|
|
|
|||||||||
 | |||||||||
|
In addition to PXE on the client PC, there are several PXE server components designed to work in conjunction with a Dynamic Host Configuration Protocol (DHCP) server. The network must include a PXE server. The PXE server can be on the same server as DHCP or on a different server, so you can add PXE to an existing network without affecting the existing DHCP server or configuration. The PXE server watches for DHCP discovery requests that include a special tag identifying the client as a PXE client. If the discovery request includes the tag, the PXE server replies to the client with configuration information, including the name of a boot image file. The boot image file is transferred to the client using TFTP, and this file is then used to boot the client.
Wired for Management includes other features that can be used with PXE. One that's very useful is Remote Wake Up, which can remotely power on a client PC. The client can be powered on, managed, and shut down, all from the administrator's desk. Updates can be scheduled to occur overnight, while the network is idle, avoiding user interruptions during the day. For security, PXE can use Boot Integrity Services (BIS), which is also part of the WfM 2.0 specification. Using digital signatures and public key cryptography, BIS allows the PXE client to validate the image it received and confirm that the image was from a secure and trusted source. This prevents clients booting from a rogue server that might damage or infect a client PC. For a system to use BIS, it must have a BIS-enabled BIOS. When the system administrator first configures the client PC, they record a public key in the system's non-volatile memory storage. The server software must also support BIS to create the digital signatures it uses to validate the server. When PXE boots a client PC, it checks to see if the BIOS supports BIS. If it does, it then uses BIS to validate the information from the server. BIS only validates the server; it does not encrypt the boot image file. |
