Louwrentius

Update 2012-12-11: It seems that a new and faster version is on the horizon.

Update 2012-12-21: Yes, the new model G7 N54L is out.

Some products seem almost too good to be true and I think the HP Proliant Microserver N40L is one of them. If you are into the market for a very small, silent, efficient, yet capable home server, please take this device into consideration. I picked this device up for 200 euro's which is a bargain in my opinion.

First, take a look. As you can determine from the size of the 5 1/4 inch bay, this device is really small. The fun thing is though, that behind that door is room for four 3.5 inch SATA hard drives.

So you can put four large SATA disks into this device. It is just ideal as a home NAS, without resorting to expensive QNAP or Synology devices, which may not give you the flexibility you want.

The on-board RAID controller only seems to support RAID 0 and RAID 1. If you want to make a NAS out of this device you want to go for RAID 5. So you have two options.

1. Buy an additional hardware RAID controller that supports RAID 5;
2. Use Linux or BSD software RAID and don't spend a dime.

Processor

It contains the AMD equivalent of Intel's Atom processor, the Turion II Neo N40L dual-core, which runs at 1.5 Ghz. This CPU is not fast, but it is energy efficient and it helps keeping the device silent and cheap.

Memory

The device contains just 2 GB of ECC RAM. Sufficient for most tasks, but you can crank it up to 8 GB. The fact that you get ECC RAM in this device is a real plus, making this device extra reliable.

Disks

By default, a 250 GB disks is included. How they do that for this money is something I don't get. This disk takes up one of the four drive bays.

Personally, I would not use the 5 1/4 slot for an optical drive, (who uses them anyway in a server), instead, I would look into a solution where you can put the stock drive into that space, to make room for an additional disk for file storage. Useful in case you are building a NAS.

You may even install additional 2.5" disks with solutions like this.

Expansion

The microserver has two half-height PCIe slots, one x16 and one x1. It has also an esata connector at the back, so you can connect an external disks for backups or something. There are two USB ports at the back, four at the front. I wish they put four at the back and two at the front.

See also this page.

Environment

The device is very economic, I estimate power consumption at about 25 watt when idle. I measured 35 watt through my UPS, but there where also two external disk drives and a network switch connected to the UPS.

Noise levels are also excelent. There are just two fans. One very large fan at the back, that just seem to cool the entire device. The second fan is housed inside the tiny power supply, but although it is small, the fan makes little noise. When it is idle, you don't hear this server running.

Compatibility

I was able to install Ubuntu 12.04 LTS out-of-the-box. Is running fine. I didn't test any other operating systems.

Reason for purchase

I wanted to replace my Linux router (an old Mac Mini) with a device that can house two disk drives, so I could implement RAID 1. I use it as a Router/Firewall. But I also run a website on it, some monitoring software, so that's why I didn't want to buy a regular Linksys or Zytel embedded router.

Although this server has only one network interface, I use VLAN tagging with a VLAN-capable switch, so this is not a problem. Otherwise, I would just add a second Gigabyte half-height PCIe NIC.

Final words

It's an ideal device for any computer enthousiast who wants more flexibility than a standard NAS or embedded router can offer. It's cheap, small, silent and power efficient. Those HP engineers who created this device should get a thumbs up.

Introduction

Anyone who ever installed Windows on a computer by hand must have wished for a solution that automate this task. It's just waiting a lot and pressing a button now and then. But installing the operating system itself is only the beginning. Once installed, you need to apply service packs or at least about a hundred or more security updates. When finished, you need to install all additional software, like an office suite, PDF reader, anti-virus software and the like.

So you need to install:

1. the operating system
2. applications
3. security updates

If you do this all by hand, it will probably take at least half a day, if not even longer. This is a major problem, because sooner or later you may have to hire somebody full time to do just the computer deployments. Expect a high job turnover rate. You definitely want to automate this task, saving money on extra sysadmins but more importantly: quality.

Even if you have to install one computer every week, you must automate this process for the sole reason that if you don't, no two deployed computers are the same. People make mistakes, especially with boring, repetitive tasks. So automation improves quality and reduces the workload significantly.

If you don't deploy your end-user computers through some kind of automation, you need to stop what you are doing right now and build such a solution. It's fundamental to provide good quality service to your users.

It must be fully unattended or as unattended as possible. You may have to press a button to initiate the process at that start, but that must be all that is required to deploy a system. If during deployment, you need to touch the computer in order for it to continue deploying, you have a bug that needs to be fixed asap.

So, in this post I want to show you that with minimal resources, you can create a fully unattended solution for Windows desktop systems. There are probably better ways to do this, but for me, this was enough.

Imaging versus automated deployment

It's very simple. Do not image. Do not use products like Norton Ghost or Clonezilla for system deployment. Imaging is not flexible. For every change, you need to create a new image. For every hardware model, you need to create a new image. Every program update requires a new image. Instead of installing computers by hand, you are maintaining images. It does not scale.

Automated installations on the other hand do scale. They are dynamic. They just use whatever drivers they need during installation, as long as they are available. Just updating the installer of an application is sufficient to make sure that future deployments are up-to-date. Flexibility is key.

Solution overview

1. Clients use PXE to boot from the network. They boot a special Windows Embedded kernel that bootstraps the Windows installation process.
2. The operating system and drivers are installed.
3. All company software is installed.
4. All security patches are installed.
5. When ready, a mail is sent to the sysadmins

You will need:

1. A DHCP server
2. A WDS server
3. A KMS server and valid KMS licence
4. Valid Windows 7 ISO for KMS installation
5. An unattended configuration created with WAIK
6. Driver packs for the various desktop an laptop models
7. A domain account dedicated for deployment
8. A list + executables of all software required for the client

About KMS and Windows licences

In a larger environment, with 25+ desktops and laptops, it becomes to cumbersome to type in the product licence key and activate the systems by hand. This does not scale. You need a Volume Licence agreement for Windows 7 or higher in order to be able to use a Key Management Server and a special ISO of Windows 7 that does not require a product key. Learn more about this in this blogpost.

Windows Deployment services

The basis for automated deployment is Windows Deployment Services. This software made available for free by Microsoft allows clients to PXE boot and perform unattended operating system installations.

Unattended operating system installations are guided by XML files that describe the configuration for the operatings system. Such a configuration file is authored with the Windows Automated Installation Kit.

WDS uses two images: a boot image and an install image. Because computers need drivers, you need to download and inject the drivers in the boot image. All major vendors supply special complete driver packages for you to download. Just download, extract and import. Create driver groups for every model, to orden your drivers.

You may choose to install all drivers in one image. But that image can grow large and lengten the installation time. To resolve this, create separate boot images for different vendors and differentiate between model lines. This is not much work but it keeps the boot images small. This is not required.

Windows Automated Installation Kit

You need the WAIK to author the XML file used by WDS to configure the unattended installation. You must specify hard disk partitioning, some default settings and the like. This is also where you configure the command to run when the operating system installation has finished. This will start the software installation phase.

Automated silent software deployment

For software installation, I just go back to my MS-DOS 4.11 days and use a simple batch script that installs all software.

Every product, such as Adobe Reader or Java, has an installation batch file. There is one main batch file that calls each program install batch file to install it and log the results for debugging.

It is that simple. And it works perfectly. The most important task is to find out for each product how you can install it silently, without user intervention. Fortunately, almost all products provide command line arguments for unattended installation.

Software is installed by using a domain-based unprivileged user that uses autologon to logon to the system, with local administrative privileges. Once the installation is complete, local admin privileges are revoked.

Installing all security updates

This is the hard part. There are several problems. First, after you install all updates, more updates seem to be available after the next reboot. Furthermore, using Windows 7, a memory leak causes the installation proces to take ages.

The solution is to install smaller batches of patches, such as 30 or 40 at a time. You can use a script for that as supplied by Microsoft. This script must be changed not to install all patches, but a fixed number at a time.

So you need several reboots to install all patches and run the VBS update script several times. The WAIK provides an option for 'autologon'. So you can have a user account logon for like 5 times. After that, no autologon is performed ever again.

So you place a special batch file in the startup folder of the autologon user that triggers the Windows update process every time the autologon is performed. This is the last step of the installation.

After five autologons, the system will boot to the logon screen and the system is done.

Additional resources

Large organisations may use Microsoft System Center Operations Manager but I assume that such a solution has not been setup. I asume, that you are in an environment without any existing solution that may help you out.

I would also investigate the Microsoft Deployment Toolkit 2012. Instead of tinkering with batch files and vbs scripts, this may help you also. However, it seems to focus on creating images or automate the task of creating images, rather than just automate the installation of a client.

Final thoughts

Please note that I had to research this solution within a few weeks, with lots of other things to do. It was just one project of many other projects. There may be better solutions to automate system deployments. Maybe the MDT is a better approach, but I haven't tested it (yet). The current setup is sufficient for now and it frees us to start other much needed projects.

Introduction

If you have to administer a large number of PCs running Windows, you will end up creating an automated deployment platform for your Windows clients. You may implement something like Windows Deployment Services.

I used WDS to create a fully automated installation of PCs. WDS can also be used for creating images, but using images doesn't scale as you need too much manual intervention with the devices themselves and you need to update images constantly.

With WDS and some driver packs I can support as many different computer brands and models as I want with a single vanilla Windows 7 base image. All customization and automation is done with answer files using the Windows Automated Installation Kit.

When creating an automated deployment environment, one thing you definitely don't want to be doing is having to enter each individual Windows product key as found on the sticker somewhere on the chasis. You want a single key, embedded in the deployment image or script and run with that, or some other solution. Your goal must be to do away with manual product key input and activation.

This is not a problem, but here we have to introduce the topic of licences, especially client licences such as Windows 7. There are only two flavors of Windows:

1. Retail - this licence is most expensive but allows you to transfer it from one computer to the other one.
2. OEM - this licence cost you less but is tied to that particular computer.

The important thing for a system administrator to know is this: when buying OEM, you do not have rights to create disk images or do something similar with these computers. You cannot use Windows Deployment Services, You cannot use cloning tools or other solutions.

Volume licensing

Now it is time to talk about volume licensing. A volume licence is an upgrade of a Retail or OEM license. So one thing is sure: you must order every computer with an OEM Windows licence, regardless of your plans. In addition, the volume licence, you have to buy separately, you gain 'reimaging rights'.

Now comes the fun part. You only need one (1) Volume Licence for a specific product to be eligible to image or automatically deploy all PCs running that particular operating system (32 bit or 64 bit doesn't matter).

KMS or MAK activation

With a volume licence, client's don't need to activate with Microsoft through the internet. For larger organisations, that would cause too much internet traffic. Instead, you use a local activation service within your network. You can either deploy a KMS (Key Management Service) or use the Volume Actication Management Tool (VAMT).

Most people may want the KMS service. But a KMS service only starts to validate clients with 25 or more PCs. If you have less than that number of clients, you may resort to MAK validation.

When choosing KMS activation, you install a KMS service on one of your Windows servers and that host will then act as an activation server within your organisation. Systems activated through the KMS must periodically revalidate themselves (as like every 6 months / 180 days). but how do the clients know that they should validate against your KMS? And which product key do you use?

If you buy a volume licence, you will get access to a special ISO image of Windows 7, Vista Business or XP Professional. You also gain access to a special product key, a KMS product key. (Please note that you must by a volume licence for each operating system product version).

You use this special KMS product key to activate the KMS server. This happens only once. So this one time, you activate the KMS server with Microsoft, after that, no communication occurs with clients or the KMS service with Microsoft.

That special ISO image you got contains a special Windows version that does not require a product key. Once a client is installed, it just searches your network for a KMS server through DNS and tries to activate against it. Once validated, clients stay validated as long as they get in contact twice a year (180 days) with your KMS service.

If you have less than 25 PCs, you will use the MAK activation and the VAMT tool. Clients can either activate through Microsoft directly or through the VAMT tool. The VAMT tool collects activation requests within your network like a KMS, however, it does contact Microsoft to validate those activations. And there is a limited number of activations you are entitled to. This VAMT tool can cache activation requests so you can redeploy or re-image systems and reactivate them without seeing your activation limit getting reached.

I hope this information was useful to you and if you've discovered a mistake, please comment.