Provision Servers With Automated Deployment Services
Identify when to use which tool to provision the servers in your network.
For This Solution: Windows Server 2003, Enterprise Edition; Automated Deployment Services; Remote Installation Services; System Preparation Tool; AgileOne
IT personnel must do more with less todaythat's a given. But with fewer resources and reduced budgets, they still need to be able to respond quickly to business needs and requirements. One place where this is a real challenge is in the datacenter. When Web sites receive more demand than expected or core corporate applications require more resources than projected, datacenter personnel must be able to respond quickly with new resources, staging servers as needed to increase response.
Fortunately, Microsoft has provided several significant improvements in installation methods for Windows Server 2003 compared to Windows 2000 and especially compared to Windows NT. Four installation methods became available with the release of Windows Server 2003, and Microsoft released a fifth installation method in October 2003 as part of its new Dynamic Systems Initiative (DSI):
- Manual or interactive installation
- Unattended installation through an answer file
- Disk imaging with the system preparation tool (SysPrep)
- Remote installation using Remote Installation Services (RIS)
- Automated server deployment with Automated Deployment Services (ADS)
Three of thesedisk imaging, remote server installation, and automated server deploymentare new to Windows Server 2003. In addition, Windows Server brings new features to both the interactive and the unattended installation methods. Each method is appropriate for specific situations; you can combine some together for improved effectiveness and efficiency. Some are defined for small shops, staging few servers on rare occasions, whereas others are designed for massive datacenters where new servers are staged on a constant basis. But whatever your needs and whichever server installation method you use, you'll have to make sure that you pay special attention to server staging so that you prepare your servers in a safe and secure manner.
Of special note is the migration from Windows 2000 to Windows Server 2003 because only one method is available for the automation of the processthe scripted installation using unattended setup files. This is because all other automated staging methods are destructive; that is, they destroy whatever is on the system drive of the target server. Of course, this is only if you performed new installations with Windows 2000. If you upgraded from Windows NT to Windows 2000, we strongly recommend that you perform new installations of Windows Server 2003 to remove any legacy heritage from the old NT systems. So if you are migrating from Windows NT, then you should use one of the other automated installation methods because it destroys system drives and creates new installations.
Another place where the unattended installation method is popular is with original equipment manufacturer (OEM) setup systems. Manufacturers such as Dell, IBM, HP, and others create special system setup tools that simplify disk partitioning and operating system installation. You also can personalize and automate these special installations by adding to the OEM setup script.
Deciding which automated method to use will depend on the nature and scope of your server installations. Each method has its own particularities. Scripted installations require a sound understanding of the unattended setup file. The main issue with this installation method is that though it completes the installation, it doesn't complete the personalized configuration of a server, which you need to script with other tools such as the Windows Scripting Host or do it manually. If you use the latter to complete server configurations, you should make sure you have a well-documented postinstallation checklist; otherwise, none of your servers will be configured in the same way. Disk imaging, on the other hand, requires the use of third-party software, which is a specific expense that is external to the acquisition of server hardware and the new operating system. It relies on imaging software such as Symantec Ghost, PowerQuest Drive Image, or Altiris Server Provisioning. Each of these manufacturers now offers much more than simple disk imaging and can even provide a complete server provisioning solution of its own.
The other two solutions, RIS and ADS, require a different kind of expense: Preboot Execution (PXE)-enabled network cardscards that support bare metal server booting. If you have a small shop with few servers, then RIS is best for you. It's new, faster than the scripted installation, and supports the addition of some personality to the server prior to server staging without the expense of third-party imaging software. If your shop is a major datacenter and you are staging servers frequently, then you should use ADS. ADS is the first release of DSI, a broad investment on the part of Microsoft aiming to reduce the complexity of the datacenter and facilitate massive, low-cost server provisioning (see the sidebar, "The Microsoft Dynamic Systems Initiative"). In fact, ADS combines disk imaging with remote installation, using a custom disk imaging solution built from the ground up by Microsoft. It does, however, have more particular requirements than Remote Installation Services. Of note is the possibility to combine RIS with disk imaging: Both Symantec and PowerQuest provide RIS drivers for their disk imaging tools, letting you use the facility of remote network booting with the speed of disk imaging to stage your servers.
The tools supporting each of the first three automated installation methods can be found on the Windows Server 2003 installation CD under the Support folder. They are all located within a file called Deploy.cab. Windows Server 2003 can automatically extract files from a compressed format such as a Cabinet file, so all you need to do is prepare a Deploy folder on your System Drive and copy the files found in Deploy.cab to this folder. Once you do this, you can launch the Setup Manager Wizard to create automated installation answer files for any of the three methods (see Figure 1).
ADS, on the other hand, is located on the Microsoft Web site (see Resources) and you must download it. This provides you with a Windows Installer setup file that installs and configures ADS for use in your network. Note that ADS will only install on Windows Server 2003, Enterprise Edition, though it supports the remote installation of all versions of both Windows 2000 Server and Windows Server 2003. The first three automated methods also support the installation of workstations, but ADS will work only for servers.
Begin With a Reference Server
You should always base your server installations on a reference servera base server configured to meet the particular requirements of your network environment. In the case of scripted installations, you use reference servers only to identify and document how you want to configure the server because the Setup Manager no longer has the ability to create unattended answer files from an existing machine; now it must create all files from scratch. But in the case of the other three automated methods, reference servers are useful because each method captures an image of the server including its configuration. This configuration cannot include special software such as Microsoft SQL Server or Microsoft Exchange, but it can include items such as the Windows Server 2003 Support and Resource Kit Tools as well as other items such as antivirus agents and special configuration of default user profiles. This saves you from having to add these elements after the initial installation on deployed servers, reducing server staging time.
Both disk imaging and ADS will also capture the OEM partitions on a reference server, letting you automatically configure disk and other hardware-specific resources in your image. This means, of course, that deployed servers must have the same hardware configuration. RIS won't support the configuration of OEM partitions in this way because you create its "disk image" from a script captured from the reference system and applied to the base Windows Server 2003 installation files as you copy them to the deployed server. In addition, RIS is mostly used to stage servers and workstations through a "pull" scenario requiring a technician in front of the machine to call up the bare metal installation, but ADS will be used to "push" installations from a central location to managed bare metal servers. Whichever tool you use, be careful when preparing the reference server because you will reproduce on all of the deployed servers whatever errors are on this server.
Use Automated Deployment Services
The most complex installation tool is ADS. It's also the most powerful in many ways. You'll need the items below to set up ADS in your network:
- One to three machines running Windows Server 2003, Enterprise Edition. These machines host the three core ADS services: Controller Service, Network Boot Service, and Image Distribution Service (see Figure 2). These machines must use 32-bit processors because ADS won't run on or install Itanium-based systems running at 64 bits.
- Your Windows Server 2003, Enterprise Edition installation CD. A volume license for this edition is also necessary. ADS doesn't support the deployment of single license copies of Windows Server 2003 or Windows 2000 Server. At press time, ADS only supported the English, German, or Japanese editions of Windows for its operation.
- Lots of disk spaceat least 2GB for the ADS installation and enough space to store disk images.
- Possibly a separate workstation to administer the ADS services. This may be any one of Windows Server 2003, Windows XP Professional or 2000 Professional, or Windows Server 2000. Service Pack 3 is necessary for Windows 2000. The .NET Framework 1.1 also is a requirement. Some servers may require BIOS updates to work with ADS.
- Access to a Dynamic Host Configuration Protocol (DHCP) service. If this server isn't already available in your network, you can host this service on the same server as ADS.
- All deployed machines in the same domain or workgroup.
- All machines on a high-speed network segment because of the massive data transfers required for ADS (though ADS does work with IP multicasting).
- A public key infrastructure (PKI) to secure communications between ADS and its managed servers. If you don't have a PKI in place, ADS will install one automatically and generate its own certificate. You must place the certificate within a shared folder so that ADS-managed servers may access it.
- The use of either the Microsoft SQL Server Desktop Engine (MSDE), which is supplied with the ADS installation, or a SQL Server 2000 database for the storage of its controller database.
When you have met each of these prerequisites, you can proceed to its installation (see Figure 3). Once installed, ADS will allow you to manage, backup, capture, and deploy servers in your network. ADS offers a Microsoft Management Console, but it relies heavily on scripts and command-line tools. For this reason, it's not for the uninitiated (see the sidebar, "Taming Automated Deployment Services"). It's a good idea to take the time to familiarize yourself with ADS in a lab environment before using it in your production environment. Once you do so, you will find that ADS is a fairly complete and comprehensive server-provisioning tool, especially for a first release.
Know Your Network
ADS has special requirements that reduce its availability to smaller shops. The most important reason is the volume license agreement. However, it offers powerful server provisioning capabilities to large datacenters. If your shop doesn't use volume licensing, then you will need to consider another provisioning method. In small shops that don't already have another disk imaging tool in place and that don't want to move to a commercial provisioning solution, RIS may well be the best provisioning tool to use. It requires an Active Directory infrastructure, DHCP services, and PXE-enabled network cards, but these are a small price to pay for simplified and standardized server deployments.
Danielle Ruest and Nelson Ruest, both Microsoft MVPs, are IT professionals focused on technologies futures. They are authors of multiple books, including "Microsoft Windows Server 2008: The Complete Reference" (McGraw-Hill Osborne Media, 2008), which focuses on building virtual workloads with Microsoft's new OS.