FOG Imaging Over MPLS
-
Hello!
Has anyone successfully configured and run FOG over an MPLS network? We are looking to implement this companywide (from one end of the country to the other)
What differing configurations did you have to make in order for this to function correctly? Specifically I am having issues surrounding TFTP connection on our office routers. -
I’d recommend setting up multiple storage nodes and using replication between those “nodes”. The nodes can then be located locally and handle the tasks as necessary.
Imaging strictly across MPLS can be done, but you’ll likely run into many more issues even if you can get around the TFTP issues you’re seeing. I would not recommend imaging purely over WAN especially in such a limited bandwidth setting.
If I had to guess as to the issue you’re hitting right now, is TFTP actually getting an IP Address. If not, it’s likely related to a lack of IP-helpers. If so, maybe a firewall is not allowing UDP to port 69?
-
You are in the worse of all configurations. Have only mpls for site to site links. Unless you have aggregated T1 MPLS you are limited to 1.5Mb/s throughput.
FOG can still be used really well in this configuration. As Tom said storage nodes will be your tool. But before I go too deep into the details, please tell me a few things.
- How many systems target systems is there in your environment?
- Do you do all of your development at HQ and your intent is to make these images and snapins available throughout your organization?
- How many sites you do have?
- Do you have centralized IT that is responsible for remote deployment?
- How do you deploy images (i.e. you have a tech sit in front of the computer to start imaging, or do you want unattended imaging where you tell a whole classroom to just update itself)?
-
I concur with Tom’s and George’s thoughts. Please do answer George’s questions, but your answer is going to be storage nodes at each location, and using the location plugin, and throttling replication bandwidth way, way down. It’s going to take ages for your setup to replicate across such a slow link. If you have really bright technicians under you, you might even just mail the images out on flash drive and have them load those onto the storage nodes manually. We can help with steps for that.
-
Thanks for the response!
How many systems target systems is there in your environment?
-There are roughly 400 target machines spread between 25 offices.
Do you do all of your development at HQ and your intent is to make these images and snapins available throughout your organization?
-Yes. We would like to coordinate with office managers to be able to schedule imaging when neccesary or automatically push these updated images.
How many sites you do have?
-25 total. From Jacksonville to Seattle.
Do you have centralized IT that is responsible for remote deployment?
-Yes. I am in our central IT department.
How do you deploy images (i.e. you have a tech sit in front of the computer to start imaging, or do you want unattended imaging where you tell a whole classroom to just update itself)?
-When we hire or transfer a machine to a new user/owner we would like to be able to just refresh it with an updated image.
We are definitely open to creating nodes in each office as small appliance servers or something but if we are not opposed to imaging machines over like 6 hours (at night). What is your experience
in that? I am unfamiliar with all these processes so this is a huge learning experience for me. I greatly appreciate any and all input. -
@Tom-Elliott All of our MPLS nodes sit inside the firewall. It is more than likely some setting that I have incorrectly configured and I’m trying to figure out what that might be. Specifically I get the PXE-e32 TFTP error.
-
@camington Sorry I have one more question, is your mpls network setup in a star configuration or do you have regional hubs.
But probably the best choice is to setup a storage node at each site. This will allow you from one central console schedule remote deployments, or allow IT delegates at the remote site reimage machines. The concern in this whole setup is the low bandwidth availability from the MPLS links. So you will need to push the image closer to the target machines. Your root or master FOG server will contain the master images that will be replicated to the remote sites. You can define a maximum speed of this replication so that you don’t consume your entire mpls link with image replication. But also realize that it may take a day or so to replicate an image from the master server to the remote storage nodes. The storage nodes will allow the remote target systems to pxe boot as well as image locally. There is a concern about the FOG client software that must check back in to the master node. This is a concern for over the mpls this check in for 400 systems. You can change the check in time to 15 minutes or more to reduce this traffic. The check in is not that big of a bandwidth hog, but if you have 1000 systems I would be a bit more concerned. The issue with lengthening the check in time is that if you send a command to the remote node it will only see this command on the next checkin.
Your remote FOG servers don’t need to be a power house computer either. For small offices I’ve used a dual core celeron intel nuc with an SSD drive. I like the nucs because they are small, cheap and fit into an office environment well. This worked great for imaging 1 or 2 systems at a time. A circa 2010-2012 desktop would work well as a fog server. The heavy lifting in a fog image deployment is done by the target computer. The fog server or storage node just transfers the image from the FOG servers hard drive to the target. The target computer expands the image and writes it to disk.
-
@camington said in FOG Imaging Over MPLS:
@Tom-Elliott All of our MPLS nodes sit inside the firewall. It is more than likely some setting that I have incorrectly configured and I’m trying to figure out what that might be. Specifically I get the PXE-e32 TFTP error.
Are you seeing this error at your hq site or remote site? You need to make sure your dhcp options are set correctly you need dhcp options 66 {next-server} to be the ip address of your fog server and dhcp option 67 {bootfile} to be what ever boot file is correct for your target hardware.
A screen shot of the error would be helpful.
-
Throwing options out there… Intel NUC with a 120GB drive, fanless, for 230 bucks. You could totally make these into fog storage nodes (George already did, I think).
http://www.thebookpc.com/product-p/de3815tykhe.htm?gclid=CMKPvuSQvc4CFQuLaQodNsUEhAPlease help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
Daily Clean Installation Results:
https://fogtesting.fogproject.us/
FOG Reporting:
https://fog-external-reporting-results.fogproject.us/ -
@Wayne-Workman said in FOG Imaging Over MPLS:
Throwing options out there… Intel NUC with a 120GB drive, fanless, for 230 bucks. You could totally make these into fog storage nodes (George already did, I think).
http://www.thebookpc.com/product-p/de3815tykhe.htm?gclid=CMKPvuSQvc4CFQuLaQodNsUEhAYeah. probably not those. We used them for a few digital signage projects. They are a bit sluggish with the single core atom processor. (windows performance index of 1.1) You can get a dual core celeron with wireless and bluetooh card build it for just a little more and they are smaller: http://www.thebookpc.com/product-p/dn2820fykh.htm?gclid=CKTtmP2Rvc4CFQaQaQodiNkLYg
Or an i3 for about $270USD https://www.amazon.com/Intel-D34010WYK-DisplayPort-i3-4010U-Consumer/dp/B00F3F381A
You have to understand these are kit computers, you also need to purchase ram and a hard disk (SSD) to make it a complete bit of kit.
