Installation and Configuration of SDA Appliances
- Virtual or Physical Appliance
- IP Configuration
- Creation of WinPE
- PXE Configuration
- Backup Management
Appliances
Virtual Appliance
Download
Download link: download-new-releases
Prerequisites
| Requirement | Details |
|---|---|
| Processor | Two or more vCPUs |
| Memory | 4 GB or more (Dedicated/Shared = High) |
| Network Interface | One Ethernet Port |
| Available Disk Space | 500 GB, 1 TB, 3 TB (VMware®); 500 GB, 1 TB (Microsoft® Hyper-V®) |
Physical Appliance
If you have opted for physical appliances, here is a KACE article on configuring iDRAC cards: idrac-for-k-appliances
With a diagram of the Appliances:
Used Ports
The appliance must have an internet connection for driver downloads and appliance activation:
- 80 — HTTP
- 139, 135, 445 — SAMBA share
- 22 — SSH (outbound only for tethers, and for syncing to RSA and single sign-on)
- 389 — LDAP (if using LDAP authentication)
- 636 — LDAPS (if using secure LDAP authentication)
- 67 — DHCP
- 69 — TFTP
- 4011 — PXE
- 8108 — Media Manager
Source: kb 129799
Network Configuration
Reserve an IP address for the Appliance and create a DNS alias. Follow the detailed steps to properly configure your network.
From the VM console:
- At the platform’s startup, we use the native KACE account:
- Login: konfig
- Password: konfig
- At this point, the platform prompts the administrator to enter essential information for its proper functioning on the target network.
- Once the various fields are filled in and saved, the platform automatically restarts to finalize its internal settings.
- Upon restart, we confirm the successful validation of the information entered:
License and Admin Password Configuration
From the web console: http://SDA
- The first page to which the QUEST platform redirects corresponds to its initial setup.
- You must enter the first pieces of information necessary for the platform’s proper functioning.
- Once the initial configuration is applied, the KBOX SDA restarts.
- You can then log into the Appliance (with the admin account).
Password Configuration
Summary of passwords in SDA:
In “Settings and Maintenance” \ “Control Panel” \ “General Settings”:
Three passwords are essential in K2000. Make sure to configure them properly to avoid any security issues:
- Samba Share Password
- This password is used to connect to KACE shares (driver uploads, etc.) and by the WinPE environments.
- If you change this password, you will need to recreate the WinPE images.
- Boot Manager Password
- This password is used by the PXE and prevents WinPE boot for those who do not know the password.
- Attention: The password will be entered on the physical station with a QWERTY keyboard, while from the interface, the password will be entered with an AZERTY keyboard.
- VNC Password
- This password allows control over the WinPE environments.
DHCP Server Configuration
DHCP in 2008 R2
- Add option 67
- BIOS machines => option 67 = undionly.kpxe
- UEFI machines => option 67 = ipxe.efi
- Add option 66 with the SDA’s address
DHCP in Windows 2012 or Later
Note that version 4 supports UEFI but not secure boot.
- Add option 66 with the SDA’s address
- Add a new “Vendor Classes”
- Click on “Add”
- Specify the name: BIOS PXE Boot
- Enter the ASCII field PXEClient:Arch:00000
- Specify the name: BIOS Arch 7 PXE Boot
- Enter the ASCII field PXEClient:Arch:00007
- Specify the name: BIOS Arch 9 PXE Boot
- Enter the ASCII field PXEClient:Arch:00009
- Set a New Policy for the DHCP scope
- Indicate the name “BIOS PXE Boot Policy”
- Select “BIOS PXE Boot”
- Enable “Append Wildcard”
- Click on Add
- Do not specify an IP range
- Activate option 67 with the value undionly.kpxe
- There will be one policy with two UEFI vendor classes
- Indicate the name “UEFI PXE Boot Policy”
- Select “UEFI Arch 7 PXE Boot”
- Enable “Append Wildcard”
- Click on Add
- Select “UEFI Arch 9 PXE Boot”
- Enable “Append Wildcard”
- Click on Add
- Do not specify an IP range
- Activate option 67 with the value ipxe.efi
- There will be 2 PXE policies in total
- And overall, 1 option 66 and 2 options 67
WinPE Environments Management
Backups
Schedule regular backups to avoid data loss. Whether you choose to back up manually or automatically, we guide you through the process.
Scheduling
- To perform the backup, SDA must export packages. Package export can be done manually or automatically.
- In “Setting & Maintenance”, select the “Package Management” tab
- Then select the packages to export and choose “Schedule export for selected”
- Schedule the export time
Package Export
If your Appliance crashes, it is necessary to export the packages, for which there are two solutions:
- By backing up the share \SDA\restore
- By exporting the packages to an FTP server
EXPORT TO AN FTP SERVER
- To enable the backup of the SDA Appliance, go to “Settings and Maintenance \ Package Management” and select “External Package Transfer”
- Then activate the option “Enable backup.”
- The backup can be performed on an FTP server.
Be cautious, when adding new images or tasks, you will need to schedule the export of these new packages.
0 Comments