Product Reviews

Deployment Done Right

Specops Deploy 3.0 puts you on the right road to effective software deployment with Active Directory.

Many companies have developed software deployment tools, but few have done it as simply as Special Operations Software. That simplicity is what makes Specops Deploy so attractive.

When Microsoft first developed Active Directory technology more than five years ago, it included the ability to deploy software as part of the IntelliMirror strategy for Windows 2000. Microsoft then proceeded to build and upgrade Systems Management Server (SMS) to version 2003, leaving AD's software deployment capabilities as they were.

Microsoft's approach was that you could use AD for software deployment, but you wouldn't have special features like delivery reporting, legacy software delivery, bandwidth control and delivery server control. If you wanted these features, you'd have to upgrade and use SMS.

The problem with this strategy is that if you've already gone through all the work it takes to set up an AD architecture, place domain controllers (DCs) strategically throughout your network and make sure data replication is working properly between all the DCs, you'd have to scrap it and start over again with the SMS architecture. That's the beauty of Specops Deploy: There's no additional architecture to build because it piggybacks on the AD architecture already in place.

Specops Deploy is a set of AD-integrated additions. Make a couple of changes to the Group Policy Object (GPO) editor, some GPO client-side extensions, and a new set of services for the deployment server and you're done. It can be as simple as that if you'd like.

If you want to make sure your deployment practices are as fine-tuned as possible, you'll probably want to add managed delivery servers, set up through the distributed file system (DFS). You might also want to make sure the Background Intelligent Transfer Service (BITS) version 2.0 is loaded on your clients. You can do this through Specops, and it will help control bandwidth usage during deployments.

Installing Specops Deploy is much simpler than installing SMS. The tabs on the startup screen (see Figure 1) tell you what to do and guide you through the process. You'll need the Microsoft Message Queuing service (MSMQ) and your original Windows Server 2003 installation CD. Besides that, it's a breeze. For a database, you can use the built-in Microsoft SQL Server Desktop Engine (MSDE) database or point it to an existing SQL Server 2000 database server. Once this step is complete, you're ready to go.

Figure 1. You install Specops Deploy through a simple tab-based interface that guides you through the required steps.
Figure 1. You install Specops Deploy through a simple tab-based interface that guides you through the required steps. (Click image to view larger version.)

Because Specops runs through Group Policy, it won't work with or manage machines running versions of Windows prior to Windows 2000. One nice feature of Specops is that unlike AD's basic deployment features, it supports legacy software deployment, not just MSI or Windows Installer-based software. And because it's based on AD, it doesn't need to run a physical inventory to discover target devices because they're already listed in the directory. It's really that simple.

Installation 20%
Features 20%
Standards 10%
Deployment 20%
Support for Delegation of Administration 20%
Documentation 10%
Overall Rating:

1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

Stand and Deliver
Delivering software with Specops Deploy is a straightforward process. Select or create a GPO, identify the targets (computers, users, groups or sites), select the package and deploy. It's as easy as 1-2-3 (see Figure 2), and you won't need to learn any new tools because you're doing it through Group Policy.

For larger organizations, Specops has a special administrative console you can send out to operators to delegate software distribution duties. This lets you have additional operators managing software deployments, even if they don't have access to the Group Policy consoles. Specops also provides great reporting on software delivery. Reports let you drill down on any issues so you can see exactly what happened and why.

There are a couple of caveats. First, Specops runs through GPOs. That means it uses the default 90-minute GPO refresh policy on workstations and member servers. If you want your deployments to happen faster, you might consider changing this default AD setting. Also, Specops doesn't yet include an inventory module for tracking information like manufacturer, processor, software installed and so on. However, Specops claims that a fully functional inventory option will be part of the next release.

Figure 2. Specops Deploy works through the Group Policy Editor or its administration client (as shown here). Either way, the interface is simple and straightforward.
Figure 2. Specops Deploy works through the Group Policy Editor or its administration client (as shown here). Either way, the interface is simple and straightforward. (Click image to view larger version.)

Specops begins the installation process by downloading the installation files to the local machine before actually installing the software. If you're using BITS 2.0, this shouldn't be a problem because it trickles down the installation, being wary of bandwidth. That's why it's important to deploy BITS 2.0. Once on the workstation, you can either leave the installation files intact or remove them. The former is useful for mobile computers that need access to original installation files when something goes wrong and they're no longer connected to the corporate network.

Overall, Specops Deploy is a simple and straightforward software deployment tool. It offers a number of advantages over Microsoft's SMS:

  • Deploy uses AD to the fullest, returning some of the investment you made to set it up in the first place.
  • Because it runs through AD deployment, it fully supports automated uninstalls when computers fall out of the scope of management. With SMS 2003, you need to create a new deployment job to remove software.
  • At $19 per machine, it's inexpensive.
  • It uses either existing tools (the GP Editor) or a separate, easy-to-use console that requires little operator retraining.
  • It supports Windows Installer on mobile machines (SMS 2003 needs to be configured).
  • It uses existing server locator records stored in AD, so unlike SMS 2003, it doesn't require any schema extensions.
  • It provides excellent feedback on software deployment in a very simple way and in real time.

Special Operations
Software is in a small group of Active Directory providers that know how to add value without adding complexity. Microsoft should take a long hard look at this product and think about why it made SMS as complex as it did. Sure, SMS has to support legacy networks: Once you've moved beyond Windows 2000, though, why not use a native AD deployment tool?

About the Author

Danielle Ruest and Nelson Ruest, both Microsoft MVPs, are IT professionals focused on technologies futures. They are authors of multiple books, including "Microsoft Windows Server 2008: The Complete Reference" (McGraw-Hill Osborne Media, 2008), which focuses on building virtual workloads with Microsoft's new OS.


comments powered by Disqus

Subscribe on YouTube