PXE-based deployment

Provisioning supports PXE booting and image deployment. With PXE-based deployment, you can boot both new and existing PXE-enabled devices into a WinPE preboot environment where you can select and execute a provisioning script. Or scan devices into your core database and then schedule an provisioning task with the Scheduled tasks tool.

PXE-based provisioning is a useful way to image devices in a variety of situations, such as:

  • Initial provisioning of new devices.
  • Imaging devices in a test or training lab.
  • Re-imaging corrupted devices.

Ivanti® Endpoint Manager and Endpoint Security for Endpoint Manager offers a couple of options to provision devices:

  • Ivanti managed boot, which lets you pre-target devices with existing agents for imaging.
  • A PXE boot menu, which lets you interactively select an option for a non-UEFI device.
  • An option to always PXE boot UEFI devices.

PXE (Preboot Execution Environment) is an industry-standard networking protocol that enables devices to be booted and imaged from the network, by downloading and installing an executable image file from an image server before the device boots from the local hard drive. On a PXE-enabled device, the PXE protocol is loaded from either the network adapter's flash memory or ROM, or from the system BIOS.

PXE uses the following communication standards:

  • DHCP (Dynamic Host Configuration Protocol)
  • TFTP (Trivial File Transfer Protocol)
  • MTFTP (Multicast Trivial File Transfer Protocol)

When a PXE-enabled device boots up, it sends out a DHCP discovery request. If a DHCP server implementing PXE is found, the server assigns an IP address to the device and sends information about available PXE boot servers. After completing the DHCP discovery process, the device contacts the PXE server and downloads an image file through TFTP. The imaging script is then executed, loading the OS image from the imaging server onto the device. The image file is referenced by an provisioning script.

Enabling PXE representatives

PXE representatives are part of self-electing subnet services (SESS). SESS simplifies PXE deployment. For more information on SESS, see Self-electing subnet services.

When the PXE service is enabled for multiple devices on a subnet, SESS will ensure that only one device per subnet is running the PXE service and SESS will automatically elect a new PXE representative if the originally elected device goes down.

PXE representatives automatically update their PXE settings and local copies of WIM files. By default they do this every 15 minutes. When you update WIM files, be aware that PXE representatives may not get the change until the polling interval completes. You can customize the polling interval in PXE subnet settings.

The PXE service components are part of the base agent configuration, but PXE is disabled by default in agent settings. Once the PXE service is enabled in the client connectivity agent settings and the setting is deployed to devices, SESS will elect a PXE service representative for each subnet where the PXE service has been activated.

It's important to note that an elected PXE representative will be available for use, but by default it won't PXE boot any devices except for those that are set to network boot.

Follow these steps to enable PXE on a subnet.

  1. Click Tools > Configuration > Agent settings.
  2. In the Agent settings tree under Client connectivity, double-click an existing agent setting or right-click and create a new one.
  3. In the agent setting, click Self-electing subnet services > PXE service.
  4. Select Enable PXE service.
  5. Click Save.
  6. In the Agent settings toolbar, click Create a task > Change settings.
  7. On the Change settings page, select the client connectivity setting you modified.
  8. Click Save.
  9. Add targets to the new change settings task and run it. You can target multiple (or all) devices on a subnet and let SESS manage which device runs the PXE service on that subnet. If you target only one device on a subnet, that device will always win the SESS PXE election.
  1. Click Tools > Configuration > Self-electing subnet services.
  2. In the tree select PXE service.
  3. Right-click the subnet you want to modify and click Service settings. The settings apply only to the subnet you selected.

  4. 5. If you want to limit which devices can PXE boot you can add MAC addresses to the allowed or disallowed areas. By default this list is empty and PXE will boot all devices.

  5. Change other settings if necessary.
  6. Click Save.
  1. Click Tools > Configuration > Self-electing subnet services.
  2. In the tree select PXE service.
  3. Right-click the subnet you want to modify and click Enable.
  4. It may take up to 15 minutes for the change to propagate.

Additional PXE information:

When a PXE-enabled device boots up, a DHCP request attempts to initiate a PXE session by looking for a server (or proxy) running PXE services software (PXE and MTFTP) services. If the device discovers a PXE server, the PXE boot prompt displays on the device for a specified number of seconds. Press the F8 function key during this countdown to access the PXE boot menu and select an OS image to deploy on the device.

To configure PXE boot options
  1. Click Tools > Provisioning > OS provisioning.
  2. On the toolbar, click Preboot > PXE boot options.
  3. Change the options you want and click Save.

Timeout: Enter a value (in seconds). The default value is 4 seconds. The maximum number of seconds you can enter is 60.

Message: Type a message that devices will see when PXE booting. The default message is "Press F8 to view menu." The maximum number of characters you can type is 75.

Always PXE boot UEFI devices: When selected, allows UEFI devices to boot into WinPE without pre-scheduling a task

Allow anonymous login for public templates: When selected, allows anyone to PXE boot and select a public template for imaging, without any authentication. We recommend against using this option.

Polling frequency: How often the SESS PXE representative on the subnet should check for updated settings and imaging files. The default is 15 minutes. Be aware that if you change a setting or a WIM file, that change won't get to affected PXE representatives until their next polling interval check.

TFTP block size: The default is 16384 for ia32 and 65464 for x64. Smaller sizes may be required in certain environments, though going smaller tends to slow down transfers, often substantially. VMWare in particular requires a block size of 1456.

Allowed and Denied: Allowed specifies that the list of provided MAC addresses are the only devices on the subnet allowed to PXE boot. Denied means all devices not on the list but on the subnet will PXE boot.

Attempt peer: Check with subnet peers for WIM images before downloading from somewhere farther away.

Attempt preferred server: Allow WIM downloads from preferred servers.

Allow source: Allow WIM downloads from core servers.

Bandwidth used (WAN and Local): Percent of available bandwidth to use when downloading images.