[wpkg-users] Suggestion for moving the networking architecture from a SMB acce ss method to a web/web services tool

[Twan Fox]

On 10/11/07, Tomasz Chmielewski <mangoo at wpkg.org> wrote:
>
> Derek Werthmuller schrieb:
> > Have been looking at your utility as a way to deploy and manage windows
> > systems.  The feature I like about the wpkg software is its ability to
> > check/ verify/ install/uninstall software.  With its option in tight XML
> > files.
> >
> > What is troublesome is how it requires a file share to get the todo list
> and
> > packages to the systems to deploy.  This makes it difficult to securely
> > update systems that are not inside the secure network perimeter.
>
> It is as secure as a normal file access in a Windows domain (I assume
> you are using a Windows domain). You can set it to a local machine, too.
>
> Anyway, you can always use some 3rd party tool, like scp, to download
> the files to the local machine, and deploy it from there (i.e., use "pre
> script" in WPKG Client).


I could see a problem with a 'pre-script' to download packages for
installation being that it would have no way to know what packages needed to
be installed without reinventing the 'package selection' sections of wpkg.js.
Besides, I have a feeling that the suggestion included that there should be
a way to get the .xml files to the clients running wpkg.js without needing a
file share, and there is already such a solution. Wpkg web.

> Also a bit troublesome for the user of the system is that they never know
> > when their system is going to make them wait for an update to login.  My
> > users will never logout then(just lock the screen).  Perhaps configuring
> the
> > install service wpkgsrv to be able to run on a sliding schedule window
> in
> > addition to at bootup/login time.  So I know office systems are all on
> at 2
> > am, so schedule the installs for them(but first make sure no one is
> logged
> > in, if so wait and check in an hour till the window is closed) at 2am
> -6am.
>
> You can do it already with system tools like the Task Scheduler.
>
>
> > The todo list(wpkg.xml) and patch software should be also available vi
> http.
> > and the patches/apps should be downloaded to the client secure temp for
> > installation.  Installing over the net is a bit slower than
> offline.  And if
> > done offline its less disruptive to other users installs at the same
> time.
> > Once the tool can operate over http it wouldn't be all that hard to have
> the
> > clients send install state date up to the server for reporting etc..
>
> There were some "http" patches in bugzilla (which didn't work very
> well), but it was for downloading the installers.
>

Doesn't the wpkg web interface do just that very thing, "download" the
'todo' list (which, for all intents and purposes is the combined
packages/hosts/profiles data set that wpkg already uses. The possibility to
use http for downloading the actual installers is intriguing, but the only
thing that does is trade needing a secured samba server for needing a
secured web server. I'm not sure what the benefit would be, personally.

The one thing that I do think might be more interesting to investigate is to
make use of BITS (Background Intelligent Transfer Service) to enable the
ability to do 'download first, install later' packages. The only drawback to
that is that you would still need a fallback to direct downloads if you
wanted to continue to support client systems older than XP.

Just a few of my thoughts on the subject.

Twanfox

wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users