Cloud OS Deployment, Part 2 – Bare Metal Deployment via MDT from the Cloud

In Cloud OS Deployment, Part 1, you learned how to run MDT task sequences via Microsoft Intune for Computer Refresh and Inplace Upgrade / Windows 10 Servicing scenarios. In this part you learn how to do bare metal deployments over Internet (http/https), with, or without any other corporate infrastructure.

TL;DR

By setting up a VM in Azure/AWS, install Windows ADK and MDT on it, extend MDT with the open source PowerShell Deployment (PSD) extension and boot from WinPE, you can do bare metal deployments over Internet.

The Cloud OSD Challenge – Starting the deployment

While setting up a VM in Azure or AWS with MDT and PSD is somewhat straight forward, simply follow the PSD setup guide, the challenge is how to actually start the deployment without any local infrastructure. Using native Microsoft technologies you are currently more or less limited to creating a USB stick holding the MDT boot media, and boot the computer on that one. Once booted, the MDT boot media will connect to the MDT server in Azure or AWS and start the deployment.

Step 1 – Setting up the MDT Server and extend with PSD

It's been a little while since we (a few deployment geeks from 2Pint Software and TrueSec) created the open source PSD extension, but it's quick to setup, and if you know MDT already you have a good head start.

Disclaimer: The PSD extension in its current state is experimental at best, and the docs is kind of in worse shape than the code, but it does extend MDT to allow for bare metal deployment via http/https, supports driver injection, and applications. Also, PSD currently only supports bare metal deployment scenarios with no domain join for deployments over Internet.

Anyway, and again, for details of setting up MDT with the PSD extension, follow the guides in the PSD Documentation. Below are the high-level steps you need to do.

  • Create a Windows Server 2016 or Windows Server 2019 VM in Azure/AWS. Pick at a VM template with at least 2 CPUs, 4 GB RAM, and 200 GB disk. This VM is the MDT Server, and can either be a standalone workgroup VM, or part of a larger infrastructure in Azure/AWS.
  • In the Azure/AWS firewall, open port 443 (https) inbound. And yes, http is also supported, but please use https for deployment over Internet.
  • Install MDT, Windows ADK and the WinPE Addon the MDT Server
  • Download the PSD GitHub repository, and follow the installation guides in the PSD Documentation.
  • Start with getting the PSD deployment share created using the steps in the PowerShell Deployment – Installation Guide document.
  • Then enable HTTP or HTTPS (recommended) via the PowerShell Deployment – IIS Configuration Guide document.
  • Optional – Configure the optional BranchCache (P2P) support by following the steps in the PowerShell Deployment – BranchCache Installation Guide document.
  • Using the MDT Deployment Workbench, import an operating system, import some applications, drivers, and create a task sequence using one of the PSD templates.

Note: Unlike the normal MDT behavior, for PSD, after importing drivers to the Deployment Workbench, you need to run the New-PSDDriverPackage.ps1 script to generate the compressed driver packages used by PSD.

The MDT Workbench with a Windows 10 2004 task sequence.
The Set DriverGroup001 modified for Windows 10 2004.
Imaging a computer from a HTTPS location.

Step 2 – Creating the boot media

Once the MDT server setup is done, you need to create a USB stick and send the location where machines should be deployed. Or even better, have the staff/user on the location just download the boot image ISO, and create the USB stick themselves via tools like Rufus or plain PowerShell.

Going Fancy #1 – Booting via Wireless

While WinPE does not support wireless by default, limited support can be added with some creativity 🙂 See this post by Brooks Peppin: https://brookspeppin.com/2019/06/06/enable-full-wifi-support-in-winpe-for-dell-systems-in-mdt/

Going Fancy #2 – Adding Internet PXE and P2P Support

Its a shameless plug for sure (since I work there), but via solutions from 2Pint Software you can extend the MDT/PSD platform with an Internet-based PXE server (not free), as well as P2P support via BranchCache (free).

Having central PXE support simplifies updates and downloads of the MDT boot image, and adding support for BranchCache reduces the network impact if you are deploying a few machines at the same location. Basically only one client need to download the image, and then it can share that image with others in that location.

PSD Credits

The PSD open source extension for MDT was developed by the following people:

  • Michael Niehaus
  • Mikael Nystrom
  • Johan Arwidmark
  • Andreas Hammarskjold
  • Steve Campbell
  • Jordan Benzing
About the author

Johan Arwidmark

5 1 vote
Article Rating
Subscribe
Notify of
guest
14 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
ReneMP
ReneMP
1 month ago

Hi Johan, I've downloaded OSDToolkit and create a folder: PSDResources\Plugins\OSDToolkit, but on the regular task MDT fails, It cannot find a file. Do you know how this folder structure should look like?
I'm also missing: Set-PSDBootImage2PintEnabled.log when regenerating the boot ISO.

Radoslav
Radoslav
3 months ago

Hey Guys! I've been reading and been interested in that kind of solution for a very long time and good I've found it here. Everything is setup and deploying a TS with only OS looks good, but whenever I try to add Application it keeps failing with "Incorrect Function 00000001 Source Windows". I have also noticed that if I want to apply a provisioning package offline, which happens right after OS gets expanded, execution of the command fails with File cannot be found. What I noticed is that PSD stores files in MININT\Cache folder and looks like it gets cleaned… Read more »

Carlton
Carlton
9 months ago

Johan – Please disregard my last two posts. My issue turned out to be that I had dynamic memory enabled for the Hyper-V VM I was using. Once I turned that off it worked great. Thanks for this series of articles and your contributions to PSD!!!

Carlton
Carlton
9 months ago

Johan – please disregard my last post. I pasted a screenshot in and it didn't work. I'm attaching the image so you can see the message I'm getting. I'm able to boot from the ISO in Hyper-V VM, but it gets stuck at "Checking for a valid network configuration". Thanks for creating this post!.

Capture.PNG
Scott Schmidt
Scott Schmidt
9 months ago

After completing the setup instructions, from both here and the Brooks Peppin site, it looks like my PE environment is having an issue loading the PSD tools (ISO Boot Hyper-V Gen 1 Machine). I have tried with FQDN, IP, CERT, no Cert Any advice or pointers would be much appreciated. Thanks in Advance –

Thomas
Thomas
10 months ago

ah seen in part 3…sorry

Thomas
Thomas
10 months ago

Hello Johan, great article, would the same way or similar way ( create bootstick) also work for MECM Cloud management gateway/ dp or might there be a general issue ?

br thomas

Ant Pro
Ant Pro
1 year ago

I've setup PSD but it does not automatically load the new task sequence menu, i have to manually start the start.ps1 script from a command prompt and it does not complete the full task sequenc, any ideas why?

trackback

[…] and enables remote re-imaging scenarios which are even more important in today's environment. Johan and Donna have great blogs on this so you should check those out. I'll just be adding more […]


>