New Fog server set up
-
Hi, I am brand new to fog. My employer and i both believe this would be a great way for us to remotely monitor and manage the devices that we are starting to get in.
A little background, I work for a Broadband company in the mid-western united states. All of us work from home and we are just starting to get set up with company owned devices so we can do our jobs. We want to be able to add programs and make sure that no virus’s hit our vpn’s into our main network. We are situated all over the country and after a lot of research we came across this remarkable product.
My question is what settings do I need to have on the fog server so that I can do this. All the devices will be imaged initially here on site. I am still very new to server management and would greatly appreciate any insight you can give. Even if its a point at a tutorial that I missed.
-
Imaging with FOG is no problem, the issue you will run into with WFH is that FOG and its client agent on the target computer expects to have fully time communication. But it will work with a remote VPN solution too (not imaging but client management). If you were looking at fog for remote management I would look at a different tool, but if you want imaging with remote management then FOG will work nicely.
On the remote computers, they will check in with the FOG server as soon as the VPN connection from the WFH user is established. At that time the client will see if there are any pending jobs on the FOG server and execute them (i.e. download snapins and run them). I would not plan on imaging computers remotely using FOG, those will still need to be done at your depot.
-
I think fog is exactly what we want. We aren’t looking to do to much mainly just make sure we can send out required programs. All of the computers would be imaged by me at my house then if we need to say install a program we would push it out. We aren’t looking to do too much on the managing side mainly just check for virus’s and add snapins.
-
@swadsworth said in New Fog server set up:
My question is what settings do I need to have on the fog server so that I can do this.
- You will need to have the target computers registered in FOG.
- You will need to have the FOG Client (agent) install on the target computer
- You will need to create snapin(-packs) on the fog server. These will be applications you want to deploy.
- You will want to create work station groups on the fog server. These will be groups that you can deploy snapins to.
That should get you started
-
@george1421 said in New Fog server set up:
@swadsworth said in New Fog server set up:
My question is what settings do I need to have on the fog server so that I can do this.
- You will need to have the target computers registered in FOG.
- You will need to have the FOG Client (agent) install on the target computer
- You will need to create snapin(-packs) on the fog server. These will be applications you want to deploy.
- You will want to create work station groups on the fog server. These will be groups that you can deploy snapins to.
That should get you started
On the main page it says you need a public server? any good tutorials to make my fog server public?
-
@swadsworth said in New Fog server set up:
On the main page it says you need a public server? any good tutorials to make my fog server public?
I’m not sure what/where it says or your definition of public is. FOG is an internal only imaging server. Its not secure enough for public (as in everyone on the internet) to access server.
-
Right on FOG Projects web page. it says this.
What do i need to do in preparation for this? Its completely ok to require a vpn for this or what have you i just need to know what to do here.
-
@swadsworth If you’re just looking to be able to see whether or not a host is up and maybe deploy snapins and stuff like that, this may be able to be done over the vpn. If you’re thinking of trying to image over the vpn, well it might be theoretically possible but would likely be painfully slow if you can get it to work. I’ve messed with that for fun once or twice and wouldn’t currently recommend it. I know there are others that have accomplished imaging across multiple sites though.
But anyway, provided your vpn is giving users access to the fog server and vice versa then managing through the vpn should work mostly as expected. There is potential for home networking to get in the way, but most likely things should work over the vpn as if the devices were all local. I don’t do a ton of management of devices connecting through the vpn but I do connect through the vpn and then manage devices that are on site all the time. I have tested fog client connectivity through the vpn and found it works pretty well (tested deploying snapins on my computer at home for example). But it’s probably gonna depend on your VPN configuration, I don’t believe I did anything on the fog server to make that work, it just sees the vpn devices as another subnet on the internal network.
-
@JJ-Fullmer So i just need to add the Fogserver to our domain then? Sorry if these sound like stupid questions. All of my networking experience was from the military. Basically all i want to be able to do is access the fog server remotely to upload snapins and deploy them. Imaging remotely from the server should almost never happen.
Each pc would be set up with a router that has a split horizon VPN on it. Once thats done could i just add the PCs to groups to deploy snapins? I do want to set up a storage node at our warehouse if necessary since right now the fog server is a thinkcentre m73 with a 256 gb hard drive.
We run google as our domain and don’t have an active directory set up as of yet as we all work from home. While a true MDM would be much better for what we want to do the cost is something that is of concern as we are still a very small company relatively, less than 100 people split between several departments.
Really all I want to do is deploy new snapins to company devices when necessary. We aren’t looking to do hardcore management but the ability to silently install a new app like time doctor would be instrumental in our continued success. Not really looking to do lockdowns and the like as we are a pretty laid back company.
-
@swadsworth I’m not familiar with using google’s mdm as a domain/domain controller for an internal network. Do you have a way to test if you can get to the fog server over the vpn? i.e. another person at a different location that could help you test or perhaps just setting up your phone as a 4g hotspot and using a different computer to get to the fog web gui through the vpn as a start. I wouldn’t suggest deploying over a 4g hotspot through the vpn, unless you have unlimited data and a small snapin for testing.
Once you confirm that your clients can access the fog server, and that the client is connected and checking in. (install the client on the remote machine then open C:\fog.log and see if it’s checking for snapins, name changes, etc or if it’s getting stuck at the authentication step). Then you can for sure setup groups and use snapins for deploying programs.
Granted, snapins are really designed around being deployed right after an image rather than software updates, but they can be used for that. Another product (that sadly isn’t free) that might fit your needs for software deployment is chocolatey for business and their new system called chocolatey central management. I haven’t actually used their central management system yet, but it looks cool and has features to work with lots of network configurations. All my snapins are based off chocolatey packages, as we have chocolatey for business and take advantage of the automatic package builder. There is also a free version of chocolatey, it’s just not quite as automated and powerful as the paid version. Just thoughts on some other options if snapins alone don’t do what you need.
-
We could easily test. I have my first batch of computers coming in. And I do have a hotspot with 20 gb through verizon. So testing a small package would be feasible. For example i could set it up so that winbox is added to the c:\users file path. That would need to be done through a batch script im sure.
But yeah I am just wondering what the best way to set this up would be.
-
@swadsworth What I’m getting at (I tend to ramble and want to share all the details) is that if you’re using a vpn, you shouldn’t need to do anything special compared to a normal setup.
But then I just thought about it a bit more.
You’re running the fog server on a computer in your house, so it will need to go through the vpn to get to the network and then through the vpn to get to all the other computers. This could get hinky, but hey test it first, could be fine. What I would do is, assuming you have a central office/site where the vpn/main network is hosted, setup the fog server on a virtual or physical machine there. But since you’re doing the imaging at your house, setup that device as a node so the imaging can happen theoretically locally.So if all worked nicely an imaging device would follow this path
pxeBoot ->
find configured tftp server (central fog server) ->
download ipxe.efi boot file ->
boot to central fog ->
start image task (through pxe menu or automatically here if already queued) ->
image task connects to local storage node (will require configuring the node priority) ->
Imaging then happens within local network (hopefully, it may still be trying to traverse the vpn to get to the node)
However if that doesn’t work as expected and instead still goes over the vpn, then keeping your fog server and devices being imaged on the same local network is better. So for snapin deploying, it would make more sense to have that server on the same network the vpn is on, so that all the clients just go through a
vpn -> main network -> fog serverand then back again path rather then avpn -> main network -> vpn -> fog serverand then back again path. Your best imaging experience would be all on the same network, but fog client stuff you want to do can work over vpn.If it gets super complicated, a semi-simple solution would be to just set up 2 fog servers. 1 that you already have that you just use for imaging devices before putting them on the network, then a central fog server on the main network you use for the fog client management. You could just embed a fog client connected to the central server in the image to simplify that part.
I’m sure there’s someone else that has done something similar to what you’re trying to do. There’s a location plugin for example that helps with connecting servers at different sites, I don’t have any experience with it though. I will gladly be of as much help as I can through here as this sounds like a fun setup. But others with more experience with remote locations may need to chime in.
Have you tried the FogApi powershell module? It's pretty cool IMHO
https://github.com/darksidemilk/FogApi
https://fogapi.readthedocs.io/en/latest/
https://www.powershellgallery.com/packages/FogApi
https://forums.fogproject.org/topic/12026/powershell-api-module -
@swadsworth here’s a link to the location plugin tutorial https://wiki.fogproject.org/wiki/index.php?title=Location_Plugin
-
Thank you very much for all your help. This is hugely helpful! I will look at taking this into consideration.
-
OK i think i totally misunderstood how snappins work. Is there a good tutorial on deploying snappins. For example say i want to have all the hosts in group A have winbox3.18.exe deployed to the c:/users file what would be the best way to set that up?
I just figured out that sending stuff out with the image doesn’t work as well as one would like. None of the fog hosts seem to be working and the like. I try to make it grab the new image off one of the clients and it doesn’t actually grab them.
-
a snapin is in a nut shell either a command, batchfile, or zip file with multiple files needed in it to deploy a software.
So a snapin can deploy a single file like a powershell script or a snapin pack can deploy a complex application like MS Office. The snapin packs are basically a zip file with the installer script and required files for the install.
https://wiki.fogproject.org/wiki/index.php/Make_Snapins_Using_FOSS
https://wiki.fogproject.org/wiki/index.php?title=SnapinPacks
https://wiki.fogproject.org/wiki/index.php?title=Snapin_Examples -
I just figured out that sending stuff out with the image doesn’t work as well as one would like. None of the fog hosts seem to be working and the like. I try to make it grab the new image off one of the clients and it doesn’t actually grab them.
What do you mean by this? Do you see anything in the
C:\fog.logon the clients? Or are you saying that they aren’t imaging correctly?For that example snapin, if you’re just wanting that file to show up in C:\users a simple snapin pack. I’d take a look at the link @george1421 gave on snapinpacks and make a zip with a script that copies that file to C:\users.
As a simpler test you could create a powershell or batch script that just makes a hello world text file and see if that works.
i.e. powershell
"Hello World!" | Out-File -encoding oem -filePath C:\users\public\Desktop\hello.txt -force;So put that into a file called
hello.ps1and make a new snapin with the Powershell template and upload the simple script. The snapin read-only command at the bottom should look like this
powershell.exe -ExecutionPolicy Bypass -NoProfile -File hello.ps1
Then add it to a host and deploy it as a single snapin task and see if it works.
You can deploy it then if you have access to the host you can run this in powershell to open up a dynamic version of the fog log to watch what’s happening on the clientcat C:\fog.log -wait ##cat is an alias for get-content. You can also do this with Get-FogLog if you install the FogApi powershell module
