RE: Proofread concept

@george1421
You misunderstood me.

I discarded the VLAN idea because it’s too late to implement safely now for me.
You’re right - there is 1 L3 10 Gigabit Switch and A lot of L2 1 Gigabit Switches
My question was, is a network as described with the network plan I provided realistic?

I worried that because everything is in one LAN (192.168.5.0/24), and the ISP router is effectively the DHCP Server, that this may lead to broadcast storming or other fatal performance loss in the network because every Client has a dynamic IP. I discarded setting up a DMZ because the local network is not supposed to be accessed from outside, only traffic going outwards, like Webbrowsing, going through a STI firewall built in the router.

Regarding the HDD - it’s supposed to be 2 SAS HDD’s in RAID 1, because these are the only harddrives in the paper server. So effectively 1 HDD. I know 200 Mbit’s is much, I’m still debating in changing it to 2 SSD’s. I was just worried they would break faster.

I wanted to configure fog to image only 1 Client at a time. I interpreted the wiki as this:
https://wiki.fogproject.org/wiki/index.php/Multicasting

I have X Clients I want to image. I got to every client, go into network boot and select the image I want to deploy. After the first PC, every Client afterwards is automatically joining a queue until the first one has finished the download, then the second … until every Client is done.

Last thing regarding the Bottleneck … So, the image server cannot deploy faster than his own read speed and the write speed of the Client, right?

I know I said it a lot, but thank you again.

@george1421 Sorry, paper project.

@george1421
I’ll have to leave it that for now.
Thank you for taking time to explain!

One last question.
https://imgur.com/a/2FszAoH

This is my network. I know it looks amateur as hell. But since I can’t confidently create VLANs at least for now, this is how it looks.

My question is, are there any stupid flaws in a network as simple as this I’m not seeing? The components are:

passive:
Cat. 6A cables and patch panel to server room

active:
L2 Switches = 1 Gigabit/s
L3 Switches = 10 Gigabit/s
(Router) = 10 Gigabit/s

FOG Server = 4x 1 Gbit/s LAN port | Running on old harddrives
Client = 1x 1 Gbit/s LAN port | Running on SSD

My project is to configure an old server to an FOG Deployment Server, like in my first post, to work in an office. Because it’s perfect, the desktop PC’s are already cable connected to the LAN, if you want to image a PC or delete a hard drive - press F12, enter the credentials the admin gives you, done.

I figured my bottleneck is the FOG Server, because even with all 4 1Gbit NICs bonded, the Server cannot deliver more than the Read Speed of the HDD. I calculated that with average 200Mbit/s and an image size of 15 GByte it would take 10 min to download an image. Easily fixed with SSD upgrades in the future.

Currently I want to configure FOG to be able to queue up to 100 Clients to image, imaging on at a time, possibly some clients with different images and then I’m all set.

All of this makes sense so far? Or did I miss anything stupid?
Sorry to bother with this, this thing is 50% of my final exam mark and I grow paranoid trying to find a mistake.

Thanks, I see now!
So basically, please correct me if I’m mistaken - You create VLANs at the Layer 3 Switch. I imagine, you assign these hardware network Ports to the VLANs you create. Then, each VLAN network needs their own dhcp and dns server (?).

Imagine I have a 24 Port Layer 3 Switch. I assign every 6 Ports to 1 of 3 VLANs. (Vlan 100, 200, 300) The remaining ports serve as redundancy, with 1 of them having a connection with the ISP Router. Now, the FOG Server is on VLAN 100 with dnsmasq running.

Now, somehow, I “enable the router on your L3 switch to route between the subnets.”
After that, I install a DHCP relay on the Layer 3 Switch that forwards any broadcast DHCP request (because of network boot) from Vlan 200 and 300 to vlan 100, where dnsmasq responds to the dhcp request sender with his own IP Adress, because it also happens to be the PXE / FOG Server.

Is this correct? (also, seriously, very fast response. awesome community, thank you!)

–

Sorry I have another question about FOG
We were supposed to think of a fictional company that hired us to fix a problem,
a problem we had to make up. I wanted to try local Imaging with FOG, reasoning they might lease Hardware that needs imaging.

The structure at the client is as follows:

192.168.5.0/24 for the whole LAN

1 Router - with no PXE Next server configuration option
1 Layer 3 Switch
X Layer 2 Switches
102 Clients, dynamic IP, Range 20-200
1 Printer - static IP
3 Server - static IP

One of those is supposed to be a cheap fileserver server running fog, providing easy and cheap Win10 Image deployments for new Clients or swapped ones that need imaging. It’s also a DHCP proxy running dnsmasq because the router doesnt have a next server option.

The problem is, its probably too simple. No subnetting, No VLANs.
I’d create some VLANs for different company departments, but I don’t know anything about them or how to make it work with FOG. Also, I’m lacking reason to do this besides adding a layer of complexity.

Tldr:
What would you add to make it look more professional? If VLANs, how do I make that work with FOG? I imagine VLANs killing DHCP which is crucial.

Thank you, but Christ, that’s a lot.
I saw a rough “workaround” that could work instead.
(I don’t want to come off as lazy, but I literally started with Linux and this job training this year, I still only understand half the things I read here)

I’d create an InstallUser for the AD with limited rights, which will be automatically joined to the Domain via a fixed entry in the “unattend.xml”. (?) Software will already come preinstalled with the image. From there on, the User manually Signs Out and Signs In via his given AD credentials.

“(?)” because I never actually saw this option. I just read it’s supposed to be possible. I’ll try testing again tomorrow. But with my limited time right now, that’s all I can do.
More importantly, what’s your opinion on this?

Edit: I just realized - Doesn’t an Active Directory Domain join require Administrator privileges from the Domain Controller in the first place? Wouldn’t I just create a security vulnerability…? If you have experience in this, please share your advice.

@Sebastian-Roth
Update:

What my plan was -
1. I want to distribute prepared / generalized (with Software like Firefox preinstalled) Windows 10 Images that,

2. depending on the user logging into the FOG PXE Enviroment,
will be logged into their Windows 10 AD Accounts, after installation, respectively.

3. (optionally) Possible Administration through the FOG Smart Application, like shutting off PC’s or changing screen resolution, but I’m not that far.

The existing domain is based on SAMBA 4, so it runs on Windows Server 2008 R2.

There is an option in FOG to map FOG user accounts with AD domain credentials, so I wanted to use this for comission project.

What I did / achieved so far:

I distributed these Images with preinstalled software with no problem, (#1)
but I wasn’t able to make the domain join work. I put the correct credentials for a Domain User and mapped it to a FOG User account. Then I distributed the generalized image, and the software preinstall worked, however the automatic domain join did not.

The XML in question is the autoattend XML file, right?
I left it mostly generic, because I expected FOG to fill the credentials for each Domain user that has been mapped to a FOG User account.

Used:
FOG 1.5.7
Debian 10 LTS / Dnsmasq for DHCP Proxy
Win 10 Pro

The main question here is:
Is what I’m trying to do possible here? If so, what am I missing

Because “just” image distribution is too thin to pass training with this project, I believe.
I am new here and barely know anything about the features possible with FOG, but I’m trying my best.

Deleted my post because of missing information.
Will update later today.

Hello,

I need to verify a few things because I need them in a project I need to submit to a comission for a job training.

I want to sysprep a Win10 Pro Image and distribute it so that it automatically joins a domain. I never managed it to work. It should work like:

#1 Sysprep a generalised image with software preinstalled
(With / Without having joined domain?)
#2 Worker enters his credentials in the FOG Network Boot
#3 Image gets downloaded and installed with his personal domain credentials

Can I do that?
Please, explain it if so, because I wasn’t able to make it work and I really need this feature for my paper to submit.