Introduction
The project is a transition from RIS/Ghostcast Thin Images to Windows Deployment Services (WDS) Thick Images in a Built to Order (BTO) environment, determining WDS server infrastructure with full WDS option on unicast and multicast deployments. Network bandwidth, installation mode, converting RIS based images to WIM based images. Network security is vitally important in detecting honeypots; formulation of access policies with Intrusion Prevention System (IPS), hosting encrypted data, Network privacy, with a strong UTM provides a clear migration path. System throughput on WDS percentage system utilization against RIS and system uptime and a BTO environment will be emphasized (Miller 2008, 1). A Built to order (BTO) environment is one where computers are manufactured “to order.” This is very much unlike Dell or other international manufacturers who utilize Fixed SKU systems. WDS technology will be implemented as a viable alternative over RIS for the new network. Project team members will identify and document project goals and objectives. The main goal is to migrate from RIS technology to WDS technology. Technical, operational, and business objectives and project deliverables will be documented. The team will present a formal report on the project proposal covering all issues (Meier, Mackman, Wastell, Bansode, Wigley, & Gopalan 2010 1).
The Problem
RIS is a remote services technology for installing operating systems on remotely located client computers over the internet without the need to physically visit the client computer. It employs remote Pre-Boot Execution Environment (PXE) technology to boot over a network connection. RIS is a support on demand image based installation process. RIS installation demands the use of five installation components such as RISetup.exe, and other remote installation components. This is the technology being used at the present.
However, the institution suffers from the limitations inherent with RIS technology. Software configurations or operating systems (OS) upgrades on RIS technology is not remotely possible. Remote OS install on RIS technology with software dependent on Active Directory is unavailable with RIS. This severely limits network throughput and performance. In addition to that, processes demanding high percentage of system utilization with a high number of processes demanding access to RAM on a slow paced disk controller adversely impair network performance on RIS technology. RIS image installation is incompatible with a pre-configured domain controller. However, when Active Directory installation wizard is run, server configuration on a DC is possible. This impairs network workflow compared with an installation initiated through WDS.
Encrypted files or files with access privileges incorporating authentication mechanisms can not be deployed on an intranet, extranet, or the internet with RIS technology, a major security drawback. These files can only be configured by running a script after RIS installation is complete making the installation more expensive. RIS can not be used to install operating systems with PXE technology on a wireless network as these networks do not pre-boot on this technology.
In addition to all these, RIS is incompatible with a number of operating systems such as windows server 2003, leading to loss of time and business. RIS installations can only be done on computers with PCI network adapters configured to PXE technology and thin images created from drive c: //. RIS, but does not boot on thick images created from partitions on the hard drive.
RIS copies all the files from the server to the client and setup runs and configures the client machine and if you have scripted it via an unattended file, then it is totally hands-free. On a typical RIS session, network utilization goes up considerably but not to the point to which it overwhelms or floods the network. A complete installation of Windows XP SP 2 took 27 minutes to complete, from beginning to end on a 1000mb switched network.
On the other hand, while using an image based install like WDS, Ghost will only allow the connection of a single client to an image at each session (based on standard install) This means that clients must wait in line for the next available slot before processing the image. Normal imaging time is roughly 13 minutes on a 1000mb switched network, but the queue system causes extreme bottlenecks in the production environment slowing down overall production efficiency.
Note: Newer versions of Ghost allow for simultaneous deployment; however there is a sizable money sink in the product (per-seat licensing cost). WDS with the WAIK allows for the same functionality with additional benefits and zero cost. Ghost can be added to WDS; however, again you are basing the connectivity and usage on a per-seat licensing cost. It is more cost effective to use the Microsoft tools (WDS and WAIK).
Available option
Windows Deployment Services (WDS) provide a viable alternative to RIS for operating systems installation on client computers over the network. WDS is much more robust, easier to configure and provides much throughput and is used with Vista and Windows server 2008. Windows Imaging format (WIM) technology is incorporated in disk imaging with a 32 bit and 64 bit as an optionally installable component. WDS is an image based install, where it extracts an image directly to the client machine hard disk. There is no setup involved, all settings can be completely scripted, and normal deployment time is 5 minutes to complete on a 1000mb switched network.
During a RIS install each clients connects to the distribution share and download each file separately, whereas with WDS, the image file is accessed directly over the network. Fewer open files on the server, but the files are larger. From a network performance standpoint, the utilization is slightly lower (roughly 11% utilization versus 29% utilization with RIS) with WDS, allowing for the connection of more client machines without performance degradation.
WDS provides additional functionalities in supporting IT specialists in the installation process. WDS comes with an image installation capability with windows PE boot operating system, options on selecting a boot operating system, a new Microsoft management console and a command-line to configure the system. This ensures maximum network throughput and turnaround time on a manufacturing environment (Alvarez, 2010 1).
A remote installation through WDS is a cost benefit option as there is no need for manual installations and associated complexities. Window images can be deployed without the need for an operating system on the client computer and various operating systems environments can be supported.
Designing a network with WDS compatibility has the advantage of load balancing. The performance of a BTO server is scaled with high availability where client requests are distributed among a cluster of computers.
Review of work done
Miller (2008. 1) calls upon individuals or organizations migrating from RIS technology to WDS to critically consider the type or choice when deploying WDS in a WIM image using multicast and critically access the server infrastructure. To avert a race condition and increase network performance and throughput both clients are virtualized on a server but on different host systems (Miller 2008, 1). In addition to that Miller (2008, 1) recommends vitalizing the WDS server for performance enhancements. WDS should be deployed over an infrastructure with a broad bandwidth which reduces latency and increases the speed of image downloads. Miller (2008, 1) notes that when deploying WDS all configurations must support windows Active Directory services, Dynamic Host configuration protocol, Dynamic Name Services, and local administration credentials with a domain membership critically considered.
Successful message deliveries are achieved by carefully selecting network hardware compatible with WDS technology. An Ethernet channel provides up to 100 Mbits a second with a 16 bit address. Network flow control, protocol considerations, network capacity, packet loss and recovery time, router and switch scheduling algorithms on a multi-user environment, and channel coding are additional issues to consider.
Miller (2008, 1) recommends server mode considerations when configuring a WDS server, whether in legacy mode which rests on administrator experience, or other modes. Image type should be considered, and the boot environment evaluated. All issues regarding WDS configuration should be known.
Rationale and system analysis
The need to migrate from RIS/Ghostcast Thin image to Windows deployment services thick image in a built to order environment (BOT) with an emphasis on system throughput, server management strategies, and image process/ time cost savings on manufacturing can not be overemphasized at organization. The organization has over time used RIS technology that comes with serious security concerns over data and information transfer, system turnaround time, and network throughput. Using RIS technology, the company could not transfer encrypted files over the network, can not upgrade remotely located operating systems on client computers, and suffers from reduced performance compared with Microsoft WDS and WAIK tools. RIS usage translates to higher costs, reduced network utilization and performance and other limitations. WDS on a BTO environment is the way to go.
The network design utilizes NIC teaming by means of LACP to reduce bottlenecks in the deployment process when multiple clients are attempting to access the images. The network is Gigabit with jumbo packets enabled. The drive configuration for the image store is hardware based RAID-5.
Benefits of WDS include the use of Windows PE, and the ability to inject drivers (boot specific (f6), NIC, etc) directly into the image by means of DISM. WDS in Windows Vista and Windows 7 are neither image specific nor restricted to the HAL (Hardware Abstraction Layer) a problem with Windows XP imaging.
Using WDS allows installations to be done through a network on all windows operating systems, impacting on the cost and associated complexities when installations are done online. Computers that do not have an installed operating system can get images deployed on them. A heterogeneous environment is supported on this environment with the associated architecture. This is also built on standard windows Vista Technology. It provides an environment with multilingual support and interface, provides abilities on user state migration during large deployments, and comes with a windows installation kit (windows AIK). User control accounts can be activated with volume license customers.
WDS is widely accepted for use over the internet and provides maximum throughput, able to deliver mission critical services, and is cost effective with enhanced scalability with fair Network Load Balancing. With WDS, administrators can cluster 32 hosts on a single server and the cluster computers can not differentiate between themselves (TechNet 2010, 1).
Network administrators can remotely manage password security and control and balance client workload from any point on the network. The removal of a host on a scaling activity does not cause network interruptions. Clusters can be designed to accommodate different services controlled on a port-by-port level.
Network throughput is emphasized on a BTO manufacturing environment by use of a distributed algorithm to partition client workload leading to high performance and reduced overheads in distributing client workflow or traffic. On an N-host cluster, system availability is made high with an N-1 way fail over. Here, Special purpose hardware or software is an exception. A 200Mbps throughput with a good Network load balance can be achieved in an organization.
Project Goals
The main goal is to migrate from RIS/Ghost cast Thin Images to Windows deployment Services (WDS) in a Built to Order(BTO) environment that are provided over a network to remotely located client computers on a wireless network or connected network (Enterprise Technology Center 199-2007,1). This takes into consideration network performance issues security issues, throughput, and cost on a Built to order environment. Capstone project goals and objectives include:
Technical objectives
These objectives ensure a successful migration from RIS technology to the use of Microsoft tools including WDS and WAIK in installing and upgrading operating systems on remotely located client computers and within the Organization’s community.
One of the objectives is to ensure network Provision of secure services over an insecure environment. The objective is to ensure data protection on migrating from a given source to a destination. The network should support data encrypted files to be moved without unauthorized access. Data can be transmitted through physical or remote media without being corrupted. The network should contain secure authentication mechanisms, validation and verification and data integrity abilities.
The next technical objective is to ensure maximum network throughput. This objective is achieved through the integration and use of WDS technology. This ensures minimum propagation time in a manufacturing environment. The new network design will ensure maximum network throughput, minimum turnaround time, efficiency, and the ability to ensure data and information integrity and transfer of encrypted data over the network be it on the intranet, extranet, or internet. This could ensure reduced overheads over the internet, load balancing in a manufacturing environment.
The next technical objective is to capture images within the organization. WDS recognizes images within the.wim format.
The next technical objective is to identify the requirements for installing and using WDS. To run windows DS, a Domain Name System on the server is a requirement. In addition to that, an Active Directory Domain, Active Directory Services, Installation media, Dynamic Host Configuration Protocol (DHCP) integrated on an active scope, a good quality Network Interface Card (NIC) configured with a PXE boot and partitions on a NTFS file system are additional system requirements. WAIK is another requirement. WAIK is a Windows Automated Installation Kit used to capture images when special circumstances arise. A WinPE disk requirement for image capture is vital.
The next technical objective is to ensure Interoperability and efficient migration strategies. The organization’s operating environment will be evaluated by project team members with special emphasis on different network tier architects used in the migration process. N-tier and client server environments are considered. Interoperability enables migrations to be done on reduced costs and with minimum complexities. Customers operate on mixed environments. This objective ensures reduced cost in building a heterogeneous environment on Capstone’s infrastructure.
The next objective is to configure the WDS server. Boot.wim and install.wim are image formats that need to be created. Boot.wim provides a configured environment to start an OS install while install.wim, the actual operating system is installed by first installing the Windows Deployment Services by the system administrator from a server manager.
The next technical objective is to ensure security deployment within the organization and on data being transmitted on an intranet, extranet, or internet. Security levels are identified and server is configured to ensure security enforcement on patches and updates, protocols, services, registries, ports, directories, files, accounts, and auditing and logging accounts (TechNet 2010, 1).
The next technical objective is to install WAIK
Operational objectives
The first operational objective is to determine image storage. Capture image is created on a windows PE image to be captured as a WIM image by booting from the boot.wim previously installed. The name, location, and saving destination for the boot.wim file are identified on the network. Running the installation wizard completes the installation (Enterprise Technology Center 199-2007, 1).
The next operational objective is to capture an operating system image. When syrep is run to capture install images, a valid location is identified with the correct file format. Appropriate steps for running syrep should be followed.
Miller (2008, 1) identifies these steps as illustrated below:
- From the command prompt that is on the reference computer, change to the directory where sysprep.exe is located.
- Start Sysprep (you can also start by double-clicking sysprep.exe and manually specifying options). On computers running Windows Vista or Windows Server 2008, run the command sysprep /oobe /generalize /reboot. On computers running earlier versions of Windows, run sysprep -mini –reseal –reboot.
- When the computer restarts, PXE boot it (the process may vary depending on your client system).
- From the boot menu, select your WDS capture image and click Next.
- Choose the drive and the name and description for the image.
- As mentioned, only systems that have been Sysprepped will be visible. This is by design, and there is no way to bypass it.
- Click Browse and then browse to the local folder where you want to store the captured install image. The location you choose can be a mapped network drive.
- Select Upload image to WDS server.
- Type the name of the WDS server and then click Connect.
- From the Image Group list, select the image group you want to store the image in and then click Finish. (p. 1)
The captured image deployment from WDS is not on the network. This image capture approach is time saving, robust, easy, and less costly.
The next operational objective is migration from RIPrep configured images to WDS WIM-specific images. Images that the organization has spent a considerable amount of time are migrated via WDSUtil.
The next operational objective is to configure DHCP addresses for the installation on a network. DHCP server can be used as a server with two network adaptors and the client computer with a network adapter with the adapters entered on a windows market place. To ensure system throughput, image transfer should be on a gigabit network with switches deployed to link client computers to the organization’s image servers. A USB boot support with Win 32 tools are used for optimization (Alvarez, 2010 1).
The next operational objective is to develop and implement employee training program with special emphasis on technical and analytical aspects of network performance, throughput, and migration from RIS thin image to WDS thick image on a BTO environment. Project team members may develop a prototype migration system from RIS thin image to WDS thick image on a BTO environment with special emphasis on network performance and utilization on a manufacturing environment. The prototype is used to introduce managerial staff and the technical team to the functionality of the network and reflect the need for migrating to WDS and WAIK.
Business Process Objectives
As part of the migration process from RIS to WDS on a BTO environment, the organization should define and assign roles and responsibilities for each team member participating in the migration process. The roles identified within project include:
- System analyst. The system analyst’s responsibility is to provide a comprehensive document on technical, operational, and business objectives and strategies to implement the system on a cost effective platform.
- Server and network administrator, their role being to build, configure, and manage the servers and network devices of the organization.
- Security administrators. Who manage and tack security related issues on the new network design.
- The next business objective is to ensure system security enforcement policies are deliberated and data access, data encryption, network devices, server management and access policies and privileges are enforced.
- This answers the question on what tools will be used to ensure system throughput?
- What images must be created and where should they be created?
- What is the best migration strategy?
- How must the images be stored?
- What are system requirements on thick image creation, transfer and storage?
- What type of image should be stores?
Project Deliverables
The key cornerstones to a successful project are sound project management principles employed at every phase of the project lifecycle. Doing so will ensure project goals and objectives are achieved within the predetermined time and framework and that the project completes within the budget. To measure project success, the following deliverables are benchmark success factors.
Technical Project Deliverables
- Network design, deployment, and configuration document. This will document the designing process of a network compatible with WDS to optimize system efficiency. Hardware and software requirements will be documented that meet the criteria for a WDS compatible network. All configuration information and steps will be documented.
- Source and destination configuration documents. This document will provide detailed information on migration policies from RIS to WDS. It will document the changes required to
- Imaging document. This is where document all information on migrating from RIS technology to WDS imaging technology and system requirements and steps to migrate to thick image configurations.
- Migration policy document. This document will provide detailed information on organizational policy on migration from RIS to WDS.
- Testing, validation, and verification document. This item will document information about testing, validation and verification to serve as a document for a project successfully completed.
Operational Project Deliverables
- Image capture and storage document. This document will detail thick image capture methodologies, hardware requirements, and windows tools and steps. It will include file imaging, and imaging operating systems. The document will outline where and how and when imaging takes place.
- Migration document. This documents the migration from RIPrep images to WDS WIM-configured images.
- Configuration document. This document details system configuration steps. It details how DHCP server can be used as a server with two network adaptors and the client computer with a network adapter with the adapters entered on a windows market place. To ensure system throughput, image transfer should be on a gigabit network with switches deployed to link client computers and to the organization’s image servers. A USB boot support with Win 32 tools are used for optimization.
- Network security document. This document will address issues of data integrity, system security, and security enforcement policies.
- Employee training program. This is a deliverable for implementing employee training program on various aspects of the deployed network. The training program will be initiated after the network has been successfully tested and implemented. This will provide the exact information about the new approach to windows deployment services.
Business Process Deliverables
- System analyst. This document will detail the role of the system analyst in migrating from the old RIS thin image environment to WDS thick image environment with an emphasis on BTO manufacturing environment. The system analyst defines the role of each project participant and the scope of the project and is responsible for the design and implementation of the system.
- Server and network administrator. The roles being to build, to configure, and manage the servers and network devices of the organization.
- Security administrators. This document will detail system security enforcement policies, how system throughput will be achieved on the new network.
Formal Report of the Project
To successfully migrate from RIS/Ghostcast Thin Images to Windows Deployment Services (WDS) Thick Images in a Built to Order (BTO) environment is a viable alternative. Inherent limitations with RIS in the context of potential threats to secure files transfer over a hostile network, remote server management issues, and cost associated with a BTO environment are key factors influencing the design and implementation of a new network. A Built to order (BTO) environment is one where computers are manufactured “to order.” This is very much unlike Dell or other international manufacturers who utilize Fixed SKU systems.
Project rational and system analysis reinforces the need to migrate to the new WDS technology. The project staff will undertake to identify technical project objectives, operational objectives, and business objectives. The staff will identify and document technical, business, and operational project deliverables.
Discussion
Migrating from RIS technology to WDS technology can not be overemphasized. RIS technology does not provide remote software configuration capabilities, can not remotely upgrade operating systems, and no server components come with RIS. On this network, processes that demand high system utilization can not meet their objective. When many processes demand access to the RAM, their objective is not met with a system incompatible with pre-configured domain controller. Encrypted files can no be securely transferred over a hostile network on this technology. PCI network adapters can not boot from thick images created on partitions on a HD.
On a typical session on a switched network, systems are underutilized with longer imaging time. These shortcomings necessitate the need to shift from the current RIS technology to WDS technology. WDS is robust, an image based install, has no set up time, clients extract images directly from the HD, and clients can connect directly and access images over the network.
Recommendations
The new system comes with improved system capabilities over the existing system. Organizational demands can be delivered on a WDS platform. User interface privilege isolation (UIPI) provides data integrity by controlling and preventing input injection exploits are among other data and file security benefits. There is improved network performance and system utilization. The server can be remotely managed and thick imaging can be done remotely with direct client image access without the need of physically attending a client computer.
Benefits on a manufacturing environment include high system delivery and service qualities, high system availabilities, reliability, and integrity.
Workflow control, security administration, remote software installations, efficient network utilization and fair load balancing over the network will be achieved.
References
Alvarez, A. (2010). Deploying Windows 7 Using Windows Deployment Services (WDS). Web.
Enterprise Technology Center (199-2007). Windows Deployment Services. Web.
Meier, J. D., Mackman, A., Wastell, B., Bansode, P., Wigley, A & Gopalan. A. (2010). Patterns & practices Security Deployment Review Index. Web.
Miller, W. (2008). The Desktop Files. Windows Deployment Services 101. Web.
TechNet (2010). Deployment Network Considerations. Web.
TechNet (2010). Network Load Balancing Technical Overview. Web.