2 — Deploying in Large-Scale Environments

[Previous] [Next] [Contents] [Index]

This chapter provides information about deploying PC-DCE in a large-scale enviroment and includes the following sections:

2.1 General Strategies
2.2 Installing PC-DCE on Multiple Systems
2.3 Configuring PC-DCE on Multiple Systems

2.1 General Strategies

Consider employing the following strategies for expediting and simplifying large-scale client installations and upgrades:

• Keep the upgrade manageable by staggering it. Perform a limited number of upgrades at a time so that you can validate a group of systems before upgrading the next group.

• Use an automated distribution tool (Section 2.2.2).

• Perform manual installations of lightweight clients, rather than performing the PC-DCE installation procedure on each system (Section 2.2.3).

Either DCEsetup or PC-DCE Configuration Panel can be used to configure DCE cells. Refer to their respective online help systems for information on using either of these tools.

2.2 Installing PC-DCE on Multiple Systems

While installing PC-DCE on a single system is a straightforward task, upgrading in a large-scale environment can present challenges. You may need to configure hundreds of PC-DCE client systems. You may be deploying PC-DCE as part of an upgrade that includes multiple software products. Or, you may want to limit the installation tasks that users are asked to perform.

This section describes:

2.2.1 Controlling Bootup After Installation
2.2.2 Automated Distribution Tools
2.2.3 Manual Installation

Once installation is complete, you must then configure PC-DCE clients into a cell (see Section 2.3 on page 23).

2.2.1 Controlling Bootup After Installation

By default, the installation program prompts the user to reboot the machine after installation. If you are using scripts to deploy software and wish to modify this default behavior, you can use the following options when running setup:

C:\> setup autoboot — The installation program automatically reboots the machine. It does not prompt the user.

C:\> setup noboot — The installation program does not reboot the machine and does not prompt the user.

2.2.2 Automated Distribution Tools

When PC-DCE client software needs to be installed on large numbers of systems, you can take advantage of tools that automate software distribution, such as Seagate Technologies Wininstall software. This option works for both full and lightweight client deployment.

This program takes a snapshot of a system on which PC-DCE has been installed, and packages it for distribution. When a user boots up and maps to the package's location, the model PC's configuration is duplicated on the user's system.

After installation is complete, configure each PC-DCE client into the appropriate cell (see Section 2.3 on page 23).

2.2.3 Manual Installation

When you need to deploy lightweight client configurations on large numbers of systems, you can write a program or use a utility that performs a manual installation of PC-DCE on many systems at once. This requires an initial investment to create the installation program, but ultimately saves time, because you do not have to install on each desktop individually.

NOTE: Because performing a manual install involves making entries in the Windows registry, you must have administrator rights to the Windows systems involved.

There are some differences in the available options between Windows 2000, Windows NT, and Windows 98:

• Windows 2000 and Windows NT allow more control over freeing the PC-DCE-related DLLs, which means a tool like Microsoft Systems Management Server (SMS) can simply stop PC-DCE, move the new binaries into the \pcdce32\bin directory, and start DCE again.

• With Windows 98, stopping PC-DCE does not free all the PC-DCE-related DLLs. For that reason you have to run setup.exe to upgrade PC-DCE. setup.exe can allow the install to go unattended, meaning if you already have PC-DCE installed, it will not prompt for any input and does not require a reboot on completion.

To manually install PC-DCE, first complete the standard PC-DCE lightweight client configuration on one system. Refer to the PC-DCE Installation and Release Notes for instructions. Use this system's configuration as the model for the other systems you are deploying.

Use the following instructions to create a program that installs PC-DCE on each system:

1. Create a top-level PCDCE32 directory on the system.

2. Copy all PC-DCE files from the model system into the target system's PCDCE32 directory, maintaining the directory structure (bin, opt, krb5, etc.). The Samples and Docs directories may not be needed on all systems.

3. Copy the file dce32_ctl.cpl into the directory:
   • For Windows 2000 and Windows NT — operating_system\system32 or operating_system\system root
     
   • For Windows 98 — Windows\system
     

     dce32_ctl.cpl is the PC-DCE icon that appears in the Control Panel.

4. If you are running a version of PC-DCE prior to 2.2, create a PCDCE32\licenses directory. Copy the license file (rtNT.lic or rt95.lic) from the model system into this directory on the target system.

5. Modify the PATH environment variable to include the PCDCE32\bin directory.

6. Add the following registry keys and values into the Windows registry key HKEY_LOCAL_MACHINE\Software\Entegrity\DCE\Configuration:

   BoundDCERefcnt — Assign a value of 0 and a data type of REG_DWORD:

   BoundDCERefcnt:REG_DWORD:0
   

   DCEDir — Enter the top level PCDCE32 directory and assign a data type of REG_SZ:

   DCEDir:REG_SZ:c:\PCDCE32\
   

   DCEInstallType — Assign a value of 0x0000000 and a data type of REG_DWORD:

   DCEInstallType:REG_DWORD:0x0
   

   InstallType — Assign a value of 0x0000001 and a data type of REG_DWORD:

   InstallType:REG_DWORD:0x1
   

7. Add these Entegrity DCE services using the win32 API call CreateService. Use the following parameters:
   • Display string — PC-DCE for Windows
     
   • Service Name —DCE (might be DCE or NetCrusader/DCE)
     
   • Binary — DCE top level directory\bin\dce_service.exe
     

     Also set the following flags:

   • SERVICE_ALL_ACCESS
     
   • SERVICE_WIN32_OWN_PROCESS
     
   • SERVICE_AUTO_START
     
   • SERVICE_ERROR_NORMAL
     

8. If the system is running Windows 2000 or Windows NT, you must go into the registry and configure a dependency on RPCSS for the DCE service. Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Entegrity DCE, add the DependOnService value REG_MULTI_SZ:RPCSS.

   NOTE: Because this registry entry is triggered by a periodic system process, there may be a delay before it is visible.

9. If integrated login is required, the network provider interface needs to be set up in the registry as follows:
   • Add ntdcelgn to the end of the entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder. For example:

           ProviderOrder:REG_SZ:LanmanWorkstation,ntdcelgn
     

   • Add the key ntdcelgn to HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services.

     To the ntdcelgn key you just created, add the key NetworkProvider.

     To the NetworkProvider key you just created, add the following values and data:

     Class — Assign a value of 0x00000002 and a data type of REG_DWORD:

           Class:REG_DWORD:0x2
     

     Name — Assign a value of PC-DCE/32 Integrated Login and a data type of REG_SZ:

           Name:REG_SZ:PC-DCE/32 Integrated Login
     

     ProviderPath — Assign a value of DCE top level directory\bin\ntdcelgn.dll and a data type of REG_SZ:

           ProviderPath:REG_SZ:d:\PCDCE32\bin\ntdcelg.dll
     

After installation is complete, reboot the system and configure it into the appropriate cell.

2.3 Configuring PC-DCE on Multiple Systems

After you install PC-DCE on all required systems, you must configure each client and add it to the appropriate cell. You can use one of the tools described in this section, or you can write your own program (such as a TCL script) to perform the tasks involved in configuration, such as contacting the CDS server and copying entries to the system.

2.3.1 How to Designate a Local Configuration Administrator
2.3.2 Using the Client Configuration Tool

2.3.1 How to Designate a Local Configuration Administrator

NOTE: Also called Split Configuration. Other Entegrity products, DCE for Linux and DCE for Tru64 UNIX use a similar term for something different. There, split server configuration is where the CDS and Security master servers are on different hosts in a cell.

preconfig.tcl allows local administrators to configure a full client without needing the cell administrator password. It also preconfigures each host to recognize the host-configuration permissions of these local administrators. To set up local configuration, the cell adminstrator follows this procedure:

(Numbered steps below correspond to the installation script prompts.)

1. Log into DCE as cell administrator.

2. Type dcecp. At the dcecp prompt, enter:

   dcecp> source path_to_Pcdce32/opt/dcelocal/dcecp/preconfig.tcl
   

3. At "Enter the fully qualified domain names of the hosts you want to preconfigure:"

   The host names must be separated by spaces only. In the example below, the cell administrator is preconfiguring foo.bar.com and my.machine.edu.

   foo.bar.com my.machine.edu
   

4. Enter the name of the entity to which you want to grant host-configuration permission. This can be the name of a group or a principal.

   In this example, the entity name is local_admin.

   local_admin
   

5. Distinguish if this entity is a group (g) or a principal (p)."

   The principal is who will perform the final configuration on the host machines listed in Step 3. If the name in step 4 is a group name, then the principal who performs the final configuration on the host machines must be a member of the specified group.

   g (or p)
   

6. Enter your cell-administrator password:

   cell_admin_password
   

7. At "Do you wish to add NetCrusader/Web support on all of the hosts specified above? (y/n)," For DCE only, answer no:

   n
   

   (This is the same script used by the NetCrusader product, and this option does not apply to DCE. If you anticipate configuring NetCrusaderWeb, you can answer yes, and follow the directions in the NetCrusaderWeb Installation and Configuration Guide)

8. Inform the local administrator that the host machines listed in Step 3 above are ready to be configured into the cell.

The local administrators can now configure clients in the cell. See the PC-DCE Configuration Panel help file for information about configuring clients. See the PC-DCE Overview Guide section 1.3.7 for prerequisites.

2.3.2 Using the Client Configuration Tool

Entegrity provides a command line client configuration tool. If you have multiple clients to configure, this option may be preferable to the graphical PC-DCE configuration tool (the PC-DCE Configuration Panel, accessible from the Windows Control Panel).

The command-line configuration tool provides more flexibility in how you choose to implement it. For example, you can write a program tailored to your environment that calls the command line configuration tool and automatically configures users' systems with the correct client information (see the sample in Section 2.3.2.1).

This tool is found in the install_dir/samples directory. There are two files:

• dcecfgng.exe — Command-line configuration tool.

• sample.cf — Sample configuration file from which dcecfgng reads configuration settings. Sample.cf describes the values you can input for each option. Use a text editor to customize the settings in the configuration file as your environment requires. To retain the original sample configuration file, save it with another filename and edit the renamed copy.

dcecfgng provides the same client configuration options as the graphical PC-DCE configuration tool (the PC-DCE Configuration Panel, accessible from the Windows Control Panel). If you have questions about any of the command line client configuration options, you can refer to the PC-DCE Configuration Panel online help for information.

To run the command line configuration tool:

1. Customize the sample configuration file. If you are configuring over an existing PC-DCE configuration, make sure that the OnConfigExists setting is set to Proceed.

2. To run the configuration program, from the DOS prompt run dcecfgng.exe with the options -cf config file and -pw cell_admin_password. For example:

   c:\ dcecfngu.exe -cf maple -pw -dce-
   

   Note that dcecfgng requires the cell_admin_password for lightweight client configurations as well as full client configurations.

   The configuration program may take a few minutes to complete.

One example of using dcecfgng to configure multiple client systems is to write a program that runs dcecfgng with the command line options. Place the program, along with dcecfgng and the sample.cf file on a Windows 2000 or Windows NT server that client systems can access.

Clients map to the server and run the program, which executes dcecfgng using your customized configuration (.cf) file settings. This updates the PC-DCE configuration and Windows registry entries on the client system.

dcecfgng requires the cell_admin password to be passed as an argument. If you are concerned about users potentially viewing the password, you can write a program (such as a Visual Basic® program) for users to run, which in turn runs the program that is stored on the server.

[Previous] [Next] [Contents] [Index]

To make comments or ask for help, contact support@entegrity.com.

Portions of this document were derived from materials provided by Compaq Computer Corporation. Copyright © 1998-2003 Compaq Computer Corporation.

Copyright © 2003 Entegrity Solutions Corporation & its subsidiaries.

All rights reserved.