Groupe des Utilisateurs Altiris Suisses et Francophones Group

 View Only
Back to Library

It Seems I Still See Some Customers Installing Multiple DS (Version 6) for Multiple Sites 

Jun 29, 2010 06:26 PM

I will provide in there an old technote (2006) that was for designing multiple sites, using a single DS, or 2, according of the global size of sites.
Please notice this architecture is for Deployment Solution DS 6.9 only !!!
For using DS 7.1, the architecture & design is not the same (but similar regional concepts).
But for now, 99% my current customers are still DS 6.9 for OS deployment, so I believe worldwide are still using also a lot DS 6.9 instead of DS 7.1.
I am pretty sure I already see some very good article regarding DS 7.1 architecture.

I publish this one, because I was searching an existing to explain some customers still plan to install multiple DS, for less 1000 computers, but in multiple locations.
I do not find any clear article or KB this subject, so if I miss one, just tell me & link in there please ;-)

Simplify Architecture plan for Altiris Deployment Solution 6.x !

Products/Versions

 Altiris Notification server 6.0 (NS), CMS 6.0, SMP7, CMS 7.0
Deployment solution 6.5, 6.8, 6.9 (DS) that is included into CMS, but separately...
Windows 2003 SP1 (W2003, W2k3, service pack 1)

TOPIC

 NEW ALTIRIS ARCHITECTURE PROPOSITION
for middle size company from about 300 to 3000 PC clients

As-it-was – multiple DS: Official Model to deploy OS image on multiple sites

Still on a lot of "old" documentations & design:

Each remote site must have a DS server to be available to deploy OS image (using PXE)		 A DS “Library” folder is automatically replicated to each sites using a unique Package in NS (each DS are a package server). This « package » can be 2 to 6 GB size or more.
The update of the replication must be ordered manually with a « update distribution point » on the NS console.
Problems High impact maintenance overload for a lot of remote DS,
Especially for customer with high number of very small sites.
E.g.: Using deployment server for 50 sites of 10 PC, need to connect and manage 50 different consoles, all the same consolidated into NS/Dsweb.
DS tasks must be repeated 50 times because it is not possible to run 1 « job » on multiple DS in one operation.
The import process, of the updated tasks, replicated on each site using the “Library” folder, into each DS: is resetting the history of the previous operations from existing Tasks.

Never do this:
 
This is the very "BAD" design


To-be – Simplify model: Multiple Sites, unique central DS.

How to If :
  • The total number of clients from central & different sites are under 3000 (to 5000),
  • The ratio bandwidth/client on each site is enough
It is possible to use a unique central DS to manage multiple sites.
The imaging & packaging source repository must be replicated on a file share on each site, but it is possible using Altiris Package server or DFS or any, without a necessary dedicated server.
To permit remote operation if not using local bootwork partition, it is possible to keep a PXE server on each site, without the DS. It is also possible if the bandwidth is like a MAN to use a central PXE :
  • option 1: using PXE boot + DS share across the WAN
  • option 2: using PXE locally, connect DS share across the WAN
We do not recommend creating a replicated file share for the “express”, only for the source packages & images must be replicated on local file share.
This Architecture can also be magnified with a WAN acceleration solution like Riverbed hardware permitting to remove local file share on a remote site.
Benefits Lower the number of DS at a minimum number (or a single), using local site Share or Package Server for IMAGEs & large files storage.
Automation tasks are build to use multiple local PXE to avoid WAN preboot overload (30Mb linux, 120Mb winPE). Altiris architecture permit hierarchic multiple PXE scenario
The administration is highly simplified, and the replication process is limited only to DSL packages & disk images (sources). The maintenance is also more simple.
Impact The WAN traffic is the main point to verify. The decision to install or not a local DS can be done regarding the balance of :
  • the number of clients on the site,
  • the bandwidth available
  • the existing or not local IT team,
Conditions To permit a central DS, All DS Tasks scripts must be intelligent enough to be able to run from any site without getting error or exceptions. For example by using DFS source share or DNS alias share, or conditional reference table to mount a dedicated local share on fixed source network drive letter.
The benefits will be loosed if we must create a separate task for each sites
(except for specific local site tasks)



In this scenario: we can also propose in addition to use "embedded" preboot partition on "bad WAN" sites, to avoid PXE transport of the boot image (especially for WinPE preboot, 130MB compressed)
enjoy OSD with DS 6.9, all the same to be replace in the next 2, or 5 years, with DS 7.x (I believe in 2012).

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Pascal KOTTE
Oct 16, 2011 08:43 PM

https://www-secure.symantec.com/connect/blogs/how-many-remote-sites-can-really-manage-osd-single-altiris-server

Pascal KOTTE
Oct 16, 2011 08:39 PM

Here a KB from Symantec:

http://www.symantec.com/docs/HOWTO56037

Thanks to Network23 this info.

told about 15 max.

I can tell you we already go to 60 sites in a single PXE manager.

Except some overload when make a change into a preboot, not fun the 60x150Mb updates in the same time for the WAN HQ bandwidth. But not a big problem: We stop the PXE helper during the "Business jours" to freeze PXE slave updating.

 

 

Pascal KOTTE
Jul 04, 2010 06:46 PM

Hi & thanks a lot to provide this script, and provide also the KB , I never find when I try to search again it... :-)

To explain what David provide above: It is a script permitting to use the Altiris CMS6/7 Package distribution and replication for using a standard local "replica" of a package defined into the Notification server NS6 (or SMP7), that are stored on "package servers" (can be simple workstations a on site, with enough disk storage). That is more easy to use than DFS if you don't have any local server on remote sites. Notice: you can also use the Altiris Package Services to populate NAS (mapping as a drive from the workstation acting as a "package server").

To explain what SharkSmart provide below: it is another way we can use without CMS6/7 package server distribution, because we can map a fixed drive, to a fixed path, to access data can be replicated from many different way (like a simple ROBOTCOPY.EXE)... Of course, we suppose the PXE slave server, is the single remote site server, storing the packages ;-)

So great thanks both, you add exactly what was missing this article. Please readers, do not forget to "clic" the yes for telling them "thanks" ! (And if you are not "logged in" to "vote", does not hesitate to create or reuse a Symantec account (the same you use for the download evaluation...).

Pascal KOTTE
Jul 04, 2010 06:07 PM

Also thanks for this KB, I never read it before designing some our customers, happy for me...
We got two of them with about 50 & 55 remote small sites, using PXE slave servers... (So that is a lot up the max 15 recommand from Symantec !)

But it is true we got a few problems from time to time, & we use script to stop restart PXE remote services...
Glad to know the new DS 7.1 will solve them.
Hope not coming with too much new problems...

Migration User
Jun 30, 2010 04:24 PM


For those who have DS 6.9 SPx try the environment variable built into WinPE by the name of %ALTIRIS_PXE_SERVER%.  A simple NET USE drive mapping will map a drive to a share on the PXE server that your WinPE booted from.  Even better than this you can add the mapping during the boot wizard as another driver letter.  The wizard will then handle the mapping and make sure it happens at the right time.

Also, Pascal - I've seen environments with up to 8000 clients on a single DS.  Symantec have never provided a clear reason for the 5000 client limit but have produced kb like this one : https://kb.altiris.com/article.asp?article=48850&p=1

Migration User
Jun 30, 2010 05:01 AM

hello,

we are using this configuration (one central DS) for all sites. We have tow central sites and 32 small sites without local IT Team and between 20 / 100 PC on each small sites) connected to central sites with 2 Mbits/s wan links.

We have only one DS (with a PXE on each central site). On each site, we have configured a PC to be PS (in normally use, we don't need more than 10 simultanous connections).

to find the package on the ps we used the vbs script to find "Local PS" : it call the asp page that NS client used in software distribution. This returns automatically the package's location on the local PS that can be used with DS : we don't have to manage tow repository for package (one for software distribution, one for the DS) and minimize trafic on wan links).

The script is issued from this KB article :
https://kb.altiris.com/display/1/kb/article.asp?aid=22688&n=4&s=

here is the script we used (I don't know how to join an attached file ; sorry comment are in french smiley) :

' ======================================================================
' Projet MIGWXP - Laboratoires Boiron
' Script  : getpck.vbs (recherche du chemin d'un package Altiris selon son nom)
' Version : 0.3
' Date    : 7 janvier 2009
' Auteur  : Philippe THOMAS (Osiatis) - D. Provençal (rajout variable SERVERALTIRIS suite à séparation SQL / Altiris)
' ======================================================================
Const SERVERNAME = "SQL Server Name for Altiris"
Const SERVERALTIRIS = "NS Server Name"
Const DATABASENAME = "Altiris"
Const USERNAME = "SQL Account with readonly access"
Const PASSWORD = "password for account"
Const adOpenStatic = 3
Const adLockOptimistic = 3
' ======================================================================
' Argument : nom du package à installer
If WScript.Arguments.Count <> 1 Then
 WScript.Echo "Nombre d'arguments incorrect"
 WScript.Quit 1
End If
package = WScript.Arguments(0)

' ======================================================================
' Recherche de l'ID du package dans la base SQL Altiris
packageGUID = getPackageGuid(package)
' ======================================================================
' Recherche et affichage du chemin d'accès au package
If packageGUID <> "" Then
 WScript.Echo getPackagePath(packageGUID)
End If
WScript.Quit 0
' ======================================================================
' ======================================================================
Function getPackageGuid(package)
 Set objConnection = CreateObject("ADODB.Connection")
 Set objRecordSet = CreateObject("ADODB.Recordset")
 objConnection.Open = "Provider=SQLOLEDB;Data Source=" & SERVERNAME & ";" & _
         "Initial Catalog=" & DATABASENAME & ";" & "User ID=" & USERNAME & ";Password=" & PASSWORD & ";"
 objRecordSet.Open "Select Distinct PackageID From SWDPackage Where Name = '" & package & "'", objConnection, adOpenStatic, adLockOptimistic
 Do Until objRecordSet.EOF
  getPackageGuid = objRecordSet.Fields.Item("PackageID")
  If Isnull(getPackageGuid) Then getPackageGuid = ""
  objRecordSet.MoveNext
 Loop
End Function
Function getPackagePath(packageGUID)
 ' Returns the UNC code base for the package specified by packageGUID
 Dim parser, url, nodes, item, attrs, attr
 
 If bolVerbose = True Then logFile.WriteLine("entered getPackagePath.. creating parser")
 
 Set parser=CreateObject("microsoft.xmldom")
 parser.async="false"
 If bolVerbose = True Then logFile.WriteLine("Generating URL ")
 url = generateURL(SERVERALTIRIS, packageGUID, getIPAddress())
 parser.load(url)
 Set nodes = parser.getElementsByTagName("codebase")
 For Each item In nodes
  Set attrs = item.attributes
  For Each attr In attrs
   if attr.name = "url" AND instr(attr.value, "file://") Then
    getPackagePath = Replace(Replace(attr.value, "file://", "//"), "/", "\")
   end If
  Next
 Next
End Function
Function generateURL(NS, GUID, aIPAddrs())
 Dim sURL, i
 If bolVerbose = True Then logFile.WriteLine("generateURL entered ")
 sURL = "http://" + NS + "/Altiris/NS/Agent/GetPackageInfo.aspx?xml=<request "+ _
  "resource=%22{00000000-0000-0000-0000-000000000000}%22 version=%221%22 "+ _
  "type=%22codebases%22>%0A<packages>%0A%09<package guid=%22"
 sURL = sURL +  GUID + "%22/>%0A</packages>%0A<addresses>%0A%09"
 for i = 0 to UBOUND(aIPAddrs)
  if len(aIPAddrs(i)) > 1 Then
   sURL = sURL + "<address ip=%22" + aIPAddrs(i) + "%22/>"
  End If
 Next 
 sURL = sURL + "%0A</addresses>%0A</request>"
 If bolVerbose = True Then logFile.WriteLine("URL is " & sURL)
 generateURL = sURL
End Function
Function getIPAddress()
 Dim ipAddrs(9)
 For j = 0 To 8
     ipAddrs(j) = ""
 Next
 j = 0
 strComputer = "."
 Set objWMIService = GetObject("winmgmts:" _
     & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 Set IPConfigSet = objWMIService.ExecQuery _
     ("Select * from Win32_NetworkAdapterConfiguration Where IPEnabled=TRUE")
 
 For Each IPConfig in IPConfigSet
     If Not IsNull(IPConfig.IPAddress) Then
         For i=LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
             ipAddrs(j) = IPConfig.IPAddress(i)
             j = j + 1
         Next
     End If
 Next
 getIPAddress = ipAddrs
End Function

The script we used in DS job for each Package installation :
REM : exactly package name in NS Software delivery
set PCK_NAME=ALTCLNT6_FR_01
set PCK_PATH=

for /F "usebackq" %%a in (`cscript /nologo getpck.vbs %PCK_NAME%`) do set PCK_PATH=%%a
if "%PCK_PATH%"=="" goto :NOPCK
pushd %PCK_PATH%
Rem here launch install command


Rem : custom error code configured in DS 'Package not found'
:NOPCK
net use \\%SITE% /d
exit 11

Pascal KOTTE
Jun 29, 2010 07:30 PM

In the second design, we will have 2 DS consoles:
  • main: with HQ+ small sites
  • big site 1
But I recommend only one DS if those 2 computers groups are under the same "IT team" management. (if total computers are under 5'000).
Notice: I am pretty sure we can up now above 5'000 computers onto a single DS. But need probably some thin tuning in agent configurations to lower "speaking".

Any body in there more than 5'000 computers a single DS ???

I recommend also ErikW post: 
http://www.symantec.com/community/article/6388/deployment-console-part-1-way-you-should-implement-it
Also notice: ErikW spoke about HII tools: that are additionnal licenses requirements, not really necessary if you manage a very few "hardware models", but a must if you manage a lot of different hardware.

Related Entries and Links

No Related Resource entered.