Boot image control
A boot image control strategy is a common way to reduce total cost of ownership in organizations with large numbers of similar computers being used by users with common needs, e.g. a large corporation or government agency. This is considered part of enterprise application integration in larger shops that use that term since applications are part of the boot image, and modify the boot image, in most desktop OS.
Windows Vista includes tools for boot image control, displacing third party tools. Mac OS has always had more flexible handling of boot drives, simplifying control and reducing the need to move boot images around between drives. Increasingly, boot image control is a network operating system function.
Economics
Very often a large computer vendor is required to explain in a bid in response to an RFP how they intend to simplify the purchaser's boot image control problems and the attendant service costs:
The total cost of ownership correlates strongly to the total number of different images, not the total number of computers, so this is a major cost concern. Three basic strategies are commonly advised:
- a single base boot image for each type of computer in the organization, customized by each user with no central control
- a thin client strategy where the smallest possible boot image is used, typically one that does not include a full operating system
- a departmental boot image strategy where a base boot image is customized with applications to fit each group of users, but, the users do not have the ability to upgrade or alter the configurations
Thin client strategies
Organizations that do not closely track, control and set common standards for, acquisition of new computer hardware, typically can only practice a thin client strategy.
Which strategy will reduce total cost of operations the most depends on several factors:
- whether the capabilities of a full operating system are required, or just those of a thin client
- whether applications with inflexible software licenses are in use that must be paid for not only if they are used, but even if they are only installed
- whether poorly-behaved applications that interact badly are in use
- LAN or removable disk limits that make it easy or difficult to do re-imaging on demand
More complex departmental boot images
While the departmental boot image strategy seems to be the most flexible, the complexity of creating and managing several large boot images, and determining when a department needs to upgrade its applications, can easily outweigh these. Especially if users object and try to subvert the discipline of waiting for a regular boot turn to upgrade all machines at once. If each user is allowed to do this on their own, then, the discipline soon degrades into effectively a bunch of home computer whose issues are not really diagnosable nor comparable to each other. In which situation thin clients may become the only practical answer:
Many organizations use thin clients for applications which require high security, involve unreliable users or repurpose older machines for continued use. This much simplifies boot image control by facilitating centralized management of computers, and has many advantages:
- since servers manage clients and the local environment is highly restricted (and often stateless), providing protection from malware, support costs are reduced
- since no application data typically resides on the thin client (it is entirely rendered), it is securely stored on network drives upon its creation
- since disk, application memory, and processors are minimal in thin client hardware, they go obsolete slowly and cost much less
- since they are not as useful as ordinary computers they are of less interest to thieves
While control of the images is simpler, there are disadvantages. Thin clients:
- require more network bandwidth
- require more host computer power and must typically be served by much larger host boxes
- typically cannot run arbitrary Windows, Linux or Mac software
- perform poorly in multimedia applications or games - an advantage in many business environments
Many organizations try to gain the advantages of thin clients without the disadvantages by treating many very standard machines as if they were terminals, but with very much greater capabilities. As they buy new computers, they put the demanding applications on those.
Boot turns and re-imaging
Administrators perform a regular (often bi-annual) boot turn that re-images many older, off-spec machines at once so that new hardware can be deployed for higher-end use. This procedure is called cascading: the oldest hardware is repurposed with simpler software to let it continue in use for some less demanding or more access-controlled applications, but subjects it to much more rigorous control to minimize the number of images.
The total cost of operations correlates strongly to the total number of different images, not the total number of computers. To minimize the number of images requires additional discipline:
- Specify the computer hardware to minimize unneeded machine diversity and minimize the resultant number of boot images.
- Upgrade new machine specifications at low additional cost so they remain useful longer, reduce the incursion of off-spec machines later in the life-cycle, improve standardization, reduce support costs, minimize e-waste with longer lifecycles
- Organize the network so that boot images can be efficiently supported and swapped, independent of data.
- Data must not be dependent on boot devices - use networks to store data on secure servers so that data recovery is literally never required even in a disaster recovery situation
- Confirm, by hardware acceptance testing on each new machine, that it runs the standard boot image
- Any machine that does not must be considered to be dead on arrival
- A strict installation regime to ensure that only supportable standardized boot images are used and any machines that connect to the network for the first time with a nonstandard image are detected and rejected
- Diagnostics and troubleshooting so that help desk and other technical support staff can employ standardized tests to identify the source of problems: boot, software, or hardware
- Ideally, backups on hand of the boot image, or even spare identical computers that can quickly be booted up from the boot device in question to determine if it is a hard disk, computer or software/image problem.
- Common desktop system recovery tools and procedures for failed desktop units, typically using backup copies of a boot image created with utilities
- Rapid network recovery procedures that replace a backup boot image in a few minutes or less, with considerable cost savings over using DVD, CD or floppy disk media which require human attention
- Ensure services for the disabled are on every departmental boot image that require them, or in the thin client hardware and software itself, to accommodate these users in a manner that is ubiquitous and cost effective.
- Support telework and secure off-site system access procedures in the standard boot image
- Encourage teleworkers to buy identical machines to those in the office or use thin clients exclusively
- Facilitate worker transfer by changing boots or authorizations instead of moving the actual computer
- Install thin clients on all off-spec machines to eliminate the need for special boot images for them, and subsequent diagnostic problems and data risks.
Open configuration and semantic services
Desktop computing is increasingly relying on web services, making the thin client approach more viable. Departmental boot images may remain but simply instantiate part of a semantic service-oriented architecture, especially in larger organizations. A service component architecture would further simplify the implementation of control mechanisms, especially if a single application language like Java was used for all custom applications in the enterprise. More importantly, shift to software as a service by most large vendors means that applications are not tied to machines, so the number of variant boot images required (with the applications installed) is reduced.
Other open configuration technologies such as Bitfrost, OpenID and even XMPP would also simplify configuration of boot images, as authentication would no longer be dealt with on the desktop/laptop device.
Vendor support
Large system vendors increasingly provide DVDs with the boot image standard for the machine as shipped to the customer, which usually includes tools to diagnose changes to the machine and download drivers.