Improving ImageConnect with 2Pint

ImageConnect is Now Micro’s solution for using a customer’s ConfigMgr task sequence to image devices they purchase from us.  Internally we give each ImageConnect customer a unique VLAN that’s designed to service PXE requests for their environment.  Before 2Pint, we maintained a table mapping customer to VLAN ID and our staff would need to SSH in to the appropriate switch to change the VLAN.  This blog post will describe how Now Micro uses the iPXE Anywhere solution from 2Pint Software to help us remove some of the manual steps by automating the VLAN switching process.

iPXE Anywhere
Working with the iPXE Anywhere service from 2Pint Software, we were able to automate VLAN port switching at PXE time.  Today our PXE boot process will automatically run any internal applications, check if the device will be imaged with ImageConnect, and if so, change the VLAN port on the switch and reboot the device.  This is done by querying our ERP software for all of the relevant order information for a given serial number at PXE boot time.  The portion of our iPXE Anywhere RecastActionScript.ps1 script that switches VLANs is shown below.

#always get the param data from request
#Always get the boot object going, which is what you return back from this PowerShell Session
$BootObject = new-object iPXEAnywhere.Request.PS.BootObject
#This section sets the variables if you are using iPXE loaders using the $SessionData varaiable
$mac = $SessionData["mac"]
$guid = $SessionData["uuid"]
$SMBIOS_Guid = $SessionData["SMBIOS_Guid"]
$arch = $SessionData["arch"]
$platform = $SessionData["platform"]
$PXEServerIP = $SessionData["PXEServerIP"]
$PXEServerHttpPort = $SessionData["PXEServerHttpPort"]
$WSOverRide = "True";
$serial = $SessionData["serial"]

$BootObject.iPXEScript = @"
params --name bootreq
param --params bootreq bootaction TwoPXERefferal
param --params bootreq stub `${stubversion} 
param --params bootreq arch `${arch} 
param --params bootreq ba `${buildarch} 
param --params bootreq platform `${platform} 
param --params bootreq mac `${`${nic}/mac} 
param --params bootreq uuid `${uuid:hexraw} 
param --params bootreq SMBIOS_GUID $SMBIOS_GUID 
param --params bootreq asset `${asset:uristring} 
param --params bootreq serial `${serial:uristring} 
param --params bootreq make `${manufacturer:uristring} 
param --params bootreq model `${product:uristring} 
param --params bootreq NICvendor `${vendor_id} 
param --params bootreq NICdevice `${device_id} 
param --params bootreq ipinfo `${ip} 
param --params bootreq nm `${1} 
param --params bootreq gw `${3} 
param --params bootreq bootserverip `${next-server} 
param --params bootreq dhcpserverip `${54} 
param --params bootreq biosvendor `${smbios/0.4.0} 
param --params bootreq biosrev `${smbios/0.5.0} 
param --params bootreq biosdate `${smbios/0.8.0} 
param --params bootreq bootmajor `${smbios/0.20.1} 
param --params bootreq bootminor `${smbios/0.21.1} 
param --params bootreq enclosure `${smbios/3.5.1} 

$gpResult = Get-GpResult -Serial $serial
$customer = $gpResult.CustomerNumber
$vlanList = Import-Csv C:\2Pint\vlans.csv
$vlan = 0
foreach($item in $vlanList)
	if($item.GPCustomerNumber -eq $customer)
		$vlan = $item.Vlan

[System.Diagnostics.Process]::Start("PowerShell.exe", "-executionpolicy bypass -File C:\2Pint\ChangeVlan\changevlan.ps1 -mac $mac -vlan $vlan")

$BootObject.iPXEScript = 
$BootObject.iPXEScript + @"
return $BootObject

On the customer DP, we run the 2PXE server to help automate the secondary PXE boot and set some task sequence variables (such as SMSTSErrorDialogTimeout) to help us troubleshoot when things go wrong.  Our PowerShellExtensionAddVariables.ps1 script is shown below.

#Always get the boot object going, which is what you return back from this PowerShell Session
$VarDataObject = new-object Zipper.Zpxe.WCFServer.VarDataObject
$variables = @{}
$VarDataObject.VarInfo = $variables
#Always return the object to the invoker

Switching VLANs post imaging
One of the problems with this approach is that we require the 1st PXE boot to be on a well-known VLAN.  Since we are handing off the imaging process to a task sequence, we don’t necessarily know when the task sequence is finished.  We resolved this by developing a service to listen for SNMP Traps from the switches to determine if a particular port should be switched back.  If a port comes online after being offline for some amount of time, we will automatically switch the port’s VLAN back to our starting point so that the next machine to be imaged can repeat the same process.

Continuous Deployment
All of our 2PXE and iPXE Anywhere scripts and configuration files are stored in a private Git repository.  When we need to update a script, we can commit the change to our Git repository and a locally hosted build agent will automatically sync the changes down to our 2PXE server.  This allows us to quickly resolve configuration issues in production and lets us maintain a history of changes in case we need to roll something back quickly.

Come talk to us at the post-MMS 2Pint Event on May 19th to learn more about how Now Micro is using 2Pint Software with ImageConnect.  This is one example of how you can use 2PXE and iPXE Anywhere to automate some part of your imaging process.  We consider this a first step toward automating customer imaging and will continue to make improvements in the future.  Keep an eye on this blog for future updates.