The following sections explain how to set up, deploy, and manage Preboot Services, and how to set up standard DHCP and novell-proxydhcp on the same server.
For information on using Preboot, see Section 3.0, Using Imaging.
This section provides information on how to check the configuration of Preboot Services after it is installed.
The following components are installed as part of Preboot Services:
Table 2-1 Preboot Service Components
Windows Executable and Service Names |
Linux Daemon |
Description |
---|---|---|
novell-pbserv.exe Novell ZENworks Preboot Service |
novell-pbserv |
Provides imaging services to devices. |
novell-proxydhcp.exe Novell Proxy DHCP Service |
novell-proxydhcp |
Runs alongside a standard DHCP server to inform PXE devices of the IP address of the TFTP server. The Proxy DHCP server also responds to PXE devices to indicate which bootstrap program (nvlnbp.sys) to use. |
novell-tftp.exe Novell TFTP Service |
novell-tftp |
Used by PXE devices to request files that are needed to perform imaging tasks. The TFTP server also provides a central repository for these imaging files, such as the Linux kernel, initrd, and nvlnbp.sys. A PXE device uses this server to download the bootstrap program (nvlnbp.sys). |
novell-zmgprebootpolicy.exe Novell ZENworks Preboot Policy Service |
novell-zmgprebootpolicy |
The PXE devices use this to check if there are any Preboot bundles that are assigned to the device. |
Novell-proxydhcp must be started manually and does not need to be run on all Imaging Servers.
HINT:To automatically start novell-proxydhcp on server start-up, run the following command as root: chkconfig novell-proxydhcp on. .
While taking an image, the novell-pbserv service must be running on the server where the ZENworks image is to be stored. During restoring the image, the novell-pbserv service must be running on the server where the ZENworks image is located.
The other three services are started automatically when installing ZENworks 11, or any time the server is rebooted, and must run on all Imaging Servers.
For more information, see Section D.9, Imaging Server.
After the Preboot Services components are installed, the following should be installed and running on the server. You can use these methods to check their status:
Table 2-2 Preboot Services Or Daemons
Service |
Method to Check Its Status |
---|---|
novell-pbserv |
Windows: In the Services dialog box, review the column of .Linux: /etc/init.d/novell-pbserv status |
novell-tftp |
Windows: In the Services dialog box, review the column of .Linux: /etc/init.d/novell-tftp status |
novell-zmgprebootpolicy |
Windows: In the Services dialog box, review the column of .Linux: /etc/init.d/novell-zmgprebootpolicy status |
You should not change the default configuration of these services.
If the server where the Preboot Services components are installed is also a DHCP server, see Configuring LAN Environments for Preboot Services.
To implement the network deployment strategies outlined in this section, you must have a solid understanding of the TCP/IP network protocol and specific knowledge of TCP/IP routing and the DHCP discovery process.
Deploying Preboot Services (with PXE) in a single network segment is a relatively simple process. However, Preboot Services deployment in a multi-segment network is far more complex and might require configuration of both the Preboot Services services or daemons and the network switches and routers that lie between the server and the PXE devices.
Configuring the routers or switches to correctly forward Preboot Services network traffic requires a solid understanding of the DHCP protocol, DHCP relay agents, and IP forwarding. The actual configuration of the switch or router must be performed by a person with detailed knowledge of the hardware.
We strongly recommend that you initially set up Preboot Services in a single segment to ensure that the servers are configured correctly and are operational.
This section includes the following information:
There are three important points about configuring servers for Preboot Services:
DHCP Server: The Preboot Services environment requires a standard DHCP server. It is up to you to install your standard DHCP server.
Preboot Services or Daemons: The four Preboot Services services or daemons (novell-pbserv, novell-tftp, novell-proxydhcp, and novell-zmgprebootpolicy) are all installed on the Imaging Server when you install ZENworks 11. These services or daemons must run together on the same server.
Imaging Server: The Preboot Services services or daemons can be installed and run on the same or different server than DHCP.
The following sections give general information about these services:
It is seldom necessary to make changes to the default configuration of these services. However, if you need more detailed configuration information, see Configuring Preboot Services Imaging Servers.
The standard DHCP server must be configured with an active scope to allocate IP addresses to the PXE devices. The scope options should also specify the gateway or router that the PXE devices should use.
If Preboot Services (specifically novell-proxydhcp) is installed on the same server as the DHCP server, the DHCP server must be configured with a special option tag. For more information, see Configuring LAN Environments for Preboot Services.
Provides imaging services to devices.
This includes sending and receiving image files, discovering assigned Preboot bundles, acting as session master for multicast imaging, and so on.
The Preboot Services Proxy DHCP server runs alongside a standard DHCP server to inform PXE devices of the IP address of the TFTP server, the IP address of the server where novell-zmgprebootpolicy is running, and the name of the network bootstrap program (nvlnbp.sys).
Used by PXE devices to request files that are needed to perform imaging tasks. The TFTP server also provides a central repository for these files.
A PXE device uses one of these servers to download the network bootstrap program (nvlnbp.sys).
PXE devices use novell-zmgprebootpolicy to check if there are any imaging actions that need to be performed on the device. It forwards requests to novell-pbserv on behalf of PXE devices.
If you are using Intel AMT, support for it should be enabled in the novell-zmgprebootpolicy.conf file, which is located at:
Windows: %ZENWORKS_HOME%\conf\preboot\
Linux: /etc/opt/novell/zenworks/preboot/
The configuration required to run Preboot Services in your network depends on your network setup. Design your network so that PXE devices can effectively connect to the server where the Preboot Services services or daemons are running. Make sure you consider the number of PXE devices to be installed on the network and the bandwidth available to service these devices. To understand how the devices and servers need to interact during the Preboot Services process, see Section 1.5, The Preboot Services Processes.
You can configure Preboot Services where Preboot Services and DHCP are running on the same server or on different servers in both LAN and WAN/VLAN environments:
Imaging servers should be installed so that PXE devices have access to imaging services within their LAN. A good design ensures that a client does not need to connect to imaging services through a slow WAN link.
Although you can have any number of Imaging Servers, generally only one Proxy DHCP server should be enabled per DHCP server scope.
In a WAN, the PXE device is usually separated from the Proxy DHCP and DHCP servers by one or more routers. The PXE device broadcasts for DHCP information, but by default the router does not forward the broadcast to the servers, causing the Preboot Services session to fail.
In a VLAN (Virtual LAN) environment, the PXE device is logically separated from the Proxy DHCP server and the DHCP server by a switch. At the IP level, this configuration looks very similar to a traditional WAN (routed) environment.
In a typical VLAN environment, the network is divided into a number of subnets by configuring virtual LANs on the switch. Devices in each virtual LAN usually obtain their IP address information from a central DHCP server. In order for this system to work, it is necessary to have Bootp or IP helpers configured on each gateway. These helpers forward DHCP requests from devices in each subnet to the DHCP server, allowing the DHCP server to respond to devices in that subnet.
The following illustrates the differences for a LAN configuration between installing Preboot Services on the same server as DHCP, or on a separate server. In this case, only the PXE devices on the LAN connect to the Preboot Services Imaging Server.
Table 2-3 LAN Configuration Differences Between the Same and Separate Servers
Information |
On the Same Server |
On Separate Servers |
---|---|---|
Configuration |
Because Preboot Services and DHCP are running on the same server, option tag 60 must be set on the DHCP server. For information on setting this tag, see Configuring LAN Environments for Preboot Services. |
None required. |
Advantages |
|
|
Disadvantages |
|
|
The following illustrates the differences for a WAN/VLAN configuration between installing Preboot Services on the same server as DHCP, or on a separate server. In this case, all PXE devices over the entire WAN/VLAN connect to the Preboot Services Imaging Server.
Table 2-4 WAN/VLAN Configuration Differences Between the Same and Separate Servers
Information |
On the Same Server |
On Separate Servers |
---|---|---|
Configuration |
The routers/switches have been configured with IP helpers to forward network traffic to the DHCP server. Because Preboot Services and DHCP are running on the same server, option tag 60 is set on the DHCP server. For information on setting this tag, see Configuring a WAN/VLAN with Preboot Services and DHCP Running on the Same Server. |
A DHCP relay agent or IP helper is configured on the router/switch serving the subnet that the PXE device belongs to. The helper is configured to forward all DHCP broadcasts that are detected in the subnet to the DHCP and Proxy DHCP servers. This normally requires two helpers to be configured: the first to forward DHCP broadcasts to the DHCP server, and the second to forward the DHCP broadcasts to the Proxy DHCP server. |
Advantages |
|
|
Disadvantages |
|
|
If you have Preboot Services and DHCP running on separate servers, no network configuration is required.
If you have Preboot Services and DHCP are running on the same server, option tag 60 must be set on the DHCP server. Do the following according to the server’s platform:
Linux DHCP Server : Do the following to set up standard DHCP and Proxy DHCP on the same Linux server:
Stop the DHCP services on the Linux Imaging Server.
On this server, open /etc/dhcpd.conf, the DHCP configuration file, in an editor.
Insert the following line in the file:
option vendor-class-identifier "PXEClient";
Save the file.
Restart the DHCP service.
Windows DHCP Server : Do the following to set up standard DHCP and Proxy DHCP on the same Windows server:
At the command prompt, enter netsh.
At the netsh prompt, enter dhcp server.
At the dhcp server prompt, enter the following:
add optiondef 60 ClassID STRING 0 PXEClient
set optionvalue 60 STRING PXEClient
show optionvalue all
exit
Add the definition type in the DHCP setup menus.
You can install Configuration Management (which includes Preboot Services) on the same server where DHCP is installed and running. However, you must do the following to make it work:
Set option tag 60 on the DHCP server so that it can work with novell-proxydhcp. See the steps in the previous section (Configuring LAN Environments for Preboot Services).
On the server, edit the novell-proxydhcp.conf file and change:
LocalDHCPFlag = 0
to
LocalDHCPFlag = 1
The file is located at:
Windows: %ZENWORKS_HOME%\conf\preboot\
Linux: /etc/opt/novell/
Then restart the service so that the change is recognized by entering the following command on the server:
Windows: In the Services dialog box, right-click
, then select .Linux: /etc/init.d/novell-proxydhcp restart
IMPORTANT:If the switch is acting as a firewall and limiting the type of traffic on the network, understand that novell-tftp and novell-zmgprebootpolicy are not firewall or network filter friendly. You should not attempt to run these services or daemons through a firewall. If users need to pass preboot work through a firewall, then all Preboot Services work needs to be on the outside and merely reference a Web service inside the firewall.
You can install Configuration Management (which includes Preboot Services) on a separate server than where DHCP is installed and running. However, you must configure the network equipment so that it correctly forwards Preboot Services network traffic.
IMPORTANT:If the switch is acting as a firewall and limiting the type of traffic on the network, understand that novell-tftp and novell-zmgprebootpolicy are not firewall or network filter friendly. You should not attempt to run these services or daemons through a firewall. If users need to pass preboot work through a firewall, then all Preboot Services work needs to be on the outside and merely reference a Web service inside the firewall.
An example deployment is given below of a WAN/VLAN environment with Preboot Services and DHCP running on separate servers. The following sections provide the specific steps required to configure network equipment so that it correctly forwards Preboot Services network traffic.
In this example, three VLANs are configured on a Bay Networks Accel 1200 switch running firmware version 2.0.1. One VLAN hosts the Proxy DHCP server, the second VLAN hosts the DHCP server, and the third VLAN hosts the PXE device. The PXE device’s DHCP broadcast is forwarded by the switch to both the Proxy DHCP server and the DHCP server. The response from both servers is then routed correctly back to the PXE device, and the PXE device starts the Preboot Services session correctly.
The three VLANs are all 24-bit networks; their subnet mask is 255.255.255.0.
The first VLAN gateway is 10.0.0.1. This VLAN hosts the PXE device that is allocated an IP in the range of 10.0.0.2 to 10.0.0.128. This VLAN is named VLAN1.
The second VLAN gateway is 10.1.1.1. This VLAN hosts the DHCP server with IP 10.1.1.2. This VLAN is named VLAN2.
The third VLAN gateway is 196.10.229.1. This VLAN hosts the server running novell-proxydhcp and novell-zmgprebootpolicy. The server’s IP is 196.10.229.2. This VLAN is named VLAN3.
Routing is enabled between all VLANs. Each VLAN must be in its own spanning tree group.
Go to the Global configuration mode.
Type ip forward-protocol udp 67, then press Enter.
Type ip forward-protocol udp 68, then press Enter.
Go to the LAN interface that serves the PXE device.
Type ip helper-address 10.1.1.2, then press Enter.
Type ip helper-address 196.10.229.2, then press Enter.
Save the configuration.
Connect to the router with Site Manager.
Ensure that IP is routable.
Enable the
check box on the PXE device subnet/VLAN.Select the interface that the PXE devices are connected to.
Edit the circuit.
Click
.Click
.Ensure that there is a check mark in the
check box.Click
.Click
> > > .The interface where Bootp was enabled is visible in the list.
Click
.Change the
value to Bootp and DHCP.Set up the relay agents:
Perform the following steps on the switch:
Enable DHCP for the client VLAN using the following command lines:
# config vlan1 ip
# dhcp enable
Configure IP helpers to forward DHCP requests from the device subnet to the TFTP server, using the following command lines:
# config ip dhcp-relay
# create 10.0.0.1 10.1.1.2 mode dhcp state enable
# create 10.0.0.1 196.10.229.2 mode dhcp state enable
The create command has the form create agent server mode dhcp state enable, where agent is the IP address of the gateway that serves the PXE device, and server is the IP address of the server that the DHCP frame should be forwarded to.
Save the configuration.
Some network devices filter network traffic that passes through them. Preboot Services makes use of several different types of traffic, and all of these must be able to successfully pass through the router or switch for the Preboot Services session to be successful. The Preboot Services session uses the following destination ports:
Table 2-5 Destination Ports for Preboot Services
Component |
Port |
---|---|
DHCP and Proxy DHCP servers |
UDP Ports 67, 68, and 4011 |
TFTP server |
UDP Port 69 |
novell-zmgprebootpolicy |
UDP Port 13331 |
IMPORTANT:If the switch is acting as a firewall and limiting the type of traffic on the network, understand that novell-tftp and novell-zmgprebootpolicy are not firewall or network filter friendly. You should not attempt to run these services or daemons through a firewall. If users need to pass preboot work through a firewall, then all Preboot Services work needs to be on the outside and merely reference a Web service inside the firewall.
The spanning tree protocol (STP) is available on certain switches and is designed to detect loops in the network. When a device (typically a network hub or a device) is patched into a port on the switch, the switch indicates to the device that the link is active, but instead of forwarding frames from the port to the rest of the network, the switch checks each frame for loops and then drops it. The switch can remain in this listening state from 15 to 45 seconds.
The effect of this is to cause the DHCP requests issued by PXE to be dropped by the switch, causing the Preboot Services session to fail.
It is normally possible to see that the STP is in progress by looking at the link light on the switch. When the device is off, the link light on the switch is obviously off. When the device is turned on, the link light changes to amber, and after a period of time changes to a normal green indicator. As long as the link light is amber, STP is in progress.
This problem only affects PXE devices that are patched directly into an Ethernet switch. To correct this problem, perform one of the following:
Turn off STP on the switch entirely.
Set STP to Port Fast for every port on the network switch where a PXE device is attached.
After the problem is resolved, the link light on the port should change to green almost immediately after a device connected to that port is turned on.
Information about STP and its influence on DHCP can be found at Using PortFast and Other Commands to Fix End-Station Startup Connectivity Problems.
This section includes information about administering and configuring Preboot Services:
In Preboot Services, the services or daemons do not use switches. Instead, to configure a service or daemon to do something that is not a default, you need to edit the configuration files.
You can edit configuration files while the service or daemon is running, because they are only read when the service or daemon starts. After editing the file you must restart the service or daemon for the changes to take effect.
For more information on the service or daemon configuration files, see Section D.9, Imaging Server.
The following sections explain how to configure the following ZENworks Imaging Servers:
It is seldom necessary to change the default TFTP server configuration values. If you need to change them, use the following procedure:
Open the following file in an editor:
Windows: %ZENWORKS_HOME%\conf\preboot\novell-tftp.conf
Linux: /etc/opt/novell/novell-tftp.conf
Edit the configuration settings according to the instructions within the file.
Save the changes.
On a command line, enter the following:
Windows: In the Services dialog box, right-click
, then select .Linux: /etc/init.d/novell-tftp restart
The Proxy DHCP server provides PXE devices with the information that they require to be able to connect to the Preboot Services system.
Use the following steps to modify the settings of novell-proxydhcp:
Open the following file in an editor:
Windows: %ZENWORKS_HOME%\conf\preboot\novell-proxydhcp.conf
Linux: /etc/opt/novell/novell-proxydhcp.conf
Edit the configuration settings according to the instructions within the file.
Save the changes.
On a command line, enter the following:
Windows: In the Services dialog box, right-click
, then select .Linux: /etc/init.d/novell-proxydhcp restart
You can set any of the IP address fields to 0.0.0.0 in the configuration utility. The server replaces these entries with the IP address of the first network adapter installed in the server.
Novell-pbserv provides imaging services to the devices.
Use the following steps to modify the settings of novell-pbserv:
Open the following file in an editor:
Windows: %ZENWORKS_HOME%\conf\preboot\novell-pbserv.conf
Linux: /etc/opt/novell/zenworks/preboot/novell-pbserv.conf
Edit the configuration settings according to the instructions within the file.
Save the changes.
On a command line, enter the following:
Windows: In the Services dialog box, right-click
, then select .Linux: /etc/init.d/novell-pbserv restart
Novell-zmgprebootpolicy is used to check if there are any imaging actions that need to be performed on the device. It forwards requests to novell-pbserv on behalf of PXE devices.
Use the following steps to modify the settings of novell-zmgprebootpolicy:
Open the following file in an editor:
Windows: %ZENWORKS_HOME%\conf\preboot\novell-zmgprebootpolicy.conf
Linux: /etc/opt/novell/zenworks/preboot/novell-zmgprebootpolicy.conf
Edit the configuration settings according to the instructions within the file.
Save the changes.
On a command line, enter the following:
Windows: In the Services dialog box, right-click
, then select .Linux: /etc/init.d/novell-zmgprebootpolicy restart
The DHCP server needs to have option 60 (decimal) added to the DHCP tags if the Proxy DHCP and DHCP servers are running on the same physical server. This option should be a string type and must contain the letters PXEClient.
For more information, see Configuring LAN Environments for Preboot Services.
This section describes the network ports used by Preboot Services. Using the information in this section, you can configure routers to correctly forward the network traffic generated by Preboot Services. For further information about configuring routers, see Section 2.4.2, Deploying Preboot Services in a Network Environment.
Preboot Services uses both well-known and proprietary IP ports.
The well-known IP ports include:
67 Decimal: The Proxy DHCP server listens on this port for PXE information requests. This is the same port used by a standard DHCP server.
68 Decimal: The DHCP/Proxy DHCP server responds to client requests on this port. This is the same port used by a standard DHCP server.
69 Decimal: The TFTP server listens on this port for file requests from PXE devices.
4011 Decimal: When running on the same server as the DHCP service or daemon, the Proxy DHCP server listens on this port for PXE information requests.
The proprietary IP ports include:
998 Decimal: Novell-pbserv client connection port. It receives all connection requests from the Preboot Services devices on this port.
13331 Decimal: Novell-zmgprebootpolicy client connection port. It receives all connection requests from the PXE devices on this port.
Although PXE devices make their initial requests to novell-tftp and novell-zmgprebootpolicy on the ports listed above, the remainder of the transactions can occur on any available port. For this reason, Imaging Servers cannot be separated from their clients by a firewall.
IMPORTANT:Novell-tftp and novell-zmgprebootpolicy are not firewall or network filter friendly. You should not attempt to run these services or daemons through a firewall. If users need to pass preboot work through a firewall, then all Preboot Services work needs to be on the outside and merely reference a Web service inside the firewall.
Depending on the configuration settings for Preboot Services in ZENworks Control Center, PXE devices might be able to display the Novell Preboot Services Menu during the boot process. The menu has the following options:
For information on configuring how the menu used, see Section 2.5.1, Configuring Novell Preboot Services Menu Options.
There might be circumstances when you want to modify the options on the Novell Preboot Services Menu. You can customize these options by editing a text file contained on the Imaging Server. For example, you can:
Add, delete, and modify menu options
Add submenu items
Change the color scheme
Change the menu title and screen name
The following procedure should be done on each Imaging Server where you want to customize the menu.
To edit the menu:
In a text editor, open the following file on an Imaging Server where the ZENworks Proxy DHCP server (novell-proxydhcp) is running:
Windows: %ZENWORKS_HOME%\share\tftp\pxemenu.txt
Linux: /srv/tftp/pxemenu.txt
IMPORTANT:If you want to save the default options for this menu, we recommend that you make a backup copy of pxemenu.txt, such as pxemenu_orig.txt.
The following is the content of the default menu’s pxemenu.txt file:
#This file describes a PXEMenu ScreenName = Novell Preboot Services Menu ScreenInfo = Version 2.0 July, 2007 MenuTitle = ZENworks Preboot Options FormatVersion = 2 #The screen colors determine the color of the main part of the menu screen ScreenColor = bright_white ScreenBackgroundColor = blue #The info colors determine the color of the screen information at the top #of the menu screen InfoColor = yellow InfoBackgroundColor = blue #The hint colors determine the color of the hint line at the bottom of the screen HintColor = lt_cyan HintBackgroundColor = blue #The menu colors determine the color of the menu box and menu title MenuColor = yellow MenuBackgroundColor = blue #The option colors determine the color of the menu option OptionColor = BRIGHT_WHITE OptionBackgroundColor = BLUE #The chosen colors determine the color of the high-lighted option ChosenColor = BRIGHT_WHITE ChosenBackgroundColor = RED #The 'forced option' is the option that will be automatically #executed without presenting a menu to the user. It MUST be an #option on the first ('Main' by default) menu. The following #example will force 'Start ZENworks Imaging Maintenance' #ForceOption=2 StartMenu = Main #Note: The original version of the pxemenu.txt file does not # require submenus, but example syntax is provided in # comments for demonstration purposes. [Main] MenuTitle = ZENworks Preboot Options option = execute ; "Start ZENworks Imaging" ; "ZENworks Imaging in Automated Mode" ; pxelinux.0 ; z_auto.cfg option = execute ; "Start ZENworks Imaging Maintenance" ; "ZENworks Imaging Linux Session in Interactive Mode" ; pxelinux.0 ; z_maint.cfg option = execute ; "Disable ZENworks Partition" ; "Disable Existing ZENworks partition" ;pxelinux.0 ; z_zpdis.cfg option = execute ; "Enable ZENworks Partition" ; "Re-enable Existing ZENworks partition" ;pxelinux.0 ; z_zpen.cfg #option = submenu ; "Sub Menu Options >>" ; "Submenu example with more options" ; SUBMenu option = exit ; "Exit" ; "Boot to local hard drive" #[SUBMenu] #MenuTitle = Sub Menu Options #option = execute ; "Sub Menu #1" ; "Description for sub menu #1" ; # pxelinux.0 ; submenu1.cfg #option = execute ; "Sub Menu #2" ; "Description for sub menu #2" ; # pxelinux.0 ; submenu2.cfg #option = return ; "Return" ; "Return to main menu" #option = exit ; "Exit" ; "Boot to local hard drive"
To change the appearance of the menu, edit the first seven sections (title and colors).
To change colors, the settings you enter must be selected from the following:
BLACK |
RED |
GRAY |
LT_GREEN |
BLUE |
MAGENTA |
YELLOW |
LT_CYAN |
GREEN |
BROWN |
BRIGHT_WHITE |
LT_RED |
CYAN |
WHITE |
LT_BLUE |
LT_MAGENTA |
To change the menu options, edit the sections under [Main].
The menu options, their hint descriptions, the pxelinux.0 executable, and configuration file (.cfg) are listed on the option = line.
When you are finished, save the pxemenu.txt file.