Thursday, December 31, 2015

Windows enterprise ready deployment on SURFACE Pro4

The great Surface Pro4 device is out and due to its outstanding capabilities many companies consider to use it as a enterprise device. But therefore you want to deploy it also in an enterprise manner.

Lets see how this works.

Rule 1 for Surface is as with any other device.
Checkout recent history of firmware and drivers here.

Rule 2 you need something that allows you to boot from PXE over network

Option A: Use the Surface Pro3 dockingstation or Surface Dock. That allows you to boot via network cable from PXE with Gbit speed. Benefit of the Surface Dock is: You can update the firmware on the dock itself. Also it allows the user to choose their own viewangle (regarding the kickstand) on the Surface Pro 3/4 device.

Option B: Use the Surface Ethernet Adapter. This here supports PXE. This here is my favour. As in reality sometimes a user want to user a wired connection as well. So the user has at least one option to use the dock or the USB adapter to get a wired connection.

The Ethernet adapters in both solutions use the same chipset and provide identical functionality. Both adapters support gigabit connectivity for optimal performance during deployment, and both support the ability to boot from the network (PXE boot) without additional hardware.

Option C: You may use a 3rd party USB ethernet adapter. I dont recommend this as you have to add the adapter specific drivers first to an USB stick with an PE image you boot from stick. Then the PE integrated setup (e.g. MDT) can access the network. I would avoid this. 

Then there is another pitfall you have to keep in mind.
But this is not related to Surface in general. It is more related to the fact that slim tablets do not have wired PXE builtin.

Most PXE related deployment solutions check the MAC address to identify a machine. Then you have two options.

Option 1. Simply disable identification and allow deployment to all machines (known and unknown. Therefore I would protect your deployment e.g. through MDT with a password. Also make sure that the naming convention does not use MAC).

Option 2. Make use of MDT in general as MDT doet not use the MAC address to identify an individual computer. But you have to make sure that WDS where MDT is relying on allows unknown and known devices as well (Option in WDS server properties).

When you plan to use SCCM instead then there is even a higher dependency on this.
Please check out this BLOG.

The last question is how to tell the Surface to boot into the PXE boot.

To boot a Surface device from an alternative boot device, follow these steps:

  1. Ensure the Surface device is powered off.
  2. Press and hold the Volume Down button.
  3. Press and release the Power button.
  4. After the system begins to boot from the USB stick or Ethernet adapter, release the Volume Down button.

Note:  In addition to an Ethernet adapter, a keyboard must also be connected to the Surface device to enter the pre-installation environment and navigate the deployment wizard.
There would could be even more to share.
To get the full MS story you can also checkout this BLOG here.