Sys Admin opinion on supporting non BAU teams?

Soldato
Joined
9 Mar 2012
Posts
10,072
Location
West Sussex, England
Just wondered if there are any sys admins here that would share their opinion on managing non business as usual teams such as devs working on a project that require specific applications that are not supported within the usual BAU apps?

What is the best practice?

Is it to allow local admin rights on specific PC's or would you instead advocate using a separate VM that's been configured with a Windows OS and necessary dev applications, then allow their BAU PC to connect to a server hosting the Hyper-V VM?
 
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
Windows virtual desktop, or a local hyper v instance on W10 which will traverses the corporate net but has the relevant controls in place whilst still allowing them to do dev work.

What kind of Dev talk are we dealing with here as most is now all cloud based, including Visual Code, GIT, ADO, etc meaning applications on the desktop are few and far between.
 
Soldato
Joined
9 Dec 2006
Posts
9,230
Location
@ManCave
Depends what you are referring to. Being in DevOps our team manages a large estate of service for production and staging.that we manage from infrastructure point of view.

If a developer team is working on a new service required for production we do the following

Create them a VM, with restricted but functional admin access to develop their application or service. This VM is time limited.

Once developed and tested we request
Full documentation of the service
We then create full end to end ansible to deploy the application with 1 button press.
It goes through full testing pipelines to test for idempotent code.
Access is then restrict to only limited command and personnal.

For developers workstations this done by corporate and anyone can request admin access but every elevated access is recorded for future reference and admin access is time sensitive
 
Soldato
OP
Joined
9 Mar 2012
Posts
10,072
Location
West Sussex, England
Windows virtual desktop, or a local hyper v instance on W10 which will traverses the corporate net but has the relevant controls in place whilst still allowing them to do dev work.

What kind of Dev talk are we dealing with here as most is now all cloud based, including Visual Code, GIT, ADO, etc meaning applications on the desktop are few and far between.

Thanks for the reply.

So your saying you might run a Hyper-V instance on the local machine rather than it being hosted in your DC? I'm assuming it could also instead be hosted on a Windows server but am not familiar with Windows server management. The dev work is around data management, extract, transform and possibly load or output to file storage for manual loading. These applications are generally desktop applications, Java ones to be more precise with a couple of the main choices such as Talend or Pentaho (open source equivalents of SSIS although they also have Enterprise Editions too), where these have to be unzipped to the system drive and system environment variables have to be set for JRE & JDK paths. Also ability to query data through standard executables such as MySQL Workbench, DBeaver, MS SQL Server Management Studio depending on requirements for client's project but all run locally otherwise you'd fall foul of large amounts of ingress & egress to/from a cloud service.

Having the Hyper-V running in the DC would put the OS requirements potentially in the same place that the data is either stored (possibly existing SQL server of some sorts, either direct backend to legacy or a replication database server) or would be received if using text file extracts as is sometimes the case with some legacy system vendors.

Does that sound feasible?

Presumably a small change may be required on the developers BAU desktop or laptop so they could connect to the Hyper-V VM. Would you deploy a separate VM per developer or would you just deploy one and set up multiple user accounts on it since it would be a W10 OS?

@smogsy thanks too, the idea of having the VM was really to circumvent so much red tape in needing anyone to have local admin rights as usually that ends up with people installing all sorts and in all sorts of ways. If the Hyper-V solution being served from a clients DC was possible then even that wouldn't require admin rights once the image was configured.
 
Last edited:
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
If you think of this as Windows Virtual Desktop, which is based on session host pools in Azure, you can achieve something similar on prem. Based on your requirements, a PC capable of running a VM, or more, plus the requisite software could be quite cost prohibitive.

If Azure isn't an option, which allows both multi user and 1:1 VM user assignment with some incredibly high spec VMs, then you'd want Windows Hyper-V servers in a cluster on hardware that was scalable for the number of Devs that could be connecting, concurrently, and the number of VMs. Create a reference W10 image and snapshot it so the Devs can burn it after each day or each project, whatever works for them. Create a few different images with core tools on and add them to a hyper v gallery so the Devs can choose what VM they need created.

That will certainly get you going in the right direction.
 
Back
Top Bottom