, web proxy and filter all email don't you?
Friday.
'Network folders seem slow (30+ secs to browse a folder with few files).', Wins or network configuration problem, make sure all you subnets are ok, there are lots of free tools to do this, and it only takes an hour or so.
failing that it could be a worm spewing all kinds of crap. The system should have been configured correctly in the first place, locked down and firewalled off.
PM: Trouble receiving attachments in email. takes several hours to partically resolve.
Why do I expect that you get a lot of 'email' and 'network' related problems where you work?
Revised week....
Monday, recieved an email from the mail server, bills inbox is full, sent him a reminder to tidy it up or I'd archive anything more than 3 months old.
Total time for the day 5 mins.
Tuesday, one ten minute phone call. Explained that the laptop was 'non-standard' so we were taking more time to check the configuration was good so that they didn't have any problems with it later on.
Total time for the day 10 mins,
Wednesday.
nothing
Total time for the day 0 mins,
Thursday,
Looked up someones user name for them.
Time 10 mins.
PM.
Nothing.
Friday.
AM. can't say, but should take too long, shouldn't have happened in the first-place.
PM. again can't say because.
So, in a week you probably would have had to do at most a days work, if the system had been locked down and configured properly. Do the same with the rest of the sysadmins &co and 80% would be out of a job.
(a little better than the 70% I claimed to be able to save you)
thank God the internet isn't a human right.
Right, this IT Manager is also "chairman of the Open Source Development Lab's (OSDL) Desktop Linux Steering Committee". Basically he's a big ass advocate and therefore not a real reliable source of information.
For example:
"You don't get people going into their registry or other areas of Windows and tweaking things," Manning say
I've seen a lot of Windows networks, and having users tweak their registry is usually the last of your problems. FUD, FUD, FUD.
I agree with denying admin logins, but I can't think of any of my clients where this has actually worked - home users (visit 3 months later and they're back using admin and IE), small businesses (their apps need admin access according to tech support), larger businesses (poor head office management - everything from the login script to web apps want admin).
I use Macs to up my productivity, so up yours Microsoft!
Maybe you should admin some of those windows networks instead of just seeing them. Note it says "or other areas of windows". People CONSTANTLY fuck with anything and everything they can just to try to make admins brains explode.
First off, his comment on access to regedit is totally ridiculous for coporate environments. You can easily modify specific file permissions domain-wide, e.g. you can specify that users cannot run the regedit binary or msconfig. This doesn't prevent a user from downloading the regedit binary and running it off of their desktop, but it should still be a first step for a corporate desktop/workstation.
Linux is much easier to support. At MIT, their Athena environment for linux is completely automated. The workstations run cron scripts that update all their packages, which are globally available over afs. Users login, use software, log out. Admins _never_ visit the systems. MITs WinAthena environment is also similarly configured, configuration and development on Windows simply takes longer, as most software is not written with the assumption that user!=admin.
MIT has local running systems of both Windows and RedHat update servers. The difference in support here is directly related to IIS on Windows and Apache on linux, with IIS significantly harder to maintain.
Do you see the sig? Do you have it in your sights? Why yes, Miss Moneypenny...
Absolutely.
But we have an in-house culture. Quick, highly trained, effective people don't fit in to admin. There was one who once (infamously) tried to make a difference and was fired for "poor interpersonal skills", note that all IT staff had poor skills with him rather than the other way around. The reduncancy package was generous and NDA tight so no complaints. Senior managers oversee the broken situation and aren't willing to criticise themselves and those who are above them. Perhaps thats a top-down philosophy, the promotion routes are into those 'cool' areas like organisational security, rather than seeing admin as a valuable thing. Its sad.
Traditionally users in our company have little detailed IT knowledge. I have a little and it gauls me. Am I going to make a fuss about it? No. I have nothing to gain, right now, other than bad relationships; perhaps there's something to do if I move into managerial responsibilities, sure I could throw up a shitstorm any day, but that's going to be a full time job and I don't have the time so the BOHFs (well they give a bad name to that title) have to be persisted, for now. They're on a short tether.
You know you're going to get hammered by Monday-morning quarterbacks, don't you?
Like me:
Monday: Email client runs out of disk space. Obviously you should have a job checking for this on such a server. (I should talk - my babe pictures just filled up my Images partition...AND my Windows 2000 and XP root partitions are too small, so EVERYTHING has to be moved...)
Thursday: Someone forgets their user name!? Change the fucking username to something new!!! The admins can't find him and move his shit over to a new account? Jesus Baron Von Christ!
Thursday: Popups. Fire said admin - obviously clueless. For longer term success, dump IE - or at least install one of the fifty million popup blockers available for free.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Just curious, but do you use filtering systems? As someone else noted, a lot of support calls are PEBKAC, and the same goes in my experience working in a PC repair shop. I'm making a wild-assed guess that most known malware sites are being blocked by a content filter just because you have an almost 2000:1 ratio. I'll continue to guess and say that all e-mail is virus scanned server-side. If I am right, would you mind posting about which filtering systems have treated your team right?
I think that if we bought products from the company of every CEO that has slept in the Lincoln Bedroom, we'd have more prosperity, fewer terrorists, better return on our investment dollars, and higher executive bonuses that would trickle down to all layers of our economy, especially at American-staffed Mercedes and Lexus auto dealerships. So stay away from that Linux corruption. It's bad, very BAD!!!
DT
Is this thing on? Hello?
Maybe it's those ceyboards you're using that are the problem. ;-)
Blowing the trust fund on an utterly useless Microsoft certification makes you really sensitive regarding criticism of Windows, it appears. Most people using Microsoft Windows operating system are mostly clueless about computers, and the majority of techs supporting that operating system have been drawn from that pool of users. As a result of that the calibre of Microsoft Windows support technicians is significantly lower than for other operating systems. It's not just that they are used to a dumbed-down point 'n click interface...it's that they couldn't cope with anything else, which is why they were drawn to an OS such as Windows in the first place.
You've already got Zealotry and FUD, might as well add some Elitism on top. What a winning combo. Now take a shower.
Yes, I always look to schools as well for a great example about how good the support can get (not!). /sarcasm off
The Mac had NO firewall and sustained the same number of hack attempts per hour that Windows XP did. It was not hacked in two weeks of constant attempts.
l og y/2004-11-29-honeypot_x.htm
.01% of the desktop market.
http://www.usatoday.com/money/industries/techno
Proof that a solid and secure OS that is NOT popular has the same number of hackers trying to get in. I think apple has
Your Average Joe
Computer And Chair
:-)
Call it the Brittish spelling if you wish
sigaar
Well, it just goes to show. Management often don't, but always get paid.
I should imagine that there was a 'what's this IT' stuff attitude in the company and instead of taking a more 'scientific' approach to the situation they went for a , 'but we can pay someone in-house and do the work for less' but didn't realise the infrastructure you need in place to manage in house maintenance.
Most companies never promote, when someone leaves they just create a slightly different job and employee someone new. The ones that do promote promote you for being good at your job, when you stop being good at your job they stop promoting you. In the end there are only people who can't do their job.
I would suggest if you want 'promotion' get a 'better' job at a different company, otherwise save some money and buy a house, and sit it out.
thank God the internet isn't a human right.
"Monday: Email client runs out of disk space. Obviously you should have a job checking for this on such a server."
You should setup quotas so that it can 'never' happen.
"Change the fucking username to something new!!! The admins can't find him and move his shit over to a new account?"
That's probably why they couldn't find the username in the first place.
"or at least install one of the fifty million popup blockers available for free."
Why would you want to do that on a office workstation, those kind of sites should be firewalled off.
thank God the internet isn't a human right.
Are your users using their windows boxes as word processing/email/web terminals? I interpreted the article to mean that the users in question were engineers.
I'm an engineer, and I have complete control over the Linux machines and the one lonely windows box in my cubicle. I don't let the IT monkeys play with my computers any more than I would let one poke around inside of my oscilloscope. They are engineering tools, not word processing terminals. I feel sorry for any engineer who doesn't have that arangement.
Ok, so someone explain to me why Cisco's web-based and desktop-based management tools are almost always Windows-only? Not only Windows-only, but frequently don't run right under anything but Internet Explorer.
Guess I'll continue to stick to CLI and console cables for configuration and management.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
Well said =)
I like being in control of my workstation, but even as an IT engineer for the corporate network I submit to not being able to do so to the benefit of the companies ability to manage the computer environment effectively.
My guess is that this guys' engineering company is small beans if the engineers were able to raise enough stink to get a descision like that reversed.
- It's not the Macs I hate. It's Digg users. -
Cheers.
I'd agree. I'm just a user so I get to sit and laugh (or groan) at what goes on. Its frustrating knowing a just a little yet watching the incompetance.
Windows is installed on the hard drive, a bad idea.
Linux can just run from a cd. Here's mine.
They want something else, just cook up a new version, and pass out CD's.
I run windows and 250+ clients alone.
At linux, we have 4(!) support engineers.
Now you've got some engineer earning six figures whose salary is being spent in playing with software instead of working on projects that earn revenue for the organization.
As opposed to that same engineer earning six figures who is effectively cripled because IT does not have the problem domain knowledge of the software which would aid said engineer's productivity.
Surely, if the software is considered valuable to productivity, it should be up to the organization to identify it, obtain it, and maintain it in a consistent and reliable manner.
Determined by whom? The engineers who understand the problem domain or IT who cannot recogize most of the vocabulary?
90% of the crap that I have to clear up got onto the computer through IE. We do not have Outlook which would change that figure considerably but I wish people would stop using IE. I do not have the authority to insist that people stop using IE but I have installed firefox on all the machines and were it used to say 'Internet Explorer' across the bar at the top of IE it now says 'Firefox is better'. People talk about locking down but there are always new expoits for IE and no, firefox will become as bad as soon as it becomes popular as it does not work the same way.
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Not too far from the truth. Some time ago, I heard from a Cisco engineer during the whole Microsoft + Cisco DEN (Directory Enabled Network) effort, Cisco was going to use AD, and licensed and ported AD to Solaris and possibly AIX and HP-UX. Cisco was ready to go and Microsoft was not, so they were not allowed to release. So, Cisco went LDAP for their DEN efforts.
Most, if not all of Cisco's other server products are now being ported to run on Linux on "appliances".
Okay some people aren't going to appreciate the logic but it all sounds bang on to me.
Servers and network infrastructure beyond the "activate the data drop by putting a cat-5 cable between the patch panel and hub" are handled by another team. We don't install data drops or work directly with servers. We do work with accounts as necessary sometimes, a "user administrator" kind of position.
There is a helpdesk, but there are no trained computer people on it. Training at the helpdesk consists of another helpdesk person showing one the ropes, so most of the time they end up simply taking workorders. They can usually walk a user through Eudora or through some weird Office quirk, but that's the limit.
Do not look into laser with remaining eye.
can cisco start the trend of being able to buy laptops from vendors -without- paying for a damn windows license that you don't want?
What doesn't make sense is to download this role onto individual users. That never makes sense in an organizational setting. It may make sense when there is no organization, no resources in common, no computing infrastructure. Under those circumstances, of course, people are free to do whatever they want.
But if I'm providing your computing environment, no, sorry, your claims that as an engineer you "understand the problem domain" of computing infrastructure better than my computing staff are not something I'm likely to entertain. I didn't contract with you for that function. I hired them for that. If I hired the wrong people (as happens often enough) the correct solution is not for you to take over that function. The solution is for me to hire competent people.
Parity: What to do when the weekend comes.
Um...no. I use linux on my new Dell M-60 laptop. Though I removed WinXP to give all the space to Linux, I still had to buy Windows to get the laptop I wanted. Me thinks that this doesn't hurt Windows one bit!
"understand the problem domain" of computing infrastructure
That's not the problem domain the engineers are paid to understand.
Do you have any idea what it is that engineers do?
And he's not the CEO any more - what's his new job title? Chairman?
Now I vaguely recall the ballmer-chimpanzee video. It was a brilliant joke.
People who dislike China tend to mention Tiananmen Square a lot, but they always forget the Tank Man is also a Chinese.
I just started working at Cisco, and awhile back, I gave up asking help desk for support. They often take 3 days, and if its a stupid request, they will just close it. I've found its easier to just figure it out your self and all help desk seems to do is create accounts.
Comparing being an IT support guy for Windows vs. Linux is like comparing being a mechanic for Chevrolet owners cs. Lotus owners... the latter are SO much more knowledgeable about how their cars work, that they can take care of 90% of their own problems. Of course, they can REALL F*ck things up if they creative. Life is a tradeoff ;-).
The disjointed department doesn't work too efficiently. We aren't blocking known spyware sites, because while IS maintains the firewall hardware-wise, another department comprised of certified teachers maintains control of the filtering rules. We do scan email now, but it didn't happen for a long time and we had a lot of problems before it finally got started.
Spyware is a huge problem right now, because we have no effective way of fighting it. I end up using free tools to remove it from almost every PC that I work on, sometimes hundreds of components across a couple dozen packages. It's really frustrating.
Do not look into laser with remaining eye.
Another strike against desktop and server flavors of windows come with very little built in administration tools. Outside the resource kit, nearly everything else is 3rd party. This is one real advantage of nix, because of its wealth of free and built in admin type utilities.