|
bootix ::: Remoteboot in Corporate Networks |
||
|
|||
|
|
|
|
|
|||
 |
|||||||||
 |
|||||||||
 |
|||||||||
 |
|||||||||
 |
|||||||||
 |
|||||||||
 |
|||||||||
 |
|||||||||
 |
|||||||||
 |
 |
 |
|||||||
 |
|||||||||
|
|||||||||
Rationale for Remoteboot in Corporate Networks Save cost with remoteboot technology The IT budget in major organisations is expected to deliver many things, but the first is reliability. Innovation, cost savings and efficiencies are all highly desirable but few things cause boardroom shivers more than unreliable computing facilities. At bootix we strive to help IT managers deliver on reliability, and in the process deliver a remarkably reduced cost of ownership. There are many ways to achieve reliability, such as moving to centralised services and applying strict hardware and software consistency standards across the organisation. In many cases is it most efficient to have physically distributed support staff with little technical skill. A central core of expertise can supply solutions that create an identical environment in all parts of the organisation. This is where remoteboot comes in, because once the infrastructure has been set up there is no extra effort in adding workstations running a common software environment. The PC networking model of pulling updates must be replaced by a push model for successful configuration management in a large network. The key benefit of remoteboot is its reliability. A remotebooted workstation will start in a controlled fashion every time. This is true for all kinds of remoteboot, the completely diskless and the many variations on a controlled local hard disk. Guaranteed reliable and controllable workstations eliminate the most common failure point in large networks. They are also an essential component in change management exercises, because things such as operating system versions and application configuration can be implemented and rolled back within minutes if there is a problem. Remoteboot should be considered for any large and distributed PC workstation environment which has * A requirement for consistent desktop machines In order to maintain the integrity of these kinds of sites the network administrator must be in control of the boot process from the time the workstation is switched on at the wall. This level of control is not possible through software with IBM PC compatible workstations, because of fundamental insecurities in the hardware design. This is true for all PC operating systems, from DOS and Windows NT through to OS/2 and Unix. Is has not been practical to institute boot time security through motherboard BIOS programs, since these are impossible to manage centrally. The NetPC initiative may change that, with network-upgradable flash BIOSes. However most large sites currently have a wide range of BIOS versions and capabilities, making it impractical to use for system administration purposes. From a management perspective BIOSes are not yet a reliable means of control. From a security perspective, software is widely available for most BIOS families which crack passwords and allow them to be viewed or changed. All commonly used network cards have provision for remoteboot firmware with a standard EPROM socket. If present, this firmware is given the option of controlling the boot process as soon as the machine is switched on, after basic hardware self-testing has been carried out. This is the only really secure way of controlling a standard networked PC without suffering the expense, management inconvenience and support difficulties of custom hardware. There are several ways of achieving remoteboot control, most using proprietary techniques which require particular kinds of network servers and networking protocols. But today the dominant force in networking is the Internet TCP/IP protocol suite. For remoteboot, TCP/IP offers speed and robustness that other protocols do not. Besides this it is the indisputable king of network standards and vendors at all levels are required support it. Administrators gain control from when the PC is switched on, before the operating system is loaded. Floppy disk booting can be disabled, and floppy writes and/or reads disabled at the firmware level. This gives absolute control over what would normally be untraceable data copying activities or virus replication. Local hard disks can be used in secure environments where previously only diskless workstation were regarded as safe. This is because, with suitable software integration by administrators, there is no way users have free access to the hard drive. By making changes to a centrally-controlled network profile, the workstation can be instructed to automatically check itself for integrity, install software locally if a hard disk is present, or even completely reconstruct itself if required. If an individual user has a system software problem, a change can be made remotely which guarantees that the machine will be able to boot into either a disgnostic mode or a temporary known working configuration. bootix has implemented a range of error recovery options to minimise risks. The PROM can be simply configured to ignore floppy drives at boot time, to restart the machine (after an interval) should there be a network error, freeze the system after any error or even ignore any network errors and boot from a local hard disk where one exists. These configuration management advantages are achieved by applying well understood Internet protocols in a way that gives the administrator complete flexibility. It is possible to build site-specific solutions which give better results than a general management package such as Desktop Management Interface compliant products or the Microsoft Systems Management Server. Alternatively remoteboot can be used to complement these products, providing a hardware layer of control before handing over to the software. Because there is a greatly reduced need to go to individual user machines and perform repetitive tasks, fewer staff hours are required to maintain the same number of workstations. Better security and licensing integration lead to other cost savings. Replacing hardware is often a labour-intensive operation, but remoteboot in conjunction with software rebuilding techniques can substantially reduce costs. It is possible to upgrade PROMs (even without flash memory) by sending an updated PROM image as the first download instead of a boot image. While remoteboot can be used with local hard disks there are many advantages to diskless operation, particularly for large companies. Diskless workstations are: * cheaper in hardware: both initial purchase and subsequent maintenance The big issue with diskless workstations running modern operating systems is network bandwidth, but with a typical 10Mbps switched hub performance with normal productivity applications actually improves. Provided network capacity exists, diskless operation is often a very attractive option. It allows PCs which are more robust, cheaper and completely silent since it they no moving parts - no hard disk, no floppy disk and often no fan. They even fit into a smaller case! There are several ways of combining a hard disk with remoteboot. Each delivers different benefits but all suffer from the same problem: introducing a physical hard disk guarantees a higher cost of ownership. However the benefits offset the costs in many cases, and remoteboot technology eases the burden as much as possible. The PROM takes control of the PC in the normal way and commences integrity and management checks of the hard disk. Hard errors and viruses are eliminated if possible, with emergency action taken if it is not. Anything can be upgraded at this point, from the operating system to applications to network parameters. Hard drive partitions can be made read-only after updating takes place, and transient data partitions wiped. Finally the operating system is started and from this point on the PC operates as a normal workstation. In this scenario the operating system resides on the network just as it does for a diskless workstation, but the local hard disk is used to run applications from. Data can be either on the network or locally depending on the management strategy required. There are two main reasons why this approach might be taken: * to save network bandwith in shared-media networks where the overhead of many workstations all loading large applications over the network is too great Local cache only This approach dispenses with the local hard disk for everything except a device to speed up the workstation. There is no permanent state information kept on it. Usually implementations will allow the workstation to continue functioning even if the hard disk has failed or is not present, with the only effect being slower performance. A simple driver is required that intercepts requests for remote files over the network and satisfies them by supplying the same file from the hard disk if it is present. When a new file is fetched from the network such as part of an application or some data it is stored in the cache along with CRC and timestamp information. Before answering requests from the local cache this information is checked against the real file on the network to see if the cache needs to be refreshed. The advantage of this is that it delivers benefits while being completely transparent to the user and the applications the user is running. Reliable networks are essential in today's business environment. With remoteboot it is easier to deliver the reliability while still offering the full functionality of PC workstations. The business case is clear for remoteboot in serious corporate computing. |
