We really would like to move our Mac Imaging to our KACE K2000 appliance but are running into NetBoot issues.
We really really don't want to have to run the bless command on every iMac we have in the labs or use the "Netboot Across Subnets Tool" every time we clone a mac lab just to be able to NetBoot across subnets. It's just not an efficient way of doing things.

We believe that Test #1 or Test #4 are the most acceptable solutions but they just don't quite work. Does anyone have any experience with either of these?

Our situation: 5 remote sites, each with two labs of 30+ iMacs. Remote sites are connected gigabit ethernet back to our data center. Each remote site has a CentOS linux DHCP server/router. We would like to be able to NetBoot our iMacs to the KACE K2000 box for imaging purposes. I've setup a test environment mirroring one of our remote sites with a linux DHCP server/router. I've installed dhcrelay which works like ip-helper does on Cisco devices. http://linux.die.net/man/8/dhcrelay
I've enabled ipv4 forwarding & exempted all traffic for the KACE K2000 box. Here is our setup, IPs have been changed to protect the innocent.

K2000 IP: 192.168.1.191, Test Subnet: 192.168.189.0, 3 Test iMacs on 192.168.189.0 subnet.
CentOS Linux Router: eth0 192.168.1.100, eth1 192.168.189.1, running DHCPD on eth1

Test #1: Forward BSDP packets to Kace K2000. dhcrelay -d -i eth1 192.168.1.191
Booted iMac holding down N. Large spinning globe, times out, folder with ?, boot fails.
tcpdump shows the iMac requesting an IP, getting an IP 192.168.189.250, requesting more BSDP information, K2000 providing information, repeating.

Test #2: Forward BSDP packets to a remote site's Mac Pro running Snow Leopard with DeployStudio NetBoot Server, 192.168.172.5. dhcrelay -d -i eth1 192.168.172.5
Booted iMac holding down N. Large spinning globe, Apple logo with small spinning globe, boots to DeployStudio just fine.
tcpdump shows the iMac requesting an IP, getting an IP 192.168.189.250, requesting more BSDP information, Mac Pro providing information, boots to DeployStudio.

Test #3: Disable forwarding BSDP packets. Use bless command for KACE K2000. sudo bless --netboot --server bsdp://192.168.1.191
Booted iMac holding down N. Large spinning globe, Apple logo with small spinning globe, boots to KACE K2000 Lion Boot Environment just fine.

Test #4: Disable forwarding BSDP packets. Install KACE Remote Site Appliance @ 192.168.189.5. Link remote site appliance to main KACE Appliance @ 192.168.1.191
Copy OS X Lion Boot Environment to remote site appliance, enable NetBoot on remote site appliance.
Booted iMac holding down N. Large spinning globe, Apple logo with small spinning globe, Apple logo with gear, never loads KACE Lion boot environment.

Why in the world Test #1 fails and Tests #2 & #3 succeed is a complete mystery to me. It seems as if the K2000 is somehow not supplying correct information when dhcrelay is in use or dhcrelay is not relaying the correct information back. I can see in packet captures that dhcrelay is relaying back information from the K2000, it just seems to not be enough?

Thanks in advance for anyone who may have experience with these issues.

1 Comment   [ + ] Show Comment

Comments

  • Just spoke to the Kace Management and Developer Team. They do not fully support netbooting across subnets using iphelper. They also do NOT have it in the que for a future feature release. They believe that using an RSA on every vlan is adequate. The only way they will consider this important is based on votes. I found out we have to vote on things like this. I can't believe they consider booting outside of your imaging servers vlan as a "feature". Oh well, it's their rules, we just pay for them....

    Please vote here: http://kace.uservoice.com/forums/82717-k2000/suggestions/1687565-mac-netbooting-across-subnets

    Without the votes, it WILL NOT happen.
Please log in to comment

Answers

0

Just spoke to the Kace Management and Developer Team.  They do not fully support netbooting across subnets using iphelper.  They also do NOT have it in the que for a future feature release.  They believe that using an RSA on every vlan is adequate.  The only way they will consider this important is based on votes.  I found out we have to vote on things like this.  I can't believe they consider booting outside of your imaging servers vlan as a "feature".  Oh well, it's their rules, we just pay for them....

 

Please vote here:  http://kace.uservoice.com/forums/82717-k2000/suggestions/1687565-mac-netbooting-across-subnets

 

Without the votes, it WILL NOT happen.

Answered 06/20/2013 by: lkalis
Orange Senior Belt

Please log in to comment
0
Update on Test #4 - Remote Site Appliance.
I decided to leave the iMac at the point where it gets to "Apple logo with gear" over the weekend. When I came back on Monday I was somewhat surprised. The iMac had downloaded the entire first disk OS X 10.6 Snow Leopard image that was on the Remote Site Appliance. So that is what's happening when NetBooting from a Remote Site Appliance on the same subnet as the iMac. It *SHOULD* NetBoot to the K2000 Mac Boot Environment so I can choose an image, however it seems to be doing a NetInstall from the first available disk image. This is still unacceptable.
Answered 03/26/2012 by: tbnsd
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity
Five Easy Steps to Smarter Systems Imaging
With traditional methods for systems imaging, each image captures a particular hardware and software configuration at a specific moment in time—static, unchanging, unmanageable.

Share