Originally Posted by ActionParsnip 
Could use Ansible/Chef/Puppet
How would that work on an install? I’d think something like cobbler would be needed, but all of these don’t work when system are on remote networks, disconnected from the control server.
I had to support 25K laptops in 1200 physical locations. Not Linux. What we ended up doing was signing a contract with the support vendor to have every laptop shipped to their remote location (2000km from our region) where they’d handle the install (no encrypted storage) using a “golden image”. We had purchased 10% extra laptops to support normal breakage/fix cycles and rotated through all the laptops over a few months. So the day before they’d ship their laptop, they’d get a replacement with the fresh everything. The shipped laptop would be put into the list to be shipped to someone else.
These laptops were only “sometimes connected”, so we had a separate patching team to keep them updated. Turned out that patching was 50% of the problem. The other 50% was reporting correctly that the patches had been installed. For that “other OS”, seems both the patch and reporting systems were hit or miss and miss happened about 20% of the time. That company should be embarrassed to sell crap code like that.
Needing encrypted storage – what do you mean by that. Is it boot encrypted that has to be handled during install or just 1 encrypted area for data that is easy to add post-install. Does a TPM chip need to be connected to the encrypted storage? Will some 2FA device be connected? How many users does each device have, so will multiple LUKS slits need to be setup? If this is a corporate environment, then you’ll want the corporate IT key to be added to one of those slots, that’s certain.
With LUKS encryption that needs to be unlocked at boot, that means you’ll need some sort of console switch for remote management later. If you have that, then you could perform the remote installs yourself and automate that. pi-kvm is one answer. We’re talking about a DRAC/RIBLO equiv for normal desktops. With that, you can actually have your local USB storage presented on the remote system and perform an install. Alas, the pi-kvm device is $200+ each, but if you have just 50 locations, perhaps that’s a good option?
How many locations and how many people/computers are involved? The solution for 50 is very different than the solution for 5000.
Those are the main questions I have.
BTW, I think it sucks that Canonical decided to break autoinstalls, but when they switched to “live” installs, I guess it was necessary. There are lots of missing enterprise features in the Ubuntu solutions list, not just automatic installations.