Fog Scenario (Domain Environment/Isolated Network)
Hello, I’m posting to hopefully get some advice or what approach I can take with this scenario.
I work as a consultant for a couple of medium-sized business and have been using Fog0.32 for over a year, imaged 300+ devices. My Fog server was off the domain, and the network completely, I had a usb/nic adapter that put it on it’s own isolated network. I set it up as a virtual machine using virtual box and it worked great, deployed a couple of multicasts and quite a few single computerts with it over the year.
THE PROBLEM WITH THIS SETUP
Is the first time I set it up, I had it plugged into the network LIKE A MORON and configured it as a dhcp server, and ended up assigning ip addresses to a couple of computers instead of our core switch (people were pissed)
So, that is why i took it off the network and configured it on it’s own isolated network, which sadly… I was not able to keep my linux server or Fog up to date, At All which really sucked…
In my scenario, I still cannot have my Fog server on the network at all, so it must still be isolated at the moment… and yes I COULD configure it to get its dhcp from our core switch which is where it is setup, but I am unable to because the Network Manager here is with a different company and has the say in what can be setup on the network and what to assign static IP’s to. (I have nothing against this, it’s just politics)
So here are my questions, and yes I will research this myself, but would really like the forums input on this as well, you guys have been a huge help in the past and helped me out quite a bit with a 400+ laptop project about a year ago.
- If I have my virtual machine isolated on the network again HOW can I keep my server up to date without it touching the internal network of the business?
- IS THERE ANYWAY, we can burn the Fog images as an ISO (Would be helpful to keep a couple of images on a NAS and physical discs just to be more flexible)
Also, this is a question I always had, wondered if anyone could answer
- If I am given x number of laptops all same model and hardware configuration,
is there any reason what so ever to sysprep them?
Also if I capture and deploy an image that has not been syspreped
a. If the original image had an activated aircard, what would happen?
b. what would happen to the windows license? (they all are manufacturer oem)
c. Does changing the SID really matter?
Thanks - Merry Christmas
That’s actually not bad idea at all, so my main VM OS, (ubuntu) would be on the same VLAN as my main computer. I can use the usb/nic adapter as the second adapter only on linux have have fog on it’s own isolated LAN. The problem is I’m bound to run into many issues with this, but it can be done
You’re right on that, I’ll just use clonezilla live to burn ISO images to use
I still don’t see a reason to sysprep. Why would I want to pre-install the drivers if the drivers are fully loaded already? Every time I have imaged with Fog, I have used syspreped images only because I was taught to do so. However I know a couple of colleagues that do not sysprep at all, yet let me know the biggest problem I would run into is ip conflicts if I’m not careful. (Also told me to make sure the images are obviously not on the domain with the same domain name)
Now for OEM manfucaturer licensing, the laptops coming in all have their own individual license. If I sysprep a laptop, clone it, then deploy it onto another, I will not have an active license. This is going to be my biggest issue and will involve a lot of research, hopefully someone here can point me in the right direction.
No worries about the aircard, I honestly think I’m just going to be activating the air-cards after the imaging.
And for your last paragraph, I as well have colleagues that said it was fine minus the matching dhcp leases and having to change the hostname before joining to a domain.
You could add a second network interface to your VM, configure it for bridge mode (NAT would probably work too, I suppose) and let it get a dynamic address from the core network. That should let the server hit the 'Net for updates (assuming the core DHCP serves out a gateway as part of the lease). Your original interface can be restricted to it’s own VLAN for imaging/deployment tasks. You could configure the server to handle DHCP/DNS for the VLAN. Deployment clients would have to be on the VLAN somehow…not sure exactly how you’d want to handle that.
As for the images, you could burn the individual images to DVD or USB or something. I’m not sure how you’d deploy them with FOG. They’re Partclone images, so perhaps Clonezilla Live? One of the developers would be able to provide a better answer.
As for the identical hardware, I would definitely sysprep the image. Even given that they’re all identical units with the same hardware, sysprep is generally a good idea. You can preinstall the drivers in Audit Mode, if you want, and they’ll be installed automagically by sysprep during deployment.
If you don’t sysprep, you’ll almost certainly run into problems with OEM licensing…although FOG can update the licenses on a per-machine basis if the data exists in the database. I’m doing something similar myself, since I’m also using OEM licensing…I use a generic non-activating key with sysprep to skip the “enter license” prompt and let FOG enter it for me post-install.
The aircard…sorry, can’t help you here. Never used one…anyone else…?
The SID…well, Microsoft will lead you to believe there will be all kinds of end-of-the-world-as-we-know-it consequences if machines do not have a unique SID. Since I use sysprep, I’ve never worried about. I do know of others (including colleagues) who never worry about it and have deployed without regenerating the SID (or using sysprep). They’ve never had issues.
Hope that helps.
I appreciate that, but he is not my boss or works with my company. Trust me I already tried talking him into doing this, but his dhcp server has been doing just weird things he never fixed this year and he’s just a bit worried if we add more services on the network. So BESIDES being able to set it up on the network, can anyone answer my other questions, thanks.
I would have a word with the network manager to get an address and the DHCP options added. If he doesn’t want to do it, and has no business reason you can go to the boss and say that you are trying to save him time and money, and that you need him to prod the network admin and say ‘this is happening’
If you can give a business reason to do something, and it’s free, and it’s going to save them money in the future… most bosses will like that