Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Building a Better ISO – Making the Most of vPRO and IDE Redirection

Created: 20 Jan 2009 • Updated: 20 Jan 2009 | 2 comments
Language Translations
Screenbert's picture
+1 1 Vote
Login to vote

There has been a lot of information released regarding the synergies of Intel's VPro technology that used AMT and Symantec's Altiris Out of Band Management that utilizes those technologies for things such as reboots, power-on and IDE redirection allowing for booting to a remote ISO image.

However IDE redirection has been slow to pick up any real usefulness because of the current limitations when using the out of box options. Those limitations include booting to a WINPE ISO image that is bloated, usually in the 250mb range. That works well for LAN connections but once you start trying to load an ISO image that big over the WAN you'll find that the timeout for the IDE redirection may kick in before you even get the image loaded. Further some ISOs don't load into memory requiring that the source files which are provided through the IDE redirection are available. When the timeout kicks-in you lose your OS that you have booted to.

Real-World Scenario #1

A user's hard drive crashes and needs to be replaced. In order to do this you have to send a technician on-site to replace the hard drive or have the computer sent to a repair location. Either way this takes the computer out of commission inconveniencing the user and wasting time. However with a bootable ISO that connects directly to a terminal server you could allow the user to continue working on the computer while you sent a technician on-site or sent a pre-imaged hard drive on site and walked the user through swapping it out. While waiting for the technician or the hard drive to arrive the user can access standard applications through the terminal server.

Real-World Scenario #2

This scenario is similar to scenario 1 in that a user's hard drive is no longer bootable. However there may still be accessible data that can be copied to a server and then the hard drive can be reimaged. Once again in order to do this you have to send a technician on-site to replace the hard drive or have the computer sent to a repair location. This still takes the computer out of commission inconveniencing the user and wasting time. However with a bootable ISO that allows for NTFS access and network access you can copy the user's data to a local server and then re-image the computer. Once the computer had been reimaged you can copy the user's data back to the computer.

In both of these scenarios the ISO would have to be small enough that it could be copied over the WAN using the IDE-redirection and be able to load in memory so that if the time-out hits, you can continue using the ISO with no issues.
The first scenario can be addressed by creating a Linux ISO, complete with network drivers and terminal server client. The technologies used for these are all available on the internet and include the VMware player, Ubuntu Linux (available from VMware as a preloaded appliance) thinstation distribution, Intel NIC drivers and of course the Out of Band software from Symantec.

1) Download and Install the VMware player

To begin with we will be to create a build environment for the ISO. We can begin this by downloading the VMware Player from VMware's web-site. You could use an actual machine or another VM technology but we are using VMware because they already have a pre-built Ubuntu appliance that will save a lot of configuration. The VMware Player can be downloaded here for free under the Desktop downloads section. Use the latest version available.

Once you have it downloaded run the installation for the player.

Accept the defaults for the installation. It should take about 2-3 minutes to install and will probably require a reboot to complete the installation.

2) Download and open Ubuntu pre-built appliance from VMware.

Next we need to download the Ubuntu virtual machine that VMware offers pre-built. This will save time over creating your own Linux build. The VMware appliances are available here. There is also a link to this page when you first open the VMware player. We will use the Ubuntu 8.04 desktop with VMware Tools for this document, available here. The link will require you to download the VM using bit torrent. It is a free appliance so I guess I can't complain too much.

Once you have the Ubuntu appliance downloaded and extracted, open the VMplayer and choose open Virtual machine.

This will open the Ubuntu Virtual Machine. You may need to increase the amount of memory available to the VM so that the rather large file that we will open next will open in a timely manner. This option is available from the VMware Player menu bar under troubleshoot - > Change Memory Allocation. 1024MB works great.

3) Download and extract the Thinstation Distribution Build and Source

This is the software that builds the bootable ISO and allows for access to your terminal server. Access the thinstation.org site for downloads and advanced information.

When you access the site, choose the downloads link half-way down the page. This redirects your current frame to the sourceforge downloads for thinstation. We will need to download the "thinstation" package and the "thinstation developer" package.

First click the "thinstation" package. We are going to download the thinstation 2.2 package. The filename is "Thinstation-2.2.2.tar.gz". Once you have that downloaded, go back to the main download page and click the "thinstation developer" package. We want 2 files. "Thinstation src-2.2.1.tar.bz2" and "thinstation src-2.2.2 delta.tar.bz2" files are the ones we need.

Copy the files to the Ubuntu Virtual Machine. You can copy them to an ISO or a USB key and access the key from the Virtual Machine or you can create a folder and share the folder to your windows machine. Whatever is easiest for you. Once you have the files copied locally on the Ubuntu machine you will need to extract the files. Right click on the "Thinstation src-2.2.1.tar.bz2" file and click open with Archive Manager. From there just click the extract button on the menu bar. Create a folder in the dialog box that appears and click the extract button. I'd recommend creating the folder home/user/compile/thinstation_src-2.2.2 location, but it's up to you. It will take some time to extract this large set of files.

Next you will need to extract the "thinstation src-2.2.2 delta.tar.bz2" files over the files that you just extracted. This will update the thinstation source to 2.2.2.

We now need to extract the thinstation build files. Follow the same steps to extract the files as you did for the source files. I'd recommend creating the folder home/user/build/thinstation-2.2.2 as the location for these files.

4) Set the Source path for the Build Files

Now that we've chosen an appropriate location to copy the build files to, we need to set the correct source path. The default source path is "/home/shared/thinstation/source/thinstation_src-2.2/source". Open the" home/user/build/thinstation-2.2.2/utils/SOURCE_PATH" text file and modify the path in the file so that it points to the folder you created in step 3. In this case it will be "/home/user/compile/thinstation_2.2.2/source". Be sure to save the file after you make the changes. Notice the inside the BUILD we point toward the COMPILE source files. The KERNEL_PATH file should have "kernel-2.6.16.5/linux-2.6.16.5" as its entry.

5) Add NIC Driver

One of the most common drivers for NIC cards is the Intel e1000e driver. It covers a huge range of Intel cards common on many computers. You can use these basic steps to add in a driver for another NIC or another Device that will be required for your ISO.

We need to download the driver from the Intel Kernel Drivers project(http://sourceforge.net/projects/e1000/index.php). Click the download link from that tab and then download the e1000e stable driver version 0.5.82. (Or the newer version). We now need to extract it into the compile environment. Open the downloaded file the Archive manager by double-clicking it and extract to the "/home/user/compile/thinstation_src-2.2.2/source" folder.

Next Click the Applications menu, then Accessories, then Terminal.

We will enter the chrooted compile environment by running these commands:

cd /home/user/compile/thinstation_src-2.2.2
sudo ./RUNME

Next we will setup the environment parameters by running these commands:

cd source/e1000e-0.5.8.2 
export THINSTATION_PATH=`cat /THINSTATION_PATH`
. /source/SET_ENV
export BUILD_KERNEL=2.6.16.5
cd src
make install

After running the export and SET_ENV command about you will see errors. This is normal and is because the live build that we are running is a different kernel from the thinstation build we are creating. This will not cause any issues. You can verify that everything is working as expected by seeing if the driver was actually built. It will be located in the home/user/compile/thinstation_src-2.2.2/lib/modules/2.6.16.5/kernel/drivers/net/e1000e folder.

You can now exit the chrooted environment by typing "exit".

Once we've created our new driver we need to go to our build environment to update our kernel and copy over the driver. We do this by running the following commands:

cd /home/user/build/Thinstation-2.2.2/utils/scripts
./update_kernel.sh

We can verify that the module was installed by looking in the build environment in the following folder:
Home/user/build/

Thinstation-2.2.2/kernel/modules-2.6.16.5/kernel/drivers/net/e1000e/e1000e.ko. We'll be sure to include the new driver in the build.conf file that we'll modify in our next step.

6) Modify Build file to specify what services and drivers are loaded in the finished ISO product

Next we need to modify the build.conf file.

This is Thinstation's basic setup file. It allows you to decide which hardware, programs and features are included in the thinstation boot image ISO that will be our final product. Anything in this file with a # sign is a comment. When removing items I would recommend commenting them out with the # sign instead of actually deleting the line. We'll include our new NIC driver found in step 5 and also remove some unneeded items to reduce the final size of the ISO image.

First we define which modules to include. Modules are hardware drivers. Not only does reducing modules reduce the size of the ISO image but it will also speeds up boot time.

The critical modules for most systems are as follows:

module intel-agp # Used for Video depending on your chipset
module e1000e # This is the driver that we compiled above for the NIC
module usb-hid # This is used for USB keyboards and mice (or is it mouses?)
module floppy # Used for floppy disk support
module ide-cd # Used for CD-Rom support
module isofs # Used for ISO9960 file system support for CD-Roms
module vfat # Used for FAT and VFat file system support
module ntfs # NTFS file system support
module ext2 # Ext2 file system support
module ext3 # Ext3 file system support
module supermount # Support for auto unmounting of removable media
module nfs # NFS file system support
module cifs # CIFS support

Next we need to select what packages to include in our boot image. A package is a program or utility. These include things like remote control of the bootable ISO using VNC viewer, remote desktop and other system type functions. Here are some popular ones to include:

package hwclock # Syncs the OS clock to the HW clock
package xorg6vnc # VNC - You can connect using http://IPADDRESS:5800
package xorg6-i810 # Intel 8xx integrated graphics chipsets
packages xorg6-vesa # generic VESA driver
package keymaps-en_us #English keyboard layout
package rdesktop # this allows the image to have remote desktop
package icewm # Windows manager
package xtdesk # adds icons to the desktop
package www # web access to client http://IPADDRESS:6800

We also will need to set some parameters for password, resolution and other configuration settings. Be sure to customize your password instead of leaving the default "password" list below:

param rootpasswd password # root password
param xorgvncpasswd password # VNC Access password
param storagepasswd password # password for storage server
param dialuppasswd password # password for dial-in account
param sambapasswd password # password for samba shares
param bootlogo true # Background picture during boot
param bootresolution 1024x768 # Resolution used during Thinstation boot
param defaultconfig thinstation.conf.buildtime # default config file
param basename thinstation # Used for all config file names
param basepath . # Used to determine path to TFTP files
param baseurl http://thinstation.sourceforge.net # URL for wget
param localpkgs false # determines of pkg files are loaded locally
param fullocales false # Use full locale support for packages
param icaencryption false # Use ICA encryption
param haltonerror false # Halt on error
param bootverbosity 3 # boot and network messages
param javaurl file://home/installs/jre-1_5_0_06-linux-i586.bin #java URL
paramhttpproxy http://proxy.domain.com:80 # Enter your proxy address

Our build.conf file is now complete. You'll see other options in the file to customize as it fits your hardware. If you need to include drivers not listed you will need to follows the same steps that we did for the NIC driver and include it in the build.conf file.

We'll also need to configure the thinstation.conf.buildtime file and configure the terminal server settings and some other configuration settings. Most of these are pretty standard, but note the screen resolution, and the SESSION 1 options for the Remote Desktop server.

  • AUDIO_LEVEL=67
  • KEYBOARD_MAP=en_us
  • TIME_ZONE="UTC"
  • SYSLOG_SERVER=local
  • USB_ENABLED=On
  • USB_STORAGE_SYNC=On
  • USB_MOUNT_OPTIONS="utf8,shortname=win95"
  • DAILY_REBOOT=On
  • AUTOPLAYCD=On
  • CUSTOM_CONFIG=Off
  • RECONNECT_PROMPT=On
  • SCREEN=0
  • WORKSPACE=1
  • AUTOSTART=On
  • ICONMODE=Auto
  • SESSION_0_TITLE="IceWM"
  • SESSION_0_TYPE=icewm
  • SCREEN_RESOLUTION="1024x768"
  • SCREEN_HORIZSYNC="30-80"
  • SCREEN_VERTREFRESH="56-76"
  • SCREEN_COLOR_DEPTH="16"
  • SCREEN_BLANK_TIME=10
  • SCREEN_STANDBY_TIME=30
  • SCREEN_SUSPEND_TIME=60
  • SCREEN_OFF_TIME=120
  • MOUSE_RESOLUTION=100
  • X_COOKIE=36d71ab65c10ef065702c111a3d31593
  • SESSION_1_TITLE="Terminal Server Farm"
  • SESSION_1_TYPE=rdesktop
  • SESSION_1_SCREEN=0
  • SESSION_1_RDESKTOP_SERVER=server.domain.com
  • SESSION_1_RDESKTOP_OPTIONS="-u '' -a 16"
  • SESSION_1_ICON=On
  • SESSION_1_WORKSPACE=1
  • SESSION_1_AUTOSTART=ON
  • ICA_USE_SERVER_KEYBOARD=Off
  • ICA_BROWSER_PROTOCOL=HTTPonTCP
  • ICA_SERVER=
  • ICA_ENCRYPTION=Basic
  • ICA_COMPRESS=On
  • ICA_AUDIO=On
  • ICA_SMARTCARD=Off
  • ICA_AUDIO_QUALITY=Low
  • ICA_PRINTER=Off
  • ICA_SEAMLESS_WINDOW=Off
  • STORAGE_CONFIG1=/mnt/disc/hda/part1
  • STORAGE_CONFIG2=/mnt/disc/hda/part2
  • STORAGE_CONFIG3=/mnt/cdrom
  • STORAGE_CONFIG4=/mnt/usbdevice/sda1
  • STORAGE_CONFIG5=/mnt/floppy
  • NET_FILE_ENABLED=Off
  • NET_USE_DHCP=ON
  • NET_DNS_SEARCH=domain.com
  • NET_HOSTNAME=kiosk_*
  • NET_REMOTE_ACCESS_FROM=".domain.com"

7) Build the ISO

Our next step is to build the ISO. We just need to run the build command. If your terminal session is still open you can execute:

sudo /.build

If you closed you'll need to change folders to the "home/user/build/ thinstation-2.2.2" folder.

The resulting ISO that is built is located in the "home/user/build/ thinstation-2.2.2/boot-images/iso" folder. It's called thinstation.iso. The resulting ISO is about 8MB in size.

8) Using the ISO

Finally we just need to copy the ISO to a network share somewhere on your network. Open the Altiris Resource Viewer to an AMT enabled computer and click on the Real-Time tab. Select the reboot radio button and check the perform Boot from "CD Image" box. Then enter the path to the network location that you copied the ISO to. Click the Run Task Now button. Your selected computer will now reboot to the ISO image. It will boot up and connect directly to your terminal server that you specified earlier.

This is just one use-case scenario for your ISO and I am sure you can think of many more. There are options in the conf files to load NTFS drivers, change background screens and make other customizations. By using those you can make the experience more user friendly to your user and you could also boot up, remote control using the VNC session and then copy the users local files (if they are still accessible) over to a network share. Then you can copy them back when you are done. You can even add in web browser to the ISO but it would almost double the size. Regardless this should save considerable time and effort and bring real value to the VPro AMT technology.

Comments 2 CommentsJump to latest comment

Terry Cutler's picture

In briefing through your article, a lot of great information and insights.

Regarding your early comment on IDER across a WAN - take a look at http://www.symantec.com/community/article/9001/why... - specifically, the reference to the Remote System Repair - http://www.intel.com/technology/itj/2008/v12i4/9-p...

Some tuning\optimization within the firmware is occuring. Actual release dates and versions not yet ready. A number of realizations, additional insights, and forward looking thoughts on solutions are occuring... Plus, good to see others chime in on how to make use of the features\capabilities.

The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries

0
Login to vote
Terry Cutler's picture

A number of recent articles have been posted to highlight optimizations for the use of boot redirection with Intel vPro Technology.  

A common theme among these optimizations and demonstrations - most utilize Intel vPro Technology Use Case Reference Designs  (See http://communities.intel.com/docs/DOC-4080)  Look under the HelpDesk section.    Internally, we commonly refer to these as UCRDs.   More are coming for boot redirection - including the ability to boot from an ISO hosted on a website (i.e. instead of a UNC path, you can define a URL).    In general - the UCRDs are software based optimizations or concepts that will work across all generations of Intel vPro Technology.

The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries

+2
Login to vote