Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How Pre-defined Computers Work in Deployment Solution 6.x and 7.1

Created: 09 Jun 2010 • Updated: 15 Jun 2010 | 10 comments
Language Translations
Eric Szewczyk's picture
+7 7 Votes
Login to vote

This document is designed to provide insight into the changed processes surrounding how computers are pre-defined, imported, and used with Deployment Solution (DS) 6.x and 7.1 with focus on the DS for Dell add-on. This document is intended for audiences that are somewhat familiar with Deployment Solution. This document is not meant to provide a deep dive on how Deployment Solution works. For more information and to download a trial version of DS, please refer to the following website: http://www.symantec.com/business/deployment-solution


DS 6.x
With DS 6.x, you are provided with a sample Excel spreadsheet named IMPORTCOMPUTERS55.XLS. The purpose of this spreadsheet is to pre-define many new computers slated for deployment with DS. Within the spreadsheet there are certain fields which allow an Administrator to pre-define primary lookup fields for the systems to be deployed such as the MAC Address, Serial Number (Dell service tag), and Asset Tag. Only 1 of 3 primary lookup fields is needed to associate the pre-defined configuration info with the actual system to be deployed. (See Figure 1). The primary lookup fields could be provided from the hardware vendor (for a fee) shortly after placing an order, manually collected from the side of the shipping box, or provided by the customer to the hardware vendor to be burned into each system during factory production such as asset tags, etc. For example, Dell’s Custom Factory Integration (CFI) department offers a per node, fee-based reporting service to customers which can provide detailed inventory of the systems to be received – shortly after the actual order is placed. For example, Dell Service Tags, MAC Addresses, Asset Tags, UUID, etc. For more information, please contact a Dell sales representative.

 
Figure 1: Portion of IMPORTCOMPUTERS55.XLS spreadsheet showing the primary lookup fields: MAC Address, Serial Number, and Asset Tag. Only 1 of 3 fields is mandatory in DS 6.x. 
 
Once a primary lookup field has been identified and entered into the spreadsheet, the next step is to provide the configuration info of a system such as the hostname, IP address info (up to 8 IP addresses), workgroup/domain names, etc. (See Figure 2). Each field of data represents a token (similar to an NT event variable) that can be plugged into individual tokenized tasks that make up for example, a bare metal to OS deployment job. (See Figures 3 and 4). When the job is executed, the tokens are replaced with actual fields of data from the database thereby allowing the DS job to be used as a 1:many application to all computer models instead of just one particular system. This eliminates the need to hard code static configuration info into the actual job thereby allowing greater flexibility and scalability.

 
Figure 2: Portion of spreadsheet showing NIC1 IP address fields. It’s possible to provide IP address info for up to (8) different NIC’s associated with a system. Could be used for in-band NIC’s or out-of-band NIC’s such as a DRAC on a Dell server.

 
 
Figure 3: Bare metal to OS job provided with the Deployment Solution for Dell Servers 3.2 add-on. Tokenization is built in to the job by default.

 
Figure 4: Capture of a system config from a Dell PowerEdge R610 Server. Instead of defining static IP address info in the config file and using as a 1:1 application, tokens are used for greater flexibility and scalability.
 
In addition to providing system config info, you could also provide other fields of data such as network credentials, Administrator contact and locale information, and even specify a pre-defined DS job to be executed when the systems are eventually connected to the network and thereby connected to the Deployment Server. (See Figure 5). After the spreadsheet has been filled out with all the pertinent data, it then needs to be exported to .CSV format. The file is then imported from within the DS console in which the pre-defined computers are now displayed. As long as there is a DS job scheduled against that computer, it will be deployed when it connects to DS and matches 1 of the 3 primary lookup fields.
 
 
Figure 5: Portion of spreadsheet showing network credentials, contact, locale, and scheduled DS jobs to be executed. Event start times set in the past are designed to run immediately after the system first connects to DS.

The ability to pre-define computers is very helpful for Administrators in particular that have Jr. Admins working for them. It allows them to pre-define the role and scope of a computer and import into the database before the systems ever arrive at the customer’s site. When the systems eventually arrive, a Jr. Admin could then un-box the systems, rack them, and boot them using PXE or using network boot media to get the systems on the network and connected to DS. When DS matches a primary lookup field (MAC, Service Tag, or Asset Tag) provided in the spreadsheet, it then executes the pre-defined DS job associated with that system. The other config info is then leveraged through the series of tasks that make up the comprehensive DS job and the system is deployed from bare metal, completely hands-free and through automation. This is very beneficial for Administrators because the Jr. Admins never have to touch the DS console, never have to enter the BIOS of each system, and more importantly; never have to manually deploy the system by shuffling CD’s/DVD’s and manually configuring the system. You essentially have a cookie cutter approach to systems deployment across the board while maintaining consistency in the computer builds.
 
DS 7.1
Now that you have an understanding of how computers are pre-defined in DS 6.x, let’s look into how they are imported in DS 7.1. The pre-defined computer import process has significantly changed due in fact to DS 7.1 being built on a web-based platform called the Symantec Management Platform (SMP) vs. a Windows 32-bit console. Here are some of the major differences:
 

  1. DS 7.1 still provides a sample file to assist with the importing of pre-defined computers. The file is named PRE-DEFINEDCOMPUTERS.CSV and is in comma delimited format instead of .XLS format. The file can still be imported into Excel for easier input if desired. (See Figure 6).

 
Figure 6: PRE-DEFINEDCOMPUTERS.CSV file provided with DS 7.1.
 

2. There are (4) mandatory fields of data instead of just 1 of 3 as compared to DS 6.x. The (4) mandatory fields are:

  1. Name
  2. MAC Address
  3. Serial Number
  4. UUID (Universally Unique Identifier) 
     

The UUID is a newly introduced field to Deployment Solution and consists of 32 hex digits. There was speculation as to Dell CFI being able to provide the UUID field of data as part of their reporting services, but we’ve been able to confirm it’s available. *It’s worth noting that the MAC Address entry in DS 7.1 now requires dashes after each set of (2) hex digits. With DS 6.x, dashes are not required and all (12) hex digits can be entered together.
 
        
Figure 7: MAC Address entry from DS 7.1 (on left). MAC Address entry from DS 6.x (on right).
 
 3. There are 28 ignored fields of data as compared to the IMPORTCOMPUTERS55.XLS file found in DS 6.x. The removed fields affect such functions as being able to automatically schedule a DS job against a computer, provide network credentials, contact info, locale info, Netware info, etc. The comprehensive list of discarded fields are as follows: 

  1. Computer Name
  2. Domain Flag
  3. Domain Controller Name
  4. Use Preferred Tree Flag
  5. Preferred Server
  6. Preferred Tree
  7. Netware User
  8. NDS Context
  9. Run Scripts Flag
  10. User
  11. Organization
  12. Key
  13. Password Never Expires Flag
  14. Cannot Change Password Flag
  15. Must Change Password Flag
  16. Username
  17. Full Name
  18. Groups
  19. Password
  20. Contact
  21. Department
  22. Email
  23. Mailstop
  24. Phone
  25. Site
  26. Computer Group
  27. Event
  28. Event Start Time

 
Everything else pertaining to the pre-defined import of computers, for the most part, has remained the same. For example, it’s still possible to leverage the fields of data imported from the spreadsheet as tokens in DS 7.1. The token names and the way they are invoked have changed slightly. For example, in DS 6.x, the “Computer Name” token was invoked as %COMPNAME% in such tasks as: Capture Personality, Copy File, Create Image, Prepare Image task, Scripted OS Install, and the Run Script tasks. In DS 7.1, the “Computer Name” token is invoked as a SQL query and looks like the following. (See Figure 8).

 
Figure 8: Screenshot of pre-defined tokens in DS 7.1. It’s worth noting that you are not limited by the pre-defined tokens listed here. You can create custom tokens from just about any field of data in the Altiris database or third party database.
 
Just like with the DS 6.x process, after the file/spreadsheet has been filled out with all the pertinent data, it then needs to be exported to .CSV format, if applicable. The file is then imported from within the DS console in which the pre-defined computers are now displayed. Since the ability to pre-define a DS job in the spreadsheet has been removed with DS 7.1, you now have to manually schedule a job or task against the pre-defined computers in order for it to be deployed.
 
Importing Pre-Defined Computers with the Deployment Solution for Dell Servers 7.1 Add-on
A feature of the DS for Dell 7.1 add-on is the ability to import computers based solely on the Dell service tag without requiring the (4) mandatory fields described earlier. You have the option of importing from an .xml formatted file or by manually entering the Dell service tag as a one-off. It does not however provide a means to pre-define the configuration of the server (hostname, IP info, etc.) provided with the DS core and described earlier in this document. The configuration of the server can still be performed with a combination of options such as dynamically configuring the NIC’s via DHCP, randomly generating hostnames during Windows scripted OS installations, hard coding static configuration info in individual tasks for 1:1 deployments, and even configuring post-OS via the Symantec Management Agent.
 
Using this feature is a bit of a trade-off from what the DS core offers with respect to being able to pre-define the configuration info of computers. Its sole purpose is to give an Administrator the choice to deploy against a list of authorized Dell Service Tags and to assign a pre-defined DS job against each Dell Service Tag imported.
 
In the screenshot below (see Figure 9), I’ve configured Dell Server Provisioning to perform a couple of functions:
 

  1. Dell service tag# BWHYSJ1 has been imported and configured to run a pre-defined DS job which will perform a bare metal to scripted Windows Server 2008 Enterprise deployment leveraging the built-in Lifecycle Controller as the driver repository.
  2. For newly discovered Dell servers with Integrated Dell Remote Access Controllers (iDRAC’s), I’ve configured the default behavior to deploy the Dell WinPE PXE image file and sit in that environment waiting for a job or task to be deployed to it. The way this works, without going too technically deep, is the DS for Dell 7.1 add-on provides a web provisioning service. When the iDRAC first boots to the network, it sends a hello packet in which the provisioning service answers, matches the provided credentials, and directs the system to execute the pre-defined DS job as depicted in Figure 9.

 
Figure 9: Screenshot of Dell Server Provisioning settings thereby giving an Administrator the option to import an .xml formatted file containing pre-defined Dell service tags, import them manually, and configure the behavior in which Dell systems are deployed.

Figure 10: Screenshot of the Jobs and Tasks page from the Symantec Management Console depicting the individual tasks that make up the custom built bare metal to Windows Server 2008 job leveraging the Lifecycle Controller as the driver repository.
 
The DS for Dell add-on provides an Administrator another choice when pre-defining Dell servers for deployment from bare metal without requiring the DS core mandatory fields. The trade-off however is not being able to pre-define the configuration of the computer. There are many other advantages to using the DS for Dell add-on which are out of scope for this document. If you deploy and manage Dell servers within your environment, it’s in your best interest to download and install this solution. It’s free of charge to existing Deployment Solution customers. For more information and to download the Deployment Solution for Dell Servers add-ons for either Deployment Solution 6.9 SP4 or Deployment Solution 7.1, visit the following websites: http://www.altiris.com/download/dell.aspx and http://dell.symantec.com/delldeploy-tech.
 
Summary
Hopefully this document has educated you on the choices available when pre-defining computers with respect to both versions of Deployment Solution and the DS for Dell add-on. It’s worth noting that any customer that purchases Deployment Solution 7.x is entitled to Deployment Solution 6.9.x licenses as well. This gives the end user even greater flexibility to decide which version is right for their environment.

Comments 10 CommentsJump to latest comment

Pascal KOTTE's picture

Thanks a lot, very nice article: Which one is your prefer? DS 6.9 or 7.1?
Because of a lot of people are currently still using & prefer today install the DS 6.9, instead the 7.1.

I think the reason is more a lack of technical knowledge around the SMP7.
But the most "stoper" is also the performance of the Web console.
Normally, we are happy to get a "web console" because of the use from "any where".
But don't try to use the SMP7 (alias NS7) web console from a remote WAN location, without using a RDP or Citrix session to run a local LAN Explorer, instead a WAN one (except those with GB internet WAN of course...).
All the same in LAN, it seems Symantec does not engage any plan "performance" or reviewers, of the workload of the console.
Just activate the SQL capture & analyzing when just open a console and see... you do nothing except open a console, but already made a massive SQL attack.

Coming back DS 6.9 vs DS 7.1: It would be a nice Idea to create a poll, which one are you using, DS 6.9 or 7.1? and Why? ;-)

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

+1
Login to vote
Eric Szewczyk's picture

Pascal,

First and foremost, thanks for the feedback on the article. I’m glad to hear the info provided was helpful to you. I have to be careful on how to answer your question as to which console I prefer. There are pros and cons to using each console in which a customer needs to validate which one is right for their environment, use case, etc. I can say however that DS 7.1 is the future of Deployment Solution going forward as the remaining days of using DS 6.9 are marked before it will eventually be laid to rest. Forums such as Symantec Connect where user’s can voice their feedback are invaluable to the Product Management teams. Its users such as yourself that help prioritize and drive the popularity and feature sets of the products. Your feedback is important to us and is duly noted that you are a DS 6.x fan. There have been many performance improvements to the SMP since its first inception. All I can say is please try to give the SMP/DS 7.1 a second chance going forward to see if it can be a fit for your environment someday. One major advantage to using the SMP is the consolidation of all available modular solutions into a single console thereby helping to simplify IT. Thanks again for reading and providing your feedback.

0
Login to vote
Marie-Kristin's picture

Hi,
here´s some more feedback on "the webconsole". I am a fan of DS and Altiris but not of the webconsole. You must work on improving the performance. Sorry to say but  I am not the only one out here that thinks so. It even stops people, BIG companies, from buying the product.

+1
Login to vote
Pascal KOTTE's picture

Hi Eric, In fact I am not a fan of DS 6.9. Because I would like a full & true CMDB with easy workflow to manage...
see: https://www-secure.symantec.com/connect/articles/why-altiris-important-symantec-partner-point-view
So I believe in DS 7.x,  but I would like Symantec build software more "easy to use", "perform", "great unique features", "max embedded automations"...
For the moment, it is a very good start and I love Altiris (altiris is my earning today)
See also in there: https://www-secure.symantec.com/connect/articles/why-new-version-7-altiris-client-management-suite-symantec-change-game-rules-software-deliv
But I need Symantec does more & better ;-)

So for readers, please, notice I do not say you should use DS 6.9 for managing computers. That is not the good choice: consider CMS7 a better one (as DS 6.9 is also part of CMS7 ;-). But for those needing a simple tool to remote manually configure/scripts multiple computers, integrating the latest OS, compatible SQL 2008, Windows 2008... : DS 6.9 is just a must ! vs DS 7.1 current release, not competitive choice.
If you plan to only use DS 7.1, no CMDB, no connect other solutions (patchs, soft manage, inventory, etc...): what are the benefits DS 7.1 can do, DS 6.9 can not ?

OK: the anser is: Workflows ! All the same basic using Taks/jobs into DS7.1. But most of the time business need simple linear workflows (with a few single conditions choices) for OSD; so 6.9 enough for that.
(that's my point of view)

~Pascal @ Kotte.net~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF

+1
Login to vote
jimmy.cartrette's picture

I would love to hear more about progress anyone makes with getting UUID information from Dell or HP (for clients). The current inability to use the pre-defined computers functionality is a big thumbs down for implementing DS 7.1, especially because in our environment we have to pre-stage the computer object in AD and know exactly what name it will be, beforehand.

0
Login to vote
Eric Szewczyk's picture

Based on the info I've received from Dell Custom Factory Integration (CFI), it's possible to receive the UUID of ordered systems before they arrive at the customer's location. I would assume this to be true for clients as well. If the info can be extracted from a system, Dell CFI is pretty good about reporting on it. If your environment is specific to pre-provisioning, can you pre-stage the computer object in AD based on something unique to the system like the serial number and then change the hostname post-OS as part of a configuration task or through automation?

0
Login to vote
buzz's picture

Has anyone had success getting UUID from HP?  We're having difficulty getting this from our reseller(s).  What additional cost for this service?

0
Login to vote
SMP-n00b's picture

 

Thank you for this excellent article! This has been very helpful. Much appreciated.

0
Login to vote
ianatkin's picture

Superb!

Ian Atkin, IT Services, Oxford University, UK

Connect Etiquette: "Mark as Solution" those posts which assist you most in resolving your problem, and give a thumbs up to useful articles and downloads

0
Login to vote