Download Deployment Solution™ 6.8 PXE Overview

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts
no text concepts found
Transcript 
ALTIRIS®
Deployment Solution™ 6.8 PXE
Overview
Notice
Altiris® AAA Document
© 2006 Altiris, Inc. All rights reserved.
Document Date: October 3, 2006
Altiris, Inc. is a pioneer of IT lifecycle management software that allows organizations to easily manage desktops,
notebooks, thin clients, handhelds, industry-standard servers, and heterogenous software including Windows, Linux,
and UNIX. Altiris automates and simplifies IT projects throughout the life of an asset to reduce the cost and
complexity of management. Altiris client and mobile, server, and asset management solutions natively integrate
through a common Web-based console and repository. For more information, visit www.altiris.com.
The content of this document represents the current view of Altiris as of the date of publication. Because Altiris
responds continually to changing markets and conditions, this document should not be interpreted as a commitment
on the part of Altiris. Altiris cannot guarantee the accuracy of any information presented after the date of
publication.
Altiris, Inc.
588 West 400 South
Lindon, UT 84042
Phone: (801) 226-8500
Fax: (801) 226-8506
Bootworks U.S. Patent No. 5,764,593.
Altiris and Deployment Solution for Servers are registered trademarks of Altiris, Inc. in the United States.
Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks, of Microsoft Corporation in the
United States and/or other countries.
Other brands and names are the property of their respective owners.
Information in this document is subject to change without notice. For the latest documentation, visit
www.altiris.com.
2
Chapter 1
Setting Up PXE Server
What is PXE?
Preboot Execution Environment (PXE) is an open industry standard which enables
computers to boot remotely using a network card.
PXE uses standard network protocols to establish a communication channel between a
computer and a PXE server during the boot process. Using this channel, a PXE server
sends an execution environment to the computer so that work can be performed in a
pre-boot state.
In Deployment Solution, this pre-boot state is called the automation environment, and
DOS, Linux, and WinPE are currently supported as pre-boot operating systems. An
overview of the automation boot methods and environments is contained in a separate
document, Deployment Solution: Automation Preboot Environments.
An advanced, tightly integrated PXE environment is provided with Deployment Solution.
Deployment Solution leverages PXE to provide the following advantages:
z
When a managed device needs to boot into automation, Deployment Solution
restarts the computer and notifies the PXE server. PXE server then boots the
computer into the automation environment indicated in the Deployment Solution job
automatically.
z
PXE can perform an initial deployment of a new system by checking to see if a
computer exists in Deployment Solution.
z
All PXE configuration is done using the PXE Configuration Utility from the
Deployment Solution console, enabling you to remotely configure all PXE servers in
your network.
Why Use PXE?
PXE is used in Deployment Solution to perform two tasks:
z
Boot managed computers into the automation environment
z
Perform initial deployment of new managed computers
How you implement PXE is partially dependent on what you plan to do with it. Many
organizations use PXE only on a subnet in a receiving department to deploy corporate
images and initial configuration of new computers. After this computer is assigned to a
user, PXE is not used in the normal production environment.
This limits the extent of the PXE environment, but prevents you from accessing the
automation environment to capture images and perform other automation-only tasks.
Other companies which often use automation select PXE because it leaves no footprint
on the managed computer, and has several other advantages such as image
multicasting and tight Deployment Solution integration.
Altiris Deployment Solution 6.8
3
Regardless of how broadly you implement PXE, Deployment Solution provides tools and
services to simplify management of PXE in your environment. This section contains the
following topics providing an overview of PXE in Deployment Solution:
z
PXE Services and Architecture
z
How PXE Works
PXE Services and Architecture
PXE services use a tiered-architecture which enables you to provide global settings and
boot options shared across all PXE servers, then override configuration and expand boot
options on a local level.
Boot options and PXE settings can be applied to a shared configuration. This shared
configuration is inherited by all PXE servers in your environment. Each PXE server still
has its own specific configuration, so you can override settings and add additional boot
options as needed.
New services have been provided to replicate settings and data automatically, making it
unnecessary for you to individually configure each PXE server.
The following table contains an overview of the PXE services:
Service
Description
PXE Manager
z
Provides all boot options and configuration settings
for each PXE server in your environment.
z
Interfaces with the PXE Config Utility to replicate data
and apply PXE configuration.
z
Manages all communication between your
Deployment Server and your PXE servers.
The PXE Manager Service is installed on your Deployment
Server regardless whether or not you have also installed a
PXE server.
z
Interfaces with PXE Manager to receive data and
configuration.
z
Configures, starts, and stops the additional PXE
services on the PXE server.
PXE Server
z
Provides the PXE listener and proxy DHCP to respond
to PXE requests and send the location of bootstrap
files.
MTFTP
z
Sends bootstrap files to managed computers using
TFTP.
PXE Config Helper
The PXE Manager service interacts with Deployment Server, PXE Helper service, and the
PXE config utility to perform centralized PXE management:
Altiris Deployment Solution 6.8
4
On each individual PXE server, the PXE Server service and the MTFTP service are
installed to perform the work of a PXE server. These services are configured, started and
stopped by the PXE Config Helper service. Clients connect directly to these services
during the PXE boot process:
How PXE Works
Before a computer can boot over a network, it needs two things: an IP address to
communicate, and the location of a PXE server to contact for boot instructions.
The following sections outline the PXE boot process:
z
Part 1: DHCP Request and PXE Discovery
z
Part 2: PXE Bootstrap
Altiris Deployment Solution 6.8
5
Part 1: DHCP Request and PXE Discovery
Request and Receive an IP Address
Initially, the boot agent directs the execution of normal DHCP operations by
broadcasting a DHCPDISCOVER packet (255.255.255.255) to port 67 on its local
physical subnet to discover a DHCP server.
Any available DHCP servers respond with a broadcast DHCPOFFER packet indicating
their server IP.
When the client has chosen a target DHCP server, it broadcasts a DHCPREQUEST packet
that includes its MAC address and the IP address of the selected DHCP server. The
DHCPREQUEST also contains option 60 to identify the client as a PXE client.
PXE Option 60
DHCP allows clients to receive options from the DHCP server indicating various services
that are available on the network. A number of standard and custom options are
available that can convey a vast amount of information to DHCP clients. Option 60 deals
specifically with PXE related services. Both PXE clients and servers use option 60 to
convey specific information about the PXE services they need or are providing.
Contacting the PXE Server
All DHCP servers examine the DHCPREQUEST packet. If the request is intended for a
different server, the IP address they offered is reclaimed. The DHCP server providing the
accepted offer supplies a DHCPACK packet to the client to acknowledge the client’s
receipt of its IP.
During this process, the Altiris PXE server monitors the wire for DHCPREQUEST packets
with an option 60 (PXE client). When a packet is recognized, the clients MAC address is
used to find any pending automation work in Deployment Server. If no automation work
is required, the PXE server does not respond to the client and it boots normally.
If there is work to do, the PXE server responds with its address using a DHCPACK with
option 60.
At this point, the client has received a DHCPACK containing an IP address, and a
DHCPACK with option 60 containing a PXE server. If the PXE server is located on the
same server as DHCP, both are contained in the same DHCPACK packet.
Part 2: PXE Bootstrap
Now the client is ready to contact the PXE server for boot files. After this request, clients
are provided a boot menu containing all of the boot options the PXE server can provide.
Most of the time, the correct boot option has already been selected by Deployment
Server, so this transparent to the client.
After the selection is made, the client requests the necessary boot files using MTFTP.
This consists of a .0 and a .1 file.
The .0 file functions as a bootstrap loader. It creates a RAM disk and manipulates the
BIOS interrupt vectors, interrupt structures and hardware information tables to make
the RAM disk function exactly like a typical floppy disk. This file then copies the .1 file
byte by byte into the newly created RAM disk.
Altiris Deployment Solution 6.8
6
The .1 file is an image of a boot disk floppy with modifications to the autoexec.bat and
additional files which ultimately provide the automation environment on the managed
computer.
The following diagrams contain a basic outline of this process:
PXE Planning and Installation
This section contains an overview of the PXE deployment process, in the following
sections:
z
Enabling PXE on Managed Computers
z
Installing and Configuring DHCP
z
How Many PXE Servers Do I Need?
z
Installing PXE Servers
Altiris Deployment Solution 6.8
7
Enabling PXE on Managed Computers
Each computer you plan to manage using PXE must have PXE boot enabled (sometimes
called network or NIC) and set to the correct sequence in the BIOS. It is also a good idea
to apply the latest BIOS updates, especially if your network card is integrated on the
motherboard.
Deployment Solution also supports Wake on Lan to power on managed computers
remotely. If this is enabled, a Wake on Lan signal is sent to the managed computer if the
device is powered off (disconnected from Deployment Server) when a job is scheduled
to start.
Installing and Configuring DHCP
DHCP is an integral part of the PXE process, and must be installed and configured in
order to use PXE. A DHCP server is not provided with Deployment Solution, you must
obtain, install, and configure this component separately.
After DHCP is set up and your PXE servers are installed, you need to configure how your
PXE servers interact with the DHCP server. This is done using the PXE Configuration
Utility.
How Many PXE Servers Do I Need?
Number of Client Connections
PXE servers do not typically require a lot of resources. By using multicast, a single PXE
server can deploy a DOS boot image to up to 100 computers at a time, and not consume
any more resources than it would deploying a single image. If you are using WinPE or
Linux however, multicast boot is not available.
Usually a single PXE server in a specific location is enough if you either use multicast to
deploy images or spread out your image capturing jobs to be in line with the capabilities
of your server. Additional PXE servers can easily be added if necessary.
Network Speed
Since the majority of the resources on a PXE server are used transferring files over the
wire, the faster the network, the more work a single PXE server can do. A single PXE
server on a gigabit network can capture and deploy several times as many images over
a period of time than even multiple servers on a slower network.
Physical Layout of your Network
Your PXE configuration might be set up according to the physical layout of your network.
If you have three offices in different locations, it might make sense to install a PXE
server at each location to reduce traffic and resolve routing issues (see PXE Request
Routing).
In these configurations, the deployment share can be mirrored to a local server, and
images are usually taken from and restored to local file servers. See “PXE Redirection”
on page 11 for an example of this type of configuration.
Altiris Deployment Solution 6.8
8
PXE Request Routing
PXE clients use broadcast packets to find DHCP and PXE services on a network, and
multicast packets (MTFTP) to transfer files. These packet types can present challenges
when planning a PXE deployment because most default router configurations do not
forward broadcast and multicast traffic.
Because of this, either your routers need to be configured to forward these broadcast
and multicast packets to the correct server (or servers), or you need to install a PXE
server on each subnet.
Routers generally forward broadcast traffic to specific computers. The source subnet
experiences the broadcast, but any forwarded broadcast traffic targets specific
computers.
Enabling a router to support DHCP is common. If both PXE and DHCP services are
located on the same computer, and DHCP packet forwarding is enabled, you shouldn’t
have any problem transferring broadcast packets.
If these services are located on different computers, additional configuration might be
required.
If you are going to forward packets, make sure your router configuration allows DHCP
traffic to access the proper ports and IP addresses for both DHCP and PXE servers.
Once the broadcast issues are resolved, the routing of multicast traffic must be
considered. Multicasting leverages significant efficiencies in transferring files but also
introduces challenges similar to broadcast packet forwarding. Like the broadcasting
solution, routers can be configured to support multicast traffic between PXE Clients and
PXE Servers.
Please consult the documentation provided by your router vendor for additional
information on packet forwarding.
Installing PXE Servers
After you have determined the PXE needs of your network, you must to determine
where to install these PXE servers.
A PXE server can be installed on your Deployment Server, on your DHCP server, on
another server in your network (such as a file server), or as a standalone server. You can
also use a combination of these (for example, a PXE server on your Deployment Server
and your DHCP server).
The actual installation process is straightforward. You can install a PXE server at the
same time as you install Deployment Solution, or you can install one later by running
the installation program and selecting the add additional components option.
After these servers are installed an running, they are configured using the PXE
Configuration Utility. See the following section.
Configuring PXE Settings
All PXE configuration is done using the PXE Configuration Utility. The PXE config utility is
used to create and modify two things:
z
Altiris Deployment Solution 6.8
Global and local configuration settings. These settings include timeout values,
replication and logging options, and so on.
9
z
Boot options. Each boot option corresponds to a specific configuration which
includes an operating system, network and other drivers, utilities, mapped drives,
and so on.
This section contains a brief overview of selected PXE configuration and boot options.
For complete details, see the help for the PXE Configuration Utility.
PXE Settings
Shared vs. Local
Deployment Solution provides a PXE settings hierarchy enabling you to provide shared
and local PXE configuration values. All PXE servers inherit the shared values unless they
are overridden on the local server.
Session Timeout
The PXE configuration utility connects the PXE Manager service on Deployment Server.
To make sure your changes are not overwritten by another instance of the PXE
Configuration Utility, only one instance of PXE config is allowed to connect to PXE
manager at any given time.
If you attempt to launch PXE Configuration when another instance is running, you
receive an error. To prevent you from being completely locked out for extended periods
(for example, an instance is inadvertently left open on another computer), a timeout has
been added which terminates a connection after 30 minutes of inactivity after someone
else attempts to connect.
This timeout only applies if someone else is attempting to launch PXE Configuration. If
no other connections are attempted, the timeout is never enabled and your session
remains active.
DHCP Server Options
For most circumstances, you want option 1. If you have DHCP installed on your
Deployment Server but it is not active, Deployment Server might still attempt to
communicate with that instance. This is changed by selecting option 3. If you are using
a 3rd party DHCP server which automatically sends the client 60 message, select option
2.
Boot Integrity Services
PXE is potentially vulnerable to hackers, especially in security-conscious business and
government settings not willing to risk network boot ups unless safeguards are in place.
For example, it is important ensure that the boot image comes from a trusted source
and has not been tampered with in transit. You can also designate and enforce which
boot images can be installed on selected groups of platforms. Boot Integrity Services
(BIS) addresses these security needs.
BIS enhances the network boot environment by providing mechanisms to validate the
source and integrity programs and data downloaded over the network prior to the time
an operating system is installed. Using BIS firmware built into the client computer, BIS
can validate (before executing a boot image) that the image came from a trusted source
and was not tampered with en route.
Altiris Deployment Solution 6.8
10
Deployment Server supports the BIS technology. However, the BIS support from Altiris
is only applicable when the computers being managed also supports BIS. Even if BIS is
configured from the Deployment Server console, BIS will not work unless the physical
computer supports it. At the present time, there are very few computers that support
BIS.
Boot Options
Boot options are the boot configurations provided to a client by a PXE server. Each boot
option has a corresponding automation operating system, network drivers, and other
settings.
Shared vs. Local
Deployment Solution provides a PXE boot option hierarchy enabling you to provide
shared and local PXE boot options. Shared boot configurations are available on all PXE
servers, while local boot options are available on a specific PXE server.
PXE Redirection
Lets you redirect a global PXE menu option to a local PXE menu option. Redirection
settings are not available globally, they are always specific to an individual PXE server.
This is due to the role redirection plays in your PXE environment.
Consider the following example:
You manage computers in three locations: Two offices in Ontario, and one office in
Alberta. To limit transfer between each site, each office has a local PXE server, and a file
server with a mirror of the deployment share. This enables clients at each location to
contact the local PXE server to boot, then use the local deployment mirror to access the
network tools and to store images.
You need to create a job to capture an image of each managed computer on Friday
evening, once a month. To create this job, you add an imaging task, select a PXE boot
option, then set the schedule. Simple, right?
Hold on. If you select the same PXE boot option for each office, you are going to have
problems. The Alberta office uses a mirror of the deployment share on alb1\eXpress,
and stores captured images on alb1\images. The two Ontario offices use the ont1 and
ont2 servers respectively.
You could go ahead and create three global configurations and three different jobs, but
that is confusing and could potentially cause problems if the wrong selection is made. If
you took this route, on each PXE server, two of the three global configurations could
potentially cause problems (they are mapped to drives in remote offices). Since you
enjoy avoiding problems, what you really need is a way to select a single global
configuration for a job, then update it based on the location of the PXE server.
This is exactly what redirection does. You create a global configuration named, for
example, “Imaging Environment”. Then, on each PXE server, you create a local
configuration for each office with the correct server mappings.
The “Imaging Environment” global option is then redirected to the local option, and the
process is simplified. Now the imaging job can be applied to all computers at once,
simplifying the process and reducing the chance of errors.
Altiris Deployment Solution 6.8
11
Related documents
Cluster Booting Issues
Cluster Booting Issues
Diapositiva 1 - Dott. Paolo Tortorella Oculista
Diapositiva 1 - Dott. Paolo Tortorella Oculista
Boot Images and Distribution Point Configuration
Boot Images and Distribution Point Configuration
CONNECTIVE TISSUE LABORATORY Center for Medical Genetics
CONNECTIVE TISSUE LABORATORY Center for Medical Genetics
Left Ventricular Systolic and Diastolic Function by
Left Ventricular Systolic and Diastolic Function by
PXE Data Sheet
PXE Data Sheet
Managing Operating System Deployment
Managing Operating System Deployment
using the BIOS network stack for other purposes
using the BIOS network stack for other purposes
full paper - Acta Electrotechnica et Informatica
full paper - Acta Electrotechnica et Informatica
Serum Factors from Pseudoxanthoma Elasticum
Serum Factors from Pseudoxanthoma Elasticum
Installation
Installation