XenTegra - IGEL Weekly

IGEL Weekly: How to deploy IGEL OS firmware and custom partitions via Azure sftp

January 24, 2023 XenTegra / Andy Whiteside Season 1 Episode 71
IGEL Weekly: How to deploy IGEL OS firmware and custom partitions via Azure sftp
XenTegra - IGEL Weekly
More Info
XenTegra - IGEL Weekly
IGEL Weekly: How to deploy IGEL OS firmware and custom partitions via Azure sftp
Jan 24, 2023 Season 1 Episode 71
XenTegra / Andy Whiteside

Written by Edwin ten Haaf, IGEL Community Member

More and more of our IGEL customers want to facilitate work from anywhere.

In the office they were familiar with using #IGELOS driven devices.  By providing end users with notebooks running IGEL OS or UD Pocket(IGEL  on a stick) user can safely and easily connect to their virtual  workplace.

The management backend (UMS) is managing these devices in the  local network.  connect to ICG and the  management backend connects to ICG and the devices can be managed as if  they were local.   

If you're ICG is installed and configured well you can now manage  you're devices outside the office. Deploy and update profiles, support  users with shadow functionality. One important part that has to be  configured separately is the distribution of IGEL OS firmware and Custom  Partitions (Additional Software running on the IGEL OS like MS Teams and  Zoom)

For this you need to point you're devices to a remote https/sftp  location. Please read here how

Host: Andy Whiteside
Co-host: Sebastien Perusat

Show Notes Transcript

Written by Edwin ten Haaf, IGEL Community Member

More and more of our IGEL customers want to facilitate work from anywhere.

In the office they were familiar with using #IGELOS driven devices.  By providing end users with notebooks running IGEL OS or UD Pocket(IGEL  on a stick) user can safely and easily connect to their virtual  workplace.

The management backend (UMS) is managing these devices in the  local network.  connect to ICG and the  management backend connects to ICG and the devices can be managed as if  they were local.   

If you're ICG is installed and configured well you can now manage  you're devices outside the office. Deploy and update profiles, support  users with shadow functionality. One important part that has to be  configured separately is the distribution of IGEL OS firmware and Custom  Partitions (Additional Software running on the IGEL OS like MS Teams and  Zoom)

For this you need to point you're devices to a remote https/sftp  location. Please read here how

Host: Andy Whiteside
Co-host: Sebastien Perusat


00:00:02.620 --> 00:00:21.349
Andy Whiteside: Hello, everyone! And Welcome to episode. 71 of I Jo Weekly. I'm your host, Andy White Side i've got a couple of guests with me today. today is January thirteenth. 2,023. said we, were just talking about making sure we get the right additions with the right dates and for the video and everything. And, I've made myself train to myself to say the dates

00:00:21.360 --> 00:00:32.469
Andy Whiteside: at the beginning of these things, so that there's no question as to when it was recorded and recorded. we've got Moe and Khan Mo: it's the global See global CTO of integrity. Mo. And how's it going

00:00:33.080 --> 00:00:34.990
moin: going? Great, Andy

00:00:35.280 --> 00:00:39.569
Andy Whiteside: and I call you global CTO, cause I always have to ask, Where are you at the moment?

00:00:41.080 --> 00:00:58.760
moin: I am on driving back from airport after doing why compromise a jolly, went in Vancouver, which was really great to see customers. but to be To my not surprise, we were expecting

00:00:58.780 --> 00:01:03.449
moin: this to be a low attendance, and happen to be there.

00:01:03.490 --> 00:01:09.690
moin: Very good customers. we had, more than a dozen customers show up, and

00:01:09.780 --> 00:01:26.029
moin: We had very, very interesting discussion about that, their roadmap and security being the top of their mind. We we just spent it used. It was supposed to be 4 h event, and we end up doing it all the event they were. They just couldn't stop talking

00:01:26.440 --> 00:01:28.029
Andy Whiteside: so moan.

00:01:28.070 --> 00:01:43.299
Andy Whiteside: I've got some. Why compromise workshops coming up where we're going to partner in this case with Lenovo, and then eventually, Lg. As well, and actually give out devices. And we're going to have people do hands on labs, and then also have these conversations. So security was the the primary

00:01:43.410 --> 00:01:45.820
Andy Whiteside: talking point, but I bet there were others as well.

00:01:46.520 --> 00:01:51.000
moin: There were. There were others as well, but with a targeted

00:01:51.350 --> 00:01:59.959
moin: run somewhere, attack happening for most of my customers. They were really really concerned, and one of the reasons why they

00:02:00.040 --> 00:02:12.280
moin: they're looking for idol is to secure their endpoints. and that cost was one of the factors. But security is where they that pulled them all into that room.

00:02:12.320 --> 00:02:20.360
Andy Whiteside: So so i'm a little bullish on this comment, and maybe it's because of my background and where I come from. But if you're still running windows on the endpoint by default.

00:02:20.730 --> 00:02:22.220
Andy Whiteside: You're setting yourself up

00:02:22.300 --> 00:02:24.379
Andy Whiteside: for a security breach on the endpoint

00:02:24.970 --> 00:02:27.770
Andy Whiteside: period. No matter how you manage it, try to secure it you

00:02:27.990 --> 00:02:30.240
Andy Whiteside: you're you're set up for that to app

00:02:32.800 --> 00:02:37.510
moin: that is correct. And and and this is where we had few universities.

00:02:37.630 --> 00:02:43.180
moin: and they all mentioned that, having their staff

00:02:43.300 --> 00:02:47.650
moin: take those devices home, and of being windows devices

00:02:47.700 --> 00:02:50.380
moin: those where the entry point for ransom, where

00:02:50.530 --> 00:02:56.960
moin: in in both the cases now for for for 2 different institute that we spoke to.

00:02:57.260 --> 00:03:04.140
Andy Whiteside: I I don't have these numbers, but I I bet it's a significant number. I would love to see. Get your thought and steps. Thoughts on this. How much?

00:03:04.280 --> 00:03:09.759
Andy Whiteside: How much malware! Ransom we are Bad stuff, do you think is sitting in rest just waiting

00:03:10.120 --> 00:03:12.350
Andy Whiteside: to be told to execute

00:03:12.910 --> 00:03:16.649
Andy Whiteside: a percentage of windows devices out there.

00:03:17.620 --> 00:03:37.399
Sebastien Perusat: I would say 10 to 20%. It might be something which might be realistic, even if we really don't know which kind of memory would be. Is it something which will be active, or we'll just steal data. We'll try to to manipulate your operating system we try to propagate in the company, so I will differentiate a little bit, but also 10 to 20%, something which might be realistic

00:03:37.410 --> 00:03:42.500
Andy Whiteside: and anything above, you know. Point one would be scary 10 to 20.

00:03:43.120 --> 00:03:44.519
Andy Whiteside: I don't.

00:03:44.580 --> 00:03:47.080
Andy Whiteside: I mean that's just extremely

00:03:47.270 --> 00:03:48.230
Andy Whiteside: scary

00:03:48.440 --> 00:03:54.190
Andy Whiteside: to think that that much 10 to 20% of all those windows Pcs. Out there are just waiting and rest

00:03:54.520 --> 00:03:55.959
Andy Whiteside: to attack something

00:03:56.680 --> 00:03:59.249
Andy Whiteside: that they can get their hands on is

00:04:00.060 --> 00:04:08.599
Sebastien Perusat: the fun Fact that I know, if you got such kind of information also in North America. But we had an interesting podcast in Central European

00:04:08.770 --> 00:04:11.710
Sebastien Perusat: Time zone a couple of days ago on Golem.

00:04:12.580 --> 00:04:16.890
Sebastien Perusat: The fun fact is that one specific command server, which.

00:04:17.220 --> 00:04:22.400
Sebastien Perusat: more like the commenser which will send out the command to all the male, we're infected PC.

00:04:22.550 --> 00:04:23.480
Sebastien Perusat: Just

00:04:23.720 --> 00:04:43.570
Sebastien Perusat: got lost by the administrators, so by the attackers, because they had made a small change. But it didn't thought about hey? Which kind of consequences it may have on the command Server. The fun fact is, a commencer is not dead, so there are malware also out there which will never be activated anymore in the future because the comment is dead.

00:04:43.580 --> 00:04:50.550
Sebastien Perusat: So that's something which I found pretty funny, because that means that even hackers are doing and doing mistakes. Yeah, make them a little bit, humans.

00:04:50.690 --> 00:05:01.740
Andy Whiteside: Well, that's a that's an interesting view on digital transformation happening where even the the bad stuff has transformed to the point where whoever was in control of it or the system in control of it no longer exist.

00:05:02.230 --> 00:05:03.210
Sebastien Perusat: Exactly.

00:05:03.460 --> 00:05:08.410
Sebastien Perusat: It's a commander control. So now I found the time back, command and control so on.

00:05:08.960 --> 00:05:13.710
Andy Whiteside: Well, that was the voice of Sebastian presets. Sebastian. How's it going?

00:05:14.080 --> 00:05:25.089
Sebastien Perusat: It's going good, all the best for 2,023 for our listeners. I know we are a little bit late on that, but still I wish you all the best for you and your families, and I hope you had a great Christmas time and New Year's Eve

00:05:25.200 --> 00:05:29.769
Sebastien Perusat: so happy to be there again, and I hope we will cover a great topic today.

00:05:30.060 --> 00:05:39.910
Andy Whiteside: Well, I was told by somebody yesterday. It's okay to say Happy New Year up until the middle of January, and we're almost there, so we're not late. We're not late.

00:05:42.320 --> 00:05:58.450
Andy Whiteside: yeah, let's let's jump into the topic. Oh, no, before we do that. I've got it. I got a ping my marketing people you mentioned some folks we'll. I'll use the word complaining and rightfully so on the Igl community that we reference the video side of these podcasts. A lot.

00:05:58.470 --> 00:06:02.450
Andy Whiteside: Those are not up to date on this integral Youtube Channel.

00:06:02.500 --> 00:06:04.549
Andy Whiteside: You want to highlight what happened there?

00:06:05.430 --> 00:06:15.550
Sebastien Perusat: Just a small thing. I mean, we're putting a lot of efforts, especially you, on the descent. Take our side to put all the audio components together, and we are talking a lot, but at the same time

00:06:15.660 --> 00:06:28.969
Sebastien Perusat: you are always a recording, also your screen. So you are seeing my ugly face and some interesting content on the screen, and the interesting content on the screen is shared on Youtube, on Agile weekly podcast. If I remember right at the Youtube Channel.

00:06:29.050 --> 00:06:42.199
Sebastien Perusat: and we are missing some episodes there. So I just wanted to say for the people who are listening through bus proud or apple podcast, and so on. There is also a video part of of the podcast as you can reach it on on Youtube.

00:06:42.630 --> 00:06:48.270
Andy Whiteside: and we like to think we cover the topic well through. You know the conversation.

00:06:48.290 --> 00:06:50.530
Andy Whiteside: But there are certain nuggets.

00:06:50.700 --> 00:06:52.490
Andy Whiteside: Did it make sense to

00:06:52.510 --> 00:07:02.380
Andy Whiteside: to see the video? And and maybe that's the the the key piece that someone's missing to help them understand exactly the topic. And where we're going with that coverage.

00:07:03.520 --> 00:07:06.280
Andy Whiteside: plus you get to see me with my

00:07:06.620 --> 00:07:13.569
Andy Whiteside: son's gaming headset on 7 to a while ago that I must be doing twitch a little later this afternoon.

00:07:14.880 --> 00:07:18.420
Sebastien Perusat: looking to you, seeing you playing a fortnight or something like that.

00:07:18.790 --> 00:07:19.840
Andy Whiteside: Hi,

00:07:19.920 --> 00:07:26.529
Andy Whiteside: I hide a set of headset. I I had some headsets in my wife's office, so that when I end up working from her office at home.

00:07:28.580 --> 00:07:30.920
Andy Whiteside: I can have a a fell safe

00:07:31.070 --> 00:07:32.629
Andy Whiteside: in case I can't find Mother

00:07:32.660 --> 00:07:33.660

00:07:34.170 --> 00:07:41.369
Sebastien Perusat: And, by the way, i'm just and me just asking a question to our listeners. If you could give me a short feedback

00:07:41.530 --> 00:07:47.760
Sebastien Perusat: to Andy to myself, and as your community, or wherever because I changed my microphone a couple of days ago

00:07:47.780 --> 00:08:06.479
Sebastien Perusat: I had already, I would say, a pretty good one in the past, but now I change to another model. It's a shoe, together with a wave excel error device which I'm connecting to my automatic endpoint. So just in case, if your feedback is a better, if it was, then give me just a short feedback. I would be grateful for hearing what you are thinking

00:08:06.760 --> 00:08:07.539
Sebastien Perusat: that this

00:08:07.670 --> 00:08:16.680
Andy Whiteside: so so i'll tell you it it sounds great now, so i'm not sure if that's a result of an improvement, or just the same. But, your, your audio is great.

00:08:17.020 --> 00:08:17.990
Sebastien Perusat: Okay, cool.

00:08:18.020 --> 00:08:19.690
Andy Whiteside: And I, is it wireless?

00:08:20.330 --> 00:08:32.649
Sebastien Perusat: No, not at all. I can just show it a little bit. No, it's a cable wire by which is a standard audio interface. But the fun fact just telling maybe a secret to people who are listening to us.

00:08:32.679 --> 00:08:39.100
Sebastien Perusat: Zoom has an extremely interesting feature. If you are doing some audio, and so I just forget to mention it to you, Andy.

00:08:39.200 --> 00:08:43.409
Sebastien Perusat: There is a feature which is called original sound for musicians.

00:08:43.490 --> 00:09:01.549
Sebastien Perusat: So if you go into your Zoom client, go to your audio settings. You have a point which is called a zoom optimized audio, which is absolutely fine if you are travelling and so on. But you have also a point which is called original software magicians. And there you can say high fidelity, music, mode, and Asia cancellation and stero audio.

00:09:01.560 --> 00:09:19.969
Sebastien Perusat: So you can tweak a little bit about the audio quality there, too, just giving our little hints that I found out and said, I want to pick on you real quick. But with the accident it sounds like you're saying for magicians you're talking about for musicians, musicians. Right? Sorry. No, that's awesome. I can. What is the magicians have to do with this.

00:09:21.150 --> 00:09:40.169
Andy Whiteside: All right. let's see any other housekeeping one to cover. we apologize guys, for not having more content over the holidays. It got busy, and it's the time of year where companies are doing the conferences and kick off so it's probably my fault more than anybody else. But excited to be ready to go for 2,023 and the team, as integr will will continue to

00:09:40.180 --> 00:09:45.169
Andy Whiteside: about this content. Any feedback you give us would be wildly appreciated.

00:09:46.250 --> 00:09:48.880
Andy Whiteside: okay,

00:09:49.040 --> 00:10:04.819
Andy Whiteside: I think what we're covering with the video stuff real quick, is that? And I don't know if I said this, but the the the integrity and the marketing team needs to we gotta step up and get some of these Itel videos updated onto our Youtube Channel, and I will make that request literally while we're talking here now.

00:10:04.830 --> 00:10:20.269
Andy Whiteside: but, said we, every Other Week, we do a community podcast and ask that you bring a topic that you believe the community would like to hear, and something that you've worked on recently, and the one for today is from a post of yours from December thirteenth, 2,022, and I believe that's gonna

00:10:20.280 --> 00:10:25.589
Andy Whiteside: tied back to a community member post which is the best way to learn about this stuff is through the community.

00:10:25.660 --> 00:10:35.930
Andy Whiteside: and that topic is how to deploy. Ig. OS. So the ideal operating system, firmware and custom partitions using via azure

00:10:36.030 --> 00:10:45.609
Andy Whiteside: S. Ftp. And i'm a huge fan of it. Guys not only saying the acronym, but explaining what it means that would be secure, file transport.

00:10:45.740 --> 00:10:47.860
Andy Whiteside: transport protocol, right?

00:10:48.570 --> 00:10:53.560
Sebastien Perusat: Is it simple or secure? No, it's secure.

00:10:53.630 --> 00:10:54.190

00:10:55.290 --> 00:11:02.540
Andy Whiteside: great. So set, if you want to kind of te us up and talk about Why, you wanted to highlight this one, and then we'll jump into

00:11:02.820 --> 00:11:03.860
Andy Whiteside: what it does

00:11:04.150 --> 00:11:14.630
Sebastien Perusat: definitely. Yes. So first of all, a big shoot out to Evan 10 half, which wrote that article. He posted that on Linkedin and Positive, also on the urgent community side.

00:11:14.770 --> 00:11:31.350
Sebastien Perusat: And I said, like guys, honestly, if you are already covering such a great topic. Let me put that in our block article part of the adjectivity.com website, and if you go to prisoner it Here, at the end of the of the web page, you have the link to the original to the original post. So

00:11:31.710 --> 00:11:37.670
Sebastien Perusat: we already talked a lot in the past regarding our Ig Cloud Gateway, also known as Icg.

00:11:37.730 --> 00:11:43.219
Sebastien Perusat: which enables you to manage devices which are outside of your company network.

00:11:43.740 --> 00:11:52.499
Sebastien Perusat: So just giving you I mean even if our listeners are knowing that for years, I guess are just telling that if you look at the ideal ecosystem

00:11:52.620 --> 00:11:57.329
Sebastien Perusat: we have the on-prem installation. You have devices inside of your company. But since Covid

00:11:57.680 --> 00:12:05.240
Sebastien Perusat: everything changed. People were working from everywhere, and so on and so on. So the devices out of the company are connected via VPN.

00:12:05.450 --> 00:12:21.340
Sebastien Perusat: Still needed configurations, updates, etc. Etc. And that's where the adjective gateway is connecting your device from outside to your on prem or azure wherever it's located ums server. So it's really just connector between both worlds

00:12:22.070 --> 00:12:27.540
Sebastien Perusat: and the agile gateway is really is really a cool product. It enables a lot of features.

00:12:27.820 --> 00:12:30.359
Sebastien Perusat: but it's lacking one major feature.

00:12:30.640 --> 00:12:37.120
Sebastien Perusat: maybe 2. But the topic of today is the firmware update and the custom partition, or roll out.

00:12:37.180 --> 00:12:40.700
Sebastien Perusat: So as soon as you want to deploy bigger files.

00:12:40.760 --> 00:12:49.829
Sebastien Perusat: not one or 2 MB, i'm really talking about 100, 200, and whatever upside the data that you want to exchange with the endpoint.

00:12:50.140 --> 00:12:52.599
Sebastien Perusat: You have to define an external

00:12:52.730 --> 00:12:55.239
Sebastien Perusat: server, an external resource where they

00:12:55.490 --> 00:12:57.520
Sebastien Perusat: device can download it from.

00:12:57.630 --> 00:13:02.610
Sebastien Perusat: So Basically, we have 2 kind of of data which might be concerned by this

00:13:02.700 --> 00:13:04.049
Sebastien Perusat: azure West firmware

00:13:04.280 --> 00:13:18.229
Sebastien Perusat: and custom partition. First of all, I do as firmware. We always recommend to stay as actual as possible. I know that the operating system is pretty stable, and it's mostly working as soon as we started one time.

00:13:19.050 --> 00:13:27.570
Sebastien Perusat: but we have also security fixes. We have update from clients and so on. So you might miss something extremely important If you don't update that device

00:13:28.590 --> 00:13:35.230
Sebastien Perusat: on the second hand cut some partitions, just explaining in 2 words, or maybe a few more, what custom petitions are.

00:13:35.720 --> 00:13:47.069
Sebastien Perusat: If you want to deploy an application, a piece of software to the audio operating system, which is not part of our firmware. So not part of our insulation, like informal times, the team's client

00:13:47.120 --> 00:13:50.199
Sebastien Perusat: mit Chrome, because you are not allowed to use chromium or

00:13:50.240 --> 00:13:51.230
Sebastien Perusat: and

00:13:51.580 --> 00:13:59.589
Sebastien Perusat: local zoom installation. That's where the custom partition gives you the ability to deploy that software packet to the end.

00:13:59.900 --> 00:14:01.339
Sebastien Perusat: Coming back to the topic.

00:14:02.020 --> 00:14:15.020
Sebastien Perusat: You can manage your device on Icg without having to call what we are talking about today, but as soon as you hit updates and custom petitions, we highly recommend to follow the guide. It is not a Nigel guide, but, like I said, from the aggregate community, so it's

00:14:15.150 --> 00:14:19.010
Sebastien Perusat: something which we are testing also from our end and Edwin

00:14:19.330 --> 00:14:23.139
Sebastien Perusat: cover that from the Asia sftp part, so

00:14:23.460 --> 00:14:39.149
Sebastien Perusat: you can put our updates on any kind of web service. That's an easy one. Just extract the zip file. I will talk about that a bit later. To a web service. Refer in a profile to that web service, and you are good to go.

00:14:39.430 --> 00:14:41.310
Sebastien Perusat: But if you want to

00:14:41.470 --> 00:14:53.440
Sebastien Perusat: have a load balancing, if you want to have a proper fight, transfer protocol. Not only Http or https download. That's where the sftp makes definitely more sense, especially if you think about

00:14:53.490 --> 00:14:55.690
Sebastien Perusat: traffic limitation, and so on.

00:14:56.190 --> 00:15:11.139
Andy Whiteside: So said, let's talk about this 3 ways. This is great. This is a great topic and something I've kind of been aware of and knew of, and anytime I needed it, I would just call one of your Esses and say, hey, give me access to your cloud, and i'll pull it down real quick, and then you can take away my access.

00:15:11.300 --> 00:15:21.669
Andy Whiteside: so this is good to have this write up that tells us you know how to do it from an azure perspective tells me how to do it from azure perspective that way. I don't have to be a mooch off some of your guys all the time.

00:15:23.400 --> 00:15:32.319
Andy Whiteside: if i'm got a brand new machine, and i'm either, you know, going to try to repurpose a machine that had something else on it before. It's a brand new blank machine

00:15:32.630 --> 00:15:33.210
Andy Whiteside: that

00:15:33.340 --> 00:15:34.700
Andy Whiteside: having this

00:15:35.410 --> 00:15:42.059
Andy Whiteside: target in the cloud to pull down the the firmware from what? What would that look like

00:15:43.120 --> 00:15:48.960
Andy Whiteside: from an end user or administrator's perspective. How would I start that process on the endpoint?

00:15:50.530 --> 00:16:02.330
Sebastien Perusat: On the endpoint? I would go, maybe a stick backwards. Usually the distribution of firmware updates is coordinate by the Us. Administrator. So by using a task or schedule tasks.

00:16:02.550 --> 00:16:07.940
Sebastien Perusat: by sending out a comment which is then applyable on next boot or next reboot.

00:16:08.120 --> 00:16:23.000
Sebastien Perusat: and that's how bad or on shut down. So we forgot to mention. And that's how most of our customers are deploying or sending out the comment to download the the from the update. Now, is that an updated? That's an updated firmware. I'm talking about like a blank machine that has nothing. sorry

00:16:23.540 --> 00:16:25.950
Sebastien Perusat: they are mostly, I mean.

00:16:26.280 --> 00:16:37.509
Sebastien Perusat: I would say, 90 persons are using any kind of network deployment like Pixe or using the Sccm deployment toolkit that we have.

00:16:37.550 --> 00:16:54.480
Sebastien Perusat: and the rest is honestly doing it by hand by using a USB stick, which is called the OS Creator stick, and just booting the device from it inside the firmware. Remove the USB stick, and that's it. So on the company network we're talking. Maybe. Pixie, if you're doing it manually, you're talking to USB or

00:16:54.490 --> 00:17:07.470
Andy Whiteside: ideal world these days, which is becoming more and more common. You you ordered it from Lenovo, or Lg. Or somebody, and it came with some version, maybe out of date, or maybe not. and it was ready to start talking and get the updates.

00:17:08.140 --> 00:17:16.640
Sebastien Perusat: or you using the Ud pocket which makes you even more flexible in terms of endpoint, because you'd boot the USB. Stick from any kind of endpoint, and your installation

00:17:16.680 --> 00:17:30.780
Sebastien Perusat: of igos and your environment for your citrix, or whatever environment is always suddenly USB stick. That might be the alternative. But for the pure installation I would say yes, 80 to 80% to 90% using network network deployments and for the rest, really by hand.

00:17:30.800 --> 00:17:32.000

00:17:32.210 --> 00:17:43.869
Andy Whiteside: okay, that kind of sets the table for me on that. And then. Now let's go into what you were talking about just now around the I guess we need to cover 2 things we need to cover what Edwin has here in terms of how to set up the cloud storage target.

00:17:43.880 --> 00:17:56.439
Andy Whiteside: as well as you know the concept, and maybe we'll round this out now with the idea. You have the firmware installed. Now you're either looking to get firmware updates, or those custom partitions for those apps that are not baked into the I, Joel Firmware.

00:17:57.150 --> 00:17:58.120

00:17:59.530 --> 00:18:10.629
Andy Whiteside: so. Where do you want to go from here? Do you want to continue down the path of You know the the the reasons and and the starting points? Or do we want to jump into what everyone has here in terms of what needs to be configured in the cloud to make it work.

00:18:11.060 --> 00:18:26.009
Sebastien Perusat: I would just maybe start with a little bit of explanation, a little bit of background information about why and how we are pushing that to the end point, because we had an interesting discussion in the adjacent community a couple of days ago. To be more precise, it was yesterday

00:18:26.270 --> 00:18:30.819
Sebastien Perusat: where a customer was asking, hey, it's great to push

00:18:30.840 --> 00:18:37.869
Sebastien Perusat: a firmware update to all my endpoints, especially the people who are working for more and etc., but wouldn't be

00:18:38.140 --> 00:18:45.849
Sebastien Perusat: it easier to have the end user choosing the moment where he could deploy and install the firmware update.

00:18:46.250 --> 00:18:58.399
Sebastien Perusat: or in a perfect world, having maybe a script having a tool which is checking. Is there a new or a firmware update available? And if yes, give the you the ability to choose the easy moment.

00:18:58.600 --> 00:19:05.940
Sebastien Perusat: The short answer for both arguments are: No, we don't have that at the moment. It's still under development.

00:19:06.000 --> 00:19:24.539
Sebastien Perusat: If you are part of advanced services at Agile. You might ask your Trm. Or a direct contact to get an access to to the shell script, but for the moment we have to script it. And I just said the discussion, like I said a couple of days ago, and we went to that process, and it's working pretty good.

00:19:24.550 --> 00:19:26.380
Sebastien Perusat: And

00:19:26.430 --> 00:19:43.559
Andy Whiteside: but that's really the the general. But from the endpoint perspective. So what you're saying now is the the admin determines. When it happens, you're saying that there's a possibility, or there to the script, or in the future, where the end user can say, yeah, I know it's. I've got to do an upgrade. But i'll I'll say yes when it's I'm ready for that to happen.

00:19:44.840 --> 00:19:45.540
Sebastien Perusat: Yeah.

00:19:45.650 --> 00:19:47.490
Sebastien Perusat: I would say, yeah.

00:19:47.570 --> 00:19:53.840
Andy Whiteside: definitely. Let me pause this here real quick Mo, and we've covered a lot, any anything you want to ask or add to the topic before

00:19:53.860 --> 00:19:55.250
Andy Whiteside: sub continues on.

00:19:58.720 --> 00:20:09.020
moin: no, I think. For now the really interesting topics especially about secure versus a regular Ftp. And

00:20:10.040 --> 00:20:23.040
moin: secure is something that is always especially in the in the world of Linux when when we talk about moving files up and down secure pieces, is the only thing that we recommend from

00:20:23.250 --> 00:20:25.909
moin: coming from the consulting background, and

00:20:25.990 --> 00:20:29.289
moin: having done these things over a number of

00:20:29.460 --> 00:20:32.430
moin: a number of times, I feel

00:20:32.460 --> 00:20:37.319
moin: the the the key for all these things, and especially when when you are moving.

00:20:37.520 --> 00:20:45.820
moin: having that security in place, and using that protocol sftp protocol to move files up and down.

00:20:46.020 --> 00:20:51.300
moin: I have seen many time, especially when when it comes to

00:20:51.350 --> 00:20:55.530
moin: side loading or installing application in custom. Partition

00:20:55.750 --> 00:21:03.060
moin: people tend to try to find shortcuts, and I feel that having this topic

00:21:03.080 --> 00:21:04.659
moin: that we are talking about

00:21:04.960 --> 00:21:22.360
moin: having this topic that we are talking about is is very key for our listeners to understand the importance. So I think I think. i'm interested. And even having done these things many times, i'm really intrigued to listen to what serve is

00:21:22.370 --> 00:21:32.110
Andy Whiteside: talking about following the practices doing these kinds of partnerships. There's there's doing it, and there's doing it right. And I think what everyone here that steps. Highlighting is Here's how to do it. Right?

00:21:32.420 --> 00:21:33.300
moin: That's right.

00:21:33.920 --> 00:21:35.370
Andy Whiteside: Okay. So

00:21:35.490 --> 00:21:41.290
Andy Whiteside: walk us through what everyone's covering here and and which parts go in which order and and why they matter

00:21:42.140 --> 00:21:51.640
Sebastien Perusat: so the best practice. And that's the reason why we are showing that that blog article is obviously you could easily on the icg server, which is usually

00:21:51.860 --> 00:21:56.129
Sebastien Perusat: on your cloud service in your Dmz or wherever you want to install it.

00:21:56.180 --> 00:21:58.780
Sebastien Perusat: a Linux box where you install our service

00:21:59.980 --> 00:22:12.730
Sebastien Perusat: in a theoretical way. You could use the same box install there an Ftp. On the Http server and get the downloads from there. We are not recommending that even if it would be sufficient.

00:22:12.850 --> 00:22:17.060
Sebastien Perusat: But from a security perspective it's always good to separate the management

00:22:17.280 --> 00:22:18.100
Sebastien Perusat: channel

00:22:18.150 --> 00:22:27.659
Sebastien Perusat: from some download and let's say public servers, and that's where we are usually recommending you, not using the same. So, even if, like, I said it would work.

00:22:27.950 --> 00:22:36.940
Sebastien Perusat: So that's what we discussed. Then with Evan and Evan went through. Then the process of hey? Why not using a new feature which is available in azure?

00:22:37.260 --> 00:22:44.969
Sebastien Perusat: And this feature? And I have to mention that honestly, I didn't have time to double check if it's available now everywhere, because it was a technique of preview

00:22:45.010 --> 00:22:49.159
Sebastien Perusat: available in some regions of the azure world.

00:22:49.370 --> 00:22:50.260
Sebastien Perusat: But

00:22:50.610 --> 00:23:06.849
Sebastien Perusat: it should be at this from a discussion I had yesterday. It should be a way in North America, too, so you can just go to your to your previous features. If you go to your azure management, console, and there you have a specific feature, a specific menu which is called private features.

00:23:06.930 --> 00:23:16.240
Sebastien Perusat: Under that you can register for a new feature set, which were then released after a couple of weeks or months, to your standard repository of of azure.

00:23:16.500 --> 00:23:21.930
Sebastien Perusat: That's which is called sftp support for our azure blob storage.

00:23:22.930 --> 00:23:24.280
Sebastien Perusat: As soon as

00:23:24.560 --> 00:23:33.119
Sebastien Perusat: you added that to your to your port for you, you can then say, under your storage accounts. I want to create a new one. Obviously you have

00:23:33.700 --> 00:23:38.230
Sebastien Perusat: existing ones. You can. You can create a new resource, and from there

00:23:38.390 --> 00:23:44.530
Sebastien Perusat: you just need a name basically and add it to an existing or to a new storage group

00:23:44.760 --> 00:23:52.990
Sebastien Perusat: as soon as you had that. Because, yeah, depending on where and out you are, and what your users are.

00:23:53.300 --> 00:24:05.349
Sebastien Perusat: It's good to check if the region is matching your expectations. So if you want to do it for for Europe for North America. Please choose to different regions. Just make sure that you are not going over a high latency.

00:24:05.420 --> 00:24:08.389
Sebastien Perusat: and if you are not seeing it in North America, please to the region

00:24:08.710 --> 00:24:14.299
Sebastien Perusat: Europe, North Europe, or wherever you are. Just to be sure that you have the feature listed.

00:24:14.770 --> 00:24:24.000
Sebastien Perusat: Honestly, I tested it. I don't know it was 2 months ago. The performance with standard is more than enough. You don't have to go for premium.

00:24:24.200 --> 00:24:32.910
Sebastien Perusat: even if you want to be bulletproof, and if you want to deploy it to 10,000 devices, which I don't expect you to do. But who knows?

00:24:32.990 --> 00:24:34.310
Sebastien Perusat: Make

00:24:34.340 --> 00:24:47.220
Sebastien Perusat: be a good way to do, because it also gives you the ability to have a specific reporting inside of azure, showing a little bit more detailed information about how the transfer rate. The latency was, and so on. But, like I said, the standard is great.

00:24:47.250 --> 00:24:48.490
Sebastien Perusat: and from there on

00:24:49.050 --> 00:24:56.739
Sebastien Perusat: you have to enable 2 different check boxes in the Data Lake and the advanced tab of your of your storage account.

00:24:56.980 --> 00:25:07.719
Sebastien Perusat: It's called. Enable here, i'm not sure if I can pronounce it right in English. But here I can say it in French Hiroshi namespace, and then check box.

00:25:07.890 --> 00:25:11.590
Sebastien Perusat: then enabled obviously the Sftp protocol itself.

00:25:11.860 --> 00:25:24.860
Sebastien Perusat: It's hierarchical. Thank you very much. It sounds of way better on your side, and then you have to enable the feature itself, which is called sftp. So secure. File, transfer protocol

00:25:25.460 --> 00:25:26.690
Sebastien Perusat: from there on.

00:25:27.100 --> 00:25:36.299
Sebastien Perusat: I would definitely recommend to add a few users to that to the storage, I mean, just because you want to separate, maybe your test account

00:25:36.390 --> 00:25:41.999
Sebastien Perusat: from your deployment account, and that's what you are doing. If you go to your data storage

00:25:42.440 --> 00:25:46.650
Sebastien Perusat: again in your azure management tool, then go to containers.

00:25:46.790 --> 00:25:57.260
Sebastien Perusat: and inside of your container you will see your freshly created service, and from there on you can just click on it and add a local, user the local. User

00:25:57.350 --> 00:26:00.280
Sebastien Perusat: honestly, the name is up to you.

00:26:00.860 --> 00:26:09.579
Sebastien Perusat: In my opinion this part was a plane, and without any kind of special characters in the name

00:26:10.080 --> 00:26:11.150
Sebastien Perusat: it will work.

00:26:11.380 --> 00:26:20.820
Sebastien Perusat: But before having something complicated which might be hard to reverse. Engineer at the end, please start with just a standard name like sftp test, use, or whatever.

00:26:20.890 --> 00:26:25.750
Sebastien Perusat: without with a plus our exclamation mark, and from there

00:26:25.820 --> 00:26:34.640
Sebastien Perusat: I would recommend to set an Ssh password. Why are we using Ssh. Password and combined with secure Ftp.

00:26:35.820 --> 00:26:51.000
Sebastien Perusat: I don't want to hijack the card to extend the difference between Sftp and Ftps, but there is a huge difference between both, so I would just make the story short. Sftp is usually going through the standard part, which is 22

00:26:51.010 --> 00:26:58.980
Sebastien Perusat: and sftp and ftp and Ftp. Are working through the dynamic power range over the 21 and upside.

00:26:59.200 --> 00:27:03.259
Sebastien Perusat: Use a h password. Define your

00:27:03.280 --> 00:27:04.310
Sebastien Perusat: username.

00:27:04.350 --> 00:27:05.300
Sebastien Perusat: then

00:27:05.500 --> 00:27:06.830
Sebastien Perusat: check your permissions.

00:27:07.000 --> 00:27:13.709
Sebastien Perusat: In my opinion I would add something to the to the blog post from from Edwin I would separate the the

00:27:13.860 --> 00:27:19.120
Sebastien Perusat: upload or the management test user from the download once he made both.

00:27:19.470 --> 00:27:30.929
Sebastien Perusat: and this is on the STEM side. So you just need to read and list from the rights, because obviously you don't want someone who is downloading to upload something at the same time to your server.

00:27:31.050 --> 00:27:31.850
Sebastien Perusat: So

00:27:32.480 --> 00:27:41.509
Sebastien Perusat: just check your permissions to be a read and list. The read has to be said that obviously data that has been asked can be a read.

00:27:41.650 --> 00:27:45.970
Sebastien Perusat: but at the same time you have also on Sftp and Ftp side

00:27:46.110 --> 00:27:51.959
Sebastien Perusat: the list feature, which is mandatory to get a list of the Directory from a client perspective.

00:27:53.180 --> 00:27:57.150
Sebastien Perusat: and then last one the Home Directory, which is the name of your storage.

00:27:57.250 --> 00:28:00.040
Sebastien Perusat: and from there on, just secure with the password.

00:28:00.620 --> 00:28:02.550
Sebastien Perusat: and then test was

00:28:02.920 --> 00:28:03.690
Sebastien Perusat: Europe

00:28:03.770 --> 00:28:11.330
Sebastien Perusat: favourite Ftp. Client could be win. Scp can be Ssdp client from the command line.

00:28:11.460 --> 00:28:16.049
Sebastien Perusat: whatever you prefer, but I would definitely recommend to test it before creating your profile.

00:28:16.600 --> 00:28:19.449
Sebastien Perusat: And the major point that I would like to mention there is.

00:28:19.560 --> 00:28:24.819
Sebastien Perusat: and not only try to connect, not only do a proport or tennet really open

00:28:25.090 --> 00:28:26.990
Sebastien Perusat: an Ftp client

00:28:27.100 --> 00:28:28.879
Sebastien Perusat: which is sftp capable.

00:28:29.300 --> 00:28:32.190
Sebastien Perusat: and try to download something, because

00:28:32.220 --> 00:28:40.150
Sebastien Perusat: as soon as you connect you will get a listing, and from there the reading permission will hit in, and then you can try to download something, and that one is failing.

00:28:41.010 --> 00:28:44.670
Sebastien Perusat: Usually it's related to rights or permissions.

00:28:47.010 --> 00:28:59.179
Andy Whiteside: Yeah, that's always good advice, and it's, you know. I don't know about you said. But when you're doing something like this around Ftp or the secure telnet or things like that when you when you can do it yourself manually before you automate it.

00:28:59.360 --> 00:29:09.810
Andy Whiteside: it, it's for the admin it's like this. it's like this Nirvana feeling of Yes, I know at least this much of it works. So what I do next is either it's going to be the problem, or it's going to work

00:29:12.120 --> 00:29:20.769
Sebastien Perusat: 2 to 100. So so many things in our lives these days, especially on our consumer side. You're relying on like 15 systems to all work appropriately for that magical

00:29:21.290 --> 00:29:27.640
Andy Whiteside: thing to happen. It's so nice to be able to break it down component by component, and see each step of the process Where?

00:29:29.450 --> 00:29:30.110
Sebastien Perusat: Yeah.

00:29:30.990 --> 00:29:41.039
And I know that I'm. Usually that person who is trying to make it right from the beginning on. So making extremely complicated passwords complicated usernames.

00:29:41.240 --> 00:29:51.069
Sebastien Perusat: and then at the end, it's not working. So i'm trying to reverse engineer. So i'm always saying, if you just want to test test with standard users, with a short and easy password

00:29:51.110 --> 00:30:00.019
Sebastien Perusat: also on the password side. Obviously, we want to have you uppercase, lowercase, number, or special characters. No question as long as possible.

00:30:00.590 --> 00:30:09.259
Sebastien Perusat: But please try something easy, and if that one is working you can then go the next step and make it even more secure, and change the password to something more complicated and complex.

00:30:09.650 --> 00:30:13.399
Sebastien Perusat: But I had some I mean it's fixed since a long, long time.

00:30:13.590 --> 00:30:15.789
Sebastien Perusat: but from the actual history I had is

00:30:16.230 --> 00:30:26.510
Sebastien Perusat: Sometimes there is just a weird back somewhere in the curl or the Donald process, and a special character, or one special character is maybe misinterpreted on our side.

00:30:26.650 --> 00:30:30.789
Sebastien Perusat: not only on ours, but in general in the Ftp client world.

00:30:30.890 --> 00:30:38.810
Sebastien Perusat: So do me a favor. Start with something like I. 1, 2, 3, exclamation mark, and if that one is working, make it extremely

00:30:39.260 --> 00:30:52.429
Sebastien Perusat: secure by putting an I uppercase, azure one to 3. Yeah, that's the that's the Keep it simple, stupid model at least start there. But but don't forget to go back and secure it.

00:30:53.420 --> 00:30:57.250
Sebastien Perusat: Okay. So yeah, as soon as you did that

00:30:57.280 --> 00:30:59.820
Sebastien Perusat: as you test it was your was your Ftp client.

00:30:59.870 --> 00:31:03.000
Sebastien Perusat: We are now going back to the age world.

00:31:03.700 --> 00:31:12.789
Sebastien Perusat: Don't expect your to be configured to get directly download by auto, discovering something like that note.

00:31:13.370 --> 00:31:32.130
Andy Whiteside: You have to create a profile. So can I see a question on this first. A lot of times when I do ums related things, i'll do it on the local OS first to make sure it works, and then if that works, then I take that same concept and then put it to ums and push it out with a profile it does. Is that a reality? And what we're talking about here.

00:31:32.730 --> 00:31:48.749
Sebastien Perusat: yes, it's reality. I'm doing that sometimes exactly this way. So i'm agreeing at the same time. It can also cause a little bit of trouble, because if you are testing things locally, you are removing then a profile from your from your ums.

00:31:48.760 --> 00:32:01.879
Sebastien Perusat: and the feature is still there locally, because you did it configured. Luckily you didn't deleted it, and you just forget it there, so it can cause a little bit of false positive sometimes. So i'm really trying, and that's my recommendation also to our listeners. If you can

00:32:01.960 --> 00:32:13.489
Sebastien Perusat: please try everything from the side If you want to do some scripting and command line stuff obviously do that from the endpoint. It does make sense to start with deploying that via the

00:32:14.180 --> 00:32:24.950
Sebastien Perusat: But for such kind of things i'm a little bit cautious, and I would say, profits will be my bed of it. Yeah, how about this? From a. From a guy who gets to play idle admin everyone, so i'll do things locally.

00:32:25.000 --> 00:32:30.689
Andy Whiteside: and then I will, you know, hit the escape key and reset the OS, and then do it from the ums.

00:32:30.700 --> 00:32:52.450
Andy Whiteside: You know it's it's it's your preference of that preference. But that's that's how I like to do it. and I want to make sure our listeners know that you can. You can try things locally. That's one of my favorite things about the Igl world is everything that you could do from us. Almost everything you could do locally first. But you're you're absolutely right. You don't want to tattoo that stuff in there. So a true factory reset of that OS minus the license. The license stays.

00:32:52.460 --> 00:32:56.709
Andy Whiteside: and you you now have a blank slate to go. Take it to the next step

00:32:57.940 --> 00:33:10.660
Sebastien Perusat: you should work for I jo it's perfect. Yeah, it's it's it's kind of known that I would work right. I always wanted to be that Linux admin You guys would be my perfect answer for how to be that in user compute, Linux Guy, that I always wanted to be

00:33:11.590 --> 00:33:13.980
Sebastien Perusat: perfect. I'm happy to welcome you.

00:33:14.660 --> 00:33:19.179
Sebastien Perusat: Now, that's really cool. I mean, that's definitely the approach I would like to follow. If you do something locally.

00:33:19.260 --> 00:33:27.859
Sebastien Perusat: and you transferred everything to the and you want to be sure it working again after that reset a factory default is mandatory. So yeah, thanks for putting that out.

00:33:28.620 --> 00:33:46.640
Sebastien Perusat: So on the firmware update side on the universal measurement. Suites are also known as we are working with profiles. Profiles are configuration theats that we are deploying to our endpoints. That's something which is not extremely secret. You should work with that since a couple of years.

00:33:47.110 --> 00:33:50.989
Sebastien Perusat: But for the timber updates we have to be crystal clear

00:33:51.440 --> 00:33:52.280
Sebastien Perusat: there was.

00:33:52.620 --> 00:34:02.679
Sebastien Perusat: There are, I don't know 10 to 15 different ways to deploy from the update to the endpoint depending from the procedure you are using. We are really focusing on

00:34:03.160 --> 00:34:07.839
Sebastien Perusat: the standard way we are not speaking about body update or something like that, really just

00:34:07.960 --> 00:34:12.589
Sebastien Perusat: having a profile created and download from the external server. So what you need is

00:34:12.610 --> 00:34:25.579
Sebastien Perusat: you create a new profile. You go to a system, then update firm by update, and from there you have to choose your protocol, which is by default by Http, as if I remember right.

00:34:25.940 --> 00:34:27.900
Sebastien Perusat: Just move it to secure Ftp.

00:34:28.110 --> 00:34:33.379
Sebastien Perusat: Then add your server name that you just took over from your blob on your azure.

00:34:34.239 --> 00:34:36.729
Sebastien Perusat: Take the path that you I mean

00:34:37.110 --> 00:34:38.910
Sebastien Perusat: that should go or step backward.

00:34:38.960 --> 00:34:40.460
Sebastien Perusat: We didn't spoke about that

00:34:40.550 --> 00:34:48.319
Sebastien Perusat: your firmware, the firmware file that you are downloading from idle com slash software downloads is a zip file.

00:34:48.800 --> 00:34:50.170
Sebastien Perusat: The zip file

00:34:50.340 --> 00:34:52.779
Sebastien Perusat: cannot be deployed directly to your endpoint.

00:34:53.739 --> 00:34:56.290
Sebastien Perusat: It has to be extracted before

00:34:56.340 --> 00:35:05.869
Sebastien Perusat: made available somewhere, and I didn't mention it. Sorry for that. You have to deploy the extracted zip file to your

00:35:05.900 --> 00:35:22.809
Sebastien Perusat: sftp server you just created before. So you have a path which is, I don't know, download or slash firmware, and then my recommendation is to create a sub folder for the for the version like 11 or 8 to 230,

00:35:23.220 --> 00:35:32.400
Sebastien Perusat: and extract the zip file to that folder. That's really mandatory. Just uploading the Zip file will not work. It would not break something, but it would just not work.

00:35:32.420 --> 00:35:35.959
Sebastien Perusat: So you have to extract the zip file to your blob.

00:35:36.070 --> 00:35:41.599
Sebastien Perusat: and from there, coming back to the profile. You have a thorough path, and on the server path you just enter

00:35:42.080 --> 00:35:46.459
Sebastien Perusat: the freshly, create a path like download or folder what you prefer.

00:35:46.520 --> 00:35:51.179
Sebastien Perusat: Then slash your downer path to 11 by 2 and 30.

00:35:51.230 --> 00:35:53.399
Sebastien Perusat: Flash username password.

00:35:53.980 --> 00:35:54.859
Sebastien Perusat: and

00:35:55.170 --> 00:36:01.040
Sebastien Perusat: that's usually it. You click. Ok, You send the profile to the endpoint, and you can send an update by hand.

00:36:02.240 --> 00:36:12.939
Sebastien Perusat: What you also have is the ability to say, hey, Why not? Using a kind of automatism that the endpoint will check by shut down. If there is a new firmware.

00:36:13.510 --> 00:36:33.230
Sebastien Perusat: my recommendation is not to use check on boot just because it can annoy the the user which is working on the endpoint. Why, he has to wait for an update. I mean, we're all working with windows devices for a long time. We know what it means to have a device which is going through the update process by booting up. It's annoying.

00:36:33.370 --> 00:36:34.149
Sebastien Perusat: So

00:36:34.180 --> 00:36:42.830
Sebastien Perusat: if you want to take an automatic system, just check the checkbox in your profile automatic update check on, shut down, and then the device should update automatically on.

00:36:42.990 --> 00:36:43.840
Sebastien Perusat: shut down

00:36:45.520 --> 00:36:47.610
Sebastien Perusat: that the firmware update part

00:36:48.240 --> 00:36:58.279
Sebastien Perusat: I mean. I mentioned it before. You can also work with tasks, with the jobs part of the agile of the agile but if you want to make it from the endpoint side you can use their job.

00:36:58.640 --> 00:37:00.519
Sebastien Perusat: and then we have the custom partitions.

00:37:00.640 --> 00:37:04.129
Sebastien Perusat: because some partitions are my definition of them. Are

00:37:04.400 --> 00:37:19.659
Sebastien Perusat: we are packing together all dependencies for a binary. So let's imagine we are thinking about Chrome, Google Chrome. We have a binary. So an executable file is relying on libraries, on folders, on configuration files, and so on.

00:37:20.170 --> 00:37:24.420
Sebastien Perusat: And the magic that Romney is doing with the Github side is.

00:37:25.430 --> 00:37:29.480
Sebastien Perusat: he is basically creating a portable version of on Linux application.

00:37:29.510 --> 00:37:41.669
Sebastien Perusat: and this Linux application can then be deployed by our custom partition rollout to the endpoint, and that's what we are covering in a new profile in system, firmware, customization, custom, partition.

00:37:41.780 --> 00:37:51.830
Sebastien Perusat: and there is a point which is called download, and there big surprise on the URL. You have to enter the path. So sftp double dot

00:37:51.910 --> 00:37:53.350
Sebastien Perusat: your blob.

00:37:53.470 --> 00:37:54.729
Sebastien Perusat: Then the path.

00:37:55.020 --> 00:38:05.439
Sebastien Perusat: then custom, partition, and whatever you would like to download, put your Username password in it, and you mentioned it in the initialization and financing scripts.

00:38:06.600 --> 00:38:09.100
Sebastien Perusat: And that's it, basically you as the profile.

00:38:09.290 --> 00:38:19.289
Sebastien Perusat: the device should. And that's the difference on custom partitions. Start the download immediately. So just be caution with that if you applied it directly, so click on now

00:38:19.530 --> 00:38:21.720
Sebastien Perusat: and then the download will be reprocessed.

00:38:22.660 --> 00:38:29.119
Andy Whiteside: So set going back to the conversation earlier. So this is the process where the administrator has

00:38:29.220 --> 00:38:35.629
Andy Whiteside: the storage area that can be accessed from anywhere in the world, including the land, the way in or just the Internet.

00:38:35.670 --> 00:38:38.089
Andy Whiteside: but the administrator is

00:38:38.570 --> 00:38:44.890
Andy Whiteside: determining when this update gets pushed and the end user has no ability to override

00:38:45.420 --> 00:38:46.959
Andy Whiteside: that push an install.

00:38:47.540 --> 00:38:58.290
Sebastien Perusat: He could I mean speaking about the standout installation standard profiles. If you send out the comment to get a firmware update to an endpoint even over Sg.

00:38:58.450 --> 00:39:03.859
Sebastien Perusat: the device will start downloading after a time out, which is 20 s by default.

00:39:04.080 --> 00:39:08.550
Sebastien Perusat: and the user could theoretically say, okay, it will start immediately

00:39:08.630 --> 00:39:25.990
Sebastien Perusat: or click on a cancel, and that will not download any more. That's definitely something which is extremely, extremely annoying, because then you have to re push it again. You have to create your report. That's the reason why you can from one hand saying you will push it immediately.

00:39:26.120 --> 00:39:33.250
Sebastien Perusat: might be disturbing than the user so not recommended. You can push it without any kind of time out, and the option to interact

00:39:33.270 --> 00:39:39.050
Sebastien Perusat: like I said, not so good for find users, and the default is 20 s, but it could be 20 h

00:39:39.480 --> 00:39:50.330
Sebastien Perusat: no, 20 h, not possible. There is a limit of 300 s, if I remember right, double check. But it's not. Yeah, okay. that might change on the West, by the way. No.

00:39:50.420 --> 00:39:56.220
Sebastien Perusat: to be more honest, it will change on us to have but for the moment on OS 11. It's a standard time out.

00:39:56.630 --> 00:40:00.120
Sebastien Perusat: and that's the reason why we are going the other route

00:40:00.380 --> 00:40:04.810
Sebastien Perusat: by sending out a comment which is calling update on shutdown.

00:40:05.260 --> 00:40:10.210
Sebastien Perusat: So when the user is, I mean you can combine it with a cool feature which is called procession. Command

00:40:10.300 --> 00:40:12.019
Sebastien Perusat: just briefly.

00:40:12.110 --> 00:40:14.110
Sebastien Perusat: as soon as you are

00:40:14.150 --> 00:40:20.329
Sebastien Perusat: coming at the end of your day. I don't know which time you are closing your citric session, or whatever session.

00:40:20.840 --> 00:40:24.669
Sebastien Perusat: and usually you have to click on, start, shut down, and the device will shut down.

00:40:25.070 --> 00:40:32.420
Sebastien Perusat: If you use post session command, you can say as soon as mycentric session ends, do something. In that case shut down a device.

00:40:32.470 --> 00:40:43.609
Sebastien Perusat: and if you combine that with an automatic update check on, shut down. Then you are good to go, because you will not annoy the end, user because the update will be processed during the shutdown. So usually

00:40:44.000 --> 00:40:47.029
Sebastien Perusat: couple of minutes, or whatever, Donald Trump you have.

00:40:47.100 --> 00:40:56.890
Sebastien Perusat: but the user is already leaving the house. Leaving the endpoint. You can just leave it downloading and executing the update and start working on this on the next day. Was it any delay?

00:40:58.430 --> 00:41:02.779
Andy Whiteside: Okay, I mean that's kind of the world we've got used to in in in the windows world, you

00:41:02.830 --> 00:41:07.629
Andy Whiteside: yeah, you expect, as I shut down to be prompted.

00:41:07.790 --> 00:41:12.659
Andy Whiteside: if it's, you know, early earlier days, you know it earlier in the update process.

00:41:12.720 --> 00:41:18.250
Andy Whiteside: Hey, You got a shut down. You can either shut down or you can update it, shut down, or reboot, or update and reboot.

00:41:18.300 --> 00:41:24.220
Andy Whiteside: And then at some point, you know the the system team decides. Okay, You're going to do this. You have no way out. You either.

00:41:24.310 --> 00:41:25.049
Andy Whiteside: You get it

00:41:25.090 --> 00:41:30.060
Andy Whiteside: period you're going to get this update, whether you're rebooting, shutting down, or i'm pushing it out right now.

00:41:30.150 --> 00:41:32.410
Andy Whiteside: but you give users that option to

00:41:32.620 --> 00:41:34.370
Andy Whiteside: you know, opt-in when they're ready.

00:41:35.230 --> 00:41:38.000
Sebastien Perusat: But you are 100% right? It was asked.

00:41:38.520 --> 00:41:43.569
Sebastien Perusat: Not only a couple a 1,000 times so you are asking, that is the right question, and yes.

00:41:43.960 --> 00:41:56.530
Sebastien Perusat: I don't expect it to get a change on OS 11. To be honest, but on OS 12 there will be a huge change in that update manner. So from background update over.

00:41:57.120 --> 00:41:58.159
Sebastien Perusat: I forgot the name.

00:41:58.410 --> 00:42:09.459
Sebastien Perusat: bandwidth control, and so on, and so on. And even the time where you want to install the update will be controlled by the end. User a little bit more if you like it. You can also override it. But.

00:42:09.570 --> 00:42:24.069
Sebastien Perusat: that's definitely something which is not extremely user friendly at the moment, and which we should definitely change. So Yes, definitely. Yes, yeah, I mean we we. There's a lot to learn from Microsoft windows as to how to handle this kind of stuff and and and Microsoft windows, is

00:42:24.240 --> 00:42:30.590
Andy Whiteside: it's it's a very capable operating system that the problem is, it's so capable and so friendly in terms of

00:42:30.610 --> 00:42:43.720
Andy Whiteside: being openness to do things that that's where the the malicious part comes in. So a combination of a secure read-only managed Linux endpoint with a connectivity into a managed controlled

00:42:43.730 --> 00:42:52.599
Andy Whiteside: windows world for all those applications that you need for you know running enterprise and business applications. It's the best of both worlds going back to our comments earlier that

00:42:52.620 --> 00:43:01.579
Andy Whiteside: if you know, if you're running windows on the endpoint th that you should have a pretty good reason why you're doing it. Because if you're doing it, just because it's your default, let's talk and reconsider them.

00:43:01.960 --> 00:43:02.600
Sebastien Perusat: And

00:43:02.970 --> 00:43:04.399
Sebastien Perusat: yeah, absolutely

00:43:05.150 --> 00:43:08.430
Andy Whiteside: so, Seb: I think you've covered the topic here. What? What have you not covered?

00:43:09.700 --> 00:43:20.490
Sebastien Perusat: I could tell you so much. I mean, are you interested in getting my my cooking skills or no, just getting well from there. I just now install the buddy updates. Tell us about buddy updates.

00:43:21.150 --> 00:43:23.469
Sebastien Perusat: Yeah. So the body update. I mean.

00:43:23.890 --> 00:43:40.590
Sebastien Perusat: we covered the standard process of sending out an update to 10,000 devices. So let's imagine now that you have a couple of branch offices, a branch office in Toronto Branch office in New York, and whoever so in every branch office you don't have only one device from agile, but

00:43:40.880 --> 00:43:43.689
Sebastien Perusat: 1022, or whatever.

00:43:43.850 --> 00:43:47.569
Sebastien Perusat: So if you would in a standard way send out the

00:43:47.780 --> 00:43:49.850
Sebastien Perusat: firmware update to that devices

00:43:50.420 --> 00:43:55.489
Sebastien Perusat: depending on the size of your of your branch offers to 1020 device will

00:43:55.530 --> 00:43:58.220
Sebastien Perusat: download the firmware. Update

00:43:58.250 --> 00:44:02.529
Sebastien Perusat: 1020 times from the server, which is Ok. If you have enough resources.

00:44:02.610 --> 00:44:07.449
Sebastien Perusat: but from a sustainability perspective from data bandwidth.

00:44:07.500 --> 00:44:14.350
Sebastien Perusat: it doesn't make a lot of sense. So what we are using I mean something that also Michael has not used for a couple of years, and still using it.

00:44:14.460 --> 00:44:20.170
Sebastien Perusat: We are updating one device in the branch office, and this device of a couple of them

00:44:20.200 --> 00:44:39.530
Sebastien Perusat: will then retain the firmware, update 5 for all the other devices in the location. So if you update one device from 10, the rest of the tenth or 9 should download the firmware, update not from the ums or from your azure blob any more, but from that one device which you get the update which makes it even

00:44:39.540 --> 00:44:44.160
Sebastien Perusat: easier to deploy for motors, because you don't have to think about bandwidth consumption.

00:44:44.190 --> 00:44:49.269
Sebastien Perusat: What would happen if the the network part goes down, or what this kind of reason

00:44:49.320 --> 00:44:50.419
Sebastien Perusat: it's really

00:44:50.850 --> 00:45:05.389
Sebastien Perusat: helping you as an administrator to keep your resources consumption low, and at the same time adding also a layer of security, because you don't expose your device to don its F from somewhere, but really from the location itself. And

00:45:05.530 --> 00:45:10.350
Sebastien Perusat: the good thing is that the body update process, if it's on the same network.

00:45:10.550 --> 00:45:13.279
Sebastien Perusat: villain, segment, or land segment.

00:45:13.420 --> 00:45:22.460
Sebastien Perusat: We also have an auto detection of Where is my next body, master, that the name that we have for the devices which got the update, and we'll return it.

00:45:22.680 --> 00:45:30.069
Sebastien Perusat: and it would on it more or less, and apply it automatically if you wanted that the technique that we're using by the update side.

00:45:31.280 --> 00:45:40.089
Andy Whiteside: Yeah, you guys, you guys have really thought of a lot in the ideal world in terms of getting these things up to date, and there's custom, partition, custom partitions work with buddy updates as well or not.

00:45:41.260 --> 00:45:45.149
Sebastien Perusat: No, only from the

00:45:46.280 --> 00:45:58.599
Andy Whiteside: well, Seb: I I I needed this. I needed this topic covered. I needed to know there was a resource out there that would walk me through what needed to be done in azure to get this set up, and then what to do on the ideal side? This is a good topic, and i'm glad you brought it on

00:45:59.670 --> 00:46:08.629
Sebastien Perusat: cool. Thank you for having me here. It was always a pleasure to discuss that technical topic with you and a big shootout to Edwin, who wrote that block article.

00:46:08.690 --> 00:46:12.940
Sebastien Perusat: All the kudos goes to him. And yeah, thank you very much.

00:46:12.980 --> 00:46:17.670
Andy Whiteside: Well, I love that. We cover technical stuff, but they're also very business applicable in today's world.

00:46:17.790 --> 00:46:22.329
Andy Whiteside: These ideal devices are becoming more and more distributed off the land and land

00:46:22.550 --> 00:46:27.500
Andy Whiteside: and then the buddy update that applies for the land conversation will end the land conversation.

00:46:28.500 --> 00:46:31.200
Andy Whiteside: you know, Just just love the fact. We can have these chats

00:46:31.440 --> 00:46:37.620
Andy Whiteside: and cover topics that are very relevant to the ideal community, and really the thin client community in general.

00:46:38.400 --> 00:46:51.879
Sebastien Perusat: absolutely. And if you are not part of the agriculture community, please reach out to me. I'm happy to send you a join link, or just go to join Azure committee.com, and i'm happy to welcome you there. Because yeah, we are just a couple of

00:46:52.020 --> 00:46:55.299
Sebastien Perusat: a weird mastermind from the end user computing space, waiting for you.

00:46:56.160 --> 00:47:02.280
Andy Whiteside: Not not all that weird. It really is a good community of real people that are there to help each other. I I I love it. You guys have.

00:47:02.620 --> 00:47:07.359
Andy Whiteside: You guys have set the set the mark for others to follow, and I think some are trying.

00:47:07.510 --> 00:47:11.610
Andy Whiteside: and without community. You don't really have a real business and love that you guys have done that.

00:47:12.020 --> 00:47:15.470
Sebastien Perusat: Andy, By the way, will you be at the disruptive

00:47:15.500 --> 00:47:25.110
Andy Whiteside: in Nashville? Yes, I thought you're going to ask me about meeting Moen, who's no longer on the call here he had to drop for a customer call. Urgent call came in. he will be a munic, as of yesterday. He said he was

00:47:25.530 --> 00:47:32.530
Andy Whiteside: I wanted to go ask his wife before he committed, but he committed so Munich Moen Khan will be there, as well as the rest of our team out of India.

00:47:33.940 --> 00:47:47.519
Andy Whiteside: but I will be at Nashville, and so will moan I. I really want to go to Munich. I've got to be in India the following week. I've got my personal vacation the week before that life, life and works is so busy. But I will be in Nashville absolutely, and look forward to seeing people there.

00:47:48.420 --> 00:48:03.779
Sebastien Perusat: I hope to be there too, so it's not official right now, but I hope to be there, and I would like to have a great discussion with you listeners, but also with you and the because we never met in person. So let's hope that I just will make this happen. And we're we're hosting is in Tech is hosting a pick up

00:48:03.840 --> 00:48:05.309
Andy Whiteside: happy hour Tuesday night.

00:48:05.330 --> 00:48:13.729
Andy Whiteside: I believe it's Tuesday night at the at the event. So I love to have everybody there, and you, of course. And then, whatever the community does during that i'll, I'll I'll I'll be there

00:48:14.510 --> 00:48:16.319
Sebastien Perusat: perfect. Do you really have them

00:48:17.510 --> 00:48:20.070
Andy Whiteside: All right, Set. Thank you as always, for your time

00:48:20.120 --> 00:48:29.829
Andy Whiteside: great discussion, and we will plan to talk to you again. I think we should be talking to you next week, or maybe the following week. But we will talk to you very shortly, and we'll bring another topic, and

00:48:29.890 --> 00:48:31.590
Andy Whiteside: and we'll go from there

00:48:32.180 --> 00:48:33.049
Sebastien Perusat: perfect.

00:48:33.150 --> 00:48:36.949
Sebastien Perusat: Then see you soon. I wish a great weekend. And yeah, see you next week.

00:48:37.290 --> 00:48:40.430
Andy Whiteside: I can't believe you just said that I forgot it was Friday. But

00:48:40.610 --> 00:48:43.159
Sebastien Perusat: yeah, it's all right.

00:48:43.210 --> 00:48:45.959
Andy Whiteside: It'll be. It'll be Monday again before we know it.

00:48:46.700 --> 00:48:47.580
Sebastien Perusat: That's true.

00:48:47.630 --> 00:48:49.280
Andy Whiteside: All right, sir. Enjoy the rest of your day.

00:48:49.680 --> 00:48:51.169
Sebastien Perusat: You, too, Bye, bye.