Citrix Provisioning Services: To PXE or not to PXE
- Published: Wednesday, 25 September 2013
With Citrix Provisioning Services the client (called target device) need to use “something” to connect to the PVS server to start the streaming process of the operating systems within the vDisk to target device. The default connection is using the PXE technique combined with TFTP, but Citrix also offers another technique called Boot Device Manager (BDM). In this article I will go both options using pros and cons (through my eyes) and how you can work around the cons (of both techniques). At the end I will give my vision which technique to use (in which scenarios).
First of all I’m going to explain how to process (both PXE as BDM) works exactly, because that is already written in several articles, which you can find easy. The big difference between PXE and BDM is that PXE is used to contact a TFTP component to download the bootstrap. With BDM this bootstrap is provided via another technique which eliminates the TFTP process (and as it’s an alternative for PXE you logically do not need the PXE service as well). This bootstrap is used to set-up a connection with the PVS Streaming service, so the actually streaming process can be started (and the OS started).
If you take a look at both techniques both have their pros and cons. However besides those pros and cons there are some misconceptions about both techniques.
- PXE/TFTP is well-known technique
PXE is there already for a long long time. Almost all deployment products use PXE for their (bare metal) OS deployment. Because it’s known most people know it and that makes it easier to introduce such a technique.
- PXE is standard available on all devices
All devices support PXE boot options. So no matter what device you would like to use as a target device, it will support PXE and can connect to the PVS infrastructure using PVS.
- PXE/TFTP are complex to set-up in high available scenario
PXE and TFTP are already available a long time, actually that long that high availability was not (much) in the picture yet. Therefore the techniques don’t have high availability available as on option. To set-up a good high available solution for PXE/TFTP Load Balancers are required.
- More PXE servers in a same (V)LAN is not possible/workable
More PXE servers in same (V)LAN were also the PXE clients exists in the same (V)LAN is not workable. PXE uses a broadcast as a first try to contact a PXE service, when more PXE servers are available the PXE client will connect to the PXE service which responds as the first one. While using more PXE services for PVS this is not a big issue, however when there is PXE services for another deployment product this is not the way to go. Of course you could/should place the PXE servers in different VLANS and use different DHCP scope to point the PXE client to the correct PXE service, but this requires IP helpers as well.
- IP Helpers and DHCP options are required for PXE over VLANS add additional complexity.
As already stated in the previous con IP helper and DHCP options are required when the PXE service is not available in the same VLAN as the PXE clients. Technically this can be arranged, but adds complexity and in large organization this should be executed by the network team (and we all know the network guys, don’t we).
- Requires no additional protocols
The biggest advantage of BDM that there is requirement for an additional protocol or infrastructure components. Only using the BDM and loading the small bootstrap from the PVS server is everything that is needed.
- Easy to set-up
Creating the BDM ISO file is really easy, within PVS a tool is added to create the BDM ISO including the options available to create to different media (HD or ISO file).
- More difficult to use with physical devices
When using physical devices you need to determine how these devices can use the BDM. Options are using CD/DVD or USB stick at configure the device to start-up from that medium. Of course changing the BDM configuration is not that easy as all those physical devices should be updated with a new CD/DVD or USB stick. There is an alternative using a part of the hard disk as the boot device.
- More “work” to assign BDM to devices
The BDM should be assigned in some method to the device. As stated with physical devices you should do a walk to them and with virtualized target devices you should point the ISO to the virtual CD/DVD-rom. You need more BDM ISOs when you have more location where PVS is running
- More locations requires more BDM ISOs
Logically you should point to a PVS within the BDM to contact the PVS infrastructure. With the PVS utility to deliver you can add 4 PVS server using IP addresses or use a DNS name. Personally I think this is actually not a real cons as you do some smart things for a single BDM using PVS servers on several locations. I will show you later on in this article.
- High availability should be arranged for the ISOs
The ISO can be a single point of failure. If the ISO (or the storage where the ISO is placed) is not available anymore target devices that are restarted will not get online anymore.
Now we have discussed the pros and cons I would like to focus about the cons of both solutions.
If you take a look at the cons of PXE, I think the most difficult is the set-up of a high available solution of PXE and TFTP. Yes, it’s not the easiest one, but it is doable. Nick Rintalan wrote two excellent articles about it, about how you can set-up PXE/TFTP high available using different techniques. He goes into exact configuration settings for PXE/TFTP using Citrix NetScalers, so I’m just going to refer to those articles (I never had the opportunity to set-up a PXE/TFTP high available infrastructure using a NetScaler). The first article is called Load Balancing TFTP – Anything But Trivial, the second one is Load Balancing TFTP with NetScaler.
Taking a look at BDM I think that the first two cons are also not difficult as many people think. First connecting the BDM ISO to a virtual machine be easily scripted when having a knowledge of the possibilities of the Hypervisor. For example Andrew Morgan wrote a script for VMware vSphere to assign the ISO BDM automated, as stated in the article of Ingmar Verheij Who needs PXE for Citrix Provisioning Services.
Secondly the con that you need multiple BDM ISOs for multiple locations is actually not the truth. It’s true that you can only assign 4 IP addresses of PVS servers within the BDM utility, but the BDM also offers to use a DNS name.
When using the DNS name, the BDM need to have the possibility to contact the DNS server, so you need to specify the DNS server later in the BDM wizard or you need to assign DHCP options within the DHCP scope. Logically the last option is preferable, because you can manage this centrally. Beside this Option 3, you should (optionally) configure Option 15 Domain Name. I have seen environment that without Option 15 the name could not be resolved.
The last step is to add A records for all the PVS servers in your infrastructure within DNS, so the name can be resolved. As DNS automatically uses subnet affinity by default the PVS server in the same subnet of your target devices will be used as the server resolved. The found servers will be contacted one by one, so if one fails the next server in the list will be contacted. In this way you can have a single BDM for all target devices when you have more locations with PVS servers available.
The last con depends mostly on the use storage, the used hypervisor and the amount of client (target devices) you are connecting. This will depend for every customer, but take it into account when choosing a methodology.
There is no answer if you need to use the PXE/TFTP or BDM option to boot-up a PVS target device, again it depends. When the (network) infrastructure is not complex PXE/TFTP is good option and also with (lots of) physical devices PXE/TFTP will probably have the preference. If creating additional VLANs is possible PXE/TFTP in a separate VLAN is an easy implementation, that is also high available. BDM is easier for setting up a high available infrastructure where the (network) infrastructure is more complex and requires fewer components. Personally I have the preference for a BDM as this requires less components within the infrastructure and there are less point of contacts with other (mainly networks) components if you can make the ISO high available also based on the available storage techniques and used hypervisor.