Microsoft Deployment Toolkit (MDT) is a software package primarily used to deploy images to a large number of physical machines. MDT, unlike its big brother System Configuration Manager (SCCM), is a free product by Microsoft and is relatively simple to use. It runs on a dedicated Windows Server (physical or virtual) and contains a set of Visual Basic Scripts that direct MDT to execute instructions on the target machine.
In this post, I’ll briefly define the scope and capabilities of MDT, as well as summarize its benefits and potential costs.
MDT Image Deployment
Image deployment in MDT is defined by task sequences, which are a set of instructions that tell the program how to create or deploy an image. For example, a task sequence can be created that will deploy an operating system and perform Windows updates on a reference virtual machine. That image can then be captured using a “Sysprep and Capture” task sequence. The image is captured in a standard WIM (Windows Image Format), at which point the fully patched image can be deployed to a target physical machine. When the system administrator is ready to deploy an image on a target machine, he or she will mount the LiteTouch ISO to a USB stick and boot to that media. This installation media contains a Windows Preinstallation Environment (WinPE) which is used to push an image to the target machine without interference from the underlying operating system.
When the reference virtual machine has no third-party applications installed on top of the operating system, this is known as a “thin” image. Sometimes a company has already adopted a set of standard applications for a specific department, so a “thick” image may be more useful since they would already contain the applications on top of the fully patched operating system. A hybrid approach to image deployment is to install applications after the operating system is installed and patched. Applications can be “added” to the Deployment Workbench (MMC snap-in) on the MDT server, which can then be added to a task sequence. In MDT 2013, a new task sequence was adopted known as a “Post OS Installation Task Sequence.” For physical machines that already ship with a fully patched operating system, a Post OS Installation Task Sequence can be used to install third party applications, unattended.
Benefits of MDT
Now that we have a basic understanding of the inner workings of MDT, let’s dig into some of the benefits.
The primary advantage of adopting MDT is simply that it is a free product supported by Microsoft. As such, product support will come by submitting questions to Microsoft’s TechNet forums where they will be answered by qualified MDT specialists. Phone support is available at additional cost but should not be necessary. Because this is a Microsoft product, it is practical for any Windows-based IT shop. Its integration with Hyper-V and VMware virtual machines is straightforward, although ease of use favors Hyper-V since it is a Microsoft product and has more direct integration with WIM and VHDX image files.
Another perk: Ongoing maintenance is minimal. Once the MDT environment is set up, hardware drivers and applications are imported, task sequences are created, and reference virtual machines are configured. The system administrator should only have to patch virtual machines on occasion, and updates to applications will be infrequent. However, it should be noted that adoption of thick images creates additional complexity since it will require numerous reference virtual machines and the maintenance of applications on these machines. For this reason, Microsoft consultants generally recommend adopting the thin or hybrid image approach.
Finally, it’s important to note that hardware drivers are often provided by major notebook and desktop vendors like Lenovo, Dell, HP, etc. These drivers are wrapped in CAB files that can be imported directly into the MDT Workbench. These drivers are maintained by the vendors and updated frequently. Moreover, MDT allows for dynamic driver selection by querying the target physical machine for make and model, and then deploying hardware drivers for that specific model computer (example: Dell Latitude D430) to the target machine.
Potential Costs of MDT
While a free product, using MDT will incur some indirect costs. Perhaps the biggest of these is the time forgone in order to successfully implement MDT. Many companies choose not to adopt MDT simply because the learning curve of any new technology is deemed too steep. Many of today’s IT shops are stretched very thin and simply do not have the time, manpower or resources to adopt a new methodology.
Speaking of resources, the product still requires at least one physical server and one Windows Server 2012 license to get up and running. Furthermore, additional reference virtual machines will add additional licenses costs, although they’ll be minimal in a thin image scenario.
Another caveat to consider is that MDT is generally used in smaller-to medium-sized environments (less than 500 machines). While it can be used in larger environments, the LiteTouch interface could eventually become cumbersome, especially in a large virtual desktop environment. MDT, unlike the paid product SCCM, is not a zero-touch deployment product. It requires the user to click through a “wizard,” hence the reason why the free product is called LiteTouch. While this may be seen as more of a limitation than a cost, it will eventually cost the system administrator time since deployment will take longer as the number of target machines increases.
Overall, the benefits of adopting MDT far exceed the costs in most cases. MDT is a product that is 10 years in the making and has the backing of Microsoft. It is also important to note that while successful adoption is gratifying, getting to that point will require a great deal of determination, patience, and willingness to explore new areas. For organizations with limited IT staff, it might make sense to seek out a consultant to help strategize and plan the implementation of MDT.