Lenovo Secure Managed Client (English) Secure Managed Client Deployment Guide - Page 14

Diskless client architecture, Active Directory considerations

Get Lenovo Secure Managed Client PDF manuals and user guides View all Lenovo Secure Managed Client manuals
Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

SMC Management Console SMC Management Server Lenovo SMC Storage Array Corp Network SAN HDD traffic SAN HDD traffic Gigabit Switch SAN HDD traffic 2200ssyysstetemmssppeer rggigigaabbitit CCononencetciotinontotothtehe SSMMCCsstotoraraggeeaarrarayy SAN HDD traffic SMC mgt Corp Network Gigabit Switch Network Disc traffic goes directly to switches. This keeps it off the backbone. DHCP Active Directory Figure 1. Secure Managed Client design Diskless client architecture The following is an overview of the Secure Managed Client boot sequence: v The physical hardware is connected to the storage array and LANDesk Management Suite (LDMS). There is no local disk storage. The boot manager boots from a common boot image over iSCSI using the iSCSI services built into the physical NIC. v The user logs on to the boot manager. The LDMS server validates the user and finds the image on the storage array. v The user operating system is booted and any local hardware, depending on the policy, is given to Windows. For example, the policy could limit access to the local CD ROM or USB ports. Active Directory considerations Active Directory allows you to assign policies and deploy software and updates to individual clients in an organization. You can utilize current Active Directory settings in their environment if the Secure Managed Client infrastructure is properly connected to the existing network topology. You can make changes to the Active Directory settings based on the Secure Managed Client image or images. Some settings might have a performance impact based on how the image was deployed to the clients. You can create an isolated test infrastructure to determine if there are any conflicts. Consider the following: v The LANDesk Secure Managed Client Console cannot be installed on the Active Directory server for the domain. v The LANDesk server and the user logged on to that server must be joined to the domain to be able to create Secure Managed Client users from that domain. v Only users in the domain or forest of the LANDesk server can be created in the LANDesk Secure Managed Client console. A forest is a collection of every object, its attributes, and rules in Active Directory 6 Secure Managed Client Version 2.0 Deployment Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
Diskless client architecture
The following is an overview of the Secure Managed Client boot sequence:
v
The physical hardware is connected to the storage array and LANDesk
Management Suite (LDMS). There is no local disk storage. The boot manager
boots from a common boot image over iSCSI using the iSCSI services built into
the physical NIC.
v
The user logs on to the boot manager. The LDMS server validates the user and
finds the image on the storage array.
v
The user operating system is booted and any local hardware, depending on the
policy, is given to Windows. For example, the policy could limit access to the
local CD ROM or USB ports.
Active Directory considerations
Active Directory allows you to assign policies and deploy software and updates to
individual clients in an organization. You can utilize current Active Directory
settings in their environment if the Secure Managed Client infrastructure is
properly connected to the existing network topology.
You can make changes to the Active Directory settings based on the Secure
Managed Client image or images. Some settings might have a performance impact
based on how the image was deployed to the clients. You can create an isolated
test infrastructure to determine if there are any conflicts. Consider the following:
v
The LANDesk Secure Managed Client Console cannot be installed on the Active
Directory server for the domain.
v
The LANDesk server and the user logged on to that server must be joined to the
domain to be able to create Secure Managed Client users from that domain.
v
Only users in the domain or forest of the LANDesk server can be created in the
LANDesk Secure Managed Client console. A
forest
is a collection of every object,
its attributes, and rules in Active Directory
SMC Management
Console
SMC Management
Server
DHCP
Active Directory
Network
Lenovo
SMC Storage Array
Disc traffic goes directly to switches.
This keeps it off the backbone.
20 systems per gigabit
Connection to the
SMC storage array
20 systems per gigabit
Connection to the
SMC storage array
20 systems per gigabit
Connection to the
SMC storage array
Gigabit Switch
Gigabit Switch
Corp Network
SMC mgt
SAN HDD traffic
SAN HDD traffic
SAN HDD traffic
SAN HDD traffic
Corp Network
Figure 1. Secure Managed Client design
6
Secure Managed Client Version 2.0 Deployment Guide