1. Planning and Deploying Server Purposing Solution Training: Microsoft Solution for Windows-based Hosting version 4.0 November 2006
2.
3.
4.
5. Benefits of Server Purposing Through the reliable remote execution framework, ADS enhances existing scripting investments and extends your ability to administer hundreds of servers. Powerful, mass server administration ADS offers a simple-to-use graphical user interface, a set of command-line tools, and a rich WMI program interface. Easy integration through a choice of user interfaces An intelligent Pre-Boot eXecution Environment (PXE) server and dynamically built deployment agent enable remote server builds of PXE-compliant bare metal boxes, reducing the cost to deploy servers. Significant reduction of server deployment cost Using Virtual Floppy, ADS incorporates standard server vendor MS-DOS® tools into the deployment process to automate hardware configuration. Simpler hardware configuration Consistent record of administrative history Flexibility and agility through new imaging tools Consistency in provisioning servers, less human error BENEFITS ADS offers a centralized data store to maintain a complete history of all administrative tasks carried out using the ADS infrastructure. Powerful new tools built by Microsoft use knowledge of the NTFS file system structure to create smaller images that can be updated and edited without first being deployed to a server. Through powerful task sequence-driven automation, sample task sequences can be extended to automate hardware configuration, operating system deployment, and application installation, enabling you to encode your organization's operational practices and eliminate human error. DESCRIPTION
6.
7.
8. Getting Started with Server Purposing Install Windows Server 2003, Enterprise Edition on the server on which you will install ADS. 11. ADS targets and the ADS controller must have the system basic input/output system (BIOS) clocks in close synchronization (within approximately 30 minutes). Typically, new hardware may have the BIOS clock set to an odd or random value. 10 Ensure that the ADS services, the devices, and the Dynamic Host Configuration Protocol (DHCP) server are all part of the same network. 9. Verify that the volumes where you plan to install ADS are formatted with the NTFS file system. 8. Determine whether PXE is in use in your data center. If so, you need to isolate PXE requests from the devices you plan to use with ADS from the rest of the network. 4. Determine if there is an existing public key infrastructure (PKI) you want to use. If not, ADS will create certificates for you. 6. Ensure that you have a single, 100-megabits per second (Mbps) or faster network to connect all devices, ADS servers, and the Dynamic Host Configuration Protocol (DHCP) server. 1. Determine which database you want to use with the Controller service. You can use Microsoft SQL Server™ Desktop Engine (MSDE), which is included with ADS, or an existing Microsoft SQL Server 2005 server. 5. 7. 3. 2. STEP Confirm that your systems meet the requirements for ADS components. If you plan to capture and deploy images using ADS, ensure that a DHCP server is deployed in the data center. If not, you must add a DHCP server. If you plan to only install the Controller and Administrative Agent to create a scripting environment, a DHCP server is not required. Determine whether you will install all of the ADS services on a single server or whether you plan to distribute the Controller service, the Image Distribution service (IDS), and Network Boot Services (NBS) on two or three servers. DESCRIPTION For More Information: See “Get Started with Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
9.
10. Script-based Administration SSL Initiate script-based administration on thousands of servers from the central controller Gather all output from task and store in database Administer 1,000 servers as easily as 1 server Database ADS Controller Administration Agent Target Server Administration Agent Administration Agent Log All Activity Send Job (Script/Path) 1 2
11. ADS Architecture Single Server Documentation Administrative Tools ADS Management Snap-in Sequence Editor Command-line Tools Workstation ADS Controller Server Documentation Administrative Tools ADS Management Snap-in Sequence Editor Command-line Tools Volume Imaging Tools Network Boot Services Sample Scripts Image Distribution Service DHCP Server Devices Controller Database Controller Service Image Store
12.
13.
14.
15.
16. Build Server Purposing To build your ADS Controller, you perform the following set of tasks: Ensure prerequisites are met Install Windows Server 2003, Enterprise Edition R2 Add and configure DHCP services Install and configure ADS Controller software Verify ADS Installation 1 2 3 4 5 For More Information: See “Build Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
17.
18.
19. Install and Configure ADS Controller Software To build your ADS Controller, you perform the following set of tasks: Install the ADS software on the designated ADS controller (ADS component services can be located on multiple servers to increase performance) Configure Controller service discover options Add sample jobs to the Controller Share the Controller certificate 1 2 3 4 Note: It is important to read the Readme file or release notes that accompany the version of ADS that you download
20.
21.
22. Use ADS to Capture and Deploy Images (1 of 2) Create a master image Install an operating system Analyze the master image Install the Administration Agent Run Sysprep Install the IP configuration script 1 2 3 4 5 For More Information: See “Create and Deploy an Image” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
23. Use ADS to Capture and Deploy Images (2 of 2) Capture and deploy a master image Prepare the image capture sequence Run the Utils Capture Sequence (Compaq DL360 computers only) Run the image capture sequence Edit the deployment task sequence Discover and configure devices Run the image capture sequence Deploy an image to a destination device Verify disk images For More Information: See “Create and Deploy an Image” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i 1 2 3 4 5 6 7 8
You can use Automated Deployment Services (ADS) to deploy a single server or thousands of servers. ADS ensures that your security polices are implemented on each system. The bigger the data center you have, the more important it becomes for you to have a standard build system for your servers.
The ADS Web-based interface first shipped with Windows-based Hosting 3.0 and is included with Windows-based Hosting 4.0.
This is a preinstallation for ADS. For number 9, if you have multiple virtual local area networks (VLANS) set up and you are filtering PXE boot requests, the remote target servers will not be able to connect to your ADS server. To enable the remote target servers to connect to your ADS server you must allow PXE boot requests to propagate.
Step 1: The bare metal server PXE boots and connects to the ADS controller to get a task sequence. Step 2: The controller downloads a MS-DOS image for the hardware configuration which loads into a RAM drive on the target server. Step 3: The controller transfers the deployment agent to the RAM disk. Step 4: The agent authenticates and requests an image. Step 5: The encrypted image, sent over Secure Sockets Layer (SSL), is downloaded and deployed in the target server. Step 6: The image is personalized, getting its own name and IP address.
The administrative agent will continue to run after the operating system is installed, causing the servers to PXE boot on reboot. The ADS controller can send out script operations to any number of target servers. Step 1: Initiate script-based administration on thousands of servers from the central controller. Step 2: Gather all task output and store in a database. A report can be generated to find out if the scripts were successful on all the various target servers.
Lets start from the top of the graphic. The ADS Controller server has the ADS MMS Snap-In, the Sequence Editor and a variety of command-line tools, which allow automation. Volume images tools, the controller service, and documentation are also available. The Network Boot Services answer incoming PXE boot requests from servers. The Image Distribution service pulls images out of the image store and sends them out to target devices. A workstation can be used to administer ADS. The ADS MMS Snap-In, Sequence Editor, and the command-line tools can be accessed from the administrator’s workstation.
If you have complex networks with a VLAN or multiple VLANs, you may run into issues with multicast. If this is the case, you may want to set up a build network to do your build on.
If you choose to, you can combine all the roles on one server or you can distribute the roles to multiple servers.
To verify the installation, have a destination server do a PXE boot and verify that it can connect to the network boot service as well as accept jobs from the ADS server.
Starting from the top down: A bare metal system PXE boots and a task sequence is initiated. The task sequence is a series of steps which are stored on the ADS controller that the destination devices retrieve. The controller transfers the deployment to the RAM disk. The deployment agent then authenticates and requests the image. Next, the encrypted image is downloaded and deployed. After the image is deployed, it is personalized and the device boots to the full operating system. The administrative agent continues to run on the server so that the server can be repurposed in the future or scripts can be run against it.
Security Best Practices Turn off the DHCP service and DHCP relay on firewalls Use ADS on secure networks only Use encryption with images Keep images secure Keep the Controller secure Restrict access to ADS to a limited number of users Keep certificates secure Best Practices for Configuring ADS Use the NTFS file system for all ADS volumes Restrict access to tracing log files to members of the Administrators group only Disable the Pre-Boot eXecution Environment (PXE) and use static IP addresses on the servers that host the Controller service, Network Boot Services, and the Image Distribution service Use static IP addresses on the system hosting the ADS services for reliable operation Controller Best Practices Back up the ADS Controller to reduce data loss and downtime Configure all Controller service settings for discovery before turning on new devices Use device variables to personalize the device name when deploying an image Use a default job template suited for the scenario Restrict access to tracing log files to members of the administrator's group only Create certificates in a known secure environment Network Boot Services (NBS) Best Practices Ensure that all servers where you plan to use virtual floppy disk images are PXE-enabled Always run antivirus software to ensure that the virtual floppy disk image source does not have a virus Do not store confidential information in a virtual floppy disk image Do not enable the TFTP upload option on devices Disable the automatic addition of new devices to the Controller Use the appropriate setting for PXEUseDHCPPort Provide the appropriate access to the TFTP directory Use a Static IP address for NBS Best Practices for Images Make sure that images that are captured from a server with an OEM partition are not deployed to a server without an OEM partition Make an image compatible with systems to which it will be deployed