OS Deployment and Bare Metal Imaging 3.3 Release

Usage and Config
1

(imported topic written by francesco.latino)

The IBM Endpoint Manager OS Deployment team is pleased to announce the release of OS Deployment and Bare Metal Imaging 3.3.

This release has the following features:

  • Support of Microsoft Windows 8.1 for capturing, imaging, and bare metal deployment

  • Secure Hash Algorithm (SHA-256) enhanced security support for deployment objects

  • Enhanced support of Microsoft deployment tools (Microsoft Deployment Toolkit, Windows PE)

  • Bare Metal and re-imaging usability and customization improvements

Actions to take:

This release is an update of the existing site. No immediate actions are required and the current product will continue to function normally. Some changes were made to existing features and to the User Interface.

To take advantage of the new functionality, create a new 3.3 MDT Bundle by using Fixlet 46 in the site. To use the new features, update your Bare Metal Servers to Tivoli Provisioning Manager for OS Deployment 7.1.1 Fixpack 14. Tivoli Provisioning Manager for OS Deployment can be downloaded from FixCentral. In airgapped or proxy environments, you may need to cache files on the IBM Endpoint Manager Server and/or the console.

Additional Resources:

Link to Users Guide:

Link to wiki:

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/OS%20Deployment

Instructions for airgapped can be found at the following location:

http://www-01.ibm.com/support/docview.wss?uid=swg21616689

Published site version:

OS Deployment and Bare Metal Imaging, version 35

Application Engineering Team

IBM Endpoint Manager

2

(imported comment written by francesco.latino)

Additional details on OS Deployment version 3.3 new features:

Secure Hash Algorithm (SHA-256) enhanced security support for deployment objects (with IBM Endpoint Manager 9.1 Platform)

The Endpoint Manager Platform Version 9.1 supports the NIST security standards and provides an enhanced security option. This setting enables SHA-256 as the hashing algorithm for digital signatures and content verification. SHA-1 and SHA-256 values for deployment objects (MDT Bundles, images, drivers) are calculated and assigned at creation time. Objects that were created with platform versions older than 9.1 only have SHA-1 hashing values. Objects created with version 9.1 or later have both SHA-1 and SHA-256 hashing values. OS Deployment version 3.3 supports deployment operations in a mixed environment for compatibility with previous versions. If you decide to set the enhanced security option for your environment, all objects must have been updated with SHA-256 hashing information. A new health check is provided to display non- compliant files and from which you can initiate a remediation action to update the affected objects.

Bare Metal and re-imaging usability and customization enhancements

The following enhancements were added:

You can define a timeout when you are creating or editing a bare metal profile. This value defines the maximum time the LiteTouch script that installs the WIM image is allowed to run.

You can set a time limit for the caching of an image on the relay (Bare Metal Server) during a deployment.

You can start, stop, restart, or view the status of Bare Metal server services.

You can view if errors were recorded on server logs.

For any given image linked to a system profile, you can view whether the corresponding WIM image is cached on the relay.

You can customize the boot partition in the partition mapping for re-imaging and bare metal deployments

Support of Microsoft Windows 8.1 for capturing, imaging, and bare metal, and corresponding Microsoft tools

You can capture, re-image, or perform bare metal deployments on Windows 8.1 targets. You can also install a Bare Metal Server on this operating system. Deployment of Windows 8.1 requires a new version of the Microsoft Deployment Toolkit (MDT 2013) and of the Windows Assessment and Deployment Kit (WADK) 8.1, which includes Windows PE 5. These new versions can also be used for earlier supported operating systems. When you create a new MDT Bundle, you can choose the version of the tools that best suits your needs. A matrix of supported combinations is available.

MDT Bundle usability improvement

In the Upload MDT Bundle dashboard, you can view information about the WinPE version included in each bundle and its corresponding MDT version.