New features

Wake-On-Lan

Today we finalised Wake On Lan which is a feature that allows you to remotely turn on computers from within Manager. This tool is complimentary to SmartLan. For those who do not know, SmartLan is an EIS product designed to remotely turn on computers and shut them down again at pre-defined schedules. It is designed specifically for schools. Whilst there are a number of tools on the market to do just this, few are free (unlike SmartLan which is available free to all EIS customers) and none offer the functionality to define holiday periods where the devices are not turned on automatically. SmartLan does just this. You specify school holiday dates and SmartLan is intelligent enough to know, the computers should not be turned on during that period.

Manager does not need Smart-Lan to wake up devices. It is built in and can do simple remote wake ups. If you want a more advanced scheduler for Wake-On-Lan, you should consider Smart-Lan.

Remote Execute

Remote execute has been given a complete over-haul.

Previously remote execute was flaky at best and often didn't work. A large part of this was lack of feedback to Manager on the result of the execution which has now been addressed.

The new Remote Execute tool now remembers the history of what has been run, so if you find yourself constantly using the same command, you no longer have to type it in every time. In addition, you can now choose whether to execute the process as the System account, or as the user logged in. Both are useful, but at the same time, both have limitations.

Running a process as the System account gives over-all control of the machine with Administrator rights. However, there are some areas the system account cannot access. This includes the User registry hives. So you cannot launch a command to add something to the users registry (HKEY_USERS). You can only add registry items to the local machine's hive (HKEY_LOCAL_MACHINE). The system account cannot interact with the user, or display messages. So you could not launch Microsoft Word as the system account and expect the user to see the process.

Running a process as the user gives the same access rights as the user who is currently logged in. This means, any restrictions applied to that user will also be applied to the process you launch. It does however mean you can add registry items to the Users registry hive, but not the local machines. You can interact with the desktop, so if you launch Microsoft Word as the user, it will be shown to the user.

In addition to the 'Simple' Remote execute function, we have also added a brand new Advanced Mode. This is aimed at advanced users and network managers.

This tool allows you to create batches of commands and save them for future use. All processes will be launched in sequence. Therefore you can change the order of processing.

This allows for quite complex remote execution. For example, you might want to change the IP address of the device, then register the IP with the DNS server and then finally reboot the device.

You might also like to copy over a batch file using xcopy, then launch the batch file immediately.

Whilst this is a new feature, we are looking to improve this in all areas depending on feed back.

User and Device views

Over the period of development, we noticed it would be useful if a an item in the users tree is selected, it automatically shows all users below that level. So for example, if you select the foundation intake, you see all users in the foundation level regardless of which intake they belong to. Likewise, if you select 'Users' you'll see every user within EISNet.

The principle is the same for computers. If you select 'Computers', you'll see every computer in EISNet, regardless of which room it belongs to. This helps if you want to deploy a package to a large group of devices.

 Device status

The final update for today is the addition of Device status. When you select a room, the computer list loads as normal. Over the next few seconds, Manager is secretly trying to communicate with each device. If the device is found, it will show as Online. If the device cannot be contacted, it will be shown as offline. Whilst this is a good indication on whether the device is on or not, it only does so based on communication with the EISNet client service. Therefore, if the client service is stopped, the device will show as offline. We will, by the time of release, also change the icon to show a Blue monitor for on, and black for off.

This is a very new feature and will need refining. Currently it re-scans for each device every ten seconds, so should be fairly accurate as to whether the machine is on.

The benefit of this, is where you want to work with the device using Manager, like sending a message, rebooting, remote executing or deploying packages - you can instantly see if the client is ready to accept these type of commands.

Progress and release date amendment

Since my last post, there have been some significant progress in the Development of EISNet v1.7.

Supervisor is now built within the Manager tool. This means, any user who tries to access Manager, is given access based on their respective rights. Normal users are instantly rejected. Users who belong to the Supervisors security group are allowed access to a cut down version of Manager. They are allowed to review user properties and change passwords. They will also have access to pupils home folders. Supervisors cannot access any computer based resource at this time, although we plan to implement a feature where a teacher can manage their own room of computers depending on where they are logged in.

I've spend the past few days completely re-writing the communication between Manager and Client. Previously, all Manager/Client connectivity was usable but highly limited. This is now more robust and I have introduced two way communication which means Managers sends the commands, Client responds to acknowledge the command, and then updates Manager when the command is complete. This is shown in the Alerts Panel in Manager and allows you to keep track on what your Clients are doing.

We have also implemented 'Remote Login' - a feature missing for such a long time. It is not as streamlined as we hoped as the computers have to reboot once the Auto Login command is sent rather than immediately login, but we cannot find low level API's from Microsoft (we assume this is available to high level Microsoft partners). This has however, opened the possibility of a cyber-cafe style feature for EISNet in a later release.

You can now remotely logoff a user. Previously only Shutdown and Reboot was available.

EISNet Client has now been converted to EISNet v1.7, along with its sister application ' EISNet Agent'. Client  has had the performance and code improvements made to match the other tools. Although Manager in itself will not be changed too much, it is a better tool as a result.

Finally - I do have to announce the slight delay in the EISNet v1.7 release. I had previously stated it would be available in April. However, due to other issues out of my control, it looks like the product will now be released  in the Summer 2012. Although I hope to have all the coding complete by April, we need time to do final in-house and field testing, documentation and training.

I think it's important to get the product right before we release it (unlike some other vendors of course).

Side Projects - TrueCrypt

Without a doubt EISNet is the biggest coding project we maintain but we also have a number of smaller side projects on the go at the same time.

While Kevin has been working on v1.7, I have been busy with one of these many side projects. As some of you may be aware, EiS provide a tool for encrypting the census data generated by SIMS. This tool is powered by TrueCrypt under the bonnet and unfortunately it's starting to show its age.

The version of TrueCrypt used was very deliberately chosen, it was the last version to support the use of mapping an encrypted container to the drive letter B: (which is about the only drive letter we can guarantee to be free 99.9% of computers). However, this version does not support Windows 7 very well and has no support for 64-bit. We approached the TrueCrypt Foundation to discuss the possibility of them enabling B: drive support in the most recent version or the possibility of using their driver with our own app, unfortunately without much success.

As TrueCrypt is open source we decided to have a look at the code to see if we could make the changes ourselves. Very quickly we had fixed the problem and B: drive support was enabled but nothing is ever simple. In order to use their code, we had to remove all traces of the name TrueCrypt except for a disclaimer stating it is based on their code. The next hurdle was that to use kernel mode drivers on a 64-bit OS they must been digitally signed so we had to purchase a valid driver signing certificate.

After jumping through all these hoops we now we have our own product which can offer full disk and file container based encryption, with full 64-bit OS support. 

That's a lot of work just to enable support for a B: drive!