I'm currently using a TFTP setup on Debian that serves as a domain controller with Samba. As I fairly new to system administration, I want to ensure I don't mess up any existing configurations, especially since this setup supports a school environment. I'm interested in implementing the FOG Project as a network boot solution, preferably using a bootable ISO, since I believe this would be the safest approach. I plan to migrate Windows 10 PCs from classrooms to teachers' use and bring in new Windows 11 machines for classrooms. This requires deploying applications like Veyon, antivirus software, GIMP, and Scratch efficiently across around 60 PCs while ensuring the systems are locked down to prevent misuse by students, especially those with special needs. I've heard a lot of good things about FOG and would like suggestions on how to safely set it up, keeping in mind that I will also need a backup solution during this migration. Could anyone offer insights on how to approach this without risking current settings?
3 Answers
Using FOG can be a great choice for your situation. It allows for quick imaging and can help revert machines back to their original state easily. However, FOG requires a permanent server or VM with static IP and adjusted DHCP options to ensure it's the designated boot server. Trying to run FOG off an ISO won't work; it needs dedicated storage for its database and images. I suggest deploying FOG on a separate network if you're worried about changing your existing setup. Setting up a simple mobile FOG cart could be a solution—just a rolling cart with the required equipment that can plug into your classroom network when needed.
While it's great that you're exploring solutions, be aware that secure boot can be an issue with FOG. You'll likely need to disable secure boot on your Windows machines unless you go through the process of signing FOG's iPXE binary with your own certificate. This can be complex but may be worth it for a more secure environment. Additionally, you'd need to ensure your FOG server has enough space; for instance, our Windows 11 image is around 35 GB. After deploying machines, you can revert DHCP settings back, as FOG only needs TFTP access during image deployment.
To get started with FOG, create a VM running Debian, clone the FOG GitHub repository, and run the installation command. You'll also need to update your DHCP server to direct specific options to the FOG server. For example, set option 66 and 67 to point to your FOG server's IP and the iPXE.efi file. This will allow devices to boot into FOG when they network boot. Just keep in mind that if you are already using option 67 for other devices, you may need to configure a policy to manage this correctly.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures