1. Field of the Invention
This invention relates to managing groups of computers and more particularly relates to managing policies for configuring hardware or software settings on groups of computers with a plurality of operating systems.
2. Description of the Related Art
A major concern of information technology management in corporations and other organizations has been balancing the complexity associated with managing large numbers of computers with the needs of individual users as they try to accomplish their tasks. A heterogeneous set of computer hardware, operating systems, and application software creates complexity and increased costs, but various combinations of hardware, operating systems, and software provide technical advantages when used as user workstations, departmental servers, corporate infrastructure equipment, and the like. User workstations are particularly difficult to manage when various needs and preferences of individual users are accommodated. For example, an engineer may require the use of a CAD system that runs only on the UNIX™ operating system, where other corporate users may be standardized on the Microsoft Windows™ operating system and associated applications. Many similar compatibility issues exists among current computer systems.
One factor that adds to the complexity of managing various operating systems is that different operating systems employ different techniques for setting configuration information. For example, Microsoft Windows™ and applications that run on Windows typically use a database, called the registry, to store configuration information. Computers running the UNIX operating system or derivatives thereof such as LINUX typically store configuration information in plain text files in particular locations in the file system directory. Information technology managers within an organization that uses heterogeneous operating systems typically institute separate sets of management procedures and standards for each operating system used in the organization.
One component of prior art solutions to the problem of managing large numbers of computers and users is the use of policies. Policies are used to set configurable options associated with an operating system or application program for a group of computer users. For example, a word processing program may have an option to select an American English dictionary or a British English dictionary. By creating one policy for its users in the United States and another policy for its users in England, an organization can set the appropriate option for all users without configuring each user's computer individually.
Another component of prior art solutions to the problem of managing groups of computers and users is the use of network directory services. Directory services provide an infrastructure to store and access information about network-based entities, such as applications, files, printers, and people. Directory services provide a consistent way to name, describe, locate access, manage, and secure information about these resources. The directories associated with directory services are typically hierarchical structures such as a tree with each node in the hierarchy capable of storing information in a unit often referred to as a container. Enterprises may use directory servers and directory services to centrally manage data that is accessed from geographically dispersed locations.
For example, corporations typically create network directory trees that mirror their corporate organizations. Information about individual employees, such as their employee number, telephone number, and hire date may be stored in a user object corresponding to each user in the directory tree. An organizational unit container representing each department may contain the user objects associated with each employee in the department. Organizational unit objects associated with each corporate division may contain the department organizational unit objects associated with each department in the division. Finally, an organization container representing the corporation as a whole may contain the company's division organizational unit objects.
Combining the use of policies and directory services facilitates management of groups of computers and users. Policies may be associated with the various containers in the directory services tree to store associated configuration information at the organization, division, or departmental level. For example, a policy may be associated with the Accounts Receivable container in a corporate organization to set options for the accounting program used in that department. Exceptions to the policy can be managed on an individual level, or by creating a group object and associating a policy with the group. Suppose, for example, that all employees in an organization use a software application with a particular set of configuration options, but department managers require a different set of options. A policy could be created with the basic set of options and associated with the organization container. A separate policy with the configuration options for managers could be created and assigned to a Managers user group object.
Using policies and directory services in combination has proven efficient in homogeneous operating system environments. Prior art computer management systems use policies targeted toward a specific operating system, referred to as the native operating system. From the point of view of prior art policy and policy management systems, other operating systems are considered to be foreign operating systems. However, the operating requirements of many organizations require information technology managers to manage multiple operating systems. The efficiencies associated with policies and directory services have not been realized in heterogeneous operating system environments. Since different operating systems use different approaches to setting configuration information, a policy associated with a directory services container may be applied to users of a native operating system that provided the policies, but there may not be a method for applying the policy for users of a foreign operating system.
From the foregoing discussion, it should be apparent that a need exists for an apparatus, system, and method that extend the use of policies to manage configuration information on computers having operating systems that are foreign to the policy creation and management environment. Beneficially, such an apparatus, system, and method would control cost and complexity associated with management of computers with heterogeneous operating systems within an organization. The benefits are multiplied when network directory services are used in conjunction with policies.