Integration of PXE-based Desktop Solutions into Broadband Access Networks Tiago Cruz1, Paulo Simões1, Fernando Bastos2, Edmundo Monteiro1 1DEI-CISUC, University of Coimbra 2PT Inovação Coimbra, Portugal Aveiro, Portugal {tjcruz, psimoes, edmundo}@dei.uc.pt [email protected] Abstract — Presently there is a lack of remote desktop user data and access applications in the cloud. Netbooks, management solutions for domestic and SOHO users connected tablets and some smartphone platforms are now specifically to broadband access networks. This contrasts with the enterprise designed as thin computing devices. LAN environment, where there are several standards, resources At the present evolution stage, even if many users could and frameworks for PC or thin-client management. Among these, already permanently live and work on a cloud environment, one specific remote boot technology – the Preboot eXecution Environment (PXE) [1] – is now the basis for a wide array of traditional applications are still the norm on many usage LAN-wide desktop management applications. categories. As an example, even if some office and In this context, integrating PXE-based solutions into productivity suites are already offered as a service (e.g. broadband access networks would allow novel management Google Docs [2], Zoho [3]), they remain somewhat limited in paradigms, targeting not just domestic end-users but also comparison to their traditional, locally deployed counterparts, telecommuters working from their homes and small businesses in terms of features, functionality and usability. Also, some which are too small for local deployment of full-fledged traditional applications are starting to embed support for cloud enterprise desktop management platforms. service components (e.g. Microsoft Office suite [4]) but In this paper we propose a solution that brings the benefits of without replacing the traditional desktop computing model by managed desktop computing to home users, telecommuters and cloud computing. Instead, these two approaches will likely small businesses by integrating PXE technologies into broadband coexist, cooperate and merge with each other. access network environments. In addition, we also propose a The mainstream desktop device is still the standalone PC, desktop services delivery model capable of efficiently providing a secure and quality managed desktop experience to domestic and with a Total Cost of Ownership (TCO) that may largely SOHO end-users, using a PXE-based thin-client platform for exceed its initial acquisition cost, when including maintenance broadband environments that can replace a full-fledged PC and indirect costs. Organizations with dozens, hundreds or whilst maintaining most of its benefits. thousands of PCs feel this problem in a much bigger scale. For them, the industry created specific standards and tools for Keywords — PXE, Access Networks, CWMP/TR-069, DaaS enhanced desktop management. Managed PCs and thin-clients are both a result of those efforts. I. INTRODUCTION Yet, most of those technologies were developed for Regarded as the logical evolution beyond the centralized corporate LAN environments, leaving out domestic, Small (mainframe-based) and client-server paradigms, cloud Office Home Office (SOHO) users or even small computing is a somewhat vague term (more of a metaphor) organizations served by commodity broadband Internet that encompasses a wide array of technologies and concepts services. For these situations, existing alternatives are limited: that work together to allow the delivery and consumption of • Unmanaged standalone PCs, with a significant TCO services hosted and supported by remote data centers overhead and unable to be remotely diagnosed or recovered (providing dynamically scalable and often virtualized from bare metal, in case of critical failures. computing resources) to another service or an end-user, • generally using a web browser as a universal client. Standalone Intel vPro–certified [5] PCs with embedded out- of-band desktop management capabilities. However, vPro However, the fundamental cloud computing concept of is targeted towards conventional PCs and is only available delivering everything-as-a-service is heavily dependent on the on limited hardware and firmware combinations. existence of reliable and capable data pipes connecting • providers to service consumers. As such, cloud computing In the case of telecommuters or remote branches of larger owes much of its success to the increasingly available high- organizations, the use of remote desktop protocols – such as speed commodity broadband access networks (fixed and Microsoft’s Remote Desktop Protocol (RDP) [6], Citrix mobile) without which it would be an unfeasible proposition. Independent Computing Architecture (ICA) [7] or Virtual Network Computing (VNC) [8] – over SSH [9], SSL/TLS Also, the widespread availability of broadband network [10] or VPN tunnels on PCs or thin-clients. However, access, together with cloud services, spawned a new breed of depending on the VPN technology, thin clients can be thin-computing devices that heavily rely on such services. tricky to configure – alternatively the VPN client could be Instead of using the traditional model – where data and configured on the broadband router, an operation that might applications reside on the device itself – those devices store also require technical skills lacked by most users. • Web appliances. However, despite recent developments, these appliances are still unsuitable for many applications and may represent, by themselves, a management problem. Part of these problems might be addressed using remote boot Figure 1: PXE boot ROM API. technology. Until recently, network boot over access networks PXE-compliant Boot ROMs provide the means to control the was unfeasible due to bandwidth limitations. However, with boot process in order to download and execute either a full- broadband access networks bandwidth steadily increasing, this blown OS or just a small pre-boot management agent for restriction is disappearing, shifting the focus to the remaining diagnostic or pre-staging purposes. Through the use of PXE it obstacles – like the fact that PXE [1], the standard remote is possible to configure a desktop PC boot sequence to be network boot protocol, uses mechanisms such as the Dynamic preceded by a PXE boot attempt before using local mass Host Configuration Protocol (DHCP [11]) and the Trivial File storage devices, making it possible to download and boot a Transfer Protocol (TFTP [12]) in ways that make it unsuitable remote OS or a remote agent (in order to initiate maintenance for naked use over access networks or WAN links. tasks) or to proceed with the normal boot sequence from local In this paper we propose a solution for integrating PXE storage. Alternatively, it is possible to configure PXE boot to technology on broadband access networks, in order to allow be attempted only in case of local storage device failure (as a for better management of existing desktops and to enable the recovery mechanism). The operation of a PXE boot ROM creation of completely stateless thin-client devices capable of follows a simple three-stage process (Figure 2): securely booting a remote OS over broadband links. • IP subsystem initialization. The PXE Boot ROM gets a First we present a solution to overcome PXE limitations on valid IP via the DHCP protocol (1,2), together with DHCP access networks. In this perspective we also discuss how to option tags that identify the presence of PXE support at the integrate PXE support in the Internet Service Provider (ISP) DHCP server level, together with the location of the TFTP management infrastructure – making use of the CPE WAN server and the file name of the NBP to be downloaded. Management Protocol (CWMP) [13] to control PXE-related • TFTP download of the NBP (3,4), using TFTP. service parameters on the user’s access router. Next we • discuss application models for this solution, presenting Execution of the downloaded NBP agent (5,6,7). specific use cases where it can be used to remotely manage desktops, providing boot support for install, recovery or update procedures. We also discuss how to implement a completely stateless thin-client – thus enabling a complete end-to-end Desktop-as-a-Service model (DaaS) based on remote desktop technologies and boot-time downloaded OS. The rest of this paper is organized as follows. Section 2 discusses the PXE protocol and its usage on access networks. Section 3 discusses how to integrate CWMP-based access network management with PXE-enabled desktop management. Section 4 addresses application scenarios and Section 5 discusses implementation and validation. Section 6 Figure 2: PXE Agent Download Process. discusses related work and Section 7 concludes the paper. B. The problem with PXE on access networks When originally conceived, using PXE outside LAN II. INTEGRATION OF PXE ON ACCESS ENVIRONMENTS environments was not envisaged, since the download latency PXE is a Network Boot firmware extension for PC BIOS would be too high, even for small boot agents with limited created in the context of the Intel Boot Initiative. Supported by functionality. Meanwhile this assumption has been challenged most Network Interface Cards, it is a de facto standard for by broadband Internet access technologies like Asymmetric network boot. It was originally conceived as a special piece of Digital Subscriber Line (ADSL) and Gigabit Passive Optical firmware (the PXE boot ROM) that allowed to use the network Networks (GPON)