To implement the network deployment strategies outlined in this section, you must have a solid understanding of the TCP/IP network protocol and specific knowledge of TCP/IP routing and the DHCP discovery process.
Deploying Desktop Management Preboot Services (PXE) in a single segment is a relatively simple process that only requires configuring the ZENworks Imaging server. However, Preboot Services deployment in a routed environment is far more complex and might require configuration of both the ZENworks Imaging server and the network switches and routers that lie between the server and the PXE workstations.
Configuring the routers or switches to correctly forward Preboot Services network traffic requires a solid understanding of the DHCP protocol, DHCP relay agents, and IP forwarding. The actual configuration of the switch or router needs to be carried out by a person with detailed knowledge of the hardware.
We strongly recommend that you initially set up Preboot Services in a single segment to ensure that the servers are configured correctly and are operational.
This section includes the following information:
Server configurations depend on the server’s platform:
There are three important points about configuring servers for Preboot Services:
DHCP server: The Preboot Services environment requires a standard DHCP server. It is up to you to install your standard DHCP server.
Preboot Services daemons and Library File: The three Preboot Services daemons (novell-tftp, novell-proxydhcp, and novell-zmgprebootpolicy) and the libzmgserv.so library file are all installed on the ZENworks Imaging server when you install ZENworks Desktop Management. These daemons must run together on the same server.
Imaging server: The Preboot Services daemons can be installed and run on the same or different server than DHCP.
The following sections give general information about these services:
It is seldom necessary to make changes to the default configuration of these services. However, if you need more detailed configuration information, see Section 56.6.1, Configuring Preboot Services Servers in Linux.
The standard DHCP server must be configured with an active scope to allocate IP addresses to the PXE devices. The scope options should also specify the gateway or router that the PXE devices should use.
If Preboot Services (specifically novell-proxydhcp) is installed on the same server as the DHCP server, then the DHCP server must be configured with a special option tag. For more information, see WAN/VLAN Environment.
The libzmgserv.so library file is used by eDirectory to provide imaging services to the devices.
This includes sending and receiving image files, discovering assigned imaging tasks from eDirectory, acting as session master for multicast imaging, and so on.
The Preboot Services Proxy DHCP server runs alongside a standard DHCP server to inform PXE devices of the IP address of the TFTP server, the IP address of the server where novell-zmgprebootpolicy is running, and the name of the network bootstrap program (nvlnbp.sys).
The Preboot Services novell-tftp daemon is used by PXE devices to request files that are needed to perform imaging tasks. The TFTP server also provides a central repository for these files.
A PXE device uses one of these servers to download the network bootstrap program (nvlnbp.sys).
PXE devices uses novell-zmgprebootpolicy to check if there are any imaging actions that need to be performed on the device. It forwards requests to eDirectory (the libzmgserv.so library file) on behalf of PXE devices.
The Preboot Services environment requires a standard DHCP server, Proxy DHCP server, TFTP or MTFTP boot server, and a Transaction server to function correctly. With the exception of the standard DHCP server, these are installed when you install Desktop Management Preboot Services.
The following sections give general information about these services:
It is seldom necessary to make changes to the default configuration of these services. However, if you need more detailed configuration information, see Configuring Preboot Services Servers in Windows or Configuring Preboot Services Servers in NetWare.
The standard DHCP server must be configured with an active scope that allocates IP addresses to the PXE workstations. The scope options should also specify the gateway or router that the PXE workstations should use.
If Preboot Services (specifically the Proxy DHCP server) is installed on the same server as the DHCP server, then the DHCP server must be configured with a special option tag. For more information, see Windows 2000 Advanced Server and NetWare 6.x DHCP Server.
IMPORTANT:Installing and running the Proxy DHCP server on a NetWare 5.x server that is already running a standard DHCP server is not supported; you can, however, upgrade the DHCP server.
The Preboot Services Proxy DHCP server runs alongside a standard DHCP server to inform PXE clients of the IP address of the TFTP server, MTFTP server, and Transaction server. The Proxy DHCP server also responds to PXE clients to indicate which boot server (TFTP or MTFTP) to use.
It is seldom necessary to make any changes to the default configuration.
If you don’t want to run the Proxy DHCP server on the same server as the Transaction server or TFTP server, you can change the Proxy DHCP settings to direct PXE workstations to a different server.
IMPORTANT:Installing and running the Proxy DHCP server on a NetWare 5.x server that is already running a standard DHCP server is not supported.
The Preboot Services TFTP and MTFTP servers are used by the Preboot Services client to request files that are needed to perform imaging tasks. The TFTP server also provides a central repository for these files.
A PXE client uses one of these servers to download the Preboot Services client.
By default, TFTP is used because it speeds the workstation’s boot process; however, you can change the configuration to use MTFTP. For more information, see Configuring Preboot Services Servers in Windows or Configuring Preboot Services Servers in NetWare.
The Preboot Services client connects to the Transaction server to check if there are any imaging actions that need to be performed on the workstation.
It is seldom necessary to make any changes to the default configuration.
You can change the UDP port that the Transaction server uses for communicating with the Preboot Services client (by default it is UDP Port 18753). You should do this only if the Transaction server is conflicting with another service running on the server. For more information, see Section 56.2, Installing and Setting Up Desktop Management Preboot Services.
The configuration required to run Preboot Services in your network depends on your network setup. You can configure Preboot Services using any of the following network setups:
LAN environment with Preboot Services and DHCP running on separate servers
LAN environment with Preboot Services and DHCP running on the same server
WAN/VLAN environment with Preboot Services and DHCP running on separate servers
WAN/VLAN environment with Preboot Services and DHCP running on the same server
This section covers the following topics:
Design your network so that Preboot Services clients can effectively connect to the Transaction server as well as to the TFTP or MTFTP servers. Make sure you consider the number of Preboot Services clients to be installed on the network and the bandwidth available to service these clients. To understand how the clients and servers need to interact during the Preboot Services process, see Illustrating the Preboot Services Processes for NetWare and Windows Imaging Servers.
TFTP servers should be installed so that Preboot Services clients have access to a TFTP server within their LAN. The bulk of network traffic generated by Preboot Services is between the Preboot Services clients and the TFTP server. A good design ensures that a client does not need to connect to its TFTP server through a slow WAN link.
Although you can have any number of imaging servers, generally only one Proxy DHCP server should be enabled per DHCP server scope.
The following sections provide information about setting up Preboot Services in a LAN environment:
Table 56-6 DHCP Running on Separate Servers in LAN Environment
|
Information |
Details for This Setup |
|---|---|
|
Scope |
Only PXE workstations in the LAN connect to the Preboot Services server. |
|
Example of Usage |
A small school workstation lab that is using Imaging to prepare the workstations between classes. |
|
Advantages |
|
|
Disadvantages |
Limited use, because a single-LAN environment only exists in small lab-type networks. |
Table 56-7 DHCP Running on the Same Server in LAN Environment
|
Information |
Details for This Setup |
|---|---|
|
Scope |
Only PXE workstations in the LAN connect to the Preboot Services server. |
|
Example of Usage |
A small school workstation lab with only one server that is using Imaging to prepare the workstations between classes. |
|
Configuration Required |
Because Preboot Services and DHCP are running on the same server, option tag 60 is set on the DHCP server. For information on setting this tag, see Windows 2000 Advanced Server and NetWare 6.x DHCP Server. |
|
Advantages |
|
|
Disadvantages |
|
If you have Preboot Services and DHCP running on separate servers, no network configuration is required.
If you have Preboot Services and DHCP running on the same server, option tag 60 must be set on the DHCP server. Do the following to set up standard DHCP and Proxy DHCP on the same server:
Stop the DHCP services on the Linux imaging server.
On this server, open the dhcp.conf file in an editor.
Insert the following line in the file:
option vendor-class-identifier "PXEClient";
Save the file.
Restart the DHCP service.
In a WAN, the PXE workstation is usually separated from the Proxy DHCP and DHCP servers by one or more routers. The PXE workstation broadcasts for DHCP information, but by default the router does not forward the broadcast to the servers, causing the Preboot Services session to fail.
In a VLAN (Virtual LAN) environment, the PXE workstation is logically separated from the Proxy DHCP server and the DHCP server by a switch. At the IP level, this configuration looks very similar to a traditional WAN (routed) environment.
In a typical VLAN environment, the network is divided into a number of subnets by configuring virtual LANs on the switch. Workstations in each virtual LAN usually obtain their IP address information from a central DHCP server. In order for this system to work, it is necessary to have Bootp or IP helpers configured on each gateway. These helpers forward DHCP requests from workstations in each subnet to the DHCP server, allowing the DHCP server to respond to workstations in that subnet.
The following sections provide information about setting up Preboot Services in a WAN/VLAN environment:
Table 56-8 DHCP Running on Separate Servers in WAN/VLAN Environment
|
Information |
Details for This Setup |
|---|---|
|
Scope |
PXE workstations over the entire WAN/VLAN connect to the Preboot Services server. |
|
Example of Usage |
Any corporate or mid-size network that has the network divided into multiple subnets, but is running only one DHCP server. |
|
Configuration Required |
A DHCP relay agent or IP helper is configured on the router or switch serving the subnet that the PXE workstation belongs to. The helper is configured to forward all DHCP broadcasts that are detected in the subnet to the DHCP and Proxy DHCP servers. This normally requires two helpers to be configured: the first to forward DHCP broadcasts to the DHCP server, and the second to forward the DHCP broadcasts to the Proxy DHCP server. |
|
Advantages |
|
|
Disadvantages |
The network equipment (routers/switches) must be configured with additional IP helpers. Some network equipment might not function properly when more than one additional IP helper is configured. |
|
Detailed Setup Information |
Configuring a WAN/VLAN With Preboot Services and DHCP Running on Separate Servers |
IMPORTANT:For Linux imaging servers only, if the switch is acting as a firewall and limiting the type of traffic on the network, understand that the novell-tftp and novell-zmgprebootpolicy daemons are not firewall or network filter friendly. You should not attempt to run these daemons through a firewall. If users need to pass preboot work through a firewall, then all Preboot Services work needs to be on the outside and merely reference a Web service inside the firewall.
Table 56-9 DHCP Running on the Same Server in WAN/VLAN Environment
|
Information |
Details for This Setup |
|---|---|
|
Scope |
PXE workstations over the entire WAN/VLAN connect to the Preboot Services server. |
|
Example of Usage |
Any corporate or mid-size network that has the network divided into multiple subnets, but is running only one DHCP server. |
|
Configuration Required |
|
|
Advantages |
No network equipment (routers/switches) needs to be configured to forward network traffic to the Proxy DHCP server. |
|
Disadvantages |
|
|
Detailed Setup Information |
Configuring a WAN/VLAN With Preboot Services and DHCP Running on the Same Server |
IMPORTANT:For Linux imaging servers only, if the switch is acting as a firewall and limiting the type of traffic on the network, understand that the novell-tftp and novell-zmgprebootpolicy daemons are not firewall or network filter friendly. You should not attempt to run these daemons through a firewall. If users need to pass preboot work through a firewall, then all Preboot Services work needs to be on the outside and merely reference a Web service inside the firewall.
If the switch is acting as a firewall and limiting the type of traffic on the network, it might be necessary to open certain UDP ports in the firewall. For a list of UDP ports used by Desktop Management Preboot Services, see Section 56.4.3, Configuring Filters on Switches and Routers.
This section includes the following topics:
The Desktop Management installation provides for a complete installation of the Preboot Services and Imaging components. If you want to install all of Imaging and Preboot Services on the DHCP server, then run the standard installation on the server.
However, you might want to run the Preboot Services components (Proxy DHCP and TFTP services) on the DHCP server and the Imaging and Transaction Server components on another server.
If you want to configure the system like this, you need to do so manually by following the steps below.
Install Desktop Management Preboot Services on a server.
Test to make sure that the server is set up correctly.
Connect the server to a LAN with a PXE workstation in the same LAN.
Assign imaging work to the workstation through a server or workstation policy in Novell ConsoleOne®.
Boot the workstation.
Verify that it picks up the imaging work correctly.
Stop the Desktop Management Proxy DHCP service on the server.
For Windows, go to the Services panel and stop the Proxy DHCP Service. Set the service to so that it does not start the next time the server is started.
For NetWare, enter unload pdhcp at the server console to unload the Proxy DHCP service. Edit the zfdstart.ncf file and comment out the line that loads the Proxy DHCP service to prevent it from loading the next time the server is started.
If the Proxy DHCP service was running on the same server that was running DHCP, delete option tag 60 from the DHCP server that you added during the installation.
Install the Proxy DHCP service and TFTP service on the server that is running DHCP services.
For instructions on how to do this, see Installing the Proxy DHCP Server and the TFTP Server on the DHCP Server.
Configure option tag 60 on the DHCP server and set the tag to the text string “PXEClient.”
For instructions on how to do this, see Windows 2000 Advanced Server and NetWare 6.x DHCP Server.
Configure the Proxy DHCP service to redirect PXE workstations to the Preboot Services server that you set up in Step 1.
For Windows, run the Proxy DHCP service configuration application and set the to the IP address of the server that you set up in Step 1.
For NetWare, open pdhcp.ini and change the TRANSACTION_SERVER_IP entry to the IP address of the server that you set up in Step 1.
Start the Proxy DHCP service that has just been installed on the server running DHCP services.
For Windows, start the service in the Service Control Manager.
For NetWare, enter load pdhcp at the server console.
PXE workstations in all VLANs that are supported by the DHCP server are able to pick up work through PXE.
This section includes the following topics:
Installing and Configuring Proxy DHCP and TFTP Servers on a NetWare Server
Installing and Configuring Proxy DHCP and TFTP Servers on a Windows Server
Copy the following files to sys:\system on the destination server. These files can be obtained either from your working ZENworks Imaging server, or from the ZENworks Desktop Management Program CD.
Copy all of the files from the sys:\tftp directory to a directory with the same name on the destination server.
Edit the tftp.ini file. Make sure that the ReadPath is the same as the path where you copied the TFTP files in Step 2.
If you want the services to start automatically, edit the autoexec.ncf file and add the following lines:
Load tftp
Load pdhcp
Start the services on the server by entering the following lines at the server console:
Load tftp
Load pdhcp
Stop all Desktop Management Preboot Services on the server where you installed Preboot Services.
To do this, open the Service Control Manager ( > > ), and stop the Preboot Transaction Server, Preboot Port Mapper, Proxy DHCP Service, and Preboot TFTP/MTFTP Service.
Copy the entire subdirectory where you installed Desktop Management Preboot Services to the destination server. Typically, this subdirectory is \program files\zen_preboot_services.
Using the Service Control Manager, restart the services on the original server that you stopped in Step 1.
On the destination server, perform the following steps. You need to be logged in to the server with administrator rights.
This example assumes you copied all of the files to c:\program files\zen_preboot_services.
Click > .
Type cmd, then press Enter to open a command console.
Type cd c:\program files\zen preboot services\pdhcp, then press Enter.
Type dhcpservice -i, then press Enter.
Type dhcpcfg, then press Enter.
This starts the Proxy DHCP configuration application.
Set the to the IP address of the ZENworks Imaging server, click , then click .
Switch back to the command console.
Type cd c:\program files\zen preboot services\tftp, then press Enter.
Type tftpservice -I, then press Enter.
Type tftpcfg, then press Enter.
The TFTP configuration applet starts. Make sure the TFTP Read Path is correct, and points to a subdirectory containing the TFTP files. The \tftp folder is usually located at c:\program files\zen preboot services\tftp\data.
Click to close the application.
Open the Service Control Manager, then start the Proxy DHCP and TFTP services that are now listed there.
or
Reboot the server and the services start automatically.
If the switch is acting as a firewall and limiting the type of traffic on the network, it might be necessary to open certain UDP ports in the firewall. For a list of UDP ports used by ZENworks Desktop Management Preboot Services, see Section 56.4.3, Configuring Filters on Switches and Routers.
An example deployment is given below of a WAN/VLAN environment with Preboot Services and DHCP running on the same server. The subsequent sections provide the specific steps required to configure network equipment so that it correctly forwards Preboot Services network traffic.
In this example, three VLANs are configured on a Bay Networks Accel 1200 switch running firmware version 2.0.1. One VLAN hosts the Proxy DHCP server, the second VLAN hosts the DHCP server, and the third VLAN hosts the PXE client. The PXE client’s DHCP broadcast is forwarded by the switch to both the Proxy DHCP server and the DHCP server. The response from both servers is then routed correctly back to the PXE client, and the PXE client starts the Preboot Services session correctly.
The three VLANs are all 24-bit networks; their subnet mask is 255.255.255.0.
The first VLAN gateway is 10.0.0.1. This VLAN hosts the PXE client that is allocated an IP in the range of 10.0.0.2 to 10.0.0.128. This VLAN is named VLAN1.
The second VLAN gateway is 10.1.1.1. This VLAN hosts the DHCP server with IP 10.1.1.2. This VLAN is named VLAN2.
The third VLAN gateway is 196.10.229.1. This VLAN hosts the server running the Proxy DHCP server and the Transaction server. The server’s IP is 196.10.229.2. This VLAN is named VLAN3.
Routing is enabled between all VLANs. Each VLAN must be in its own spanning tree group.
Go to Global Configuration mode.
Type ip forward-protocol udp 67, then press Enter.
Type ip forward-protocol udp 68, then press Enter.
Go to the LAN interface that serves the PXE workstation.
Type ip helper-address 10.1.1.2, then press Enter.
Type ip helper-address 196.10.229.2, then press Enter.
Save the configuration.
Connect to the router with Site Manager.
Make sure that IP is routable.
Enable on the PXE workstation subnet or VLAN.
Select the interface that the PXE workstations are connected to.
Edit the circuit.
Click .
Click .
Make sure that the check box is selected.
Click .
Click > > > .
The interface where Bootp was enabled is visible in the list.
Click .
Change the value to and .
Set up the relay agents:
Perform the following steps on the switch:
Enable DHCP for the client VLAN using the following command lines:
# config vlan1 ip
# dhcp enable
Configure IP helpers to forward DHCP requests from the workstation subnet to the Proxy DHCP server, using the following command lines:
# config ip dhcp-relay
# create 10.0.0.1 10.1.1.2 mode dhcp state enable
# create 10.0.0.1 196.10.229.2 mode dhcp state enable
The create command has the form:
create agent server mode dhcp state enable
where agent is the IP address of the gateway that serves the PXE workstation, and server is the IP address of the server that the DHCP frame should be forwarded to.
Save the configuration.
Some network devices filter network traffic that passes through them. Preboot Services makes use of several different types of traffic, and all of these must be able to pass through the router or switch successfully for the Preboot Services session to be successful. The Preboot Services session uses the following destination ports:
Table 56-10 Ports Used by Preboot Services Components
|
Component |
Port |
|---|---|
|
DHCP and Proxy DHCP Servers |
UDP Port 67, 68, and 4011 |
|
TFTP Server |
UDP Port 69 |
|
RPC Port Map Server |
UDP Port 111 |
|
Transaction Server |
UDP Port 18753 |
Spanning tree protocol (STP) is available on certain switches and is designed to detect loops in the network. When a device (typically a network hub or a workstation) is patched into a port on the switch, the switch indicates to the device that the link is active, but instead of forwarding frames from the port to the rest of the network, the switch checks each frame for loops and then drops it. The switch can remain in this listening state from 15 to 45 seconds.
The effect of this is to cause the DHCP requests issued by PXE to be dropped by the switch, causing the Preboot Services session to fail.
It is normally possible to see that the STP is in progress by looking at the link light on the switch. When the workstation is off, the link light on the switch is obviously off. When the workstation is turned on, the link light changes to amber, and after a period of time changes to a normal green indicator. As long as the link light is amber, STP is in progress.
This problem only affects PXE or Preboot Services clients that are patched directly into an Ethernet switch. To correct this problem, perform one of the following:
Turn off STP on the switch entirely.
Set to for every port on the network switch where a PXE workstation is attached.
After the problem is resolved, the link light on the port should change to green almost immediately after a workstation connected to that port is turned on.
Information about STP and its influence on DHCP can be found at Using PortFast and Other Commands to Fix End-Station Startup Connectivity Problems.