Ghost Solution Suite

 View Only

GSS 3.3 RU3 builds over VPN for COVID-19

  • 1.  GSS 3.3 RU3 builds over VPN for COVID-19

    Posted Mar 30, 2020 12:16 PM
    Hi all, 

    I hope everyone is well and safe. 

    Like many companies all of our staff are working from home since the COVID-10 pandemic which has brought about some business challenges for us. 

    Once such being is how we re-image machines whilst we don't have physical access to the offices!

    This is our current environment:

    • Currently we have one GSS Server running version 3.3 RU3 with localised storage for images and application packages. This single GSS server also acts as the PXE server.
    • We have a different server running DHCP.
    • A third dedicated SQL server hosts the Altiris SQL database.
    • All of these servers are on the same VLAN.
    • The users are situated in a different VLAN. 

    Our general build process is normally as such:

    1. Clean the target machines HDD.
    2. Create UEFI partitions on target machine.
    3. Send a scripted Windows 10 OS build to the main target computer.
    4. Install base software and patches.
    5. Clean and sysprep the image
    6. Capture the sysprep image as a .gho Gold image and store on GSS Server HDD
    7. Clean up the .gho image.
    8. Deploy the sysprep .gho image using PXE with WinPE
    9. Join domain.
    10. Push our specific apps from GSS Server HDD via Altiris jobs.

    As mentioned, all of our images and apps are held on the GSS Server on the local D: drive and shared over CIFS/SMB; where we point to these apps in the Altiris Jobs/tasks.

    We like to implement the following proposed changes during the COVID-19 pandemic:

    • Re-image machines using the same process as above, but from the engineers house, and for a copy of the Windows 10 images to be stored locally at the engineers house (as well as on the main GSS Server); in order to save pulling the images over the 100Mbps VPN during each build.
    Here's the list of things we believe we need to achieve to get this working, and would like some help / pointers on the not complete items as we're not sure of the steps needed:

    1. Create a restricted site-site VPN from an authorised engineers house to the corporate network = complete
    2. Setup a local DHCP server at the engineers house, settings DNS option to the corporate DNS Servers. = complete
    3. Test TCP access and Name Resolution to and from the engineers house to the servers listed above = complete
    4. Set-up PXE over VPN = Not complete *1
    5. Set-up a secondary storage location in the engineers house for the Windows 10 gold images = not complete *2
    6. Build machine from engineers house, getting the job over PXE, but pulling the images from the local storage at the engineers house = not complete *3

    Questions on Research:
    • *1 Doing some very brief research (whilst juggling a million other "quick requests" like all IT staff do ;) ) we believe we just need to add the DHCP options 66 (TFTP Server) and 67 (Boot file) to the engineers house DHCP server? If so, where do we get the details for option 67?
    • *2 Secondary storage. Is this simply the "Drive Mappings" option in the Symantec Ghost Solution Suite Options applet in the Control Panel? If so, I'm assuming a normal domain join Windows Server with the appropriate NTFS permissions set on the share hosting the images would suffice and we just need to take a copy of the current deployment job (so as not to change the master job) and point it to the UNC path of the share? Or perhaps a mapped drive?
    • *3 I'm not sure what other things we'd need to consider to get this working? Have we missed something?

    Any help / pointers to get this working would make a great deal to us.

    Many thanks!

    John