Zero Touch Installation: Automating Operating Systems Migrations
At a Glance:
- Three types of deployment scenarios
- Key components needed for automated deployment
- A walk through the three main scenarios
Historically, desktop OS migration has been a very labor intensive project. The number of obstacles and questions to consider can be intimidating. Will all the targeted machines support the new
operating system? Will your organization's applications work after migration? How will the data on systems be preserved? How do you save money if specialists have to visit every computer? How do you prepare for and minimize the barrage of help desk calls that will ensue? And once deployed, how will you manage the new operating system?
During the typical roll-out, a herd of IT staffers descend upon a workgroup of computers during off hours and do the heavy lifting. They manually save user data to a file share (or even take an entire snapshot of the PC), pull down the master image, configure the system (manually join the domain, let policies flow down, reinstall applications, and so on), manually restore user data, and then pray that the desktop is functioning properly and hope that the user won't be too upset when he discovers his previous settings have been lost. It's not a pretty process.
But I did start this article by saying "historically." These deployment blockers and resource intensive processes have been addressed, and now you can automate the work with the Systems Management Server (SMS) 2003 Operating System Deployment (OSD) Feature Pack and the Solution Accelerator for Business Desktop Deployment (BDD). The OSD adds support for operating system deployment to SMS, offering a similar paradigm for deploying OS images as used to deploy applications. If you are accustomed to creating software packages with SMS, you'll find image packages are just as easy since you use the same SMS administrator console (see Figure 1).
Figure 1 Using SMS to Create an OS Image Package
BDD provides end-to-end guidance on desktop deployments for moving to Windows® XP and Microsoft® Office 2003. It's very comprehensive, offering more than two dozen documents covering the key topics of desktop deployment from soup to nuts. Included in BDD are the Zero Touch Installation (ZTI) files that are used to augment the capabilities of the SMS OSD for the following scenarios.
Bare-Metal This involves a new, fresh installation. In this case, a new image is deployed to a computer that does not have any operating system installed on disk. A variation on this theme is when an operating system is already installed on the computer, but you are performing a fresh install and do not need to save and restore any data or settings.
Replacement In this scenario, a user is moving from a legacy computer to a new system. This means the user's data and settings must be moved to the new computer and operating system.
Refresh In this situation the user retains the same hardware, but is migrating over to a new operating system. Once again, the user's data and settings must be moved to the new operating system.
The remainder of this article focuses on these scenarios and how ZTI can greatly reduce the time and resources needed to migrate a desktop.
What You Need
If you plan on using ZTI, there are some prerequisites. The primary products, technologies, and components you'll need are: SMS OSD Feature Pack, BDD Enterprise Edition, Remote Installation Services (RIS), and User State Migration Toolkit (USMT). Let's take a closer look at each of these, exploring how they are used in ZTI deployments. For details on where you can get these tools, see the sidebar "Get the Core Components."
The SMS OSD Feature Pack is a publicly available download that you install (very quickly) on your SMS primary site server. The OSD includes a version of the Windows Preinstallation Environment (Windows PE) and features for capturing your master image. Out of the box, the OSD supports bare-metal and refresh scenarios. For a bare-metal build, a CD is used to boot the targeted machine. This is called the Operating System Installation CD and is created using the SMS Administrator Console. When you use ZTI, however, the functionality of this CD is replaced by RIS, which I will cover in a moment.
BDD Enterprise Edition is also a publicly available download. It includes all the documentation and scripts needed to implement ZTI, as well as complete coverage of desktop deployment guidance for Office Professional 2003 and Windows XP Professional (including the Windows XP Professional x64 and Windows XP Tablet PC editions). The Enterprise Edition of BDD is geared for organizations with 500 or more PCs. But if you have the necessary infrastructure in place, BDD Enterprise Edition can assist any size company.
Remote Installation Services ships with Windows Server® 2003, and has been greatly enhanced since Windows 2000. In particular, it delivers better performance and lets you automatically bypass configuration screens during OS deployment. This is a key feature essential for ZTI. RIS provides PXE (Pre-Boot Execution Environment) capabilities and is used to stream Windows PE over the network.
Finally, the User State Migration Toolkit (USMT) is a publicly available download that you can use for migrating user data and settings. The latest release has been significantly upgraded—it now supports migration of multiple profiles at once and can run unattended (meaning the user does not need to be logged on). USMT is governed by .inf files so you can explicitly control what is saved. For example, you can ignore a user's vast library of MP3 files, reducing the amount of time and storage space used during the migration process.
Putting the Pieces Together
To implement ZTI, you'll need a stable infrastructure that contains Active Directory®, DNS, DHCP, and SMS 2003 (with SP1 or higher). The basic components for this solution are highlighted in the "How IT Works" section of this article, though your environment may have a different mix of servers and services.
There are two excellent guides that provide information and step-by-step instructions on how to configure the OSD and set up ZTI: the Users Guide that is included as part of the OSD download and the Zero Touch Installation Deployment Feature Team Guide that is part of the BDD Enterprise Edition download. Here's a quick overview of the key steps involved in setting up a ZTI solution.
First you need to install the OSD on your SMS primary site server. Once this is installed, you can use the SMS Administrator Console to create an Operating System Image Capture CD and an Operating System Image Installation CD. The Image Capture CD is used to capture your master image into a single file. This file conforms to the Windows Imaging Format (WIM), which is the new Microsoft file-based imaging technology that was introduced with the OSD. WIM offers modern capabilities, such as enhanced compression that allows for smaller image sizes and the ability to retain user data and settings on the local disk during the image process (this saves space on your file servers). The Image Installation CD enables the installation of the image package and is used to configure the RIS server for ZTI.
Then you can create a master image. This is the baseline image that will be distributed to all the computers receiving the OS deployment. To do this, you should use a fresh reference computer that has Windows XP SP2 and all the related updates installed. You may want to include other core enterprise applications, such as virus protection and the Microsoft Office System, on the reference computer as well. (For more information on setting a ZTI baseline, see "Design More Secure Desktop Deployments" in the March/April 2006 issue of TechNet Magazine.) The computer should be part of a workgroup, but not joined to an Active Directory domain.
Install the SMS Advanced Client on the reference computer. You must run ccmdelcert.exe—a utility in the SMS Toolkit—after you install the SMS Advanced Client. The sysprep directory and related files must be on the system drive, as well. For more instruction on creating your master image, review the documentation and check out the Computer Imaging System (CIS) utility in the BDD. CIS will help you quickly generate a master image that can be used with the OSD and ZTI.
Once the image has been created, you use the OSD Image Capture CD to grab the master image and save it to a file server. This process is as easy as placing the CD in the player and following the prompts. Then using the SMS Administrator Console, create an image package and program. You then update the custom actions of the image program to run the ZTI script, ZeroTouchInstallation.vbs, as seen in Figure 2, and update accordingly for the State Capture, Preinstall, Postinstall, and State Restore phases.
Figure 2 Update Custom Actions of the Image Program
Now create a standard SMS software package and include the files from USMT and ZTI. This package will be used to capture the user state in the Replacement Scenario. The ZeroTouchInstallation.vbs script is used to drive the state capture in the Replacement Scenario so you will need to use the following command line for the package, which is shown in Figure 3:On a machine running SQL Server™, create the ZTI Administration Database (AdminDB) with the supplied SQL scripts. If at all possible, create this on the SMS primary server so you can take advantage of the existing instance of SQL Server. The ZTI AdminDB is not large in regard to the number of tables and the amount of data it stores.
wscript //b ZeroTouchInstallation.vbs /phase:OldComputer.
Figure 3 Specifying the ZTI Script
The ZTI AdminDB is queried by ZeroTouchInstallation.vbs to retrieve configuration information about the computers that are going to be migrated. Therefore, the database needs to be populated with information about the systems being updated—information like the time zone, Active Directory domain to join, Active Directory Organizational Unit to be used to create the computer account, MAC address of the target desktop, and so on.
RIS must be installed and configured. Keep in mind you'll need two partitions on the server since the RIS files need to be stored on a different partition than the operating system. You use the SMS Operating System Installation CD to create the RIS boot image. This CD includes the necessary files to stream Windows PE over the network. Then you create a ZTI share. This, for example, can be a file share on the SMS server. This share is where all the related files for ZTI (ZeroTouchInstallation.vbs, CustomSettings.ini, and USMT) are stored.
This is just a general guide to the essential steps in setting up and preparing for a ZTI deployment. For the most part, you will follow these steps, though the order can vary somewhat depending on your scenario.
Beyond these basic features offered by BDD and the SMS OSD, there is additional functionality that may be useful in your environment. (These advanced features are further described in the Zero Touch Installation Deployment Feature Team Guide.) You can create a custom version of Windows PE so that it uses WMI during the migration process. By using WMI you can determine the make and model of the machine from the local computer BIOS. The ZeroTouchInstallation.vbs script does this automatically. With this information, you can further refine which SMS image package and program to use as well as define any pertinent drivers you need for a particular model. This avoids having to include all drivers for all your computer models in the golden image, thus saving valuable space. Application reinstallation is a key part of any migration. Most often the golden image will not contain all applications needed by everyone, therefore targeting these workgroup needs is very important. BDD can assist by defining a computer to a certain role which in turn can determine the applications to install. This information can be stored in the CustomSettings.ini file or the ZTI AdminDB. By using this functionality, for example, the Accounting Group can receive the applications it needs, but not those needed by the Sales Group.
Get the Core Components
Jason Cross is a Senior Consultant with Microsoft. He has been involved in Zero Touch Technologies from their inception.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.