Choosing an Application Deployment Method
An Application Deployment Horror Story
Too often, organizations choose an application deployment method without sufficient planning and waste thousands of hours every year. For example, I worked for an engineering firm that expanded from a few hundred employees to more than a thousand employees during the dot-com era. Throughout this growth, the information technology (IT) department continued to rely entirely on manual application installation. If users needed an application, they called the help desk, and in a couple of days someone would show up with a CD and complete the installation wizard.
Manual installation might have been the right choice when the firm had a few dozen employees, but as the organization grew, this system became unmanageable. That’s when I learned an important lesson: When IT processes become unmanageable, users bypass IT. When people needed software installed quickly, they’d buy it off the shelf and install it themselves. Soon, IT lost control of the computers in the firm.
You can prevent this situation from occurring to the IT group in your organization by taking a step back and considering which of the different application-deployment techniques will work best in your organization. This paper discusses the methods available to you:
Distribute applications with the operating system. Core applications are distributed with the operating system, either with new computers or with operating system upgrades.
Manual distribution. An administrator walks to each computer to install an application.
On-Demand distribution. Users initiate the setup process themselves.
Automatic distribution. Administrators deploy an application across the network.
Table 1 shows which distribution methods fit your organization, based on the number of client computers you manage.Table 1. Distribution Methods Based on Number of Client Computers
Number of Client Computers
Distribute applications with the operating system
More than 100 computers
More than 50 computers
More than 10 computers
More than 10 computers
Many organizations, both small and large, still use a reliable but labor-intensive distribution technique: manual software installation. Typically, the following process is used:
A user determines that he or she needs an application and calls the help desk.
If necessary, the help desk technician seeks management approval and schedules a time to install the application on the user’s computer.
At the scheduled time, a desktop support technician walks to the user’s computer and installs the application from a CD or shared folder.
This process is perfect for small businesses, because it doesn’t require any engineering effort or infrastructure. It also enables the IT department to accurately track software licensing and to immediately fix any installation problems.
However, as I learned the hard way, manual installation doesn’t scale beyond around 50 desktops. You need several full-time technicians just to walk to people’s desks and install software—which can sometimes take an hour per application. Unlike small businesses, enterprises can’t avoid the engineering costs. Even with manual installation, enterprises must document each installation procedure step-by-step to ensure that applications are installed consistently. Enterprises also need to create a method to either manage the Setup CDs or to store the Setup files in shared folders. For these reasons, enterprises should use manual installation only when an application simply can’t be deployed using other techniques.
To reduce the personnel burden and cost of IT departments manually installing applications when users require them, many organizations use on-demand installation by publishing applications (see Assigning and Publishing Software) with Group Policy software distribution (see Deploying Applications in a Managed Environment). In this model, users can install applications directly without involving the IT department. Two approaches are supported in Microsoft Active Directory® directory service environments:
In Control Panel, click the Add or Remove Programs icon, and then click Add New Programs. A list of available applications appears, as shown in Figure 1. Users click Add to start the installation, which can be either manual or automatic depending on how you’ve configured the Windows Installer package.
Attempt to open a file that requires the application. For example, if a user attempts to open a file with a .xls extension but Microsoft Office Excel is not installed on his or her computer, the computer automatically begins installing Microsoft Office if you have published it with Active Directory software installation. When you add packages to Active Directory, their file extensions are automatically registered.
However, this method doesn’t provide an approval process, and should not be used if licensing costs are a consideration. However, if you have a site license that allows you to install an application on every computer, on-demand installation enables users to install new applications quickly, without waiting on the IT department.
If you like the idea of on-demand installation but need to have management approval for software requests, you can use Zero Touch Provisioning, or ZTP (see the Zero Touch Provisioning Developer Guide), which is part of the Solution Accelerator for BDD Enterprise Edition. ZTP provides a Web-based interface that allows users to request software. If necessary, ZTP can automatically request management approval through automated e-mail messages. After an application is approved, ZTP can automatically deploy it to the user’s computer.
Note: ZTP requires Microsoft Systems Management Server (SMS). To better understand how users interact with ZTP, review the Zero Touch Provisioning End-User Guide. For more information about ZTP, refer to the Zero Touch Installation Deployment Feature Team Guide.
Many applications should be automatically distributed to new and existing computers in your organization without any user interaction. Even though the process is automatic, however, it can still be selective. You can restrict deployment of an application to specific users or computers. Microsoft provides three tools for automating the distribution of applications.
Logon scripts. You can use logon scripts to launch an automated application setup routine when a user logs on to his or her computer. However, logon scripts can be unreliable and difficult to maintain. Additionally, they run with the same privileges as the current user, so the installation will fail if the user doesn’t have the correct permissions to install an application.
Active Directory software distribution. Active Directory can automatically distribute Windows Installer packages to users and computers that you specify (see Group Policy–Based Software Distribution). Active Directory software distribution benefits from the flexibility of Group Policy objects, including the ability to carefully control which users and computers receive an installation, verify software prerequisites, and uninstall applications that are no longer required.
Note: On-demand distribution and Active Directory software distribution both require applications to be packaged as Windows Installer files. Most current applications include Windows Installer files, which you will typically find on the installation media in an .msi file. If you have a custom or legacy application without a Windows Installer file, you must repackage the application by using a tool such as AdminStudio, which is available as a no-charge SMS Edition or as a full version, or Wise Package Studio. For more information, read the Supplemental Applications Feature Team Guide.
Systems Management Server. SMS is an advanced tool designed for enterprise software distribution (see the SMS Web site). Besides the capabilities that Active Directory software distribution provides, SMS can inventory applications (critical for managing software licenses) and facilitate the distribution of software updates. For more information, see Scenarios and Procedures for Microsoft Systems Management Server 2003: Software Distribution and Patch Management.
Note: If you can’t justify an SMS infrastructure, you can use the Microsoft Software Inventory Analyzer tool, which is available at no cost, to inventory Microsoft software on your network.
Although you can deploy applications to client computers in your organization in several different ways, there is no one right way for all organizations or applications. In fact, you’ll probably need to use multiple application-deployment techniques to meet different requirements. For example, you might deploy core applications with new computers, use Group Policy software distribution to automatically install core and supplemental applications on groups of existing computers, and manually install a rarely used application that has a complex setup procedure. Whichever approaches you choose, don’t let your IT infrastructure crumble by using a technique you’ve outgrown.