Saturday, September 17, 2005

Eggs and Baskets

I've long been a believer in the adage, generally attributed to Mark Twain's Puddin' Head Wilson, "Put all your eggs in one basket and -- WATCH THAT BASKET." For example, given limited technical resources and great technical demands, we opt for a single supported standard desktop OS and a single standard server OS. Sure Linux is a great OS, and I've run it on both servers and desktops (and even continue to financially support Mandriva ), but we just don't have the resources to adequately support and reliably secure two or more OSes on our machines. We can, and have, done that with a Windows-only system.

Now I am not interested in fueling the religious OS war, and the OS is not the point of this posting, but it is an example of how I have chosen to operate. For the most part, that mode of operation has been pretty successful. I have recently had to reconsider exactly what is meant by "WATCH THAT BASKET", however.

The last few months at Vermont Academy have been terribly grueling owing largely to the failure of two other companies on whom we have depended heavily to perform in what I consider a satisfactory fashion. In both cases, they were a partner on whom we have counted to work with us and for us but who failed to do so. We are still trying to recover from the impact of these failures. (This is also the explanation for the lengthy dry spell in postings here.)

The first situation that caused us problems was with the vendor on whom we depended for our wireless network. They helped us design the network and were a vital partner in ongoing security work and extensions of the network. Their work had always been first-rate and was consistently done in a timely fashion. Late in the spring we requested their assistance with a significant change in the security settings and policies of our wireless system, one which required a good deal of planning and the reconfiguration of much of our networking equipment and all of our Tablet PCs. We planned the work to begin in June and to be completed mid-summer to give us ample time to work out any bugs in the system before the start of school.

At about this time, the company with whom we worked was acquired by a larger regionally well-known company with a good reputation. While some things about this acquisition and the policy changes that we saw implemented gave us concern, by and large we felt (and were assured) that business would generally continue as usual.

However, when June rolled around, we found that our project was to be somewhat delayed. Here is where I made my first mistake in not watching this basket carefully enough. I accepted this delay and didn't begin to think about finding an alternate vendor for this project. After all, I had worked with some members of this company for nearly 20 years and had never been let down. Plus we had ample time still to complete the project. So I waited for them.

By the time July came, we still had not seen any progress and were in fact not even receiving timely returns of phone calls. I did begin to be concerned at this time and we began to do some of the work on this project ourselves, spending precious time doing research and planning that we had expected to be doing in concert with the more knowledgeable folks from our vendor. We did in fact come up with a good plan for the project and one of my staff was doing good research on what would be required to make it happen.

Still, I would have been wiser to find another vendor to come in and work with us. The thought of paying someone to come in and learn our existing system and network before they would be able to help us deterred me and I still held out hope that this vendor would come through in the end.

They did not.

We ended up doing the lion's share of the work ourselves--at great cost of attention to other important jobs. In addition, the work, while completed, was completed too late to analyze all of the points of impact that were unforeseen. We spent the latter part of August finalizing the implementation and the first two weeks of September (after students had arrived) eliminating most of the bugs. We are still dealing with a few of them. We have had more than a few dissatisfied students and faculty when they had the inevitable connection difficulties.

One lesson I learned from this is that watching the basket may actually mean having a second basket handy in case the first one breaks. Or maybe this is a case where putting all the eggs in one basket doesn't work. Going forward, I hope to have at least two vendors on whom I can depend for such critical parts of our business. I don't know yet how I can do this, or who those vendors will be. (One disadvantage of being so rural is that our choices are limited.) I hope to find vendors any of whom could do all of what we need, but to use them in a more limited fashion so that we don't rely exclusively on any one of them for everything. Then if one lets us down, we will have another to whom we can turn on short notice.

The other major situation is a bit more problematic to resolve. We have a vendor to whom we don't have a realistic alternative--Microsoft.

Our plan for the start of the school year was to create a master image of our Tablet PCs and ghost that image onto both new and returning Tablets. We did this last year and the process worked flawlessly.

We usually go through a couple of iterations of the master image, to give us time to build it and test the process and to test the image itself and see what refinements we need to make. We started this process at the beginning of August, which left ample time for the iterative process to work and for us to then put that image on all of the new machines. Immediately after the first image was built we hit a wall.

As best I can determine, back in February of this year Microsoft made a change to the Windows Product Activation process that made it so that images made from OEM CDs could not be activated over the Internet. Since we built the image from the HP CDs that came with the Tablets, we ran into this problem.

Activating by phone was an option left open to us, but that is a time-intensive operation and we had in the vicinity of 150 machines that we would need to reimage and then activate by phone.

I spent much of my time over a two week period trying to find an adequate resolution to this. I suppose if we had been a bigger company, or perhaps a more prestigious school, we could have had more assistance from Microsoft, but we got precious little. The information offered online is sketchy at best and difficult to find. The best assistance we got was from the man at HP who has been so helpful with our hardware problems. He went above and beyond the call of his responsibility to us to help with the resolution of this problem.

From what I have been able to find out so far, MS appears to expect those in this situation to purchase a volume license for the machines and use the VL media to create the image. Images made in this fashion are exempt from the WPA process. Since we have already purchased a license for Windows for these machines, this is a less-than-satisfactory answer.

Without going into great detail, we did manage to resolve the problem and got the machines reimaged. We paid a price, however, in that we didn't have the time to test and refine the image as much as we would have liked and have seen the consequences of that omission. (The fact that this all occurred at the same time as the previous problem made matters worse still.)

I don't know what the long term answer to this one is. We can't drop Microsoft for someone else. There is no one else. Besides, their product is the one we want. The Tablet PC OS is one of the best operating systems around and does exactly what we want.

The real solution, I think, is for Microsoft to trust their customers and eliminate product activation from their whole product line. The only ones affected by it are those of us who try to do things legitimately. If I had been a bootlegger, this would have been an easy problem to resolve. But I'm not, and it wasn't, and we and our students are paying for it.

I'll continue to watch this basket as best I can and keep looking for a better solution for next year. I wish Puddin' Head Wilson had some counsel on this one.


Anonymous Alfred Thompson said...

I sure do agree that there should have been a better solution for you. And I'll see if I can find one or get one developed for the future. But I am not so sure that doing away with Product Activation is the only or the best solution. It's not that Microsoft doesn't trust cutomers, rather it is that there are a lot of people selling computers and software that has not been paid for to unsuspecting people. Those are the people Product Activation is out to stop.

10:26 PM  
Anonymous Chris Brandt said...

I've got 30 tablets to roll out and was planning on using Ghost for this process. I've only unpacked one of the tablets so far and I wasn't asked to activate it. The only problem that I can potentially see is that all of the tablets would have the same product key.

Do you see this being an issue with WGA? Any other problems?

10:42 AM  
Blogger Mark Payton said...

Alfred-First, thanks for your comments. My experience with copy protection (which, ultimately, is what WPA is) has always been that legitimate users and casual bootleggers are the only ones who suffer. Everyone with a financial vested interest in bootlegging can find a way around it. I saw this all the way back to the days when Lotus 1-2-3 first tried (and later abandoned) copy protection. I don't think the savings from the casual copier justifies the cost to the legitimate user. I understand Microsoft's concern about lost revenue, but I believe MS would fare better by avoiding user alienation.

Chris-With only 30 Tablets you might be able to get by with the phone activation, or you might even be able to have your users do it. When you run sysprep prior to ghosting, you strip out the activation code so that each machine will need one entered after the image is put on. At least that was our experience. Windows accepted the product key from each machine, but WPA rejected us.

The other big problem we had was with returning students who did not bring their Office and OneNote license keys with them when they came back to school. We reimaged their machines and they couldn't use any Office App until they could get someone at home to locate their CD case and give them the number. With new installations this won't be a problem. Once again, copy protection bites the legitimate user.

9:05 PM  
Blogger Mark Payton said...

At risk of opening myself to flaming from legions of rabid fans of other OSes (which shall remain nameless), I want only to comment that recent public security problems with other systems convince me even more of our approach on this. I've been waiting for public cross-OS exploits for a while (there have been a few low profile ones, but nothing huge) and this article in eWeek Security Watch is exactly that:

Cross browser, cross platform and thanks to code NOT written by Microsoft.

9:00 AM  

Post a Comment

<< Home