Solaris 10 11/06 Installation Guide: Network-Based Installations

Chapter 10 Preparing to Install With WAN Boot (Planning)

This chapter describes how to prepare your network for a WAN boot installation. This chapter describes the following topics.

WAN Boot Requirements and Guidelines

The section describes the system requirements to perform a WAN boot installation.

Table 10–1 System Requirements for WAN Boot Installation

System and Description 

Requirements 

WAN boot server – The WAN boot server is a web server that provides the wanboot program, the configuration and security files, and the WAN boot miniroot.

 

  • Operating system – Solaris 9 12/03 OS, or compatible version

  • Must be configured as web server

  • Web server software must support HTTP 1.1

  • If you want to use digital certificates, the web server software must support HTTPS

Install server – The install server provides the Solaris Flash archive and custom JumpStart files that are required to install the client.

  • Available disk space – space for each Solaris Flash archive

  • Media drive – CD-ROM or DVD-ROM drive

  • Operating system – Solaris 9 12/03 OS, or compatible version

If the install server is a different system than the WAN boot server, the install server must meet these additional requirements.  

  • Must be configured as a web server

  • Web server software must support HTTP 1.1

  • If you want to use digital certificates, the web server software must support HTTPS

Client system – The remote system you want to install over a WAN

 

  • Memory - Minimum of 512 Mbytes of RAM

  • CPU – UltraSPARC II processor minimum

  • Hard disk – At least 2 Gbytes of hard disk space

  • OBP – WAN boot-enabled PROM

    If the client does not have the appropriate PROM, the client must have a CD-ROM drive.

    To determine if your client has a WAN boot-enabled PROM, see To Check the Client OBP for WAN Boot Support.

(Optional) DHCP server – You can use a DHCP server to provide client configuration information.

If you are using a SunOS DHCP server, you must perform one of the following tasks. 

If the DHCP server is on a different subnet than the client, you must configure a BOOTP relay agent. For more information about how to configure a BOOTP relay agent, see Chapter 14, Configuring the DHCP Service (Tasks), in System Administration Guide: IP Services.

(Optional) Logging server – By default, all booting and installation log messages are displayed on the client console during a WAN installation. If you want to view these messages on another system, you can specify a system to serve as a logging server.

Must be configured as web server. 


Note –

If you use HTTPS during your installation, the logging server must be the same system as the WAN boot server.


(Optional) Proxy server – You can configure the WAN boot feature to use an HTTP proxy during the download of the installation data and files.

If the installation uses HTTPS, the proxy server must be configured to tunnel HTTPS. 

Web Server Software Requirements and Guidelines

The web server software you use on your WAN boot server and install server must meet the following requirements.

Server Configuration Options

You can customize the configuration of the servers that are required by WAN boot to meet your network needs. You can host all the servers on one system, or place the servers on multiple systems.

Storing Installation and Configuration Files in the Document Root Directory

The wanboot-cgi program transmits the following files during a WAN boot installation.

To enable the wanboot-cgi program to transmit these files you must store these files in a directory that is accessible to the web server software. One way to make these files accessible is to place these files in the document root on your web server.

The document root, or primary document directory, is the directory on your web server where you store files you want to make available to clients. You can name and configure this directory in your web server software. See your web server documentation for more information about setting up the document root directory on your web server.

You might want to create different subdirectories of the document root directory to store your different installation and configuration files. For example, you might want to create specific subdirectories for each group of clients that you want to install. If you plan to install several different releases of the Solaris OS across your network, you might create subdirectories for each release.

Figure 10–1 shows a basic sample structure for a document root directory. In this example, the WAN boot server and install server are on the same machine. The server is running the Apache web server software.

Figure 10–1 Sample Structure for Document Root Directory

The context describes the graphic.

This sample document directory uses the following structure.


Note –

If the WAN boot server and the install server are different systems, you might want to store the flash directory on the install server. Ensure that these files and directories are accessible to the WAN boot server.


For information about how to create the document root directory, see your web server documentation. For detailed instructions about how to create and store these installation files, see Creating the Custom JumpStart Installation Files.

Storing Configuration and Security Information in the /etc/netboot Hierarchy

The /etc/netboot directory contains the configuration information, private key, digital certificate, and certificate authority that are required for a WAN boot installation. This section describes the files and directories you can create in the /etc/netboot directory to customize your WAN boot installation.

Customizing the Scope of the WAN Boot Installation

During the installation, the wanboot-cgi program searches for the client information in the /etc/netboot directory on the WAN boot server. The wanboot-cgi program converts this information into the WAN boot file system, and then transmits the WAN boot file system to the client. You can create subdirectories within the /etc/netboot directory to customize the scope of the WAN installation. Use the following directory structures to define how configuration information is shared among the clients that you want to install.

Specifying Security and Configuration Information in the /etc/netboot Directory

You specify the security and configuration information by creating the following files and storing the files in the /etc/netboot directory.

For detailed instructions on how to create and store these files, see the following procedures.

Sharing Security and Configuration Information in the /etc/netboot Directory

To install clients on your network, you might want to share security and configuration files among several different clients, or across entire subnets. You can share these files by distributing your configuration information throughout the /etc/netboot/net-ip/client-ID, /etc/netboot/net-ip, and /etc/netboot directories. The wanboot-cgi program searches these directories for the configuration information that best fits the client, and uses that information during the installation.

The wanboot-cgi program searches for client information in the following order.

  1. /etc/netboot/net-ip/client-ID – The wanboot-cgi program first checks for configuration information that is specific to the client machine. If the /etc/netboot/net-ip/client-ID directory contains all the client configuration information, the wanboot-cgi program does not check for configuration information elsewhere in the /etc/netboot directory.

  2. /etc/netboot/net-ip – If all the required information is not located in the /etc/netboot/net-ip/client-ID directory, the wanboot-cgi program then checks for subnet configuration information in the /etc/netboot/net-ip directory.

  3. /etc/netboot – If the remaining information is not located in the /etc/netboot/net-ip directory, the wanboot-cgi program then checks for global configuration information in the /etc/netboot directory.

Figure 10–2 demonstrates how you can set up the /etc/netboot directory to customize your WAN boot installations.

Figure 10–2 Sample /etc/netboot Directory

The context describes the graphic.

The /etc/netboot directory layout in Figure 10–2 enables you to perform the following WAN boot installations.

Storing the wanboot-cgi Program

The wanboot-cgi program transmits the data and files from the WAN boot server to the client. You must ensure that this program is in a directory on the WAN boot server that is accessible to the client. One method to make this program accessible to the client is to store this program in the cgi-bin directory of the WAN boot server. You might need to configure your web server software to use the wanboot-cgi program as a CGI program. See your web server documentation for information about CGI program requirements.

Digital Certificate Requirements

If you want to add security to your WAN boot installation, you can use digital certificates to enable server and the client authentication. WAN boot can use a digital certificate to establish the identity of the server or the client during an online transaction. Digital certificates are issued by a certificate authority (CA). These certificates contain a serial number, expiration dates, a copy of the certificate holder's public key, and the certificate authority's digital signature.

If you want to require server or both client and server authentication during your installation, you must install digital certificates on the server. Follow these guidelines when you use digital certificates.

For detailed instructions on how to use PKCS#12 certificates during your WAN boot installation, see (Optional) To Use Digital Certificates for Server and Client Authentication.

WAN Boot Security Limitations

While WAN boot provides several different security features, WAN boot does not address these potential insecurities.

Gathering Information for WAN Boot Installations

You need to gather a wide variety of information to configure your network for a WAN boot installation. You might want to write down this information as you prepare to install over a WAN.

Use the following worksheets to record the WAN boot installation information for your network.

Table 10–2 Worksheet for Collecting Server Information

Information Needed 

Notes 

Install server information 

  • Path to the WAN boot miniroot on install server

  • Path to the custom JumpStart files on the install server

 

WAN boot server information 

  • Path to the wanboot program on the WAN boot server

  • URL of the wanboot-cgi program on the WAN boot server

  • Path to the client's subdirectory in the /etc/netboot hierarchy on the WAN boot server

  • (Optional) File name of the PKCS#12 certificate file

  • (Optional) Host names of any machines other than the WAN boot server that are required for WAN installation

  • (Optional) IP address and TCP port number of the network's proxy server

 

Optional server information 

  • URL of the bootlog-cgi script on logging server

  • IP address and TCP port number of the network's proxy server

 

Table 10–3 Worksheet for Collecting Client Information

Information 

Notes 

IP address for the client's subnet 

 

IP address for the client's router 

 

IP address of the client 

 

Subnet mask for the client 

 

Host name for the client 

 

MAC address of the client