Begin by using a logical system model to build your standard operating environment (SOE). For example, we rely on the Point of Access to Secure Services (PASS) model. This model divides each required component into layers (see graphic below):
The hardware layer helps reduce complexity by relying on standards and standard configurations. Systems are purchased in lots to reduce diversity as much as possible.
The PASS System Kernel is a component that is built from seven layers, much like the OSI networking model, that deliver services to end users. This kernel is deployed to every PC and when it is properly constructed, it can address the needs of over 50 percent of the end users in your organization.
The Role-based Application Layer is applied on top of the kernel and addresses the special needs of roles beyond the information worker role. For example, an organization with 2,500 users has 8 special IT roles and applies each of them as needed on end user PCs.
The Ad Hoc Application Layer is used to provide single applications that do not fit a particular IT role to end users. These applications are rare and usually include less than five percent of the applications in your network.
Besides dividing image components into layers, the PASS model helps create a single view of the system stack. It also relies on other key technologies to reduce image overhead.
The PASS Logical System Construction Model
These technologies include:
OS deployment technologies which include multicasting or the ability to send one single stream of data to multiple PCs to load the system kernel. Microsofts ImageX for example, does not support multicasting. Bearing in mind that images are multiple gigabytes in size, not being able to multicast adds considerable time to the deployment.
Software distribution systems which are used to deploy the role-based application layer. Ideally, this layer will be delivered as a group of applications on top of the kernel. This tool is also used to deliver the ad hoc application layer if it is required. This tool also supports a smaller image since custom applications are not part of the initial image.
Virtual machine technology in support of the reference computer build. By using a virtual machine to build and maintain the reference PC, organizations can save considerable time. Since a virtual machine is nothing more than a set of files in a folder, you can simply make a copy of the actual reference PC before you depersonalize it for imaging. This means you never need to rebuild or re-personalize your reference PC again.
Windows Vistas new feature set works very well with these technologies when delivering images to your PCs.