Vista Deployment with Altiris

Altiris Deployment Solution is an effective and versatile tool for OS deployment on a large scale. However it can be a confusing product to evaluate. This piece is about why and how to use Altiris for your Vista deployments.

If you just want to create and deploy images manually, you don’t need to buy anything at all. Windows Deployment Services (WDS) will do this. WDS is a powerful tool provided with Windows Server, and it has siblings like the Windows Automated Installation Kit (WAIK) and Business Desktop Deployment (BDD).

Microsoft provides a lightweight OS, WinPE, to manage the computer during imaging jobs. WinPE 2.1 is based on the kernel of Windows Server 2008, but it is only about 200MB in size. This means it can be loaded into memory and run from there to manipulate the hard disk where the full OS will be stored. Because it is in memory and not on the disk, it can partition and format the disk, create disk arrays and so on. The tasks do not have to be anything to do with imaging. It is just an OS running in RAM Disk. It has network drivers. It has a firewall. You could use it to surf the internet with Firefox. You could install it as a dual boot operating system on your PC or server.

ImageX (imagex.exe) is the tool Microsoft provides to create and deploy images: imagex.exe /capture to create, and imagex.exe /apply to deploy. Diskpart (diskpart.exe) is the tool Microsoft provides to manage partitions on the disk. So basically you have a collection of tools that can be used to manipulate images of the hard disk.

You could just run the tools manually. For example, you could have a USB stick with these tools on it. You could boot WinPE from the USB, run diskpart and imagex from the command line, and connect to a server on the network to download or save the image file.

To automate this, Microsoft provides a Pre-boot Execution service, PXE. If you tell the computer to boot from the network (press F12 at startup), it will connect automatically to the PXE service. This will display a list of options. It will first download WinPE, then boot into it and perform whatever task was selected. You still need to be physically at the computer to press the F12 key and to select the option.

The next tool is Sysprep (sysprep.exe). Sysprep is required to remove the unique identity of the computer when creating an image, and give the computer a new unique identity when the image is deployed. When creating the image you need to Generalize, and when deploying the image you need to Specialize.

Altiris Deployment Solution builds on or provides alternatives to all of these tools.

When a new computer first arrives, with WDS you would need to start it up, press F12, select the image to use from PXE, let it build and then take it to the user’s desk. You would need to give it a name manually, either as part of imaging or afterwards, otherwise it will have a randomized name that will be difficult to identify. This may be two or three hours of work.

With Altiris, the machine can go straight to the desk. When you press F12, the machine will connect to the Altiris version of PXE. It will download a small OS, install the Altiris agent for that OS, look to see if there is a job to run for this specific machine and run it. The machine is built. It joins the domain, renames itself with whatever name it has been given, installs the full Altiris agent in the new OS and is ready to go.

The Altiris PXE service is capable of providing several different OS’s to do the imaging work: DOS, Linux or WinPE. This is significant because WinPE is around 200MB, but a Linux kernel is about 10MB. Linux will download much faster to run the imaging job. Unlike DOS, Linux will run modern 32-bit network drivers and so pull down the image much faster. Neither WinPE nor Linux will multicast to a large group of machines, but Linux being much smaller will download to a large group of machines like a training room much more quickly.

After downloading a small OS, Altiris will install an agent in it. The Altiris agent is capable of telling the server who it is, and seeing if there is a job to run. There is one agent for the lightweight OS and another for the full OS. When the agent runs, it can tell the server what MAC address or what machine serial number it is. The server can see what job has been scheduled for this specific machine and download it to run. With new computers, the MAC addresses or serial numbers can be pre-loaded onto the server from a shipping note, and the appropriate job scheduled. Alternately Altiris can have a job defined that is run on any newly arrived machine.

Altiris provides their own tools for imaging. RDeploy (rdeploy.exe) will create or deploy an image file. It has versions for DOS, Linux and WinPE. The image file itself (.img) can be manipulated in the ImageExplorer, so you can add or remove files from the image offline. The agent (aclient.exe or dagent.exe) communicates with the server. FIRM is a file system independent resource manager that gives you access to the file system regardless of type (e.g. NTFS).

You can still use ImageX if you wish, but it will only run under WinPE. ImageX creates a wim file, which is the standard format on Vista and Server 2008 DVD. A wim file is a file-based image, which is to say that instead of sectors and bits from the disk it records the files. A 60GB disk with a 4GB OS will make a 60GB sector-based image but only a 4GB file-based image. The Altiris img format is also a file-based image, although you can choose to make a sector-based image. Wim does have one advantage. You can mount it (make it look like drive) and do offline servicing to add patches and service packs to the image without having to rebuild it.

Because the Altiris agent is communicating with the server during the imaging process, you can use variables to change the tasks according to the computer. For example with WDS, where you define the machine name, you have limited choices and in practice need to rename the computer manually afterwards. With Altiris you can use a variable in the sysprep xml file, and the server will put the correct machine name into the sysprep file before it runs.

With Sysprep you can set commands to execute during the build. For example you could run a task to install a utility or a driver. However with WDS this is hard coded into the sysprep file. With Altiris you could substitute different tasks for different models of computer. During the image deployment you could use FIRM to download the specific software to that machine.

When it comes to re-imaging a computer, with Altiris you don’t need to visit the desk at all. You can schedule a job for the computer on the server. The agent will connect in to the server, see there is a job and run it.

There are some other ways you can speed things up. You can create another partition on the computer and store the mini-OS there. As it is already local, this may as well be WinPE. Then when you come to run an imaging job there is no OS to download at all. It will boot to WinPE in the hidden partition. While you are at it, on some machines like in a training room you may as well store the image of the production OS on that partition. Then to rebuild there is nothing to download. It just boots to WinPE locally and deploys the image.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.