The following article describes the process for preparing an OS and capturing an OS image ready for remote deployment, as described in Remote OS Image Management - Deploy/Restore.
Before capturing the image for deployment, additional customization can be performed. For example:
- Installation of drivers
- Installation/updates of application software
- User configuration
- Security configuration
When using Remote Management, any OS images captured must contain the correct SquareOne Agent and certificate components to allow secure remote communications to continue after a system is updated to this new image.
Install SquareOne Agent
When capturing an image with the SquareOne Recovery Tool, a warning will be displayed if the image does not contain the required SquareOne Agent components.
Install the SquareOne Agent as described in Installation of Agent on Windows Devices or Installation of Agent on Linux Devices, however, do not install device certificates at this point.
SquareOne uses certificate and keys to securely register devices to the system. These can be assigned on a per-device basis, or for a batch (multiple devices using the same certificate). The following sections provide guidance on when to include these in captured images.
Single Device Certificate/Key
If using individual device certificates/keys, these should not be included in the captured image. When individual certificates and keys are provisioned to each device, they will be stored appropriately so that updated OS images can be deployed without having to re-register.
If using a batch certificate/key, these may be included in the image so that devices receiving the OS image for the first time (e.g. through a local imaging process) can register with the SquareOne system.
To achieve this, the device certificate/key pair must be installed just before capturing the image for wider deployment, without registration taking place. Undertake the following steps:
- Stop the SquareOne Edge Client service from running (using the ‘Services’ application, Windows->Run->”services.msc”).
- The service will be named SquareOne Edge Client.
- Do not change the Startup Type, it needs to restart on next boot.
- Copy the certificate (pem) and key (device_private_key.pem) to the device (C:\ProgramData\SquareOne\IqEdge) as described in the section “Installing Key/Cert in Windows” in Manual Key/Cert Installation
- If required, follow the SysPrep instructions below.
- Shut down the system.
Note: If a certificate/key pair has been included in the image, it is important that the device does not boot back into Windows at this point as the device may register prematurely and move the certificates to the Provisioning folder.
Generalizing the Installation (SysPrep)
To deploy a new OS to multiple devices it must be generalized so that computer specific information is removed from the image. This includes the internal computer security identifier (SID) and the Computer Name. For more detailed information, refer to the Microsoft online documentation: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation?view=windows-10
Once the above preparation is complete, capture the OS using the SquareOne OS Recovery Tool, running either from a USB stick or Recovery Partition.
Once the OS Image has been captured, it may be deployed locally (see Local OS Image Management) or remotely (see Remote OS Image Management - Deploy/Restore)