Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Installing SecurePlatform on Computers without Optical Drives

In This Section:

General Procedure

Client Setup

Server Setup

To install SecurePlatform on computers without optical drives you must set up a server for network installation, and do some client setup on the host, on which SecurePlatform is being installed.

Note - We do not recommend that you use a system that was installed in a production environment. It should only be used as an Installation Server for SecurePlatform.

General Procedure

To perform the network installation:

  1. The client boots from the network, using the PXE network loader.
  2. The client sends a broadcast request, using the BOOTP protocol.
  3. The server responds to the client, by providing the client assigned IP address and a filename (pxelinux.0 by default), to which to download the PXE boot loader.
  4. The client downloads the PXE Boot Loader, using TFTP, and executes it.
  5. The PXE boot loader downloads a PXE configuration file from the server, containing the names of the kernel and the ramdisk that the client requires.
  6. The PXE boot loader downloads the kernel and the ramdisk.
  7. The kernel is run, using ramdisk as its environment.
  8. The Installer is executed.
  9. At this point the installation can be configured to load files from the FTP server.

    The client requirements are minimal. Only PXE is required.

    The server requires the following items to be installed:

    • DHCP daemon
    • TFTP daemon
    • PXE boot loader
    • Kernel
    • Ramdisk

Client Setup

On the client machine, enable the network boot, using PXE, from the BIOS setup. (It sometimes appears as DHCP.) The procedure differs from machine to machine. Consult specific machine documentation, if necessary.

Server Setup

The following setup details and instructions apply to a server running SecurePlatform, as its operating system. Setup on a server running a different OS may differ slightly.

Required Packages

The following packages are required for server setup:

  • DHCP daemon (located on the Check Point DVD and installed, by default, on SecurePlatform)
  • Xinetd (/SecurePlatform/RPMS/xinetd-2.3.11-4cp.i386.rpm on the Check Point DVD)
  • TFTP daemon (/SecurePlatform/RPMS/tftp-server-0.32-6cp.i386.rpm)
  • FTP server (/SecurePlatform/RPMS/ftpd-0.3.3-118.4cp.i386.rpm)
  • TCP-Wrappers package

    (/SecurePlatform/RPMS/tcp_wrappers-7.6-34.4cp.i386.rpm)

  • Kernel (can be found on the SecurePlatform DVD at /SecurePlatform/kernel)
  • Ramdisk (can be found on the SecurePlatform DVD at /SecurePlatform/ramdisk.pxe)

PXELINUX Configuration Files

/SecurePlatform/RPMS/tftp-server-0.32-6cp.i386.rpm includes a default configuration file (/tftpboot/pxelinux.cfg) that serves the kernel and ramdisk to any host. Because more than one system can be booted from the same server, the configuration file name depends on the IP address of the booting computer.

PXELINUX searches for its config file on the boot server:

  1. PXELINUX searches for its config file, using its own IP address, in upper case hexadecimal.
    For example: 192.0.2.91 -> C000025B
  2. If that file is not found, PXELINUX will remove one hex digit and try again.

    Ultimately, PXELINUX will try looking for a file named default (in lower case).

    For example: for 192.0.2.91, PXELINUX will try C000025B, C000025, C00002, C0000, C000, C00, C0, C, and default, in that order.

Assuming the kernel and ramdisk files are named kernel and ramdisk, the default configuration file that serves these to all clients will look like this:

default bootnet
label bootnet
kernel kernel
append initrd=ramdisk lang= devfs=nomount \
ramdisk_size=80024 console=tty0

Important -

  • For appliances and open servers without video cards:

    append initrd=ramdisk lang= devfs=nomount ramdisk_size=80024 console=ttyS0

  • For appliances and open servers with Video cards:

    append initrd=ramdisk lang= devfs=nomount \ramdisk_size=80024 console=tty0

The difference is in the last parameter.

DHCP Daemon Setup

To setup the DHCP Daemon, perform the following procedure:

  1. Enter the sysconfig utility and enable the DHCP server.
  2. Edit the daemon configuration file, found at /etc/dhcpd.conf.
    • The configuration file should include a subnet declaration, for each subnet that is connected to the DHCP server.
    • The configuration should include a host declaration, for each host that will use this server for remote installation.

    A sample configuration file follows:

subnet 192.0.2.0 netmask 255.255.255.0 {
 
}host foo {
 
# The client's MAC address
 
hardware ethernet xx:xx:xx:xx:xx:xx;
 
# The IP address that will be assigned to the
 
# client by this server
fixed-address 192.0.2.32;
 
# The file to upload
 
filename "/pxelinux.0";
 
}

TFTP and FTP Daemon Setup

To setup the TFTP and FTP Daemons:

  1. Install /SecurePlatform/RPMS/tcp_wrappers-7.6-34.4cp.i386.rpm (The TCP wrappers package)
  2. Install /SecurePlatform/RPMS/xinetd-2.3.11-4cp.i386.rpm. (The xinetd package is a prerequisite for the tftp-server and ftpd.)
  3. Install the TFTP Daemon RPM:

    # rpm -i/SecurePlatform/RPMS/tftp-server-0.32-6cp.i386.rpm

  4. Install the FTP Daemon RPM:

    # rpm -i/SecurePlatform/RPMS/ftpd-0.3.3-118.4cp.i386.rpm

  5. Force xinted to reread its configuration:

    # service xinetd restart

Hosting Installation Files

The installation files are hosted on an FTP server installed on SecurePlatform. During the installation process, you are asked to provide the following information:

Information Requested

Information Provided

IP of the installation server

IP of the SecurePlatform installation server

Credentials on that server

Administrator credentials

Path to the installation packages

Path to the SecurePlatform packages

You can also use different FTP servers, or HTTP servers, to host SecurePlatform installation files.

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print