Windows Updates, To Go!

When I leave for my trip to Haiti in a few weeks, one of the things I’ll be doing is bringing multiple computers up to current patches. There are a few ways to do that:

One is to bring some sort of removable media (optical or flash stick) down and apply them manually. The problem with this is that once I leave, the machines stay in their current state until the next geek can come down and apply the next batch of patches. Downloading patches for multiple machines over developing-world internet connections can easily run into daily bandwidth caps, and Windows Update doesn’t cache very well through a normal proxy server such as Squid.

Another is to use Windows Server Update Services (WSUS). I initially considered setting up a Windows Server VM on my laptop, syncing up the updates stateside and temporarily configuring the machines down there to pull from my impromptu update server. Then I got the idea that a lightweight appliance-type server that lived down there permanently would be a useful solution that would download the patches once and distribute them over the LAN. Since we’re planning on using Microsoft Security Essentials for anti-malware, this solves the problem of definition updates. Daily patch sync would happen in the wee hours of the morning when the oversubscribed connections in Haiti are generally pretty clear.

I rummaged around the office and found a Dell FX160 thin client that we got as a demo unit from Dell (I have a number of blog posts on the topic of this device). It has been gathering dust for some time as it’s hobbled with a 1GB SATA flash disk and limited RAM. After checking on hardware requirements for both Windows Server and WSUS, I went out and picked up a 120GB SSD and a pair of 2GB RAM sticks and put them in. The choice of an SSD wasn’t so much for performance reasons (although it can’t hurt), but for the machine to be entirely solid-state. It’s going to live in a fairly harsh environment where mechanical failures are likely.

Once I got the hardware put together, I hooked up a USB optical drive and loaded Windows Server 2003 R2, and then installed WSUS and performed an update sync. The whole process went mostly smoothly.

Here are a few of the gotchas in installing Windows 2003 on an FX160 thin client, a job it was NEVER meant to do:

  • SATA controller needs to be in ATA mode. If it’s in AHCI mode, Windows 2003 will not recognize the disk.
  • When using a storage device that the BIOS recognizes as a hard drive, it expects to see a fan plugged into the motherboard. This fan is part of the hard drive bracket kit (Dell P/N H224H). When a fan is not detected, each boot will require a manual intervention during POST to press F1.
  • Stock Windows 2003 media does not include video drivers or network drivers for the FX160 (Broadcom NetXTreme 57XX).
  • Dell’s support site doesn’t have the most recent drivers for the Broadcom.
  • It’s virtually impossible to find a 6″ SATA extension connector, either for data, power, or both. I was finally able to find a power extension, but used a standard SATA cable to connect to the other SATA port on the motherboard.

The SSD I used for this is an OCZ Agility 3, 120GB. Disk performance on large writes is almost 100MB/sec, which is about twice as fast as my 7200RPM spindle drive in my laptop. Windows performs very well with 4GB, a SSD, and a 1.6GHz Atom processor.

The next step was to configure the clients to update from the server for testing. I still have one of the Asus netbooks that we deployed to Haiti in a previous trip. This is where I discovered that Windows Home and Windows Starter don’t include the policy editor (gpedit.msc) that I’m used to finding on Pro/Enterprise/Ultimate versions of windows. This is understandable, your average home user doesn’t (and shouldn’t) normally jack with system policy. Fortunately, all the policy editor does is manipulate registry keys, and the process of configuring Windows Update via the registry is well documented. This actually simplifies things, since all I have to do is create a .reg file that I can import on all the target machines.

Next post: Installing Squid. Not content to use this box for mere update caching, we’re gonna have it be our web proxy as well.

More on the FX160

It’s been a while since I did any serious banging on our FX160 seed unit from Dell – mostly because I’ve had a lot of other things on my plate with considerably higher priority.

I’ve discovered that the FX160 with 1GB NVRAM is functionally useless if you want to do anything with it other than the standard out-of-the-box configuration (RDP, XenDesktop). Most applications these days are written for full XP and are consequently bloated bigger than a whale that’s been left on the beach too long. Hardware vendors seem to be particularly bad about this. I’m talking about YOU, nVidia and Creative. There is no reason a device driver for a USB Audio device should complain about disk space with 200MB free. Would a little code optimization kill you people?

My current experiment is to turn this device into a simple videoconferencing terminal, using a Sony EVI-D70 camera, a USB capture device from ADS, and a Creative QuickCall USB Speakerphone. Initial tests seem to be promising, although installing the Creative drivers is proving to be complicated due to its insatiable apetite for disk space, which seems to have been bypassed by manually extracting to the stick much like I had to do with .NET 3.5.

FX160, Deeper look

Now that I’ve had a chance to play with the FX160 a little more, here are a few things I’ve discovered:

When the service manual tells you to remove the two screws from the back of the unit and then “slide the cover toward the front and lift off”, what they really meant to say is “Give the cover a good glancing whack with the palm of your hand toward the front of the unit and then lift it off.” The reverse is also true when putting the cover back on. It needs more than mere sliding, it needs a good whack.

Under the cover, we find that Dell has indeed done a great job with this unit.

  • Flash interface is SATA and held in place with an actual screw, compared to HP’s really lame locking plastic tab that makes it a pain in the butt to swap the module on and off its PATA header pins. SATA FTW.
  • There’s an additional SATA port on the board, as well as a power connector for said SATA. Dell could make this even better by providing an optional eSATA port on the back (and maybe even go all Apple on us and make a matching eSATA chassis!)
  • There’s another power header on the board for a CPU fan. I’m guessing this is for the dual-core units.
  • Despite its teeny size, this little guy uses standard desktop DIMMs. It came with one of the two slots populated with a 1GB module. The system supports up to 4GB acccording to the technical guidebook, but I’ve seen elsewhere that it can handle 8GB. Given that the CPU options support EM64T, this is an interesting prospect.
  • Mini-PCI slot for wireless. The Technical Guidebook says Dell 1397 only (802.11g), but I’ve seen other mention of the Dell 1510 card (802.11abg) also being supported.
  • Jumper #5. From the factory, this comes unjumpered, locking out BIOS setup. Since the lid can be locked in place with a standard cable lock or even a small padlock, Dell’s done a very good job with security.
  • Front USB ports (mounted on the board with all die blinkenlights , audio, and the power switch) is connected through a standard 2×5-pin system board connector, as is the audio. If your application requires a USB security key, it should be easy to mount on internally by disconnecting the front USB ports and adding a little pigtail. Props to Dell for designing it this way, rather than a single cable for the entire front panel. Dell could take this a step further by adding an internal USB port on the front panel board for mounting such a key. There’s plenty of physical space for it. This would be a huge bonus for POS systems that require these keys.

On the software side:

  • I can add and remove programs with… the Add/Remove programs control panel application. What a novel idea. HP, You fail at this. Having Altiris be the only mechanism to add or remove packages is… sub-optimal.
  • XPe is still Service Pack 2. Microsoft does have a SP3-based version of XPe out there, and that would be a good thing.
  • Administrator account has Start->Run disabled. Booo! Luckily, I can just as easily start up IE and type the command there.
  • .NET Framework installed is 2.0, no service pack. In order to install 3.5, I have to install .NET 2.0 SP1 first. There’s no real reason these can’t ship with .NET 3.5 from the factory.
  • I just checked free space on the flash… 60 MB. Yikes! I can see why Dell pushes the 2GB flash option for these. Some of that may be due to the .NET install going on.
  • The system ships with a software reload DVD. This is good. I hope Dell will provide frequent OS image updates through their support site. HP does this, and it’s a happy thing.
  • Altiris agent on the unit isn’t playing nice with my existing Altiris Deployment server set up for the HP thins. Hopefully this will be easy to resolve.

Dell support for Altiris: Doesn’t exist. They flat out told me they don’t handle support and that I need to call Altiris directly. I’m not sure how this is going to go. The process with HP (I’ve had to explain it to HP support agents enough times) is that the call to Altiris has to originate from HP. This process sucks, but it is what it is. The first thing the folks at AltirisSymantec ask you for is a contract number or customer number. Altiris has already kicked the ball back to Dell. Not looking good so far. Back to Dell support, and they really don’t know what the process is.

Definitely would recommend the 2GB flash if you’re buying one of these. the OS alone takes up almost 70% of the flash. This is clearly a much more substantial install of XPe than what’s on the HP machines.

Dell Optiplex FX160 – first impressions!

(Edited at 4:45pm to add some additional information about power supplies)

Today, I got the FX160 demo unit from Dell that I’ve been salivating over for several weeks now. We’re looking at buying a number of XPe thin clients next year, and, while I like the HP thin clients, HP support alone is worth making the jump to Dell. Despite being pretty sure that this was our next thin-client platform, I still wanted to try one out, and our Dell rep was able to get approval for a seed unit to help solidify the decision to buy the Dells. These hit the market at the beginning of December, and they fit in a number of niches in Dell’s desktop product offering. Our particular niche is light-duty computing and kiosks.

Here are my first impressions of the unit. I haven’t had a chance to do extensive testing yet, but I’ll be sure to let you know.

The Unboxing: Like most Dell packaging, the box is nothing special like it is from Apple. Dell shipped the unit with one the optional desk mount bracket. This is a good-looking unit, and the first thing you notice when you look at the connections is the dual displays (one VGA, one DVI), followed quickly by the IEC power connector, telling me this thing doesn’t have a line lump power supply like my HP thin clients. (It should be noted here that the HP 12V power supply has the exact same mechanical interface as the 20V power supply for a Zebra label printer. When you hook up the wrong one, magic smoke comes out and the unit has to be sent to HP, taking it out of service for 2 weeks). Also visible is the spot for the antenna for the optional built-in wireless (which this one didn’t have – I wonder how easy it is to retrofit? it’s mini-PCI)

Dell also was nice enough to send me a 22″ UltraSharp display (which Clif called dibs on). Mysteriously, though, it shipped without a stand. I stole one from one of the 19″ displays on my desk and hooked it all up, casting a 5720 used for Arena Check-in development onto a nearby shelf.

I hit the power button and the smooth face starts blinking. Ooo, blue LEDs. Nice touch. They turn orange if something is amiss, though, just like you’d expect them to on a Dell. The usual set of Dell 1/2/3/4 diagnostic LEDs is present, as is the network link indicator for the gigabit ethernet port.

The system boots up to a user desktop that blessedly allows me to right-click and change the display settings. I adjust to match the big shiny monitor and fire up a browser and cruise over to Hulu, where I am pleased to discover that the stock load on this beast includes a recent version of Flash. Sadly, this thing just doesn’t have the horsepower to run the Simpsons in full-screen, and definitely not the HD version of The Office. After trying its performance on video (it does just fine on lower-bandwidth stuff, but if you buy one of these hoping for good graphics performance, you’ll probably be disappointed).

I decide to log out of the user account and go poke around under the admin account so I can see more of what’s under the hood. I do the usual holding down of the shift key while I log out, so that it doesn’t auto login back under the user account (configured as “User1”).

This is where I run into problems. Dell hasn’t documented the default password anywhere with the system, so I head over to Google, which doesn’t help me much either. HP was at least up-front about its default passwords. Dell, this is highly annoying. Please correct this. I’m cutting you some slack because this is a new product for you guys.

So, the thing’s been out of the box for less than an hour, and It’s already generated a support call. Fortunately, Dell’s support on these is up to their usual standard, and I’m able to get a hold of someone at ProSupport on their support chat system.

<HP RANT>HP, are you paying attention here? This alone is enough to make me buy these. This beats the socks off of your process of having to slog through your pathetic IVR system that doesn’t know what “Thin Client” means, picking a random support group, and then having them tell me in a thick Indian accent, “let me transfer you to the correct support group,” followed by at least one (and frequently more) heavily-accented techs who can’t figure out the process of getting me Altiris support without me explaining it in detail. Especially since your chat system doesn’t know what a thin client is either, and when I tell it it’s a desktop system, it tells me the serial number is invalid. </HP RANT>

Another huge advantage of the Dell unit and the associated support is that if the system board is relieved of its magic smoke (much harder to do than the HP), I’ll get a part in my hands the following day, rather than paying to ship it in for depot repair and waiting a few weeks to get it back in service.

The Dell tech on the chat finally gave me the default passwords, after insisting on verifying ownership of the unit (??? I just want the default password, not the keys to NORAD). For those who don’t want to go through the trouble of contacting support to gain access to the box they just purchased, the administrator password is the ever-so-creative “dell” (all lowercase) and the User1 password is equally original: “password”. Apparently there’s also an “Admin1” account that also uses “dell”. I ask about the monitor, telling him it doesn’t have a leg to stand on. I’m told it was ordered without one. Huh???? Gonna have to get on my rep about that.

On gaining administrative access, I see that this unit shipped with the single-core Atom 230, as well as 1GB each of RAM and flash (which Dell calls NVRAM). The performance tab on the Task Manager tells me this proc is hyperthreaded and presents it as 2 cores to the OS (confirmed by Intel – this proc also supports EM64T).

The XPe-based FX160 comes with the same Altiris-based  remote management that the HP thins do, but I did notice that, while it detected my existing Altiris install, it didn’t connect to it due to a licensing issue. I hope I can simply add the Dell licenses to my existing Altiris install rather than do a whole separate one. I suspect this is going to generate a call to support as well, so we’ll see how that process compares to getting Altiris support from HP. My guess is it will be a whole lot less painful, simply because it would be extremely difficult to make the process worse than HP has)

That’s about as far as I got yesterday, and I’m taking today off. I’ll report back in soon on what the factory load contains, and how well it does with some of our applications. Hopefully, Clif won’t have stolen the monitor by then.

I think Dell’s got a winner here, barring some unforeseen discovery of a major showstopper problem with the OS load. The FX160 comes with a wide enough range of options to fit a lot of business needs (the dual-core unit with a hard drive could be a good low-end desktop). The @DellServerGeeks have also been helpful and tweeted a few links about desktop streaming and the FX160.

Stay tuned. I suspect we’re going to be buying some over the course of the coming year.