Deployment Solution

After spending hundreds of hours and 2 weeks of consulting time, I have to say I've very displeased with the complexity of using the built in package sytem with Altiris 7.1.  When capturing images, they sometimes replicate out and sometimes don't.  Sometimes they get randomly deleted and other times they just don't show up in the list of available images.  Then, the folders with our 10GB images don't get removed from the servers when they are removed from the console.  The last straw was when the import utililty seems to have gone missing that lets you import images. 

With software packages, they are stored in horrible guid folders rather than letting you choose your own file structure.  Secondly, getting them to replicate out so you can test your new packages takes forever and forcing this replication requires you to manually run schedule tasks and update agents.  Even then it doesn't seem to work correctly.  Not to mention there is no native support for .xpf layer files meaning that we might as well do everything with script job anyway.

All of this lead us to setup eXpress shares on every site server (30 sites) using Microsofts DFS system.  With DFS, replication begins immediatly and you can choose your own file structure.  Pllus it will auto pick the correct site server if we reference it using the domain share name.  The software library is letting us use the DFS share as a source without getting everything tangled up in package guids.  However, it seems that we are going to have to use script jobs to image since the built in image job doesn't just let you type in a path like the old DS6.9 used to.  With that comes with the lack of support for using the Altiris driver injection model, but that's ok because I've already engineered DISM scripts to inject the drivers from a driver store on the eXpress share. 

Anyway, my question is if there is a way to import a link to an image so it shows up in the images list?  I don't want it to copy the whole 10GB image, just leave it where it is.  That way we could use the built in imaging task and the driver library that Altiris is supposed to make easy. 

mike, you can create a HTTP server, and using i,mport tool, import the image as HTTP image. It will not import on your Deployment fodler and will stay on HTTP

refer https://www-secure.symantec.com/connect/articles/configuring-iis7x-and-iis6x-http-imaging-support

Here is how deployment currently works

1. Images are replicated on Site Servers with Deployment Site Server Component installed.

2. Backup and HTTP images are not replicated to site servers

Yes, arggghh, you need to manually delete the image fodler even though they are deleted from console.

Hi Mike,

You know you have put in almost 10 queries in one thread:

1.      When capturing images, they sometimes replicate out and sometimes don't. 

2.      Sometimes they get randomly deleted and

3.      other times they just don't show up in the list of available images. 

4.      Then, the folders with our 10GB images don't get removed from the servers when they are removed from the console. 

5.      The last straw was when the import utililty seems to have gone missing that lets you import images. 

6.      With software packages, they are stored in horrible guid folders rather than letting you choose your own file structure. 

7.      Secondly, getting them to replicate out so you can test your new packages takes forever and forcing this replication requires you to manually run schedule tasks and update agents. 

8.      Even then it doesn't seem to work correctly. 

9.      Not to mention there is no native support for .xpf layer files meaning that we might as well do everything with script job anyway.

10.  and Finally  my question is if there is a way to import a link to an image so it shows up in the images list?  I don't want it to copy the whole 10GB image, just leave it where it is.  That way we could use the built in imaging task and the driver library that Altiris is supposed to make easy.

Points 1-9 are more of a rant than a question and are to outline why I'm using DFS over the package system. Item 10 is what I really wanted to know so I could use the built in imaging task with Altiris with an image on a DFS share. I ended up making it work using a task job and manually scripting out the multicast settings to get ghost to work right with my images on the DFS share.

After another expensive week of consulting, were successful in installing Google Chrome using the Altiris package system (not DFS). It was delivered using a managed software delivery so it did the "is it already installed" check correctly. (see pics) However, I'm disappointed that it's limited to only a single command since there are a few configuration steps that need to be done after the main msi file is run. So I found out that you can run a follow up task after the software install that finishes these configuration settings. While this works, it requires the creation of scripts in multiple places in the system and is quite messy.

I then tried to include a cmd script inside the package that would do the install. That way we could do the entire thing using a single command. (And perhaps even point to our DFS share). Altiris will tell you it was successful but nothing will happen. Looking at the MSi log file, it says "Failed to grab mutex for logging. Some log might be lost.” The internet says that this is a known problem with MSI installs where a process is running within a process using different credentials.

Since the package system worked, I thought I would try a command line that installed the MSI file from off the DFS share and uncheck the box that says "package is required for this command line" (see pic 3). This package needs to be run with different credentials because it's accessing a network share that the default Symantec credentials cannot get to. If someone knows how to give the Symantec Agent Credentials access a network share, let me know. When I do his I get and error of -2147024894 which translates to path not found. However, it is really that mutex error about msiexec running under different user credentials. If I run this install using "logged on user credentials" and that user happens to be an admin with access to the network share, the install works fine.

Next I tried importing a package and selecting a "UNC" path as the source thinking that it would pass on this source path and maybe use the "Distribution Point Credential" since it's a UNC path package. But alas, it just seems to make a standard package as if I I had chosen a local drive letter as the source.
I'd like to note that I can get this to work using a task script, just not using software delivery. The trouble is that tasks don't do prerequisite checks which is the whole point of using this version of DS 6.9. I'm seems that I am a pioneer with this setup so I'll keep posting here and eventually write up a how-to manual for DFS if I ever work out all the bugs. At the moment, Altiris feels like an oppressive government that won't give me the freedom to create my computing environment in a way that makes sense and doesn't listen to the needs of its people.
 

if using external UNC for packages, just add reading rights to your AD group "domain computers", on your UNC NTFS+Share ACL.

This group provides the right for "system" or "network" local accounts to read your packages. Not able by default. So you will not have to put "specific credential" to pull all clients, with domain user reading + local admin all computers, and a security "hole" your domain, as I can tell you those credential are not "high crypted" on all your computers NS agent policies storage...

Best to run a MSI package using local system. Notice, that the install run from a local replica those packages, any way. If you want to run directly your packages from the UNC (part a DFS, so already local your clients) without replicate your client: just build "empty" no package soft component: and launch install command like "msiexec /i \\dfs\share\mymsi /qn"

I am agree with you this platform do not "show" and explain clearly what's happen, and what are mechanism inside. I do not get yet how image packages are back replicated all sites servers, and how to get a clear report all package servers & details package replication status, as we were having in version 6 :(

Most of the Site service "Deployment & boot" part, are obviously done from a separate development group thans others into NS (SMP). The setting are another place in the console the other PS+TS+OOB services. Site management are not correctly integrated the NS console, and annot be used into custome console, etc... Lot improvements must be done from Symantec to simplify & clarify, and improve reliability.

Another tricks: do not install/activate package services on your SMP server: we can do that, we should never !! If more than 500 clients, create a Site server and activate as the PS(package)+TS(task)+BS(boot).

A Client Management Platform, cannot be success deploy without planning about 15 days consulting/training with an expert, or you plan at least 30 your days of self-training, LAB, testing... And keep a testing LAB your Altiris to make those changes before moving in PROD... We can mistake easily.