Solved

Solution for MDT / SCCM integrated PXE Boot across slow WAN segments?

Posted on 2013-11-19
7
2,596 Views
Last Modified: 2013-12-02
Hello folks!  I am working with some constraints with booting PXE images (LiteTouch style from MDT 2013) in a multiple site, poor-WAN-interconnect-speed scenario.  

I may only use one WDS server for this environment (directives of centralized servers), but I'd like to avoid having the PXE clients have to TFTP the boot image across the slow WAN links.  Our DHCP solution, thankfully, will allow for different DHCP options and server targets per network segment.

Can anyone recommend some workstation-level PXE/TFTP software that would allow for PXE boot clients to transfer boot images inside the same segment?  I will already be having a "Linked Deployment Share" hosting Workstation on each segment to minimize WAN usage for deployment.  These workstations are likely going to be running Windows 7 Pro x64.

Thanks in advance for your suggestions and shared experiences!  Any other tips for multiple segment, centralized MDT/WDS server scenarios would be appreciated.
0
Comment
Question by:murraybd
  • 3
  • 3
7 Comments
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 39662235
You can install MDT on a old desktop.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39662563
You can use Philippe Jounin's TFTP32 utility (DHCP/PXE/TFTP server).
http://tftpd32.jounin.net/


Yet, be aware:
avoid setting DHCP options 66 or 67 centrally, since the PXE server (MDT/SCCM, WDS, whatever) can conflict with these options. A real PXE server is made mainly to set DHCP options 66 and 67 in DHCP OFFER messages that do not contain a client IP address offer (they just contain the PXE related details). If you set DHCP options 66 and 67 directly in dhcp scopes, they will have precedence over whatever the PXE server sent.
More details about that in my article and its comments:
http://www.experts-exchange.com/Networking/Misc/A_2978-PXEClient-what-is-it-for-Can-I-use-PXE-without-it.html

There seem to be a resource for implementing MDT with an external PXE server here:
http://c-nergy.be/blog/?p=2026

I did not try it myself, but I can tell you that you must avoid setting DHCP options 66, 67 and 43 directly in DHCP (unless you do not have a true PXE server locally).
0
 

Author Comment

by:murraybd
ID: 39663079
In the scenario so far, each building location (LAN segment) would NOT have its own "True" PXE server (hence the requirement for something that lives on each of the site LinkedDeploymentShare workstations).
The DHCP options are set by a centralized appliance, but we can set different option values per scope/segment.

If I understand correctly, the local PXE daemon would look for PXE-related DHCPRequests, pass them along for actual IP address values, and then set its own 66/67 values?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 16

Expert Comment

by:vivigatt
ID: 39663151
You should be able to specify the location of the images for each segment so that each segment uses a local repository. In the past, a simple network shared folder used to work.

Then you would have a central DHCP/ and PXE server, the latter being configured so that each client nodes accesses a local server for the image files

Regarding your question regarding PXE/DHCP interaction, here is a good page:
http://www.intel.com/support/network/sb/CS-028533.htm

Note that with some implementations of PXE Service, the PXE Server can send a DHCP ACK (or even DHCP OFFER) on its own, without any IP address or lease details, without monitoring the other DHCP messages.
0
 

Author Comment

by:murraybd
ID: 39676229
Based on some further inspection of how things are set up in this particular network, the main server performing the MDT steps may not even end up acting as the PXE server.

Looks like the InfoBlox appliance used can specify BOOTP options per segment, which is how I imagine this would have to be broken down.  The objective is to use the slow WAN links for as little data transfer as possible during the deployment sequence.
I've got the tftpd service running on a test workstation; just need to figure out the settings in the InfoBlox to direct PXE downloads towards it.

And as a side note, I'm learning about more of the limitations of DFS-R ( I was planning to use a differential copy method across the slow WAN links ).
Side Question: Is it true that all the machines in a MS Server 2008 R2 Replication Group must be running the Server flavour of OS?  There is a ban on having ServerOS machines outside of the centralized facility (quite strange with weak WAN links, I know).

From what I understand, the Linked Deployment Share feature of MDT itself doesn't do Remote Differential Compression (RDC).
0
 
LVL 16

Accepted Solution

by:
vivigatt earned 500 total points
ID: 39676276
OK, so you could go without a true PXE server actually.
Set Bootp options (OR DHCP 66 and 67 options) on each dhcp instance so that each client stays local.
Yet, I am not sure that MDT can manage each local repository this way.
I would recommend reading the following:
http://www.nullsession.com/index.php/2010/03/deploying-windows-at-multiple-locations-with-tftpd-and-mdt/
As the author said, "This installation of MDT is very basic without drivers or database and all the other stuff you can throw at it, but it’ll get you started at least..."

Regarding your other questions, this would require a little investigation for me, but maybe another expert knows better.
0
 

Author Comment

by:murraybd
ID: 39690553
Looks like this method of using tftpd as target and the BOOTP options on the DHCP devices will be the way to go for this method.

MDT can do linked deployment shares, where it replicates the data to additional UNC paths.
However, it doesn't use block-based remote differential compression, so I'll be using a different tool to handle the replication across slower WAN links.

Thanks again for the help!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now