Document copyright 2010 Mark Minasi; please see below for info on subscribing, unsubscribing or copying portions of this text.
Hi all —
The past four years have seen many changes in the Windows world but one could argue that the biggest innovation has been in the area of deployment tools. But which tool to use? Rhonda Layfield returns with a quick and useful set of suggestions about how to "choose what you'll use," and I think it'll save you some time. I know you're going to want to give it a careful read... but first, a word from our sponsor:
Tech Section: Microsoft Deployment Tools - Choose Your Tools Wisely!
Not that long ago, Microsoft's operating system deployment tools -- Setup Manager, RIS, ADS -- were, well, not the most impressive pieces of software, and so most of us had little choice but to look elsewhere for applications that could simplify our rollout tasks. In the past few years, however, that's completely changed. Not only does Microsoft offer some terrific deployment tools, it now has so many that you may well have trouble figuring out where to get started in the first place.
Should you base your decision on the number of computers you need to deploy? How about your company's geographical topology? Maybe How's the current skill set of your ITPros? I’ve had people ask “Do I need to install Configuration Manager (ConfigMgr), Windows Deployment Services (WDS), Microsoft Deployment Toolkit 2010 Update 1(MDT 2010 U1) and Windows Automated Installation Kit 2.0 (WAIK for Windows 7) just to get started? And what is this 'Modena' thing, anyway?” (The answer, by the way, is "no" -- Windows deployment can be quite easy.)
So what's the right answer? Well, that depends on your deployment needs. Do you need to push an operating system deployment (OSD) with no human intervention to your client machines thus performing a zero touch installation (ZTI)? Or, do you want someone to have to initiate the installation/migration of Windows 7 to your clients performing a "lite touch" installation (LTI)? And don’t focus simply on how to get Windows 7 and/or Windows Server 2008 R2 deployed to your system --you should consider also how to handle re-imaging, that's a nearly ubiquitous troubleshooting step in IT today. In this short article, I’ll give you an overview of each of the tools and reasons why you would choose one tool over another and how to integrate multiple tools together to get the right deployment solution for your environment.
System Center Configuration Manager ("ConfigMgr")
Let's first consider the biggest, most feature-packed (and most expensive) option. Microsoft’s flagship deployment product is Config Manager (often abbreviated "ConfigMgr") and it comes with all the bells and whistles of a dream deployment: scheduled/mandatory OSD ZTI, the ability to target specific machines with an OSD based on criteria determined by you (e.g., 1 gigahertz (GHz) or faster processor, 2 GB RAM and 40 GB of available hard disk space). ConfigMgr allows you to push an operating system deployment (OSD) to the machines of your choice at the time of your choosing (for example, "begin OSD at 11:00 PM") due to ConfigMgr’s built in wake-on-lan (WOL) feature. Along with OSD ConfigMgr offers so much more: hardware and software inventory, patch management using WSUS, and detailed reporting capabilities allowing you to follow every step of an OSD. ConfigMgr also scales wonderfully to any size organization, regardless of the number of offices or no matter how far-flung or numerous the organization's offices might be .
But ConfigMgr has some down-sides. It can be difficult to install and setup correctly. The Active Directory schema must be extended. SQL Server is required. Finally, there are multiple "site server roles" to be configured. If you're new to ConfigMgr, I strongly recommend that you find a class taught by a reputable source. At that course, you'll learn the ins and outs of installation and configuration to avoid making costly mistakes that can waste valuable time. Performing OSD deployments requires MDT 2010 and MDT 2010 requires Windows AIK for Windows 7 so integration is a must. You can also choose to integrate Windows Deployment Service for its multicasting functionality. WDS on Server 2008 or 2008 R2 offers the ability to send an OS image to multiple machines at the same time instead of supporting only unicast traffic -- which would put a much larger burden on your server and network infrastructure. If you can devote the resources to it, ConfigMgr's the option of choice.
Microsoft Deployment Toolkit 2010 Update 1
If ConfigMgr is not an option for you the next best tool is the Microsoft Deployment Toolkit 2010 Update 1 (MDT 2010 U1). MDT 2010 U1 requires Windows AIK for Windows 7. Both are free downloads from Microsoft. MDT 2010 U1 performs LTIs and provides built-in templates to support what it calls "refresh" (changing the OS but keeping the same hardware), "replace" (changing both OS and hardware), "migration" (migrating XP to Windows 7) and bare-metal installations.
One of my favorite features of MDT is the way it compartmentalizes your entire deployment solution. MDT lets you quickly assemble a deployment solution by picking an operating system, applications, drivers and so on. Configuring an existing solution is as simple, whether you want to add or remove some drivers, or if you want to change your operating system altogether.
As in most other deployment solutions, can support "thin" operating system images (a bare-bones operating system without pre-installed apps or perhaps even patches, to which we add apps and patches upon deployment), or "thick" OS images, single-image files that contain pre-configured combinations of applications, patches, drivers and the like. Grizzled veterans of deployment tools have debated the merits of thin versus thick for years, but if you opt for MDT 2010 U1, I'd go with thin images. (Okay, you could possibly roll out an in-between "hybrid" answer, a thin image with your corporate software included and then tell MDT to add various pieces of optional software as it performs a deployment -- MDT's flexibility is one of its strengths.)
MDT 2010 U1 can do something close to a ZTI with a little extra tweaking, but you may have to integrate third party (sometimes paid for) solutions for functions like wake-on-lan (WOL). (Again ConfigMgr provides WOL in the box, MDT doesn't.) MDT also offers two great features for companies that have small branch offices that possibly don’t even have a local server in those branch offices - "Media" allows you to put an entire deployment solution onto one or more DVDs, UFD or external hard drive. Basically you can just FedEx a USB stick to someone in your branch office and tell him or her, "shove this into a USB slot, boot from the USB stick, and walk away," and the deployment's done. Or you could create a linked deployment share and copy the entire deployment solution (or just bits and pieces) to a local office so those clients can perform their deployments locally. You can also integrate WDS with MDT 2010 U1 to get the ability to PXE boot (F12) to begin a deployment. WDS can also provide multicasting functionality for MDT images as it did for ConfigMgr. Again, MDT ain't ConfigMgr, but it's a whole heckuvalot cheaper!
Windows Automated Installation Kit For Windows 7
The Windows AIK contains tools that both ConfigMgr and MDT 2010 U1 use under the hood. For example, you may know that Microsoft gives away a program called the User State Migration Tool (USMT) that lets you save a user's data and application settings with a command called "ScanState." After running ScanState, you can then wipe the user's machine, install a new operating system and the user's applications, and then finally restore the user's data and application settings by running the second half of USMT, a program called "LoadState." When USMT works, it's great, but customizing it requires painstaking rewriting of a bunch of XML files and, in a few words, it just ain't no fun. Use USMT solely from the WAIK, though, and you can't around that XML work. Run it from MDT, in contrast, and MDT shields you from all mess, generating the XML files and command invocations automatically. (Running ScanState can also require figuring out a command line with over 200 characters. Not something you want to type on every machine, right?)
The Windows AIK is the place to get all of the new basic deployment components, most of are the building blocks upon which MDT and ConfigMgr rely. It includes ImageX, a Ghost-like tool that lets you create and apply images. It's also got the Deployment Image Servicing and Management (DISM) tool, which you'll use to mount, unmount and manage images. (For example, you can add or remove drivers and hot fixes to/from an OS image without having to first deploy the image.) WAIK also includes OSCDIMG, which converts windows image (".wim") images to ISOs so that they can be burned to CDs and distributed for easy deployment. Windows System Image Manager (WSIM), another WAIK component, creates unattended answer files in XML format -- run WSIM, answer a few questions and in no time you've got an unattended XML file, meaning that you can deploy Windows to a new system by just popping the installation DVD into the new system. You can then just walk away, as the XML file keeps you from having to answer any setup questions. Come back in 20 minutes or so, and you've got a freshly installed system, with no babysitting the Setup program necessary. USMT's in the WAIK and so is CopyPE, a tool that creates a WinPE working environment so you can create custom Windows Preinstallation Environments (WinPEs). Lastly, the Volume Activation Management Tool 1.2 is included and helps you centrally manage volume activation.
Sound good? It is, but, again, while the WAIK contains a wealth of useful (and free) tools, it's not for everyone. Most of the tools in the Windows AIK work from the command line only, and unfortunately each of the tools has its own unique syntax. A few of the WAIK tools have GUIs, but even they can be a bit cryptic. Although you could perform a complete deployment using the Windows AIK, you'd have to master a lot of concepts.
Windows Deployment Service (WDS)
WDS is a role that is in-the-box with Windows Server 2008 (and R2) and is the latest evolution of Remote Installation Service (RIS). WDS requires Active Directory, DHCP and DNS (unless you implement the Transport Service only) and provides LTI only -- no zero-touch installs. Microsoft supports deploying both .wim and .vhd image formats from WDS. Installation and configuration is pretty easy although the driver management is a bit cumbersome. WDS provides PXE boot capabilities and multicasting of images to your target machines. Two of the drawbacks of WDS are image management and the fact that WDS can only provide bare-metal installations -- no refreshes, no migration etc. Thick images are your only option -- you can't tell WDS, "first install Windows 7 Professional and then install Adobe Acrobat Reader" -- and if you want to make a change to an OS image you have to export the image from the WDS snap-in, use the Windows AIK tools to make your changes and add it back to the WDS snap-in. If you wanted to perform a refresh or replace scenario you would need to fully script those deployments yourself -- no GUI help from WDS on that score. I say, "why bother," as MDT 2010 U1 does all this for you and more!
What to do? Well, if you've got ConfigMgr, which integrates MDT 2010 U1, Windows AIK and WDS as well as providing its own extras, then by all means that is the way to go -- you'll have the most robust feature set in that case. Next would be MDT 2010 U1 for its ease of use, manageability of images and friendly wizards. If that's not an possibility for some reason, then WDS is a great tool if you're only doing bare-metal installations and your OS image doesn’t change often. The greatest strength of WDS is how easy it is to integrate with ConfigMgr and MDT 2010 U1. As for the Windows AIK tools, you really need to learn them at some point. Yes, I did say that they had a steep learning curve, but that both MDT and ConfigMgr require the WAIK tools. Thus, when something goes wrong with your ConfigMgr- or MDT-based solution, you'll almost certainly need at least some knowledge of WAIK before you can start troubleshooting.
(Note from Mark: I recently had an exchange with a friend who's a deployment genius. No, not Rhonda -- she's a deployment genius, but this was someone else. He'd advised someone to skip WAIK and go straight to MDT. I suggested that maybe that wasn't the right idea, as it's good to know the WAIK. He responded with a knowing smile that he used his car without worrying about or knowing about its fuel injection systems. I replied that true, in 2010 we automobile users can remain blissfully ignorant of fuel injectors because the auto companies have had over a century to make cars reliable. In contrast, I recall that when I first got my driver's license in 1974 that nearly everyone driving cars needed some knowledge of the fuel injector's predecessor, the carburetor, as we all spent at least a little time with the air filter off, staring down the carb's barrel while trying to figure out how to get the car running again. The new Microsoft deployment tools are great, but still new -- if I were to compare Microsoft deployment tools to cars, I'd say we're at about 1936 or so. As a result, I think we all should be prepared when one of the deployment tools leaves us stranded by the side of the road -- so I advise everyone to learn the WAIK tools.)
So whether you have 200 or 200,000 computers to deploy, each tool can provide a complete deployment solution along with the good and bad each tool brings to the table. As for the skill set of your IT Pros, anyone can learn these tools: it just takes a little time and testing. I hope this article has helped you to decide which tool will do the job for you and give you a starting point to get more information.
Come Learn With Me
Rhonda Layfield has been in the IT industry since 1982. She is a Setup and Deployment MVP and Desktop Deployment Product Specialist and is currently offering a 3 day hands on deployment class that covers all tools mentioned in this article. The class will be in Washington DC September 21-23, 2010. The cost is $1,200.00 per person and seating is limited. For details on what is covered in the class please visit http://www.deploymentdr.com/index.php?page_id=29. To register for this class go to www.minasi.com/seminar-register.htm.
To Subscribe/Unsubscribe, Read Old Newsletters or Change Your Email Address
To subscribe, visit http://www.minasi.com/nwsreg.htm. To change e-mail or other info, link to http://www.minasi.com/edit-newsletter-record.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm. Please do not reply to this mail; for comments, please link to http://www.minasi.com/gethelp.
All contents copyright 2010 Mark Minasi. I encourage you to quote this material, SO LONG as you include this entire document; thanks.