VMware released a new “fling,” or experimental project, called PXE Manager that is creating buzz among users who say it could simplify ESXi host deployment in large environments. But there are some network security concerns about this type of tool, experts say.
PXE, which stands for Preboot eXecution Environment, provides a means of automatically acquiring an IP address via the dynamic host configuration protocol (DHCP) and booting up a system over the network. In a VMware infrastructure, PXE Manager might translate into fewer installation media for administrators to manage.
“With vSphere 4.1, VMware introduced scripted installs for ESXi so you could customize an installation, but you still needed media to deploy it,” said Eric Siebert, senior systems administrator for Boston Market Corp. “This [would give] VMware a tool to deploy images without having to rely on other tools that could be difficult to set up and manage…. It [would] be very handy for deploying new ESXi servers without having to rely on media.”
According to a PowerPoint presentation on the VMware Labs website, PXE Manager will allow automated provisioning of both stateless and stateful ESXi hosts; perform ESXi host state backup, restore and archiving; manage ESXi build repositories; perform ESXi patch management; support deployment over multiple geographically separate data centers; support multiple networks with agents; and provide a wake-on-LAN capability, a vCenter plugin, as well as the ability to deploy hosts directly to vCloud Director and Cisco UCS blades.
“It's a real big deal for larger environments; you can deploy new ESXi images quickly and easily,” Siebert said. “It basically can help you automate your whole ESXi deployment model. It was kind of the missing puzzle piece.”
Network security concerns
Consultants and channel partners say PXE Manager could appeal to their clients as ESXi becomes the default deployment method in the next version of vSphere.
“The fact that a bare-metal server can be installed with ESXi, configured and added to vCenter all automatically is very nice,” said Marcel van den Berg, a virtualization consultant from the Netherlands. “[I] guess VMware had to offer such a feature, as [System Center Virtual Machine Manager] 2012 will be able to deploy a bare-metal server with Hyper-V and add it to SCVMM as well,” he added.
But this isn’t the first time this tool has surfaced. A PXE Manager for both ESX and ESXi was first previewed at VMworld 2009, but it hasn’t seen the light of day again until now. In part, experts say, this is because of the security implications of having a PXE server attached to a production network, especially because PXE Manager runs its own DHCP and PXE setup.
According to Edward Haletky, CEO and analyst with The Virtualization Practice, LLC, a PXE server could overwrite an existing machine that holds critical data if it boots incorrectly or is set to boot over the network by default; could be manipulated as it is a clear text (unencrypted) protocol; or may not have proper patching or policies enforced.
“In general they are not worth having on any production network and are relegated to a staging network, which is where installations within the virtual environment really belong,” Haletky said.
That’s an easy problem to overcome, said Christian Mohn, network manager for Seatrans, a Norwegian shipping company. “PXE manager runs its own DHCP and PXE setup, so it would require that you run a separate management/installation network, or VLAN, not to interfere with your existing network infrastructure.”
Update Manager update? Unlikely
While the PXE Manager PowerPoint refers to patching capabilities, and a demo video shows PXE Manager being used to perform VMware Tools installation, a feature of VMware’s existing vCenter Update Manager (VUM), which is undergoing a lot of changes. Still, most users feel it’s unlikely that PXE Manager is the next incarnation of that tool.
“I can’t see it replacing VUM, at least not yet,” said Mohn. “If VMware moves to a more ‘re-install on each boot’ scheme, you could use this to update your hosts, but for day-to-day patching I don’t see it as a replacement option.”
Still, some users can envision VUM-like capabilities for PXE Manager, at least for stateless virtual machines which “live” in memory.
“One way that's been talked about for years is just to use network booting for ESXi, and have completely diskless servers,” said Bob Plankers, a virtualization architect at a large Midwestern university. “Want to patch a server? Update the central image and reboot the host.”
All this may be putting the cart before the horse.
“Remember, 'flings' from VMware are not products and may not be supported,” cautioned Haletky.
There’s also another fling out on the market, Auto Deploy, which seems more likely to see production use because it is said to be part of the next release of vSphere. Auto Deploy, as described in release notes leaked to the Web in early April, has some feature overlaps with PXE Manager, in that it combines elements of host profiles, Image Builder and PXE.
Auto Deploy will “[simplify] the task of managing ESXi installation and upgrade for hundreds of machines,” according to the document. With this feature, new hosts can be automatically provisioned based on user-defined rules, and “rebuilding a server to a clean slate is as simple as a reboot.”
Beth Pariseau is a senior news writer for SearchServerVirtualization.com. Write to her at firstname.lastname@example.org.