Use integrated means to maintain management utility rooms, reduce system maintenance strength, and improve system maintenance efficiency
Foreword
Computer rooms, especially computer management of utility rooms has always been a headache. Administrators must open system resources as much as possible, but also guarantee the security of the operating system and software. At the same time, due to the continuous introduction of new versions, each semester has different software, resulting in a large system maintenance. Although the hard disk restore card can guarantee the security of the system, if the software update is to be updated, the upgrade is to be removed, then the hard disk is removed, and the hard disk is clung, it is very troublesome. Moreover, because the number of computer has limited number of computer, the teaching plan is very heavy, and large-scale system updates in the semester will also affect the completion of teaching tasks.
In response to this situation, we have taken a lot of measures to effectively reduce system maintenance and software installation and update work. details as follows:
1. In the initial stage of the network, the IP subnet is reasonably planned to control the broadcast storm, improve network reliability and manageability through the network hierarchical design of two / three-layer aggregation.
2, registration system
It is a better way to manage the local area network of the entire computer room with the IC Card Management System. When the students entered the machine room, the card number was first brushed into the manager on the door of the card, and then entered the computer room. When using any computer, you need to enter the card number. The input card number should be consistent with the card number that is brushed in the manager, and can register success, and each card number can only log in to a computer, only registered students can normal Use a computer.
After the student completes the registration, the management machine starts the recording machine time, the system time when the boot time is logged in, the shutdown time is to set a time event, update it to the database in the manager every other period of time, so that student machine The time can be recorded correctly. When the computer needs to brush the IC card injections, the student needs to be brushed, and the history machine has retained the history of the student. This is not only beneficial to the usage rate of the robot, but also track usage, avoiding some of the human security hazards.
3, system files and teaching software protection technology
Computer room management technology is mainly divided into two, hardware and software, with software that leads to the main cause of the computer that cannot be used normally. Computers in the machine room often lead to loss of system files or teaching software due to false operation or other reasons, so you need to take the necessary protection measures for system files and teaching software, usually three, operating system protection, hardware protection and software protection law.
Operating System Protection: It is the security settings provided by the Windows operating system to protect the system, such as the settings of the user from the system through group policies, domain management, etc..
The hardware protection method is a way to provide the system from the hardware low-level approach. College computer computer room is a public computer room, student misuse, or a malicious destruction of individual students, often putting software systems across unrecognizable, even system crashes, making teaching not working properly. In order to solve these problems, we have a hard disk protection card on each client. This protection card is based on the bottom layer of computer hardware, high compatibility, high reliability, does not depend on hard disk, does not occupy any hard disk space, nor does it occupy routine memory and DMA, I / O, interrupt and other system resources, it can protect The hard disk partitions can prevent CMOS settings from setting up, and can completely prevent the invasion of system-type viruses. The system software and teaching software that need to be protected into the C partition are protected, and the D partition is released to the student, and the temporary file or file clips of the application point points to the unprotected hard disk partition. Regardless of how students use a computer, as long as a restart computer can restore the original state.
Software Protection Software Protection Law is to add write protection functions for hard drives. Protect C disk data with software protection. Such as restored, Meiping window system, etc., can achieve anti-deepening, directory implementation of the hard disk, anti-reflection, write read only), does not affect the normal operation of the system, and can also set the registry, control panel, etc. use. The software protection method is small, and there is no significant impact on computer system performance. Because most of the protection function of the software protection method is to add some protection functions on the basis of the operating system, it is a strict sense to belong to the operating system protection.
Operating system protection method is a better choice for protecting data, which does not affect computer performance, but because there are many security vulnerabilities in the Windows platform, the operating system protection law cannot protect the invasion of the virus due to security vulnerabilities; it can only be limited The system itself cannot protect partition information such as CMOS and hard drives. The hardware protection method has a wide range of protection, including CMOS, partition information, and system files, etc. Therefore, the utility room should be based on hardware protection.
Use GHOST multicast technology to combine PXE technology to perform system update services
IP MULTICAST is broadcast through the IGMP protocol (Internet Group Management Protocol) to broadcast data in a point-to-point mode, which is more otherwise. It is the advantage that all members will automatically accept data, occupying the bandwidth in the server. It must be, thereby alleviating the load of the network and server, the entire network cloning speed is not affected by the number of clients, so there is an advantage that there is otherwise unmatched in a wide range of system updates.
Norton Ghost Enterprise Edition has multicast features, which is a hard disk data that clones more computers from a computer through the TCP / IP protocol. The rough process is as follows: In the client, start the machine with a boot disk (the boot disk can be made under the Ghost Boot Wizard application in the Ghost Boot Wizard application in the package), connect to the server to use GHOST multicast service to put hard disk or partition The image is cloned to the client, thereby achieving a hard drive clone without disassembly, safe and fast through the network. Specific operations can be performed as follows:
(1) Create a DHCP server and provide dynamic IP address assignment for the client.
In a network using TCP / IP protocol, each computer must have at least one IP address to communicate with other computer connections. In order to facilitate unified planning, the IP address in the network is managed, and the dynamic host configuration protocol DHCP (Dynamic Host Configure Protocol) is used. The so-called DHCP refers to the server to control a segment IP address range. When the client logs in to the server, you can automatically obtain the IP address of the server and the mesh mask, which is generally based on the server based on operating systems such as Windows NT, Windows 200Server, Windows Server2003. Create. Its creation process is very simple, but it does not make specific tellments, but it is important to note that the scope of the DHCP server is the number of workstations of the local area network, and its scope is greater than the number of workstations, the role of the general local area network It is sufficient to range from 192.168.0.1-192.168.0.254.
(2) Run the GHOST server and wait for the client to join
Run the ghost multicast server "Ghostcast Server", after entering the program interface, create a "session name", you can determine casual, usually convenient to memory, such as machine room name, etc., then browse the load requires multicast clone *. GH0 file; select "Disk" or "Partition", here you need to pay attention to the choice must be based on *. The nature of the GH0 file is determined. If the GH0 file is the mirror of the entire hard disk, you should select "Disk"; if the GH0 file is a mirror of a partition, choose "partition", and also pull menu in partition Select the hard disk; then click "Accept the client", multicast service can enter the client connection waiting state, if the above steps are correct, the workstation that is booted by the PXE network is automatically added to the multicast cloned service. Mission. (3) The client computer is guided and connected to the GHOST server
Here, there are two ways, using the GHOST network boot disk to start the computer and connect to the GHOST server, or use the PXE diskless technology, set directly in the CMOS to the NIC boot to start the computer and connect to the GHOST server.
Ø Use a floppy disk to launch your computer and connect to the GHOST server
Ghost Boot Wizard with GHOST can make a GHOST boot floppy, you need to prepare the DOS driver of the client network card before making.
Ø Start your computer with PXE diskless technology and connect to GHOST server
The so-called PREBOOT EXECUTION Environment is an extended network protocol based on TCP / IP, DHCP, TFTP, and other Internet protocols, which provide us with a function of entering the system from the network. In fact, this method is only different from the above-in-the-how is it, and it has entered the GHOST software interface, both operations are the same.
To achieve a PXE network diskless boot mode, the specific process is as follows:
1 Workstation PXE Start Settings PXE Network Launch General Requirements On the NIC (PXE Boot ROT ROM); for some models of NIC, you can also write the PXE boot code to the motherboard's Flash ROM; Some motherboards integrate brand cards to directly support PXE boot.
Take the network card of the Common 8139 chip as an example, its PXE start setting mode is: When the machine is started, press SHIFT FL according to the screen prompt, select PXE in the start-up type, and turn on the network boot option.
Making a PXE boot file making PXE startup file, it is recommended to use 3COMical DABS (Dynamic Access Boot Services). The software provides powerful PXE boot service, management functions. Using its startup image file production function, PXE's startup service is complete by the DHCP server.
DABS can be installed on any machine running Windows. After installation, run 3COT Image Editor, the main interface map appears. Select "Create a TCP or PXE image file (CREATE A TCP / IP or PXE Image File", the dialog window appears. Naming for the upcoming image file, for example: PXeboot.img, other default options, the normal network boot disk (the production method is identical to 3.1 above), select "0K", create a PXE start Image file keghost. IMGO is in the main menu of 3COT Image Editor, select "Creating a TE menu startup file (Creat A (E Menuboot F
114
"
In the window, select Add (Add) ", join our startup image file KEGHOST you just created. IMG, in the Option (0P60NS) tab, you can set the menu title and wait time. Select "Save", name P) P) P) P System security is not overlooked, hundreds of computers upgrade services are also a problem, using Microsoft's Windows SUS (Automatic Update Service), we can automatically hit the latest patch for Windows without manual intervention, greatly reduce system maintenance work the amount. 4, using group strategies to improve the installation, maintenance, uninstall, upgrade the machine room administrator work efficiency. 5. Do a good job in planning work, such as the planning of the hard disk partition, the protection plan for hard disk, pre-installed software to reduce system maintenance (installation virtual optical drive, PC virtual machine, etc.)
