A guide to deployment, management, And concept overview For FOG.
Based on a document by: Thomas J. Munn CISSP
This document is intended to be modified by FOG users, in fact it is based on a document created by a FOG user. If you feel something could be said better or put more clearly, it is encouraged that you make changes to this document. We just ask that you keep it constructive and in good taste. In order to edit the wiki you are now required to create an account, as spamming of the forum has gotten pretty bad recently.
- What is FOG?
FOG is a Linux-based, free and open source computer imaging solution for Windows XP, Windows Vista, Windows 7, Windows 8, and Linux (limited) that ties together a few open-source tools with a php-based web interface. FOG doesn't use any boot disks, or CDs; everything is done via TFTP and PXE. Your PC boots via PXE and automatically downloads a small Linux client. From there you can select many activities on the PC, including imaging the hard drive. Also with FOG many network drivers are built into the Linux client's kernel, so you don't really need to worry about nic drivers (unless there isn't kernel support for it yet). FOG also supports putting an image that came from a computer with a 80GB partition onto a machine with a 40GB hard drive as long as the data is less than 40GB. FOG supports multi-casting, meaning that you can image many PCs from the same stream. So it should be as fast whether you are imaging 1 PC or 20 PCs.
- How should FOG be implemented?
FOG is best implemented on a dedicated server, any spare machine you have. We recommend that you have sufficient hard drive space as each image you make is usually between 5 and 10 GB. Using a RAID array allows imaging multiple computers simultaneously without much performance degradation. A gigabit NIC is recommended. For faster image compression and decompression, provide as much processor and RAM as you can make available.
- What features are included with FOG?
FOG is more than just an imaging solution, FOG has grown into an imaging/cloning and network management solution. FOG now performs tasks like installing and managing printers, tracking user access to computers, installing applications remotely via snap-ins, automatic user log offs and computer shutdown on idle timeouts. If a computer is badly infected with a virus or malware, you can boot FOG in AV mode and have it remove the viruses. You can wipe your disks, destroying all information that was on them, restore deleted files, or scan the disk for bad blocks.
- How much does FOG cost?
FOG is an Open Source project and licensed under the GPL which means that you are free to use FOG on as many computers as you like for free. This also means that if you want to make any changes to the source code you are free to do so. The creators of FOG make no profits from this project with the exception of donations. FOG comes with absolutely NO WARRANTY and the creators of FOG are in NO WAY RESPONSIBLE FOR ANY DAMAGE OR LOSS CAUSED BY FOG! Please see the license file included with the FOG release for more information. With that being said we attempt to do a very good job of supporting our users, in fact it is one of the goals of FOG to have better support than most commercial products. All support requests should be placed through the FOG's forum which is located at: http://fogproject.org/forum/ Thanks for supporting open source software and enjoy!
Background on FOG
- Why FOG?
Working in an educational environment our organization's techs very often re-imaged computers in their day to day activities. For a long time we used a commercial product that in many ways didn't meet our needs. It wasn't web based, and you needed to create driver disks, floppys or USB drives. Other things were very difficult, such as searching for a host by MAC address and the product was expensive, even with an educational discount. So we started to investigate ways in which we could do things better, and as our organization struggled to make a commercial product work better by trying to pxe boot dos, and testing it in Windows PE, we, the FOG Team started to build linux based solution on our own time. We finally got a working version and decided to release it as open source since we use many other open source products, and figured we should give back to the community.
This section provides some basic concepts that the FOG Project uses.
Unicasting in FOG means sending a single image to a single host. This can mean an upload or a deploy, and is independent of the image type.
See this section for more on Unicasting
Multicasting in FOG uses UDPcast to send a single image to multiple computers using only slightly more bandwidth than sending the image to a single computer with unicast.
See this section for more on Multicasting
- PXE Network Bootstrap loading
What is iPXE and the difference between the files? Check out the iPXE page.
FOG is a typical LAMP software bundle, so the main server is a Linux box. The rest of the components: Apache, MySQL, PHP, and several other services, are automatically downloaded and installed by the FOG installation script.
This listing is for informational purposes only, as the required components will be automatically downloaded and installed by the FOG installation script.
- PHP 5.3.0+
- MySql 5+
- Apache 2+
Installation on different distributions of Linux
Click below for step-by-step guides written for your favorite flavor of Linux:
Basic Network Setup
The FOG setup script asks several questions which might not be obvious. These sections describe only the most generic settings.
- Isolated Network
The easiest method to image machines and get started using FOG is on a small, isolated network. The FOG setup program will configure all the necessary services for you completely automatically. This section covers only those basic steps.
See FOG on an Isolated Network
- Integrating FOG Server with Existing Network Systems
Slightly more complicated is the task of integrating FOG into your existing network infrastructure. This section attempts to describe the steps to link FOG with a fairly generic enterprise system.
See Integrating FOG into an Existing Network
Advanced Network Setup
Integrating FOG Server with Existing Network Systems in non intrusive mode using MAC filtration
This methods allows to use Fog in existing network without the need of controlling existing DHCP server. Requires you to input the MAC address of FOG clients. See Integrating FOG into an Existing Network in non intrusive mode
Integrating FOG server into an existing network in non intrusive mode using ProxyDHCP
This methods allows to use Fog in existing network without the need of controlling existing DHCP server. Does NOT required you to input the MAC addresses of FOG clients. See Setting up ProxyDHCP.
Wake On Lan (WOL)
Full Listing of Ports used by FOG server and client
FTP – tcp 20,21
SSH – tcp 22
TFTP – udp 69
HTTP(s) – tcp 80,443
Portmap – tcp/udp 111
NFS – tcp/udp 2049
Transfer ports – tcp/udp 1024 – 65535
As found at: http://fogproject.org/forum/threads/firewall-config.27/
Quick Start - Basic Tasks
So you have a FOG server installed and setup, now what do you do? Below are a few common "Getting Started" items.
- Booting into FOG and Uploading your first Image
- Deploying your Image a single client
- Deploying your Image a group of clients
- FOG requires that all hosts be entered in the FOG Database for imaging. The most important part is getting the MAC address of the host right. FOG uses the MAC for targeting image installs and acquires. Using the wrong MAC could result in unpredictable results, including the complete erasure of the wrong pc! The IP address isn’t that important, and the ‘name’ field is more for the user. Mac address format is 00:12:3F:C4:57:0C . Using dashes, spaces, or no items at all will result in the GUI not accepting the host.
- After hosts are entered, it is wise to group them together by function, hardware, or common image. The image will be shared among all members of a particular group. This occurs within the ‘hosts’ screen, and NOT on the groups screen. This is a little confusing, so it helps to think of the ‘groups’ screen as a task generator, rather than controlling group memberships.
- For importing hosts in a .csv file follow the format below: 1 line per host:
"00:c0:4f:18:62:63","Hostname","18.104.22.168","Your description","XP/Vista","Image filename to use"
- Hosts are then configured to boot via PXE boot by going into the BIOS. Make sure PXE boot is the FIRST option, NOT the hard disk, or things won’t work.
- Configure your ‘master’ pc for the first image. Probably a good idea to run ‘sysprep’ prior to imaging, but not necessary. Sysprep will make your imaging life easier, if hardware is different, etc. See Microsoft.com for more details on using sysprep.
Preparing a Client for Cloning
FOG's strength can be better harnessed if some time and work is put into preparing a master image that fits the needs of your environment.
This section covers client preparation steps that will save you time and headaches like:
It also covers more advanced ideas that are guaranteed to cause headaches, like:
- Sysprep, Hardware-Independent Images (HAL), and Driver integration.
- Sysprep, Hardware-Independent Images (HAL), and Driver integration.
Read more about Client Setup
The FOG web interface is your primary management console. It is very well-documented in the pages linked below:
The Main Managing FOG Document
The link above opens the Main Managing FOG document and has a Table of Contents of its own.
Subcategories within the Managing Fog section include the following sections:
- Understanding the FOG Dashboard
Provides an overview of the GUI and explains the symbols used on the Menu Bar.
- Managing Hosts
This section covers management tasks such as: Adding a new host, Managing Hosts, Host Status, and Creating Host Groups.
- Managing Groups of Hosts
This section provides an Overview of sorting hosts into useful Groups, and provides instruction on Managing Groups.
- Defining and Managing Images
Defines types of images: Single Partition | Multiple Partition - Single Disk | Multiple Partition - All Disks | Raw Image
Also describes Creating, Modifying Image Objects, and Adding Images to Existing Objects.
- Storage Management - adding additional Storage Nodes
This section introduces the concept of Storage Nodes, which provide scalability to FOG with the ability to "share the load of computers being imaged."
Also covered are Adding Storage Nodes, Monitoring Image Replication between nodes, and Understanding the role of the "Master Node" in a group.
In addition, this section details the necessary steps to include PXE and TFTP Services for a node located on a remote network segment.
- Defining types of Administrative FOG Users
The difference between a regular FOG user and a Mobile user
Also covered are Creating and Modifying FOG user accounts
This is a major section of FOG Management because all day-to-day client management is initiated within the FOG Tasks section.
The Overview Section provides a quick list of tasks available within FOG.
General Tasks - Basic Imaging Tasks:
- Uploading an image (includes video tutorial)
Deploying an image
- Uploading an image (includes video tutorial)
Advanced Tasks - Describes tasks other than imaging:
Upload - Unicast (Debug)
Send - Unicast (Debug)
Send - Unicast (Without Snapins)
Deploy All Snapins
Deploy Single Snapin
Disk Surface Test
Delayed Tasks, or Scheduling Tasks in the future
Adding Printers to FOG
How to add printers to FOG. This allows the FOG Service to manage printers on FOG Clients
A service that runs on client computers allowing FOG to better manage them. Provides AD Integration, the ability to change a Hostname, Green Power management, Snap-in installation, User tracking, Printer Management, and more. See the Overview for a more complete list.
The FOG client can be partially or fully-enabled by modifying the ini file.
Installing the FOG Client
A typical client installation, Silent installation, and a video tutorial.
Advanced Description of FOG Services
More detail on:
- Auto Log Out
- Auto Log Out
Updating the FOG Client
How to update the FOG client.
The FOG Tray
Describes the Windows application that runs in the taskbar
Troubleshooting the FOG Client
Log file location
A FOG Snap-in is anything that can be run on a Windows client. This can be just about anything, including: installing applications like Firefox or Microsoft Office, adding an icon or shortcut to the desktop, or tweaking a registry key. This section covers Creating a Snap-in, adjusting the FOG server to handle snap-ins larger than 2MB, Uploading the Snap-in into the FOG system, and Linking the Snap-in to hosts.
Plugins enhance FOG's functionality.
- The Capone plugin allows FOG to recognize similar hardware platforms and push your specified image to them with minimal (or no) interaction.
See Plugins to activate and manage plugins.
FOG Server Maintenance
Separate TFTP and DHCP Server
In this setup, the TFTP server and the DHCP server are hosted on a separate server. The TFTP server holds the PXE boot files including the Linux Kernel, boot file system image, and pxe config files. The DHCP server is the server that assigns the clients with IP addresses and network connection information.
Click here for detailed steps:
Separate TFTP and DHCP Server
Additional TFTP / DHCP Server on separate subnet
This setup allows FOG to manage systems at a remote network location by installing the necessary services to allow clients to PXE boot to a Storage Node:
Including multiple PXE / TFTP servers
This extends the work done in the above article, Including multiple PXE / TFTP servers, and extends it a bit to allow for FOG nodes to be used in various locations that pull from a central server.
Using remote FOG nodes for distributed deployment
Separate NFS Server
Edit the storage node definition with the IP address of your NFS server and set the image location to the path on the nfs server. Make sure it has a file called .mntcheck in the root of the share, a directory called dev and a .mntcheck file in the dev folder.
if you want to mount it on the fog server too, follow these steps:-
- mv /images /imagesold
- mkdir /images
- edit /etc/fstab
For example if your server name is mynfsserver and the share on it is called fogimages
mynfsserver:/fogimages /images nfs defaults 0 0
KNOWN ISSUE You will get an error "Ftp connection to storage server has failed" at the end of uploading images though. You will have to manually rename and move the file from the dev directory to the directory below.
If your NFS server supports ftp as well, enable ftp on it too with the username and password specified in the storage server settings and this message will go away.
Hopefully someone will re-write POST_Stage2.php to change this at some point as if you already have the NFS share mounted why do we do this bit with ftp?
You may also get an infinite loop of the following message:-
"Unable to find a valid task ID based on the clients mac address of: <mac address>".
if you add an @ sign before the ftp commands it appears to have fixed the issue.
so line 133 of /var/www/fog/service/Post_Stage2.php would look like this
if (@ftp_rename ( $ftp, $src, $dest ) || @ftp_rename ( $ftp, $srcdd, $dest ))
Change NFS location
This is not about a seperate NFS server in general, but about how to change the local storage directory and export it correctly.
See Change NFS location for more.
Other Advanced Topics
- Building a Custom Kernel
- Creating Custom FOG Service Modules
- Modifying the Init Image
- Translating FOG
- Bypass Host Registration
- Building undionly.kpxe
- Chainloading PXE to iPXE using pxelinux.0
This section is intended to bring together the most common issues from the forums.
Troubleshooting Installation and Configuration Issues
- Knowledge Base
- Password Central
- Troubleshooting an image push to a client
- Troubleshooting an image upload
- Troubleshooting a multicast
- Troubleshooting Driver Issues
- Speeding up the Graphical User Interface
- Bottleneck / Imaging Speed Issues
- Troubleshooting Host Management Showing Hosts as Down
Appendix C: Alternative Resources
For Microsoft sysprep information, see this page: http://vernalex.com/guides/sysprep/video.shtml
FOG sourceforge page: http://freeghost.sf.net/
Deployment Forum at Edugeek contains many Fog related threads http://www.edugeek.net/forums/o-s-deployment/
About the Developers
Chuck Syperski is the lead developer for FOG computer imaging solution. He is a software developer and network integration specialist for a public school district outside of Chicago, IL. Chuck Syperski has a Bachelor of Science in Computer Science from the University of Illinois and is half way done with his master's degree :). He specializes in Java, jsp, jsf, objective C, C, C++, C#, perl and php. You can contact Chuck Syperski directly via sourceforge as the following link:
Chuck Syperski releases other software titles through his company CWS Software LLC
Tom Elliott is a contributing developer for FOG computer imaging solution. He is a technical support specialist for Burlington School District in Burlington, VT. Tom Elliott has a Bachelor of Science in Information Technology (BSIT) Information Systems Security from the University of Phoenix. Currently looking at Master's programs. He also served 8 years active duty service with the United States Army as a Signal Support Systems Specialist. You can contact him directly via email at email@example.com, firstname.lastname@example.org, or on the FOG Forums. Username on the forums is Tom Elliott.