28.3 Preboot Services Functionality

Review the following sections to understand Preboot Services functionality:

28.3.1 Preboot Bundles

In ZENworks Linux Management, Preboot Services uses bundles to apply Preboot Services work to devices. For example, Preboot bundles can contain tasks, such as restoring an image, that are performed at the time a device boots.

In order for a device to utilize a Preboot bundle, the bundle must be assigned to the device, its group, or its folder.

The available Preboot bundles are:

AutoYaST Bundle

Provides the location and access protocol for installing using AutoYaST, including the network installation directory for SUSE® Linux. This bundle allows you to launch an automated installation of SUSE Linux using Preboot Services.

Dell Configuration Bundle

Provides the location of files and scripts for configuring Dell servers. This bundle allows you to use Preboot Services to configure the server’s BIOS, BMC, RAID, and DRAC settings and to create a Dell utility partition.

Kickstart Bundle

Provides the location and access protocol for installing using kickstart. This bundle allows you to launch an automated installation of Red Hat Linux using Preboot Services.

ZENworks Image Bundle

Lists one or more ZENworks images that can be restored on a computer. This bundle allows you to quickly define simple image restoration operations.


You can restore an image all of a device’s hard disks, specific add-on images, and file sets.

Boot Manager Limitation

If the device you want to image has an unsupported boot manager running, such as System Commander, you must disable or remove it before attempting to image those devices. This is because boot managers create their own information in the MBR and overwrite the ZENworks boot system, preventing ZENworks imaging from being performed.

Base Images

A base image contains descriptions of all partitions and files on a hard drive. When it is restored, all existing partitions are deleted, new partitions are created from the descriptions in the base image, and all files are restored from the image.

Base images are created by taking an image of a device. You can use an option in the ZENworks Control Center or you can use imaging commands at a bash prompt to create a base image.

Add-On Images

These images are a collection of files added non-destructively to existing partitions. The existing partitions and files are left intact, except for any files that the add-on image might update.

Add-on images allow you to customize a device after a base image is restored. This allows you to use a base image for multiple purposes.

You can create add-on images using the Image Explorer utility.

ZENworks Multicast Bundle

Specifies an image that can be sent using the multicast protocol. This bundle allows you to send an existing image to a large number of devices in a single operation. It is ideal for labs, classrooms, and staging areas.

For more information, see Section 28.5.6, Multicasting Device Images.


You can image multiple devices with the least amount of overhead. Devices to be imaged can have a variety of operating systems installed on them, or even no operating system installed.

Using the multicast capabilities of your network, you minimize network traffic by sending the image file across the network once for all devices to be imaged, rather than individually per device.


Using the same image on multiple devices means they all have the same network identities. However, you can install the ZENworks Linux Management Imaging Agent (novell-zislnx) on these devices prior to performing the multicast, because this agent saves each device’s network identity settings and restores them after the multicast image is applied.

ZENworks Script Bundle

Allows you to write a custom Linux bash script that is executed on PXE-enabled Linux devices. This provides detailed control over ZENworks imaging operations, as well as most Linux-based preboot tasks.

28.3.2 Preboot Services Menu

Where PXE is enabled on a device, the Preboot Services Menu can be displayed during the boot process. The following menu choices are displayed on the Preboot Services Menu:

  • Start ZENworks Imaging: Executes the effective Preboot Services imaging bundle.

  • Start ZENworks Imaging maintenance: Displays the bash prompt, where you can execute imaging commands.

  • Disable ZENworks partition: Prevents an existing ZENworks partition from being used during booting to execute the assigned Preboot bundles.

  • Enable ZENworks partition: Allows an existing ZENworks partition to be used during booting to execute the effective Preboot bundle.

  • Start DELL DTK: Starts the Dell OpenManage Deployment Toolkit (DTK) v2.1 in the automated mode where assigned work is automatically performed.

  • Start DELL DTK (Maintenance Mode): Starts the DTK in the maintenance mode, where you can use the DTK bash prompt to manually configure the scripts and files used by the Dell Configuration bundle.

  • Exit: Resumes normal booting of the device.

You can use the ZENworks Control Center to configure whether this menu should be displayed on a PXE-enabled device by selecting one of the following options:

  • Always Show Preboot Menu

  • Never Show Preboot Menu

  • Show Preboot Menu if CTRL+ALT is Pressed

IMPORTANT:Do not select Always Show Preboot Menu if you have AutoYaST or kickstart bundles assigned to any devices, because the Preboot Services Menu interrupts the PXE boot process, keeping the AutoYaST or kickstart bundles from being deployed on the device. The Preboot Services Menu only has options for doing imaging work, not for installing operating systems.

Therefore, select either Never Show Preboot Menu or Show Preboot Menu if CTRL+ALT is Pressed for your Preboot Services Menu option, which allows PXE-enabled Linux devices to automatically implement the AutoYaST or kickstart bundles.

For the procedures in configuring whether to display the menu, see Section 29.4.1, Configuring Preboot Services Menu Options.

28.3.3 Image Storage Security

You can determine the degree of security you want by restricting where to save image files on your imaging server. The following options in the ZENworks Control Center provide this storage security:

  • Allow Preboot Services to overwrite existing files when uploading: Select this option only if you want existing image files to be overwritten during imaging.

  • Only allow uploads to the following directories: This option allows you to determine where images can be restored on the imaging server. You specify a full path to the directory in the Add field, then click Add to enter it into the list box. These are the directories where images are allowed to be saved on the imaging server. These are the locations that can be selected when configuring where to store image files.

For the procedures in configuring imaging storage, see Section 29.4.2, Configuring Image Storage Security.

28.3.4 Non-registered Device Settings

Devices that are new to the ZENworks Management Zone and have received their first image need certain IP configuration information to successfully access the network and network services. You can use Preboot Services to automatically name your non-registered devices using such criteria as prefixes, BIOS information (like asset tags or serial numbers), DNS suffixes, and you can set up DHCP or IP addresses.

For example, the device needs a unique IP address and the address of at least one DNS name server. In many networks, this information is distributed through the DHCP services, but it can also be configured through the default Preboot Services configuration settings in the ZENworks Control Center.

After a device has registered with ZENworks, its configuration is set and the non-registered device settings in the ZENworks Management Zone no longer apply to it, because the ZENworks Linux Management server now knows its identity. After the device is imaged, it can become a member of the zone or continue to be a non-registered device, depending on whether the image applied to the device contains the ZENworks Linux Management Imaging Agent (novell-zislnx).

The settings that can be adjusted for a ZENworks Management Zone are:

  • NDS suffix: Provides a suffix for all of your devices’ names. For example, provo.novell.com.

  • Name servers: Controls which DNS servers a device uses. You can specify multiple DNS name servers.

  • Device name: Configured device names can include a prefix, the BIOS asset tag, the BIOS serial number, or none of these.

  • IP configuration: For the IP configuration, you can specify to use DHCP or a specific IP address. If you select to use IP addresses, you can provide a list using a range or by specifying specific IP addresses. As devices are registered, they assume one of the available addresses. For IP addresses, you can also specify a subnet mask and a default gateway.

For the procedures in configuring defaults for non-registered devices, see Section 29.4.3, Configuring Non-registered Device Settings.

28.3.5 Preboot Work Assignment Rules

You can set up hardware-based rules for your Preboot bundles. Work assignment rules are used to apply bundles to devices with specific hardware, or to match a broad set of hardware requirements.

For example, you can create a rule that applies a bundle to any device with a specific MAC address or BIOS serial number. Rules like this can only match to a single device. On the other hand, you can create a rule that applies to any device with at least 512 MB of RAM and 150 GB of hard drive space.

A work rule is comprised of filters that are used to determine whether a device complies with the rule. The rules use logic to determine whether a device meets the requirements for applying the Preboot bundle. The AND and OR logical operators are used for creating complex filters for the rule.

When a device is seeking work to be done, it scans the rules until it finds a rule where all of the rule’s filters match the device, then executes the bundle assigned to the rule.

Filter information that you can provide:

  • Device component: Any of the following:

    • BIOS Asset Tag
    • BIOS Serial Number
    • BIOS Version
    • CPU Chipset
    • Hard Drive Controller
    • Hard Drive Size (in MB)
    • Hardware Type
    • IP Address
    • MAC Address
    • Model
    • Network Adapter
    • RAM (in MB)
    • Sound Card
    • System Manufacturer
    • Video Adapter
  • Relationship: This defines the relationship for a filter between the Device component field and the value you specify for it.

    Possibilities for the Hard drive size and RAM fields:

    • < (less than)
    • > (greater than)
    • = (equal to)
    • >= (greater than or equal to)
    • <= (less than or equal to)
    • <> (not equal to)

    Possibilities for all other device components:

    • Contains
    • Equal To
    • Starts With
  • Component value: This corresponds to the match you want for the component. For example, you select RAM (in MB) for the filter and enter 512 for its value. Then, the relationship you select determines whether it’s less than, less than or equal to, equal to, not equal to, greater than or equal to, or just greater than 512 MB.

You can have multiple filters and sets of filters in a single rule, using the AND and OR operators, and you can have multiple rules associated with the same Preboot bundle. This allows you to specify exactly to which devices a particular Preboot bundle can be applied.

For the procedures in configuring work assignment rules, see Section 29.4.4, Configuring Preboot Work Assignments.

28.3.6 Preboot Referral Lists

When a PXE device boots, it makes a broadcast request on the network for PXE services. The ZENworks Proxy DHCP server (novell-proxydhcp) responds to this request with information that includes the IP address of an imaging server where the device can send requests for assigned preboot work.

It is essential that the PXE device contact PXE services associated with its home zone so that it can correctly determine if there is any preboot work assigned to it. When there is only a single ZENworks Management Zone, this is fairly easy to do because all Proxy DHCP servers provide addresses to services that belong to the same zone. Any device can request preboot work from any imaging server in the same zone and get the same response. However, when multiple ZENworks management zones exist in the same network, things become more difficult, particularly when each zone has its own set of PXE services.

The PXE device’s initial request for PXE services is sent as a broadcast to the network, and all Proxy DHCP servers respond with information pertaining to their respective zones. Because it is impossible to determine which Proxy DHCP server responds first, if multiple Proxy DHCP servers respond, or which response is used by the device, it is impossible to ensure that each PXE device will contact servers in its home zone.

A Preboot Referral List allows you to ensure that all devices contact their home zone for preboot work assignments. The list should contain the IP address of an imaging server in each known ZENworks management zone. When a device requests preboot work from a server, the server first determines if the device belongs to the same zone as the server. If it does not, the server refers the request to each server in its referral list until it finds the device’s home zone. The device is then instructed to send all future requests to the correct daemon.

After you have specified all of the necessary servers in the referral list, you must place certain files in the \tftp directories of each server in the list. Which files are copied and modified depends on the version of ZENworks running on that server.

Note that the Preboot Referral Lists are only used by PXE devices, and only one ZENworks Management Zone needs to have an active Proxy DHCP server and Preboot Referral List.

For the procedures in configuring referral lists, see Section 29.4.5, Configuring the Server Referral List.

28.3.7 Intel Active Management Technology (AMT)

Review the following to understand how the Intel AMT functionality is used by ZENworks Linux Management:

For more information on Intel AMT, see the Intel Web site.

Using AMT in ZENworks Linux Management

The Intel AMT functionality allows you to accurately identify devices, even if they have had physical drive replacements. This provides ZENworks Preboot Services with persistent device identification by providing ZENworks with nonvolatile memory for storing the unique device identity.

With AMT and Preboot Services, if a device has a new, unformatted hard drive, ZENworks Linux Management can instantly and accurately identify the device and apply the appropriate Preboot bundle. If a device’s hard drive is inactive or its drive is replaced, ZENworks can automatically identify the device in a preboot environment and provide the appropriate ZENworks Linux Management-created image during a system rebuild.

AMT with ZENworks also provides easier hardware upgrading capability. For example, to upgrade applications, some of your device hardware might not meet the minimum requirements. With AMT and Preboot Services, as soon as the hard drives are replaced and before any agents or operating systems are installed, you can continue to assign Preboot bundles using the device’s ZENworks identity without having to re-register the device.

If you are using Intel AMT, support for it should be enabled in the novell-zmgprebootpolicy.conf file.

Understanding AMT Provisioning

For security purposes, AMT devices generally ship with all AMT features disabled. In this configuration, AMT devices act like normal computers, but none of the AMT features are available. To enable the AMT features, each device must go through a process that Intel refers to as “provisioning,” which sets up the device’s AMT resources for access.

The Provisioning Modes

An AMT device may be provisioned into one of two modes: enterprise or small business. Both modes offer the same off-line and remote management capabilities, but in enterprise mode AMT devices use local Certificate Authority credentials to grant remote access, and may require HTTPS protocol for communication rather than just HTTP. In small business mode, remote access is granted through standard HTTP authentication services.

While ZENworks Linux Management works equally well with devices provisioned in either enterprise or small business mode, only the small business mode is required. Therefore, ZENworks Linux Management does not provide a mechanism to provision AMT devices in enterprise mode.

If you use another AMT-enabled application that does require provisioning in enterprise mode, you should use the provisioning utilities of that application. Make sure you provision each AMT device with at least one “enterprise name.”

The Provisioning Process

The provisioning process for AMT devices allows you to specify many AMT-related configuration settings. Examples include users, passwords, enterprise names, and allocation of NVRAM space to specific AMT-enabled applications.

To use the AMT features in ZENworks Linux Management, all that is necessary is each AMT device be provisioned with at least one valid enterprise name, which is used to access the NVRAM where Linux Management stores the ZENworks identity information.

Intel suggests that the enterprise name be chosen to indicate the device’s general location. For example, all the devices in the home office may be given an enterprise name of “Company_HQ,” and all devices in field offices may be given enterprise names reflecting their geographical locations.

While it is not required, it is assumed that large numbers of devices will have the same Enterprise name. Each AMT device itself may have up to four different enterprise names.

ZENworks Linux Management provides a utility (smb-provisioning.exe) to help provision AMT-devices in small business mode with enterprise names. This utility can be found in the /opt/novell/zenworks/zdm/winutils directory on your imaging server. It requires .NET framework.

For the procedures in providing Intel AMT enterprise names to ZENworks Linux Management, see Section 29.4.6, Configuring Intel Active Management Technology (AMT).

Accessing AMT Resources

For more information, see Downloading and Installing the iAMT Redirection Drivers.