10 “wins” for your school: from the classroom to the server room

Persystent Suite is uniquely positioned to help Schools, Colleges, and other Educational Institutions

Educational institutions face unique IT challenges that derive from servicing the diverse IT needs of faculty, staff and students. These include under-supervised multi-user PCs in places like kiosks and libraries, the need to regulate and restore classroom computer labs, the oversight of loaner PCs to students, and support a variety of faculty and administration business needs.

Persystent Suite offers schools an effective solution that provides distinct “wins” across
the organization in support mission critical goals such as:
Ensuring PC availability and productivity
Preserving a compliant & secure environment
Solving a multitude of break/fix issues
Expanding ROI /doing “more with less”

Persystent Suite simplifies the restoration and recovery process by applying an automated self-healing capability that repairs and recovers any PC without manual intervention. However, it is much more than that. Primarily considered a repair or imaging tool, Persystent’s wide array of integrated capabilities and proprietary technological differences make a qualitative and measurable impact for schools, colleges, universities and other educational institutions of various sizes and scopes. Here are 10 “wins” that will help schools achieve many of their IT management goals:

 1. Reducing support incidents with Self-healing or on demand repair automatically fixes a corrupted OS back to the last known desired state in a single reboot…about 45 seconds. This not only addresses the multitude of break/fix help desk calls from students and faculty, but is also the same process that allows computer lab PCs to be reset to desired settings before the beginning of every class.  Essentially this key capability allows you to fix first, troubleshoot later and  resolve issues in seconds.

2. Easily migrate to new and updated platforms like Windows 10/ In-Place PC Refresh:  As many schools are looking to migrate the majority of their PCs to the latest operating system o, Persystent applies its proprietary automated imaging capability to configure the necessary changes and distribute the updated and approved base image to every machine. This process also addresses patching systems, updating applications, user profiles and setting, and other required maintenance. With the hundreds of PCs owned by the school, not only is this an efficient way to centrally control  Whether you are updating 1 or 100s of PCs, the imaging capabilities of Persystent are faster and more accurate than anything else on the market.

3. Maintain the integrity of multi-user PCs like self-serve kiosks and libraries. Because most of these independent  PCs are under-supervised,  they’re often open to a variety of abuses including the introduction of unauthorized downloads and files, malware, and other activities that are outside of school usage policies. These abuses often lead to catastrophic hard drive failure, potentially spread virus infections  and require intensive repairs.  However, IT can schedule that these devices are rebooted daily (applying Persystent’s self-healing capability) and automatically returned to their complaint, desired state.

4. Ensure hard drive sanitization with NIST/DoD recommended wipe When retired or recycled, hard disks still contain sensitive information, Persystent  quickly and seamlessly erases data and sanitizes the drive. It sanitizes a 256GB device sanitized in less than 40 minutes: about 10 seconds per gigabyte. Additionally, if a student reports a school-owned  PC lost or stolen device is lost or stolen, the Sys Admin can even wipe a drive remotely. So the next time the device is turned on, it will no longer be a viable.

5. Get IT support team out of the “re-imaging business.”: Re-imaging is a lengthy and tedious process. In most cases it takes a user’s device out of commission for hours if not days. Typically, the re-imaging process typically rolls back to a Day Zero fresh start. This means data is lost, applications removed; authorized and personal settings gone. Persystent Suite provides multiple levels of repair (so student PCs can be addressed differently than faculty or administration PCs). This not only save data, application and settings, it removes problems and performance issues by restoring a desired state in near real time.

6. Remove shadow IT: You see this daily! Students and faculty love to download and deploy applications –but do it without the blessing of IT. This creates a variety of configuration, malware and security issues. This opens the floodgates to a variety of competing computing agendas and compliance problems. Persystent Suite manages images on the individual level so IT can always know what is supposed to be on a device. All unauthorized applications get removed.

7. Avoiding  zero-day rollback: School IT spends a great deal of time re-imaging performance-deficient PCs. However, often times a zero-day rollback  loses important profiles, settings and applications.–sometimes even critical files like a student’s semester-long research or a professor’s lesson plan are lost.  Persystent’s capability of returning to the last known desired state avoids this. Applied against individual machines, defined user groups or entire environment,  our  multiple levels of repair ensure the necessary flexibility for how invasive the repair/recovery must be. Your school policies determine what OS registries, applications and files will be automatically corrected back to an approved ideal state upon reboot. This way if a repair is required, it doesn’t roll back to factory settings. The user receives their recovered system with their files, settings and profiles intact.

8. Provides 4 functional features as a single solution for much less than cumulative cost of the 4 separate functions: Persystent Suite provides feature-rich, enterprise-powered capabilities as a single centralized source solution (repair/recovery, imaging, change management, drive sanitization)  at a price point typically less than a single function alternative currently on the market.   Not only does Persystent Suite’s budget friendliness  look good on the school’s balance sheet, but simply outperforms market options many school’s current deploy; does it faster, more accurately, with more automations, without over-complexity, and does it in alignment with current IT best practices

9. Promotes continuous reliability and expanded PC Life Cycle: By reducing on-site tech visits, operational downtime, service desk case resolution times, repeat instances and configuration management issues, the devices under the school SysAdmin’s purview maintain a near 100% availability. Not only are the PCs up and running, but they are operating at optimum capacity for longer and they are based on the school’s usage policies and security protocols.

10. It is like having additional headcount without the additional cost: The automations within Persystent Suite removes the burden of constant repair, imaging, troubleshooting, desk side visitations, and update distribution so that the time and effort spent on routine, resource-draining repairs can now be re-assigned to higher-priority tasks that support the school’s mission. Persystent Suite helps achieve this goal in three ways:

  1. Extension of the device lifecycle through automated self-healing not only reduces cost per support incident, but keeps a device (PC and server) healthier for longer.
  2. Reduction of downtime incidents make end faculty/admin/students more productive, happier
  3. Implementation of procedural efficiencies in things like scheduled updates are applied faster and with greater accuracy,

Self-healing automations allow CIOs to meet new challenges

According to CIO magazine one of the “Top Actions CIOs should take in 2016″ is to redesign the workforce. They say “to maximize IT talent and meet digital needs of the future, changes to the roles and responsibilities must be considered. IT work is evolving beyond managing programs and developing software…”

This has several ramifications. One of which is the IT specialist must now (more than ever) wear multiple hats. However, this is not as burdensome an issue as once thought. With the application of automation for certain tasks once exclusively reserved for hands-on attention, the IT specialist , can transcend beyond the plugger of cables or writer of code. The article agrees: “CIOs also need to develop a workforce strategy that reflects increased automation. Intelligent machines can augment higher-end skills and automate routine tasks and decisions.”

One area that could obviously benefit from greater (and smarter) automation is IT Support. Help desk tends to be heavily dependent on hands-on techs (whether in house or off-shore). Many companies already implement some sort of self-service automation for Level One issues like forgotten passwords. However, it is the Level Two break/fix issues where significant improvements in time and resource management could allow CIOs to adapt the article’s stated best practice.

Sure, but computers can’t fix themselves.

In this landscape of automationthey can. In fact, a device can be self-healed in about 45 seconds; the time it takes a machine to reboot.  It is part of an automated process that restores a desired image to a corrupted or damaged OS or other break/fix issues  malware/ATP infestation, poor performance, and mis-configuration.  The significant difference with an existing platform is in this automated repair is that the profiles, files and settings remain intact. This isn’t a Day Zero rollback.

LEARN MORE

The automation comes with the development of an updating desired image. An IT team can schedule an update anytime. Most companies do so on a weekly or bi-weekly basis in conjunction with a Windows security patch or application update. There are two time-saving automations that ensure the most current image is available. First is that the repair/restore/imaging component takes a snapshot of the approved image and only adds what has changed since the last update. So IT is not reimaging an entire workstation and the process is infinitely faster. Second is, any patches can be tested against a single image rather than every case of the distributed image. This is because of single-instance file storage to ensure that only one copy of any one file is stored across the organization. You have many licenses for Word, but only a single instance is captured for an image. What this means is that the organization always has a recent authorized image that won’t take days to rebuild. It is restored in moments.

So if a workstation can heal itself, is their still a role for IT help desk?  First off, help desk is now involved in the discovery of root causes rather than fixing symptoms. Fixing the symptom simply gets the user back to productivity almost instantaneously. When a user does call with a break/fix issue, the IT specialist can resolve the issue in seconds by initiating the reboot with the correct repair level. However, once the user is back up and running, the IT team can investigate causes so that they can be prevented in the future. Part of the solution is that it has granular reporting so the logs can be reviewed and ideal states compared to show how and where the performance issue occurred.

The end result is a new baseline of automations that reduce the number of support incidents, reduce the time to resolution, increase uptime activity, improve compute landscape integrity, but with relevance to the CIO article, create new bandwidth and greater visibility to allow for the changing roles and responsibilities of IT.

Of course, Utopic Software is happy to perform a demo of these automations in a live presentation to prove self-healing is not only possible, but generates the necessary ROI and bandwidth expansion a CIO needs to achieve their vision.

Maintaining control of the repair/recovery process

One of the hallmarks of a self-healing process is the control applied to the width and depth of what parts of the operating system are automatically corrected back to an approved ideal state upon reboot. Based on requirements such as corporate policies, regulatory compliance, multi-user access and best practices, this setting changes from company to company, but also can be easily modified for various sub-groups within each organization.

To maintain proper control, an automated system must allow for or provide multiple levels of repair point control (for example-High, Medium and Low). A device will repair on every boot if it is assigned a Low/Medium/High level repair policy. However, an individual device (or group) can be assigned a “No Repair” setting to support an on-demand repair policy. This way, IT administration can control if and when a device needs to be returned to the last repair point. In fact, best practices suggest that repair should be implemented on demand rather that upon every reboot in order to maintain the continuous integrity of the permitted updates and allowable changes to the image assigned to that specific device.

When engaged to self-heal, Persystent always repairs the registry files (except for the keys excluded in filters). During boot up (after the BIOS loads), the process reapplies the approved image and the Repair Exempt filter. This way, any specific file and setting, such as Virus Definition Files, can be appropriately preserved. One of the chief benefits of the Persystent self-healing process is that the device is not being reset to a Zero-day state, but rather the last approved repair point. Additionally, the repair process only affects operating system and application files. The user’s data and files are not touched. A user profile is only impacted at the highest level of repair.

Further control of the repair process is evidenced by the flexibility of changing settings. The centralized WebUI allows IT administrators to change the repair levels against any individual or group at any time. This is done by simply adjusting the policy setting. This includes adding or modifying excluded files or other policies that can be applied to a named group of devices (i.e. identified by a characteristics like location, department, function or permission etc…) or defined by an event (i.e., updates, public daily usage by multiple users). The policies can be extended to when returns to ideal state can be scheduled and enforced.

The three levels of Repair:

Low Level Repair

  • Repairs any operating system or application files that are either modified or deleted back to the repair point state.
  • Deletes any new files/folders added in operating system and application folders.
  • User profiles are left intact. All change in the user’s profile are preserved and not repaired.
  • Any new files/folders created at the root of C:\ will be left intact.

Medium Level Repair

  • Repairs any operating system and application files that are either modified or deleted back to the repair point state.
  • Deletes any new files/folders added in operating system or application folders.
  • User profiles are left intact. All change in the user’s profile are preserved and not repaired.
  • Any new files/folders created at the root of C:\ are deleted.

High Level Repair

  • Repairs any operating system or application files that are either modified or deleted back to the repair point state.
  • Deletes any new files/folders added in operating system or application folders.
  • User profiles are deleted so that new user profiles will be created when a user logs on.
  • Any new files/folders created at the root of C:\ will be deleted.

Which repair setting is best?

Each company has unique compliance, security, device performance and administrative needs. This is why settings can be adjusted to meet specific requirements. IT administrators can add various policies that control the ability to add or manipulate certain registry, files, and services. Many companies enforce a variety of direct and unique policies that apply to a selection of their diverse user profiles. Most organization use low and medium settings for individual PCs based on the above noted considerations. High level repair settings are typically reserved for publicly accessed devices, classroom, kiosk and other multi-user machines.

Who chooses the repair point?

You do. Persystent’s imaging capabilities facilitates the creation and management of an image. A snapshot of this image is reapplied during the reboot process. When the repair is initiated, the self-healing (automatic corrective action) follows the repair level rules, exemptions and filters associated with the individual or group of devices and applies the last approved ideal state (image).

How often should a new repair point be created?

Best practices dictate that a new repair point should be taken immediately after authorized changes are made to the system. This can be automatically scheduled and executed with Persystent Suite. This includes changes such as Windows Updates, key application updates, installation of new applications, installation of new devices, etc… This will preserve the authorized changes and ensure the integrity of the repair process. Many companies schedule updated images weekly on a weekly basis; typically after the application of “Patch Tuesday” or a similar coordinated event. With Persystent, the process is considerably faster in that an entire image is not recreated. The process only identifies and incorporates the changes since the last approved repair point.

What exactly is repaired?

Depending on the level of control the self-healing applies corrective action against operating system and application files. However, this can be optionally expanded to include other files and folders that are not automatically part of the repair point by using our “Repair Point Include Filter” feature. The following is Persystent’s default repair point listing:

Default on Windows Vista, Windows 7/8/8.1
C:\Bootmgr
C:\Bootsect.bak

Captured on Windows Vista/Windows 7/8/8.1
C:\Windows (Excluding C:\Windows\CSC)
C:\Program Files
C:\Program Files (x86)\
C:\ProgramData
C:\Users\Public
C:\Users\Default
C:\Boot
C:\inetpub

The driving force behind Persystent’s multiple levels of repair is to allow for the maximum amount of control by IT while maintaining corporate standards of performance integrity. The flexibility of Persystent provides the right amount of protection, lifecycle expediency and compliance support for every machine under the enterprise umbrella.

With so many potential issues affecting critical systems, from user errors to malware infections to catastrophic failures (“blue screen of death’) IT departments constantly need to reimage machines from scratch or spend countless hours troubleshooting and repairing. The benefits of self-healing are obvious. It reduces helpdesk calls, promotes faster resolution of issues, eliminates the need for lengthy manual intervention, but most importantly it maintains a standard of performance through Persystent’s levels of repair.

 Download this article as PDF