I've deployed some Package Servers on remote sites to boost my Altiris 7.1 deployment.
This is some feedback from what I've found during the setup.
1. Notification Server (NS) versus Package Server (PS)
When I've browsed documentation and Connect, I've found a couple of opposite feedbacks about NS vs PS: what is the best and how it works. This is my conclusion:
By default (no PS), NS will act as a PS.
If you've got a PS, then the NS will simply be "invisible". No agent will default to NS if your PS is not reachable. So never rely on NS when you have deployed a PS.
2. Check your site and IP subnet setup
Create your sites and subnets association, if you've done import/discovery you should be able to retrieve most of the information. Just check that everything is fine before pushing your first PS.
For instance, one of my subnets (VPN subnet used by nomads) was wrongly associated to my main site. It was a huge mess when clients were connecting to this VPN client for retrieving there packages. This is when I've discovered that NS was no longer used by clients (even when PS was down).
3. Packages
If you're using Deployment Solution, you should check which images you want to duplicate to your PS. In documentation, it was specified that images are by default stored in \\%COMPUTERNAME%\deployment\ . Not all images are there, some can be stored without Destination Location. If you do nothing they will be broadcast to your PS.
BTW, to remove annoying warnings, you can select manual package server association to packages with static \\%COMPUTERNAME%\deployment\ location. If not they will be listed in Invalid Packages.
Packages are in :
- Disk Images
- Drivers
- Scripted Install Files
- Sysprep Configuration Files
If you later update your Altiris version, or if you add Dell plugin, you will need to re-check Drivers and Sysprep packages. Installer will restore default settings.
For software packages, I use the auto staging option, or all Packages Servers for tools like 7-zip or acrobat.
4. First Package Server setup
To secure the setup, I've create a new server for the main site. Then I've pushed the PS package and associate it to the main site.
To have IIS support, don't forget to follow the IIS 7 how-to
I also activate 32bits support in advanced settings of Default Application Pool in IIS
5. Boost Package Server Updates
In order to refresh PS packages updates, I've found a useful task. Key in in the search field package server and start the search
Select in Job and Task : "View all", then just right click and select open on :
- Update Configuration On Package Servers
or
- Update Package Servers Configuration
and do a quick run on your new package server
Latest task is schedule to be run nightly every day.
6. Firewall issues
My new PS is manually associated to all the sites and subnets. You must open some ports to let clients connect to your server, this is the list I'm using :
- http and https
- tcp 50124 (for future use as a task server)
- tcp & udp 445 (Microsoft UNC support)
- tcp 135 (Microsoft UNC support)
- ICMP
ICMP is very important, if you catch ping requests, your client will think that the network speed to reach PS is not enough : your PS will be black listed (2.5 to 6 hours by default). This seems to only impact http downloads (not UNC).
7. Remote PS
You're ready to push remote site servers. Just associate clients to sites. Use point 5. to boost the package downloads.
8. PS selection
Agents will see both main PS server (manually associated to all the sites) and there local PS. They will do a speed test before starting downloads, so local server should win the selection.
If you remove the first PS, I don't think your clients will be able to default to your NS in case of issue with the local PS.
I hope it will help you to not waste too much time for your deployments. I'm using PS now for each sites including nomad sites (no local servers and connection with VPN) instead of DFS or branch cache.