PXE Everywhere

About PXE Everywhere

PXE Everywhere provides the ability to network boot PCs from peer PCs instead of Configuration Manager PXE Service Points, that is, Distribution Points with the PXE role enabled. Using PXE Everywhere removes the overhead of supporting dedicated PXE servers on branch networks.

PXE Everywhere allows computers to automatically boot up into Windows PE, which then allows a Windows Operating System to be installed. The following deployment scenarios are supported when installing a Windows OS image.

  • For the first time, the new computer scenario, sometimes known as bare-metal.

  • When the current OS is not bootable, often referred to as break-fix.

  • When the current OS can be wiped and there is no requirement to retain user data, for example, when preparing a previously used computer for a new user.

Typically this is achieved using either USB media or booting directly from the network using the Pre-Execution Environment (PXE) code built in to the network adapter. Booting from the network requires one or more PXE servers to be implemented that serve the Windows PE boot image to the booting PXE client.

PXE Everywhere Central Server

PXE Everywhere Central is a web service that the PXE Everywhere Agents contact to determine if the booting PXE client requires a boot image. It does this by checking the Configuration Manager database to determine if there are any OS Deployment Task Sequences deployed to the booting PXE client (identified by that client's MAC address and SMBIOS GUID).

The web service component of the PXE Everywhere Central Service can be installed on any IIS server that has good connectivity to the Configuration Manager Database server (it can be installed on the Configuration Manager site server if IIS is installed). PXE Everywhere Central also includes boot image tools, which can be installed on any system that has the Configuration Manager Console installed.

Refer to Installing PXE Everywhere Central.

PXE Everywhere Agent

PXE Everywhere Agent is a client module of the 1E Client (introduced in 1E Client 5.1 for PXE Everywhere v4.0). It is installed on all (or as many as you want) computers. It establishes a lightweight PXE service which listens for PXE boot requests broadcast on the local subnet. By default, the Agent listens on port 67, but will listen instead on port 2067 if the Agent has been configured to run in an environment that has DHCP Snooping enabled.

When intercepted, the agents will initiate an election and the elected agent will check, via the PXE Everywhere Central server, if there are any OS Deployment Task Sequences deployed to the booting PXE client. If so, the Agents will initiate a second election to determine the best agent to serve the Windows PE boot image to the booting PXE peer. The elected agent then responds to the booting PXE client with an offer of the boot image, which the PXE client then downloads over TFTP and boots into to start the Task Sequence.

Refer to Installing PXE Everywhere Agents.

PXE Everywhere Responder

PXE Everywhere Responder has its own installer (introduced in v4.0). It is only required to support networks that have DHCP Snooping enabled. DHCP snooping prevents PXE Everywhere Agents from receiving or responding to PXE requests on the standard UDP ports (67 & 68). As the PXE code built into the network adapter always broadcasts PXE requests on UDP port 67, it is necessary to load a custom boot loader from an authorized source (the PXE Everywhere Responder) that can then broadcast another request on the custom UDP port that is not blocked by the network switch and on which the Agents are configured to listen

Once the PXE Everywhere Agents intercept these requests on the custom port, the functionality of the agents remains the same as if DHCP snooping were not enabled. The network routers (IP helpers) must be configured to forward DHCP packets to the Responder and DHCP Snooping must be configured on network switches to authorize the Responder to receive and respond to DHCP requests. Booting PXE clients will always download the custom, light-weight boot loader (51KB) from the Responder but will download the much larger Windows PE boot image from a local peer.

You can implement a single PXE Everywhere Responder for all clients, or you may prefer to implement regional or more localized Responders throughout your network. In either case, you will need to configure router IP helpers wherever DHCP Snooping is used, ensuring that the network configuration enables the designated Responder to receive and respond to PXE requests generated by PXE clients.

Refer to Installing PXE Everywhere Responder.

Implementing PXE in Configuration Manager

Implementing PXE in Configuration Manager requires DPs with the PXE role enabled. To avoid PXE clients downloading the Windows PE boot image (anything upwards of 200MB) over the WAN, DPs need to be located wherever you need to use PXE. It is unlikely that you have Distribution Points in every location, especially if you are using Content Distribution to eliminate remote Distribution Points. As PXE requests are broadcast on the local subnet, if there is no PXE server on the local subnet you need to configure IP helpers on routers to forward the PXE requests to the PXE server. The PXE client will then try to download the Windows PE boot image from the PXE server over the WAN, which can take hours on slow links and provides no bandwidth management.

PXE Everywhere addresses this issue by implementing a lightweight PXE server (the PXE Everywhere agent) on computers, enabling you to eliminate Configuration Manager PXE servers and instead make every computer (or as many as you want) on the network a potential PXE server. Each subnet therefore has one or more PXE servers available to serve the Windows PE boot image so there is no router configuration required unless DHCP Snooping is enabled, and the Windows PE boot image is not downloaded over the WAN. The boot image can be staged on the PXE Everywhere agent machines using Nomad, which ensures the boot image can be safely transferred to remote subnets ahead of deployments without slowing down other traffic on the network.

When a PXE client boots up, the PXE request is intercepted by each of the PXE Everywhere agents. These agents then elect one agent to check with Configuration Manager to see if there are any OS deployments targeted at the booting PXE client. If so, the PXE Everywhere agents will then hold a second election to determine which PXE Everywhere agent should respond to the booting PXE client. The elected agent sends the response and the booting PXE client downloads the boot image from the elected agent. PXE Everywhere supports booting BIOS and UEFI systems. It integrates with Configuration Manager and works with your existing OS Deployment Task Sequences.

After PXE Everywhere installation and setup

During operation, the PXE-booting of machines runs through the following sequence, as illustrated.

  1. PXE Boot me (67). When the PXE client boots, it performs the normal DHCP request to get an IP address and also sends a normal PXE request

  2. Elect the initial Agent. The PXE Everywhere Agents on the local subnet intercept the PXE request and elect a candidate for servicing the request.

  3. What should I do? The elected Agent contacts the PXE Everywhere Central Server to find out whether the PXE client should be served a boot image.

  4. Any OS for PXE Client? The PXE Everywhere Central Server checks the Configuration Manager database to see if there are any OS deployment task sequences deployed to the PXE client matching its MAC address and / or SMBIOS GUID.

  5. Here's what to do. If a task sequence deployment is found, the PXE Everywhere Central Server replies to the elected Agent with the boot image ID referenced in the task sequence and information whether the deployment is mandatory or not. If more than one deployment is found, the last one is used. If no deployments are found, the Central Server indicates so in the reply.

  6. Elect the final Agent. Upon receiving the reply, the elected Agent holds a second election in the subnet to choose an Agent that will boot the PXE client. If an Agent other than itself wins the second election, the information received from Central Server is passed on to it.

  7. Boot or abort. The winner of the second election boots responds to the PXE client which boots as follows:

    • If a mandatory deployment was found, the PXE client is booted using the WinPE boot image referenced in the deployed task sequence.

    • If non-mandatory deployment was found, the PXE client is presented with an option to boot using a WinPE boot image, requiring user interaction at the machine.

    • If no deployments were found, the PXE-boot is aborted allowing the PXE client to boot to a local OS, if any.

When DHCP Snooping is enabled

When DHCP Snooping is enabled on the network, the above process changes slightly, as illustrated.

  1. PXE Boot me (67). When the PXE client boots, it performs the normal DHCP request to get an IP address and also sends a normal PXE request.

  2. Router forwards the request. The PXE request is forwarded to the PXE Everywhere Responder by an IP helper configured on the router.

  3. Offer the boot loader. The PXE Everywhere Responder offers the PXE client the appropriate (BIOS or UEFI) boot loader.

  4. Run the boot loader. The PXE client downloads the boot loader from the PXE Everywhere Responder and executes it.

  5. PXE boot me (2067). The boot loader broadcasts a new PXE request on the custom port (2067). The PXE Everywhere Agents are also configured to listen on this custom port.

  6. Standard PXE Everywhere PXE boot process. From this point on the process follows from step 2 in the standard process detailed above.

Refer to Support for networks with DHCP Snooping enabled and Design considerations