Portable Use of FOG

Datsys

Greetings All,
I am hoping this post is in the right place. I have been looking for a way to enhance our service offering to our clients (especially schools) by reducing the time it would take to reload software (mainly Windows and the various aplications they use) and it has been suggested that FOG would be the solution I am looking for. This being the first time I would be using this project, I felt it best to ask the experts if it can work.

I have an old HP Probook 4530s (8GB120GBSSD/Core i3) that I intended to convert to Linux (Fedora or Ubuntu Desktop) with the end of Windows 10. The idea is to use FOG on this machine with an external drive for each client to store their machine images. I am figuring this approach would allow each client to have a base image of each of their machines all of which would be stored on media which they can keep. Whenever there is the need to reload a mahine(s), we can just carry in this machine, connect their external drive and we should be off to the races. Based on my understanding of changes to Windows, the fact that each machine would have its own image on the external drive, this approach would also remove the need for the client to have Volume Licensed software and there should be no issues with Windows 11.

Can this work as I have it in mind? Are there any complications I should be aware of?

george1421

@Datsys You have both a technical and legal question in your post that will require a fire dance to navigate well.

On the technical side, it is possible to configure FOG in a mobile deployment server mode. Whereas you can have FOG loaded on a portable computer and take it from site to site to deploy images. Its best if you use onboard storage for the images but it would be possible to use a portable usb drive but your downloading performance would be not good because of the bandwidth. If you used a high speed usb-c attached drive then performance would compare to onboard storage. One issue I see is that to properly network boot target computer for imaging you will need certain network infrastructure changes to make it work. This is modifying your dhcp server to send out the boot server (FOG server) ip address and boot file to load. While the fog server is on site this will work perfectly, if the fog server is at a different site not so much. You can mask this issue by installing dnsmasq on the mobile deployment server so that only the pxe boot information is sent out while the fog server is on site. This can also be problematic, but it is a workable solution.

The MS Windows/legal issue is a bit more complicated. For OEM licensed computers you are not allowed to create a golden image (customized image with additional software loaded) and then capture and deploy it to multiple computer. The EULA requires a volume license key for this. You can deploy images only in the OEM format and then after that is deployed add on custom software on top. To be able to deploy an OEM image (legally) You can either use FOG to share the ISO image to the target computer, or what I’ve done in the past is take a development machine and install Windows 11 on it, but only to the point of the first reboot. You MUST stop the system from booting on that first reboot. That first reboot is the transition from WinPE environment to the Windows Setup/OOBE process. Now capture that image at the first reboot and deploy with FOG. This is still inline with the OEM EULA because you are not altering the image only cloning it during the middle of installation. When you deploy the image to computer #2 WinSetup/OOBE will continue to run. Now at the end use FOG to install custom applications and your done.

I can tell you getting a VLK key and image is a much simpler solution. I don’t know what M$ current licensing is, but it use to be you only need to purchase 1 VLK key for all of the company’s computers to use the VLK key. You needed 5 licenses to reach the minimum order so for small companies that had a windows server and windows workstations we would purchase 1 VLK key and 4 widows servers client connection licenses, cause you can always use server connection licenses. Just let me repeat I don’t know what MS current licensing model is so this may be old information.

Just to wrap up:
Can you create a mobile FOG deployment server? Yes. You will need to be really familiar with Linux to do this though.
Can you repurpose all of these unused windows 10 computers as FOG servers and leave then connected to the customer’s network, Yes (a bit better idea).
Can you deploy Windows 11 with FOG, yes (until MS break this too).

Datsys

@george1421 Thank you for taking the time to provide such a comprehensive response.

Starting with the legal problem, the nature of Microsoft to make things more difficult than they need to be… I figure that most people/entities tend to buy computers with Windows preinstalled so as to ensure legality (OEM), so I have so far resigned my mind to having to create images for each machine. Where I encounter those with VLK then the golden image approach would be applied. This should be a way to ensure the applications on the respective machines are good to go. Yes it is going to be tedious but it is what it is until the clients see the value to them (if any) by going VLK. Correct me if my logic is wrong.

The technical complication as you have detailed it is very interesting. Firstly, putting in a dedicated machine on each LAN will initially have to be at our expense as these guys will need to see the benefits in action first. This a major reason for going the route of a laptop we already own that was heading to a closet anyway. Load a Linux desktop to the old girl and she would continue to have a productive life. It can also be used in other ways as a Tech Support machine. From what you have detailed, there is a known work around for any DNS issues so it could move from LAN to LAN without much challenge. They Type C connection would be a problem for this old girl as she doesn’t have a port. So that bring me back to good old USB - any advice to help address that? Also would greatly appreciate if you would advise further on the network modifications involved to properly boot target computers for imaging.

Thanks again for the help thus far.

george1421

@Datsys On the technical side, I would install the largest ssd or nvme drive you can afford and keep everything internal. As I mentioned with the OEM image capture this is only one image and will deploy to any computer and should activate properly using the method I described. So once the image has been deployed most applications can be installed in the unattended mode, typically with command line switches. You can deploy these applications post image deployment with FOG’s snap-in system. This would still be in compliance with M$'s EULA. Basically you would adjust the computer after deployment You could even create a batch/ps file deployed by a snap-in to connect the target system to AD or make other alterations to the system, just as you might do by hand post image deployment. The extend of these post deployment activities are up to you.

I think once october hits you will have plenty of no longer useful systems hit the market so you could go to the next step of setting up local deployment servers at each customer.

Datsys

@george1421 thanks for continuing to provide such detailed information.

I believe the best way to learn is to do, so i am going to go shopping for an SSD (and perhaps some RAM to be safe). Once I have everything in place, I am going to do a test run on our machines as well as those of an associate just to see what happens when the network changes. Following this, I will check back with you if you don’t mind to go through the results.