Slashdot Mirror
Remote or Unattended Installation Solutions?
HaloZero asks: "I work for a medium-sized company (350+ users), and am charged with new builds and deployments for a mix of aged and new desktops, and a smattering of similar laptops. The hardware is certainly not uniform across the entire infrastructure. Our current deployment 'system' (Ghost/Sysprep, Acronis/NewSID) is somewhat of a kludge -- as my mentor would say -- and I've been looking into alternative, cleaner methods. We're burgeoning on an Active Directory domain, so RIS has been the hot topic on my desk as of late. Does anyone have any experience with RIS? Is there anything that isn't very well documented that I should watch out for? We're considering other unattended install solutions, such as nLite, and a composite of Bart's PE Builder-type setups. Any other suggestions out there?"
Why not use Unattended? http://unattended.sourceforge.net/ - we use it, and it works wonders here. Unattended is a system for fully automating the installation of Windows 2000 Professional and Server, Windows XP, and Windows Server 2003. When you are finished setting up Unattended, you will be able to boot any PC from a floppy, from a CD-ROM, or directly from the network, answer a few questions, and come back an hour or two later to a fully-installed Windows workstation. We boot from the network, and the machines build themselves without our intervention. They have a step-by-step guide on how to set it up even.
Note that RIS is not a very good solution. Even if you have uniform hardware, (Like Dell's, or HP/Compaq's) changing one driver can muck up the whole process. Not so with unattended. Being an Open Source project, you are im complete control of your build process.
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
The thing with ris is that if you put in a lot of effort and time, you can make it do anything you want (and it pays off when you have multiple desktop platforms). I used to come from the ghost/acronis school of thought however after "seeing the light", RIS (and the new up and coming WIM solution - think of it as a combo b/w ris and ghost) is much better.
We played dungeons and dragons for 3 hours.....then i was slain by an elf
... but Internet Explorer used to be very good at facilitating remote installs.
Reality is defined by the maddest person in the room
This was covered recently in a nearly identical Ask Slashdot almost two months ago. You might find a lot of relvant information in the comments to that story. There were many great suggestions.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
As it explains the article you linked from MS, the biggest hurtle you may have to jump is making sure that you meet the NIC requirement:
"PXE DHCP-based boot ROM version 1.00 or later network adapter, or a network adaptor that is supported by the RIS boot disk."
Because you have a hodge podge of clients on your network, you may have to make an investment to upgrade all your NICs if they don't meet spec. I would start first by determining what hardware you currently got and make some decisions on how much you got to make sure everything fits the requirements for RIS.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
I support about 20,000 desktops, running mostly Windows XP, and here's what we do.
For the actual system image itself, I've created a single DVD that contains a simple boot menu. There are some basic tools (like DBAN and an "old school" Bart's Network Boot Disk) but the bulk of the disk is devoted to an unattended XP install with (a) splipstreamed patches, (b) drivers for ALL of our major hardware models, (c)custom configuration, and (d) all of our enterprise software.
Any time that Dell (or one of our other vendors - kiosks, tablets) ships us a new machine, I update one line in an INF file, add some drivers, and automatically build another image exactly to standard -- no mystyped keys -- no forgotten registry settings. The image completes, sysprep runs, the machine shuts off, and we make an image with Ghost to send to our vendors.
That image is sent back to the OEM, and our boxes come pre-imaged. You don't need a lot of pull with your vendors for this. Most OEMs are hungry enough for your business that they'll do it no matter how small you are -- and Dell's CFI group has been a pleasure to work with.
When a machine shows up at any of our 50+ facilities, the first thing it does after getting a machine-name post-sysprep is boot up, logon as the local administrator, and visit a webpage that presents a "pretty" front end to our automated software deployment tool. [We use Marimba.] The password for the administrative account is then changed to a unique pattern-based one automatically (to allow support from Desktop, but to prevent worm-like activity) and the machine is deployed with any regional or departmental programs chosen from the Marimba front-end.
While you may not have Marimba or Alteris or SMS to do your customization dirty-work for you, you've got Active Directory, and people in the right OU's will get whatever you want deployed to them.
Similarly, we use AD to do all of our policy management -- keeping enforcement of screensavers and proxy manageable.
There's a great joy in having all of your machines running the EXACT same image - with "Extra" software installed from a known reference point (even network shares - as long as it's your network share).
The unattended guides at MSFN.org are a fantastic reference for making an unattended CD/DVD.
I use Ghost to create networks of up to 300 workstations about once a month. There's no hassle. I made a floppy image for Ghost using FreeDOS and the 3COM universal NDIS driver. That combined with pxelinux's keeppxe option, and every computer boots up off the network with nearly zero configuration necessary (ok, so I have to tell BIOS to boot from the network... big deal). When you get a new type of computer, just update the image to include the new drivers. One image works for all systems.
It's always a long day... 86400 doesn't fit into a short.
Interns.
"I use a Mac because I'm just better than you are."
I work for a mid-size company (~1500 desktops at 40+ remote sites), and I've been working on exactly the same problem for the last 2 weeks. Our solution until now has been buiding a new 'base' system and using PowerQuest V2i to take a disk image. This works OK, except for the fact that we had to build a new image from scratch every time slightly new hardware came out, and since our current hardware list is HUGE (we're slowly phasing out old hardware with new standardized stuff), it was impossible to build an image for every permutation.
Over the last 2 weeks or so I've been building up an automated deployment suite -- I started first by figuring out how to do unattended installs of all our client software (this is different for each piece of software you'll deploy, so RTFM). Microsoft generally provides *great* tools for deployment (and usually anything using the Windows Installer is easy to customize), everything else is a mixed bag. Once I had applications installing properly in unattended mode, I turned my sights to the operating system.
I explored a couple of options, like Sysprep/Image. The sysprep method worked, but there were a couple things that weren't ideal in our environment (for one, we would have had to ship 3 CDs to each of our branches -- one for the V2i restore utility itself, then 2 or 3 for the spanned disk image. Not all our machines have DVD-ROMs yet, nor do they all have local servers). The disc duplication efforts alone were a time sink.
What I ended up doing was using nLite (http://www.nliteos.com) to customize the install process, including the unattended settings. I RARed up the unattended applications, and included the RAR file, a commandline UnRAR utility, and miscellaneous filesystem stuff in the $OEM$ folder on the Windows disc. Then I put some entries in RunOnceEx which automatically UnRARed the archive, then installs each application in turn.
The total install process involves two steps of user interaction -- the first is to select what partition to install Windows to during the text-based portion of the install, and again during the setup process to ask for a machine name (we use a structured machine naming convention). The machine is joined to the domain automatically, apps are set up automatically, and the machine reboots to its 'final' state automatically. About 20-30 minutes after popping in the disc, you have a complete, reimaged system, and you only need to pay attention to it for about 30 seconds.
After stripping the OS CD down with nLite, and RARing up our customized apps, my disc came out at a nice 664MB... small enough to fit on one CD, with room left over for future service packs, patches, and additional drivers.
Now all we have to do is add new drivers and roll in new service packs and patches as needed, which is a breeze with the nLite wizard. We plan a new 'release' of the disc every 2-3 months, with incremental OS and application patches pushed out as needed.
Best of luck; it takes a little while to really figure out the best approach, but once you do it's quite easy to maintain, and is definitely a huge time saver.
Check out http://www.msfn.org/, the "home" of nLite and many other projects. Personally I use nLite, WPI (Windows Post Installer), BTS Driverpacks, and AutoIT3. I have done both Image/Ghost style for multiple PCs and scripted installations, images are too hard to update on a regular basis, I much prefer scripted installs.
HEX
Horror & SciFi Erotic Nudes
You can achive all of this quite easily with Altiris Deployment Solution, and then some. Imaging, application packaging and deployment, remote execution, basic inventory, remote control, and other management functions are all included. I've been using it for over 5 years and haven't used anything better for managing Windows PCs. You can buy it stand alone or bundled with the Client Management Suite, although for an organization of your size, the CMS is probably overkill. If you create your images properly with sysprep, you can achive near full hardware independence.
A former coworker works there, so I'm biased, but the Mountain View Data PowerCockpit software seems to be pretty darn easy to use for large environments. Remote install, image-from-machine, install and configure many clones from an image, works with most of the PC OSes, etc.
Etherboot has made my life so much easier. As the parent mentioned, Etherboot allows any supported network to do a PXE boot whether or not the card actually supports PXE.
Also if you don't want to carry around a separate disk for each nic, there is a patched disk available at etherboot.anadex.de. That one disk contains support for all Etherboot-supported cards. This can probably be made into a el torito cd, but I haven't tried it.
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
I use Unattended for the OS installation and WPKG for applications/updates/configuration/policies (w/ secedit and ActivePerl).
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
Here's my two cents. If your sticking with strictly Microsoft OSes, I'd recommend the Business Desktop Deployment Solution Accelerator from Microsoft. It not only discusses the technologies needed to roll out a standard desktop, but also the practices needed to keep the project running. You can find it by searching technet for Desktop Deployment.
It comes in two different versions, standard and enterprise. The standard version will work with smaller organizations, but I highly recommend the enterprise version. It requires Microsoft's Systems Management Server (SMS) 2003 and the Operating System Deployment Feature Pack (which is Free, SMS isn't though). Leveraging all of this with the User State Migration Tool (free), you can easily deploy new OS images over existing systems while preserving user data and settings.
If you want to get really fancy, you'll be able to take new incoming PCs, boot them up off the network (using RIS) and, based of the MAC Address, or serial number, automatically assign the correct computer name, and install the appropriate software for the user receiving the system. Even cooler, with BizTalk Server and sharepoint, users can go out to a web site, request software, and have it installed automatically (based on availabe licensing, system requirements, etc.) without having to physically touch the system.
I'll stop the sales pitch now. It's really a very good system, most of the tools are free and it will work with other imaging systems like Ghost. Good luck, and I hope this helps.
If it were just Linux, it would be easy: set yourself up with System Installation Suite (SIS) and it's a real breeze. If you're doing Windows it would be harder. :(
There. Since you didn't actually mention WTF you install, that's all the help you're getting from me. I'm not going to assume anything, since you are the one who asked. Form a question first, don't expect us to decode your bullshit.
All I can offer is my own experience with RIS, Windows 2000 Server, and Windows 2000 Pro and XP desktops. The biggest PITA with RIS is the network drivers. With Ghost you just get the NDIS driver, set the driver to use with your bootdisk, and then image your workstation. It includes all the nifty utils to flip the SID, name the computer, and everything else that needs to be done. With RIS, you have to edit .inf files, copy drivers to bunch of sub-directories, and all sorts of other mess. In my experience, the headaches with the drivers alone was enough not to use it.
The other problem that I ran into was lag with file copies. Most of the networks that I'm on are using 100MB switches. With 1 computer copying an image, the file copy performance was okay. With 2 computers, it starts to lag. By the time I got to 4, I couldn't do anymore and the copy rate was SSLLLOOOOWWWW. The server was pretty standard for the time... Proliant ML370 P4 Xeon, 4 gigs of RAM, 128MB SmartArray controller on a RAID-5 array. I'm not sure if my experience with RIS was unique, or if it was a misconfig on my part, but my boss had a boner for RIS for a while until I beat him over the head with Ghost, so I had the chance to try RIS at a few sites. It was always the same story with the slow copies (but boy was that great for billable time). =)On the other hand, I've done 10-20 simultaneous Ghost deployments without any noticable slowdown.
That was my experience with RIS and Ghost. I categorize RIS with ntbackup... just because it comes with the OS, doesn't necessarily mean you should try to use it in a production environment.
Trust me, you won't want to be attending the installation of Skynet's T-1000.
I've been toying withn things like this for some time now. ...
If you take a look on Microsofts CD, you'll find plenty documentation on how to automatically set up machines with names, IP, security patches all unatended. Then you'll need to keep up with your list of software - and their updates etc
I would go with Computer Associates USD product because It's the one I know. from within that product you can install, and maintain accross you wan/lan your desktops -from the os to your software packages.
none Yet.
http://unattended.sourceforge.net/
theres also a M$ provided way to do this, but i presume that means buying all the extras, etc.
unattended requires control over local dns/dhcp/samba/tftp on a preferably linux server box, and is sposed to work just as well with the windows server equivilents. ( and i presume the M$ one would have the same requirements..)
took me about 4 hrs from knowing nothing about it to having windows installed on a laptop with no OS, floppy or cd rom.
setting up different windowses is just a matter of copying the contents of the installation cd to a given directory, and i presume its probably the same for linux distros too ( although you'd probably attack it a different way for linux.)
also lets ya set up packages, and even modify the scripts to install different sets of packages as needed.
sure this was just to install to one machine, but now the setup is there, it can be used again, and again and again. ( used it to set up a vmware image right afterwards too, just for kicks..)
all thats required is a PXE compatible NIC, and that basically includes everything from about 2001 on.
still not sure i see the need to constantly 'rebuild' machines though. i shake my head when i see the windows sysadmins round the office constantly format, reinstalling, etc.
If this is a commercial installation then Novell ZEnworks is worthy of analysis. Linux pre-boot, PE mods, PXE support, imaging up and down, all very and integrated with platform independant patch management if you want it. Most ZENworks installations these days are on Windows platforms so don't let the Novell brand put you off :-)
-- Sig meltdown immine...
"Does anyone have experience with RIS?"
Well yes... in fact, there's a company that fully supports all aspects of the RIS product, and even offers a series of training certifications that allow certificated individuals to demonstrate a passable knowledge of the product. The company is called Microsoft.
This whole article is FUD. Does this guy honestly believe it's possible that nobody understands how to use a pretty fundamental Windows technology? Wait, wait... he's used to asking for support from Linux forums, where the easiest way to get support is to troll it by posting "Linux is bollocks, it doesn't work half as well as Windows and it's twice as complex." then wait for PhD open source developers to start emailling him. Windows support works differently! You can just ask Microsoft (cost = arm + leg), or hire any tier 1 IT services company (IBM, HP, CSC, Unisys etc). But at least the regimented support and training infrastructure is there, and some of the best the corporate IT world has to offer.
But seriously, if you don't understand Windows technology and you're trying to administer a Windows environment, there are two options. 1) Replace it all with a *nix system you do understand or 2) Hire an MCSE (there are some talented ones as well as some idiots, so hirer-beware).
I am government man, come from the government. The government has sent me. -- G.I.R.