Friday, November 30, 2007

What's been keeping me busy.

I've been really busy with work lately, and I've been running out of time to finish a project I've been working on. I'll be getting ready for my assignment to Germany after Christmas week, So I only have 3 weeks left of real work.

The wars in the Middle East cost money, especially the Iraq war. Part of the cutbacks across the Air Force have been the discontinuation of a Towel service at our gyms, and a major Lean focus, looking for ways to save more money.

The USAF is moving towards putting desktops into S3 (standby) and S5 (off) at night, but will require Wake on LAN capabilities for after hours patching. WoL implementation by vendors have been spotty in the past, and thankfully, our largest vendors, HP and Dell, have some pretty neat tools to make all the required changes in the BIOS. Since we were going into the BIOS, we thought it would be a good idea to secure boot orders and radios as well. This is where my project comes in.

I created secure BIOS settings for each specific Dell and HP model ordered through our Quarterly Enterprise Buy, and developed the ways to implement them. I've even had a chance to work with the HP engineers at the old Compaq campus in Houston to implement the settings to all current and future production. We hit some snags along the way, such as HP's older dx5150 model, which runs a home use oriented Award BIOS with limited manageability. I've had to develop scripting, and recovery and implementation procedures, for a firmware upgrade that allow remote password settings. Like pushing a giant red button labeled "Do not press", the most fun part was testing the recovery procedures by yanking the power cord in the middle of a BIOS Upgrade. They didn't work, turns out, the 8k boot block bios would not boot from my bootable CD, and I had to find an internal floppy drive to hook up to it.

The biggest challenge I had was integrating all the Dell WMI sample scripts into one large Visual Basic script. With some help from our office VB guru, I put in some named variables to allow for command line parameters instead of just the ordinary %1 %2 %n variables that I normally use for my batch files. I also added an array to support multiple password variables, so that portable systems that may have missed a password change can still get the BIOS settings.

This has been really good insight on what it takes to prepare a releasable product to a massive organization. There was a lot of testing and double checking that went into it, as well as all the licensing headaches that prevented me from distributing a self extracting floppy image, or GPL'ed floppy image writing program.

When every thing is done, my little project will have three releases posted on the USAF software distribution site, and implemented globally, at least until the Altiris Client Management Suite gets fielded. I'm just surprised that as long as WoL and ACPI has been a standard, it has taken until now for Microsoft to really embrace it out of the box with SMSv4.

1 comment:

Thomas Stromberg said...

Cool stuff! I'm glad to hear that they've had you work up on your scripting skills. We rolled out something similar recently for our desktops, forcing them to lower their CPU speeds on idle. The developers here are too used to working off their desktops at odd hours of the night to force them to WOL them (for now).

I bet ya'll will save a ton off your power bill with this though.