Understanding BigFix OS Deployment components and terminology
OS Deployment is a platform-based application. Before you begin working with OS Deployment in your environment, become familiar with the key product components and concepts.
- Agent
An BigFix Agent (henceforth referred to as client or target) is installed on every computer that must be managed. It continuously assesses the state of the endpoint against the stated policy. As soon as the agent notices that the target out of compliance with a policy or checklist, it informs the server, runs the configured remediation task, and immediately notifies the server of the task status and result. A computer with the BigFix agent installed is referred to as a client. In an OS Deployment network, clients are recipients of deployment actions. They can receive OS upgrades, and can be reimaged by retaining existing user data. A client is automatically installed during Bare Metal Provisioning.
- Bare Metal OS Deployment Server
A Bare Metal server, also referred to as Bare Metal Server or OS Deployment Server, is a PXE server that manages OS deployments to bare metal targets. The console operator prepares Bare Metal profiles from images that are stored in the Image Library, and sends the profiles to the Bare Metal Server for deployment on targets. You install this component on a relay in your OS Deployment network. The Bare Metal Server embeds the Image Provider component that is needed for Linux deployments.
You can deploy bare metal profiles and reimaging profiles using multicast communication, if your network infrastructure supports this protocol.
- Bare Metal Profile
A Bare Metal profile combines an image to a set of additional user-defined properties that allow a successful deployment on bare metal targets. A Bare metal profile contains the required data to deploy an operating system (such as product key, owner, and organization), an optional password to protect the profile to prevent unauthorized deployment, and an optional timeout to allow automatic deployment when the timeout expires. Bare Metal profiles are derived from images and are sent to specific Bare Metal servers in the BigFix infrastructure.
- Bare Metal Target
A Bare Metal target is any computer in your environment that boots from the network or from deployment media that emulates the PXE boot process. Through a binding menu, the target selects bare metal profiles for installation. Profiles can also be automatically deployed without target intervention.
Bare Metal targets can also be managed from the BigFix infrastructure, through the Management Extender for Bare Metal Targets component.
- Console
The BigFix console (referred to as console) acts as a single point of management and control for all activities in the network. If you are an operator with the required privileges, from the console you can quickly monitor and trigger specific actions to selected targets. In an OS deployment network, the Console operator can complete all the OS deployment preparation and deployment actions from the OS deployment and Bare Metal Imaging site.
- Deployment Media
- Deployment media are CD/DVDs or USB keys that you prepare for use on targets that are not using PXE for these purposes:
- to emulate the PXE boot process and start the Bare Metal deployment process
- to perform an offline OS deployment
- Drivers
Drivers are needed to adapt an image to specific hardware. Windows Preinstallation Environment (WinPE) and Windows operating systems require drivers, for both the preinstallation phase and when the operating system is deployed. In the OS Deployment environment, drivers are stored in the driver library and are separate from the images. In earlier versions of OS Deployment, drivers were selected at deployment time, based on best match criteria for the operating system to be deployed and the devices installed on the target hardware. From version 3.7, driver management is simpler and more efficient. You can explicitly bind drivers to specific machine models for the images you plan to deploy at driver import time. At run time, these bindings take precedence over the automatic binding mechanism.
You can also check which drivers are missing before deploying an image, and import them selectively.
- Image
An image is a "copy" of an operating system. An image can be created by capturing a reference machine or created from installation media (ISO Image). The image can include one or more disk partitions in a single file.
- Image Provider
-
The Image Provider is a machine that hosts the Linux images (LIM) that are to be deployed to Linux targets. It is a component of OS Deployment that must be installed on those relays that serve the Linux targets that you want to reimage. The relays that have the Bare Metal Server component installed already act as image providers to their connected targets, so this component is not needed.
- Management Extender for Bare Metal targets
- The Management Extender for Bare Metal Targets is a plug-in that you install on the Bare Metal OS Deployment Server. It collects information about the Bare Metal Targets that completed a PXE boot operation on the Bare Metal Server and reports this information to theBigFix Server. You can then manage the reported Bare Metal targets through theBigFix infrastructure. The Management Extender for Bare Metal targets requires the Proxy Agent component ofBigFix.
- MDT Bundle
An MDT Bundle is a collection of Windows Pre-installation Environment (WinPE) files, a Deployment engine (MDT), and OS resources that are needed for the installation of a Windows operating system. MDT is a tool that allows the definition of a sequence of steps that are required to deploy the operating system. The tool runs within WinPE. The OS resources are packaged starting from an operating system installation CD. The MDT Bundle is created on the MDT Bundle Creator machine and uploaded into the OS Deployment environment. Typically, you need to create a bundle only once.
- MDT Bundle Creator
The MDT Bundle Creator is a system that is used for creating deployment packages for Windows OS deployments to be uploaded to the server when ready. The bundles contain the tools, resources, and instructions necessary for successful image deployments. OS Deployment automatically installs the necessary tools on your designated MDT Bundle Creator system. Depending on the types of Windows operating systems that you want to deploy, the MDT Bundle Creator machine might require access to the internet to download the necessary tools.
- Network shares
In an OS Deployment context, a network share is a network path that serves as repository for the Windows images (WIM) stored after a capture before they are imported into the Image Library. Network shares are also used to store user data before reimaging a target.
- Proxy Agent
- The Proxy Agent is an enabling service that is used by Management Extenders to provide a connection to the BigFix infrastructure for devices that do not run a native agent.
- Reimage Profile
-
A Reimage profile is used to reimage Windows targets using multicast communication. To deploy an image using multicast, the Bare Metal Server must be installed on the relays managing these targets. You must create a reimage profile and precache it on the Bare Metal Server before you can deploy it on the target. The reimage profile contains a set of customizable parameters that affect how the multicast distribution will be completed.
- Relay
An BigFix relay (henceforth referred to as relay) is a client that is enhanced with a relay service. Relays help manage distributed devices by delivering content and software to child clients and relays. Instead of requiring every networked computer to directly access the server, relays are used to scale much of the workload. Promoting an agent to a relay takes minutes and does not require dedicated hardware or network configuration changes. In an OS Deployment environment, relays take the role of Image Providers for deployments on Linux targets, and become OS Deployment Servers for bare metal provisioning on both Windows and Linux targets.
- Server
BigFix Server is the main component of the IEM infrastructure. It manages policy-based content, coordinates the flow of information to and from the individual clients, and stores the results in the database. All content is delivered in the network through messages called Fixlets. From an OS Deployment perspective, the BigFix server manages all deployment activities to targets and communicates with relays that act as Image Providers or as Bare Metal Servers. The server stores images, profiles, and all necessary OS resources and tools that are needed for deployments to targets.
- Windows Assessment and Deployment Kit (WADK) and Windows Automated Installation Kit (WAIK):
WADK and WAIK are a collection of tools that are used to customize, assess, and deploy Windows operating systems.
- Windows Pre-installation Environment (WinPE)
It is a minimal operating system that is used to prepare a computer for a Windows installation. Different versions of WinPE are available for the various Windows Operating system versions. OS Deployment uses WinPE during reimaging and bare metal provisioning.
Provisioning Use Cases
- Capturing Windows Images
A Capture process is the creation of a reference image from an installed machine (referred to as reference machine), removing unique identifiers from the image so that it can be "cloned" on new systems. You might also want to capture a newly installed critical machine to create a "golden image" that can be easily restored in case of failure. The capture process relies on Microsoft tools and requires an MDT Bundle.
You can capture systems using the Capture dashboard. You must specify a set of parameters that are needed for the capture process. During the capture process on Windows systems, the selected MDT Bundle is downloaded with the corresponding WinPE and the needed network and disk drivers are downloaded for use with WinPE. The output of the capture process is a Windows image (.WIM) which is stored on a network share and contains one or all of the partitions. An ".imageinfo" file that includes the description of the image, and the ".driverinfo" file that contains the PCI IDs of the devices that are managed by the drivers that are built in the captured OS.
- Reimaging Windows targets
Reimaging involves redeploying an operating system image on a target where the old operating system is still running. It involves capturing and restoring the user data when the image is applied to the target. Reimaging allows you to deploy a golden image to one or more targets and to perform operating system upgrades. The image and any applicable drivers are loaded on the target.
During the reimaging process, you can provide additional customization parameters for migrating specific user files. You can modify the mapping of the partitions present in the image (.WIM) with the existing partitions on the target machine. Network shares can be used to store the saved user state and the deployment logs. As part of the customization steps you can automatically join a target machine to a workgroup or specific domain after the reimaging completes. Targets can be reimaged in multicast.
- Reimaging Linux targets
Reimaging involves redeploying an operating system image on a target where the old operating system is still running. Reimaging allows you to deploy an image that is created from an installation media to one or more targets and to perform operating system upgrades.
The Image Provider component (or the Bare Metal Server that embeds an Image Provider) is required on the relay where the targets are connected to; it acts as an HTTP server that hosts the selected LIM image to be provisioned. During the reimaging process, you can provide more customization parameters by editing the configuration file that is used by the Linux Installer.
- Bare Metal Target provisioning
Bare Metal Provisioning involves the installation of an operating system on a new machine (bare metal machine). It requires a PXE server or Deployment Media because the target must boot from a bootable device that is not its own disk. A Bare metal profile is created from an image that already includes the correct software stack. You can customize more properties to be used during the deployment. As part of the process, the appropriate drivers are downloaded on the target. You can also repartition the disks on the target during a bare metal deployment.
Bare Metal provisioning can be initiated from the binding menu that is displayed on the Bare Metal target machine after it performs a PXE boot to its Bare Metal OS Deployment Server, or it can be initiated from the BigFix console, when the Management Extender for Bare Metal Targets plug-in is installed on the Bare Metal Server. With this component you can manage Bare Metal Targets from the BigFix infrastructure. Typical use cases are:-
When a system is to be reprovisioned to a new user, a best practice is to wipe the disk content entirely. The new machine owner is requested to perform a PXE boot operation, so that the system can be managed from the BigFix console where an administrator sends a disk wipe task to the target. When the disk wipe operation is complete, the administrator sends a Bare Metal profile deployment task to the target to deploy the chosen operating system image.
- A new server needs to be configured and deployed. The deployment requires configuring the system RAID controller before the operating system is installed. This operation requires an update to the RAID controller firmware. The hardware configuration instructions are prepared using vendor-specific tools available on the vendor's website. Then, the hardware configuration instructions are imported into the BigFix infrastructure ready to be deployed. When the operator performs a PXE boot operation, the new server becomes manageable from the BigFix console. A Hardware Configuration Task is then sent to the target to perform the necessary changes.
-
- Deployments using multicast communication
- For reimaging and Bare Metal deployments of Windows targets, users can take advantage of the multicast protocol if their network infrastructure supports this type of communication. Multicast communication requires the Bare Metal server. Deployments using multicast have a significant reduction in bandwidth use but may increase overall deployment time. When multicast is used, every target starts downloading images as soon as it is ready, and continues with the deployment when it has downloaded all the required files. When two or more targets are downloading files in parallel, they share the same bandwidth.