Tuesday, October 15, 2013

Diskless Windows clients using iSCSI

EDIT: I have written something of a technical description, that should answer all the questions I have gotten by email, and in the comments below. I will update it with your ideas and contributions as far as I find them useful. You can find it here.
EDIT2: There's a new video in relation to this at youtube.

You might say that this has little to do with virtualization, but hey, it's virtualized storage. I really don't want to start another blog for my sysadmin stuff, so bear with me. Besides, diskless clients are an alternative to Virtual Desktop Infrastructure (VDI) if storage virtualization is your primary concern.

Some of you might have come across a product from Wyse (now Dell), called Wyse WSM. This product delivers your OS and apps from a centralized server to diskless clients. Nice and dandy, works great, but at a somewhat high price if your job is to deliver Windows to classroom PCs. That has been part of my job the last 7 years, and this is my way of doing the same thing. Although Wyse WSM has some great management features, and the technology is somewhat different, the basics are the same: Diskless clients in the classroom.

The possibility to do this came to me with Microsoft iSCSI Software Target, a freely downloadable software for Windows Server 2008R2, and part of Windows Server 2012. It is of course possible to do the same thing on a Linux server, but I haven't found any Linux solutions out there. Let that be a challenge to the Linux gurus, I would love to see it happen!

What I do with the iSCSI Software Target, is to create a master disk, and then create differencing disks for my clients on the fly when they boot. In order to make my clients boot from iSCSI in the first place, I use iPXE open source boot firmware (gPXE will do the job as well).

Using iSCSI disks for clients necessarily means using the same network infrastructure for disk virtualization as we use for any other networking on the clients. This is not recommended by Microsoft, but Wyse obviously does it, and I do it. If your network is up to par on bandwidth, there is no reason you can't do it as well. Be prepared to do some thorough testing, and make sure you have enough bandwidth. You don't need gigabit to each and every client, but you do need it on the server side, and between every switch involved. If you have a high number of clients booting around the same time, consider waking them up early by means of automation, using wake on lan.

I prefer to use a dual nic single server as a combined storage server and gateway for small NAT’d subnets, with only 40-50 clients, keeping the server as close to the clients as possible (measured in number of switches). Using the iSCSI server as gateway will overcome the iSCSI protocol's routing problems that occurs even on a single subnet. If your iSCSI client needs to talk to your default gateway when connecting to a target on the same subnet, it creates problems. You will find a lot of people telling you to remove your default gateway when connecting with iPXE/gPXE to your iSCSI target, which does solve read/write errors. However, it also creates problems for the Windows client when it boots up. If your iSCSI target is actually also your default gateway, problems are solved. Someone with deeper knowledge on the iSCSI protocol is welcome to comment on this.

I made a video of how I set up my server from scratch, take a look at that first. (My apologies for the way Blogger let's me present the videos, open it in YouTube if you want a proper view.)

The video is more or less self explaining, if you take the time to look it through. What is to notice, is that I compiled the undionly.kpxe file from the iPXE source code. If you don't have the option of compiling this yourself, go for gPXE, which lets you download ready compiled files, even with added support for your non-undi network cards.

Also, I downloaded memdisk and sbootmgr.dsk, from the links in this post about installing Windows to an iSCSI drive. The same link describes through another link, how to boot to WinPE using PXE boot, from wich I figured out what files where needed for my tftpboot folder.

The magic of automatically creating new iSCSI differencing disks comes from the iSCSI Software Target API, and more substantially, from Jane Yan's iSCSITarget scripts in the Script Center.

Now have a look at how I create the master disk, and let it automatically deploy til my clients, in this video.

This video has a few annotations to make it easier to understand what I do, so I won't go into anymore detail about it. Feel free to ask me any questions in the comments.

(Edited for better video presentation.)