by Bryan A. Thompson
6/25/2004
Abstract
This is my vision of what the desktop computing environment should be. Someone asked. I told them.
Simplicity
Make the environment as simple as possible. Additional functionality breeds additional points of failure and requires exponentially more resources to maintain. Functionality changes faster than users or installers can learn to use that functionality. Every computer we supply or support should pass the Grandmother test.
Privacy
The environment should embrace the concept that users and machines have the right to be left alone. This includes being left alone from unsolicited email, pop-ups, unwanted email, unwanted internet content, the ability to do anything, the ability to opt-out of anything, so long as it doesn’t infringe upon the ability of other users or computers to do the same thing.
Data on the drive should be encrypted. Physical access to a hard drive should not eliminate data security. The most valuable part of the computer is the data on it, and yet it’s completely unprotected if the attacker has physical access to the hard drive.
Security
The environment should provide automated patch installation for OS and major applications. Frequent upgrades to the supplied versions of everything should occur to increase overall security. Password authentication should go away because passwords that are secure can’t be remembered. Passwords should be replaced by something that follows the user from machine to machine to avoid password synch issues on the multiple machines.
Computers should not rely on the network for protection, since the machine won’t always be available to protect the PCs. Firewalls, automated spyware removal, virus protection, etc should be on the local computer for maximum protection.
Hardware should have the ability to identify its physical location on a scheduled basis or when requested by authorized personnel, and the user should have the ability to opt out of this out of privacy concerns. Data on the hard drive should be secured. Users shouldn’t be able to store data anywhere other than an area designated for use by the user or in a separate area designated for use by all users. These should be clearly identified (like on a Mac). Users, even admin users, shouldn’t be able to access the data of another user.
Installability
Anyone should be able to install a computer. This process shouldn’t require account information that is privileged, so students, users, or grandma can do it. This should be a cable-less install – just take it out of the box and use it without connecting ANYTHING including power, monitor, or networking. This could take the form of an all-in-one computer such as a laptop, or could be wireless keyboard, mouse and monitor, but no one should have to connect any cables including power.
Installs should not be from images, as image maintenance takes a huge amount of time. The environment shouldn’t be dependant on how the machine gets installed, so long as it receives the same exact software set that everything else as. It would be possible to split the install into two pieces – an OS install that could initiate the app install, and an application package install that would function on any OS install. All software should be site-licensed so that the installer doesn’t waste time determining if a user is licensed for a product.
The machine should be installed before going to the user, or be able to install while in place. Because of mandatory updates, the process should prevent usage until the install process is complete. The installer shouldn’t have to configure user or email account information, user should just be able to login to it and use it.
Consistency
The install should provide a consistent package set. If it doesn’t, we don’t have a standard build. The environment should contain one hardware platform, one OS, one application set – not two or three. Desktop and Laptop Installs should be the same. No differences are necessary, so they shouldn’t exist. A uniform environment is necessary for ease of installer training and install supportability reasons.
The hardware should be able to be replaced with any off-the-shelf laptop/desktop without loss of any service (should be standard hardware).
Machines should have a consistent DNS name regardless what IP they have or where they are in the World.
Supportability
For support reasons, the environment should be like every other Windows install in the world so anyone can support it.
Users should have admin access so it can be supported when the machine is away from corporate-provided support. At the same time, with increased privileges come increased responsibility on the part of the user. A second user account could be created with limited privileges for users who wish to compute responsibly.
Autonomy
Users should be able to use the computer under any environmental conditions: If it’s a hot day, with no power and the network is down, the machine should still work. If the user travels to the Moroccan desert for two years and has no access to the internet or a power outlet, the machine should still work. If it’s raining and the user wants to work outside, the machine should still work. If the building catches fire, the sprinklers activate, smoke fills the building and the fire department hoses everything down just to be sure, the machines should still work.
User should have admin access so they can get support, install required programs and hardware, and perform any other task while away from corporate support. While on the road, users should have access to the same support they have while they’re on the corporate network.
All files needed for off-network usage, including the I386 directory, required drivers, software source files, user documentation, and anything else required for off-network usage should be copied to the local hard drive for self-repair without requiring source media.
Many users frequently move from one department to another - secretaries are an example of this, as are students. Computers should follow a user from department to department. This would greatly increase productivity on the part of the user by reducing the time the user spends learning new software, customizing the machine. This would also eliminate installer time spent due to reinstallations when a new person is hired to do the job the old machine is supporting.
Manageability
IT Support Staff should be able to perform common support tasks, such as upgrading applications, remotely connect to machines to diagnose problems, update admin account passwords, and install security updates. Support staff should be able to connect instantly to computers anywhere in the world, just as if they were on the corporate network.
Software used for management should be able to pass info to installers about a specific user or system, like that McAfee needs to be manually updated on a certain system.
Functionality
User IDs, email and everything else that requires configuration should be automatically configured for any user that might login to the machine.
Devices should connect to any other devices that are commonly used or are recommended by us. Examples are laptops should be able to connect to a cell phone to obtain an internet connection. PDAs we recommend should conform to the mandated exchange environment, and should provide native support for editing of Word/Excel/PowerPoint documents, and should have an exchange client, not POP, IMAP or WebDAV.
Software provided by IT should be MSI-based. This allows for self-repair, and should provide for scriptable installation. It should be possible to image a machine that has the product installed, and allow that image to be distributed to other computers, and be functional afterward (no copy protection). Nothing should have to be repackaged. We should eliminate the possibility that the vendor will use the excuse that the repackage process is the cause of whatever problems we may experience.
Network Connectivity
Users should be able to connect to any network data storage provided by IT via a drive letter, since this is the way most customers are used to getting their data. Applications other than the OS should NOT be required to provide connectivity. Providing connectivity should not consume additional developer time. Users should be able to connect to network data storage from anywhere, from any computer, without installing special software.
The machine should be configured to connect to any other services we provide before being delivered to the customer.
User should be able to connect to any machine located anywhere in the world from any other machine.
Wireless NICs should be installed in all PCs (notebook, desktop, etc). Desktops shouldn’t be dependent on a wired connection for internet connectivity. If something major happened, such as when the wired network goes down, or a Wireless Access Point dies, the machine should continue to function.
Reliability
IT should recommend stable and durable hardware. The hardware should be able to endure significant abuse on the part of the user (drop, coffee, vandalism, smoke, rain, sprinkler, whatever) or environment (dust, heat, etc).
IT should recommend and install only stable and durable software. We should use only packages that come packaged as MSIs which can be scripted, and without having to be repackaged. MSIs are durable because they’re self-repairing.
All machines should include a second hard physical hard drive for backup purposes. The backup drive should be external so it can be attached to another computer and accessed separately, stored in an offsite location, etc. This should also have a wireless connection.
All machines should perform backups that happen automatically. If it doesn’t happen without interaction from the user, it won’t happen at all.
User or Installer shouldn’t have to perform a restore to access backup. When a problem occurs, the only important thing is to regain functionality as soon as possible. Second drive should contain a live copy of everything (OS, apps, data, etc) so that it can be booted and accessed immediately when a problem occurs. This is essentially a mirror in an external case. Machines recommended by IT should be capable of booting from the external device with minimal interaction on the part of the user.
The environment should eliminate as many single points of failure as possible. This includes networking, local and network data storage (user and install), the usage of passive cooling instead of fans. It should contain a redundant power supply like a laptop – battery internal to the machine, still runs when the power goes out.
The machine should be tested before going to the user. Hardware should be tested. Applications should support this so that the test process can be tested. Everything the user might do should be tested. Performance should be tested. The user should receive a copy of the test results.
Modularity
The install should be built from modules (packages) which can be rearranged or reused with subsequent builds. Each module should stand alone – it should not require additional components, servers to be up or available for apps to run, no scripts on server, etc.
Punctuality
IT should deploy new Operating Systems within 3 months of release because that’s what users expect, and deploying new versions is often a solution to functional and security issues. Updated Operating Systems provide increased security. Updates are highly valued by our customers.
IT should deploy new major apps within 1 month of release to obtain max value.
Usability
The user should be able to login and start using the machine as soon as it’s delivered. This means at least user account and email and any other mission-critical apps for that user are pre-installed, configured and tested.
Users should be able to print to any printer without having to configure print queues or drivers. Users should be presented with a list of printers which can be sorted by nearest or by special capabilities such as color, etc.
Resaleability
Nothing should have to be done to the machine to prepare it for sale or transfer to another user.
Longevity
All PCs we recommend, supply and support should have at least a 5 year expected lifetime. Unless hardware problems occur, the concept of a PC lifetime is an imagined one. While expectations of consumer PCs rapidly change, the expectations of a business computer should remain static over this timeframe. Many students require more than 4 years to obtain a degree, and the PC they buy when the start should allow them to complete that degree.
Flexibility
Some users don’t require a PC 100% of the time. Those PCs shouldn’t sit idle, or worse, consume power, generate heat, and decrease the lifetime of the PC. Rather these users should be able to rent or borrow machines from a shared pool of computers.
Most users don’t require all software products 100% of the time. Just as hardware should be able to be shared, so should software licenses. We should only purchase enough licenses to meet the maximum number of simultaneous uses of any product. We should be able to exceed that number at any point in time without impact to the user, with the expectation that the additional licenses would be purchased at some point in the near future. We should avoid purchasing products from any vendor who isn’t accommodating to this.
Charity
Users should be able to opt-in to a program which donates extra CPU time to research projects, without fear of prosecution for theft. The project could be one of their choosing or chosen by IT, but the extra computer time shouldn’t be wasted. Computers should not be dedicated to this purpose, however.