Deploying Windows Server 2003 Using ADS Page 2
Image Distribution Service
Image Distribution Service (IDS) manages storage of operating system images and their distribution to managed devices. ADS provides its own set of imaging tools (such as Imgdeploy, ImgMount, and Adsimage), that generally follow the same principle as other programs in this category. They capture content of a drive containing installation of an operating system (after adding to it Sysprep components, install ADS Administration Agent, register it with the Controller Service, verify its proper operations, and trigger-capture from the Controller Service) on a reference computer into a file. It can then be copied to another device resulting in a new, fully functional installation.
The tools, however, also feature a number of functionality, efficiency, and security improvements. In particular:
- Imgdeploy offers built-in compression and encryption, as well as automatic defragmentation of files contained within the image during its copy to a target system.
- Imgmount enables the mounting of existing images, thus eliminating the need to maintain the reference computer. It also allows direct modification of file system on the resulting volume, and storing of changes in a new version of the image.
- Adsimage sports both command-line and Microsoft Management Console interfaces, allowing the review and management of images (including their deletion or property updates).
Image deployment is easily managed (a single image can be delivered in a single operation to up to 128 devices), efficient (it supports unicasting and multicasting, as well as bandwidth throttling), and secure (via Secure Sockets Layer connections).
As mentioned earlier, Controller Service communicates also with ADS Deployment and Administration Agents residing on managed devices, which handle remote deployment and administration (respectively). More specifically, the former (which, in essence, consists of memory-resident cut-down version of Windows 2003 Server) is loaded into memory of PXE-capable devices, partitions the hard drives, and initiates full operating system image load, or performs described earlier virtual floppy-based functions (such as BIOS upgrade or RAID configuration). It can also facilitate the remote capture of images. The primary purpose of the latter, which gets added to every image and loads as one of services running within operating system boundaries, is to assist with post-deployment maintenance tasks.
Remote administration covers not only Windows server rollouts or hardware configuration and maintenance, but also running sequenced tasks against managed devices. Their processing can take place locally on the controller system, or it can be launched directly on target systems. Such tasks might include executing local or network-based Windows applications or scripts. If required, scripts can be downloaded prior to their invocation. Task sequences (referred to as jobs) stored in XML-formatted files are created using ADS Sequence Editor, a graphical utility included with ADS Controller Service. XML authoring program can also be invoked for such tasks.
A number of predefined templates simplify the implementation of jobs handling typical deployment procedures and administration procedures (stored in Program FilesMicrosoft ADSSamplesSequences). An administrative interface is available in graphical (ADS Microsoft Management Console snap-in) and command-line formats.
The interfaces include utilities, such as ADSDevice (managing device records) or ADSArchive (archiving completed task sequences), in addition to the previously described Adsimage, DskImage, Imgdeploy, and Imgmount. Furthermore, ADS makes its functionality available via Windows Management Interface, facilitating the development of custom code, using both scripting and programming languages. Administration can be performed, with graphical or command line utilities, remotely from any system running Windows 2000 Professional, Server, or Advanced Server, Windows XP Professional SP1, as well as Standard or Enterprise Edition of Windows 2003 Server.
As with RIS, Microsoft DHCP Server is required for subnets where devices deployed and managed by the Controller Service are located. The devices should also be in the same broadcast domain as the Network Boot Service and share multicast domain with Image Distribution Service. The ADSDHCPConfig utility (included in the set of ADS administrative tools) helps assign ADS-specific settings on the DHCP server, including option 60, which is intended for PXE-enabled boot process. For the purpose of storing configuration data and task logs for managed devices, you will need to have access to either Microsoft SQL Server Desktop Engine 2000 (which is included with the installation files) or SQL Server 2000 (database is created automatically during ADS setup).
Despite bandwith-saving optimizations (e.g., throttling and support for multicasting), the network must be reliable and relatively fast (at least 10 Mbps). Bear in mind that image copying does not handle connectivity interruptions gracefully. Controller Service hardware should include sufficient processing power capable of dealing with heavy processing load caused by imaging activities (primarily compression and encryption) and plentiful disk space. This is especially true if you anticipate a large number of images.
Ensure that your servers hardware BIOS options are set to attempt boot from the network first; otherwise you'll need to rely on someone pressing F12 key at the console during their installation.
The current version of Automated Deployment Services (1.1) is available from the download section of Microsoft Web site. The download consists of a single file ADS_VSMT_1.1.exe, which, when executed, creates a folder structure that can be used for the setup. Launching the ADSSetup.exe displays the Windows 2003 Automated Deployment Services Setup Welcome page, from which you can proceed with steps necessary to complete the installation.
If no instances of SQL Server can be invoked to create a database to store records of managed devices, first select "Install Microsoft SQL Server Desktop Engine SP4". Once this is done, choose the "Install Automated Deployment Services" entry, which triggers Automated Deployment Services Setup Wizard. The wizard-driven process is fairly straightforward and provides the ability to perform full or custom installation. It also allows an "Administrative tools only" limit to be set. It prompts for the location of the SQL Server database (as indicated earlier) and path to the Windows setup files (content of the Windows 2003 Server CD). You can also automatically configure Network Boot Services and DHCP service. This results in addition of option 60 for PXE clients.
If you are a licensed user of Windows PE 2005, you can also create the Windows Preinstallation Environment repository that the Network Boot Service (in lieu of Deployment agent) will subsequently use during image rollouts and Virtual Floppy operations. This can also be done with command-line utilities after the setup completes.
To verify whether the outcome was successful, launch the ADS Management console from the Microsoft ADS group in the All Programs menu and check the State column of three entries in its Services node. The installation process also includes the ADS Administration Agent. Be sure to review settings on the Service tab of the Controller Service Properties dialog box and confirm they are configured as required (e.g., determine the default template for controlled devices, whether MAC address or SMBIOS GUID will be the identifier, and whether newly discovered PXE systems will be automatically added to the console or ignored).
Loading Administration Agent on existing devices (such as a reference system where images are captured) tends to be a bit cumbersome, since it requires executing setup program (ADSAgentSetup.msi or ADSSetup.exe) on each.
During setup, be sure to specify the path to PKI certificate (used for the purpose of encrypting communication) that is generated on the ADS Controller during its installation (residing, by default, in the Program FilesMicrosoft ADSCertificate folder). If the Windows Firewall is enabled on Windows Server 2003 SP1 systems, you must also explicitly allow traffic on UPD port 8198.
Fortunately, these steps are not required on systems deployed via Image Distribution Service, where the agent is automatically included, and the proper ports are opened as part of the default configuration.
Deploying an operating system image requires registering target devices with Controller Service system (e.g., from MMC ADS console or with Adsdevice command-line utility using its MAC addresses or SMBIOS GUIDs); assigning them a job that encompasses the necessary tasks (which can be based on the da-deploy-image-wg.xml template and covers such actions as booting into the ADS Deployment Agent, disk partitioning, image download, and hard drive reboot); and powering them. Customization of the process (by assigning to every installation instance unique values such as product key, the local administrator's password, or machine name) is handled by defining them on the User Variables tab of each device Properties dialog box in the ADS Management console.
Additional steps may be required when implementing Automated Deployment Services on servers from some hardware vendors. For more information on this subject, refer to the Automated Deployment Services Original Equipment Manufacturers page on the Microsoft Web site or contact the vendor directly.