A Chocolatey Solution Brief

How to build an automated Windows software management system with Chocolatey QDE

Chocolatey is more than just a great way to package Windows software: did you know that you can create an automated software packaging and distribution factory with it?

In less than two hours you could build a packaging and distribution system for your Windows software that will soothe pain points and build best practice into the system, putting you well on your way to becoming a high-performing WinOps organization.

What you will build is the Windows software equivalent of an Amazon warehouse. Where Amazon take all kinds of items, box them up, stick labels on them, put them on a truck and ship them to a destination: you will package all kinds of Windows software for distribution to all kinds of endpoints.

Inside this Solution Brief we answer the following questions:

The business case for an automated Windows software management system powered by the Chocolatey Quick Development Environment

Low risk of failure

Low cost to buy and run

Fast time to value

Accrue benefits over time

High Performing

Why SysAdmins use QDE to build
an automated Windows software packaging and distribution center

Deployments is the new Sys Admin on your team that always does as it’s told and never sleeps!

A day in the life of Jane, the Windows SysAdmin.

Jane looks at her laptop with a furrowed brow and mutters to herself: different day, same old story.

Urgh. More new tickets, more patches and releases pile up on top of old ones that still haven’t been done, I feel like I’m stuck in an overstuffed goods inward depot in a broken distribution factory.

John, sat next to her jokingly replies, Why can’t you work faster, Jane? and then ducks.

The problem isn’t Jane, it’s the system she has to work in.

A bad system will beat a good person every time.

As W Deming said: we are being destroyed by best efforts. Trying harder, to do what you understand as your job, when the system is broken often results in more damage. Don’t just do something, stand there (and think).

So if a bad system will be beat a good person every time what can you do? You have to focus not on trying harder within the current system but on  changing the system so that success is built into the system. Relying on heroic measures is a poor way to manage.

(Quote by W. Edwards Deming at a February 1993 Deming Four Day seminar in Phoenix, Arizona.)

Four software management problems faced by Sys Admins

WORK PILES UP
Patches, releases, changes and incidents are unending

The amount of incoming IT helpdesk tickets, security patches and software releases is never ending. There is no respite. We can’t not do these, but sometimes they don’t get done.

THROUGHPUT IS POOR
Constantly battling the chokepoint of package management

We can only package one thing at a time, and there are different methods to package different software. We are always swapping tools, which increases errors, causes rework and slows us down further.

MANUAL DISTRIBUTION
Low-bandwidth Sneaker Net distribution starves endpoints of updates

We have no mechanism to automagically push packages over a reliable connection to the endpoint, and no way to let endpoints pull packages on-demand. It’s all manual and we never get to some endpoints at all.

INSECURE ENDPOINTS
Out of date endpoints malfunction and create security weakness

We can only do so much. And for the things we can’t get to, they simply fall off the radar and don’t get updated. Or, and sometimes worse, they get a huge bunch of updates at once and this breaks the end points.

What is an automated software packaging and distribution factory?

Endpoints need constant attention to keep operating and running the business.

This never-ending maintenance is carried out by Windows Systems Administrators, who on a daily basis must work out how to handle new configurations, patches and software releases and somehow get them to the endpoints they manage.

Even if you can count the managed endpoints on the fingers of one hand, it’s still a difficult job to do without automation. If you need to count with two hands, then you’re in more trouble! If you need to take your shoes and socks off to count your endpoints…then it will be a disaster!

The best practice to solving this problem is to model the software management process on a factory. This is an industry standard approach based on the Theory of Constraints, The Toyota Production System, and it’s what DevOps is.

A 60,000-foot view of a software packaging and distribution factory

Factory Devops Flow Chart

If you imagine raw materials (releases, patches and configurations) moving from left-to-right through the factory, and imagine customer requests (end points updates) from the the right. This abstraction is converted into a workflow of tasks for the SysAdmin.

The Windows SysAdmin software management workflow

Goods In

Raw materials — releases, patches and configs — queue up on a Repository.

Packaging

A raw software package is turned into a Chocolatey package by automation.

Goods Out

The built Chocolatey packages are placed on the Repository ready for distribution.

Distribution

Chocolatey packages are pushed to endpoints by Central Management Deployments or pulled on-demand by Self-Service Anywhere at endpoints.

Automated software packaging and distribution with Chocolatey QDE

Quick Deployment Environment Architecture

QDE is a virtual appliance that implements the software factory through three internal, prebuilt components. You could design, architect, hand build and integrate each of these components yourself, but the appliance has been built by experts so you can get all the benefits without the hard work:

Repository

Sonatype Nexus

This is a repository to store all your artefacts and control who can upload and access them.

The packaging system writes new packages to the repository to queue things to be shipped.

Packaging

Jenkins Automation

Scripting Powershell is better that building packages with a GUI, but it’s best to let the machines run the whole thing for you.

Jenkins is the engine that drives Chocolatey to create the packages and store them on the Repository.

Distribution

Chocolatey for Business

You can push packages to endpoints using the Central Management Deployments feature of Chocolatey for Business.

As a bonus, you can let the endpoints pull packages from the Repository using Self-Service Anywhere.

How do I create my own software factory in a couple of hours?

While it's possible to get the QDE appliance, deploy it and go, in our experience it's wise to do a bit of reading and thinking about your environment before you begin.

It takes approximately two hours to complete this exercise, not including any environmental issues you may experience such as network issues.

Read the QDE Setup Guide first

We strongly recommend that you read the Setup Guide first. It will save you time! In this guide, you will learn everything you need to then organize your environment and setup a pilot system before getting started.

If you don’t do this first, it will take you more than a couple of hours because you’ll be learning and fixing problems as you go instead of planning ahead.

Plan your initial pilot with familiar endpoints and software

Start simple with just a single, test endpoint and a single, test package containing some simple Windows software that you are familiar with.

Make sure you have a target location for your QDE appliance, the size you need and network setup you will have already learned from reading the Setup Guide .

Get the QDE appliance from Chocolatey

The QDE appliance needs to be licensed so you’ll need to contact Chocolatey to get a licence and get access to the correct virtual machine download from the cloud.

Configure and test by following the Setup Guide

The Setup Guide has very detailed steps in four distinct steps:

  1. Setting up your environment
  2. Download, import and license the QDE appliance
  3. Configure the QDE appliance
  4. Install Chocolatey on the endpoints
  5. Run your local test pilot