Sun N1 Service Provisioning System User's Guide for OS Provisioning Plug-In 3.0

Setting Up the Windows Server

Setting up the Windows boot and install server consists of the following tasks:

Set up the Windows RIS server.
Create a component for the Windows RIS server in your N1 SPS environment.

How to Set Up the Windows RIS Server

Steps

Install Windows 2003 Server Standard or Enterprise Edition operating system with Service Pack 1 for 32–bit systems on the Windows boot and install server.

Create a separate NTFS partition that is big enough to store at least one image of roughly 700 Mbytes to hold RIS images. You will need to identify this partition when you make the server into a RIS server.

Note –
If you already have a machine that is running Windows 2003 Server 32-bit Standard or Enterprise edition without Service Pack 1, you can install theWindows 2003 Service Pack 1 separately on the server. See Microsoft Knowledge Base Article #891128 .

Install and configure Active Directory Server on this machine.

Identify this system as a domain controller. For information about Active Directory Server, see Microsoft Knowledge Base Article 324753.

Install and configure RIS server on this machine.

For more information, see Microsoft Knowledge Base Article 325862.

Note –
While installing RIS server, add a Windows 2003 x64 Risetup.exe image or the Windows 2003-Service Pack 1 x86 Risetup.exe image on the RIS server.

If the Windows Server 2003 SP1 RISETUP image is the first image to be uploaded to the RIS server, the new OS chooser screen (x8664.osc ) is copied to the RIS server by default.

If there are existing Windows OS images on the RIS server at the time the first Windows Server 2003 SP1 image or the Windows 2003 x64 is added, you must choose whether to overwrite (or backup and overwrite) the OS chooser screens during the installation to get the new screen. See Microsoft Knowledge Base Article #891128.

Install Windows 2003 Resource Kit software and Support Tools on the Windows boot and install server.

This package includes tools like setupmgr and xcacls that are used by the OS provisioning scripts. You can install these tools in one of the following ways:
- Install the Windows 2003 Support Tools.
  
  The Support Tools are not automatically installed when you install Windows 2003. The installation program is located on the OS CD-ROM in the \support\tools folder. You must manually open the setup file (suptools.msi) to launch the installation wizard.
- Install the Windows 2003 Resource Kit tools.
  
  You can obtain the Resource Kit tools from a Windows 2003 Resource Kit CD or from http://www.microsoft.com/downloads.

Install and configure the Windows RSH Server or the Windows SSH Server on the RIS server.

Note –
The N1 SPS OS Provisioning Plug-In 3.0 release supports only SSH for deploying Windows custom-based profiles and supports both RSH and SSH for Windows non-custom based profiles. SSH provides more secure and reliable communication between the RIS Server and the N1 OS Provisioning Server than the RSH service.
- To install the Windows SSH Server on the Windows RIS Server, install and configure the Cygwin© Open Secure Shell Service (OpenSSH service) for Windows 2003 on the RIS Server as any user.
  
  For more information, see the following web sites.
  - Cygwin home page
  - Instructions to uninstall existing cygwin packages at http://cygwin.com/faq/faq_2.html#SEC20
- To install the Windows RSH Server on the Windows RIS Server, follow these steps.
  1. Install the Windows 2003 Resource Kit and Windows Services for Unix 3.5 (SFU3.5) software on the Windows RIS server.
    
    For instructions about how to install the Windows 2003 Resource Kit and Windows Services for Unix 3.5 (SFU3.5) software, see Microsoft Knowledge Base Article #321712 .
    
    The Windows 2003 Resource Kit and Windows Services for Unix 3.5 (SFU3.5) software are available on the Windows Resource Kit CD and from the Windows web site. This software includes the Windows RSH service, and other tools that are used by the OS provisioning plug-in scripts, such as setupmgr, deploy.cab, xcacls.
  2. Install and configure the Windows Remote Shell Service (WinRsh service) on the RIS Server as user root.
    
    For instructions, seeRemote Shell Services in SFU.
    
    Note –
    If the permissions for the .rhosts file are not set correctly, the WinRsh service fails and the client receives an “Access denied” message. To prevent this failure, assign full permissions to the user group Administrators/SYSTEM in the .rhosts ACL list. For example add the following entry to the .rhosts file in c://windows/system32/drivers/etc/
    ------------------ 10.5.133.22 root ------------------
    After editing the .rhosts file, ensure that you save the file as .rhosts, not .rhosts.txt.

Install the N1 SPS Remote Agent on the Windows RIS server.

On the Master Server, prepare a new Remote Agent host for the Windows RIS server.

How to Create the Windows Image Server (Browser Interface)

After you set up the Windows RIS server, you must create a component for the server in your SPS environment. Follow these steps to create the component in the SPS browser user interface.

Steps

In the Common Tasks section of the browser interface main window, selelct OS Provisioning.

The OS Provisioning page is displayed.

On the OS Provisioning Common Tasks page, click Create in the Windows Image Servers section.

On the Plans Details page, click Run.

The WindowsServer-create plan details page is displayed.

Choose variables to use for this plan.
- To use an existing variables set, select a name from the drop-down menu in the Variable Settings row of the Plan Parameters table.
- To create a new variables set, click Select from List in the Variable Settings column of the Plan Parameters table.
  1. Click Create Set.
  2. Type a name for the variables set.
  3. Verify variables and change them, if needed.
    
    The image server component has only a few variables, most of which you are unlikely to change. For a list of those variables and their default values, see Windows Image Server Component Variables.
  4. To change a variable setting, click the check box for the variable.
    
    A check mark is displayed in the box, and a text field is displayed. Enter the new variable value in the text field.
  5. Save the variables set.
  6. Select the variables set that you just saved from the drop-down menu in the Variable Settings row of the Plan Parameters table.
- If you want to use another component's variable settings, click Import Set From Component.
  
  The Import Variable Settings window displays.
  1. If necessary, navigate to the Folder that contains the component with the variable settings you want to import.
  2. Select the component version.
    
    Note –
    Variable settings can vary between component versions. Ensure that the current components and the component from which you want to import variable settings share common variables. If the component from which you want to import variable settings does not share common variables with the component you want to use in your plan, the variable settings are not imported.
  3. Click Import Variable Settings.
    
    The variables settings are imported, and are displayed in the table.
  4. On the Plan Details Run page, select the variable settings that you imported from the Variable Settings drop-down list, then click Select.
- If you want to use component variable settings that are stored in a file, follow these steps.
  1. In the Import Sets from File text field, enter the path to the variable settings file that you want to use.
    
    To browse through the file system to find the appropriate file, click the Browse button.
  2. Click Import.
    
    The variables settings are imported, and are displayed in the table.
    
    Note –
    If the file from which you want to import variable settings does not share common variables with the component you want to use in your plan, the variable set is not imported.
  3. On the Plan Details Run page, select the variable settings that you imported from the Variable Settings drop-down list, then click Select.

In the Target Host field, specify the host created in the N1 SPS Master Server for the Windows RIS server you created in How to Set Up the Windows RIS Server.

Type the password for the Active Directory user in the text field in the Plan Variables section.

Type the password in clear text only. Ensure that your password selection meets all Window password requirements. See the Microsoft documentation for more information.

Click Run Plan (includes preflight).

The plan performs the following tasks.
- The Windows RIS server component is created on the Master Server.
- The N1ospRisUtil directory is created on the Windows RIS server in the directory that is specified in the installPath variable. This directory contains the following subdirectories.
  - N1ospScripts
  - N1ospTemplates
  - N1ospTools
  - SampleOSCFiles
  - SampleSIFFiles

To verify that the Windows RIS server is created successfully, click the Hosts link in the left side of the provisioning server window.

You should see the name of the virtual host appended with -windows. For example, if you installed on host masterserver, the virtual host is masterserver-windows.

How to Create the Windows Image Server (Command-Line Interface)

After you set up the Windows RIS server, you must create an component for the server in your SPS environment. Follow these steps to create the component in the SPS browser user interface.

Steps

(Optional) Encrypt the RIS server access password.

For more information about how to encrypt passwords, see Password Encryption.

To create a variable set for the WindowsServer component, type a command similar to the following example:

# cr_cli -cmd cdb.vs.add -comp NM:/com/sun/n1osp/untyped/WindowsServer \
-name "winRisServer" -u admin -p admin -vars "installPath=C:\\\\N1 ISP\\\\IspScripts; \
boot_server_domain_name=n1lab.west.example.com;active_directory_userid=n1ospadmin; \
boot_server_access_protocol=ssh;boot_server_access_userid=Administrator; \
boot_server_access_password=yf7813jWUweB4SXBe0JIlw==; \
ris_share_directory=D:\\\\RemoteInstall"

For information about the WindowsServer variable set, see Windows Image Server Component Variables.

Create a file named /tmp/windows-bi-server that includes the following entry:
password4user!
In the previous example, password4user! specifies the Active Directory user password.

To run the plan, type a command that is similar to the following example.
# cr_cli -cmd pe.p.run -u admin -p admin \ -PID NM:/com/sun/n1osp/untyped/WindowsServer-create -tar H:NM:risserver \ -comp - -vs winRisServer -pto 30 -nto 10 -f /tmp/windows-bi-server
The plan performs the following tasks.
- The Windows RIS server component is created on the Master Server.
- The N1ospRisUtil directory is created on the Windows RIS server in the directory that is specified in the installPath variable. This directory contains the following subdirectories.
  - N1ospScripts
  - N1ospTemplates
  - N1ospTools
  - SampleOSCFiles
  - SampleSIFFiles

Windows Image Server Component Variables

Table 8–1 Variables for Windows Image Server Component


Variable Name	Description	Default Value or Example
`installPath`	Location of the base directory where the N1 OS Provisioning scripts are installed. For example, C:\Program Files. Do not specify a trailing backslash in this variable.	C:\ (Default)
`boot_srerver_domain_name`	Windows active directory domain name for the RIS server.	`winprov.n1lab.sun.com` (Example)
`active_directory_userid`	Active directory user ID	`n1ospadmin` (Default)
`boot_server_access_protocol`	Protocol to use to access the RIS server, such as RSH or SSH Note – If you plan to use custom-based Windows RIS server profiles, RSH is not a supported value for the `boot_server_access_protocol` variable.	`ssh` (Default)
`boot_server_access_userid`	User ID to use to access the RIS server. For the RSH protocol, specify root for this variable.	No default
`boot_server_access_password`	Encrypted password to use to access the RIS server. This variable is required for RIS servers that use the SSH protocol. If you use the RSH protocol, this variable is not required. For instructions about how to create an encrypted password, see Password Encryption.	No default
`ris_share_directory`	Location of the RemInst share on the RIS server. For example, D:\RemoteInstall.	No default
`ris_language`	Language of the OSChooser screens installed on the RIS server.	English
`ciw_directory`	Location of the CIW and OS Chooser files. For example, D:\RemoteInstall\OSChooser\English	`:[ris_share_directory]\OSChooser\:[ris_language]`
`temporary_sif_directory`	Location of the Sun N1 OS Provisioning temporary `sif` files in the RemInst share. For example, D:\RemoteInstall\N1ospSif.	`:[ris_share_directory]\N1ospSif`
`windowsHost`	Virtual host that represents the Windows RIS server.	`:[target:sys.hostName]-windows`