ALTIRIS Deployment Solution 6.8 PXE Overview

Similar documents
How To Manage A System Vulnerability Management Program

System Security Policy Management: Advanced Audit Tasks

ALTIRIS Deployment Solution 6.8 Preboot Automation Environment

Automated Server Provisioning Benefits and Practices

Key Considerations for Vulnerability Management: Audit and Compliance

Argon Client Management Services- Frequently Asked Questions (FAQ)

Parallels Mac Management v4.0

CITRIX 1Y0-A17 EXAM QUESTIONS & ANSWERS

ACP ThinManager Tech Notes Troubleshooting Guide

A Dell Technical White Paper Dell Storage Engineering

Asset Tracking Inventory use case

Preboot Execution Environment (PXE) Specification

Using AnywhereUSB to Connect USB Devices

WHITE PAPER. Altiris Recovery Products for DELL Customers. Produced By Product Management Altiris. August 6, 2003.

Using PXE Technology on Compaq ProLiant Servers

SyAM Software Management Utilities. Creating Templates

Release Version 4.1 The 2X Software Server Based Computing Guide

OS Deployment and Migration

System Area Manager. Remote Management

Open Network Install Environment (ONIE) LinuxCon North America 2015

UEFI PXE Boot Performance Analysis

29 ThinManager Troubleshooting Guide

138 Configuration Wizards

Using Cisco UC320W with Windows Small Business Server

ALTIRIS. Network Discovery 6.0 SP4 Help

Step-by-Step Guide for Windows Deployment Services in Windows Server 2008 to be used as an internal resource only

What s New in Ghost Solution Suite 3.0

EaseUS Todo Backup PXE Server

Configuring DHCP. DHCP Server Overview

HP Compaq Thin Client Imaging Tool HP Compaq Thin Client t5000 Series

Lifecycle Controller Platform Update/Firmware Update in Dell PowerEdge 12th Generation Servers

Installing the Operating System or Hypervisor

TECHNICAL NOTE. GoFree WIFI-1 web interface settings. Revision Comment Author Date 0.0a First release James Zhang 10/09/2012

Patch Management Reference

MN-700 Base Station Configuration Guide

Intel Entry Storage System SS4000-E

Patch Management Reference

ACP ThinManager Tech Notes What's New, or Why Upgrade ThinManager?

Configuration of the DHCP server

ProSAFE 8-Port and 16-Port Gigabit Click Switch

W H I T E P A P E R. Best Practices for Building Virtual Appliances

Detecting rogue systems

Quick Start Guide. Cisco Small Business. 200E Series Advanced Smart Switches

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

How To Write A Boot(Ing) Protocol On A Microsoft Ipnet (Net) (Netnet) On A Network (Ipnet) With A Network Address) (Ip Address) On An Ip Address (Ipaddress) On Your Ip

DELL. Unified Server Configurator: IT and Systems Management Overview. A Dell Technical White Paper

Efficient Addressing. Outline. Addressing Subnetting Supernetting CS 640 1

DIRECT INTERNET DATA. User s Guide

Quick start to evaluating HP Windows Embedded Standard 2009 Thin Clients. HP t5630w, HP t5730w, HP t5740, HP gt7720

IT-Pruefungen.de. Hochwertige Qualität, neueste Prüfungsunterlagen.

Managing Multi-Hypervisor Environments with vcenter Server

Using PCoIP Zero Clients with PCoIP Host Cards

A DHCP Primer. Dario Laverde, 2002 Dario Laverde

Release Version 3 The 2X Software Server Based Computing Guide

DHCP Server. Heng Sovannarith

A Guide to New Features in Propalms OneGate 4.0

UltraBac Documentation. UBDR Gold. Administrator Guide UBDR Gold v8.0

How To Set Up Foglight Nms For A Proof Of Concept

How to Create a Basic VPN Connection in Panda GateDefender eseries

Networking Guide Redwood Manager 3.0 August 2013

Symantec Virtual Machine Management 7.1 User Guide

QuickStart Guide vcenter Server Heartbeat 5.5 Update 2


Half Bridge mode }These options are all found under Misc Configuration

NOC PS manual. Copyright Maxnet All rights reserved. Page 1/45 NOC-PS Manuel EN version 1.3

Alert on LAN 2. Information Brief. Worth remembering. Overview. Proactive asset protection

Acronis Backup & Recovery for Mac. Acronis Backup & Recovery & Acronis ExtremeZ-IP REFERENCE ARCHITECTURE

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

2X ThinClientServer: How it works An introduction to 2X ThinClientServer, its features and components

Honeywell Internet Connection Module

Table of Contents Cicero, Inc. All rights protected and reserved.

UBS KeyLink Quick reference WEB Installation Guide

Table of Contents. Introduction Prerequisites Installation Configuration Conclusion Recommended Reading...

Chapter 3 Management. Remote Management

The Altiris CMDB BECAUSE YOU HAVE A BUSINESS TO RUN, NOT JUST AN OPERATING SYSTEM

Pharos Control User Guide

Windows Operating Systems. Basic Security

Chapter 4 Management. Viewing the Activity Log


Managing Remote Access

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

Visio Enabled Solution: One-Click Switched Network Vision

Software Distribution

Simplify Your Windows Server Migration

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

ThinLinX TLXOS 64-bit Firmware Installation Guide for the Intel NUC Range. Materials Required

IP SAN Fundamentals: An Introduction to IP SANs and iscsi

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

Getting Started with Endurance FTvirtual Server

MS Windows DHCP Server Configuration

Remote Supervisor Adapter II. User s Guide

Steelcape Product Overview and Functional Description


Flow Publisher v1.0 Getting Started Guide. Get started with WhatsUp Flow Publisher.

WhatsUpGold. v3.0. WhatsConnected User Guide

Exam: QUESTION 1 QUESTION 2 QUESTION 3 QUESTION 4

Booting Live Backup Disaster Recovery over the Network

Chapter 1 Configuring Internet Connectivity

How to Integrate SmartDeploy with Windows Deployment Services

Transcription:

ALTIRIS Deployment Solution 6.8 PXE Overview

Notice Altiris AAA Document 2006 Altiris, Inc. All rights reserved. Document Date: October 3, 2006 Altiris, Inc. is a pioneer of IT lifecycle management software that allows organizations to easily manage desktops, notebooks, thin clients, handhelds, industry-standard servers, and heterogenous software including Windows, Linux, and UNIX. Altiris automates and simplifies IT projects throughout the life of an asset to reduce the cost and complexity of management. Altiris client and mobile, server, and asset management solutions natively integrate through a common Web-based console and repository. For more information, visit www.altiris.com. The content of this document represents the current view of Altiris as of the date of publication. Because Altiris responds continually to changing markets and conditions, this document should not be interpreted as a commitment on the part of Altiris. Altiris cannot guarantee the accuracy of any information presented after the date of publication. Altiris, Inc. 588 West 400 South Lindon, UT 84042 Phone: (801) 226-8500 Fax: (801) 226-8506 Bootworks U.S. Patent No. 5,764,593. Altiris and Deployment Solution for Servers are registered trademarks of Altiris, Inc. in the United States. Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks, of Microsoft Corporation in the United States and/or other countries. Other brands and names are the property of their respective owners. Information in this document is subject to change without notice. For the latest documentation, visit www.altiris.com. 2

Chapter 1 Setting Up PXE Server What is PXE? Preboot Execution Environment (PXE) is an open industry standard which enables computers to boot remotely using a network card. PXE uses standard network protocols to establish a communication channel between a computer and a PXE server during the boot process. Using this channel, a PXE server sends an execution environment to the computer so that work can be performed in a pre-boot state. In Deployment Solution, this pre-boot state is called the automation environment, and DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An overview of the automation boot methods and environments is contained in a separate document, Deployment Solution: Automation Preboot Environments. An advanced, tightly integrated PXE environment is provided with Deployment Solution. Deployment Solution leverages PXE to provide the following advantages: When a managed device needs to boot into automation, Deployment Solution restarts the computer and notifies the PXE server. PXE server then boots the computer into the automation environment indicated in the Deployment Solution job automatically. PXE can perform an initial deployment of a new system by checking to see if a computer exists in Deployment Solution. All PXE configuration is done using the PXE Configuration Utility from the Deployment Solution console, enabling you to remotely configure all PXE servers in your network. Why Use PXE? PXE is used in Deployment Solution to perform two tasks: Boot managed computers into the automation environment Perform initial deployment of new managed computers How you implement PXE is partially dependent on what you plan to do with it. Many organizations use PXE only on a subnet in a receiving department to deploy corporate images and initial configuration of new computers. After this computer is assigned to a user, PXE is not used in the normal production environment. This limits the extent of the PXE environment, but prevents you from accessing the automation environment to capture images and perform other automation-only tasks. Other companies which often use automation select PXE because it leaves no footprint on the managed computer, and has several other advantages such as image multicasting and tight Deployment Solution integration. Altiris Deployment Solution 6.8 3

Regardless of how broadly you implement PXE, Deployment Solution provides tools and services to simplify management of PXE in your environment. This section contains the following topics providing an overview of PXE in Deployment Solution: PXE Services and Architecture How PXE Works PXE Services and Architecture PXE services use a tiered-architecture which enables you to provide global settings and boot options shared across all PXE servers, then override configuration and expand boot options on a local level. Boot options and PXE settings can be applied to a shared configuration. This shared configuration is inherited by all PXE servers in your environment. Each PXE server still has its own specific configuration, so you can override settings and add additional boot options as needed. New services have been provided to replicate settings and data automatically, making it unnecessary for you to individually configure each PXE server. The following table contains an overview of the PXE services: Service Description PXE Manager Provides all boot options and configuration settings for each PXE server in your environment. Interfaces with the PXE Config Utility to replicate data and apply PXE configuration. Manages all communication between your Deployment Server and your PXE servers. The PXE Manager Service is installed on your Deployment Server regardless whether or not you have also installed a PXE server. PXE Config Helper Interfaces with PXE Manager to receive data and configuration. Configures, starts, and stops the additional PXE services on the PXE server. PXE Server Provides the PXE listener and proxy DHCP to respond to PXE requests and send the location of bootstrap files. MTFTP Sends bootstrap files to managed computers using TFTP. The PXE Manager service interacts with Deployment Server, PXE Helper service, and the PXE config utility to perform centralized PXE management: Altiris Deployment Solution 6.8 4

On each individual PXE server, the PXE Server service and the MTFTP service are installed to perform the work of a PXE server. These services are configured, started and stopped by the PXE Config Helper service. Clients connect directly to these services during the PXE boot process: How PXE Works Before a computer can boot over a network, it needs two things: an IP address to communicate, and the location of a PXE server to contact for boot instructions. The following sections outline the PXE boot process: Part 1: DHCP Request and PXE Discovery Part 2: PXE Bootstrap Altiris Deployment Solution 6.8 5

Part 1: DHCP Request and PXE Discovery Request and Receive an IP Address Initially, the boot agent directs the execution of normal DHCP operations by broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local physical subnet to discover a DHCP server. Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating their server IP. When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet that includes its MAC address and the IP address of the selected DHCP server. The DHCPREQUEST also contains option 60 to identify the client as a PXE client. PXE Option 60 DHCP allows clients to receive options from the DHCP server indicating various services that are available on the network. A number of standard and custom options are available that can convey a vast amount of information to DHCP clients. Option 60 deals specifically with PXE related services. Both PXE clients and servers use option 60 to convey specific information about the PXE services they need or are providing. Contacting the PXE Server All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a different server, the IP address they offered is reclaimed. The DHCP server providing the accepted offer supplies a DHCPACK packet to the client to acknowledge the client s receipt of its IP. During this process, the Altiris PXE server monitors the wire for DHCPREQUEST packets with an option 60 (PXE client). When a packet is recognized, the clients MAC address is used to find any pending automation work in Deployment Server. If no automation work is required, the PXE server does not respond to the client and it boots normally. If there is work to do, the PXE server responds with its address using a DHCPACK with option 60. At this point, the client has received a DHCPACK containing an IP address, and a DHCPACK with option 60 containing a PXE server. If the PXE server is located on the same server as DHCP, both are contained in the same DHCPACK packet. Part 2: PXE Bootstrap Now the client is ready to contact the PXE server for boot files. After this request, clients are provided a boot menu containing all of the boot options the PXE server can provide. Most of the time, the correct boot option has already been selected by Deployment Server, so this transparent to the client. After the selection is made, the client requests the necessary boot files using MTFTP. This consists of a.0 and a.1 file. The.0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the BIOS interrupt vectors, interrupt structures and hardware information tables to make the RAM disk function exactly like a typical floppy disk. This file then copies the.1 file byte by byte into the newly created RAM disk. Altiris Deployment Solution 6.8 6

The.1 file is an image of a boot disk floppy with modifications to the autoexec.bat and additional files which ultimately provide the automation environment on the managed computer. The following diagrams contain a basic outline of this process: PXE Planning and Installation This section contains an overview of the PXE deployment process, in the following sections: Enabling PXE on Managed Computers Installing and Configuring DHCP How Many PXE Servers Do I Need? Installing PXE Servers Altiris Deployment Solution 6.8 7

Enabling PXE on Managed Computers Each computer you plan to manage using PXE must have PXE boot enabled (sometimes called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea to apply the latest BIOS updates, especially if your network card is integrated on the motherboard. Deployment Solution also supports Wake on Lan to power on managed computers remotely. If this is enabled, a Wake on Lan signal is sent to the managed computer if the device is powered off (disconnected from Deployment Server) when a job is scheduled to start. Installing and Configuring DHCP DHCP is an integral part of the PXE process, and must be installed and configured in order to use PXE. A DHCP server is not provided with Deployment Solution, you must obtain, install, and configure this component separately. After DHCP is set up and your PXE servers are installed, you need to configure how your PXE servers interact with the DHCP server. This is done using the PXE Configuration Utility. How Many PXE Servers Do I Need? Number of Client Connections PXE servers do not typically require a lot of resources. By using multicast, a single PXE server can deploy a DOS boot image to up to 100 computers at a time, and not consume any more resources than it would deploying a single image. If you are using WinPE or Linux however, multicast boot is not available. Usually a single PXE server in a specific location is enough if you either use multicast to deploy images or spread out your image capturing jobs to be in line with the capabilities of your server. Additional PXE servers can easily be added if necessary. Network Speed Since the majority of the resources on a PXE server are used transferring files over the wire, the faster the network, the more work a single PXE server can do. A single PXE server on a gigabit network can capture and deploy several times as many images over a period of time than even multiple servers on a slower network. Physical Layout of your Network Your PXE configuration might be set up according to the physical layout of your network. If you have three offices in different locations, it might make sense to install a PXE server at each location to reduce traffic and resolve routing issues (see PXE Request Routing). In these configurations, the deployment share can be mirrored to a local server, and images are usually taken from and restored to local file servers. See PXE Redirection on page 11 for an example of this type of configuration. Altiris Deployment Solution 6.8 8

PXE Request Routing PXE clients use broadcast packets to find DHCP and PXE services on a network, and multicast packets (MTFTP) to transfer files. These packet types can present challenges when planning a PXE deployment because most default router configurations do not forward broadcast and multicast traffic. Because of this, either your routers need to be configured to forward these broadcast and multicast packets to the correct server (or servers), or you need to install a PXE server on each subnet. Routers generally forward broadcast traffic to specific computers. The source subnet experiences the broadcast, but any forwarded broadcast traffic targets specific computers. Enabling a router to support DHCP is common. If both PXE and DHCP services are located on the same computer, and DHCP packet forwarding is enabled, you shouldn t have any problem transferring broadcast packets. If these services are located on different computers, additional configuration might be required. If you are going to forward packets, make sure your router configuration allows DHCP traffic to access the proper ports and IP addresses for both DHCP and PXE servers. Once the broadcast issues are resolved, the routing of multicast traffic must be considered. Multicasting leverages significant efficiencies in transferring files but also introduces challenges similar to broadcast packet forwarding. Like the broadcasting solution, routers can be configured to support multicast traffic between PXE Clients and PXE Servers. Please consult the documentation provided by your router vendor for additional information on packet forwarding. Installing PXE Servers After you have determined the PXE needs of your network, you must to determine where to install these PXE servers. A PXE server can be installed on your Deployment Server, on your DHCP server, on another server in your network (such as a file server), or as a standalone server. You can also use a combination of these (for example, a PXE server on your Deployment Server and your DHCP server). The actual installation process is straightforward. You can install a PXE server at the same time as you install Deployment Solution, or you can install one later by running the installation program and selecting the add additional components option. After these servers are installed an running, they are configured using the PXE Configuration Utility. See the following section. Configuring PXE Settings All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is used to create and modify two things: Global and local configuration settings. These settings include timeout values, replication and logging options, and so on. Altiris Deployment Solution 6.8 9

Boot options. Each boot option corresponds to a specific configuration which includes an operating system, network and other drivers, utilities, mapped drives, and so on. This section contains a brief overview of selected PXE configuration and boot options. For complete details, see the help for the PXE Configuration Utility. PXE Settings Shared vs. Local Deployment Solution provides a PXE settings hierarchy enabling you to provide shared and local PXE configuration values. All PXE servers inherit the shared values unless they are overridden on the local server. Session Timeout The PXE configuration utility connects the PXE Manager service on Deployment Server. To make sure your changes are not overwritten by another instance of the PXE Configuration Utility, only one instance of PXE config is allowed to connect to PXE manager at any given time. If you attempt to launch PXE Configuration when another instance is running, you receive an error. To prevent you from being completely locked out for extended periods (for example, an instance is inadvertently left open on another computer), a timeout has been added which terminates a connection after 30 minutes of inactivity after someone else attempts to connect. This timeout only applies if someone else is attempting to launch PXE Configuration. If no other connections are attempted, the timeout is never enabled and your session remains active. DHCP Server Options For most circumstances, you want option 1. If you have DHCP installed on your Deployment Server but it is not active, Deployment Server might still attempt to communicate with that instance. This is changed by selecting option 3. If you are using a 3rd party DHCP server which automatically sends the client 60 message, select option 2. Boot Integrity Services PXE is potentially vulnerable to hackers, especially in security-conscious business and government settings not willing to risk network boot ups unless safeguards are in place. For example, it is important ensure that the boot image comes from a trusted source and has not been tampered with in transit. You can also designate and enforce which boot images can be installed on selected groups of platforms. Boot Integrity Services (BIS) addresses these security needs. BIS enhances the network boot environment by providing mechanisms to validate the source and integrity programs and data downloaded over the network prior to the time an operating system is installed. Using BIS firmware built into the client computer, BIS can validate (before executing a boot image) that the image came from a trusted source and was not tampered with en route. Altiris Deployment Solution 6.8 10

Deployment Server supports the BIS technology. However, the BIS support from Altiris is only applicable when the computers being managed also supports BIS. Even if BIS is configured from the Deployment Server console, BIS will not work unless the physical computer supports it. At the present time, there are very few computers that support BIS. Boot Options Boot options are the boot configurations provided to a client by a PXE server. Each boot option has a corresponding automation operating system, network drivers, and other settings. Shared vs. Local Deployment Solution provides a PXE boot option hierarchy enabling you to provide shared and local PXE boot options. Shared boot configurations are available on all PXE servers, while local boot options are available on a specific PXE server. PXE Redirection Lets you redirect a global PXE menu option to a local PXE menu option. Redirection settings are not available globally, they are always specific to an individual PXE server. This is due to the role redirection plays in your PXE environment. Consider the following example: You manage computers in three locations: Two offices in Ontario, and one office in Alberta. To limit transfer between each site, each office has a local PXE server, and a file server with a mirror of the deployment share. This enables clients at each location to contact the local PXE server to boot, then use the local deployment mirror to access the network tools and to store images. You need to create a job to capture an image of each managed computer on Friday evening, once a month. To create this job, you add an imaging task, select a PXE boot option, then set the schedule. Simple, right? Hold on. If you select the same PXE boot option for each office, you are going to have problems. The Alberta office uses a mirror of the deployment share on alb1\express, and stores captured images on alb1\images. The two Ontario offices use the ont1 and ont2 servers respectively. You could go ahead and create three global configurations and three different jobs, but that is confusing and could potentially cause problems if the wrong selection is made. If you took this route, on each PXE server, two of the three global configurations could potentially cause problems (they are mapped to drives in remote offices). Since you enjoy avoiding problems, what you really need is a way to select a single global configuration for a job, then update it based on the location of the PXE server. This is exactly what redirection does. You create a global configuration named, for example, Imaging Environment. Then, on each PXE server, you create a local configuration for each office with the correct server mappings. The Imaging Environment global option is then redirected to the local option, and the process is simplified. Now the imaging job can be applied to all computers at once, simplifying the process and reducing the chance of errors. Altiris Deployment Solution 6.8 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information