This Whitepaper specifically relates to Deployment Server 5.5 Service Pack 2. However, much of the fundamental information contained in this document may be relevant to versions from 5.5 onwards.

Contents

• Deployment Server Version
• Executive Summary
• Getting Started
• Section 1: Installing PXE Server on the same server as the DHCP and VLAN Server
  • 1.1 Installation Procedure
  • 1.2 Configuring and using a single PXE Server and BootWorks in a simple VLAN Environment
  • 1.3 Configuring ClassID 060 PXEClient
• Section 2: Installing Altiris Deployment Server in a VLAN Environment with Multiple PXE Servers
  • 2.1 Installation Procedure
  • 2.2 Installing Additional PXE Servers
  • 2.3 Configuring and using multiple PXE Servers and BootWorks in a complex VLAN environment
• Appendix 1 - Lmhosts File
• Appendix 2 - Config.sys File
• Appendix 3 - Configuring Ports, Multicast and IP Addresses for use by Deployment Server
• Appendix 4 - Remote Control
• Appendix 5 - File Stores
• Appendix 6 - Recommendations for the installation of Deployment Server and PXE Server in a VLAN
  • 6.1 Preamble and Disclaimer
  • 6.2 Recommended Environment

Deployment Server Version

This Whitepaper specifically relates to Deployment Server 5.5 Service Pack 2. However, much of the fundamental information contained in this document may be relevant to versions from 5.5 onwards. However it should be borne in mind that the Altiris philosophy is one of continued development and product enhancement, consequently features discussed in this document may not apply to earlier versions.

Altiris strongly recommends that you maintain your system to the latest product versions, all of which are readily available for download from our website at www.altiris.com for the Altiris Deployment Server or via the Notification Server Administrators Web Console Solution Centre tab for Altiris Deployment Solution. With Altiris Deployment Solution, keeping your entire suite of Altiris product up to date is radically simplified through the Notification Server Administrators Web Console when there is direct access to the Internet. Simply point the Solution Centre to http://www.solutionsam.com/solutions/6_0/ which will enable you to readily check for available updates and commence installation with a minimum of fuss and disruption.

Overview of the Preboot Execution Environment

New computers, regardless of whether they are servers, desktops or laptops generally have a need to have an operating system installed onto their Hard Disk Drive (there are some exceptions to this, of course, where the machine boots from the network) to enable them to function.

Educational, training and some other organisations may have a requirement to deploy a new operating system on a regular basis, sometimes twice daily.

IT, Server and Desktop Support Departments are often required to restore a crashed PC to a standard build.

Migration of an entire company's workstations, sometimes tens of thousands, to a new operating system can present itself as an awe-inspiring task.

All of us have come across some, if not all, of these situations at one stage or another. The process of installing a new operating system or rebuilding computers has until recently been a labour-intensive process requiring a hands on approach, with an engineer required to touch every machine. Migrations often required a large labour workforce, resulting in a prohibitively expensive exercise. As a consequence, many organisations have shied away from migrating to a new operating system to their enterprise due to the exceptionally high labour overhead involved.

The advent of the Preboot Execution Environment PXE) has provided Altiris with the mechanism to rationalise the cost of installing a new operating system down to an acceptable level. It has enabled the use of Rapid Deploy (a component part of the Altiris eXpress Server which is used to remotely deploy images) over the network by allowing a computer which has no working operating system to remotely boot from the network without any manual intervention at the machine by an engineer or user.

PXE coalesces three technologies that define a common and reliable set of pre-boot services within the boot firmware.

• A uniform Protocol for the client to request the allocation of a network address and subsequently request the download of a Network Bootstrap Program (NBP) from a network boot server.
• A set of API's available in the machine's pre-boot firmware environments that constitutes a consistent set of services that can be employed by a NBP or the BIOS.
• A standard method of initiating the pre-boot firmware to execute to PXE protocol on the client machine.

In short, by employing the abilities referred to above, a networked client machine should be able to enter a heterogeneous network, acquire a network address from the DHCP server and subsequently download a NBP to set itself up.

This sets the stage to provide customisation of the manner in which the network client machines go through a network-based boot procedure.

Executive Summary

There are a number of issues that need to be considered when installing Altiris Deployment Server and the Altiris PXE Server in a Virtual Local Area Network (VLAN) environment, along with a thorough understanding of the role of IP and how it defines a VLAN. A VLAN is a logical grouping of hosts on one or more LAN(s) that allows communication to occur between hosts as if they were on the same physical LAN. As VLANs make use of the different subnets to create the Virtual Local Area Network, the Altiris PXE Server needs to be installed and correctly configured to work properly in a VLAN environment.

It is necessary to understand the difference between a subnet and a subnet mask but to do this we must first understand what an IP address is and how it is made up.

A 32-bit address is used to identify a node on an IP internetwork. Each node on the IP internetwork must be assigned a unique IP address, which is made up of the network ID, plus a unique host ID. This address is typically represented with the decimal value of each octet separated by a period (for example, 192.168.7.27). In Windows, you can either configure the IP address statically or dynamically through DHCP.

A subnet is defined by Microsoft as:

A subdivision of an IP network. Each subnet has its own unique subnetted network ID. An example of this would be in the format:

Subnet a) 192.168.xxx.27

Subnet b) 192.168.xxy.27

The first three octets, separated by periods, make up the network ID. The forth octet provides the unique host ID.

Both ranges can and usually do work with the same subnet mask.

A subnet mask is defined by Microsoft as:

A 32-bit value that enables the recipient of IP packets to distinguish the network ID and host ID portions of the IP address. Typically, subnet masks use the format 255.xxx.xxx.xxx.

When the DHCP Service is running, the DHCP Server will by default provide a Global offering based on the static IP address associated with the NIC card bound to the machine on which the DHCP Server is running. This is configured using the IP address, Subnet Mask, DNS and other details entered via the DHCP Server's Network Properties utility. With a Global Offering, if an IP address is used for the DHCP Server of 192.168.0.1 then the entire range of 192.168.0.1 – 192.168.0.254 will be available for allocation to clients connected to that network. The default Subnet Mask 255.255.255.0 will be used unless this has been changed manually by the administrator. If you look at the DHCP MMC console all you will see is the DHCP icon.

Click to view.

Where multiple VLANs are used, DHCP Scopes need to be created using the DHCP MMC, which is accessed for example in Windows 2000 Server by going to Start>Settings>Control Panel>Administrator Tools>DHCP.

If multiple scopes are created using a single NIC on the DHCP Server but with each scope having a unique network ID (subnet), you can effectively create a number of virtual networks on a single LAN connection. This allows the network to be containerised, with individual groups of computers and servers denied access to the other virtual network containers - unless this has deliberately been provisioned for by the network administrator by configuring the appropriate options on the DHCP Server. The main advantage with this type of network configuration is cost as only one NIC is used, connected directly to the LAN via a single switch or hub. Obviously additional switches and /or hubs may be required if the number of clients and servers exceed the number of available ports but only one port is required for the DHCP Server to connect to the network. It is not usually recommended to use this technique to connect large numbers of machines to a single LAN and use the subnets to increase the number of available clients over and above a reasonable limit due to the amount of network traffic that would be created. In this type of environment the number of machines you can reasonably expect to connect to the network is principally dependent on the speed of the network itself. It should be remembered that other factors besides the switches and hubs can have a bearing on this including the quality of cabling, terminations, routers, modems etc. The innovation of high speed switches can greatly increase this limit while still allowing reasonable network performance. However, there are still logistical and other limitations with this type of network design.

Click to view.

Conversely, when multiple NICs are available on the DHCP Server, a DHCP scope provides the ability to allow different containers (in this case individual LANs which are physically and uniquely separated) to communicate with one another through the prudent configuring of the DHCP options. In this instance, each unique network ID (subnet) is physically bound to an individual NIC, which in turn is connected to each individual LAN via a dedicated switch or hub. This allows a single DHCP Server to efficiently service multiple LANs as if they were a single network. This allows greater flexibility in the design of the network, coupled with improved security and enhanced performance.

Where required several DHCP NICs can be on the same subnet but servicing different LANs effectively creating a single network. This can be useful where there is a requirement for instance to have the network spread over several floors of a building and there is a need to have all of the users on the same subnet. A switch or hub would be located on each floor – each serviced by their dedicated NIC. The NICs would then be configured with the same subnet but each NIC would have a unique host ID. Effectively the Altiris PXE Server would see this as a single subnet and it would not be necessary to dedicate an Altiris PXE Server to each floor.

Don't forget to authorise the scopes after creating them.

This paper describes these two principle VLAN environments in which you are likely to install PXE, the files necessary for the configuration process and walks the user through creating and configuring a PXE installation in both types of environment.

There is some intentional repetition through out the document as it is possible the reader will only review the sections they consider relevant to their environmental or specific needs. However it is strongly recommended that you read and review the entire document before proceeding with the installation of Deployment Server and PXE Server in your environment.

Getting Started

This section describes the components and basic concept of specifying Altiris Deployment Server and Altiris PXE Server in a VLAN environment.

The Altiris PXE Server can be installed in one of two ways. The subsequent configuration of the Altiris PXE Server and the way in which the Boot Disk Creator Utility files (the technology used by Altiris to create the DOS PXE Image) are created are entirely dependent on how the Altiris PXE Server is installed on the network.

A worthwhile point to note is that the process described in Section 1 is equally applicable to installing the Altiris Deployment Server and the Altiris PXE Server on a single segment LAN in a small office environment but without all the management requirements associated with a multi-segmented VLAN.

The two options discussed in this Whitepaper are:

Section 1: Installing PXE Server on the same machine as the DHCP/VLAN Server

1. While this option is easy to install it requires careful management to ensure correct and trouble free operation of the PXE Server where it is working across subnets. It is not the recommended procedure for installing PXE Servers and preferably should only be used in simple networks or Proof of Concept Pilots.
2. Bootwork Configuration File Sets may be required for each VLAN subnet to ensure the correct IP Address is used for each subnet. This is necessary where the Deployment Server is co-located on the same machine as the PXE Server and DHCP Server as when you change the subnet you are working with, so the Deployment Server IP address and the PXE Server IP address must change to correspond with the IP address of the NIC in question.
3. Each time you change subnets you must change the IP address for the PXE Server from within the PXE Configuration utility.
4. If the Deployment Server is on a different machine to the PXE and the DHCP Server then only the IP address of the PXE Server will change to correspond to the relevant subnet.
5. The Deployment Solution can be installed using the Simple Install option. Note that reconfiguring Deployment Server after a Simple Install is not an option and is only normally used for Proof of Concept Pilot installations. It is not usually recommended for the final Production Installation.

Section 2: Installing Altiris Deployment Server in a VLAN Environment with Multiple PXE Servers (Preferred Option)

1. While this method is easier to use, it is more complex to set-up and does require a PXE Server to be installed on each subnet/VLAN segment.
2. Each PXE Server is installed as a unique installation, with a Master PXE Server installed on the same VLAN as the Deployment Server and the rest as Slaves on the remaining VLANs each pointing to the master PXE Server for it's multicast address range. (refer to the Multicast tab on the PXE Configuration Utility).
3. Each PXE Server needs to be individually installed and configured for the relevant IP addresses for the PXE and Deployment Server and the relevant PXE Boot files created.
4. Major benefits are the ability to set up the PXE Server configurations statically for each VLAN, with out the need to "manage" the PXE Configuration each time you deploy images etc to a different VLAN segment.
5. It is a requirement that you use the Custom Installation procedure for Deployment Server when installing multiple PXE Servers.

Section 1: Installing PXE Server on the same server as the DHCP and VLAN Server

1.1 Installation Procedure

1. Installation of the Altiris PXE Server on to the DHCP Server also installs the DHCP option ClassID 060 PXEClient. The PXE Service normally sets the ClassID 060 PXEClient option for PXE. The Option ClassID 060 PXEClient effectively tells all PXE enabled clients that the PXE Server is located on the same machine and that the PXE service is providing the BOOTP, not the DHCP service. While the option ClassID 060 PXEClient is installed onto the DHCP Server during the installation period, it is not activated automatically. This will need to be done once the installation process is completed as described in section 1.3 below.
2. Altiris Deployment Server and Altiris PXE Server intentionally do not support the manual configuration of the DHCP option 43. Option 43 is where the boot menu is defined. However, the major advantage the Altiris PXE Server has here over other PXE Servers is that Altiris dynamically creates the boot menu for each client as it requests a PXE boot. This is how we control through the PXE Server Configuration utility whether it Local Boots, Initial Deployment boots (new PC's), or Managed Boots. You simply cannot "emulate" this dynamic functionality with a DHCP server providing manual configuration of option 43.
3. When the Altiris PXE Server is to be installed on the same machine as the DHCP Server then the DHCP Server must be a Windows NT4 or Windows 2000 Server. Altiris PXE Server cannot be installed on any other DHCP Server using another form of OS (eg Linux, UNIX etc). With this type of installation the DHCP Server must also be the VLAN Server.
4. Once the VLAN cards have been installed and configured, IP Addresses, Default Gateway, WINS/DNS etc and the DHCP has been configured and activated with the relevant scopes and Option 003 Router (which should have all of the IP addresses included for each of the VLAN cards on the VLAN Server), it is a simple matter to install and configure the Deployment Server and PXE Server.
5. Simple file sharing must be disabled if you are installing Deployment Server to a Windows XP machine.
6. Extract the Deployment Server Setup Files to the default folder <C:\dssetup>. Navigate to the <dssetup> folder and open the setup file. Proceed with the installation of Deployment Server in the usual way following the instructions of the Installation Wizard.
7. With the Simple Installation procedure, default settings are used and PXE Server is installed automatically onto the machine you are installing Deployment Server to. There is a possibility with the Simple Installation procedure that the services could bind to the wrong IP address in a poorly configured network. The Custom Install procedure is the recommended procedure.
8. If you use the Custom Installation procedure you will be able to configure the installation settings for your own specific environmental requirements.
   

   Click to view.

9. You can either select to install PXE Server on the Local Machine or alternatively you can install to a different computer. In either case you will be installing the PXE Server to the DHCP Server for this environment.
   1. If you are installing the Deployment Server onto the DHCP Server, select the option Yes I want to install PXE on this computer. Then select the Next button. Select the Finish button twice to commence the installation of both the Deployment Server and PXE. This will also install the DHCP option ClassID 060 PXEClient onto the DHCP Server.
   2. If you are installing the Deployment Server on a different machine to the DHCP Server you must select the option Yes I want to install PXE on a remote computer. In this case you will need to enter the Server Name you are installing PXE to and the IP address for both the PXE Server and the Deployment Server. It is important that you check that both the Server Name and the two IP addresses are correct before you proceed any further. Remember, you are installing the PXE Server to the DHCP Server in this instance.
   3. As in this second instance the PXE Sever in being installed onto the DHCP Server then the DHCP option ClassID 060 PXEClient is installed. However, it should be noted that this does NOT automatically activate the Class060 PXEClient which has to be activated manually once installation is complete via the DHCP Scope Options as described.
   4. Note. At this stage you must enter the IP address for the PXE Server using the IP addresses that correspond to the IP address of the VLAN or NIC Card on which the Deployment Server subnet operates, otherwise the PXE Server installation procedure may fail if it cannot find the server. This is of course dependant in part on how your network is set up whether WINS and/or DNS are in use and if you have configured option 003 Router for the DHCP.
10. Next select the option to Make this Server the Master PXE Server.
11. Enter the path to DHCP Server where you want to install the PXE Server to. The default path is c:\Program Files\Altiris\eXpress\Deployment Server.
12. Select to Create default PXE Boot files. You will require a full Windows 95/98 Installation CD to create the Boot Files. A licensed late edition Windows 95 or a first Edition Windows 98 Installation CD is recommended to create the PXE/BootWorks Boot Files. OEM versions of Windows 95/98 will not work. Earlier versions of Windows 9x are not recommended as there are known issues and Windows 98 Second edition is not usually recommended as it uses a greater amount of conventional memory. Windows ME is not acceptable. You cannot use DOS 6.0 or earlier to create the Boot files. Similarly DR DOS should not be used and if you do may not work.
13. Click on the Next button and you will receive a warning that DHCP is required to be running on your network for PXE to function correctly. Click on OK.
14. If prompted, enter a user name and password with Administrator Rights on both the Deployment Server and the PXE Server. Select Next.
    

    Click to view.
15. Select to use either Multicasting IP or TCP/IP to connect to the Deployment Server. If you select to use Multicasting IP then this must be enabled on any Routers, Switches etc on the network. Check with your network administrator before proceeding past this point if you are not sure. Full details of Ports and other settings are provided in the Appendix 3 at the end of this Whitepaper.
16. Click on Next to continue with the installation of the Deployment Server and PXE Server.
    

    Click to view.

17. In this window chose the location for the installation of the Deployment Server Console, either to the local machine or to a remote computer. Select Next.
    

    Click to view.

18. You can now see the process that will occur when you select Next for the final time. If satisfied with the configuration settings click Next to start the installation process or the Back button to change or review settings.

1.2 Configuring and using a single PXE Server and BootWorks in a simple VLAN Environment

1. Both the PXE Server and Bootworks need to be configured to work with each VLAN Card's IP address as used on the DHCP/VLAN server. To do this, from within the Deployment Server Console got to Tools> PXE Configuration Utility or select the PXE Configuration Utility radio button on the tool bar. Do not do this by going to the Start>Programs>Altiris>PXE Services>PXE Configuration as this only configures the files locally and does not copy them to the PXE Server unless it is colocated on the same machine as the Deployment Server.
2. From the Boot Configuration tab highlight Altiris BootWorks (Managed PC) and select the Edit button.
   

   Click to view.

   1. To have managed computers query a Deployment Server for the default boot option instead of using the PXE Server defaults, select Query eXpress Server for boot control. Enter the IP Address of the server and the Port you wish to use. By default, this option is selected and the file server is selected for you. If you decide not to use this option, each client computer uses the default boot option as defined in the PXE Configuration utility for the PXE Server.

      (1) Note: With this option selected, when a computer contacts the PXE Server for boot files, the Deployment Server determines the computer's boot option by default as follows:

      (a) If the computer is managed (known to the Deployment Server Database), but no work has been assigned, the Local Boot option is chosen.

      (b) If the computer is managed and a DOS event (such as imaging or a registry task) is assigned, the Deployment Server boots the computer with the managed computer boot file.

      (c) If the computer is new (not known to the Deployment Server Database), the new computer boot file is used.

      (2) If the Deployment Server is installed on the same machine as the DHCP Server and you wish clients to query the Deployment Server for Boot Options, then the Deployment Server IP Address must always match the IP Address for the VLAN Card corresponding to the VLAN Segment you will be working on. You will need to change the IP address for the Deployment Server each time you wish to create or roll out an image or backup or deploy a registry.

      (3) If the Deployment Server is not installed on the DHCP Server and assuming it is only running on one subnet, ie fitted with a single NIC card, then the IP address will remain unchanged regardless of the IP address of the VLAN NIC card (a static IP address for the Deployment Server is a pre-requisite).

   2. If you wish clients to query the PXE Server for Boot Options, then uncheck the Query eXpress Server for boot control option. You will now be able to configure the PXE Server menu to provide the boot option you wish to select.
      

      Click to view.
   3. By moving the Menu Item up or down the list you can define how all client machines will boot, ie if the Altiris BootWorks (Managed PC) is moved to the top of the list then all workstations will be treated as such and will only boot to this mode on each PXE Boot pass.

      (1) Note: If the clients are configured to query the PXE Server for Boot Options it is possible to end up in a continuous loop if an option other than Local Boot is selected, as the workstations will always boot to the selected menu item. This option is only useful if you have a specific need to manually control the boot option.

3. The simplest way to configure the PXE Server and Bootworks to work with each VLAN Card's IP address is by configuring corresponding PXE Menu Items, one for each VLAN segment. You can only do this for Managed PCs. It is not necessary to configure this for the Initial Deployment Event.
4. Later, you will also need to make corresponding BootWorks configuration sets for each VLAN segment NIC card on the DHCP Server.
   

   Click to view.
5. From the Boot Configuration tab select New.
6. Enter a Description which will readily identify the VLAN segment we are creating the configuration for.
7. Enter the IP address of the NIC card you are configuring for the Deployment Server. If the Deployment Server is co-located on the PXE/DHCP server then this will correspond to the NIC on the VLAN segment you are configuring for. If the Deployment Server is on a separate machine then use that servers IP address.
8. Select OK.
9. Repeat steps 1.2.e – 1.2.h for each NIC IP address you need to configure for the PXE/DHCP Server.
10. Once you have done this if you have not used the default Altiris BootWorks (Managed PC) Menu Item you can safely delete it.
    

    Click to view.
11. You have now successfully created the PXE Boot Menu. Later you will be able to select the VLAN you are working with by moving the Menu Item up or down the list.
12. Select the General Tab.
    

    Click to view.
13. Note that the PXE Server IP Address must always match the IP Address for the VLAN Card corresponding to the VLAN Segment you will be working on. You must change this each time you work on a different subnet to correspond to the DHCP Servers NIC card address for that VLAN.
14. Return to the Boot Configuration tab, highlight one of the Altiris BootWorks menu items eg 192.168.1.5 Managed PC and select the Make Boot files tab.
    

    Click to view.
15. Select the option to create a New Configuration and call it for example 192 168 1 5 Managed PC.
    1. Note that only spaces separate the numbers in the name as we are limited to the symbols we can use.
    2. It would be a good idea to combine the use of the IP address and the fact it is for managed computers in the name for ease of identification.
    3. Enter the details of which subnet the configuration will be used with into the description to help identify the Configuration Set for this VLAN Segment.
    4. Providing details of the type of NIC card you are creating this configuring to work with would also be a good idea to avoid confusion later on.
16. Select Next.
    

    Click to view.
17. Select the option BootWorks Boot Disk.
    1. Ensure the option to Run the Initial Deployment Event for computers not already in the database is not selected.
18. Select Next.
    

    Click to view.
19. Select the type of server your images will be stored on.
    1. With Novell Netware servers, IPX will automatically be selected.
    2. In certain circumstances it may be necessary to us IPX even with Windows servers as IPX uses less memory than TCP. This is usually only necessary with certain types of NIC and which use excessive amounts of memory to load their drivers. Normally with Windows servers TCP will be used.
20. Select Next.
    

    Click to view.
21. Select the type of NIC you are creating the configuration for. If you select to use the UNDI driver, the driver list will be greyed out.
    1. If the NICs you are creating the configuration for are not compliant with the UNDI specification you will have to select the NIC from the list. If the driver is not listed you will have to provide the NDIS drivers for DOS and add them to the configuration set. Windows and other drivers will not work with Altiris PXE Server as PXE uses a DOS based OS environment. NIC drivers are usually available either from your computer supplier's website or direct from the NIC card manufacturers website.

       (1) To import the DOS drivers into the configuration you are creating, select the Have Disk and then navigate to the route of the directory where you have extracted the drivers. Select ok and then select the NIC card you are creating the configuration for. Select ok again.

       (2) Note. Updating your computers to the latest BIOS will often resolve issues between PXE and the Computer/NIC you are working with. If you suffer from the computer hanging when booting to PXE this is the first option to consider.

    2. If you select the UNDI driver, multicasting is disabled. This is due to the fact that the UNDI driver can under certain circumstances cause image corruption during the download process. If you wish to use Multicasting when downloading images from the File Store to the client machines you must us a NIC specific driver set.
    3. Select Next.
    

    Click to view.
22. Select the DHCP option or the static IP option according to your requirement.
    

    Click to view.
23. Select either TCP/IP or Multicasting for communication between the Deployment Server and the clients. Multicasting is disabled with the UNDI driver. If you are using a static IP address, then the Altiris eXpress Server IP address must correspond to the IP address of the PXE menu item (therefore the NIC) you are creating the configuration set for.
    

    Click to view.
24. Enter the Workgroup or Domain Name of the File Server the client will be connecting to and the Account Information used to connect to the File Server.
    1. If the File Server is located on a different machine and Domain to the Deployment Server then you must make sure you use the correct Domain Name and User Credentials. One of the biggest issues administrators encounter when trying to upload or download images relates to permissions when accessing the eXpress share. This results in a failure to map the drives (created in the next window) and can sometimes prove difficult to resolve in a system using Active Directory and where the share has been tied down for security reasons. Careful attention to detail at this point will save a great deal of painstaking investigation later on. Note the use of a fully qualified Domain User Name is required when logging on to a machine in a Domain.
25. Select Next.
    

    Click to view.
26. In the majority of cases the Deployment Server will also be used as a default File Server, in which case the Drive Map for the F: Drive will not be changed.
27. Invariably, on large WANs additional File Stores will be used to avoid uploading/downloading images over the WAN with the corresponding increase in the levels of network traffic this will cause. The prudent use of remote File Stores will invariable result in a faster deployment of images.
28. Note. The requirements for creating a File Store are fully described in Appendix 5. These requirements should be fully understood before you create additional File Stores.
29. To add a file store in the Boot Disk Creator configuration, select the required Drive letter and then enter the UNC path details.
    1. Alternatively click on the Browse button and navigate to the share.
       

       Click to view.
    2. If you have navigated to the File Share click on ok.
       

       Click to view.
30. Drive Map details and the Path are now completed.
31. Select Next.
    

    Click to view.
32. You now have the opportunity to review your configuration in full before selecting Finish.
    

    Click to view.
33. When asked, select the option to Create the PXE Boot Files.
    

    Click to view.
34. Check the details of the path the PXE Boot File image will be saved to and select Next.
    

    Click to view.
35. Once the Boot Files have been created select Close.
    

    Click to view.
36. Close the Boot Disk Creator utility and you will receive a message stating the files have been successfully copied to the PXE Server.
37. Select the next Menu Item and repeat the entire process from 1.2.n – 1.2.ll for all the menu items. Repeat this process until you have created Boot Disk Creator Configuration Sets for all the menu items in turn, including the Initial Deployment menu item.
    

    Click to view.
38. When creating the Initial Deployment Configuration the only difference is that when you get to the Client Installation window at q), ensure the option to Run the Initial Deployment Event for computers not in the database is selected.
39. Further changes to the Boot Disk Creator Configurations may be required to achieve optimum performance. These are discussed in detail in the Appendices at the end of this paper. They include:
    1. Lmhosts File
    2. Config.sys File
    3. File Stores
40. To use the Menu Items you have created you will need to move the required configuration menu item to the top of the list each time in the PXE Configuration Utility.
41. You also need to change the PXE Server IP address on the General tab to correspond with the IP address of the VLAN NIC for that VLAN segment each time you are working with PXE on that VLAN.
42. Further more if the Deployment Server is located on the same machine as the PXE and DHCP Server you will also need to change the IP address in the PXE Configuration Utility for the Altiris BootWorks (Managed PC) to correspond to the IP address of the Server's NIC card for that VLAN Segment.

1.3 Configuring ClassID 060 PXEClient

1. Finally, you need to activate the DHCP option ClassID 060 PXEClient from within the DHCP MMC for each scope you are going to use PXE on.
   

   Click to view.
2. From within the DHCP MMC, click on the "+" sign next to the scope you are going to configure with the ClassID 060 PXEClient option.
3. Right click on Scope Options and from the drop down menu select Configure Options.
4. Scroll down to 060 ClassID and ensure the box is checked. Repeat this for each scope you will be using PXE with.

Section 2—Installing Altiris Deployment Server in a VLAN Environment with Multiple PXE Servers

2.1 Installation Procedure

1. Where you are installing multiple PXE Servers in a VLAN environment you MUST NOT install a PXE Server on the DHCP Server. If you have previously installed a PXE Server to the DHCP Server it MUST be uninstalled and the DHCP otion ClassID 060 PXEClient removed. Option ClassID 060 PXEClient effectively tells all PXE enabled clients that the PXE Server is located on the same machine, which in this instance it is not.
2. Altiris Deployment Server and Altiris PXE Server intentionally do not support the manual configuration of the DHCP option 43. Option 43 is where the boot menu is defined. However, the major advantage the Altiris PXE Server has here over other PXE Servers is that Altiris dynamically creates the boot menu for each client as it requests a PXE boot. This is how we control through the PXE Server Configuration utility whether it Local Boots, Initial Deployment boots (new PC's), or Managed Boots. You simply cannot "emulate" that dynamic functionality with a DHCP server providing manual configuration of option 43.
3. DHCP must be available to use PXE otherwise you will need to configure for static IP configuration for each client PC from within the Altiris Boot Disk Creator Utility. Once the VLAN cards have been installed and configured, IP Addresses, Default Gateway, WINS/DNS etc and the DHCP has been configured and activated with the relevant scopes and Option 003 Router (which should have all of the IP addresses included for each of the VLAN cards on the VLAN Server), it is a simple matter to install and configure the PXE Server.
4. The Altiris PXE Server can be installed to either a Windows NT4, Windows 2000 Server or if required a Windows 2000 Professional or Windows XP Professional Machine as you do not require a Server for the Altiris PXE Services. Note that Altiris do NOT recommended you install Deployment Server and especially SQL Server/MSDE on a Workstation in a production environment. For Deployment Sever this is for reasons of performance. In addition, the number of simultaneous connections that can be made to SQL Server/MSDE when installed on a workstation is restricted, reducing the number of simultaneous Deployment Server Console connections that can be made.
5. Simple file sharing must be disabled if you are installing Deployment Server or Altiris PXE Server to a Windows XP machine.
6. Extract the Deployment Server Setup Files to the default folder <C:\dssetup>. Navigate to the <dssetup> folder and open the setup file. Install Deployment Server using the installation wizard using the CUSTOM INSTALL option. You MUST use the Custom Installation procedure to enable you to configure the installation settings for your own specific environmental requirements.
   

   Click to view.
7. Select the machine's you are installing the Client Access Point to (File Server for storage of Images, RIPs etc). Click Next.
   

   Click to view.
8. Select the location for the Deployment Server and enter a user name and password. A service account is normally recommended. You can also use an account with full admin rights on all machines you are installing components too. Click Next.
   

   Click to view.
9. Specify the name for the SQL Server. Click Next.
   

   Click to view.
10. Enter the User Name and password. The default user name for MSDE and SQL 7.0 is sa with a blank password. SQL 2000 Prompts for a password which can complicate the installation process. It can be easier to use the optional Altiris Deployment Server installation package which includes the MSDE installation and then upgrade to SQL 2000 once the Deployment Server installation is completed. However we recommend the use of a password with all installation types. If a password is to be used with MSDE then is should be entered now as it is difficult to change at a latter date.
    

    Click to view.
11. You can either select to install PXE Server on the Local Machine or alternatively you can install to a different computer. In either case you MUST NOT install the PXE Server to the DHCP Server for this environment. Further more the DHCP option ClassID 060 PXEClient must not be installed on the DHCP Server. If option ClassID 060 PXEClient has previously been installed on the DHCP Server it MUST be removed before you can use PXE Server in this environment.
    1. If you are installing Deployment Server and PXE Server onto the Local Machine, select the option Yes I want to install PXE on this computer. The IP address should be entered automatically for the Local Server for both the PXE Server and the Deployment Server. Check the IP address is correct for both items.
    2. If you are installing the PXE Server on a different machine to the Local Server you must select the option Yes I want to install on a remote computer. In this case you will need to enter the Server Name you are installing PXE to and the IP address for both the PXE Server and the Deployment Server. It is important that you check that both IP addresses are correct before you proceed any further and that the destination machine is NOT a DHCP Server.
12. For both of the above installation options select to Make this Server the Master PXE Server.
13. Enter the path on the target Server where you want to install the PXE Server to. The default path is c:\Program Files\Altiris\eXpress\Deployment Server.
14. Select to Create default PXE Boot files. You will require a full Windows 95/98 Installation CD to create the Boot Files. A licensed late edition Windows 95 or a first Edition Windows 98 Installation CD is recommended to create the PXE/BootWorks Boot Files. OEM versions of Windows 95/98 will not work. Earlier versions of Windows 9x are not recommended as there are known issues and Windows 98 Second edition is not usually recommended as it uses a greater amount of conventional memory. Windows ME is not acceptable. You cannot use DOS 6.0 or earlier to create the Boot files. Similarly DR DOS should not be used and if you do may not work.
15. Click on the Next radio button and you will receive a warning that DHCP is required to be running on your network for PXE to function correctly. Click on OK.
16. Enter a user name and password with Administrator Rights on both the Deployment Server and the PXE Server. Select Next.
    

    Click to view.
17. Select to use either Multicasting IP or TCP/IP to connect to the Deployment Server. If you select to use Multicasting IP then this must be enabled on any Routers, Switches etc on the network. Check with your network administrator before proceeding past this point if you are not sure. Full details of Ports and other settings are provided in the Appendix 3 at the end of this Whitepaper.
18. Click on Next to continue with the installation of the Deployment Server and PXE Server.
    

    Click to view.
19. In this window chose the location for the installation of the Deployment Server Console, either to the local machine or to a remote computer. Select Next.
    

    Click to view.
20. You can now see the process that will occur when you select Next for the final time. If satisfied with the configuration settings click Next to start the installation process or the Back button to change or review settings.

2.2 Installing Additional PXE Servers

1. You can only have one Master PXE Server on each subnet, even if you have more than one Deployment Server. All other PXE Servers need to be configured as slaves. Details on how to configure Slave PXE Servers is provided at section 2.2.h. These can be installed to Windows NT4.0/2000 Server or Professional or XP Professional.
2. Once you have installed the first Master PXE Server, you now need to install one PXE Server to each VLAN ensuring that the check box for "Make this the Master PXE Server" is selected for the first PXE Server in each VLAN.
   

   Click to view.
3. To install additional PXE Servers start Custom Setup again and select to install Add Components.
   

   Click to view.
4. You can also install additional Deployment Server Consoles from here.
5. The name of the first installed Master PXE Server should appear greyed out. Only one PXE Server can be designated as a Master in each VLAN.
   

   Click to view.
6. When all of the required PXE Servers have been installed, from within Deployment Server open the PXE Configuration Utility and enter the name of the first Remote PXE Server either by IP address or Server Name. Which ever method you select to connect to the PXE Server will become the default entry for connection ie IP address or Server Name.
   

   Click to view.
7. Once the utility has been opened, go to the last tab headed multicast. Ensure that the "Use Multicast for Boot File Transfer" and "Master PXE Server" check boxes are selected.
8. You must only have one master PXE Server on each VLAN. If you have installed additional PXE Servers on the same VLAN segment (ie same subnet and have not crossed a router) then these must be configured as slaves.
   

   Click to view.
9. To configure these additional PXE Servers as a Slave, the option to make this a Master PXE Server must be deselected and the option to "Request Multicast Addresses from Master PXE Server" selected.
10. Additional PXE Servers may be required on the same subnet if for example you have more than one Deployment Server installed on the network and wish to point the Managed PC's to this Deployment Server. Note that you can only install one PXE Server to a PC or Server.
11. Multiple instances of PXE Server on a single machine are not supported.

2.3 Configuring and using multiple PXE Servers and BootWorks in a complex VLAN environment

1. Where you are installing multiple PXE Servers, each PXE Server and it's associated Bootworks configuration file set only needs to be configured to work specifically on the unique subnet which is defined by the VLAN Card IP address as used on the DHCP/VLAN server. It is possible in this environment the DHCP server will not necessarily be co-located on the same machine as the VLAN server with a unique DHCP Server installed to each subnet. There are subtle differences in the way the Altiris PXE Server needs to be configured in a multiple PXE Server environment. Furthermore there is the need to configure each one independently. However the extra initial effort is well worth it.
2. To configure the PXE Server, from within the Deployment Server Console got to Tools> PXE Configuration Utility or select the PXE Configuration Utility radio button on the tool bar. Do not do this by going to the Start>Programs>Altiris>PXE Services>PXE Configuration as this only configures the files locally and does not copy them to the PXE Server unless it is co-located on the same machine as the Deployment Server or you are configuring the PXE Server locally.
3. From the Boot Configuration tab highlight Altiris BootWorks (Managed PC) and select the Edit button.
   

   Click to view.

   1. To have managed computers query a Deployment Server for the default boot option instead of using the PXE Server defaults, select Query eXpress Server for boot control. Enter the IP Address of the server and the Port you wish to use. By default, this option is selected and the file server is selected for you. If you decide not to use this option, each client computer uses the default boot option as defined in the PXE Configuration utility for the PXE Server.

      (1) Note: With this option selected, when a computer contacts the PXE Server forboot files, the Deployment Server determines the computer's boot option by default as follows:

      1. (a) If the computer is managed (known to the Deployment Server Database), but no work has been assigned, the Local Boot option is chosen.
      li>
      2. (b) If the computer is managed and a DOS event (such as imaging or aregistry task) is assigned, the Deployment Server boots the computer with the managed computer boot file.
      3. (c) If the computer is new (not known to the Deployment Server Database), the new computer boot file is used.

      (2) If the Deployment Server is installed on the same machine as the DHCP Server and you wish clients to query the Deployment Server for Boot Options, then the Deployment Server IP Address must always match the IP Address for the VLAN Card corresponding to the VLAN Segment you will be working on. You will need to change the IP address for the Deployment Server each time you wish to create or roll out an image or backup or deploy a registry.

      (3) If the Deployment Server is not installed on the DHCP Server and assuming it is only running on one subnet, ie fitted with a single NIC card, then the IP address will remain unchanged regardless of the IP address of the VLAN NIC card (a static IP address for the Deployment Server is a pre-requisite).

   2. If you wish clients to query the PXE Server for Boot Options, then uncheck the Query eXpress Server for boot control option. You will now be able to configure the PXE Server menu to provide the boot option you wish to select.
      

      Click to view.
   3. By moving the Menu Item up or down the list you can define how all client machines will boot, ie if the Altiris BootWorks (Managed PC) is moved to the top of the list then all workstations will be treated as such and will only boot to this mode on each PXE Boot pass.

      (1) Note. If the clients are configured to query the PXE Server for Boot Options it is possible to end up in a continuous loop if an option other than Local Boot is selected, as the workstations will always boot to the selected menu item. This option is only useful if you have a specific need to manually control the boot option.

4. As each PXE Server and its related Bootworks configuration is required to work only with one VLAN Card IP address you only need to have one set of PXE Menu Items for it associated VLAN segment (subnet). As a result instead of creating new Menu items, the default Menu items can be used.
5. Later, you will also need to make corresponding BootWorks configuration sets for each PXE Server.
   

   Click to view.
6. From the Boot Configuration tab select the Altiris BootWorks (Managed PC) menu item.
7. Select Edit.
   

   Click to view.
8. Select the option to Query the eXpress Deployment Server for boot.
9. Enter the IP address for the Deployment Server.
10. Select ok.
11. You have now successfully created the PXE Boot Menu. Later you will be able to select the VLAN you are working with by moving the Menu Item up or down the list.
12. Select the General Tab.
    

    Click to view.
13. Enter the Altiris PXE Server IP address.
14. Return to the Boot Configuration tab, highlight the Altiris BootWorks (Managed PC) and select the Make Boot files tab.
    

    Click to view.
15. Select the option to create a New Configuration and call it for example 192 168 1 5 Managed PC.
    1. Note that only spaces separate the numbers in the name as we are limited to the symbols we can use.
    2. It would be a good idea to combine the use of the IP address and the fact it is for managed computers in the name for ease of identification.
    3. Enter the details of which subnet the configuration will be used with into the description to help identify the Configuration Set for this VLAN Segment.
    4. Providing details of the type of NIC card you are creating this configuring to work with would also be a good idea to avoid confusion later on.
16. Select Next.
    

    Click to view.
17. Select the option BootWorks Boot Disk.
    1. Ensure the option to Run the Initial Deployment Event for computers not already in the database is not selected.
18. Select Next.
    

    Click to view.
19. Select the type of server your images will be stored on.
    1. With Novell Netware servers, IPX will automatically be selected.
    2. In certain circumstances it may be necessary to us IPX even with Windows servers as IPX uses less memory than TCP. This is usually only necessary with certain types of NIC and which use excessive amounts of memory to load their drivers. Normally with Windows servers TCP will be used.
20. Select Next.
    

    Click to view.
21. Select the type of NIC you are creating the configuration for. If you select to use the UNDI driver, the driver list will be greyed out.
    1. If the NICs you are creating the configuration for are not compliant with the UNDI specification you will have to select the NIC from the list. If the driver is not listed you will have to provide the NDIS drivers for DOS and add them to the configuration set. Windows and other drivers will not work with Altiris PXE Server as it uses a DOS based OS environment. NIC drivers are usually available either from your computer supplier's website or direct from the NIC card manufacturers website.

       (1) To import the DOS drivers into the configuration you are creating, select the Have Disk and then navigate to the route of the directory where you have extracted the drivers. Select ok and then select the NIC card you are creating the configuration for. Select ok again.

       (2) Note. Updating your computers to the latest BIOS will often resolve issues between PXE and the Computer/NIC you are working with. If you suffer from the computer hanging when booting to PXE this is the first option to consider.

    2. If you select the UNDI driver, multicasting is disabled. This is due to the fact that the UNDI driver can under certain circumstances cause image corruption during the download process. If you wish to use Multicasting when downloading images from the File Store to the client machines you must use a NIC specific driver set.
    3. Select Next.
       

       Click to view.
    4. Select the DHCP option or the static IP option according to your requirements.
    

    Click to view.
22. Select either TCP/IP or Multicasting for communication between the Deployment Server and the clients. Multicasting is disabled with the UNDI driver. If you are using a static IP address, then the Altiris eXpress Server IP address must correspond to the IP address of the PXE menu item.
    

    Click to view.
23. Enter the Workgroup or Domain Name of the File Server the client will be connecting to and the Account Information used to connect to the File Server.
    1. If the File Server is located on a different machine and Domain to the Deployment Server then you must make sure you use the correct Domain Name and User Credentials. One of the biggest issues administrators encounter when trying to upload or download images relates to permissions when accessing the eXpress share. This results in a failure to map the drives (created in the next window) and can sometimes prove difficult to resolve in a system using Active Directory and where the share has been tied down for security reasons. Careful attention to detail at this point will save a great deal of painstaking investigation later on. Note the use of a fully qualified Domain User Name is required when logging on to a machine in a Domain.
24. Select Next.
    

    Click to view.
25. In the majority of cases the Deployment Server will also be used as a default File Server, in which case the Drive Map for the F: Drive will not be changed.
26. Invariably, on large WANs additional File Stores will be used to avoid uploading/downloading images over the WAN with the corresponding increase in the levels of network traffic this will cause. The prudent use of remote File Stores will invariable result in a faster deployment of images.
27. Note. The requirements for creating a File Store are fully described in Appendix 5. These requirements should be fully understood before you create additional File Stores.
28. To add a file store in the Boot Disk Creator configuration, select the required Drive letter and then enter the UNC path details.
    1. Alternatively click on the Browse button and navigate to the share.
       

       Click to view.
    2. If you have navigated to the File Share click on ok.
    

    Click to view.
29. Drive Map details and the Path are now completed.
30. Select Next.
    

    Click to view.
31. You now have the opportunity to review your configuration in full before selecting Finish.
    

    Click to view.
32. When asked, select the option to Create the PXE Boot Files.
    

    Click to view.
33. Check the details of the path the PXE Boot File image will be saved to and select Next.
    

    Click to view.
34. Once the Boot Files have been created select Close.
    

    Click to view.
35. Close the Boot Disk Creator utility and you will receive a message stating the files have been successfully copied to the PXE Server.
    

    Click to view.
36. Select the Initial Deployment Menu Item and repeat the entire process from 2.3.f – 2.3.ll for the Initial Deployment menu item.
    

    Click to view.
37. When creating the Initial Deployment Configuration the only difference is that when you get to the Client Installation window at q) above, ensure the option to Run the Initial Deployment Event for computers not in the database is selected.
38. Further changes to the Boot Disk Creator Configurations may be required to achieve optimum performance. These are discussed in detail in the Appendices at the end of this paper. They include:
    1. Lmhosts File
    2. Config.sys Filee
    3. File Stores
39. As we have selected to Query eXpress Server for boot control, the default sequence described at section c)i) will apply.
40. You will need to repeat this entire section to configure each Altiris PXE Server for each VLAN on your network.
41. Once you have accomplished this work, and all of your Altiris PXE Servers are working to your satisfaction there will be little need for management of the PXE Servers above and beyond adding the Boot Disk Configurations for additional client NIC cards.
    1. Note. Each time you need to add a NIC card do this via the Deployment Server Console, preferably from the Deployment Server itself. Open the PXE Configuration utility via the radio button and select the PXE Server you wish to configure. Then select the Make Boot Files option. Create or modify the relevant configuration and once you have completed this, select the option to Create PXE Boot File. The unless it is local to the Deployment Server, the IP address of the Altiris PXE Server will form part of the path the file is saved to, identifying to that server. When you close the Boot Disk Creator utility, thee PXE file will be copied to the relevant PXE Server automatically.

Appendix 1 – Lmhosts File

1. If there are NETBIOS name resolution issues, then it may be necessary to make an entry within the lmhosts file contained in Boot Disk Creator. This can be found under the relevant configuration in the net folder.
2. The entry should appear looking something like this:

   192.168.2.5    testserv2    #landau DS + PXE test server 2000 subnet2
   192.168.3.1    Testserv1    #landau PXE test Server 2000 subnet 3
   192.168.1.1    Testserv3    #landau PXE & File store XP Pro subnet 1
   10.1.120.254   todesstern   #Ratingen DS test server NT4 subnet 120
   10.1.120.10    Darkstar     #Ratingen DHCP & PXE test server NT4 subnet 120
   
   

   

   Click to view.
3. It is suggested that entries are also made in the lmhosts file on the Server on which the Altiris Deployment Server and the associated remote file store servers are installed. This is located in the winnt\system32\drivers\etc\ folder. An entry will probably be required in the lmhosts file for each remote File Server/PXE Server as well to help resolve potential network configuration issues. This is only normally required for NT4 Domains, although it may be required if name resolution issues occur even in Windows 2000 domains.
4. Don't forget that there must be at least one return after the last entry in a LMHosts file

Appendix 2 – Config.sys File

1. Creation and deployment of images can usually be enhanced through some memory management in the config.sys file which is located in the route of the relevant configuration in the Boot Works Creator.
2. Access the Config.sys file by clicking on the "+" sign next to the Configuration Set you have just created in the Boot Disk creator Utility.
   

   Click to view.

   The default config.sys looks like this:

   DEVICE=C:\DOS\HIMEM.SYS
   Rem DEVICE=C:\DOS\EMM386.EXE /NOEMS
   DEVICEHIGH=C:\net\ifshlp.sys
   
   DOS=HIGH,UMB
   switches = /f
   rem switches = /n
   BUFFERS=20
   FILES=20
   STACKS=0,0
   FCBS=1,0
   LASTDRIVE=Z
   
   

   Some minor changes can be made to enhance the performance as follows:

   DEVICE=C:\DOS\HIMEM.SYS
   DEVICE=C:\DOS\EMM386.EXE /NOEMS I=B000-B7FF I=C000-CFFF
   DEVICEHIGH=C:\net\ifshlp.sys
   
   DOS=HIGH,UMB
   switches = /f
   rem switches = /n
   BUFFERS=12
   FILES=40
   STACKS=9,256
   FCBS=1,0
   LASTDRIVE=Z
   
   

3. The line DEVICE=C:\DOS\EMM386.EXE /NOEMS I=B000-B7FF I=C000-C700 may or may not be required as most NICs will perform well without it and the line can be left rem'ed out. However it may be worth trying it with the rem removed from the line and carrying out a comparison in performance in terms of through put and time taken to create/deploy an image.
4. The I=B000-B7FF allows more memory to be made available through the inclusion of the monochrome video area. While this works with most NICs (most video cards do not use this memory area these days) there may be the rare occurrence where its inclusion may cause an issue in which case you will need to remove the switch. Experimentation may also allow other area's of memory to be included while conversely with some laptops exclusions may be required to enable the PCMCIA NIC to work. The inclusion of the range I=C000-C7FF may or may not be a good idea but it is worth a try.
5. Buffers use up a lot of memory and it is proposed these are reduced down to a minimal level. It has been found with most NICs you can get away with 12 – less in some instances.
6. It is well worth considering reducing the number of available drives down to the minimum required as each drive takes up about 5k. So reducing the LASTDRIVE=Z down to say LASTDRIVE=J will save about 80K.
7. Further information on memory management can be found in the Altiris forum which can be accessed through the Altiris Web Site which can be found at http://www.altiris.com
8. Next, select the icon: create PXE Boot Files. The path and file name will be given and you can select finish. Close boot Disk Creator and a dialogue box will appear offering to transfer the files to complete the process – select Yes. When the transfer bar disappears (several minutes over a slow link) you will receive a file transfer completed successfully message, click on OK. Repeat the same process for the Altiris Bootworks (initial deployment event), this time selecting the check box for the Run the initial deployment event for computers not already in the database. Continue as before.
9. When the process has completed you will need to repeat the process for each PXE Server. Use the copy command to create new configurations if they are to basically remain the same.
10. If you need to add, change or remove mapped network drives you will need to select the newly created configuration, create a copy of the configuration and rename it with a suitable, readily identifiable name such as "testserv1 – 10_100NIC". Next right click the configuration and from the drop down menu select edit. When asked if you wish to continue, select yes. This will open the configuration and allow you to go to the Network Drive Mappings Page where you can edit the drive mappings. If you change the configuration you will need to re-do any amendments you made to the lmhosts and config.sys files etc as they will return to the default state after the edit facility has been used and the configuration saved.

Appendix 3 – Configuring Ports, Multicast and IP Addresses for use by Deployment Server

A 3.1.i Routers

1. Various ports and multicast ranges need to be enabled to allow Deployment Server to work with routers. A summary of these and a brief explanation is provided below:
2. Ports 1 – 1024 are statically assigned ports for known protocols. We use 401 and 402 for no other reason than they are unassigned. Ports above 1024 are assigned dynamically and the TCP/IP stack will chose any available port.
3. AClient and BootWorks use a static port (402) to locate the server. Once communications has been established, the server and the clients will use a dynamic port to do the file transfers (similar to FTP). You will need to configure your routers much like you would for FTP -- you allow TCP connections through as the primary port number 402 and then allow secondary connections on all other dynamic ports (above 1024).
4. Routers should be enabled for multicast for the complete 224.x.x.x and 225.x.x.x range.
5. Intel docs state the following ports are required for PXE:
   » DHCP - Ports 67 & 68
   » MTFTP - Port 69
   » Extended DHCP PXE request - Port 4011
6. BOOTP and DHCP servers use UDP port 67 to listen for and receive client request messages. BOOTP and DHCP clients typically reserve UDP port 68 for accepting message replies from either a BOOTP server or DHCP server.
7. In practice Altiris requires ports 67; 68; 69; 401; 402; 4011 as well as the entire IP scope 224.x.x.x to be opened up for both multicast, UDP and TCP traffic. IP forwarding must be turned on and multicast enabled on all switches and routers for this to work. Port 67 should also be opened up for PXE. It is possible there may still be failures due to time outs due to NICs failing. Unless a NIC follows the PXE spec which is 3 seconds for the response to get back to the server, any hops may cause the process to fail.
8. It is also prudent to add an IP-helper address to your switch configuration. When you have added the addresses for the DHCP Server and the PXE Server, PXE packages are usually routed without any issues over multiple VLANs.
9. Altiris requires additional Port and IP address ranges besides those used just for PXE and which should not be overlooked when considering the requirements for routers. Examples of these additional requirements include:
   1. Connection of the aclient for managed computers and which can be configured to use either multicast or IP or Ports, depending on the network environment.
   2. RapidInstall for the deployment of RIP's and MSI's. This is a bit more complex as RapidInstall uses the complete range of 224.x.x.x and 225.x.x.x and the ports are allocated dynamically.
10. The ports and IP address/mutlicast ranges used by RapiDeploy and aclient can all be configured and a summary of the interfaces used for this is provided below. You can only configure the port for RapidInstall and the method for doing this is also described. Setting the port for files transfers to static is equally applicable to images and RIPs/MSIs.
11. The port used by Deployment Server for remote control is allocated dynamically in the range above 1024.
12. The port used for sending a Wake on LAN signal is also allocated dynamically in the range above 1024.
13. Additional Considerations
    1. PXE won't work with a DHCP relay or DHCP gateway (like Cisco's DHCP relay). The reason for this is that the Relay makes the request for the IP address which means it provides the wrong MAC address. The machines will PXE boot but will not be able to automatically detect if there is work for that pc, instead it will default to the Initial Deployment event boot.
    2. With Cisco switches some times there can be problems with PXE timing out while trying to negotiate a port speed. If you have a Cisco switch and you have locked the port speed and duplex on the switch, the Intel Boot agent on the client PC will still try and negotiate the port speed and will time out because the switch will not let any traffic go through the port until the negotiation is finished. The work around for this is to use the PortFast command on the Cisco switches which allows you to enable traffic to go through the port before negotiation is finished.
    3. It may be prudent to configure the routers with statements to forward DHCP discovers to both the DHCP and the Altiris PXE servers.

A 3.1.iii Deployment Server/aclient Connectivity

Click to view.

1. Muticast is configured for RapiDeploy from within the Deployment Server Console. Go to View>Options and select the RapiDeply tab.
2. The Default IP Range is 224.2.0.2 – 224.2.0.3.
3. The default Port Range is 401 – 402.
4. This feature optimizes the multicasting ability of the RapiDeploy application in Deployment Server. Multicasting allows you to deploy images to a group of computers simultaneously, downloading an image from a file server (or accessing a local hard drive) and managing the imaging of several client computers concurrently. Because RapiDeploy is more efficient when writing directly to the IP address of the NIC driver, you can enter a range of IP addresses when using the multicasting feature to speed computer deployment and management. Deployment Server accesses the range of computers using the defined IP pairs and avoids retrieving the computers through the port and OS layers. However, because some NIC cards do not handle multiple multicast addresses, you can also identify a range of ports to identify these computers. On the first pass Deployment Server accesses the selected computers using the list of IP numbers. On the second pass Deployment Server accesses the selected computers using the port numbers or higher level OS ID's.

A 3.1.iii Deployment Server/aclient Connectivity

1. If you change these settings then you will also need to configure the Deployment Server Configuration Settings for each Deployment Server which is connecting to that database. If you have other Deployment Servers connected to other Databases then these changes will not affect them – unless of course you make the same (or other) changes to those Deployment Servers as well.
   

   Click to view.
2. You can access the Deployment Server Configuration Settings from the Control Panel and then selecting the Altiris eXpress Server icon.
3. Your managed computers aclient service can locate and connect to a Deployment Server using multicasting or by connecting to the server's IP address.
4. You have the option to:
   1. Modify the multicast settings such as:

      (1) Multicast Address

      (2) Multicast Port

      (3) Multicast TTL

      (4) TCP Port

   2. Disable Multicasting and the aclient must then connect to the Deployment Server using TCP.
   

   Click to view.
5. If you change the settings at A.3.1.ii above then you MUST configure the aclient accordingly. You configure the aclient properties via the Altiris Client Services Properties. You can change this at the local machine by double clicking the aclient icon in the systray (password may be required if you have secured the aclient). Alternatively right click the machine within the Deployment Server Console and select aclient properties to manage the aclient remotely. For new machines go to Tools>Remote Client Installer then select the add button to add the machines you wish to install the aclient too and then highlight a machine and selecting properties.
6. Managed computers can use the multicast address if they are on the same segment as the Deployment Server and they are not using default PXE boot files.
7. Use the default multicast IP address and port number if possible to avoid client connection problems.
8. The TTL field specifies the number of "hops" or hubs that the client can go through to multicast.
9. Managed computers should use the Deployment Server IP address if they are not on the same segment as the server, or if they are using default PXE boot files to boot the client computers. Use the default port number if possible to avoid client connection problems.
   

   Click to view.
10. If you are using TCP to connect the aclient to the Deployment Server you must set it to use the same IP address as the Deployment Servers NIC IP address for the VLAN segment you are working in. So for instance if NIC card (1) is using the address 192.168.0.1 and NIC card (2) is using 11.11.11.1 and you are configuring the aclient for workstations installed to the network on the second VLAN then you must set the IP address under Transport Settings in the aclient properties to 11.11.11.1. If you are configuring the aclient for the workstations installed to the first VLAN then the IP address must be set to 192.168.0.1.

A 3.1.iv Setting a Static Port for File Transfers

Click to view.

1. Select this option to specify a static TCP port for file transfers to the clients. The default value is 0 and will cause the server to use a dynamic port. This setting is useful if you have a firewall and need to use a specific port rather than a dynamic port.

Appendix 4 – Remote Control

1. Remote control of client machines from the Deployment Server across VLANs, different subnets and across routers is unlikely to work with out a designated Wake on LAN Proxy. This can be achieved by installing the aclient on to a machine which will be permanently switched on. Once the PC/Server appears in the Deployment Server Console, select the associated icon, right click it and select properties. On the very first page you select the check box "Wake on LAN Proxy". Select OK and when prompted select the option to Start Now.
2. The aclient service on the selected PC will restart (not the PC itself) and will become the Wake on LAN Proxy. All computers which have the aclient configured to point to that Deployment Server and which have remote control enabled in the aclient properties can now be remote controlled when connected to the network on that VLAN segment.

Appendix 5 – File Stores

1. It is a good idea to create a share on a file store for each OVERSEAS or MAJOR REMOTE network location for storing images and RIPs or MSIs etc. This will speed up the deployment of images and RIPs considerably at these locations, especially where it is over a slow link or VPN connection to the local Deployment Server.
2. Create a Windows mapped network drive to each of these shares from the server on which Deployment Server is installed. Remember that a mapped network drive created in Windows through the Map Network Drive utility is only connected for the user who was logged on at the time it was created. If Deployment Server is to be used with more than one user log on name then you must create a mapped network drive for each user name. Further more due to the security built in to Windows, mapped network drives are disconnected when a user logs off to avoid unauthorized access to drives. It is necessary for the Deployment Server Machine to be left permanently logged on for the mapped network drives to remain accessible to Deployment Server. You can lock the machine to avoid unauthorized access.
3. The Deployment Server Configuration Utility is used to create mapped network drives for Deployment Server itself.
4. From within Boot Disk Creator, the configuration for each site must also include the map to its respective file store for use while booting the clients to DOS.
5. It is likely that a trust relationship will need to be established between Domains where Deployment Server is working across Domains.
6. The use of DNS or failing that WINS is strongly recommended to avoid name resolution issues.

Important Note

1. The mapped network drive must use the same letter throughout so if you use Z: to map to Todesstern\Images you must use:

   (a) Windows Map Network Drive Utility

      (a) Windows Map Network Drive Utility

Click to view.

(b) Drive: Z: \\ Todesstern\images

(c) Folder: \\ Todesstern\images

      (b) Altiris Deployment Server Configuration Utility

Click to view.

(a) Drive Letter: Z:

(b) UNC Path: \\ Todesstern\images

      (c) Altiris Boot Disk Creator utility, on the Network Drive Mappings page

Click to view.

(a) Drive Map: Z: \\ Todesstern\images

(b) Path: \\ Todesstern\images

Note

When creating the path to a file from within an event in the Deployment Server Console you cannot use UNC paths and must insert the full path as for example for the image store on Todesstern:

Appendix 6 – Recommendations for the installation of Deployment Server and PXE Server in a VLAN

A 6.1 Preamble and Disclaimer

1. The minimum recommendations contained in Appendix 5 are only included as a general guide to the requirements for installing Deployment Server 5.5 Service Pack 2 and associated Altiris PXE Server in a VLAN environment. As such any suggestions made are purely intended as a guide to assist in the planning of the environment into which you proposing to install Deployment Server and PXE Server. It is accepted by you that any suggestions made in this document are without prior knowledge or understanding of the requirements of your environment and as such do not replace the thorough planning, design and development requirements for a suitable server and network. As such Altiris Inc and it's subsidiaries cannot and will not be held responsible for any omissions or exceptions resulting in losses either in kind, financial or through data or other loss whether through the inclusion or omission from either the preceding document body or the following section. It is the responsibility of the Network Design Authority of the company installing the Altiris products to ensure that the needs of the user are fully understood and met prior to the installation of Altiris Deployment Server and PXE Server or any other products whether Hardware or Software related and regardless of the supplier. Basic hardware requirements are discussed in this document. However, these suggestions are totally dependent on the number of Altiris Deployment Server/PXE Servers installed. Other factors and considerations include but are not limited to the number of clients in the environment, the number of consoles connecting to Deployment Server, the actual network configuration, additional Data Stores (File Stores) if any, along with a wide range of other aspects which need to be discussed outside of this document.
2. Use of this document is entirely conditional on you and/or your representatives complete and unconditional, irrevocable acceptance in full of the declaimer contained in Appendix 5.1.a) and A 5.1.b). Further more, in the event that you or your representative decide to adopt any of the suggestions contained in Appendix A, you confirm that by using this document as a guide you have agreed to accept in full the responsibility for defining the suitability of the hardware platform and associated operating system pertaining to the server on which the Altiris Deployment Server and Altiris PXE Server are to be installed. These conditions equally apply to all other hardware and software used through out the network and not supplied by Altiris Inc or its subsidiaries. These conditions do not affect or replace any of the terms and conditions contained in the Altiris product licence.
3. Altiris Professional Services can offer a range of consultancy products and services to those customers who require recommendations and implementation services. Altiris does not accept responsibility for any other products other than its own.

A 6.2 Recommended Environment

A 6.2.1 Operating System and SQL Server Recommendations

1. Altiris Deployment Server OS Platform
   1. Microsoft Windows 4.0 Server sp6
   2. Microsoft Windows 2000 Server sp3 (recommended)
   3. Microsoft Windows 2000 Professional can be used in a small pilot or test environment but is not recommended for a production environment
2. Altiris PXE Server OS Platform
   1. Microsoft Windows 4.0 Server sp6
   2. Microsoft Windows 2000 Server sp3
   3. Microsoft Windows 2000 Professional
   4. Microsoft Windows XP

   Notes

   1. The machine the PXE Server service is running on only needs to be switched on while a PXE boot is required. As a result any workstation with an acceptable operating system can be used, even one which is normally switched off. In this event make sure the machine can be woken up remotely when necessary to enable its PXE services function to be utilised. The WOL (Wakeup feature) provided by Deployment Server is perfect for this use.
   2. Only one PXE Server can be installed in a VLAN. Ensure no other PXE Servers, including RIS, are running in addition to the Altiris PXE Server.
3. Microsoft SQL Server Options
   1. Microsoft MSDE or Microsoft SQL Server 7.0 with sp4 applied to the installed option.
   2. Microsoft SQL Server 2000 with sp 3 (recommended).
   1. Altiris recommends the installation of SQL 2000 and sp3 along with the Enterprise Manager components for maximum performance and manageability. Altiris cannot be held responsible for performance related issues when MSDE has been deployed in Enterprise environments.
   2. MSDE, SQL 7.0 and SQL 2000 can all use the default user name "sa" without the quotation marks and do not require a password for the installation process. This is the simplest installation procedure. If you install SQL 2000 you are prompted to supply a password. Use of a password can complicate the installation process. If you are not comfortable with SQL Server2000 Security issues it is possible to install using the default MSDE and then
   3. Points you need to consider when deciding whether to use MSDE or SQL Server 2000.
      1. The maximum number of concurrent SQL connections to MSDE. This is the same no matter what product you use it with because Microsoft specs it that way. Last time we checked it was capped at 5. Aclient does not directly interact with SQL, but goes through a server side application layer (for Deployment Server this is axengine) which handles the SQL connections. The only issues you may see with the maximum number of connections is if you try to run too many consoles simultaneously as each console uses a direct ODBC connection, or if you try to install multiple Deployment Servers to a single MSDE installation. As each Deployment Server installation requires two connections to SQL, the maximum number of Deployment Servers you can install and have connected simultaneously to MSDE is two and still run one console.
      2. While the maximum database size with MSDE is limited to 2 GB it is unrestricted in the Standard and Enterprise editions of SQL 7.0 and SQL 2000 (unless of course you change his through Enterprise Manager). It is unlikely you will exceed this with a single Deployment Server Installation.
      3. If you use MSDE or SQL 7.0 then sp3 MUST be applied. SQL 2000 requires SP2 as a minimum requirement.
      4. The maximum number of concurrent connections to any given Deployment Server is 5,000 - it does not matter if it is MSDE or full SQL. Performance is obviously better with SQL Enterprise by design. This tends to be insignificant with say up to 1000 clients and in most instances is still generally acceptable even in larger installations of around the 3000-5000 client mark, subject to a reasonably specified hardware platform. Currently the 5000 limit is defined by Deployment Server and is applicable to both MSDE and SQL Server Enterprise installations. This limit may be reviewed in the future but at this time it cannot be confirmed (should this occur) if it will apply to Enterprise Editions of SQL only or if MSDE will be included. This is due to the maximum database size with MSDE which is restricted to 2GB and cannot be changed.
4. Observations
   1. Always start with a fresh installation of your chosen Operating System and apply all required service packs prior to installing the Altiris Deployment Server and Microsoft SQL Server. This will help ensure that you achieve a trouble free installation and can enjoy our products to their full extent.

A 6.2.2 Hardware Recommendations

1. Processor Requirements
   1. When SQL Server is located on a separate machine, Deployment Server can be installed to a single PIII 700 MHz processor machine and still achieve acceptable performance. Where Deployment Server and SQL Server are colocated on the same machine, while Deployment Server would still operate on a machine with this specification, performance is likely to be compromised. In this instance, the minimum recommended specification would be a Dual Processor P IV 1.2 GHz machine. On large networks or where other database objects are located on the same SQL Server, a considerable processing overhead can be anticipated and the number of processors may need to be increased for SQL Server to perform satisfactorily. It is not anticipated that MSDE would be used in an Enterprise environment or where other database object are located on the same SQL Server.
2. Memory
   1. It is suggested that a minimum of 2.5 Gb of memory (RAM) is used in machines running MSDE/SQL Server. The maximum amount of memory which can be used by MSDE is artificially limited by Microsoft to 2 Gb. However, with SQL 7.0 and SQL 2000 the more memory made available the better. Considerable performance gains have been reported in systems with 4 Gb or more of memory. It is suggested the page file is set as static and equal to two and a half times the amount of installed memory. SQL will take all the memory it can and leave nothing remaining for the Operating System or other applications. This results in apparent poor Server performance causing it to slow down until the next re-boot. It is proposed that you calculate the amount of memory required for the OS, applications (excluding SQL) etc and using Enterprise Manager, limit the maximum amount of memory SQL can use. To ensure adequate performance of the Server allow at least 0.5 Gb of RAM.
3. Hard Disk Drives
   1. All partitions on the Hard Disk Drive should be defragmented at various stages of installing the operating system and software, including (but not restricted to) after installing the Operating System and Service Packs, SQL Server and Deployment Server. This will keep files contiguous and help maximise performance. It is good practice to locate the Page File either on a separate partition or on a Hard Disk Drive with good performance characteristics. The drive on which the principle Page File is located should be defragmented as soon as the page file is created. To avoid the error message "Drive 'X' is near or at full capacity" the drive or partition should be created with at least 30% spare capacity. Note that this can also affect Disk Defragmenter performance which requires getting on for 30% free disk space to perform efficiently. It is strongly recommended that the File Store is regularly defragmented as the speed of image deployment can be detrimentally affected where image files have been allowed to become fragmented or placed on a fragmented drive.
   2. Hard Disk Drive size is totally dependent on how you are going to configure the system. It is not possible to provide guidelines on the required space in this document as this is subject to a wide range of variables. This includes the location of SQL Server, the location of the File suppository and the quantity and size of files you are likely to require supporting your network (eg images, RIPs and MSIs, PCT packages along with Operating System and Application files where these are required for scripted installs). The speed of the Hard Drive read/write can have a distinct bearing on the speed of imaging and image deployment. Couple this with the need to protect against data loss, SCSI RAID must be a strong consideration here, although there are some cost effective fast IDE RAID controllers available now which can provide Level 0 (striping) and Level 1 (mirroring), If you wish to include Level 5 (RAID-5, parity) then you will require SCSI RAID.
4. Boot Disk Creator OS Files
   1. A licensed late edition Windows 95 or a first Edition Windows 98 Installation CD is recommended to create the PXE/BootWorks Boot Files. These files are not and cannot be supplied by Altiris as this would be in contravention of the Microsoft license. Windows 98 Second edition is not usually recommended as it requires a greater amount of conventional memory. Earlier versions of Windows 9x are not recommended as there are known issues when used with BootWorks. OEM versions of Windows 98 will not work. Windows ME is not acceptable. You cannot use DOS 6.0 or earlier to create the Boot files. Similarly DR DOS should not be used and if you do use it, may not work.
5. Network Related Issues
   1. Deployment Server and PXE Server IP Address
      1. Altiris Deployment Server and Altiris PXE Server must use Static IP addresses. DNS or failing that WINS is recommended to avoid NETBIOS name issues. A Default Gateway must be configured.
   2. Altiris PXE Server
      1. Minimum specification for a machine running the PXE services is 64Mb RAM. Hard Disk space requirements are a little more difficult to define as this really depends on the number of Altiris PXE Boot Images you are likely to make. PXE itself requires around 25Mb and it is suggested the same again for a reasonable quantity of PXE Boot Images.
         1. The Altiris PXEServer is designed to work with the Microsoft DHCP Server and may not work with other forms of DHCP such as certain versions of QIP as they are not currently supported by Altiris. Only the Microsoft DHCP Server is officially supported by Altiris. The Altiris PXE Service cannot be installed to UNIX, Linux, Novell or any other form of non–Windows based server. If your DHCP server is any of the above then PXE Server must be installed to another Windows based platform. The Altiris PXE Service can be installed however to Windows 2000 Professional of Windows XP Professional workstations.
   3. PXE Client Workstations
      1. PXE enabled client machines with a PXE compatible NIC, preferably with Wake on LAN (WOL) support available and enabled. It may be a requirement to update the client PC BIOS to the latest version for compatibility with PXE and WOL. Altiris cannot and will not be held responsible for compatibility issues relating to PC BIOS. Nor can Altiris be held responsible for the provision and supply of suitable BIOS updates as we do not have ownership of these and which where required are the responsibility of the customer to obtain from the supplier.
   4. Network Interface Cards
      1. Altiris Deployment Server 5.5 sp 2 includes a utility for creating a PXE Boot image with multiple NIC Drivers. Details on this utility are included in the User Guide and are covered in a separate whitepaper entitled Creating PXE Boot Image Files with Multiple NIC Drivers. The utilities and documentation to perform and deploy this PXE boot image is installed by default to the Program Files>Altiris>eXpress>Deployment Server>BootWiz>Net directory. You will need to use the PCIDtect.exe, PCINics.ini, and PCINicsCommon.ini files in conjunction with the Multi NICs in the PXE Image.doc file. Please read the step-by-step instructions in the users guide and the Creating PXE Boot Image Files with Multiple NIC Drivers.whitepaper for full details on the procedures.
      2. Compatible DOS drivers for the client PC's NIC cards will be required for BootWorks and the PXE Image to work correctly. Some common DOS drivers are available and included with Deployment Server's Boot Disk Creator utility. However in many instances it may be necessary to contact your Computer Supplier or the NIC card manufacturer for updated and compatible DOS NIC cards drivers. Altiris cannot and will not be held responsible for compatibility issues relating to NIC cards. Nor can Altiris be held responsible for the provision, supply and support of suitable DOS NIC drivers as we do not have ownership of these and which where required are the responsibility of the customer to obtain from the supplier. In some instances there are NIC cards which are currently not compatible with Bootworks for reasons outside Altiris control. It is the responsibility of the purchaser to determine if Bootworks is compatible with the NIC cards in their environment.