Leveraging WinPE and Linux Preboot for Effective Provisioning

Jonathan Richey | Director of Development | Altiris, Inc.

© Altiris Inc.

Agenda

Terminology Preboot Technology Linux and WinPE

Pros & Cons Preboot Demo Questions and

Answers

© Altiris Inc.

Terminology

Preboot Automation An OS environment other than Production OS

― Control hardware w/o OS interference― Deployment Solution automation

Primary use – Hard Disk Manipulation― “Bare Metal” provisioning― Partitioning― Imaging― Repairing or Healing production OS― Recovery from offline storage

© Altiris Inc.

Terminology

Production Environment Primary User OS

― Windows

― Linux

― Solaris

Production Agent― AClient

― ADLAgent

© Altiris Inc.

Terminology

Automation Environment X86 Processor Only Automation OS

― DOS

― WinPE

― Linux

Automation Agent― Bootwork.exe

― AClient -winpe

― ADLAgent

© Altiris Inc.

Previous Preboot Technology

Bootwork partitions Floppy disks PXE (Preboot eXecution Environment) DOS based

© Altiris Inc.

DS 6.5 Preboot Technology

Automation partitions Boot Media

Floppy disks CD USB Flash

PXE (Preboot eXecution Environment) Supported OS’s

DOS Linux WinPE

© Altiris Inc.

Automation Partitions

Previously called Bootwork Partitions Patented Altiris technology Hidden or embedded partitions Controls boot to automation or production Pros and Cons?

© Altiris Inc.

Automation Partitions – Pros

Always available Configured specifically for system Production agents can modify boot order Faster than floppies More secure than PXE Keyboard/Screen lock technology (DOS)

© Altiris Inc.

Automation Partitions – Cons

Must be installed Embedded – relatively easy Hidden – generally very painful

Does not work for “Bare Metal” provisioning Third Party imaging tools can’t handle

Embedded partitions

© Altiris Inc.

6.5 Automation Partition Enhancements

Both WinPE and Linux supported New automation partition structure

Compatible with Recovery Solution, Local Recovery

More compatible with other boot loaders Allows for larger embedded partitions

― DOS 5 MB― Linux 30 MB― WinPE 200 MB

Fastest way to boot WinPE

© Altiris Inc.

DS 6.1 Bootwork Partition Architecture

Hard Disk

MBRBoot Code

Partition Table

Extended MBRboot codeCopy of

partition table

PBRBoot Code

EmbeddedAutomation Partition

(DOS only)

© Altiris Inc.

DS 6.5 Automation Partition Architecture

Hard Disk

MBRBoot Code

Ptr to Ext MBRPartition Table

Extended MBRAdditonal CodePart Table copy

PBRBoot Code

EmbeddedAutomation Partition(DOS, Linux WinPE)

© Altiris Inc.

PXE Automation

Intel standard since 1998 Piggybacks on DHCP extensions Three components

PXE Server TFTP/MTFTP server Client PXE ROM

Pros and Cons?

© Altiris Inc.

PXE Automation – Pros

DS can control PXE boot choice Fastest automation decision Best remote management No “hidden” code or data on disk Only reasonable option for “Bare Metal” Can use multicast to minimize network traffic

© Altiris Inc.

PXE Automation – Cons

Has security problems Susceptible to rogue PXE servers

Requires network infrastructure support Additional open ports Multicast ports DHCP helper in routers

Manual synchronization of 6.1 PXE servers Solved in DS 6.5

© Altiris Inc.

PXE 6.5 Enhancements

DS job specific PXE boot images Centralized PXE management Enhanced security Support for TFTP file transfers > 94MB

© Altiris Inc.

PXE Modules

PXE TFTPServer

PXEServer

PXE ConfigService

PXEConfig

PXE ManagerDS Server(Axengine)

DSMiddleman

© Altiris Inc.

PXE Manager

Centralized PXE management Coordinates & configures multiple PXE servers

― All PXE boot images on one machine

― All PXE BDC configurations on one machine

― New directory structure and naming

Shared & server specific configurations Communicates w/ PXEConfig, DS engine, and

Config Helper Service BIS support for complex installations Service on same box as DS server

© Altiris Inc.

PXE Manager

Secure Management Two way authentication with DS Uses DB Management encrypted session Supports DS role based security for PXE

Config utility

© Altiris Inc.

PXE Boot Sequence

DS Job scheduled Using MAC address and boot image ID, DS

engine tells PXE server to how to boot specific managed clients Boot image ID identifies Preboot OS type

PXE Server receives boot request and automatically selects specified boot image

Boot image is downloaded and executed

© Altiris Inc.

PXE Boot Sequence

PXE Server

DHCP Server

PXE EnabledWorkstation

DHCP/PXE Boot Request

DisplayBootMenu

PXE Boot Menu

DHCP Address

PXE TFTP Server

TFTPMTFTPDwnLd

TFTP Download Request

TFTP Download.0 File

Execute.0

Other Download

CheckMACcache

© Altiris Inc.

Preboot OS Options

Altiris pre-boot Linux distribution RedHat Fedora core 3 based Altiris customized Source available from:

http://www.altiris.com/eval on DS page

Microsoft Windows PE Select & Volume WinPE toolkit or OPK Altiris WinPE Installer

95/98 DOS still supported

© Altiris Inc.

New Preboot OS Options Benefits

Powerful OS’ Improved imaging performance Security

Microsoft NT network authentication

Improved availability of NIC drivers

© Altiris Inc.

Linux Preboot OS

Pros Powerful OS Free availability Ram disk boot

― Leaves hard disk unmounted

Better NIC driver support than DOS

© Altiris Inc.

Linux Preboot OS, cont.

Cons Drivers lag Windows counterpart Disk and video drivers required Version/distribution executable mismatch Relative unfamiliarity in many IT depts.

© Altiris Inc.

WinPE Preboot OS

Pros Powerful OS Best driver availability Fastest imaging with RDeploy Ram disk boot

― Leaves hard disk unmounted

Scripted install of 2003 server for x64 platforms

© Altiris Inc.

WinPE Preboot OS, cont.

Cons Must use WinPE 2005

― Previous versions will not work

Big… Huge… Hard to get from Microsoft

― MS select or volume agreement

Additional, though minimal, cost from Altiris― Altiris WinPE installer

© Altiris Inc.

DS 6.5 Preboot Demo

Create a Linux PXE boot image Minimal PXE job to copy a file

© Altiris Inc.

Summary

Preboot technology is one of the pillars of DS power

DS 6.5 fully supports Linux and WinPE for Preboot OS

Associated Lab: System Provisioning using Linux and WinPE

PreBoot― Wed. 3:00 pm, S. China Sea (classroom 40)― Thur. 2:00 pm, S. China Sea

jrichey@altiris.com

© Altiris Inc.

Thank You

Questions & Answers