Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

Provision Framework 5.4 Standard

Provision have developed lots of add-ons products for Terminal Server and Citrix servers.
These add-on products can be purchased per product or in two complete packages, called Management Framework.
There are two flavors:
- the standard edition, which includes all products except the Provision-IT, Web-IT, Secure-IT and Proxy-IT packages.
- the enterprise edition, which includes all products (including Provision-IT, Web-IT, Secure-IT and Proxy-IT packages).
The Standard edition is developed for Microsoft Terminal  servers or Citrix servers (actually these are add-on which can be used with every dedicated SBC product) which extend these products which addition or improved functionality.

In this article we are reviewing the standard edition and having a look how these components add and/or improve the functionality. In a other review we take a look at the enterprise edition.

Installation of Provision Management Framework

Almost all components of the standard edition need to be installed on a Terminal Server. Only a part of the Metaprofiles-IT and Print-IT products also needs some installation on other machines.

This installation itself is pretty easy by choosing the components you would like to install. If needed another installation path can be specified. Silent installation of the terminal server components is possible using Orca and creating your own MST file with the wanted options.

Image

The Metaprofiles-IT product part called Storage Service need to be installed on a non terminal servers. It is possible to use more than one Storage Service. The Print-IT component exist besides the Terminal Server of installation on the client or printer server depending of the scenario you are choosing. These parts are installed using the same executable and selecting the components needed for the installation.

After installation you need to start the Provision Management Console. When the console starts the first time you need to make a DSN file to your database server. After the first installation the database is also created in the same way by specifying a SA account for that SQL or MSDE server for creating the database and the user for connecting to the database normally.

Configuration of Provision Management Framework

After installation most settings are made via the Provision Management Console. Some of the components have their own option tab and some components are combined. All servers need to be added to the console first via the Servers tab. Only one version of the management console in the complete Farm can be used at the same moment.

Image

Manage-IT
With Manage-IT you can arrange the complete user environment. This can be done on a user-, group-, organizational unit-, ip-address or client name base or combinations of these possibilities. By adding applications you can assign them to the Start Menu, Quick Launch or Desktop. Via standard policies (accessible from the Provision Console) the user environment can be locked down. Provision already included two templates with configured lockdown settings. Also the background, color schemes, mapping network drives, connecting to shared printers, executing scripts are options that can be set. Manage-IT still uses the native Explorer shell. You need to become used to the way  adding the items to the selected object. You configure all settings in the top screen using all the tabs. To assign the settings you need to select the group, user to it appears in the bottom screen. Then you select the setting in the above screen and assign the setting to the selected object. Provision also includes Softricity Integration to add Softgird applications to the Manage-IT environment.

Block-IT
The configuration options of Block-IT are implemented in the Management Console combined with Manage-IT settings. Block-IT makes it possible to control access to applications and hosts. For each application you select the folder of files you want to included to the application. When selected the hashes of each file is calculated. Normally both hashes and full path are checked by Block-IT, but this can be disabled if necessary. This configuration will be assigned to the object, where the permission schedule need to be set. With host access you can arrange access to intranet and internet hosts. It is possible to specify a hostname, IP-address and port number. When assigned to the object (user, group, OU or client device) you can specify that access need to be denied to this rule. For both settings you need to configure in the system settings in the File menu of the console the default settings. On the Block-IT tab you configure the default settings. If wanted you can set that unmanaged applications and host are denied by default. Also default settings for the configuration options are set here (use hash, use default path and the update interval). The IP-address object is ideal for blocking access to hosts from external workstations. It is pity that there is no option to change the default message users are getting when trying to start a non allowed application.

Timezones-IT
Also Timezones-IT is integrated within the options of Manage-IT and Block-IT. The tab Timezone is used for this setting. On all earlier mentioned object you can assign a time zone. Most useful is to assign this setting to IP-ranges.

Max-IT
Max-IT is the component with the Provision Framework which controls the resource usage of the CPU and memory. Provision usages a fair sharing principle. First of all they are calculating the "target percent CPU time" with the following formula, (100 - Reserved CPU time[default 20%]) / (number of active processes). This number is compared with the average percent CPU time per process. Processes which average is higher than the target percent CPU are getting process priority "below normal", processes with an average below the target are getting priority "normal". Process with an average of zero are getting "above normal" priority.
The second item in Max-IT is the optimizing of memory. Lots of DLL are using the same base address the Operating System. Every time a DLL tries to load on this base address, the Operating System needs to relocating DLL's and fix-up operations needed because of the relocating. Max-IT analyzes these colliding DLL's and permanently relocates DLL and corresponding fix-up operations. Provision claims that capacity can increase with 30%.

Met profiles-IT
With the Metaprofiles-IT component Provision makes it possible to use a hybrid profile in their framework. This hybrid solution offers the usage of mandatory profiles, but the possibility to save user settings. Metaprofiles can save and restore user registry keys and folder within the profile of the user. You simply specify which keys and/or folders need to be saved and restored. Within Metaprofiles-IT you can specify of these settings need to be applied to all Terminal Servers or a group of Terminal Servers (called Agent Server Group). There are no other  options then saving and restoring registry keys and folders. Certificates, Passwords, Mouse/Keyboard settings, Windows appearance settings are not supported. Also all configurations are applied to all users, there is no option to specify user groups to specific keys or folders. To get the Metaprofiles-IT to work you need to configure at least one storage server (server where the user settings are stored) within the Metaprofiles-IT options. To load balance the load you can add more than one storage server and connect a agent server group to that. The last step is opening the system settings. On the Metaprofiles-IT tab within the system settings you need to specify the user group(s) Metaprofile-IT should save and restore the user settings. For this users within these group(s) all configured keys and folders are saved and restored.

Redirect-IT
There are applications which are storing personal setting in local machine registry part or configuration files locally on the server. On a Terminal Server this concept is not useable. For applications which can not be adjusted in some way to change this behavior Provision developed the component Redirect-IT. Within Redirect-IT registry keys, files and folders can be redirect to other (user specific) location completely unbeknownst to the running application. You need to specify the program (using the redirected source), the original key, file or folder, the new location (and if applicable to copy the current folder or file).
Using Redirect-IT it is possible to redirect any file, so it is possible to redirect DLL's if conflicts are occurring. In this way Provision can create their own Sandbox, which makes it possible to install conflicting applications on one Terminal Server.

Image

USB-IT
With USB-IT you can synchronize the Palm or Blackberry devices with Microsoft Exchange or Lotus Domino within the Terminal Server session. Therefore the USB-IT client need to be installed on the workstation. The client software is installed on the Terminal Server and via the USB-IT Control Panel new devices can be added (these should be done on all servers). Because I do not have such a device I could not test this component.

Print-IT
With Print-IT Provision recognizes the printer driver challenges on a Terminal Server. Print-IT support both auto created client printer as network printers are supported using a universal printer driver.
For using the Autocreated client printer option using the universal driver you need to install the Print-IT client on the workstations.
Configuration can be done on the workstation or on the server(s) (on a serverbasis). Print-IT supports compression, bandwidth management, upgrading client software and naming conventions. Print-It recognizes all options (like trays, paper sizes, margins, double-sided, color and more) on the printer and connects these to the auto created printer. A wonderful option is the PDF publisher. With this driver you print to file or e-mail to a PDF file.
Besides it is possible to use Print-IT with Print servers. On the print server a small part of the Print-IT need to be installed. Within de Management console on the Print Management tab (in the assignee part) a Print-IT printer can be created. After selecting the printer server and printer, Print-IT automatically creates a new shared printer using the universal drivers. This printer also inherits all options from the original driver. This Print-IP printer, just like the normal network printer can then again assigned to user, group, OU or client device.

Image

Managing your Provision Farm

Monitor-IT  collects server performance and application usage statistics across the entire Terminal Server farm for reporting, troubleshooting, server sizing, accounting and accountability purposes. The only disadvantage is that Monitor-IT is not available at the moment.

At the moment the only way to manage or troubleshoot to specify a log file per component per server. In these log files several actions of the software are captured. It is not easy to troubleshoot your environment with these log files. It would also be nice if components like Manage-IT have an kind of result report. This result report shows which setting the user is getting from which object or an overview which settings are loaded during logon. Further you should use the tools delivered by Microsoft, Citrix or the other SBC product you are using for monitoring and managing your users.

Conclusion

Provision-IT delivers a large set of components to extend your standard SBC software product (if it is Microsoft, Citrix or another manufacturer). Most components are also available by other third party vendors, so you are comparing the components quickly with these other products. Comparing the components separately to the other products, some offers the same options/features, but some also offers more options/features for that specific component(s). Nevertheless the framework also includes some clever components like USB-IT, Redirect-IT and host access option within Block-IT that comparable products don't have. But the real strength of the Provision Management Framework standard edition is the combining of all these components in one suite. Till know I do not know another product, which offers all those features in one (affordable) set.




Is is pity that IT monitor is not available at the moment and there is no tools to troubleshoot the environment. Also documentation should be become available about every component in the framework. Integration of the modules in one platform can be improved. It would be nice if all modules are available in the Management Console (which also makes all settings farm wide).

If you do not have any comparable products in your environment at the moment and you are looking for more than two features available within the Provision Framework you should definitely consider the Provision Management Framework. If you only need one of the components there could be products available which offers more options/features then that specific Provision module.

Advantages
- Only product I know which combines all this kind of module in one set
- All components deliver the most used functionally  to solve the challenges
- Some clever solution within the framework other products do not have
- Recently set-up VIP program with some well known SBC specialist all over the world

Disadvantages
- No documentation about the configuration of the modules in the Framework
- Monitoring is not included yet in the product.
- Some settings are set on server basis in stead on Farm level.

Provision Networks Framework