Deep Freeze alternative

Status
Not open for further replies.

Cody Horton

Honorable
Jul 19, 2013
18
0
10,560
0
Hi everyone I hope this is in the right place. Let me start by describing our environment. We have deep freeze installed on about 80 machine (2 labs) this is because these are networking labs and the students need admin rights. Deep Freeze allows us to "revert back" to an image even if the students break the current one. The problem is the machines are frozen so we cannot push out software through SCCM or apply windows updates without doing it in maintenance windows. So we need to be able to revert machines and not be limited when pushing software.

We are looking for alternatives and I was hoping I could get a few suggestions here. Some ideas we thought might work are a VHD, modified for of steady-state, or REG edits to only allow certain things to be run. I'm open to any suggestions. Thanks for any help!
 

drapacioli

Distinguished
Dec 6, 2010
308
0
19,010
49


I will give full disclosure and say I've never used this software, but this sounds like it will accommodate pushing new software out and windows updates "easily": http://www.fortresgrand.com/products/cls/cls.htm Just keep in mind this works on a filesystem level and not a kernel level. I'm no security expert, so maybe you know a little bit more about why that might be important?

Other options could be virtualization software? But I'm not aware of any that will restore their prior state on reboot or logoff, so you're kind of stuck at the same spot there.

You might be able to use an enterprise network monitor and create a whitelist of applications and files, but I'm not sure you can configure that to allow what you need while also supplying sufficient protection, ie from downloads, thumb drives (if you're a university, students will almost always want to use these with lab PCs), or web-based applications that will run in the browser. The whole configuration will probably be more trouble than it's worth in that case, and you won't even have the same level of protection as you do now, which might drive up support calls (and therefore cost)
 

drapacioli

Distinguished
Dec 6, 2010
308
0
19,010
49


I will give full disclosure and say I've never used this software, but this sounds like it will accommodate pushing new software out and windows updates "easily": http://www.fortresgrand.com/products/cls/cls.htm Just keep in mind this works on a filesystem level and not a kernel level. I'm no security expert, so maybe you know a little bit more about why that might be important?

Other options could be virtualization software? But I'm not aware of any that will restore their prior state on reboot or logoff, so you're kind of stuck at the same spot there.

You might be able to use an enterprise network monitor and create a whitelist of applications and files, but I'm not sure you can configure that to allow what you need while also supplying sufficient protection, ie from downloads, thumb drives (if you're a university, students will almost always want to use these with lab PCs), or web-based applications that will run in the browser. The whole configuration will probably be more trouble than it's worth in that case, and you won't even have the same level of protection as you do now, which might drive up support calls (and therefore cost)
 

Pinhedd

Distinguished
Moderator


If this is a networking lab, you should be able to configure a network boot. Have all of the machines boot from a single disk image and you'll cut your work down by a factor of 80. Then configure each workstation with a small local storage so that student work will persist.
 

drapacioli

Distinguished
Dec 6, 2010
308
0
19,010
49


Wouldn't that be incredibly slow?
 

Pinhedd

Distinguished
Moderator


That depends on the particular pre-boot solution that is used. There are PXE solutions available which support boot image checksum and versioning. They should only download a new OS image if a new one is available.

One commercial solution that I was able to find is CCBoot. It'll be a bit expensive at about $900 per month for 80 clients though. There is a free trial available though, I would recommend looking into it to see if it meets your needs.
 

drapacioli

Distinguished
Dec 6, 2010
308
0
19,010
49


Thank you for explaining, this area is not exactly my area of expertise, but I have a basic knowledge. I was looking at CCBoot as well, but I know we had that at my high school for our CAD workstations and it caused nothing but problems. I don't know if it was the setup or the old version or just really unreliable hardware (it was a bit underpowered for the applications we were using), but the PCs were down a lot with problems, leading to issues getting projects finished during the year.
 

Pinhedd

Distinguished
Moderator


That's a pretty common trend in most high schools regardless of the software used. Students abuse computers to no end, and most school districts can't afford to hire competent technical staff. PICNIC definitely applies.

Of course, you could always try Windows Deployment Services which is available with recent editions of Windows Server
 

Cody Horton

Honorable
Jul 19, 2013
18
0
10,560
0


Hey thanks for the input. Is this sorta like a VDI setup. I do not have a lot of knowledge with it but it's defiantly an option.
 

Cody Horton

Honorable
Jul 19, 2013
18
0
10,560
0


Hi drapacioli thanks for the reply. I'll look into your software solution. Thanks for all the replies.
 

Pinhedd

Distinguished
Moderator


It's not VDI. VDI is a throwback to the old mainframe days where a dumb terminal is used to remotely administrate a server. PXE network booting loads a small boot image from a file server and this boot image can then perform a large number of tasks including downloading a larger image to disk, downloading a larger image to memory (ramdisk style), performing maintenance, etc...
 

sam_horizondatasys

Estimable
Aug 8, 2014
1
0
4,510
0


Hey Cody! My name's Sam and I work at Horizon DataSys. Full disclosure.

I just wanted to let you know we have a software you might be into called RollBack Rx and Drive Vaccine. Both of these will do what you need and more, including applying software changes and allowing for automated updates. If you want to try it out send me a message and I'll set you up. If not, thank you for your time.

Have a great day!
 

Southernboy

Estimable
Jul 21, 2015
2
0
4,510
0
Cody,
Faronics give you scripts for thawing and refreezing a computer that has DeepFreeze installed. That works quite well for using sccm to install software. I check a reg key to see if deepfreeze exists and if frozen. If it is then it runs an application (batch or cmd file in this case) to thaw it and reboots then runs my install. Then runs another batch file to refreeze it. For windows updates our sccm admin refuses to allow us to get the windows updates via deepfreeze like Faronics recommends. Instead sccm is set to deliver them during the nightly maintenance window that I have set up on lab computers. This works quite well.

Good luck.



 

JHanson

Estimable
Jun 11, 2015
1
0
4,510
0
I've used Deep Freeze for many years and it's a really solid program but I do think some other programs offer other options in functions that are better for some situations. I like Shadow Defender and Reboot Restore Rx because they are both free, although Reboot Restore Rx has more support options which I prefer. There's also Drive Vaccine if you don't mind paying for a good solution. It's what I use in my computer lab and it's also really good like Deep Freeze but it has automation tools that I really like.
 

Southernboy

Estimable
Jul 21, 2015
2
0
4,510
0
I have used Faronics DeepFreeze for several years now (about 15). It is a very solid product with support that is top notch! I have dealt with a lot of software companies and there are not that many that I would give a high mark too but Faronics is one of those. We have 1000 licenses for the product and use it in open computer labs. Our users are local administrators. DeepFreeze has made maintenance a lot easier. If a machine gets a virus then a reboot eliminates the problem. If a user deletes or uninstalls a needed item or corrupts networking then a reboot fixes it.

Faronics has several white papers in their knowledge base. One of those outlines how to make the above mentioned batch files for thawing or freezing the computer so automated means (Novell Zenworks or Microsoft SCCM to name a couple) can push software to the computer.

We also use SCCM and it is easy to create a sccm application that will thaw the computer and reboot then install something (or uninstall) and then set the computer back to frozen on next reboot (or reboot frozen right then) so I can install or uninstall software outside of the thawed daily maintenance period that I set.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
R Apps General Discussion 1
E Apps General Discussion 10
P Apps General Discussion 2
S Apps General Discussion 1
C Apps General Discussion 2
S Apps General Discussion 5
Frag Maniac Apps General Discussion 4
M Apps General Discussion 13
Z Apps General Discussion 2
T Apps General Discussion 5
L Apps General Discussion 1
T Apps General Discussion 1
C Apps General Discussion 2
U Apps General Discussion 4
D Apps General Discussion 2
I Apps General Discussion 2
noyaus Apps General Discussion 2
aforce66 Apps General Discussion 5
liberty610 Apps General Discussion 3
LukeFatwalker Apps General Discussion 3

ASK THE COMMUNITY