WatItis Network Imaging 2013

Network Based Image Deployment for Linux/Windows Operating Systems

• When: 2:30 PM to 3:15 PM December 3rd 2013
• Where: QNC 1502
• Speaker:
  • Mike Gore
    • Computing Support Specialist
    • David R. Cheriton School of Computer Science

Talk Summary

• Mike will discuss the benefits of network based Image deployment for Linux/Windows operating systems and all key software packages as a time saving measure. Topics will include: Setting up your own PXE boot server and software repository, creating and deploying images, Acronis (Imaging tool), Windows Sysprep (Windows tool used to prepare a system for deployment as a master image) and references to the CSCF online TWIKI documentation.

• Time permitting this session may have a live demonstration.

Why "imaging" - the really big picture

Expectations

• We have students and faculty that expect rich computing environments with all of the bells and whistles tossed in.
• We have many systems to setup and limited time

Basic Problem statement

• Installing computers one at time, from scratch, operating systems, updates and settings can be very time consuming

Can we do it ?

• Desired solution
  • So wouldn't be great if we could somehow take a copy of a fully configured system with multiple operating systems and apply it other machines? Bonus points if we can do this on more than one at a time.
• Is this possible ?
  • Yes! - There are a number of tools and solutions available.
• The goal of this talk is to share some of the solutions and tools we have been using in Computer Science

What kinds of alternatives to manual installation are there?

• Remote software package deployment tools
  • These let you manage the installation of software on remote workstations
• Imaging tools
  • These make an entire copy of an existing systems

Why chose imaging over remote package deployment

• There are cost benefits to each choice
  • Imaging has a much simpler overhead
    • Easy to setup and learn
    • Setup and forget
  • Package deployment allows for continual changes after installation
    • Much more complex to setup and learn
    • Higher degree of flexibility

Experience guides your choices

• In CS we update systems every 4 years
• Observed that most of the packages self update
• Concluded that imaging is good enough in many cases after examining implementation options
  • Does not imply it is the correct choice for you!

What are the main difficulties of imaging?

Windows - Licensing issues and copy protection

• Copy Protection and Licensing/Activation issues to understand.
  • Institutional products generally permit imaging of products
• Consumer software products cannot be imaged
  • • Limited by license terms or by activation restrictions.

Fees to be paid in some cases

• The University through IST has obtained many products whose licensing terms permits imaging.
• This is NOT the same as being free!
• The University Information Systems & Technology group manages licensing.
  • You are still required to verify any costs you are responsible for.
  • Many products are either low cost or covered by a Campus wide agreement.

Licensed software at the University

• https://uwaterloo.ca/information-systems-technology/licensed-software-university-waterloo
• Eligibility: General full-time and part-time faculty, staff and grad students are eligible

Linux Licensing issues - no copy protection

• It is open source - no issues

Hardware driver issues challenges

Windows

• Is extremely sensitive to hardware changes
  • BSOD - (Blue Screen of Death) most common result - rolls over and dies
• Copy protection makes it hard to even image identical systems
• Free Microsoft tool called SYSPREP to the rescue!
  • Using SYSPREP allows Windows systems to be copied to another system
  • On identical systems it works without issue
  • On alien hardware - this can be done with much effort.
    • Hardware specific drivers, utilities and software make this hard.
    • At minimum you need to teach sysprep where the drivers are located. * Write scripts to remove the unwanted software...
    • It is easier to create new images for new hardware in hard cases * You can standardize systems - limiting changes to say once a year

Linux

• You can copy to identical hardware without issue
• You can frequently copy to alien hardware without issue.
• Problems with alien hardware are generally limited to
  • Vender specific drivers called "proprietary drivers".
  • You can avoid this by using the default open source drivers.
  • Unsupported hardware
    • Wireless, Video and USB3 drivers will be the most common.

Minimizing Imaging problems

• Stick with standard configurations that change infrequently
  • Say once per year
  • Advantages
    • You can now put vender specific drivers and software into the image
    • No special post install scripting or configuration

Summary formula for creating a master image in two stages

First - we create a vender neutral configuration

• That is; no special drivers or vender software
  • Hint - I like to use VMWARE to do this.
    • Reason - there is only ONE package to remove later - VMWARE TOOLS
• Install everything licensed or free even if only a few people use it.
  • Installing it now will avoid the time you spend later on multiplied by the size of your user base.
• Perform all updates
• Don't forget the antivirus software when using Windows
• Save this image to an external disk or file server
  • You always want to have a pre-sysprep image
  • Hint I use VMWARE and just take a snapshot
• SYSPREP this image if you have windows
• Save this image to an external disk or file server using an Imaging tool

Second - we customize the image for the target hardware we plan to use

• Install the image on the target hardware
• Add any vender drivers and software
• Save this image to an external disk or file server using an Imaging tool
  • You always want to have a pre-sysprep image
• SYSPREP this image if you have windows
• Save this image to an external disk or file server using an Imaging tool
• You are ready to use it!

Imaging Tools and recommendations

Recommendations

• Try Clonezilla - it is now a mature product.
  • When we started imaging (many years ago) this option was not viable.

Clonezilla

• Costs
  • Free!
• Web site: http://clonezilla.org/
• Screen shots
  • http://clonezilla.org/screenshots/?in_path=/00_Clonezilla
• Features
  • Can image and restore both Windows and Linux systems
  • Recover/backup
  • PXE bootable
  • Multicast
  • Supports a wide range of file systems
  • Backup only parts of the disk that are used
• Limitations
  • Cannot restore to smaller disks or partitions

Acronis Backup and Recovery

• Costs money
  • Various Licensing options - not cheap
• Web site
  • http://www.acronis.com/
• Screen shots
  • https://cs.uwaterloo.ca/twiki/view/CF/Acronis10
• CS Web Site Documents
  • https://cs.uwaterloo.ca/twiki/view/CF/ImageDeploymentAcronis
• Features
  • Can image and restore both Windows and Linux systems
  • Recover/backup
  • Supports a wide range of file systems
  • PXE bootable

Windows Specific Tools

• Sysprep
  • https://cs.uwaterloo.ca/twiki/view/CF/SysPrep
  • Permits a Windows system to be imaged
  • In the extreme simple case you just run it without any options.
    • After booting a system image this way you only greeted with a few questions
      • User Agreement, Region, Time, userid and password
  • You can specify all of the settings in file called the optional unattended file.
• BCDEDIT
  • Lets Windows boot other operating systems
  • https://cs.uwaterloo.ca/twiki/view/CF/GRUB2WINDOWS7

Linux Specific Tools

• Rsync and Grub
  • Don't even have to create an image - just use the rsync command to clone the system
• RIP - Recovery Is Possible
  • A Swiss Army Knife Linux image with large number of useful tools
    • https://cs.uwaterloo.ca/twiki/view/CF/RIP
    • PXE/USB/CD bootable image that runs just in ram
    • We can copy a real host with this tool using rsync into or out of a VM for testing
    • We can also use it to backup and repair Windows and Linux systems
• GRUB2 - Grand Unified boot loader
  • https://cs.uwaterloo.ca/twiki/view/CF/GRUB2
  • Documents how to repair a system that will not boot
  • Boot multiple operating systems
• Scripts to setup a Linux system with all of the packages we like
  • https://cs.uwaterloo.ca/twiki/view/CF/UbuntuImageCreation
    • Scripts can be downloaded from the TWIKI
  • https://cs.uwaterloo.ca/twiki/view/CF/UbuntuScripts

Image Creation Environments

• VMWARE workstation
  • https://cs.uwaterloo.ca/twiki/view/CF/VMwareWorkstation
  • Fantastic for creating initial images
    • Snapshot feature allows you to try multiple configurations
    • You can use sysprep and the imaging tools from within this environment
    • Aside: Using Windows in a virtual machine under Linux makes imaging trivial - just copy the VM files.

Network Image Server Overview

• Runs Ubuntu Linux using free open source packages
• Summary things we needed to configure
  • Samba - windows file server
    • Many of the imaging tools use Samba file shares
  • NAT Firewall - one IP serves many machines - protects them prior to patching, etc.
    • https://cs.uwaterloo.ca/twiki/view/CF/NatMasqFirewallExample
  • NFS - for live booting Linux Images
    • https://cs.uwaterloo.ca/twiki/view/CF/PXELiveBoot
  • PXE booting - for network booting
    • https://cs.uwaterloo.ca/twiki/view/CF/PXEBootFilesExample
  • DNS service - to provide name service to the private network
    • https://cs.uwaterloo.ca/twiki/view/CF/DNSMASQ
  • Accounts for staff to access network images during imaging
• Our CS server (needs updating)
  • https://cs.uwaterloo.ca/twiki/view/CF/CSApplicationServer

Services Detail

• DNSMASQ package PXE, DNS and TFTPBOOT services
  • https://cs.uwaterloo.ca/twiki/view/CF/DNSMASQ
    • We have actual examples and tools to make this easy for you to setup
  • Provides PXE, DNS, and TFTPBOOT services - the main core network image server
  • Lets you boot most modern computers via the network
• NAT Firewall using iptables
  • https://cs.uwaterloo.ca/twiki/view/CF/NatMasqFirewallExample
    • Actual examples and tools to make this easy to setup
  • Create a private network and firewall to project the server and clients during the imaging process

• PXE Live Booting
  • https://cs.uwaterloo.ca/twiki/view/CF/PXELiveBoot
    • Actual examples and tools to make this easy to setup
  • Setup network bootable Linux Live Boot images
  • Most modern computers can PXE boot
    • It must be enable in the BIOS
      • Look for BBS popup on many systems - this gives you the option to boot from any device
      • Differing systems use various function keys to activate this during boot.
      • Most common is F12 or F8 but you will see ESC and F11 on some systems

External References

TWIKI Links

* Links used in this talk

• https://cs.uwaterloo.ca/twiki
• https://cs.uwaterloo.ca/twiki/view/CF/Acronis10
• https://cs.uwaterloo.ca/twiki/view/CF/CSApplicationServer
• https://cs.uwaterloo.ca/twiki/view/CF/DNSMASQ
• https://cs.uwaterloo.ca/twiki/view/CF/GRUB2
• https://cs.uwaterloo.ca/twiki/view/CF/GRUB2WINDOWS7
• https://cs.uwaterloo.ca/twiki/view/CF/ImageDeploymentAcronis
• https://cs.uwaterloo.ca/twiki/view/CF/NatMasqFirewallExample
• https://cs.uwaterloo.ca/twiki/view/CF/PXEBootFilesExample
• https://cs.uwaterloo.ca/twiki/view/CF/PXELiveBoot
• https://cs.uwaterloo.ca/twiki/view/CF/RIP
• https://cs.uwaterloo.ca/twiki/view/CF/SysPrep
• https://cs.uwaterloo.ca/twiki/view/CF/UbuntuImageCreation
• https://cs.uwaterloo.ca/twiki/view/CF/UbuntuScripts
• https://cs.uwaterloo.ca/twiki/view/CF/VMwareWorkstation

IST software information and Licensing links

• https://uwaterloo.ca/information-systems-technology/
  • Main page
• https://uwaterloo.ca/information-systems-technology/services/category/266
  • Software
• https://uwaterloo.ca/information-systems-technology/services/licensed-software
  • Who can use it
• https://uwaterloo.ca/information-systems-technology/licensed-software-university-waterloo
  • Licensed Software List and Agreements
• https://uwaterloo.ca/information-systems-technology/licensed-software-university-waterloo/university-waterloo-site-licensed-software-microsoft-campus
  • University of Waterloo Site Licensed Software: Microsoft Campus Agreement FAQ

Optional Hand On

• BIOS Boot Menu

• PXE Boot Menu

PXE Booting Acronis

• PXE Acronis Boot Menu

• Acronis Boot - network settings

• Acronis 10 Main screen

• Connect to Server

• Find the Archive

• Restore

PXE Live Boot

• PXE Live Boot Menu

• Live Boot Ubuntu 14.04 prerelease

Questions ?