In Novell ZENworks Full Disk Encryption: Best Practice - Part One I looked at what you needed to take into account before deployment. In part two I look at steps you can follow to ensure a successful deployment.
The first step in the process of deployment is planning the actual deployment. The following are recommendations on how to plan this process:
Contact departmental leaders and inform them about the deployment.
Make suggestions on how you want to roll out ZFDE to devices, including which departments are going to be targeted by date and time. Make sure you line this up with your planned deployment schedule in your project plan. Ensuring that everyone knows that this is a deliverable of the organization makes it much easier to line up the departments, sites, or groups for deployment.
Identity and notify individuals that are part of the pilot phase of the deployment.
Emphasize that feedback is key to the success of this project. Individuals who are part of the pilot and more wider-scale deployment should provide feedback directly to the IT organization or to the Service Desk.
Make sure your teams are well informed of the deployment. This includes:
- Departmental leaders.
- Employees of the organization.
- The organization’s Service Desk (staff members should have the full documented schedule posted everywhere so everyone onsite knows what is going on, and when). This also includes everyone involved in Incident and Problem Management processes.
- The entire IT department, including desktop support, network services, and other operational groups.
- Change Management.
- Security services groups, they need to be well informed that this is a planned organizational initiative.
Documentation is key to the success of every aspect of the project, including how you plan to deploy the services and agents. Everyone directly involved in the actual deployment, should have documentation that they can reference at all times, eliminating the chance of error.
Documentation regarding the deployment processes needs to be completed during the design phase, and while you are testing the deployment in your test lab facilities. After you have proven the concept and included deployment activities in the design document, you should create a Deployment Assistance Guide that can be used by the individuals who are involved. You might not need to share the entire design document with everyone involved in the deployment of the product. Use your best judgement here.
We recommend that you set aside some time before you perform your pilots to further prove your deployment by running some last-minute tests. Allow enough time so that any adjustments can be made and documented prior to deployment.
Perform the test in your lab facilities, using three or four sample workstations with a sample of line-of-business applications installed. This can be a replica of tests done during your full testing phase.
The first phase of the actual deployment is the pilots. This is where you deploy ZFDE to those devices that you identified and notified as part of the pilot phase. You are looking for feedback from these individuals, and this can be done through a feedback form, e-mail, or face-to-face meetings.
Do not perform the pilots all at once. Use a rolling approach to this phase. If something goes wrong with the deployment, you want to limit the number of people that are impacted. After you are confident that the deployment is going as planned, you can increase the number of devices you deploy to.
After you have completed the pilot deployments, you can move on to a wider deployment. Continuing to use the deployment plan that you have documented. You should execute against your project plan until you have completed the rollout to all remaining workstations on your network.
Post-Deployment Documentation and Validation
After you have completed the deployment, you should document all steps you took to deploy across your entire infrastructure. We recommend that you do this outside of the project plan, and include this in your documentation repository as either a separate document or as a part of your existing design document.
In addition, you should validate your success as much as possible. This can be done by doing the following:
Perform physical spot checks wherever you can. Interview individuals briefly to see if they are experiencing any issues with the deployment, and more specifically with the addition of ZFDE
Review error logs in ZENworks Control Center and investigate further from there. Visit workstations to find out more details if necessary.
Monitor Service Desk activity throughout the duration of the deployment phase. Service Desk incidents reveal a lot of information. You are looking for spikes in activity and the details of the individual Service Desk requests.
Novell ZENworks Full Disk Encryption: Best Practice: