Upload File

deployment guide series tivoli provisioning manager for os deployment v5.1 sg247397

  • Home
  • Technology
  • Deployment guide series tivoli provisioning manager for os deployment v5.1 sg247397
520
ibm.com/redbooks Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1 Vasfi Gucer Damir Bacalja Dominique Bertin Richard Hine Scott M Kay Francesco Latino Insider’s Guide to TPM for OS Deployment Learn how to migrate to VISTA easily Best practices for large deployments

Upload: banking-at-ho-chi-minh-city

Post on 20-Aug-2015

2.536 views

Category:

Technology


2 download

Report

Tags:

TRANSCRIPT

  1. 1. Front coverDeployment Guide Series:Tivoli Provisioning Managerfor OS Deployment V5.1Insiders Guide to TPM for OSDeploymentLearn how to migrate to VISTAeasilyBest practices for largedeployments Vasfi Gucer Damir BacaljaDominique BertinRichard Hine Scott M KayFrancesco Latinoibm.com/redbooks
  2. 2. International Technical Support OrganizationDeployment Guide Series: Tivoli ProvisioningManager for OS Deployment V5.1May 2007 SG24-7397-00
  3. 3. Note: Before using this information and the product it supports, read the information in Notices on page ix.First Edition (May 2007)This edition applies to IBM Tivoli Provisioning Manager for OS Deployment V5.1. Copyright International Business Machines Corporation 2007. All rights reserved.Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADPSchedule Contract with IBM Corp.
  4. 4. ContentsNotices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixTrademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiThe team that wrote this Redbooks publication . . . . . . . . . . . . . . . . . . . . . . . . . xiBecome a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiComments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xivPart 1. Planning and architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Chapter 1. Introduction to image management . . . . . . . . . . . . . . . . . . . . . . 31.1 Device configuration life cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.2 Business requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.1 Why Vista? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.2 A deployment project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91.3 Requirements for a tool to assist the deployment effort . . . . . . . . . . . . . . 11 1.3.1 Time to value. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.3.2 Resource and maintenance efficiency . . . . . . . . . . . . . . . . . . . . . . . 13 1.3.3 Flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.3.4 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141.4 Common OS deployment scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.4.1 Rollout of new desktop hardware and SOE . . . . . . . . . . . . . . . . . . . 15 1.4.2 Rebuild of a previously deployed user workstation . . . . . . . . . . . . . . 16 1.4.3 Upgrade of hardware and subsequent Vista install. . . . . . . . . . . . . . 17Chapter 2. Architecture and deployment scenarios . . . . . . . . . . . . . . . . . 192.1 Tivoli Provisioning Manager for OS Deployment features. . . . . . . . . . . . . 202.2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.2.1 Design considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.2.2 Small site architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 2.2.3 Enterprise architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Part 2. Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Chapter 3. Installing the Tivoli Provisioning Manager for OS Deploymentenvironment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753.1 Server installation on Windows systems . . . . . . . . . . . . . . . . . . . . . . . . . . 76 3.1.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 3.1.2 Using alternate Relational Database Management Systems . . . . . . 80 Copyright IBM Corp. 2007. All rights reserved. iii
  5. 5. 3.1.3 Installing the Tivoli Provisioning Manager for OS Deployment server85 3.2 Installing the server on Linux systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 913.2.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 923.2.2 Installing the Relational Database Management System . . . . . . . . . 933.2.3 Installing the Tivoli Provisioning Manager for OS Deployment server973.2.4 Configuring the Tivoli Provisioning Manager for OS Deploymentenvironment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043.2.5 Run the Tivoli Provisioning Manager for OS Deployment environment1073.2.6 Upgrade to fixpacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 3.3 Initial login and installation verification . . . . . . . . . . . . . . . . . . . . . . . . . . 1123.3.1 Connecting using HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1123.3.2 Installation verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 3.4 Advanced DHCP options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 3.5 Web interface extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1233.5.1 Installing on Windows systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1243.5.2 Installing on Linux systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1273.5.3 Running rbagent from command line . . . . . . . . . . . . . . . . . . . . . . . 130 Chapter 4. Installing pre-Vista systems . . . . . . . . . . . . . . . . . . . . . . . . . . 137 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 4.2 User State Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1384.2.1 Saving the personality of an XP machine . . . . . . . . . . . . . . . . . . . . 139 4.3 Creating a cloned profile of Windows XP . . . . . . . . . . . . . . . . . . . . . . . . 1454.3.1 Changing the contents of the cloned machine . . . . . . . . . . . . . . . . 155 4.4 Creating an unattended profile for Windows 2000 . . . . . . . . . . . . . . . . . 1714.4.1 Creating a slipstreamed OS image . . . . . . . . . . . . . . . . . . . . . . . . . 1754.4.2 Selecting the Windows 2000 source tree . . . . . . . . . . . . . . . . . . . . 1764.4.3 Building a custom sysprep.inf with setupmgr . . . . . . . . . . . . . . . . . 178 4.5 Real world OS installation scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1874.5.1 Configuring the Windows firewall . . . . . . . . . . . . . . . . . . . . . . . . . . 1874.5.2 Removing imaged profile operating system features . . . . . . . . . . . 1914.5.3 Removing unattended profile operating system features . . . . . . . . 192 4.6 Restoring the machines user personality settings . . . . . . . . . . . . . . . . . 198 Chapter 5. Installing Vista systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 5.1 Do I upgrade or replace?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 5.2 Creating an unattended Windows Vista profile . . . . . . . . . . . . . . . . . . . . 2155.2.1 Creating the Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2165.2.2 Creating the WinPE software package . . . . . . . . . . . . . . . . . . . . . . 225 5.3 Creating a cloning Windows Vista profile . . . . . . . . . . . . . . . . . . . . . . . . 2305.3.1 Preparing the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2315.3.2 Capturing the System Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232iv Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  6. 6. 5.3.3 Configuring the System profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2415.4 Deploying a Windows profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 5.4.1 Creating a deployment scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 5.4.2 Registering hosts in Tivoli Provisioning Manager for OS Deployment server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 5.4.3 Creating a new user through a software package. . . . . . . . . . . . . . 255 5.4.4 Deploying a Vista profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Chapter 6. Installing Linux systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2636.1 Introduction and general requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 2646.2 Creating an unattended setup profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 2656.3 Creating software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 6.3.1 RPM software packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 6.3.2 Copying and unpacking software packages . . . . . . . . . . . . . . . . . . 280 6.3.3 Executing a command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 6.3.4 Software packages binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2836.4 The deployment process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2866.5 Cloning a machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 6.5.1 Capturing the image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 6.5.2 Customizing the captured profile. . . . . . . . . . . . . . . . . . . . . . . . . . . 2976.6 Deploying the cloned profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Chapter 7. Common deployment features . . . . . . . . . . . . . . . . . . . . . . . . 3037.1 Configuring RAID arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 7.1.1 Building the bootable DOS diskette . . . . . . . . . . . . . . . . . . . . . . . . 3057.2 Software package rules and bindings . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 7.2.1 Binding software packages to deployment schemes . . . . . . . . . . . 319 7.2.2 Advanced binding scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3247.3 Collecting inventory from the target machines . . . . . . . . . . . . . . . . . . . . 3287.4 Device driver injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 7.4.1 How does this process work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 7.4.2 Device driver software package rules with a different OS. . . . . . . . 335 7.4.3 Creating a device driver software package . . . . . . . . . . . . . . . . . . . 336 7.4.4 Quickly building device driver software packages. . . . . . . . . . . . . . 3417.5 Understanding the host boot settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 3457.6 User administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353 7.6.1 Creating the authentication domain . . . . . . . . . . . . . . . . . . . . . . . . 353 7.6.2 Setting user permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355Chapter 8. Integration and collaboration with other Change Managementproducts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3598.1 Tivoli Configuration Manager V 4.2.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 8.1.1 Installing the Operating System Imaging Solution . . . . . . . . . . . . . 362 8.1.2 Importing a profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Contentsv
  7. 7. 8.1.3 Scratch installation of a new workstation . . . . . . . . . . . . . . . . . . . . 377 8.1.4 Saving user settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3858.2 Tivoli Provisioning Manager V5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3998.3 Tivoli Provisioning Manager Express V4.1 for Software Distribution . . . 4008.4 IBM Director . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 8.4.1 Product components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4018.5 Collaboration with other products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402Chapter 9. CD/DVD based deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . 4039.1 Deployment CD/DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 9.1.1 CD/DVD creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 9.1.2 OS deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4119.2 PXE emulation CD/DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 9.2.1 CD/DVD creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 9.2.2 OS deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417Chapter 10. Redeployment and self-healing feature . . . . . . . . . . . . . . . . 41910.1 Redeployment basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42010.2 Setting up redeployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42110.3 Redeployment scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422Chapter 11. Troubleshooting, best practices, and common questions . 42711.1 Troubleshooting basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42811.2 Tivoli Provisioning Manager for OS Deployment considerations . . . . . 42811.3 Server service/daemon troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . 428 11.3.1 Client troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430 11.3.2 Error messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43311.4 Common questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 11.4.1 How do I free some space in the shared repository? . . . . . . . . . . 437 11.4.2 How do I register new hosts? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440 11.4.3 How do I control generated host names for new machines? . . . . 441 11.4.4 How do I create binding rules? . . . . . . . . . . . . . . . . . . . . . . . . . . . 44211.5 Questions and answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45111.6 Synchronization with the RbAgent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455Part 3. Planning for an engagement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459Appendix A. Planning for a client engagement . . . . . . . . . . . . . . . . . . . . 461Services engagement preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Implementation skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Available resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462Solution scope and components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Basic solution definition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463 Advanced solution definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465vi Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  8. 8. Services engagement overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 Executive Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 Demonstration system set up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467 Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467 Analyze solution tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470 Creating a contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471Estimating timings and activities of the engagement . . . . . . . . . . . . . . . . . . . 472 Perform environmental analysis and plan tasks . . . . . . . . . . . . . . . . . . . . 473 Plan the solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 Implement the solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Close the engagement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478Appendix B. Sample Statement of Work for Tivoli Provisioning Manager for OS Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479Building an operating system deployment solution . . . . . . . . . . . . . . . . . . . . 480 Executive summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480 Solution description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 Business partner responsibilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481 Customer responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 Staffing estimates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Deliverables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483 Completion criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491Contentsvii
  9. 9. viii Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  10. 10. NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area.Any reference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the usersresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in certain transactions, therefore, this statement may not apply to you.This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM maymake improvements and/or changes in the product(s) and/or the program(s) described in this publication atany time without notice.Any references in this information to non-IBM Web sites are provided for convenience only and do not in anymanner serve as an endorsement of those Web sites. The materials at those Web sites are not part of thematerials for this IBM product and use of those Web sites is at your own risk.IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirmthe accuracy of performance, compatibility or any other claims related to non-IBM products. Questions onthe capabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs inany form without payment to IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operating platform for which thesample programs are written. These examples have not been thoroughly tested under all conditions. IBM,therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. Copyright IBM Corp. 2007. All rights reserved. ix
  11. 11. TrademarksThe following terms are trademarks of the International Business Machines Corporation in the United States,other countries, or both:AIXMVS Tivoli EnterpriseBladeCenterNetView Tivoli Enterprise ConsoleCandle PartnerWorldTivoliDB2 Universal Database RedbooksVTAMDB2Redbooks (logo) xSeriesIBMServerGuideIMSSystem xThe following terms are trademarks of other companies:Oracle, JD Edwards, PeopleSoft, Siebel, and TopLink are registered trademarks of Oracle Corporationand/or its affiliates.ITIL is a registered trademark, and a registered community trademark of the Office of GovernmentCommerce, and is registered in the U.S. Patent and Trademark Office.Adobe, Acrobat, and Portable Document Format (PDF) are either registered trademarks or trademarks ofAdobe Systems Incorporated in the United States, other countries, or both.Java, JDBC, JDK, J2EE, Solaris, Ultra, and all Java-based trademarks are trademarks of SunMicrosystems, Inc. in the United States, other countries, or both.Access, Active Directory, Aero, BitLocker, Internet Explorer, Microsoft, MS-DOS, MSN, Windows Media,Windows NT, Windows Vista, Windows, and the Windows logo are trademarks of Microsoft Corporation inthe United States, other countries, or both.i386, Intel, Pentium, Xeon, Intel logo, Intel Inside logo, and Intel Centrino logo are trademarks or registeredtrademarks of Intel Corporation or its subsidiaries in the United States, other countries, or both.UNIX is a registered trademark of The Open Group in the United States and other countries.Linux is a trademark of Linus Torvalds in the United States, other countries, or both.Other company, product, or service names may be trademarks or service marks of others.x Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  12. 12. Preface Tivoli Provisioning Manager for OS Deployment provisions operating systems (OS) and applications to computers using the PXE (Pre-boot eXecution Environment) industry standard for bare-metal installation. A bare-metal installation eliminates the need for an operating system to be present on a local disk drive. Tivoli Provisioning Manager for OS Deployment is a turn-key solution to the most common provisioning issues and provides an easy to use, turn-key solution for education, small-to-medium businesses (SMB) or larger accounts. In this easy-to-follow IBM Redbooks publication we cover different image management scenarios with Tivoli Provisioning Manager for OS Deployment, such as Windows XP, Windows 2003, Vista, and Linux deployments. We also discuss how to design and implement a highly-effective image management solution for small, medium, and enterprise accounts, taking into consideration network bandwidth limitations and large OS image sizes. We also provide some best practices on how to integrate Tivoli Provisioning Manager for OS Deployment with other change management products, CD/DVD-based deployment, image redeployment, and troubleshooting. Finally, we cover Tivoli Provisioning Manager for OS Deployment sales engagement planning, including a sample statement of work. The primary audience for this section is Tivoli Provisioning Manager for OS Deployment Business Partners and pre-sales Systems Engineers. This book is a major reference for IT Specialists and IT Architects working in the image management area.The team that wrote this Redbooks publication This Redbooks publication was produced by a team of specialists from around the world working at the International Technical Support Organization, Austin Center. Vasfi Gucer is an IBM Certified Consultant IT Specialist working at the ITSO Austin Center. He worked with IBM Turkey for 10 years and has been with the ITSO since January 1999. He has more than 12 years of experience in systems management, networking hardware, and distributed platform software. He worked on various Tivoli customer projects as a Systems Architect in Turkey and in the United States. Vasfi is also a Certified Tivoli Consultant. Copyright IBM Corp. 2007. All rights reserved. xi
  13. 13. Damir Bacalja is an Advisory IT Specialist from IBM Croatia. He holds a degreein electrical engineering and is also ITIL certified. He has worked with Tivoliproducts in Framework, Tivoli Configuration Manager, Tivoli Monitoring, TivoliEnterprise Console, Remote Control, and Tivoli Storage Manager, for almosteight years. He joined IBM as part of IBM Global Services and took part in manyTivoli implementations. Since 2002 he is part of the IBM Software group as aTivoli Technical Sales Specialist for the SEA region. He has strong skills inUNIX, Windows, and shell scripting.Dominique Bertin holds a technology certificate in electric engineering from theUniversity of Creteil, near Paris in France. He began as a Honeywell Bullrepresentative on different mainframe customer sites for seven years, and thenstarted working as a Software Engineer in the National Software Center in theBull company. After 12 years at Bull, he joined a software services company thatwas acquired by Candle corporation five years later. After the IBM acquisitionof Candle, he moved to a Tivoli presales position. He is currently assigned to theTivoli Configuration Manager, Tivoli Provisioning Manager for OS Deployment,and Tivoli Provisioning Manager for Software products within the Tivoli BusinessAutomation segment.Richard Hine Richard has a bachelors degree in medical science from theUniversity of Manchester in the UK, and has worked for IBM since 1981. Heworked with IBM Mainframes for 11 years doing services and support roles withMVS, IMS and VTAM, taking assignments to teach automation techniquesand assembler programming. During this time, he also took a job supporting theIBM first Point of Sale deployment in Europe at Boots of Nottingham in the U.K.He moved to country technical support in 1991 to support IBM networkmanagement tools on distributed systems, where he taught at the internationaleducation center in La Hulpe and supported field services engagements for theNetView automationa family of productsboth distributed and mainframe.During this time Richard also did several international services engagements inthe Middle East, and wrote an ANO based TCP/IP monitoring application thatwas used in IBM South Africa. Richard moved to Tivoli in 1996 with IBMacquisition. He worked in a presales role for the UK on all Framework products,latterly leading the UK Advanced Technology Team. Certified in 2002, Richardhas been published in the Managed View and two other IBM Redbookspublications. Currently he works with the Tivoli Performance and Businessautomation products in a presales capacity for the UK Financial Services Sector.Scott M Kay is an Advisory Technical Specialist working for the IBM Softwaregroup in Australia. His speciality is Tivoli Business Automation tools. He has 15years of experience in the IT field. In that time Scott has held various roles fromoperational support, SOE development, to systems management. After joiningIBM in 1999 Scott worked in roles all directly related to the Tivoli suite of productsxii Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  14. 14. in Global Services, Tivoli Professional services, and finally in his current presalesrole in the Software Group.Francesco Latino is a Level 2 Customer Support Software Engineer in TivoliConfiguration Manager and Tivoli Provisioning Manager. He holds a ComputerScience degree from the Department of Computer Science, University of Bari.His areas of expertise include Tivoli Inventory, Tivoli Software Distribution,Common Inventory Technology, and Tivoli Provisioning Manager for OSDeployment products. He has skills in procedural and object-orientedprogramming, TCP/IP network protocol, J2EE platform, and electroniccommerce.Thanks to the following people for their contributions to this project:Arzu GucerInternational Technical Support Organization, Austin CenterDennis R Goetz, Peter Greulich, Dennis Ligay, Mike Orr, Hakan ThyrIBM USADavid Clerc, Anne Vandeventer Faltin, Jacques Fontignie, Marc VuilleumierStueckelberg, Pierre-Antoine QuelozIBM SwitzerlandElisabetta RinaldiIBM ItalyMike Gare, Kimberly MungalIBM CanadaSean SafronIBM USAKaTrina Love AbramIBM USABecome a published authorJoin us for a two-to-six week residency program! Help write an IBM Redbookspublication dealing with specific products or solutions, while getting hands-onexperience with leading-edge technologies. You will have the opportunity to teamwith IBM technical professionals, Business Partners, and Clients.Preface xiii
  15. 15. Your efforts will help increase product acceptance and customer satisfaction. As a bonus, you will develop a network of contacts in IBM development labs, and increase your productivity and marketability. Find out more about the residency program, browse the residency index, and apply online at the following Web site: ibm.com/redbooks/residencies.htmlComments welcome Your comments are important to us! We want our Redbooks publication to be as helpful as possible. Send us your comments about this or other Redbooks publication in one of the following ways:Use the online Contact us review book form found at:ibm.com/redbooksSend your comments in an e-mail to:[email protected] your comments to:IBM Corporation, International Technical Support OrganizationDept. HYTD Mail Station P0992455 South RoadPoughkeepsie, NY 12601-5400xiv Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  16. 16. Part 1Part 1 Planning and architecture In part 1 we introduce the planning and architectural considerations when deploying a Tivoli Provisioning Manager for OS Deployment environment. We cover the actual deployment steps in Part 2. Copyright IBM Corp. 2007. All rights reserved. 1
  17. 17. 2 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  18. 18. 1Chapter 1. Introduction to image management In this chapter we discuss the concept of the device configuration life cycle and how Tivoli Provisioning Manager for OS Deployment can assist in this management process. This is found in 1.1, Device configuration life cycle on page 4. We look at business needsthe sort of IT changes that are coming and that justify an investment in a technology such as Tivoli Provisioning Manager for OS Deployment. We also look at how this technology reduces costs associated with deployment and redeployment of operating systems. This is found in 1.2, Business requirements on page 8. Finally several common deployment scenarios involving Tivoli Provisioning Manager for OS Deployment are discussed at a high level, showing how cost savings can be made. This is found in 1.4, Common OS deployment scenarios on page 15. Copyright IBM Corp. 2007. All rights reserved. 3
  19. 19. 1.1 Device configuration life cycle Every facet of IT these days seems to have a life cycle management strategy, process, or best practice, for example, asset life cycle management, software life cycle management, user account life cycle management, and storage life cycle management to name but a few. What they all have in common is that through collective experience the tasks normally undertaken throughout the life cycle of the item in question were identified so that they can be managed as individual tasks and as a whole cycle. It is then possible to measure these tasks, the costs involved with them, and the time they take and improve them in terms of efficiency, effectiveness, and cost. The device configuration life cycle addresses the physical management of computers from the time they are delivered to the time they leave an organization. Device configuration life cycle management can go by different names and have tasks with different terminology, usually dependant upon the vendor you are talking to; however, in essence the main tasks or activities involved are shown in Figure 1-1.Tasks and Activities within the Device Configuration Lifecycle Bare Metal OS DeploymentBackup and Restore Software distributionApplication and DataSecurity ConfigurationAsset and Inventory ManagementSoftware LicenseRemote Control and usageManagement Software Maintenanceand Patch Management Reporting for Critical Decision Making Figure 1-1 Tasks and activities within the device configuration life cycle4 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  20. 20. There are many product suites on the market today that can enable or automatethese tasks and a few that claim to do it all. Most organizations, however, alreadyhave mature tools and processes in place for many of the tasks in the life cycleand are not about to rip and replace their existing solution unless there is a verygood business case to do so. This is where Tivoli Provisioning Manager for OSDeployment offers an excellent opportunity. Tivoli Provisioning Manager for OSDeployment is a stand alone product that offers significant integration capability,so much so that it has already been integrated with Tivoli Provisioning Manager,Tivoli Provisioning Manager for Software, and soon to be integrated with IBMDirector. Tasks and Activities within the Device Configuration LifecycleTIVOLI PROVISIONING MANAGERBARE METAL OS DEPLOYMENT FOR OS DEPLOYMENT FULL AUTOMATION Backup and Restore Software distribution Application and Data Security ConfigurationAsset and Inventory Management Software License Remote Control and usage ManagementSoftware Maintenance and Patch ManagementReporting for Critical Decision MakingFigure 1-2 Tivoli Provisioning Manager for Operating Systems role in the configurationlife cycleThe core capability of Tivoli Provisioning Manager for OS Deployment is theability to intelligently automate the deployment of operating systems. Thiscapability extends from the many flavors of Microsoft Windows, through SUSEand Red Hat Linux to Sun Solaris. The deployment of an operating system isthe one item in the configuration life cycle that every single computer willdefinitely receive at least once and potentially more often during its working life.This is shown in context of the device configuration life cycle in Figure 1-2. Chapter 1. Introduction to image management5
  21. 21. After installed, the product offers cost savings in the following areas: Deployment manpower Using Tivoli Provisioning Manager for OS Deployment during a deployment should significantly reduce the number of personnel and the level of skill required to deploy the computer workstations. The deployment role becomes more of a box-moving role as opposed to a technical role. The universal system profile Through the use of a universal system profile, it is possible to have one image and a collection of driver packages for deployment to a range of hardware. The savings to be made here are in the following areas: Image storage spaceDue to the ability Tivoli Provisioning Manager for OS Deployment has tomodify an image and to add drivers through driver injection on the flyduring an image deployment, one image and a collection of driverpackages need storage space as opposed to an image for every hardwaremodel. This is true for the master server and every distributed copy in thenetwork. Image maintenanceInstead of building a new image every time a new model of hardware ordriver is released, all that is required is the packaging of the driver, theestablishment of the rules for the deployment of that driver and testing ofthe deployment and rules. Image replicationMinimal images mean less time and resources are used to move thoseimages around the network to where they are needed. Ease of redeployment Once an OS is installed using Tivoli Provisioning Manager for OS Deployment, redeployment is as simple as a few menu clicks in the Web console. Many organizations have a system to automatically reinstall an operating system. Those automatic solutions usually involve the help desk consultant talking the user, or worse, the users colleague, through the steps required to enter all the information needed to kick off a rebuild and then waiting the hour to hour and a half for the build to complete. In some cases, a rebuild requires a site visit by a technical staff member. The savings that can be made here are harder to quantify but easy to identify. Any time a user is taken away from their core responsibility to help fix a problem is a business cost. In an organization large enough, it is easy for these distractions to add up to lost man-days on a daily basis due to users being involved in helping with a fix.6 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  22. 22. Tivoli Provisioning Manager for OS Deployment also touches other parts of thedevice configuration life cycle with functionality that enables the core OSdeployment functionality, as can be seen in Figure 1-3. Tasks and Activities within the Device Configuration Lifecycle TIVOLI PROVISIONING MANAGERBare Metal OS DeploymentFOR OS DEPLOYMENTDEPLOYMENT ENABLING FUNCTIONALITY Backup and RestoreSOFTWARE DISTRIBUTION Application and Data Security ConfigurationASSET AND INVENTORYMANAGEMENT Software License Remote Control and usage ManagementSoftware Maintenance and Patch ManagementReporting for Critical Decision MakingFigure 1-3 Deployment enabling functionality of Tivoli Provisioning Manager for OSDeployment Deployment enabling functionality Tivoli Provisioning Manager for OS Deployments core function is its ability to deploy operating systems. Included in the product are some other capabilities that enable this core function. Following are these capabilities: Software distribution The software distribution capability gives Tivoli Provisioning Manager for OS Deployment the ability to inject driver packages into an operating system during deployment and install software after the operating system starts. Inventory When Tivoli Provisioning Manager for OS Deployment boots a computer using PXE, it automatically scans the computer and stores this data in its Chapter 1. Introduction to image management 7
  23. 23. database. Having the results of these scans available allows TivoliProvisioning Manager for OS Deployment to make decisions based on thisdata about which drivers to inject during OS deployment and whichsoftware to deploy after OS deployment. Coupled with the enabling capabilities, Tivoli Provisioning Manager for OS Deployment is able to intelligently install a full SOE in an automated manner completely automating the first task in the device configuration life cycle, bare metal OS deployment.1.2 Business requirements High-level business requirements are simple: help me save money to improve my profitability or efficiency. But as you start to drill down into this requirement it starts to become a little less clear cut. Quite often you have to spend money now to make a longer term gain or to avoid spending more money later. And so it is with Microsofts Vista. Do I migrate now? The promise is so great, easier support, greater security, but then there is the cost of doing it now and the potential for problems. The remainder of this section discusses the reasons an organization would migrate to Microsoft Vista and the sort of requirements an organization could have of a deployment solution to enable a large scale rollout of Vista.1.2.1 Why Vista? Microsoft Vista is here, and chances are it is coming to your organization sooner than you think. Many organizations are expecting to make a move towards Vista within a year. The larger the organization, the higher the probability that this will occur. This significant commitment in time and expense is driven by a variety of factors that include much needed features introduced in Vista and the realities of waning support for older versions of Windows. While enhancements in user experience like Vistas Aero Glass interface have monopolized the marketing spotlight, it is enhancements under the covers that are motivating enterprise customers to upgrade. Vista introduces a new developer platform, .NET Framework 3.0 that enables faster development of applications that will have better interfaces, better integration with other applications, and better code in general. .NET Framework is comprised of key components that include the Windows Workflow Foundation (WWF), which makes Vista the first OS to embed a workflow development and runtime environment, and the Windows Communication Foundation (WCF) that8 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  24. 24. dramatically simplifies the way connections between services are defined and managed. Perhaps the most important innovation driving enterprise adoption of Vista is enhanced Security. Vista is the first operating system Microsoft has built from design to release using the Security Development Life cycle (SDL) under their Trustworthy Computing Initiative. Immediately beneficial security enhancements include User Account Control that eliminates the need for average users to log in with Administrator privileges and by default grant that privilege to every application, virus, or other form of malware they intentionally or inadvertently launch. In addition, Vista introduces a multi-tiered rights management and encryption technology (BitLocker) that protects data on the disk, even if the disk is inside a stolen mobile computer. These are only a few of the security enhancements in Vista that represent the quantum leap in integrated client security that the enterprise has been waiting for. Beyond the innovations Vista offers as a motivation to upgrade, there is also the fact that older versions of Windows are becoming less supportable. With Windows 2000 already out of mainstream support and losing critical update support in 2010, and the launch of Vista starting the two year countdown to the end of mainstream support for Windows XP, upgrade is inevitable. If your enterprise may be one that falls into this group, starting to plan and test now is your best defense against unmanageable complexity and unpredictable costs.1.2.2 A deployment project It is estimated that a project of 12-18 months is required to develop and test a Vista Standard Operating Environment (SOE) in a corporate environment. The larger the environment the longer and more complex the project. This sort of project would include phases such as the following: 1. A full audit of all applications in use by all users within the organization.To be able to plan the testing of all the SOE applications it is important toquantify them all, prioritize, and plan with certainty. Being presented with 10untested applications just before the rollout would unpleasantly impact theproject schedule. 2. Testing of all SOE applications for compatibility with Vista.With the new security enhancements within Vista, it is probable that apercentage of current applications will not work. Some of these will of coursebe patched by their vendor to make them compatible, but of course thecustom applications written in house or by a contracted company will requirean explicit effort applied to make them compatible. This project phase has thepotential to be the most time consuming and least satisfying, as old but Chapter 1. Introduction to image management9
  25. 25. important applications may not work in Vista and may have to be workedaround. 3. The development of a deployment methodology.When rolling out a change of this magnitude to any organization, a rock soliddeployment methodology is crucial. Obviously an automation tool to deliveran image is a part of the methodology, but what sort of image will that tooldeploy. There are three commonly used image types to consider: Thick Images are large images that contain the complete operatingsystem, all drivers, and core applications. Simple image creation enabledby simple tools has made thick images the most common form of image;however, it is at the expense of high-maintenance costs. Because thickimages contain so much target specific configuration, diverseenvironments need to create and manage many large images to satisfythe needs of their user population. When any small component of animage must be changed (for example a security policy upgrade to thefirewall or virus scanner definitions), the entire image must be manuallyrebuilt. The result is many large images taking up large amounts ofmaintenance resource and disk space and large amounts of bandwidthduring deployment. Thin Images evolved as a reaction to the high total cost of thick images,but because of the limitations of the simple imaging tools, they created asmany problems as they solved. Thin Images exclude core applications,which must then be deployed using another software distribution systemafter first boot of the base image. The benefit is fewer, smaller, moregeneric based images to store and deploy thus saving disk space andnetwork bandwidth, and subsequent changes to an image or coreapplication results in far less image regeneration. End-to-end deploymentis now slower and requires a software distribution system and scripting tocomplete. Actual bytes deployed will likely be more than in thick imagesbecause of duplication of files in the application install and OS install,although the install is spread out over a longer period of time. Note that nothaving all applications deployed at first boot introduces security risks. Hybrid Images offer the best of thick and thin images without thedisadvantages. Advanced hybrid imaging systems separate drivers andapplications from OS images and store them in a file-based repository. Atdeploy-time the correct drivers are automatically selected and injected intothe image, the correct updates and core applications are loaded into theimage, and the resulting image is deployed to the targetall before firstboot. This allows an organization to maintain as few as one universalimage that automatically adapts to each target at deploy-time when theminimum number of files possible is deployed over the network. The resultis minimal disk space, minimal network bandwidth, and a system thatallows modification to driver or application configuration without the need10 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  26. 26. to generate and catalogue a new image. The most advanced hybrid imaging systems go a step further by providing a policy-based configuration capability. This allows the image to be adapted by global policies as well as physical attributes of the target. For example, a policy such as "deploy ThinkVantage Access Connection on Lenovo laptops only" would ensure that redundant software is not deployed on other brands of laptop. The challenge for the enterprise is that very few image management systems on the market support this advanced form of imaging. 4. The development of a user data migration strategy.The migration to Vista will not be viewed as a success if your users lose data.Despite this, it does not make sense to migrate all aspects of a users existingconfiguration. Over time, most user desktops get cluttered with unused diskshares, defunct network printers, and configuration changes that weremotivated by idiosyncrasies in the original operating system environment.Additionally, as application compatibility may require the upgrade orreplacement of some applications, some preferences and configuration datamay be redundant in the new desktop environment. As a result, blindmigration of all existing "personality" may not be the right approach to take. Afresh OS install is an opportunity to clean house, but this takes planning.Determine what data and configuration is important to your users andacceptable under your current security policy, and put the tools andprocesses in place to migrate them cleanly to the new system. Many settingsare predictable (for example the location of the target computer dictateswhich printers or disk shares should be configured) and the right deploymenttool can recreate the correct settings based on current IT and security policyrather than migrate potentially incorrect or out-dated settings from the existingdesktop configuration. This is an important philosophical distinction toconsider when selecting an image management system. Some are betteraligned with the "migrate existing settings regardless if they are correct"philosophy, and others align better with the "recreate clean settings fromcurrent IT policy" philosophy.1.3 Requirements for a tool to assist the deploymenteffort Following is a list of criteria that can be used in the assessment of a deployment tool. Chapter 1. Introduction to image management11
  27. 27. 1.3.1 Time to value How long it takes to start getting significant improvements in efficiency in your migration process is key to the over all performance of your image management system. Many systems management products either remain on a shelf or are never implemented to their full potential because of the complexity of their installation and configuration. Consider the following aspects of the systems Time to Value. 1. How long does it take to install the product and start using it in your migrationplanning process? Will installation take 30 minutes? Or 30 days? 2. Is the system an integrated single-vendor solution that provides fullyautomated end-to-end deployment of desktops from Wake-on-LAN to BIOSconfiguration, RAID configuration, disk partitioning, OS/driver/applicationdeployment, offline servicing, user data migration through to userconfiguration, and first boot? Or does the system leave major aspects ofimage creation and deployment to manual intervention or other 3rd partytools? 3. Does the system consist of a single-product install providing you with all thefunctionality you will require in both test and full-scale production deployment(native multicast, USMT integration, native PXE, native configurationdatabase, and so forth)? Or does it consist of multiple components, eachcarrying additional purchase costs, additional implementation time, additionalinterface and management training, and additional infrastructure? 4. Does the system scale to tens of thousands of targets after the initial simpleinstallation, or will you have to purchase, install, integrate, and configureadditional enterprise product modules? 5. Does the product have a single, simple intuitive interface that spans allproduct functions, or does it require that you learn multiple different interfacesand jump between them during the planning, testing, and deploymentprocesses? 6. Does the system provide rules-based deployment configuration? Forexample, does it support the ability to define a rule such as: "If target locationis France, set keyboard to French", or "If target is Vista, deploy Acrobat7.0"? At deploy-time, the system should then assess the target against allsuch rules and adapt the configuration accordingly. This rules-basedcapability dramatically reduces the time required to configure the images forlarge and diverse populations. Without this capability, each target imagewould have to be manually configured.Note: This capability is only possible if the system supports advanced hybridimages.12 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  28. 28. 7. Does the system support advanced hybrid images allowing you to startdeploying diverse systems after creating a single-universal OS image? Ordoes the product require that you create many specific thick images beforeyou can start testing against a diverse community of targets? Or does theproduct require that you also implement a software distribution system beforeyou can start deploying applications on top of thin images?1.3.2 Resource and maintenance efficiency This selection criteria assesses the image management systems impact on your systems management and infrastructure costs and complexity. It is important to consider how the system consumes your infrastructure, how it impacts your normal operations, and how much systems management workload it generates. 1. Does the system conserve bandwidth by providing multicast as a nativefeature? With multicast, a single bit stream over your network can updatemany targets simultaneously. Without multicast, each target needs its own bitstream to pass through your network. The difference in impact on yournetwork infrastructure and your normal operations is orders of magnitude. 2. Does the product support advanced hybrid images that enable a single,compact universal image to do the work of many large, thick images? Thedisk space required by a thick image-based product will be orders ofmagnitude greater. Maintaining many thick images also has a significantimpact on image maintenance as any minor change to a driver, OS, orapplication configuration can require the regeneration of dozens of images.Does mitigating these resource inefficiencies mean implementing a thinimage strategy requiring an additional investment in a software distributionsystem to deal with core applications? 3. Are the images stored in a single-instance file-based repository thatconserves disk space by storing each OS or application file only once in thedeployment repository. Or does the system store many duplicatesector-based images or multiple copies of the same file-based imagecomponents thus wasting storage capacity? 4. Does the system support distributed, automatically synchronized deploymentservers that can sit in distributed network segments closer to specific groupsof targets? Does the system provide this functionality in the base productwithout requiring an additional investment in product license andimplementation effort? This capability can dramatically reduce theperformance impact and capacity required at gateways, routers, and overwide area networks.Chapter 1. Introduction to image management 13
  29. 29. 1.3.3 Flexibility As your choice of unified image management system is likely one you will have to live with for years to come, it is important that it is flexible enough to adapt to your changing requirements over time. 1. Will the system provide a single-product experience for all of yourheterogeneous targets (for example Windows, Linux, Unix) now and in thefuture? Or will you require additional image management systems to supportdeployment and maintenance of your non-Windows targets? 2. Can the system be implemented on a server platform you currently support(Windows, Linux, AIX, Solaris, FreeBSD, Mac OS-X, AIX) or does it requirethat you procure and maintain a nonstandard platform in your systemsmanagement environment? 3. Is the product open, providing a native pre-installation environment andimage format, and supporting Microsoft WinPE and Microsoft WIM (WindowsImaging) images? Or does the product force you to abandon Microsoftbest-practice and rely only on a proprietary pre-installation environment andimage format in all situations? In some situations, the native tools and formatsmay be superior, although, in others the OS vendor does know best. 4. Will the product integrate easily into any systems management ecosystem,seamlessly providing an image management foundation to any vendorsholistic provisioning solution? Or does the product restrict its interfaces in anattempt to force you to build on its foundation with only the same vendorssystems management portfolio? 5. Does the vendor that supplies the product also provide a portfolio ofintegrated provisioning and systems management products if you are lookingfor a simple path to increase the sophistication of your automationinfrastructure?1.3.4 Security Mitigating security risks is a top-3 budget item for most enterprise IT organizations. Introducing new security risks with the image management system results in subsequent cost and effort to provide perimeter defenses around the new exposures. The best way to avoid this collateral cost is to select an image management system that was architected to minimize the security exposures it introduces. 1. Has the system implemented Option-43 of the PXE specification thatprevents malicious PXE Server impersonation on your network by forcingexplicit identification of the PXE server network address? If not, an intruderthat gets access to any server on your network could deploy code that14 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  30. 30. impersonates a PXE server on your network giving the intruder the ability to alter your desktop configurations.2. Does the product disallow a user break of the deployment process at the target keyboard? If not, someone with access to the target during the deployment could gain administrator-level privileges on your network.3. Does the product support Offline Servicing for Vista? Offline servicing allows security updates and configuration changes to be applied to the target after the OS and core application deployment, but before the first boot. If the product does not support this Microsoft best practice function, the target is exposed to many forms of intrusion and malware between first boot and the application of the security updates.4. Has the product implemented an encrypted transport protocol that prevents either reading or altering the image bit stream while it is being deployed over your network? Keep in mind, depending on your applications, these bit streams could contain sensitive data or passwords. Many products just support SMB (Server Message Block) or HTTP transport protocols that leave the data exposed to malicious intruders or applications. SMB and HTTP also require the creation of a user on the network and the storage of that users password on the boot mediaan unnecessary security exposure.1.4 Common OS deployment scenariosThe following three scenarios are typical of those in many corporate sites. Theaim of the scenarios is to show how Tivoli Provisioning Manager for OSDeployment can help in times of deployment and also with day-to-day supportissues. The scenarios all assume that a corporate SOE was developed. Thecommon theme with all of these scenarios is that the SOE deploymentcomponent of the task at hand has become a minor part of the process. It is nowa quick, simple step.1.4.1 Rollout of new desktop hardware and SOEA multinational organization decides to upgrade their workstation fleet and SOE.They enter into a contract with a large hardware supplier to supply 15,000desktop PCs of three different specifications and 5,000 laptops of two differentspecifications. The hardware supplier is contracted to supply the workstationsdirectly to their final destination across three continents into 25 sites.The organization has spent the previous 12 months developing their Vista SOE,their deployment methodology, and deploying Tivoli Provisioning Manager forOS Deployment. The solution developed uses a universal system profile. Theuniversal system profile allows them to have one image that can be deployed to Chapter 1. Introduction to image management 15
  31. 31. every desktop computer and laptop. When the computers first PXE boot and contact Tivoli Provisioning Manager for OS Deployment, an inventory is taken of its components. Using this inventory or Bill of Materials (BOM), rules can be established to select the appropriate drivers to inject and software to install. For example, the drivers for a desktop computer are different than those required by a laptop computer. Based on the model number of the computer and the PCI, Tivoli Provisioning Manager for OS Deployment can inject. The organization allows a level of user level workstation customization, and although the users are supposed to store all business data in specific business systems and backed up data drives, inevitably there is data stored locally on user workstations. To avoid upsetting the users and to make the workstation upgrade as seamless to the users as possible the customization and data needs to be migrated to their new machine. This is achieved by using the Microsoft User State Migration Tool. The deployment process for desktop computers flows as follows:The vendor ships the computers to the site as per the deployment schedule.The deployment is to take place overnight. At close of business, the userstate migration tool is run to back up all appropriate user settings and data.The new workstation computers that have arrived that day are unboxed andphysically moved to the desktops in batches of 30. When 30 workstations areplugged in they are all powered on, network boot is selected and thecomputer logs into a multicast deployment.The 4GB image deployment over a 100Mbps LAN to 30 workstationscompletes in 30 minutes.The user state migration is completed, moving the user settings back to userworkstations. In this scenario, the bulk of the work was in planning and building of a SOE. When it came time to actually deploy the computers, the work was very simple consisting mainly of physically moving boxes and plugging them in. With regard to the laptop computers, they are also shipped directly to the home office of the proposed user. A deployment resource builds them in groups just as with the desktop computers. When the user comes into their home office to swap out their machine, the user state migration is run to move all settings and data.1.4.2 Rebuild of a previously deployed user workstation A user contacts the help desk because of issues with their workstation. The workstation is not performing properly, and it seems like there may be an issue with some file corruption. The help desk consultant spends 15 minutes with the16 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  32. 32. user trying to determine what the problem with the workstation is. It is apparent that there is a problem, but a diagnosis is eluding them. The help desk consultant decides that a workstation rebuild is the best way forward. Tivoli Provisioning Manager for OS Deployment was rolled out across the enterprise a few months previously. During that rollout a decision was made to install the RbAgent, Tivoli Provisioning Manager for OS Deployments optional agent, onto every workstation. RbAgent gives the Tivoli Provisioning Manager for OS Deployment administrator, amongst other things, the ability to reboot a computer and to force a PXE boot. In this support instance, after gaining agreement from the user, the help desk consultant locates the users computer in the management web console and executes deploy now against it. At the users end, the computer pops up notification that it is being rebooted for a redeployment. The computer promptly reboots and the SOE deployment commences. Due to the fact that the computer is on a production network and it is during working hours, the bandwidth consumed during the deployment is limited to 50% of the 100Mbps available. The 4GB SOE is deployed in approximately 15 minutes. Instead of having the issue with the computer escalated up through the support organization and using more time up, decisive action was taken and in less than 45 minutes the user was able to once again log in and do productive work.1.4.3 Upgrade of hardware and subsequent Vista install An organization that upgraded its desktop workstation fleet last year decided, for a variety of reasons, to move to Microsoft Vista. At the time of deployment last year they believed that 512 MB of RAM per computer would be plenty of memory for the foreseeable future. Unfortunately this was not the case and so now they are going to have to add another 512MB memory module to each machine. Having deployed Tivoli Provisioning Manager for OS Deployment for their upgrade last year they are well placed to complete this piece of work at their four 100 workstation sites overnight at one site per night using three human resources. Following is the upgrade process:As all the workstations are already defined within Tivoli Provisioning Managerfor OS Deployment, it is a simple task of binding the new Vista profile and therollout deployment scheme to all the workstations. This is done. Chapter 1. Introduction to image management17
  33. 33. After each computer is opened and has its RAM upgraded, the computer isrebooted and F12 is pressed to force a network boot.As the computer is bound to the SOE the computer joins a rollingnon-synchronized multicast deployment scheme. This scheme ensuresmaximum efficiency of concurrent data transfer but without the necessity tosynchronize computers. The deployment is completed overnight as planned.18 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  34. 34. 2Chapter 2. Architecture and deployment scenarios This chapter presents two case studies for the implementation of Tivoli Provisioning Manager for OS Deployment: A small implementation on a single LAN. A large enterprise with multiple subnets in the main office, remote sites connected via lower speed communication links, and the sort of security scrutiny that characterizes large organizations today. Subjects such as server sizing and placement, image replication, driver injection, unicast and multicast, firewalls, and security considerations are discussed. These are the sort of subjects that are not explicitly discussed in the Tivoli Provisioning Manager for OS Deployment user guide, but are of great importance when designing an implementation of a tool in a production environment. The chapter is broken into the following sections: Tivoli Provisioning Manager for OS Deployment features on page 20 Architecture on page 22 Copyright IBM Corp. 2007. All rights reserved. 19
  35. 35. 2.1 Tivoli Provisioning Manager for OS Deploymentfeatures Following are the major features of Tivoli Provisioning Manager for OS Deployment and a short description of the features. It is these features that make Tivoli Provisioning Manager for OS Deployment such an indispensable tool for use during the life cycle of computer systems.System cloningTivoli Provisioning Manager for OS Deployment incorporates the ability tocapture a file-based clone image of a target workstation. Using TivoliProvisioning Manager for OS Deployments built-in Pre-boot eXecutionEnvironment (PXE) server to boot the target system, it is possible to take acloned image of that system from the Tivoli Provisioning Manager for OSDeployment Web console. This image is stored on the Tivoli ProvisioningManager for OS Deployment server and is referred to as a profile.Driver injectionTivoli Provisioning Manager for OS Deployment includes the ability to add adriver to an image as the image is being deployed to a computer. This featureleads to the ability to create a universal system profile that in turn reduces thenumber of images that need to be managed.Software deploymentTivoli Provisioning Manager for OS Deployment includes the ability to createsoftware packages that can be deployed along with the OS image.Universal system profileThe universal system profile is the ability provided by Tivoli ProvisioningManager for OS Deployment to support many different computer models andconfigurations with one image. This is achieved by the automated addition ofvarious driver and software packages during image deployment.Microsoft Vista supportMicrosofts latest and greatest operating system is supported by TivoliProvisioning Manager for OS Deployment in unattended setup and cloningmodes.No touch build capabilityTivoli Provisioning Manager for OS Deployment has features that enable atrue no touch build capability. Whether set to boot from the hard disk or thenetwork, Tivoli Provisioning Manager for OS Deployment can be configuredto take control of the target system and to deploy a profile.Unattended setupTivoli Provisioning Manager for OS Deployment supports the unattendedsetup mode of installation. In this feature all of the parameters that need to beprovided to the installer during the OS installation are predefined in the Tivoli20 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  36. 36. Provisioning Manager for OS Deployment server and fed to the installerduring the installation. This type of installation is best where a one-offinstallation is going to be made or where installation to a number of differenthardware types requires an investment of time to build a master image and allof the appropriate drivers and or application packages.Unicast and multicast image deploymentIn Tivoli Provisioning Manager for OS Deployment, profiles, or what is beingdeployed, are defined separately to how the profile is to be deployed. How theprofile is to be deployed is defined in what is known as a deployment scheme.it is in the deployment scheme that you can define the communication methodbetween the server and client. This can be unicast or multicast. Generally,individual workstation and server builds are done using unicast, while buildsand batches of workstations use multicast, for the time and networkbandwidth savings that it offers.Adjustable network bandwidth utilization during buildDeployment Schemes also offer the ability to limit the amount of networkbandwidth that is used during a deployment. This is very useful when adeployment is being executed over a LAN during the business day. Anunlimited deployment has the capability to really slow the network segmentdown as it could potentially use all available bandwidth; however, if youlimited the bandwidth to say 50Mbps on a 100Mbps LAN it could only everabsorb half the available bandwidth.Highly efficient image storageBy using an MD5 (Message Digest 5) algorithm to individually identify eachfile being stored in the image repository, it is possible to eliminate the need tostore duplicates of any file. What this means is that one Windows XP imagemay take 3GB of storage space, but two variations of an XP image could takeless than 4GB. This efficiency of storage also translates to less image dataneeding to be replicated between servers in larger implementations.Build from DVDIn some instances, a workstation that needs to be built may be at the end of a64Kbps link, or worse. Attempting to install a 4GB image in a case like this isimpractical. The data transfer, if all went well, would take more than 7 days. Inan instance like this it is possible to cut a DVD of the image and deploymentscheme, ship it to the site, then boot from that DVD and deploy the imagefrom the DVD.Boot from CD/DVDIf the network card, in a particular target system, does not support PXE boot,or if PXE is not allowed on a network, it is possible to build a boot CD or DVDon the Tivoli Provisioning Manager for OS Deployment server, and use it toboot the target computer and connect it to the Tivoli Provisioning Manager forOS Deployment server to have an image deployed. Chapter 2. Architecture and deployment scenarios21
  37. 37. Network sensitive image replicationThe replication of workstation and server images around a WAN is acontroversial subject. Many organizations like to have full control over all dataon their network. Because of this Tivoli Provisioning Manager for OSDeployment comes with the following two methods to replicate data betweenservers: Scheduled, bandwidth controlled replicationThis option allows you to set up a replication schedule between serversand to dictate the maximum bandwidth that can be used by thatreplication. Command line export utilitiesThrough the use of command line utilities, it is possible to producedifferent files containing all changes since a previous checkpoint. Thesefiles can then be moved to the slave servers using the corporate softwaredistribution tool or burnt to a DVD and physically moved between servers.RedeploymentThis feature provides the ability to place one or more reference images into ahidden partition on the computer. During the system boot it is possible to doone of the following: Boot the system off the current image on the hard drive. Do a quick clean of the currently deployed image against the referenceimage. Do a full restore of the reference image.Using this feature it is possible to effectively have a fresh image deploymentevery day for the optimum performance of a system.2.2 Architecture We start our Tivoli Provisioning Manager for OS Deployment architecture discussion with some design considerations. These are subjects that could be important in understanding how the product works, and how it fits into a larger corporate environment. The subjects covered are by no means a conclusive list.2.2.1 Design considerations This section aims to describe various items and product features that you should consider when designing a Tivoli Provisioning Manager for OS Deployment implementation. Many of the items are quite obvious but warrant discussion and further explanation; likewise, others are less obvious and may assist a designer in reaching an appropriate design. While the following list is quite22 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1
  38. 38. comprehensive, it should not be considered the definitive list of considerations asevery organization has its own set of idiosyncrasies to take into account. Many ofthe subjects have links through to section two of this book, which contains moredetailed step-by-step guides to Tivoli Provisioning Manager for OS Deploymentfeatures.Unattended setupUnattended setup of a Windows or Linux operating system entails the provisionof all the parameters required in the setup of the operating system by the TivoliProvisioning Manager for OS Deployment. Unattended setup is a more timeconsuming method of deploying an operating system and cannot be used on thesame scale that cloning can. However it is the easiest type of deployment profileto set up. All activities take place on the server via the Web interface. A fulldescription of how to set up an unattended setup deployment profile can befound in Chapter 4, Installing pre-Vista systems on page 137.An advantage of an unattended setup profile is that it is a more genericinstallation, because the setup program detects the hardware and peripheralspresent and detects if a driver is available, and then installs it. The important taskthat the deployer has is to ensure that all the necessary drivers are available.An unattended setup can be a good way to build an initial system for cloning. It isalso very good for building systems in an environment where the hardware haslarge differences.Figure 2-1 on page 24 shows the potential inputs to an unattended setup. Thisinstance includes the original files and parameters such as the license key, hostname, administrator account details, and the domain to join. It also includes adriver package and a software package. Chapter 2. Architecture and deployment scenarios23
  39. 39. DriverUnattended packageinstall DriverParameters package Software Package Operating system installation files Result = an OS setup in unattended mode Figure 2-1 Unattended setup Cloned image Cloning is a major feature of Tivoli Provisioning Manager for OS Deployment and in conjunction with deployment schemes gives the product its versatility. Cloning is a fairly simple process, but it does take more set up than an unattended operating system setup. The process to clone a machine is as follows: 1. Start with a reference machine that is representative of the different systemsto which you are going to deploy. 2. Clean the machine. By this we mean empty the recycle bin, disconnectnetwork drives and printers, close all applications, and delete all temporaryfiles and caches. 3. Run sysprep. Sysprep is Microsofts utility for preparing the operating systemfor duplication. It clears out many of the internal system settings that identifythat instance of the operating system. When the workstation is booted for thefirst time after deployment, Tivoli Provisioning Manager for OS Deploymentsupplies all the parameters required to complete the mini setup, and give thisinstance of the operating system its personality.24 Deployment Guide Series: Tivoli Provisioning Manager for OS Deployment V5.1

Adobe Acrobat 6.0 for IBM Tivoli Software Distribution ...€¦ · IBM Tivoli Software Distribution User Guide Adobe has validated the deployment of Acrobat 6 products with Tivoli

Deployment guide series ibm tivoli monitoring express version 6.1 sg247217

Deployment Guide for IBM Tivoli Storage Manager · Deployment Guide for IBM Tivoli Storage Manager V5.3 October 2005 International Technical Support Organization SG24-6761-00

Deployment Guide Series: Tivoli Continuous Data Protection for Files

Deployment Guide Series: Tivoli Continuous Data Protection ... · viii Deployment Guide Series: Tivoli Continuous Data Protection for Files 3-22 Informational message that the network

Tivoli Management Framework - IBMpublib.boulder.ibm.com/tividd/td/framework/GC32... · Tivoli Management Framework Planning for Deployment Guide Version 41. GC32-0803-00

Deploying F5 with IBM Tivoli Maximo Asset Management · Document Version 1.2 Deployment Guide Deploying F5 with IBM Tivoli Maximo Asset Management Welcome to the F5 Deployment Guide

Out of Your Tivoli Endpoint Manager Deployment€¦ · Getting the Most Out of Your Tivoli Endpoint Manager Deployment . David Biondi, Global Knowledge Instructor and IBM Advanced

Deployment Guide Series IBM Tivoli Application Dependency Discovery Manager V7.1 Sg247616

Deployment Guide Series IBM Tivoli Composite Application Manager for WebSphere V6.0 Sg247252

Certifyhere 000-599 Exam - IBM Tivoli Storage Productivity Center V5.1 Implementation

Deploying Linux Systems With Tivoli Provisioning Manager for OS Deployment Redp4323

Tivoli Configuration Manager and Tivoli Provisioning Manager · PDF fileFour Core Enterprise Provisioning Products • TPM for Operating System Deployment 5.1 ... • Activity Planner

Deployment Guide Series: IBM Tivoli Storage Manager FastBack

Deployment Guide Series: IBM Tivoli Composite Application … · 2006. 8. 6. · x Deployment Guide Series: IBM Tivoli Composite Application Manager for WebSphere V6.0 The team that

Deployment Guide Series: IBM Tivoli Monitoring V 6 · PDF file2.4.3 Operating system image deployment ... 5.2.4 Policies for automation ... 3-45 Tivoli Enterprise Portal Client Desktop

IBM Certified Deployment Professional - Tivoli Process Automation Engine V7.5

Deployment guide series tivoli continuous data protection for files v3.1 sg247423

S13165-CICS Transaction Gateway Updatepublic.dhe.ibm.com/software/commerce/CICS_Transaction...CICS PA V5.1 CICS DA V5.1 CICS Explorer Deeper insight Flexible deployment CICS TS V5.1

Deployment Guide Series: IBM Tivoli Monitoring V6 · 2008. 2. 6. · Deployment Guide Series: IBM Tivoli Monitoring V6.2 February 2008 International Technical Support Organization

Vista deployment using tivoli provisioning manager for os deployment redp4295

Deployment Guide Series: Tivoli IT Asset Management Portfolio

Deployment Guide Series IBM Tivoli CCMDB Overview and Deployment Planning Sg247565

Tivoli Provisioning Manager for OS Deployment: … server configuration and maintenance 74 ... 4 Tivoli Provisioning Manager for OS Deployment: Reference Guide. ... system profiles,

Tivoli Provisioning Manager V5.1 FP1 © 2006 IBM Corporation L2 GO Training Local TCA Install Przemyslaw…

Deployment guide series ibm tivoli usage and accounting manager v7.1 sg247569

IBM Certified Deployment Professional - Tivoli … Certified Deployment Professional - Tivoli Netcool/Impact V6.1 Number : C2010-573 Passing Score : 800 Time Limit : 120 min File Version

Deployment Guide for IBM Tivoli Storage ManagerIBM Tivoli Storage Manager V5.3 Sanver Ceylan Carl Gusler Krishnaprasath Hari Rajkumar Jeyaraman Planning for IBM Tivoli Storage Manager

Deployment Guide Series: Tivoli Continuous Data Protection ...polnickr/cdp/sg247423.pdf · Deployment Guide Series: Tivoli Continuous Data Protection for Files V3.1 Vasfi Gucer Greg

Deployment Guide Series: IBM Tivoli Monitoring V6 · Deployment Guide Series: IBM Tivoli Monitoring V6.2 February 2008 International Technical Support Organization SG24-7444-00

Certification guide series ibm tivoli provisioning manager v5.1 sg247262

Deployment guide series ibm tivoli monitoring v6.2 sg247444

Tivoli Provisioning Manager for OS Deployment: Reference Guide · 2016-03-16 · OS deployment The OS deployment component provides access to the main functions of Tivoli Provisioning

Tivoli Provisioning Manager for OS Deployment: Reference Guide · can select to view successful or failed deployments by OS configuration, by deployment ... system profiles, deployment

Deploying F5 with IBM Tivoli Maximo Asset Management · Archived Document Version 1.4 Deployment Guide Deploying F5 with IBM Tivoli Maximo . Asset Management. Welcome to the F5 Deployment