FOG on an Isolated network and Production network at same time. Possible?
-
First and foremost I want to thank the creator and community for FOG. Great platform that I’ve been using for a couple years now at various jobs.
I recently upgraded my 1.2.0 server to the latest revision as well as put it onto 16.04. Loving it, great work, after I got the php thing solved with
php_ver='7.0' php_verAdds='-7.0' ./installfog.sh -y… Anyways, I was wondering how to accomplish keeping my FOG server and all the imaging duties on an “Isolated” network while still having access with the same computer to the production network. I would assume bridging the two connections in some way would work, but my networking knowledge isn’t quite there yet. My want is to be able to sit at my desktop (not the server) and access the web UI to issue commands etc etc but without bogging the production network down with imaging.Possible or no?
Side note, is there a way to throttle FOG’s imaging speeds?
-
There are multiple ways to accomplish isolation with access to everything. The first way is to have dual NICs eth0 would be connected to the imaging network and give DHCP to the isolated network, then eth1 would go to production. You would then access the web GUI from the IP address on the production network.
The second way that I have mine setup which gives isolation for sake of avoiding accidental imaging on the production but allows snapins and everything to work well is to have a separate vlan associated to imaging. I have a vlan setup in the tech area, on only one switch, FOG handles DHCP, but the vlan has access tot he rest of the network. This setup allows me to join AD after imaging, and fully configure the freshly imaged machine. But once I deploy the machine I can still push snapins and get login data but no PXE is setup on the production side.
Both have there merits and drawbacks, so it is your choice.
As for throttling you can set that up in the Storage Management page, it is under the bitrate spot, you would enter the number in bits/sec if I am not mistaken
-
Thank you so much for your response. At the time I asked, my brain was hurting from trying to figure out issues with installing the new version. Plus I had the switch connected to the wrong network…
I did the VLAN option as you suggested. Now I do have the fog server on an “Imaging” vlan and then an uplink on the same switch in “Production” Vlan. I have set it up that you can boot to fog over the Production network as well though, which means I have the DHCP entries…though I still have DHCP being provided by FOG to the Imaging vlan. This is fine right?
Also, I have some new laptops that don’t like the undionly.kxpe bootfile name that I set in the DHCP scope. Weird eh? haha
-
@eurokid21 Yeah your setup should work fine, When I came into my current role they had no imaging solution so I setup FOG to make my job much easier and we just decided to keep it separate for now.
-
@ITSolutions Do you have any other informatoin on this setup? that sounds exactly like what I’m looking to do, so I’d love to learn a bit more.
-
@Bob-Henderson You should start your own thread to ensure your problem gets the attention it deserves.
To your point, do you want a totally isolated network for imaging or only a partially isolated network. A totally isolated network would keep the targets from connecting to and registering with AD. A partially isolated network would allow for imaging and connecting to AD, but would keep pxe boot configuration isolated to the imaging network. In your post you might also want to state why you think you need an isolated network. I can tell you that most do not use this method of image deployment.
-
Not so much a problem, just was wondering how they did something that worked for them, but I can start a new thread if needed. Just didn’t want to clutter it up with duplicates.
To that point, I’m looking for the partially. I’d like to be able to keep them on a confined ‘imaging switch’ or vlan, but still able to register with AD at the end of it all, and still allow me to shoot out Snapins at a later date.
We do 1:1 laptops, so they only image when th ey’re brought back into the office, but we still need Snapisn and the like.
-
@Bob-Henderson Setting this up isn’t a problem and a pretty simple setup. Please create a new thread since you have specific requirements.