71: IGEL Weekly: How to deploy IGEL OS firmware and custom partitions via Azure sftp

Jan 24, 2023

Written by Edwin ten Haaf, IGEL Community Member

More and more of our IGEL customers want to facilitate work from anywhere.

In the office they were familiar with using #IGELOS driven devices.  By providing end users with notebooks running IGEL OS or UD Pocket(IGEL  on a stick) user can safely and easily connect to their virtual  workplace.

The management backend (UMS) is managing these devices in the  local network.  connect to ICG and the  management backend connects to ICG and the devices can be managed as if  they were local.   

If you’re ICG is installed and configured well you can now manage  you’re devices outside the office. Deploy and update profiles, support  users with shadow functionality. One important part that has to be  configured separately is the distribution of IGEL OS firmware and Custom  Partitions (Additional Software running on the IGEL OS like MS Teams and  Zoom)

For this you need to point you’re devices to a remote https/sftp  location. Please read here how

Host: Andy Whiteside
Co-host: Sebastien Perusat

WEBVTT

1
00:00:02.620 –> 00:00:21.349
Andy Whiteside: Hello, everyone! And Welcome to episode. 71 of I Jo Weekly. I’m your host, Andy White Side i’ve got a couple of guests with me today. today is January thirteenth. 2,023. said we, were just talking about making sure we get the right additions with the right dates and for the video and everything. And, I’ve made myself train to myself to say the dates

2
00:00:21.360 –> 00:00:32.469
Andy Whiteside: at the beginning of these things, so that there’s no question as to when it was recorded and recorded. we’ve got Moe and Khan Mo: it’s the global See global CTO of integrity. Mo. And how’s it going

3
00:00:33.080 –> 00:00:34.990
moin: going? Great, Andy

4
00:00:35.280 –> 00:00:39.569
Andy Whiteside: and I call you global CTO, cause I always have to ask, Where are you at the moment?

5
00:00:41.080 –> 00:00:58.760
moin: I am on driving back from airport after doing why compromise a jolly, went in Vancouver, which was really great to see customers. but to be To my not surprise, we were expecting

6
00:00:58.780 –> 00:01:03.449
moin: this to be a low attendance, and happen to be there.

7
00:01:03.490 –> 00:01:09.690
moin: Very good customers. we had, more than a dozen customers show up, and

8
00:01:09.780 –> 00:01:26.029
moin: We had very, very interesting discussion about that, their roadmap and security being the top of their mind. We we just spent it used. It was supposed to be 4 h event, and we end up doing it all the event they were. They just couldn’t stop talking

9
00:01:26.440 –> 00:01:28.029
Andy Whiteside: so moan.

10
00:01:28.070 –> 00:01:43.299
Andy Whiteside: I’ve got some. Why compromise workshops coming up where we’re going to partner in this case with Lenovo, and then eventually, Lg. As well, and actually give out devices. And we’re going to have people do hands on labs, and then also have these conversations. So security was the the primary

11
00:01:43.410 –> 00:01:45.820
Andy Whiteside: talking point, but I bet there were others as well.

12
00:01:46.520 –> 00:01:51.000
moin: There were. There were others as well, but with a targeted

13
00:01:51.350 –> 00:01:59.959
moin: run somewhere, attack happening for most of my customers. They were really really concerned, and one of the reasons why they

14
00:02:00.040 –> 00:02:12.280
moin: they’re looking for idol is to secure their endpoints. and that cost was one of the factors. But security is where they that pulled them all into that room.

15
00:02:12.320 –> 00:02:20.360
Andy Whiteside: So so i’m a little bullish on this comment, and maybe it’s because of my background and where I come from. But if you’re still running windows on the endpoint by default.

16
00:02:20.730 –> 00:02:22.220
Andy Whiteside: You’re setting yourself up

17
00:02:22.300 –> 00:02:24.379
Andy Whiteside: for a security breach on the endpoint

18
00:02:24.970 –> 00:02:27.770
Andy Whiteside: period. No matter how you manage it, try to secure it you

19
00:02:27.990 –> 00:02:30.240
Andy Whiteside: you’re you’re set up for that to app

20
00:02:32.800 –> 00:02:37.510
moin: that is correct. And and and this is where we had few universities.

21
00:02:37.630 –> 00:02:43.180
moin: and they all mentioned that, having their staff

22
00:02:43.300 –> 00:02:47.650
moin: take those devices home, and of being windows devices

23
00:02:47.700 –> 00:02:50.380
moin: those where the entry point for ransom, where

24
00:02:50.530 –> 00:02:56.960
moin: in in both the cases now for for for 2 different institute that we spoke to.

25
00:02:57.260 –> 00:03:04.140
Andy Whiteside: I I don’t have these numbers, but I I bet it’s a significant number. I would love to see. Get your thought and steps. Thoughts on this. How much?

26
00:03:04.280 –> 00:03:09.759
Andy Whiteside: How much malware! Ransom we are Bad stuff, do you think is sitting in rest just waiting

27
00:03:10.120 –> 00:03:12.350
Andy Whiteside: to be told to execute

28
00:03:12.910 –> 00:03:16.649
Andy Whiteside: a percentage of windows devices out there.

29
00:03:17.620 –> 00:03:37.399
Sebastien Perusat: I would say 10 to 20%. It might be something which might be realistic, even if we really don’t know which kind of memory would be. Is it something which will be active, or we’ll just steal data. We’ll try to to manipulate your operating system we try to propagate in the company, so I will differentiate a little bit, but also 10 to 20%, something which might be realistic

30
00:03:37.410 –> 00:03:42.500
Andy Whiteside: and anything above, you know. Point one would be scary 10 to 20.

31
00:03:43.120 –> 00:03:44.519
Andy Whiteside: I don’t.

32
00:03:44.580 –> 00:03:47.080
Andy Whiteside: I mean that’s just extremely

33
00:03:47.270 –> 00:03:48.230
Andy Whiteside: scary

34
00:03:48.440 –> 00:03:54.190
Andy Whiteside: to think that that much 10 to 20% of all those windows Pcs. Out there are just waiting and rest

35
00:03:54.520 –> 00:03:55.959
Andy Whiteside: to attack something

36
00:03:56.680 –> 00:03:59.249
Andy Whiteside: that they can get their hands on is

37
00:04:00.060 –> 00:04:08.599
Sebastien Perusat: the fun Fact that I know, if you got such kind of information also in North America. But we had an interesting podcast in Central European

38
00:04:08.770 –> 00:04:11.710
Sebastien Perusat: Time zone a couple of days ago on Golem.

39
00:04:12.580 –> 00:04:16.890
Sebastien Perusat: The fun fact is that one specific command server, which.

40
00:04:17.220 –> 00:04:22.400
Sebastien Perusat: more like the commenser which will send out the command to all the male, we’re infected PC.

41
00:04:22.550 –> 00:04:23.480
Sebastien Perusat: Just

42
00:04:23.720 –> 00:04:43.570
Sebastien Perusat: got lost by the administrators, so by the attackers, because they had made a small change. But it didn’t thought about hey? Which kind of consequences it may have on the command Server. The fun fact is, a commencer is not dead, so there are malware also out there which will never be activated anymore in the future because the comment is dead.

43
00:04:43.580 –> 00:04:50.550
Sebastien Perusat: So that’s something which I found pretty funny, because that means that even hackers are doing and doing mistakes. Yeah, make them a little bit, humans.

44
00:04:50.690 –> 00:05:01.740
Andy Whiteside: Well, that’s a that’s an interesting view on digital transformation happening where even the the bad stuff has transformed to the point where whoever was in control of it or the system in control of it no longer exist.

45
00:05:02.230 –> 00:05:03.210
Sebastien Perusat: Exactly.

46
00:05:03.460 –> 00:05:08.410
Sebastien Perusat: It’s a commander control. So now I found the time back, command and control so on.

47
00:05:08.960 –> 00:05:13.710
Andy Whiteside: Well, that was the voice of Sebastian presets. Sebastian. How’s it going?

48
00:05:14.080 –> 00:05:25.089
Sebastien Perusat: It’s going good, all the best for 2,023 for our listeners. I know we are a little bit late on that, but still I wish you all the best for you and your families, and I hope you had a great Christmas time and New Year’s Eve

49
00:05:25.200 –> 00:05:29.769
Sebastien Perusat: so happy to be there again, and I hope we will cover a great topic today.

50
00:05:30.060 –> 00:05:39.910
Andy Whiteside: Well, I was told by somebody yesterday. It’s okay to say Happy New Year up until the middle of January, and we’re almost there, so we’re not late. We’re not late.

51
00:05:42.320 –> 00:05:58.450
Andy Whiteside: yeah, let’s let’s jump into the topic. Oh, no, before we do that. I’ve got it. I got a ping my marketing people you mentioned some folks we’ll. I’ll use the word complaining and rightfully so on the Igl community that we reference the video side of these podcasts. A lot.

52
00:05:58.470 –> 00:06:02.450
Andy Whiteside: Those are not up to date on this integral Youtube Channel.

53
00:06:02.500 –> 00:06:04.549
Andy Whiteside: You want to highlight what happened there?

54
00:06:05.430 –> 00:06:15.550
Sebastien Perusat: Just a small thing. I mean, we’re putting a lot of efforts, especially you, on the descent. Take our side to put all the audio components together, and we are talking a lot, but at the same time

55
00:06:15.660 –> 00:06:28.969
Sebastien Perusat: you are always a recording, also your screen. So you are seeing my ugly face and some interesting content on the screen, and the interesting content on the screen is shared on Youtube, on Agile weekly podcast. If I remember right at the Youtube Channel.

56
00:06:29.050 –> 00:06:42.199
Sebastien Perusat: and we are missing some episodes there. So I just wanted to say for the people who are listening through bus proud or apple podcast, and so on. There is also a video part of of the podcast as you can reach it on on Youtube.

57
00:06:42.630 –> 00:06:48.270
Andy Whiteside: and we like to think we cover the topic well through. You know the conversation.

58
00:06:48.290 –> 00:06:50.530
Andy Whiteside: But there are certain nuggets.

59
00:06:50.700 –> 00:06:52.490
Andy Whiteside: Did it make sense to

60
00:06:52.510 –> 00:07:02.380
Andy Whiteside: to see the video? And and maybe that’s the the the key piece that someone’s missing to help them understand exactly the topic. And where we’re going with that coverage.

61
00:07:03.520 –> 00:07:06.280
Andy Whiteside: plus you get to see me with my

62
00:07:06.620 –> 00:07:13.569
Andy Whiteside: son’s gaming headset on 7 to a while ago that I must be doing twitch a little later this afternoon.

63
00:07:14.880 –> 00:07:18.420
Sebastien Perusat: looking to you, seeing you playing a fortnight or something like that.

64
00:07:18.790 –> 00:07:19.840
Andy Whiteside: Hi,

65
00:07:19.920 –> 00:07:26.529
Andy Whiteside: I hide a set of headset. I I had some headsets in my wife’s office, so that when I end up working from her office at home.

66
00:07:28.580 –> 00:07:30.920
Andy Whiteside: I can have a a fell safe

67
00:07:31.070 –> 00:07:32.629
Andy Whiteside: in case I can’t find Mother

68
00:07:32.660 –> 00:07:33.660
headphones.

69
00:07:34.170 –> 00:07:41.369
Sebastien Perusat: And, by the way, i’m just and me just asking a question to our listeners. If you could give me a short feedback

70
00:07:41.530 –> 00:07:47.760
Sebastien Perusat: to Andy to myself, and as your community, or wherever because I changed my microphone a couple of days ago

71
00:07:47.780 –> 00:08:06.479
Sebastien Perusat: I had already, I would say, a pretty good one in the past, but now I change to another model. It’s a shoe, together with a wave excel error device which I’m connecting to my automatic endpoint. So just in case, if your feedback is a better, if it was, then give me just a short feedback. I would be grateful for hearing what you are thinking

72
00:08:06.760 –> 00:08:07.539
Sebastien Perusat: that this

73
00:08:07.670 –> 00:08:16.680
Andy Whiteside: so so i’ll tell you it it sounds great now, so i’m not sure if that’s a result of an improvement, or just the same. But, your, your audio is great.

74
00:08:17.020 –> 00:08:17.990
Sebastien Perusat: Okay, cool.

75
00:08:18.020 –> 00:08:19.690
Andy Whiteside: And I, is it wireless?

76
00:08:20.330 –> 00:08:32.649
Sebastien Perusat: No, not at all. I can just show it a little bit. No, it’s a cable wire by which is a standard audio interface. But the fun fact just telling maybe a secret to people who are listening to us.

77
00:08:32.679 –> 00:08:39.100
Sebastien Perusat: Zoom has an extremely interesting feature. If you are doing some audio, and so I just forget to mention it to you, Andy.

78
00:08:39.200 –> 00:08:43.409
Sebastien Perusat: There is a feature which is called original sound for musicians.

79
00:08:43.490 –> 00:09:01.549
Sebastien Perusat: So if you go into your Zoom client, go to your audio settings. You have a point which is called a zoom optimized audio, which is absolutely fine if you are travelling and so on. But you have also a point which is called original software magicians. And there you can say high fidelity, music, mode, and Asia cancellation and stero audio.

80
00:09:01.560 –> 00:09:19.969
Sebastien Perusat: So you can tweak a little bit about the audio quality there, too, just giving our little hints that I found out and said, I want to pick on you real quick. But with the accident it sounds like you’re saying for magicians you’re talking about for musicians, musicians. Right? Sorry. No, that’s awesome. I can. What is the magicians have to do with this.

81
00:09:21.150 –> 00:09:40.169
Andy Whiteside: All right. let’s see any other housekeeping one to cover. we apologize guys, for not having more content over the holidays. It got busy, and it’s the time of year where companies are doing the conferences and kick off so it’s probably my fault more than anybody else. But excited to be ready to go for 2,023 and the team, as integr will will continue to

82
00:09:40.180 –> 00:09:45.169
Andy Whiteside: about this content. Any feedback you give us would be wildly appreciated.

83
00:09:46.250 –> 00:09:48.880
Andy Whiteside: okay,

84
00:09:49.040 –> 00:10:04.819
Andy Whiteside: I think what we’re covering with the video stuff real quick, is that? And I don’t know if I said this, but the the the integrity and the marketing team needs to we gotta step up and get some of these Itel videos updated onto our Youtube Channel, and I will make that request literally while we’re talking here now.

85
00:10:04.830 –> 00:10:20.269
Andy Whiteside: but, said we, every Other Week, we do a community podcast and ask that you bring a topic that you believe the community would like to hear, and something that you’ve worked on recently, and the one for today is from a post of yours from December thirteenth, 2,022, and I believe that’s gonna

86
00:10:20.280 –> 00:10:25.589
Andy Whiteside: tied back to a community member post which is the best way to learn about this stuff is through the community.

87
00:10:25.660 –> 00:10:35.930
Andy Whiteside: and that topic is how to deploy. Ig. OS. So the ideal operating system, firmware and custom partitions using via azure

88
00:10:36.030 –> 00:10:45.609
Andy Whiteside: S. Ftp. And i’m a huge fan of it. Guys not only saying the acronym, but explaining what it means that would be secure, file transport.

89
00:10:45.740 –> 00:10:47.860
Andy Whiteside: transport protocol, right?

90
00:10:48.570 –> 00:10:53.560
Sebastien Perusat: Is it simple or secure? No, it’s secure.

91
00:10:53.630 –> 00:10:54.190
Yeah.

92
00:10:55.290 –> 00:11:02.540
Andy Whiteside: great. So set, if you want to kind of te us up and talk about Why, you wanted to highlight this one, and then we’ll jump into

93
00:11:02.820 –> 00:11:03.860
Andy Whiteside: what it does

94
00:11:04.150 –> 00:11:14.630
Sebastien Perusat: definitely. Yes. So first of all, a big shoot out to Evan 10 half, which wrote that article. He posted that on Linkedin and Positive, also on the urgent community side.

95
00:11:14.770 –> 00:11:31.350
Sebastien Perusat: And I said, like guys, honestly, if you are already covering such a great topic. Let me put that in our block article part of the adjectivity.com website, and if you go to prisoner it Here, at the end of the of the web page, you have the link to the original to the original post. So

96
00:11:31.710 –> 00:11:37.670
Sebastien Perusat: we already talked a lot in the past regarding our Ig Cloud Gateway, also known as Icg.

97
00:11:37.730 –> 00:11:43.219
Sebastien Perusat: which enables you to manage devices which are outside of your company network.

98
00:11:43.740 –> 00:11:52.499
Sebastien Perusat: So just giving you I mean even if our listeners are knowing that for years, I guess are just telling that if you look at the ideal ecosystem

99
00:11:52.620 –> 00:11:57.329
Sebastien Perusat: we have the on-prem installation. You have devices inside of your company. But since Covid

100
00:11:57.680 –> 00:12:05.240
Sebastien Perusat: everything changed. People were working from everywhere, and so on and so on. So the devices out of the company are connected via VPN.

101
00:12:05.450 –> 00:12:21.340
Sebastien Perusat: Still needed configurations, updates, etc. Etc. And that’s where the adjective gateway is connecting your device from outside to your on prem or azure wherever it’s located ums server. So it’s really just connector between both worlds

102
00:12:22.070 –> 00:12:27.540
Sebastien Perusat: and the agile gateway is really is really a cool product. It enables a lot of features.

103
00:12:27.820 –> 00:12:30.359
Sebastien Perusat: but it’s lacking one major feature.

104
00:12:30.640 –> 00:12:37.120
Sebastien Perusat: maybe 2. But the topic of today is the firmware update and the custom partition, or roll out.

105
00:12:37.180 –> 00:12:40.700
Sebastien Perusat: So as soon as you want to deploy bigger files.

106
00:12:40.760 –> 00:12:49.829
Sebastien Perusat: not one or 2 MB, i’m really talking about 100, 200, and whatever upside the data that you want to exchange with the endpoint.

107
00:12:50.140 –> 00:12:52.599
Sebastien Perusat: You have to define an external

108
00:12:52.730 –> 00:12:55.239
Sebastien Perusat: server, an external resource where they

109
00:12:55.490 –> 00:12:57.520
Sebastien Perusat: device can download it from.

110
00:12:57.630 –> 00:13:02.610
Sebastien Perusat: So Basically, we have 2 kind of of data which might be concerned by this

111
00:13:02.700 –> 00:13:04.049
Sebastien Perusat: azure West firmware

112
00:13:04.280 –> 00:13:18.229
Sebastien Perusat: and custom partition. First of all, I do as firmware. We always recommend to stay as actual as possible. I know that the operating system is pretty stable, and it’s mostly working as soon as we started one time.

113
00:13:19.050 –> 00:13:27.570
Sebastien Perusat: but we have also security fixes. We have update from clients and so on. So you might miss something extremely important If you don’t update that device

114
00:13:28.590 –> 00:13:35.230
Sebastien Perusat: on the second hand cut some partitions, just explaining in 2 words, or maybe a few more, what custom petitions are.

115
00:13:35.720 –> 00:13:47.069
Sebastien Perusat: If you want to deploy an application, a piece of software to the audio operating system, which is not part of our firmware. So not part of our insulation, like informal times, the team’s client

116
00:13:47.120 –> 00:13:50.199
Sebastien Perusat: mit Chrome, because you are not allowed to use chromium or

117
00:13:50.240 –> 00:13:51.230
Sebastien Perusat: and

118
00:13:51.580 –> 00:13:59.589
Sebastien Perusat: local zoom installation. That’s where the custom partition gives you the ability to deploy that software packet to the end.

119
00:13:59.900 –> 00:14:01.339
Sebastien Perusat: Coming back to the topic.

120
00:14:02.020 –> 00:14:15.020
Sebastien Perusat: You can manage your device on Icg without having to call what we are talking about today, but as soon as you hit updates and custom petitions, we highly recommend to follow the guide. It is not a Nigel guide, but, like I said, from the aggregate community, so it’s

121
00:14:15.150 –> 00:14:19.010
Sebastien Perusat: something which we are testing also from our end and Edwin

122
00:14:19.330 –> 00:14:23.139
Sebastien Perusat: cover that from the Asia sftp part, so

123
00:14:23.460 –> 00:14:39.149
Sebastien Perusat: you can put our updates on any kind of web service. That’s an easy one. Just extract the zip file. I will talk about that a bit later. To a web service. Refer in a profile to that web service, and you are good to go.

124
00:14:39.430 –> 00:14:41.310
Sebastien Perusat: But if you want to

125
00:14:41.470 –> 00:14:53.440
Sebastien Perusat: have a load balancing, if you want to have a proper fight, transfer protocol. Not only Http or https download. That’s where the sftp makes definitely more sense, especially if you think about

126
00:14:53.490 –> 00:14:55.690
Sebastien Perusat: traffic limitation, and so on.

127
00:14:56.190 –> 00:15:11.139
Andy Whiteside: So said, let’s talk about this 3 ways. This is great. This is a great topic and something I’ve kind of been aware of and knew of, and anytime I needed it, I would just call one of your Esses and say, hey, give me access to your cloud, and i’ll pull it down real quick, and then you can take away my access.

128
00:15:11.300 –> 00:15:21.669
Andy Whiteside: so this is good to have this write up that tells us you know how to do it from an azure perspective tells me how to do it from azure perspective that way. I don’t have to be a mooch off some of your guys all the time.

129
00:15:23.400 –> 00:15:32.319
Andy Whiteside: if i’m got a brand new machine, and i’m either, you know, going to try to repurpose a machine that had something else on it before. It’s a brand new blank machine

130
00:15:32.630 –> 00:15:33.210
Andy Whiteside: that

131
00:15:33.340 –> 00:15:34.700
Andy Whiteside: having this

132
00:15:35.410 –> 00:15:42.059
Andy Whiteside: target in the cloud to pull down the the firmware from what? What would that look like

133
00:15:43.120 –> 00:15:48.960
Andy Whiteside: from an end user or administrator’s perspective. How would I start that process on the endpoint?

134
00:15:50.530 –> 00:16:02.330
Sebastien Perusat: On the endpoint? I would go, maybe a stick backwards. Usually the distribution of firmware updates is coordinate by the Us. Administrator. So by using a task or schedule tasks.

135
00:16:02.550 –> 00:16:07.940
Sebastien Perusat: by sending out a comment which is then applyable on next boot or next reboot.

136
00:16:08.120 –> 00:16:23.000
Sebastien Perusat: and that’s how bad or on shut down. So we forgot to mention. And that’s how most of our customers are deploying or sending out the comment to download the the from the update. Now, is that an updated? That’s an updated firmware. I’m talking about like a blank machine that has nothing. sorry

137
00:16:23.540 –> 00:16:25.950
Sebastien Perusat: they are mostly, I mean.

138
00:16:26.280 –> 00:16:37.509
Sebastien Perusat: I would say, 90 persons are using any kind of network deployment like Pixe or using the Sccm deployment toolkit that we have.

139
00:16:37.550 –> 00:16:54.480
Sebastien Perusat: and the rest is honestly doing it by hand by using a USB stick, which is called the OS Creator stick, and just booting the device from it inside the firmware. Remove the USB stick, and that’s it. So on the company network we’re talking. Maybe. Pixie, if you’re doing it manually, you’re talking to USB or

140
00:16:54.490 –> 00:17:07.470
Andy Whiteside: ideal world these days, which is becoming more and more common. You you ordered it from Lenovo, or Lg. Or somebody, and it came with some version, maybe out of date, or maybe not. and it was ready to start talking and get the updates.

141
00:17:08.140 –> 00:17:16.640
Sebastien Perusat: or you using the Ud pocket which makes you even more flexible in terms of endpoint, because you’d boot the USB. Stick from any kind of endpoint, and your installation

142
00:17:16.680 –> 00:17:30.780
Sebastien Perusat: of igos and your environment for your citrix, or whatever environment is always suddenly USB stick. That might be the alternative. But for the pure installation I would say yes, 80 to 80% to 90% using network network deployments and for the rest, really by hand.

143
00:17:30.800 –> 00:17:32.000
okay.

144
00:17:32.210 –> 00:17:43.869
Andy Whiteside: okay, that kind of sets the table for me on that. And then. Now let’s go into what you were talking about just now around the I guess we need to cover 2 things we need to cover what Edwin has here in terms of how to set up the cloud storage target.

145
00:17:43.880 –> 00:17:56.439
Andy Whiteside: as well as you know the concept, and maybe we’ll round this out now with the idea. You have the firmware installed. Now you’re either looking to get firmware updates, or those custom partitions for those apps that are not baked into the I, Joel Firmware.

146
00:17:57.150 –> 00:17:58.120
Exactly

147
00:17:59.530 –> 00:18:10.629
Andy Whiteside: so. Where do you want to go from here? Do you want to continue down the path of You know the the the reasons and and the starting points? Or do we want to jump into what everyone has here in terms of what needs to be configured in the cloud to make it work.

148
00:18:11.060 –> 00:18:26.009
Sebastien Perusat: I would just maybe start with a little bit of explanation, a little bit of background information about why and how we are pushing that to the end point, because we had an interesting discussion in the adjacent community a couple of days ago. To be more precise, it was yesterday

149
00:18:26.270 –> 00:18:30.819
Sebastien Perusat: where a customer was asking, hey, it’s great to push

150
00:18:30.840 –> 00:18:37.869
Sebastien Perusat: a firmware update to all my endpoints, especially the people who are working for more and etc., but wouldn’t be

151
00:18:38.140 –> 00:18:45.849
Sebastien Perusat: it easier to have the end user choosing the moment where he could deploy and install the firmware update.

152
00:18:46.250 –> 00:18:58.399
Sebastien Perusat: or in a perfect world, having maybe a script having a tool which is checking. Is there a new or a firmware update available? And if yes, give the you the ability to choose the easy moment.

153
00:18:58.600 –> 00:19:05.940
Sebastien Perusat: The short answer for both arguments are: No, we don’t have that at the moment. It’s still under development.

154
00:19:06.000 –> 00:19:24.539
Sebastien Perusat: If you are part of advanced services at Agile. You might ask your Trm. Or a direct contact to get an access to to the shell script, but for the moment we have to script it. And I just said the discussion, like I said a couple of days ago, and we went to that process, and it’s working pretty good.

155
00:19:24.550 –> 00:19:26.380
Sebastien Perusat: And

156
00:19:26.430 –> 00:19:43.559
Andy Whiteside: but that’s really the the general. But from the endpoint perspective. So what you’re saying now is the the admin determines. When it happens, you’re saying that there’s a possibility, or there to the script, or in the future, where the end user can say, yeah, I know it’s. I’ve got to do an upgrade. But i’ll I’ll say yes when it’s I’m ready for that to happen.

157
00:19:44.840 –> 00:19:45.540
Sebastien Perusat: Yeah.

158
00:19:45.650 –> 00:19:47.490
Sebastien Perusat: I would say, yeah.

159
00:19:47.570 –> 00:19:53.840
Andy Whiteside: definitely. Let me pause this here real quick Mo, and we’ve covered a lot, any anything you want to ask or add to the topic before

160
00:19:53.860 –> 00:19:55.250
Andy Whiteside: sub continues on.

161
00:19:58.720 –> 00:20:09.020
moin: no, I think. For now the really interesting topics especially about secure versus a regular Ftp. And

162
00:20:10.040 –> 00:20:23.040
moin: secure is something that is always especially in the in the world of Linux when when we talk about moving files up and down secure pieces, is the only thing that we recommend from

163
00:20:23.250 –> 00:20:25.909
moin: coming from the consulting background, and

164
00:20:25.990 –> 00:20:29.289
moin: having done these things over a number of

165
00:20:29.460 –> 00:20:32.430
moin: a number of times, I feel

166
00:20:32.460 –> 00:20:37.319
moin: the the the key for all these things, and especially when when you are moving.

167
00:20:37.520 –> 00:20:45.820
moin: having that security in place, and using that protocol sftp protocol to move files up and down.

168
00:20:46.020 –> 00:20:51.300
moin: I have seen many time, especially when when it comes to

169
00:20:51.350 –> 00:20:55.530
moin: side loading or installing application in custom. Partition

170
00:20:55.750 –> 00:21:03.060
moin: people tend to try to find shortcuts, and I feel that having this topic

171
00:21:03.080 –> 00:21:04.659
moin: that we are talking about

172
00:21:04.960 –> 00:21:22.360
moin: having this topic that we are talking about is is very key for our listeners to understand the importance. So I think I think. i’m interested. And even having done these things many times, i’m really intrigued to listen to what serve is

173
00:21:22.370 –> 00:21:32.110
Andy Whiteside: talking about following the practices doing these kinds of partnerships. There’s there’s doing it, and there’s doing it right. And I think what everyone here that steps. Highlighting is Here’s how to do it. Right?

174
00:21:32.420 –> 00:21:33.300
moin: That’s right.

175
00:21:33.920 –> 00:21:35.370
Andy Whiteside: Okay. So

176
00:21:35.490 –> 00:21:41.290
Andy Whiteside: walk us through what everyone’s covering here and and which parts go in which order and and why they matter

177
00:21:42.140 –> 00:21:51.640
Sebastien Perusat: so the best practice. And that’s the reason why we are showing that that blog article is obviously you could easily on the icg server, which is usually

178
00:21:51.860 –> 00:21:56.129
Sebastien Perusat: on your cloud service in your Dmz or wherever you want to install it.

179
00:21:56.180 –> 00:21:58.780
Sebastien Perusat: a Linux box where you install our service

180
00:21:59.980 –> 00:22:12.730
Sebastien Perusat: in a theoretical way. You could use the same box install there an Ftp. On the Http server and get the downloads from there. We are not recommending that even if it would be sufficient.

181
00:22:12.850 –> 00:22:17.060
Sebastien Perusat: But from a security perspective it’s always good to separate the management

182
00:22:17.280 –> 00:22:18.100
Sebastien Perusat: channel

183
00:22:18.150 –> 00:22:27.659
Sebastien Perusat: from some download and let’s say public servers, and that’s where we are usually recommending you, not using the same. So, even if, like, I said it would work.

184
00:22:27.950 –> 00:22:36.940
Sebastien Perusat: So that’s what we discussed. Then with Evan and Evan went through. Then the process of hey? Why not using a new feature which is available in azure?

185
00:22:37.260 –> 00:22:44.969
Sebastien Perusat: And this feature? And I have to mention that honestly, I didn’t have time to double check if it’s available now everywhere, because it was a technique of preview

186
00:22:45.010 –> 00:22:49.159
Sebastien Perusat: available in some regions of the azure world.

187
00:22:49.370 –> 00:22:50.260
Sebastien Perusat: But

188
00:22:50.610 –> 00:23:06.849
Sebastien Perusat: it should be at this from a discussion I had yesterday. It should be a way in North America, too, so you can just go to your to your previous features. If you go to your azure management, console, and there you have a specific feature, a specific menu which is called private features.

189
00:23:06.930 –> 00:23:16.240
Sebastien Perusat: Under that you can register for a new feature set, which were then released after a couple of weeks or months, to your standard repository of of azure.

190
00:23:16.500 –> 00:23:21.930
Sebastien Perusat: That’s which is called sftp support for our azure blob storage.

191
00:23:22.930 –> 00:23:24.280
Sebastien Perusat: As soon as

192
00:23:24.560 –> 00:23:33.119
Sebastien Perusat: you added that to your to your port for you, you can then say, under your storage accounts. I want to create a new one. Obviously you have

193
00:23:33.700 –> 00:23:38.230
Sebastien Perusat: existing ones. You can. You can create a new resource, and from there

194
00:23:38.390 –> 00:23:44.530
Sebastien Perusat: you just need a name basically and add it to an existing or to a new storage group

195
00:23:44.760 –> 00:23:52.990
Sebastien Perusat: as soon as you had that. Because, yeah, depending on where and out you are, and what your users are.

196
00:23:53.300 –> 00:24:05.349
Sebastien Perusat: It’s good to check if the region is matching your expectations. So if you want to do it for for Europe for North America. Please choose to different regions. Just make sure that you are not going over a high latency.

197
00:24:05.420 –> 00:24:08.389
Sebastien Perusat: and if you are not seeing it in North America, please to the region

198
00:24:08.710 –> 00:24:14.299
Sebastien Perusat: Europe, North Europe, or wherever you are. Just to be sure that you have the feature listed.

199
00:24:14.770 –> 00:24:24.000
Sebastien Perusat: Honestly, I tested it. I don’t know it was 2 months ago. The performance with standard is more than enough. You don’t have to go for premium.

200
00:24:24.200 –> 00:24:32.910
Sebastien Perusat: even if you want to be bulletproof, and if you want to deploy it to 10,000 devices, which I don’t expect you to do. But who knows?

201
00:24:32.990 –> 00:24:34.310
Sebastien Perusat: Make

202
00:24:34.340 –> 00:24:47.220
Sebastien Perusat: be a good way to do, because it also gives you the ability to have a specific reporting inside of azure, showing a little bit more detailed information about how the transfer rate. The latency was, and so on. But, like I said, the standard is great.

203
00:24:47.250 –> 00:24:48.490
Sebastien Perusat: and from there on

204
00:24:49.050 –> 00:24:56.739
Sebastien Perusat: you have to enable 2 different check boxes in the Data Lake and the advanced tab of your of your storage account.

205
00:24:56.980 –> 00:25:07.719
Sebastien Perusat: It’s called. Enable here, i’m not sure if I can pronounce it right in English. But here I can say it in French Hiroshi namespace, and then check box.

206
00:25:07.890 –> 00:25:11.590
Sebastien Perusat: then enabled obviously the Sftp protocol itself.

207
00:25:11.860 –> 00:25:24.860
Sebastien Perusat: It’s hierarchical. Thank you very much. It sounds of way better on your side, and then you have to enable the feature itself, which is called sftp. So secure. File, transfer protocol

208
00:25:25.460 –> 00:25:26.690
Sebastien Perusat: from there on.

209
00:25:27.100 –> 00:25:36.299
Sebastien Perusat: I would definitely recommend to add a few users to that to the storage, I mean, just because you want to separate, maybe your test account

210
00:25:36.390 –> 00:25:41.999
Sebastien Perusat: from your deployment account, and that’s what you are doing. If you go to your data storage

211
00:25:42.440 –> 00:25:46.650
Sebastien Perusat: again in your azure management tool, then go to containers.

212
00:25:46.790 –> 00:25:57.260
Sebastien Perusat: and inside of your container you will see your freshly created service, and from there on you can just click on it and add a local, user the local. User

213
00:25:57.350 –> 00:26:00.280
Sebastien Perusat: honestly, the name is up to you.

214
00:26:00.860 –> 00:26:09.579
Sebastien Perusat: In my opinion this part was a plane, and without any kind of special characters in the name

215
00:26:10.080 –> 00:26:11.150
Sebastien Perusat: it will work.

216
00:26:11.380 –> 00:26:20.820
Sebastien Perusat: But before having something complicated which might be hard to reverse. Engineer at the end, please start with just a standard name like sftp test, use, or whatever.

217
00:26:20.890 –> 00:26:25.750
Sebastien Perusat: without with a plus our exclamation mark, and from there

218
00:26:25.820 –> 00:26:34.640
Sebastien Perusat: I would recommend to set an Ssh password. Why are we using Ssh. Password and combined with secure Ftp.

219
00:26:35.820 –> 00:26:51.000
Sebastien Perusat: I don’t want to hijack the card to extend the difference between Sftp and Ftps, but there is a huge difference between both, so I would just make the story short. Sftp is usually going through the standard part, which is 22

220
00:26:51.010 –> 00:26:58.980
Sebastien Perusat: and sftp and ftp and Ftp. Are working through the dynamic power range over the 21 and upside.

221
00:26:59.200 –> 00:27:03.259
Sebastien Perusat: Use a h password. Define your

222
00:27:03.280 –> 00:27:04.310
Sebastien Perusat: username.

223
00:27:04.350 –> 00:27:05.300
Sebastien Perusat: then

224
00:27:05.500 –> 00:27:06.830
Sebastien Perusat: check your permissions.

225
00:27:07.000 –> 00:27:13.709
Sebastien Perusat: In my opinion I would add something to the to the blog post from from Edwin I would separate the the

226
00:27:13.860 –> 00:27:19.120
Sebastien Perusat: upload or the management test user from the download once he made both.

227
00:27:19.470 –> 00:27:30.929
Sebastien Perusat: and this is on the STEM side. So you just need to read and list from the rights, because obviously you don’t want someone who is downloading to upload something at the same time to your server.

228
00:27:31.050 –> 00:27:31.850
Sebastien Perusat: So

229
00:27:32.480 –> 00:27:41.509
Sebastien Perusat: just check your permissions to be a read and list. The read has to be said that obviously data that has been asked can be a read.

230
00:27:41.650 –> 00:27:45.970
Sebastien Perusat: but at the same time you have also on Sftp and Ftp side

231
00:27:46.110 –> 00:27:51.959
Sebastien Perusat: the list feature, which is mandatory to get a list of the Directory from a client perspective.

232
00:27:53.180 –> 00:27:57.150
Sebastien Perusat: and then last one the Home Directory, which is the name of your storage.

233
00:27:57.250 –> 00:28:00.040
Sebastien Perusat: and from there on, just secure with the password.

234
00:28:00.620 –> 00:28:02.550
Sebastien Perusat: and then test was

235
00:28:02.920 –> 00:28:03.690
Sebastien Perusat: Europe

236
00:28:03.770 –> 00:28:11.330
Sebastien Perusat: favourite Ftp. Client could be win. Scp can be Ssdp client from the command line.

237
00:28:11.460 –> 00:28:16.049
Sebastien Perusat: whatever you prefer, but I would definitely recommend to test it before creating your profile.

238
00:28:16.600 –> 00:28:19.449
Sebastien Perusat: And the major point that I would like to mention there is.

239
00:28:19.560 –> 00:28:24.819
Sebastien Perusat: and not only try to connect, not only do a proport or tennet really open

240
00:28:25.090 –> 00:28:26.990
Sebastien Perusat: an Ftp client

241
00:28:27.100 –> 00:28:28.879
Sebastien Perusat: which is sftp capable.

242
00:28:29.300 –> 00:28:32.190
Sebastien Perusat: and try to download something, because

243
00:28:32.220 –> 00:28:40.150
Sebastien Perusat: as soon as you connect you will get a listing, and from there the reading permission will hit in, and then you can try to download something, and that one is failing.

244
00:28:41.010 –> 00:28:44.670
Sebastien Perusat: Usually it’s related to rights or permissions.

245
00:28:47.010 –> 00:28:59.179
Andy Whiteside: Yeah, that’s always good advice, and it’s, you know. I don’t know about you said. But when you’re doing something like this around Ftp or the secure telnet or things like that when you when you can do it yourself manually before you automate it.

246
00:28:59.360 –> 00:29:09.810
Andy Whiteside: it, it’s for the admin it’s like this. it’s like this Nirvana feeling of Yes, I know at least this much of it works. So what I do next is either it’s going to be the problem, or it’s going to work

247
00:29:12.120 –> 00:29:20.769
Sebastien Perusat: 2 to 100. So so many things in our lives these days, especially on our consumer side. You’re relying on like 15 systems to all work appropriately for that magical

248
00:29:21.290 –> 00:29:27.640
Andy Whiteside: thing to happen. It’s so nice to be able to break it down component by component, and see each step of the process Where?

249
00:29:29.450 –> 00:29:30.110
Sebastien Perusat: Yeah.

250
00:29:30.990 –> 00:29:41.039
And I know that I’m. Usually that person who is trying to make it right from the beginning on. So making extremely complicated passwords complicated usernames.

251
00:29:41.240 –> 00:29:51.069
Sebastien Perusat: and then at the end, it’s not working. So i’m trying to reverse engineer. So i’m always saying, if you just want to test test with standard users, with a short and easy password

252
00:29:51.110 –> 00:30:00.019
Sebastien Perusat: also on the password side. Obviously, we want to have you uppercase, lowercase, number, or special characters. No question as long as possible.

253
00:30:00.590 –> 00:30:09.259
Sebastien Perusat: But please try something easy, and if that one is working you can then go the next step and make it even more secure, and change the password to something more complicated and complex.

254
00:30:09.650 –> 00:30:13.399
Sebastien Perusat: But I had some I mean it’s fixed since a long, long time.

255
00:30:13.590 –> 00:30:15.789
Sebastien Perusat: but from the actual history I had is

256
00:30:16.230 –> 00:30:26.510
Sebastien Perusat: Sometimes there is just a weird back somewhere in the curl or the Donald process, and a special character, or one special character is maybe misinterpreted on our side.

257
00:30:26.650 –> 00:30:30.789
Sebastien Perusat: not only on ours, but in general in the Ftp client world.

258
00:30:30.890 –> 00:30:38.810
Sebastien Perusat: So do me a favor. Start with something like I. 1, 2, 3, exclamation mark, and if that one is working, make it extremely

259
00:30:39.260 –> 00:30:52.429
Sebastien Perusat: secure by putting an I uppercase, azure one to 3. Yeah, that’s the that’s the Keep it simple, stupid model at least start there. But but don’t forget to go back and secure it.

260
00:30:53.420 –> 00:30:57.250
Sebastien Perusat: Okay. So yeah, as soon as you did that

261
00:30:57.280 –> 00:30:59.820
Sebastien Perusat: as you test it was your was your Ftp client.

262
00:30:59.870 –> 00:31:03.000
Sebastien Perusat: We are now going back to the age world.

263
00:31:03.700 –> 00:31:12.789
Sebastien Perusat: Don’t expect your to be configured to get directly download by auto, discovering something like that note.

264
00:31:13.370 –> 00:31:32.130
Andy Whiteside: You have to create a profile. So can I see a question on this first. A lot of times when I do ums related things, i’ll do it on the local OS first to make sure it works, and then if that works, then I take that same concept and then put it to ums and push it out with a profile it does. Is that a reality? And what we’re talking about here.

265
00:31:32.730 –> 00:31:48.749
Sebastien Perusat: yes, it’s reality. I’m doing that sometimes exactly this way. So i’m agreeing at the same time. It can also cause a little bit of trouble, because if you are testing things locally, you are removing then a profile from your from your ums.

266
00:31:48.760 –> 00:32:01.879
Sebastien Perusat: and the feature is still there locally, because you did it configured. Luckily you didn’t deleted it, and you just forget it there, so it can cause a little bit of false positive sometimes. So i’m really trying, and that’s my recommendation also to our listeners. If you can

267
00:32:01.960 –> 00:32:13.489
Sebastien Perusat: please try everything from the side If you want to do some scripting and command line stuff obviously do that from the endpoint. It does make sense to start with deploying that via the

268
00:32:14.180 –> 00:32:24.950
Sebastien Perusat: But for such kind of things i’m a little bit cautious, and I would say, profits will be my bed of it. Yeah, how about this? From a. From a guy who gets to play idle admin everyone, so i’ll do things locally.

269
00:32:25.000 –> 00:32:30.689
Andy Whiteside: and then I will, you know, hit the escape key and reset the OS, and then do it from the ums.

270
00:32:30.700 –> 00:32:52.450
Andy Whiteside: You know it’s it’s it’s your preference of that preference. But that’s that’s how I like to do it. and I want to make sure our listeners know that you can. You can try things locally. That’s one of my favorite things about the Igl world is everything that you could do from us. Almost everything you could do locally first. But you’re you’re absolutely right. You don’t want to tattoo that stuff in there. So a true factory reset of that OS minus the license. The license stays.

271
00:32:52.460 –> 00:32:56.709
Andy Whiteside: and you you now have a blank slate to go. Take it to the next step

272
00:32:57.940 –> 00:33:10.660
Sebastien Perusat: you should work for I jo it’s perfect. Yeah, it’s it’s it’s kind of known that I would work right. I always wanted to be that Linux admin You guys would be my perfect answer for how to be that in user compute, Linux Guy, that I always wanted to be

273
00:33:11.590 –> 00:33:13.980
Sebastien Perusat: perfect. I’m happy to welcome you.

274
00:33:14.660 –> 00:33:19.179
Sebastien Perusat: Now, that’s really cool. I mean, that’s definitely the approach I would like to follow. If you do something locally.

275
00:33:19.260 –> 00:33:27.859
Sebastien Perusat: and you transferred everything to the and you want to be sure it working again after that reset a factory default is mandatory. So yeah, thanks for putting that out.

276
00:33:28.620 –> 00:33:46.640
Sebastien Perusat: So on the firmware update side on the universal measurement. Suites are also known as we are working with profiles. Profiles are configuration theats that we are deploying to our endpoints. That’s something which is not extremely secret. You should work with that since a couple of years.

277
00:33:47.110 –> 00:33:50.989
Sebastien Perusat: But for the timber updates we have to be crystal clear

278
00:33:51.440 –> 00:33:52.280
Sebastien Perusat: there was.

279
00:33:52.620 –> 00:34:02.679
Sebastien Perusat: There are, I don’t know 10 to 15 different ways to deploy from the update to the endpoint depending from the procedure you are using. We are really focusing on

280
00:34:03.160 –> 00:34:07.839
Sebastien Perusat: the standard way we are not speaking about body update or something like that, really just

281
00:34:07.960 –> 00:34:12.589
Sebastien Perusat: having a profile created and download from the external server. So what you need is

282
00:34:12.610 –> 00:34:25.579
Sebastien Perusat: you create a new profile. You go to a system, then update firm by update, and from there you have to choose your protocol, which is by default by Http, as if I remember right.

283
00:34:25.940 –> 00:34:27.900
Sebastien Perusat: Just move it to secure Ftp.

284
00:34:28.110 –> 00:34:33.379
Sebastien Perusat: Then add your server name that you just took over from your blob on your azure.

285
00:34:34.239 –> 00:34:36.729
Sebastien Perusat: Take the path that you I mean

286
00:34:37.110 –> 00:34:38.910
Sebastien Perusat: that should go or step backward.

287
00:34:38.960 –> 00:34:40.460
Sebastien Perusat: We didn’t spoke about that

288
00:34:40.550 –> 00:34:48.319
Sebastien Perusat: your firmware, the firmware file that you are downloading from idle com slash software downloads is a zip file.

289
00:34:48.800 –> 00:34:50.170
Sebastien Perusat: The zip file

290
00:34:50.340 –> 00:34:52.779
Sebastien Perusat: cannot be deployed directly to your endpoint.

291
00:34:53.739 –> 00:34:56.290
Sebastien Perusat: It has to be extracted before

292
00:34:56.340 –> 00:35:05.869
Sebastien Perusat: made available somewhere, and I didn’t mention it. Sorry for that. You have to deploy the extracted zip file to your

293
00:35:05.900 –> 00:35:22.809
Sebastien Perusat: sftp server you just created before. So you have a path which is, I don’t know, download or slash firmware, and then my recommendation is to create a sub folder for the for the version like 11 or 8 to 230,

294
00:35:23.220 –> 00:35:32.400
Sebastien Perusat: and extract the zip file to that folder. That’s really mandatory. Just uploading the Zip file will not work. It would not break something, but it would just not work.

295
00:35:32.420 –> 00:35:35.959
Sebastien Perusat: So you have to extract the zip file to your blob.

296
00:35:36.070 –> 00:35:41.599
Sebastien Perusat: and from there, coming back to the profile. You have a thorough path, and on the server path you just enter

297
00:35:42.080 –> 00:35:46.459
Sebastien Perusat: the freshly, create a path like download or folder what you prefer.

298
00:35:46.520 –> 00:35:51.179
Sebastien Perusat: Then slash your downer path to 11 by 2 and 30.

299
00:35:51.230 –> 00:35:53.399
Sebastien Perusat: Flash username password.

300
00:35:53.980 –> 00:35:54.859
Sebastien Perusat: and

301
00:35:55.170 –> 00:36:01.040
Sebastien Perusat: that’s usually it. You click. Ok, You send the profile to the endpoint, and you can send an update by hand.

302
00:36:02.240 –> 00:36:12.939
Sebastien Perusat: What you also have is the ability to say, hey, Why not? Using a kind of automatism that the endpoint will check by shut down. If there is a new firmware.

303
00:36:13.510 –> 00:36:33.230
Sebastien Perusat: my recommendation is not to use check on boot just because it can annoy the the user which is working on the endpoint. Why, he has to wait for an update. I mean, we’re all working with windows devices for a long time. We know what it means to have a device which is going through the update process by booting up. It’s annoying.

304
00:36:33.370 –> 00:36:34.149
Sebastien Perusat: So

305
00:36:34.180 –> 00:36:42.830
Sebastien Perusat: if you want to take an automatic system, just check the checkbox in your profile automatic update check on, shut down, and then the device should update automatically on.

306
00:36:42.990 –> 00:36:43.840
Sebastien Perusat: shut down

307
00:36:45.520 –> 00:36:47.610
Sebastien Perusat: that the firmware update part

308
00:36:48.240 –> 00:36:58.279
Sebastien Perusat: I mean. I mentioned it before. You can also work with tasks, with the jobs part of the agile of the agile but if you want to make it from the endpoint side you can use their job.

309
00:36:58.640 –> 00:37:00.519
Sebastien Perusat: and then we have the custom partitions.

310
00:37:00.640 –> 00:37:04.129
Sebastien Perusat: because some partitions are my definition of them. Are

311
00:37:04.400 –> 00:37:19.659
Sebastien Perusat: we are packing together all dependencies for a binary. So let’s imagine we are thinking about Chrome, Google Chrome. We have a binary. So an executable file is relying on libraries, on folders, on configuration files, and so on.

312
00:37:20.170 –> 00:37:24.420
Sebastien Perusat: And the magic that Romney is doing with the Github side is.

313
00:37:25.430 –> 00:37:29.480
Sebastien Perusat: he is basically creating a portable version of on Linux application.

314
00:37:29.510 –> 00:37:41.669
Sebastien Perusat: and this Linux application can then be deployed by our custom partition rollout to the endpoint, and that’s what we are covering in a new profile in system, firmware, customization, custom, partition.

315
00:37:41.780 –> 00:37:51.830
Sebastien Perusat: and there is a point which is called download, and there big surprise on the URL. You have to enter the path. So sftp double dot

316
00:37:51.910 –> 00:37:53.350
Sebastien Perusat: your blob.

317
00:37:53.470 –> 00:37:54.729
Sebastien Perusat: Then the path.

318
00:37:55.020 –> 00:38:05.439
Sebastien Perusat: then custom, partition, and whatever you would like to download, put your Username password in it, and you mentioned it in the initialization and financing scripts.

319
00:38:06.600 –> 00:38:09.100
Sebastien Perusat: And that’s it, basically you as the profile.

320
00:38:09.290 –> 00:38:19.289
Sebastien Perusat: the device should. And that’s the difference on custom partitions. Start the download immediately. So just be caution with that if you applied it directly, so click on now

321
00:38:19.530 –> 00:38:21.720
Sebastien Perusat: and then the download will be reprocessed.

322
00:38:22.660 –> 00:38:29.119
Andy Whiteside: So set going back to the conversation earlier. So this is the process where the administrator has

323
00:38:29.220 –> 00:38:35.629
Andy Whiteside: the storage area that can be accessed from anywhere in the world, including the land, the way in or just the Internet.

324
00:38:35.670 –> 00:38:38.089
Andy Whiteside: but the administrator is

325
00:38:38.570 –> 00:38:44.890
Andy Whiteside: determining when this update gets pushed and the end user has no ability to override

326
00:38:45.420 –> 00:38:46.959
Andy Whiteside: that push an install.

327
00:38:47.540 –> 00:38:58.290
Sebastien Perusat: He could I mean speaking about the standout installation standard profiles. If you send out the comment to get a firmware update to an endpoint even over Sg.

328
00:38:58.450 –> 00:39:03.859
Sebastien Perusat: the device will start downloading after a time out, which is 20 s by default.

329
00:39:04.080 –> 00:39:08.550
Sebastien Perusat: and the user could theoretically say, okay, it will start immediately

330
00:39:08.630 –> 00:39:25.990
Sebastien Perusat: or click on a cancel, and that will not download any more. That’s definitely something which is extremely, extremely annoying, because then you have to re push it again. You have to create your report. That’s the reason why you can from one hand saying you will push it immediately.

331
00:39:26.120 –> 00:39:33.250
Sebastien Perusat: might be disturbing than the user so not recommended. You can push it without any kind of time out, and the option to interact

332
00:39:33.270 –> 00:39:39.050
Sebastien Perusat: like I said, not so good for find users, and the default is 20 s, but it could be 20 h

333
00:39:39.480 –> 00:39:50.330
Sebastien Perusat: no, 20 h, not possible. There is a limit of 300 s, if I remember right, double check. But it’s not. Yeah, okay. that might change on the West, by the way. No.

334
00:39:50.420 –> 00:39:56.220
Sebastien Perusat: to be more honest, it will change on us to have but for the moment on OS 11. It’s a standard time out.

335
00:39:56.630 –> 00:40:00.120
Sebastien Perusat: and that’s the reason why we are going the other route

336
00:40:00.380 –> 00:40:04.810
Sebastien Perusat: by sending out a comment which is calling update on shutdown.

337
00:40:05.260 –> 00:40:10.210
Sebastien Perusat: So when the user is, I mean you can combine it with a cool feature which is called procession. Command

338
00:40:10.300 –> 00:40:12.019
Sebastien Perusat: just briefly.

339
00:40:12.110 –> 00:40:14.110
Sebastien Perusat: as soon as you are

340
00:40:14.150 –> 00:40:20.329
Sebastien Perusat: coming at the end of your day. I don’t know which time you are closing your citric session, or whatever session.

341
00:40:20.840 –> 00:40:24.669
Sebastien Perusat: and usually you have to click on, start, shut down, and the device will shut down.

342
00:40:25.070 –> 00:40:32.420
Sebastien Perusat: If you use post session command, you can say as soon as mycentric session ends, do something. In that case shut down a device.

343
00:40:32.470 –> 00:40:43.609
Sebastien Perusat: and if you combine that with an automatic update check on, shut down. Then you are good to go, because you will not annoy the end, user because the update will be processed during the shutdown. So usually

344
00:40:44.000 –> 00:40:47.029
Sebastien Perusat: couple of minutes, or whatever, Donald Trump you have.

345
00:40:47.100 –> 00:40:56.890
Sebastien Perusat: but the user is already leaving the house. Leaving the endpoint. You can just leave it downloading and executing the update and start working on this on the next day. Was it any delay?

346
00:40:58.430 –> 00:41:02.779
Andy Whiteside: Okay, I mean that’s kind of the world we’ve got used to in in in the windows world, you

347
00:41:02.830 –> 00:41:07.629
Andy Whiteside: yeah, you expect, as I shut down to be prompted.

348
00:41:07.790 –> 00:41:12.659
Andy Whiteside: if it’s, you know, early earlier days, you know it earlier in the update process.

349
00:41:12.720 –> 00:41:18.250
Andy Whiteside: Hey, You got a shut down. You can either shut down or you can update it, shut down, or reboot, or update and reboot.

350
00:41:18.300 –> 00:41:24.220
Andy Whiteside: And then at some point, you know the the system team decides. Okay, You’re going to do this. You have no way out. You either.

351
00:41:24.310 –> 00:41:25.049
Andy Whiteside: You get it

352
00:41:25.090 –> 00:41:30.060
Andy Whiteside: period you’re going to get this update, whether you’re rebooting, shutting down, or i’m pushing it out right now.

353
00:41:30.150 –> 00:41:32.410
Andy Whiteside: but you give users that option to

354
00:41:32.620 –> 00:41:34.370
Andy Whiteside: you know, opt-in when they’re ready.

355
00:41:35.230 –> 00:41:38.000
Sebastien Perusat: But you are 100% right? It was asked.

356
00:41:38.520 –> 00:41:43.569
Sebastien Perusat: Not only a couple a 1,000 times so you are asking, that is the right question, and yes.

357
00:41:43.960 –> 00:41:56.530
Sebastien Perusat: I don’t expect it to get a change on OS 11. To be honest, but on OS 12 there will be a huge change in that update manner. So from background update over.

358
00:41:57.120 –> 00:41:58.159
Sebastien Perusat: I forgot the name.

359
00:41:58.410 –> 00:42:09.459
Sebastien Perusat: bandwidth control, and so on, and so on. And even the time where you want to install the update will be controlled by the end. User a little bit more if you like it. You can also override it. But.

360
00:42:09.570 –> 00:42:24.069
Sebastien Perusat: that’s definitely something which is not extremely user friendly at the moment, and which we should definitely change. So Yes, definitely. Yes, yeah, I mean we we. There’s a lot to learn from Microsoft windows as to how to handle this kind of stuff and and and Microsoft windows, is

361
00:42:24.240 –> 00:42:30.590
Andy Whiteside: it’s it’s a very capable operating system that the problem is, it’s so capable and so friendly in terms of

362
00:42:30.610 –> 00:42:43.720
Andy Whiteside: being openness to do things that that’s where the the malicious part comes in. So a combination of a secure read-only managed Linux endpoint with a connectivity into a managed controlled

363
00:42:43.730 –> 00:42:52.599
Andy Whiteside: windows world for all those applications that you need for you know running enterprise and business applications. It’s the best of both worlds going back to our comments earlier that

364
00:42:52.620 –> 00:43:01.579
Andy Whiteside: if you know, if you’re running windows on the endpoint th that you should have a pretty good reason why you’re doing it. Because if you’re doing it, just because it’s your default, let’s talk and reconsider them.

365
00:43:01.960 –> 00:43:02.600
Sebastien Perusat: And

366
00:43:02.970 –> 00:43:04.399
Sebastien Perusat: yeah, absolutely

367
00:43:05.150 –> 00:43:08.430
Andy Whiteside: so, Seb: I think you’ve covered the topic here. What? What have you not covered?

368
00:43:09.700 –> 00:43:20.490
Sebastien Perusat: I could tell you so much. I mean, are you interested in getting my my cooking skills or no, just getting well from there. I just now install the buddy updates. Tell us about buddy updates.

369
00:43:21.150 –> 00:43:23.469
Sebastien Perusat: Yeah. So the body update. I mean.

370
00:43:23.890 –> 00:43:40.590
Sebastien Perusat: we covered the standard process of sending out an update to 10,000 devices. So let’s imagine now that you have a couple of branch offices, a branch office in Toronto Branch office in New York, and whoever so in every branch office you don’t have only one device from agile, but

371
00:43:40.880 –> 00:43:43.689
Sebastien Perusat: 1022, or whatever.

372
00:43:43.850 –> 00:43:47.569
Sebastien Perusat: So if you would in a standard way send out the

373
00:43:47.780 –> 00:43:49.850
Sebastien Perusat: firmware update to that devices

374
00:43:50.420 –> 00:43:55.489
Sebastien Perusat: depending on the size of your of your branch offers to 1020 device will

375
00:43:55.530 –> 00:43:58.220
Sebastien Perusat: download the firmware. Update

376
00:43:58.250 –> 00:44:02.529
Sebastien Perusat: 1020 times from the server, which is Ok. If you have enough resources.

377
00:44:02.610 –> 00:44:07.449
Sebastien Perusat: but from a sustainability perspective from data bandwidth.

378
00:44:07.500 –> 00:44:14.350
Sebastien Perusat: it doesn’t make a lot of sense. So what we are using I mean something that also Michael has not used for a couple of years, and still using it.

379
00:44:14.460 –> 00:44:20.170
Sebastien Perusat: We are updating one device in the branch office, and this device of a couple of them

380
00:44:20.200 –> 00:44:39.530
Sebastien Perusat: will then retain the firmware, update 5 for all the other devices in the location. So if you update one device from 10, the rest of the tenth or 9 should download the firmware, update not from the ums or from your azure blob any more, but from that one device which you get the update which makes it even

381
00:44:39.540 –> 00:44:44.160
Sebastien Perusat: easier to deploy for motors, because you don’t have to think about bandwidth consumption.

382
00:44:44.190 –> 00:44:49.269
Sebastien Perusat: What would happen if the the network part goes down, or what this kind of reason

383
00:44:49.320 –> 00:44:50.419
Sebastien Perusat: it’s really

384
00:44:50.850 –> 00:45:05.389
Sebastien Perusat: helping you as an administrator to keep your resources consumption low, and at the same time adding also a layer of security, because you don’t expose your device to don its F from somewhere, but really from the location itself. And

385
00:45:05.530 –> 00:45:10.350
Sebastien Perusat: the good thing is that the body update process, if it’s on the same network.

386
00:45:10.550 –> 00:45:13.279
Sebastien Perusat: villain, segment, or land segment.

387
00:45:13.420 –> 00:45:22.460
Sebastien Perusat: We also have an auto detection of Where is my next body, master, that the name that we have for the devices which got the update, and we’ll return it.

388
00:45:22.680 –> 00:45:30.069
Sebastien Perusat: and it would on it more or less, and apply it automatically if you wanted that the technique that we’re using by the update side.

389
00:45:31.280 –> 00:45:40.089
Andy Whiteside: Yeah, you guys, you guys have really thought of a lot in the ideal world in terms of getting these things up to date, and there’s custom, partition, custom partitions work with buddy updates as well or not.

390
00:45:41.260 –> 00:45:45.149
Sebastien Perusat: No, only from the

391
00:45:46.280 –> 00:45:58.599
Andy Whiteside: well, Seb: I I I needed this. I needed this topic covered. I needed to know there was a resource out there that would walk me through what needed to be done in azure to get this set up, and then what to do on the ideal side? This is a good topic, and i’m glad you brought it on

392
00:45:59.670 –> 00:46:08.629
Sebastien Perusat: cool. Thank you for having me here. It was always a pleasure to discuss that technical topic with you and a big shootout to Edwin, who wrote that block article.

393
00:46:08.690 –> 00:46:12.940
Sebastien Perusat: All the kudos goes to him. And yeah, thank you very much.

394
00:46:12.980 –> 00:46:17.670
Andy Whiteside: Well, I love that. We cover technical stuff, but they’re also very business applicable in today’s world.

395
00:46:17.790 –> 00:46:22.329
Andy Whiteside: These ideal devices are becoming more and more distributed off the land and land

396
00:46:22.550 –> 00:46:27.500
Andy Whiteside: and then the buddy update that applies for the land conversation will end the land conversation.

397
00:46:28.500 –> 00:46:31.200
Andy Whiteside: you know, Just just love the fact. We can have these chats

398
00:46:31.440 –> 00:46:37.620
Andy Whiteside: and cover topics that are very relevant to the ideal community, and really the thin client community in general.

399
00:46:38.400 –> 00:46:51.879
Sebastien Perusat: absolutely. And if you are not part of the agriculture community, please reach out to me. I’m happy to send you a join link, or just go to join Azure committee.com, and i’m happy to welcome you there. Because yeah, we are just a couple of

400
00:46:52.020 –> 00:46:55.299
Sebastien Perusat: a weird mastermind from the end user computing space, waiting for you.

401
00:46:56.160 –> 00:47:02.280
Andy Whiteside: Not not all that weird. It really is a good community of real people that are there to help each other. I I I love it. You guys have.

402
00:47:02.620 –> 00:47:07.359
Andy Whiteside: You guys have set the set the mark for others to follow, and I think some are trying.

403
00:47:07.510 –> 00:47:11.610
Andy Whiteside: and without community. You don’t really have a real business and love that you guys have done that.

404
00:47:12.020 –> 00:47:15.470
Sebastien Perusat: Andy, By the way, will you be at the disruptive

405
00:47:15.500 –> 00:47:25.110
Andy Whiteside: in Nashville? Yes, I thought you’re going to ask me about meeting Moen, who’s no longer on the call here he had to drop for a customer call. Urgent call came in. he will be a munic, as of yesterday. He said he was

406
00:47:25.530 –> 00:47:32.530
Andy Whiteside: I wanted to go ask his wife before he committed, but he committed so Munich Moen Khan will be there, as well as the rest of our team out of India.

407
00:47:33.940 –> 00:47:47.519
Andy Whiteside: but I will be at Nashville, and so will moan I. I really want to go to Munich. I’ve got to be in India the following week. I’ve got my personal vacation the week before that life, life and works is so busy. But I will be in Nashville absolutely, and look forward to seeing people there.

408
00:47:48.420 –> 00:48:03.779
Sebastien Perusat: I hope to be there too, so it’s not official right now, but I hope to be there, and I would like to have a great discussion with you listeners, but also with you and the because we never met in person. So let’s hope that I just will make this happen. And we’re we’re hosting is in Tech is hosting a pick up

409
00:48:03.840 –> 00:48:05.309
Andy Whiteside: happy hour Tuesday night.

410
00:48:05.330 –> 00:48:13.729
Andy Whiteside: I believe it’s Tuesday night at the at the event. So I love to have everybody there, and you, of course. And then, whatever the community does during that i’ll, I’ll I’ll I’ll be there

411
00:48:14.510 –> 00:48:16.319
Sebastien Perusat: perfect. Do you really have them

412
00:48:17.510 –> 00:48:20.070
Andy Whiteside: All right, Set. Thank you as always, for your time

413
00:48:20.120 –> 00:48:29.829
Andy Whiteside: great discussion, and we will plan to talk to you again. I think we should be talking to you next week, or maybe the following week. But we will talk to you very shortly, and we’ll bring another topic, and

414
00:48:29.890 –> 00:48:31.590
Andy Whiteside: and we’ll go from there

415
00:48:32.180 –> 00:48:33.049
Sebastien Perusat: perfect.

416
00:48:33.150 –> 00:48:36.949
Sebastien Perusat: Then see you soon. I wish a great weekend. And yeah, see you next week.

417
00:48:37.290 –> 00:48:40.430
Andy Whiteside: I can’t believe you just said that I forgot it was Friday. But

418
00:48:40.610 –> 00:48:43.159
Sebastien Perusat: yeah, it’s all right.

419
00:48:43.210 –> 00:48:45.959
Andy Whiteside: It’ll be. It’ll be Monday again before we know it.

420
00:48:46.700 –> 00:48:47.580
Sebastien Perusat: That’s true.

421
00:48:47.630 –> 00:48:49.280
Andy Whiteside: All right, sir. Enjoy the rest of your day.

422
00:48:49.680 –> 00:48:51.169
Sebastien Perusat: You, too, Bye, bye.