WBH 4.0 Mod 6 - Server Purposing.ppt
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

WBH 4.0 Mod 6 - Server Purposing.ppt

on

  • 783 views

 

Statistics

Views

Total Views
783
Views on SlideShare
783
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • You can use Automated Deployment Services (ADS) to deploy a single server or thousands of servers. ADS ensures that your security polices are implemented on each system. The bigger the data center you have, the more important it becomes for you to have a standard build system for your servers.
  • The ADS Web-based interface first shipped with Windows-based Hosting 3.0 and is included with Windows-based Hosting 4.0.
  • This is a preinstallation for ADS. For number 9, if you have multiple virtual local area networks (VLANS) set up and you are filtering PXE boot requests, the remote target servers will not be able to connect to your ADS server. To enable the remote target servers to connect to your ADS server you must allow PXE boot requests to propagate.
  • Step 1: The bare metal server PXE boots and connects to the ADS controller to get a task sequence. Step 2: The controller downloads a MS-DOS image for the hardware configuration which loads into a RAM drive on the target server. Step 3: The controller transfers the deployment agent to the RAM disk. Step 4: The agent authenticates and requests an image. Step 5: The encrypted image, sent over Secure Sockets Layer (SSL), is downloaded and deployed in the target server. Step 6: The image is personalized, getting its own name and IP address.
  • The administrative agent will continue to run after the operating system is installed, causing the servers to PXE boot on reboot. The ADS controller can send out script operations to any number of target servers. Step 1: Initiate script-based administration on thousands of servers from the central controller. Step 2: Gather all task output and store in a database. A report can be generated to find out if the scripts were successful on all the various target servers.
  • Lets start from the top of the graphic. The ADS Controller server has the ADS MMS Snap-In, the Sequence Editor and a variety of command-line tools, which allow automation. Volume images tools, the controller service, and documentation are also available. The Network Boot Services answer incoming PXE boot requests from servers. The Image Distribution service pulls images out of the image store and sends them out to target devices. A workstation can be used to administer ADS. The ADS MMS Snap-In, Sequence Editor, and the command-line tools can be accessed from the administrator’s workstation.
  • If you have complex networks with a VLAN or multiple VLANs, you may run into issues with multicast. If this is the case, you may want to set up a build network to do your build on.
  • If you choose to, you can combine all the roles on one server or you can distribute the roles to multiple servers.
  • To verify the installation, have a destination server do a PXE boot and verify that it can connect to the network boot service as well as accept jobs from the ADS server.
  • Starting from the top down: A bare metal system PXE boots and a task sequence is initiated. The task sequence is a series of steps which are stored on the ADS controller that the destination devices retrieve. The controller transfers the deployment to the RAM disk. The deployment agent then authenticates and requests the image. Next, the encrypted image is downloaded and deployed. After the image is deployed, it is personalized and the device boots to the full operating system. The administrative agent continues to run on the server so that the server can be repurposed in the future or scripts can be run against it.
  • Security Best Practices Turn off the DHCP service and DHCP relay on firewalls Use ADS on secure networks only Use encryption with images Keep images secure Keep the Controller secure Restrict access to ADS to a limited number of users Keep certificates secure Best Practices for Configuring ADS Use the NTFS file system for all ADS volumes Restrict access to tracing log files to members of the Administrators group only Disable the Pre-Boot eXecution Environment (PXE) and use static IP addresses on the servers that host the Controller service, Network Boot Services, and the Image Distribution service Use static IP addresses on the system hosting the ADS services for reliable operation Controller Best Practices Back up the ADS Controller to reduce data loss and downtime Configure all Controller service settings for discovery before turning on new devices Use device variables to personalize the device name when deploying an image Use a default job template suited for the scenario Restrict access to tracing log files to members of the administrator's group only Create certificates in a known secure environment Network Boot Services (NBS) Best Practices Ensure that all servers where you plan to use virtual floppy disk images are PXE-enabled Always run antivirus software to ensure that the virtual floppy disk image source does not have a virus Do not store confidential information in a virtual floppy disk image Do not enable the TFTP upload option on devices Disable the automatic addition of new devices to the Controller Use the appropriate setting for PXEUseDHCPPort Provide the appropriate access to the TFTP directory Use a Static IP address for NBS Best Practices for Images Make sure that images that are captured from a server with an OEM partition are not deployed to a server without an OEM partition Make an image compatible with systems to which it will be deployed

WBH 4.0 Mod 6 - Server Purposing.ppt Presentation Transcript

  • 1. Planning and Deploying Server Purposing Solution Training: Microsoft Solution for Windows-based Hosting version 4.0 November 2006
  • 2. Module Overview
    • Overview of Server Purposing
    • What’s New in Server Purposing?
    • Getting Started with Server Purposing
    • Build Server Purposing
    • Use Server Purposing
    • Best Practices for Server Purposing
  • 3. Overview of Server Purposing
    • Server purposing uses Microsoft Automated Deployment Services (ADS), a server deployment tool included with Microsoft Windows Server® 2003. With server purposing you can do the following:
      • Prepare and configure multiple servers from bare metal to fully operational servers without manual interaction
      • Ensure your security policies and processes are implemented on each system
      • Ensure a consistent, standardized build process
  • 4. Introduction to Automated Deployment Services
    • You can use ADS to:
      • Mount an image as a file and edit the image
      • Remotely purpose a device that has no operating system to a useful state or repurpose a device from one state to another state
      • Run extensible and configurable operations, such as scripts, on one or more systems from a single administration point
      • Use the ADS Microsoft Windows® Management Instrumentation (WMI) Object Model to build custom applications
  • 5. Benefits of Server Purposing Through the reliable remote execution framework, ADS enhances existing scripting investments and extends your ability to administer hundreds of servers. Powerful, mass server administration ADS offers a simple-to-use graphical user interface, a set of command-line tools, and a rich WMI program interface. Easy integration through a choice of user interfaces An intelligent Pre-Boot eXecution Environment (PXE) server and dynamically built deployment agent enable remote server builds of PXE-compliant bare metal boxes, reducing the cost to deploy servers. Significant reduction of server deployment cost Using Virtual Floppy, ADS incorporates standard server vendor MS-DOS® tools into the deployment process to automate hardware configuration. Simpler hardware configuration Consistent record of administrative history Flexibility and agility through new imaging tools Consistency in provisioning servers, less human error BENEFITS ADS offers a centralized data store to maintain a complete history of all administrative tasks carried out using the ADS infrastructure. Powerful new tools built by Microsoft use knowledge of the NTFS file system structure to create smaller images that can be updated and edited without first being deployed to a server. Through powerful task sequence-driven automation, sample task sequences can be extended to automate hardware configuration, operating system deployment, and application installation, enabling you to encode your organization's operational practices and eliminate human error. DESCRIPTION
  • 6. What’s New in Server Purposing?
    • Windows-based Hosting version 4.0 uses the latest version of ADS, ADS 1.1
    • ADS version 1.1 includes:
      • A rollup of bug fixes
      • Support for x64 platforms
  • 7. Server Purposing Features
    • The Microsoft Solution for Windows-based Hosting version 4.0 contains these server purposing features:
      • ADS Web
        • This extensible Web-based user interface provides easier remote administration of ADS and additional functionality
      • Unattended installation
        • This installation option enables you to use ADS to deploy an operating system to servers (devices) with varying hardware configurations
      • Sample scripts and task sequences
        • ADS now includes sample scripts and task sequences you can use and edit to perform common ADS operations
    For More Information: See the Advanced Server Purposing Topics section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
  • 8. Getting Started with Server Purposing Install Windows Server 2003, Enterprise Edition on the server on which you will install ADS. 11. ADS targets and the ADS controller must have the system basic input/output system (BIOS) clocks in close synchronization (within approximately 30 minutes). Typically, new hardware may have the BIOS clock set to an odd or random value. 10 Ensure that the ADS services, the devices, and the Dynamic Host Configuration Protocol (DHCP) server are all part of the same network. 9. Verify that the volumes where you plan to install ADS are formatted with the NTFS file system. 8. Determine whether PXE is in use in your data center. If so, you need to isolate PXE requests from the devices you plan to use with ADS from the rest of the network. 4. Determine if there is an existing public key infrastructure (PKI) you want to use. If not, ADS will create certificates for you. 6. Ensure that you have a single, 100-megabits per second (Mbps) or faster network to connect all devices, ADS servers, and the Dynamic Host Configuration Protocol (DHCP) server. 1. Determine which database you want to use with the Controller service. You can use Microsoft SQL Server™ Desktop Engine (MSDE), which is included with ADS, or an existing Microsoft SQL Server 2005 server. 5. 7. 3. 2. STEP Confirm that your systems meet the requirements for ADS components. If you plan to capture and deploy images using ADS, ensure that a DHCP server is deployed in the data center. If not, you must add a DHCP server. If you plan to only install the Controller and Administrative Agent to create a scripting environment, a DHCP server is not required. Determine whether you will install all of the ADS services on a single server or whether you plan to distribute the Controller service, the Image Distribution service (IDS), and Network Boot Services (NBS) on two or three servers. DESCRIPTION For More Information: See “Get Started with Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
  • 9. ADS Hands-off Imaging
    • Zero-touch server builds from bare metal
    Database Hard Disk RAM PXE Firmware Logs All Activity ADS Controller Bare metal server PXE boots and task sequence is initiated Controller transfers deployment agent to RAM disk Controller downloads MS-DOS image for hardware configuration 1 Deployment agent authenticates/requests image Image is personalized and boots to full operating system with administration agent Encrypted image is downloaded and deployed Possibly Multicast Secure Sockets Layer (SSL) Administration Agent Windows-Present Deployment Agent Pre-Operating System Target Server 2 3 4 5 6
  • 10. Script-based Administration SSL Initiate script-based administration on thousands of servers from the central controller Gather all output from task and store in database Administer 1,000 servers as easily as 1 server Database ADS Controller Administration Agent Target Server Administration Agent Administration Agent Log All Activity Send Job (Script/Path) 1 2
  • 11. ADS Architecture Single Server Documentation Administrative Tools ADS Management Snap-in Sequence Editor Command-line Tools Workstation ADS Controller Server Documentation Administrative Tools ADS Management Snap-in Sequence Editor Command-line Tools Volume Imaging Tools Network Boot Services Sample Scripts Image Distribution Service DHCP Server Devices Controller Database Controller Service Image Store
  • 12. Computers That Host the ADS Services
    • ADS Services consist of the Controller service, Network Boot Service, and Image Distribution service. Computers that host the ADS services must meet these requirements:
    For More Information: See “System Requirements for Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i As an alternative, for operation without a monitor or keyboard, you can choose a remote diagnostic and support processor that is designed for products in the Windows Server 2003 family VGA or higher-resolution monitor Monitor Requires server from which to offer network access for the setup files For network installation Network Interface Card (NIC) For CD installation Volume licensing with a single product ID recommended 256 megabytes (MB) of RAM recommended 2 gigabytes (GB) free space for setup; additional for images Windows Server 2003, Enterprise Edition R2 1 gigahertz (GHz) minimum x86-based architecture DESCRIPTION Windows-based Hosting recommends a 5-GB partition for the operating system source image Hard disk License ADS 1.1 supported on the 64-bit Itanium-based architecture Processor Up to 32 GB of RAM supported; for computers with more than 4 GB, confirm hardware compatibility Memory CD-ROM Operating system Processor speed COMPONENT Can also use a DVD drive ADS 1.1 supported on the 64-bit version Enterprise Edition Intel, Advanced Micro Devices (AMD), or compatible recommended NOTES
  • 13. Computers Used to Remotely Administer ADS
    • You can install the ADS volume imaging tools, administration tools, and documentation on a separate x86-based computer and use it to remotely administer ADS. The workstation must run the English, Japanese, or German version of one of the operating systems listed in the following table:
    For More Information: See “System Requirements for Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i R2 release R2 release Service Pack 1 or later Service Pack 4 or later Service Pack 4 or later Service Pack 4 or later SERVICE PACK Requires downloading and installing the .NET Framework runtime version 1.1 to run the Sequence Editor Windows XP Professional Windows Server 2003, Enterprise Edition Requires downloading and installing the .NET Framework runtime version 1.1 to run the Sequence Editor Windows 2000 Professional The required version of the .NET Framework runtime is included Windows Server 2003, Standard Edition Windows 2000 Advanced Server Windows 2000 Server OPERATING SYSTEM NOTES
  • 14. Computers Used As Devices
    • You can use ADS to administer x86-based computers that are devices in your network and that meet the requirements listed in the table:
    For More Information: See “System Requirements for Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
    • Dell PowerEdge 2650 update
    • Compaq/Hewlett-Packard ProLiant DL360 G2 servers
    Updated BIOS for certain servers functioning as devices
    • Windows 2000 Server with Service Pack 4 or later
    • Windows 2000 Advanced Server with Service Pack 4 or later
    • Windows Powered with Service Pack 4 or later
    • Windows Server 2003, Standard Edition
    • Windows Server 2003, Web Edition
    • Windows Server 2003, Enterprise Edition
    Windows operating system Pre-Boot eXecution Environment (PXE) Administration Agent REQUIREMENTS
    • Version 0.99c or later enabled network adapter
    DESCRIPTION
  • 15. Computers in a Network
    • Make sure computers in your network meet the requirements shown in the table:
    For More Information: See “System Requirements for Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i DHCP server software comes with Windows 2000 Advanced Server or Windows Server 2003, Enterprise Edition. DHCP server can be an existing DHCP server in the test network or DHCP services can be installed on the same computer running the ADS Controller service Multicast Domain: Hosts listen for specific IP multicast address and receive all information for that address. All devices in the network must reside in the same multicast domain as the Imaging Distribution service All services and devices must be connected to the same network All devices in the network must reside in the same broadcast domain as the ADS PXE service and DHCP server REQUIREMENTS If the ADS services are installed on separate servers, they must communicate over the same network adapter to access the devices on the network. Broadcast Domain: All the hosts on the same physical network bounded by IP routers share the same broadcast traffic. NOTES
  • 16. Build Server Purposing To build your ADS Controller, you perform the following set of tasks: Ensure prerequisites are met Install Windows Server 2003, Enterprise Edition R2 Add and configure DHCP services Install and configure ADS Controller software Verify ADS Installation 1 2 3 4 5 For More Information: See “Build Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
  • 17. Install Windows Server 2003, Enterprise Edition
    • Perform a default installation of Windows Server 2003, Enterprise Edition R2
    • Apply any released updates to Windows Server 2003
  • 18. Add and Configure DHCP Services
    • Before building your server hosting the ADS controller, configure DHCP to use Network Boot Services (NBS)
    • If DHCP is not currently installed on ADSC01, add DHCP to the server and configure DHCP with addresses on your provisioning network for the DNS server and the domain (fabrikam.com)
    Note: If DHCP is installed prior to installing ADS, the ADS Installation wizard will modify DHCP to work properly
  • 19. Install and Configure ADS Controller Software To build your ADS Controller, you perform the following set of tasks: Install the ADS software on the designated ADS controller (ADS component services can be located on multiple servers to increase performance) Configure Controller service discover options Add sample jobs to the Controller Share the Controller certificate 1 2 3 4 Note: It is important to read the Readme file or release notes that accompany the version of ADS that you download
  • 20. Verify ADS Installation
    • Verify the installation of ADS by running jobs on a destination device
    • Perform the following tests:
      • Confirm the Controller service discovery options
      • Run the PXE boot verification test
      • Verify the PXE boot and Controller functionality
  • 21. Use Server Purposing
    • Overview of capturing and deploying images
      • Flexible image capture
        • Local (using Windows Preinstallation Environment [Windows PE]) or Remote (using deployment agent)
          • Requires Sysprep (included in Windows Server)
      • Hardware independence
        • With Sysprep, you only need one image per Hardware Abstraction Layer (HAL)
          • Computers not compliant with Advanced Configuration and Power Interface (ACPI) will require different image
          • Single-processor computers will have degraded performance running images with multiprocessor HALs
      • Versatile set of imaging tools
        • Imaging can be driven from the Microsoft Management Console (MMC), command-line tools, or Web interface (ADS Web)
    For More Information: See “Create and Deploy an Image” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
  • 22. Use ADS to Capture and Deploy Images (1 of 2) Create a master image Install an operating system Analyze the master image Install the Administration Agent Run Sysprep Install the IP configuration script 1 2 3 4 5 For More Information: See “Create and Deploy an Image” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
  • 23. Use ADS to Capture and Deploy Images (2 of 2) Capture and deploy a master image Prepare the image capture sequence Run the Utils Capture Sequence (Compaq DL360 computers only) Run the image capture sequence Edit the deployment task sequence Discover and configure devices Run the image capture sequence Deploy an image to a destination device Verify disk images For More Information: See “Create and Deploy an Image” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i 1 2 3 4 5 6 7 8
  • 24. How ADS Deploys an Operating System
  • 25. Common ADS Tasks
    • The ADS product documentation provides descriptions on how to perform these common ADS tasks:
      • Configure ADS services
      • Manage Network Boot Services
      • Manage images
      • Manage devices
      • Manage sets
      • Manage jobs
      • Manage job templates
      • Manage ADS certificates
      • Back up and restore ADS
    For More Information: See the Windows Server 2003 Automated Deployment Services Web site at http://www.microsoft.com/windowsserver2003/technologies/management/ads/default.mspx i
  • 26. Best Practices for Server Purposing
    • Security Best Practices
    • Best Practices for Configuring ADS
    • Controller Best Practices
    • Network Boot Services (NBS) Best Practices
    • Best Practices for Images
    For More Information: See “Best Practices for Server Purposing” in the Server Purposing section of the Microsoft Solution for Windows-based Hosting version 4.0 documentation i
  • 27. Questions and Answers
  • 28. © 2006 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Schedules and features contained in this document are subject to change. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, places, or events is intended or should be inferred.