4.5 C
New York
Sunday, January 14, 2024

Deep dive establishing a Lenovo cloud repository in an Azure file share

In a earlier submit, I walked by just a few steps on how you can host an Replace Retriever repository in an Azure blob storage.  This concerned downloading the updates to an area machine, copying them to the blob, and configuring Skinny Installer on the consumer to drag these updates down.

An alternative choice is the Lenovo cloud repository characteristic in Replace Retriever.  By selecting this feature, solely the package deal XML’s will probably be downloaded to the repository whereas the complete content material will probably be hosted by Lenovo.  Should you’re shifting your on-prem repository to the cloud, this feature will most positively lower down storage prices as these XML’s are solely a few Kilobytes in measurement.

A couple of issues to notice earlier than exploring this route:

  • System Replace (model 5.07.0046 and later) is supported
  • Business Vantage is supported
  • Skinny Installer is NOT supported

Azure Storage Account

You will must create a new storage account first.  Through the creation, be sure to set the account type to StorageV2 since we’ll be utilizing this as an Azure file share
After creation, go to the brand new storage account and scroll all the way down to the File service part and click on File shares.  Click on +File share, give it a reputation and click on Create.

The URL of the share may be present in Properties

You will must pay attention to one of many Entry keys for the storage account, which will probably be used to in a while.  These may be discovered below Settings > Entry keys

Being that that is in a check tenant, I set the Storage account to be accessed from All networks.  You possibly can lock the entry all the way down to particular vNets and/or IP ranges below Settings > Firewalls and digital networks.

Replace Retriever

Set up the newest model of Replace Retriever on a technician system.  We’ll use cmdkey to retailer the Azure storage account credentials.  Launch PowerShell and enter the next command (changing the storage account identify and entry key):
Invoke-Expression -Command "cmdkey /add:<storageaccountname>.file.core.home windows.web /person:Azure<storageaccountname> /go:<accesskey>"
You must see cmdkey return a Credential added efficiently message.  You possibly can confirm by opening Credential Supervisor and looking out below Home windows Credentials.

Now, launch Replace Retriever and choose Lenovo Cloud repository.  As a substitute of getting into the URL of the file share, enter it as a UNC path:

Set some other choices and click on Proceed.  You might even see a spinning wheel for a bit however will finally proceed to the Get new updates display.  Right here you may add your MTM’s and examine for updates.  You must see Replace Retriever hook up with your Azure file share and obtain content material.

Should you look in Occasion Viewer below Purposes and Providers Logs > Lenovo > ThinkVantage > UpdateRetriever and look by the That is the operational log of ThinkVantage UpdateRetriever log, you will see Occasions like this:

Again within the Azure portal, navigate to your file share and it is best to now see the entire package deal ID directories with corresponding .xml’s, in addition to the database.xml.

Consumer-side Config
I’ll construct off the earlier submit, Managing System Replace with Intune, and add yet one more requirement right here.  We have to add and deploy a PowerShell script so as to add the Azure storage account credentials on the consumer.  Sadly, SAS tokens aren’t supported with SMB entry so you will have to make use of the Storage Account Entry Key.

Copy the identical command that was used earlier right into a .ps1 file and add it by navigating to Intune > Machine Configuration > Scripts within the Azure portal.  

Set the Script settings to:

Run this script utilizing the logged on credentials – Sure
Run script in 64 bit PowerShell host – Sure

Assign to a gaggle.

I’ve already set my System Replace scheduled activity, as described within the System Replace Suite and MEM submit.

To verify every part works, I manually begin the scheduled activity and monitor the tvsu_<timestamp>.log which may be discovered below %ProgramDatapercentLenovoSystemUpdatelogs

I can see the consumer connects to the repository and finds the database.xml

And additional down the log, as soon as the consumer parses by the database.xml for relevant updates, the packages are downloaded from Lenovo

I’ve set my AdminCommandLine to checklist the updates so I can choose which of them to put in.

/CM -search A -action LIST -includerebootpackages 3,5 -noreboot -noicon -exporttowmi

And this is a screenshot of updates which can be relevant to obtain and set up

Should you’re utilizing Business Vantage, make sure you’ve configured the Native Repository GPO to level to the UNC of your Azure File Share.

Supply hyperlink

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles