Apple | 95014-2084 | Mac OS X Server

Mac OS X Server
System Imaging and Software
Update Administration
For Version 10.5 Leopard
K Apple Inc.
© 2007 Apple Inc. All rights reserved.
The owner or authorized user of a valid copy of
Mac OS X Server software may reproduce this
publication for the purpose of learning to use such
software. No part of this publication may be reproduced
or transmitted for commercial purposes, such as selling
copies of this publication or for providing paid-for
support services.
Apple, the Apple logo, AppleShare, AppleTalk, Mac,
Macintosh, QuickTime, Xgrid, and Xserve are trademarks
of Apple Inc., registered in the U.S. and other countries.
Finder is a trademark of Apple Inc.
.Adobe and PostScript are trademarks of Adobe Systems
Incorporated.
Intel, Intel Core, Xeon are trademarks of Intel Corp. in the
U.S. and other countries.
Every effort has been made to ensure that the
information in this manual is accurate. Apple Inc., is not
responsible for printing or clerical errors.
PowerPC™ and the PowerPC logo™ are trademarks of
International Business Machines Corporation, used
under license therefrom.
Apple
1 Infinite Loop
Cupertino CA 95014-2084
www.apple.com
UNIX is a registered trademark of The Open Group.
The Apple logo is a trademark of Apple Inc., registered
in the U.S. and other countries. Use of the “keyboard”
Apple logo (Option-Shift-K) for commercial purposes
without the prior written consent of Apple may
constitute trademark infringement and unfair
competition in violation of federal and state laws.
Other company and product names mentioned herein
are trademarks of their respective companies. Mention
of third-party products is for informational purposes
only and constitutes neither an endorsement nor a
recommendation. Apple assumes no responsibility with
regard to the performance or use of these products.
019-0944/2007-09-01
1
Preface
9
9
9
10
10
11
12
12
13
13
Part I
Chapter 1
Contents
About This Guide
What’s New in System Imaging and Software Update
What’s in This Guide
Using This Guide
Using Onscreen Help
Mac OS X Server Administration Guides
Viewing PDF Guides on Screen
Printing PDF Guides
Getting Documentation Updates
Getting Additional Information
System Imaging Administration
17
18
18
18
19
19
19
20
21
21
22
22
22
22
23
23
24
24
24
Understanding System Imaging
Inside NetBoot Service
Disk Images
NetBoot Share Points
Using NetBoot and NetInstall Images on Other Servers
Client Information File
Shadow Files
NetBoot Image Folder
Property List File
Boot Server Discovery Protocol (BSDP)
BootP Server
Boot Files
Trivial File Transfer Protocol
Using Images Stored on Other Servers
Security
NetInstall Images
Tools for Managing NetBoot Service
Server Admin
Workgroup Manager
3
25
25
4
System Image Utility
Command-Line Tools
Chapter 2
27
27
27
27
29
30
31
32
32
33
34
34
34
35
36
36
37
37
38
38
38
39
39
40
41
41
41
Creating NetBoot and NetInstall Images
Using System Image Utility
Creating Images
Creating NetBoot Images
Creating NetInstall Images
Creating an Image from a Configured Computer
Understanding Workflows
Workflow Components
Configuring the Customize Package Selection Action
Configuring the Define Image Source Action
Configuring the Add Packages and Post-Install Scripts Action
Configuring the Add User Account Action
Configuring the Apply System Configuration Settings Action
Configuring the Create Image Action
Configuring the Enable Automated Installation Action
Configuring the Filter Clients by MAC Address Action
Configuring the Filter Computer Models Action
Configuring the Partition Disk Action
Assembling Workflows
Adding Existing Workflows
Adding Existing Workflows
Removing Workflows
Assembling an Image Workflow
Adding Software to NetBoot and NetInstall Images
About Packages
Creating Packages
Viewing the Contents of a Package
Chapter 3
43
43
45
45
45
46
46
46
47
48
48
48
Setting Up NetBoot Service
Setup Overview
Before Setting Up NetBoot Service
What You Must Know
Client Computer Requirements
Network Hardware Requirements
Network Service Requirements
Capacity Planning
Serial Number Considerations
Turning NetBoot Service On
Setting Up NetBoot Service
Configuring General Settings
Contents
49
49
50
50
51
51
52
52
53
53
54
55
55
Configuring Images Settings
Configuring Filters Settings
Configuring Logging Settings
Starting NetBoot and Related Services
Managing Images
Enabling Images
Choosing Where Images Are Stored
Choosing Where Shadow Files Are Stored
Using Images Stored on Remote Servers
Specifying the Default Image
Setting an Image for Diskless Booting
Restricting NetBoot Clients by Filtering Addresses
Setting Up NetBoot Service Across Subnets
Chapter 4
57
57
57
58
58
59
Setting Up Clients to Use NetBoot and NetInstall Images
Setting Up Diskless Clients
Selecting a NetBoot Boot Image
Selecting a NetInstall Image
Starting Up Using the N Key
Changing How NetBoot Clients Allocate Shadow Files
Chapter 5
61
61
61
62
62
63
63
64
64
64
64
65
66
67
Managing NetBoot Service
Controlling and Monitoring NetBoot
Turning Off NetBoot Service
Disabling a Boot or Installation Image
Viewing a List of NetBoot Clients
Viewing a List of NetBoot Connections
Checking the Status of NetBoot and Related Services
Viewing the NetBoot Service Log
Performance and Load Balancing
Load Balancing NetBoot Images
Distributing NetBoot Images Across Servers
Distributing NetBoot Images Across Server Disk Drives
Balancing NetBoot Image Access
Distributing Shadow Files
Chapter 6
69
69
69
70
70
70
Solving System Imaging Problems
General Tips
If NetBoot Client Computers Won’t Start
If You Want to Change the Image Name
Changing the Name of an Uncompressed Image
Changing the Name of a Compressed Image
Contents
5
Part II
6
Software Update Administration
Chapter 7
75
75
76
76
76
77
77
77
77
77
78
78
78
79
79
Understanding Software Update Administration
Inside the Software Update Process
Overview
Catalogs
Installation Packages
Staying Up-To-Date with the Apple Server
Limiting User Bandwidth
Revoked Files
Software Update Package Format
Log Files
Information That Is Collected
Tools for Managing Software Update Service
Server Admin
Workgroup Manager
Command-Line Tools
Chapter 8
81
81
82
82
83
83
83
84
84
84
85
85
86
86
87
87
88
Setting Up the Software Update Service
Setup Overview
Before Setting Up Software Update
What You Must Know
Client Computer Requirements
Network Hardware Requirements
Capacity Planning
Before Setting Up Software Update
Consider Which Software Update Packages to Offer
Software Update Storage
Organize Your Enterprise Client Computers
Turning Software Update Service On
Setting Up Software Update
Configuring General Settings
Configuring Updates Settings
Starting Software Update
Pointing Unmanaged Clients to a Software Update Server
Chapter 9
89
89
90
90
90
91
91
Managing the Software Update Service
Manually Refreshing the Updates Catalog from the Apple Server
Checking the Status of the Software Update Service
Stopping the Software Update Service
Limiting User Bandwidth for the Software Update Service
Automatically Copying and Enabling Updates from Apple
Copying and Enabling Selected Updates from Apple
Contents
Chapter 10
Index
92
92
93
Removing Obsolete Software Updates
Removing Updates from a Software Update Server
Identifying Individual Software Update Files
95
95
95
95
95
Solving Software Update Service Problems
General Tips
If a Client Computer Can’t Access the Software Update server
If the Software Update Server Won’t Sync with the Apple Server
If Update Packages That the Software Update Server Lists Aren’t Visible to Client
Computers
103
Contents
7
8
Contents
Preface
About This Guide
This guide describes how to configure and use NetBoot
and NetInstall images within Mac OS X Server. It also
describes the Software Update service you can set up
using Mac OS X Server.
Mac OS X Server v10.5 Leopard includes NetBoot service supporting NetBoot and
NetInstall images and the improved System Image Utility—a stand-alone utility used to
create Install and Boot images used with NetBoot service.
Mac OS X Server v10.5 Leopard is Apple’s Software Update Server. It is designed as a
source for Apple Software Updates managed on your network. With Software Update
service, you can directly manage which Apple Software Updates users on your network
can access and apply to their computers.
What’s New in System Imaging and Software Update
NetBoot service, System Imaging Utility, and Software Update service in Mac OS X
Server v10.5 Leopard include the following valuable new features:
 System Image Utility has major user interface enhancements.
 System Image Utility allows auto-partitioning.
 System Image Utility can add files and preinstall scripts to a NetInstall image.
 System Image Utility provides address filtering for images. Served images can be
made visible to certain clients on a per image basis.
What’s in This Guide
This guide is organized as follows:
 Part I—System Imaging Administration. The chapters in this part of the guide
introduce you to system imaging and the applications and tools available for
administering system imaging services.
9
 Part II—Software Update Administration. The chapters in this part of the guide
introduce you to the Software Update service and the applications and tools
available for administering it.
Note: Because Apple periodically releases new versions and updates to its software,
images shown in this book may be different from what you see on your screen.
Using This Guide
The following list contains suggestions for using this guide:
 Read the guide in its entirety. Subsequent sections might build on information and
recommendations discussed in prior sections.
 The instructions in this guide should always be tested in a nonoperational
environment before deployment. This non-production environment should simulate,
as much as possible, the environment where this NetBoot/NetInstall environment
will be deployed.
Using Onscreen Help
You can get task instructions onscreen in Help Viewer while you’re managing Leopard
Server. You can view help on a server or an administrator computer. (An administrator
computer is a Mac OS X computer with Leopard Server administration software
installed on it.)
To get help for an advanced configuration of Leopard Server:
m Open Server Admin or Workgroup Manager and then:
 Use the Help menu to search for a task you want to perform.
 Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse
and search the help topics.
The onscreen help contains instructions taken from Server Administration and other
advanced administration guides described in “Mac OS X Server Administration Guides,”
next.
To see the most recent server help topics:
m Make sure the server or administrator computer is connected to the Internet while
you’re getting help.
Help Viewer automatically retrieves and caches the most recent server help topics
from the Internet. When not connected to the Internet, Help Viewer displays cached
help topics.
10
Preface About This Guide
Mac OS X Server Administration Guides
Getting Started covers installation and setup for standard and workgroup configurations
of Product Name. For advanced configurations, Server Administration covers planning,
installation, setup, and general server administration. A suite of additional guides, listed
below, covers advanced planning, setup, and management of individual services.
You can get these guides in PDF format from the Mac OS X Server documentation
website:
www.apple.com/server/documentation
This guide ...
tells you how to:
Getting Started and
Installation & Setup Worksheet
Install Mac OS X Server and set it up for the first time.
Command-Line Administration
Install, set up, and manage Mac OS X Server using UNIX commandline tools and configuration files.
File Services Administration
Share selected server volumes or folders among server clients
using the AFP, NFS, FTP, and SMB protocols.
iCal Service Administration
Set up and manage iCal shared calendar service.
iChat Service Administration
Set up and manage iChat instant messaging service.
Mac OS X Security Configuration
Make Mac OS X computers (clients) more secure, as required by
enterprise and government customers.
Mac OS X Server Security
Configuration
Make Product Name and the computer it’s installed on more
secure, as required by enterprise and government customers.
Mail Service Administration
Set up and manage IMAP, POP, and SMTP mail services on the
server.
Network Services Administration
Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall,
NAT, and RADIUS services on the server.
Open Directory Administration
Set up and manage directory and authentication services, and
configure clients to access directory services.
Podcast Producer Administration
Set up and manage Podcast Producer service to record, process,
and distribute podcasts.
Print Service Administration
Host shared printers and manage their associated queues and print
jobs.
QuickTime Streaming and
Broadcasting Administration
Capture and encode QuickTime content. Set up and manage
QuickTime streaming service to deliver media streams live or on
demand.
Server Administration
Perform advanced installation and setup of server software, and
manage options that apply to multiple services or to the server as a
whole.
System Imaging and Software
Update Administration
Use NetBoot, NetInstall, and Software Update to automate the
management of operating system and other software used by
client computers.
Preface About This Guide
11
This guide ...
tells you how to:
Upgrading and Migrating
Use data and service settings from an earlier version of Product
Name or Windows NT.
User Management
Create and manage user accounts, groups, and computers. Set up
managed preferences for Mac OS X clients.
Web Technologies Administration
Set up and manage web technologies, including web, blog,
webmail, wiki, MySQL, PHP, Ruby on Rails, and WebDAV.
Xgrid Administration and High
Performance Computing
Set up and manage computational clusters of Xserve systems and
Mac computers.
Mac OS X Server Glossary
Learn about terms used for server and storage products.
Viewing PDF Guides on Screen
While reading the PDF version of a guide onscreen:
 Show bookmarks to see the guide’s outline, and click a bookmark to jump to the
corresponding section.
 Search for a word or phrase to see a list of places where it appears in the document.
Click a listed place to see the page where it occurs.
 Click a cross-reference to jump to the referenced section. Click a web link to visit the
website in your browser.
Printing PDF Guides
If you want to print a guide, you can take these steps to save paper and ink:
 Save ink or toner by not printing the cover page.
 Save color ink on a color printer by looking in the panes of the Print dialog for an
option to print in grays or black and white.
 Reduce the bulk of the printed document and save paper by printing more than one
page per sheet of paper. In the Print dialog, change Scale to 115% (155% for Getting
Started). Then choose Layout from the untitled pop-up menu. If your printer supports
two-sided (duplex) printing, select one of the Two-Sided options. Otherwise, choose
2 from the Pages per Sheet pop-up menu, and optionally choose Single Hairline from
the Border menu. (If you’re using Mac OS X v10.4 or earlier, the Scale setting is in the
Page Setup dialog and the Layout settings are in the Print dialog.)
You may want to enlarge the printed pages even if you don’t print double sided,
because the PDF page size is smaller than standard printer paper. In the Print dialog
or Page Setup dialog, try changing Scale to 115% (155% for Getting Started, which has
CD-size pages).
12
Preface About This Guide
Getting Documentation Updates
Periodically, Apple posts revised help pages and new editions of guides. Some revised
help pages update the latest editions of the guides.
 To view new onscreen help topics for a server application, make sure your server or
administrator computer is connected to the Internet and click “Latest help topics” or
“Staying current” in the main help page for the application.
 To download the latest guides in PDF format, go to the Mac OS X Server
documentation website:
www.apple.com/server/documentation
Getting Additional Information
For more information, consult these resources:
 Read Me documents—important updates and special information. Look for them on
the server discs.
 Mac OS X Server website (www.apple.com/server/macosx)—gateway to extensive
product and technology information.
 Mac OS X Server Support website (www.apple.com/support/macosxserver)—access to
hundreds of articles from Apple’s support organization.
 Apple Training website (www.apple.com/training)—instructor-led and self-paced
courses for honing your server administration skills.
 Apple Discussions website (discussions.apple.com)—a way to share questions,
knowledge, and advice with other administrators.
 Apple Mailing Lists website (www.lists.apple.com)—subscribe to mailing lists so you
can communicate with other administrators using email.
 Open Source website (developer.apple.com/darwin/)—Access to Darwin open source
code, developer information, and FAQs.
Preface About This Guide
13
14
Preface About This Guide
Part I: System Imaging
Administration
I
The chapters in this part of the guide introduce you to
system imaging and the applications and tools available for
administering system imaging services.
Chapter 1
Understanding System Imaging
Chapter 2
Creating NetBoot and NetInstall Images
Chapter 3
Setting Up NetBoot Service
Chapter 4
Setting Up Clients to Use NetBoot and NetInstall Images
Chapter 5
Managing NetBoot Service
Chapter 6
Solving System Imaging Problems
1
Understanding System Imaging
1
This chapter describes how to start client computers using an
operating system stored on a server and how to install
software on client computers over the network.
The NetBoot and NetInstall features of Mac OS X Server offer you alternatives for
managing the operating system and application software that your Macintosh clients
(or even other servers) require to start and do their work.
Instead of going from computer to computer to install operating system and
application software from CDs, you can prepare an installation image that installs on
each computer when it starts up.
You can also choose to not install software and have client computers start (or boot)
from an image stored on the server. (In some cases, clients don’t even need their own
disk drives.)
Using NetBoot and NetInstall, your client computers can start from a standardized
Mac OS configuration suited to specific tasks. Because the client computers start from
the same image, you can quickly update the operating system for users by updating a
single boot image.
A boot image is a file that looks and acts like a mountable disk or volume. NetBoot
images contain the system software needed to act as a startup disk for client
computers over the network.
An installation image is an image that starts up the client computer long enough to
install software from the image. The client can then start up from its own hard drive.
Boot images (NetBoot) and installation images (NetInstall) are different kinds of disk
images. The main difference is that a .dmg file is a proper disk image and a .nbi folder is
a bootable network volume (which in the end contains a .dmg disk image file). Disk
images are files that behave like disk volumes.
17
You can set up multiple NetBoot or NetInstall images to suit the needs of different
groups of clients or provide copies of the same image on multiple NetBoot servers to
distribute the client startup load.
NetBoot service can be used with NetBoot and NetInstall images along with Mac OS X
client management services to provide a personalized work environment for each user.
For information about client management services, see User Management.
You can use the following Mac OS X Server applications to set up and manage NetBoot
and NetInstall:
 System Image Utility to create Mac OS X NetBoot and NetInstall disk images. This
utility is installed with Mac OS X Server software in the /Applications/Server/ folder.
 Server Admin to enable and configure NetBoot service and supporting services. This
utility is installed with Mac OS X Server software in the /Applications/Server/ folder.
 PackageMaker to create package files that you use to add software to disk images.
This utility is provided on the Mac OS X Server Administration Tools CD.
 Property List Editor to edit property lists such as NBImageInfo.plist. This utility is
included on the Mac OS X Server Administration Tools CD.
Inside NetBoot Service
This section describes how NetBoot service is implemented on Mac OS X Server,
including information about the protocols, files, folder structures, and configuration
details.
Disk Images
The disk images contain the system software and applications used over the network
by client computers. These tools can be installed on a client computer with the
Mac OS X Server Administration Tools CD. The name of a disk image file typically ends in
.img or .dmg. Disk Utility—part of Mac OS X—can mount disk image files as volumes
on the desktop.
You use System Image Utility to create Mac OS X NetBoot or NetInstall images, using a
Mac OS X installation disc or an existing system volume as the source. See “Creating
Images” on page 27.
NetBoot Share Points
NetBoot service sets up share points to make images and shadow files available to
clients. Shadow files are used for NetBoot clients that don’t use their local hard drives
to write out data when booted.
NetBoot service creates share points for storing NetBoot and NetInstall images in
/Library/NetBoot/ on each volume you enable and names them NetBootSPn, where n is
0 for the first share point and increases by 1 for each extra share point.
18
Chapter 1 Understanding System Imaging
For example, if you decide to store images on three server disks, NetBoot service sets
up three share points named NetBootSP0, NetBootSP1, and NetBootSP2.
The share points for client shadow files are also created in /Library/NetBoot/ and are
named NetBootClientsn.
You can create and enable NetBootSPn and NetBootClientsn share points on other
server volumes using the NetBoot service General settings in Server Admin.
WARNING: Don’t rename a NetBoot share point or the volume it resides on. Don’t
stop sharing a NetBoot share point unless you first deselect the share point for
images and shadow files in Server Admin.
Using NetBoot and NetInstall Images on Other Servers
You can also specify the path of a NetBoot image residing on a different NFS server.
When creating image files, you can specify which server the image will reside on. See
“Using Images Stored on Remote Servers” on page 53.
Client Information File
NetBoot service gathers information about a client the first time a client selects a
NetBoot or NetInstall volume to start from the Startup Disk. NetBoot service stores this
information in the /var/db/bsdpd_clients file.
Shadow Files
Many clients can read from the same NetBoot image, but when a client must write
back to its startup volume (such as print jobs and other temporary files), NetBoot
service redirects the written data to the client’s shadow files, which are separate from
regular system and application software.
Shadow files preserve the unique identity of each client while it is running from a
NetBoot image. NetBoot service transparently maintains changed user data in shadow
files while reading unchanged data from the shared system image. Shadow files are
recreated at startup, so changes made to a user’s startup volume are lost at restart.
For example, if a user saves a document to the startup volume, after a restart that
document will be gone. This behavior preserves the condition of the environment the
administrator set up. Therefore users must have accounts on a file server on the
network to save documents.
Balancing the Shadow File Load
NetBoot service creates an AFP share point on each server volume you specify (see
“Choosing Where Shadow Files Are Stored” on page 52) and distributes client shadow
files across them as a way of balancing the load for NetBoot clients. There is no
performance gain if the volumes are partitions on the same disk. See “Distributing
Shadow Files” on page 67.
Chapter 1 Understanding System Imaging
19
Allocation of Shadow Files for Mac OS X NetBoot Clients
When a client computer starts from a Mac OS X NetBoot image, it creates shadow files
on a server NetBootClientsn share point or, if no share point is available, on a drive local
to the client. For information about changing this behavior, see “Choosing Where
Shadow Files Are Stored” on page 52.
NetBoot Image Folder
When you create a Mac OS X NetBoot image with System Image Utility, the utility
creates a NetBoot image folder whose name ends with “.nbi” and stores in it the
NetBoot image with other files (see the following table) required to start a client
computer over the network.
File
Description
booter
Startup file that the firmware uses to begin the startup process
mach.macosx
UNIX kernel
mach.macosx.mkext
Drivers
System.dmg
Startup image file (can include application software)
NBImageInfo.plist
Property list file
System Image Utility stores the folder whose name ends with .nbi on the NetBoot
server in /Library/NetBoot/NetBootSPn/image.nbi (where n is the volume number and
image is the name of the image). You can save directly to this folder or you can create
the image elsewhere (even on another computer) and copy it to the
/Library/NetBoot/NetBootSPn folder at a later time.
Files for PowerPC-based Macintosh computers are stored under the ppc folder for
Leopard images, while previous images may have the PowerPC files stored in the root
of the .nbi folder. Files for Intel-based Macintosh computers are stored in the i386
folder.
You use System Image Utility to set up NetBoot image folders. The utility lets you:
 Name the image
 Choose the image type (NetBoot or NetInstall)
 Provide an image ID
 Choose the default language
 Choose the computer models the image will support
 Create unique sharing names
 Specify a default user name and password
 Enable automatic installation for installation images
 Add package or preinstalled applications
For more information, see “Creating NetBoot Images” on page 27.
20
Chapter 1 Understanding System Imaging
Property List File
The property list file (NBImageInfo.plist) stores image properties. The following table
gives more information about the property list for Mac OS X image files.
Property
Type
Description
Architectures
Array
An array of strings of the architectures the image supports.
BootFile
String
Name of boot file: booter.
Index
Integer
1–4095 indicates a local image unique to the server.
4096–65535 is a duplicate, identical image stored on multiple servers
for load balancing.
IsDefault
Boolean
True specifies this image file as the default boot image on the subnet.
IsEnabled
Boolean
Sets whether the image is available to NetBoot (or Network Image)
clients.
IsInstall
Boolean
True specifies a Network Install image; False specifies a NetBoot image.
Name
String
Name of the image as it appears in the Mac OS X Preferences pane.
RootPath
String
Specifies the path to the disk image on the server, or the path to an
image on another server. See “Using Images Stored on Other Servers”
on page 22.
Type
String
NFS or HTTP.
SupportsDiskless
Boolean
True directs the NetBoot server to allocate space for the shadow files
needed by diskless clients.
Description
String
Text describing the image.
Language
String
A code specifying the language to be used while starting from the
image.
Initial values in NBImageInfo.plist are set by System Image Utility and you usually don’t
need to change the property list file directly. Some values are set by Server Admin. If
you must edit a property list file, you can use TextEdit or Property List Editor, found in
the Utilities folder on the Mac OS X Server Administration Tools CD.
Boot Server Discovery Protocol (BSDP)
NetBoot service uses an Apple-developed protocol based on DHCP known as Boot
Server Discovery Protocol (BSDP). This protocol provides a way of discovering NetBoot
servers on a network.
NetBoot clients obtain their IP information from a DHCP server and their NetBoot
information from BSDP. BSDP offers built-in support for load balancing. See
“Performance and Load Balancing” on page 64.
Chapter 1 Understanding System Imaging
21
BootP Server
NetBoot service uses a BootP server (bootpd) to provide necessary information to client
computers when they try to start from an image on the server.
If you have BootP clients on your network and they request an IP address from the
NetBoot BootP server, this request will fail because the NetBoot BootP server doesn’t
have addresses to offer. To prevent the NetBoot BootP server from responding to
requests for IP addresses, use the dscl command-line tool to open the local folder on
the NetBoot server and add a key named bootp_enabled with no value to the /config/
dhcp/ folder.
Boot Files
When you create a Mac OS X NetBoot image with System Image Utility, the utility
generates the following boot files and stores them on the NetBoot server in /Library/
NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the name
of the image):
 booter
 mach.macosx
 mach.macosx.mkext
Note: If you turn on NetBoot service when installing Mac OS X Server, the installer
creates the NetBootSP0 share point on the server boot volume. Otherwise, you can set
up NetBootSPn share points by choosing where to store NetBoot images from the list
of volumes in the General pane of NetBoot service settings in Server Admin.
Trivial File Transfer Protocol
NetBoot service uses Trivial File Transfer Protocol (TFTP) to send boot files from the
server to the client. When you start a NetBoot client, the client sends a request for
startup software. The NetBoot server then delivers the booter file to the client using
TFTP default port 69.
Client computers access the startup software on the NetBoot server from the location
where the image was saved.
These files are typically stored in the /private/tftpboot/NetBoot/NetBootSPn/ folder.
This path is a symbolic link to Library/NetBoot/NetBootSPn/image.nbi (where n is the
volume number and image is the name of the image).
Using Images Stored on Other Servers
You can store Mac OS X NetBoot or NetInstall images on NFS servers other than the
NetBoot server. For more information, see “Using Images Stored on Remote Servers” on
page 53.
22
Chapter 1 Understanding System Imaging
Security
You can restrict access to NetBoot service on a case-by-case basis by listing the
hardware addresses (also known as the Ethernet or MAC addresses) of computers that
you want to permit or deny access to.
The hardware address of a client computer is added to the NetBoot Filtering list when
the client starts up using NetBoot and is, by default, enabled to use NetBoot service.
You can specify other services. See “Restricting NetBoot Clients by Filtering Addresses”
on page 55.
NetInstall Images
A NetInstall image is an image that starts up the client computer long enough to install
software from the image. The client can then start up from its own hard drive. Just as a
NetBoot image replaces the role of a hard drive, a NetInstall image is a replacement for
an installation DVD.
Like a bootable CD, NetInstall is a convenient way to reinstall the operating system,
applications, or other software onto the local hard drive. For system administrators
deploying large numbers of computers with the same version of Mac OS X, NetInstall
can be very useful. NetInstall does not require the insertion of a CD into each NetBoot
client because startup and installation information is delivered over the network.
When you create a NetInstall image with System Image Utility, you can automate the
installation process by limiting interaction at the client computer.
Because an automatic network installation can be configured to erase the contents of
the local hard drive before installation, data loss can occur. You must control access to
this type of NetInstall image and must communicate the implications of using them to
those using these images. Before using automatic network installations, it is always
wise to inform users to back up critical data.
You can perform software installations using NetInstall using a collection of packages
or an entire disk image (depending on the source used to create the image).
For more information about preparing NetInstall images to install software over the
network, see “Creating NetInstall Images” on page 29.
Chapter 1 Understanding System Imaging
23
Tools for Managing NetBoot Service
The Server Admin and System Image Utility applications provide a graphical interface
for managing NetBoot service in Mac OS X Server. In addition, you can manage
NetBoot service from the command line by using Terminal.
These applications are included with Mac OS X Server and can be installed on another
computer with Mac OS X v10.5 or later, making that computer an administrator
computer. For more information about setting up an administrator computer, see the
server administration chapter of Getting Started.
Server Admin
The Server Admin application provides access to tools you use to set up, manage, and
monitor NetBoot service and other services. You use Server Admin to:
 Set up Mac OS X Server as a DHCP server and configure NetBoot service to use
NetBoot and NetInstall images. For instructions, see Chapter 3, “Setting up NetBoot
Service.”
 Manage and monitor NetBoot service. For instructions, see Chapter 5, “Managing
NetBoot Service.”
For more information about using Server Admin, see Server Administration. This guide
includes information about:
 Opening and authenticating in Server Admin
 Working with specific servers
 Administering services
 Using SSL for remote server administration
 Customizing the Server Admin environment
Server Admin is installed in /Applications/Server/.
Workgroup Manager
The Workgroup Manager application provides comprehensive management of clients
of Mac OS X Server. For basic information about using Workgroup Manager, see User
Management. This includes:
 Opening and authenticating in Workgroup Manager
 Administering accounts
 Customizing the Workgroup Manager environment
Workgroup Manager is installed in /Applications/Server/.
24
Chapter 1 Understanding System Imaging
System Image Utility
System Image Utility is a tool you use to create and customize NetBoot and NetInstall
images. With System Image Utility, you can:
 Create NetBoot images that can be booted to the Finder.
 Create NetInstall images from a DVD or existing Mac OS X partition.
 Assemble a workflow that creates customized NetBoot and NetInstall images.
For instructions on using System Image Utility, see Chapter 2.
System Image Utility is installed in /Applications/Server/.
Command-Line Tools
A full range of command-line tools is available for administrators who prefer to use
command-driven server administration. For remote server management, submit
commands in a secure shell (SSH) session. You can enter commands on Mac OS X
servers and computers using the Terminal application, located in the /Applications/
Utilities/ folder.
For information about useful command-line tools, see Command-Line Administration.
Chapter 1 Understanding System Imaging
25
26
Chapter 1 Understanding System Imaging
2
Creating NetBoot and NetInstall
Images
2
This chapter provides instructions for preparing NetBoot or
NetInstall images you can use with NetBoot service.
You can set up multiple NetBoot or NetInstall images to suit the needs of different
groups of clients or to provide copies of the same image on multiple servers to
distribute the client startup load. Using NetBoot service, you can provide a
personalized work environment for each client computer user.
Using System Image Utility
System Image Utility is a tool you use to create and customize NetBoot and NetInstall
images.
With System Image Utility, you can:
 Create NetBoot images that can be booted to the Finder.
 Create NetInstall images from a DVD or existing Mac OS X partition.
 Assemble a workflow that creates customized NetBoot and NetInstall images.
Creating Images
To create system and software images to use with NetBoot service, you use System
Image Utility.
 Creating NetBoot Images.
 Creating NetInstall Images.
Note: To create an image, you must have valid Mac OS X 10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.
Creating NetBoot Images
You can create NetBoot images of Mac OS X that are then used to start client
computers over the network.
27
You can also assemble a workflow to create a NetBoot image that permits advanced
customization of your images. For more information, see “Understanding Workflows”
on page 31.
Note: You must purchase a Mac OS X user license for each client that starts from a
NetBoot or NetInstall disk image.
To create a NetBoot image:
1 Log in as an administrator user.
2 Open System Image Utility (in the /Applications/Server/ folder).
3 In the left sidebar select the image source.
If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or
later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume.
Note: To create an image, you must have valid Mac OS X v10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.
4 Select NetBoot Image and click Continue.
5 In the Image Name field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
6 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
7 If the image will be served from more than one server select the checkbox below the
description field.
This option generates an index ID for NetBoot server load balancing.
8 If your source volume is a Mac OS X Installation DVD, enter a user name, short name,
and password (in the Password and Verify fields) for the administrator account in Create
Administrator Account.
You can log in to a booted client using this account.
9 Click Create.
10 In the Save As dialog, choose where to save the image.
If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.
NetBoot service must be configured on a network port and Server Admin must be set
to serve images from a volume for this option to appear in the pop-up menu. For more
information, see “Setting Up NetBoot Service” on page 48.
28
Chapter 2 Creating NetBoot and NetInstall Images
To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.
11 Click Save and authenticate if prompted.
Important: Do not attempt to edit content in the image destination folder while the
image is being created.
Creating NetInstall Images
Use System Image Utility to create a NetInstall image that you can use to install
software on client computers over the network. You can find this application in the
/Applications/Server/ folder.
To create a NetInstall image:
1 Log in as an administrator user.
2 Open System Image Utility (in the /Applications/Server/ folder).
3 In the left sidebar select the image source.
If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or
later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume.
Note: To create an image, you must have valid Mac OS X v10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.
4 Select NetInstall Image and click Continue.
5 In the Image Name field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
6 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
7 If the image will be served from more than one server, select the checkbox below the
description field.
This assigns an index ID to the image for NetBoot service load balancing.
8 Click Create.
9 In the Save As dialog, choose where to save the image.
If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.
If you’re creating the image on the same server that will serve it, choose a volume from
the “Serve from NetBoot share point on” pop-up menu.
Chapter 2 Creating NetBoot and NetInstall Images
29
NetBoot service must be configured on a network port and Server Admin must be set
to serve images from a volume for this option to appear in the pop-up menu. For more
information, see “Setting Up NetBoot Service” on page 48.
To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.
10 Click Save and authenticate if prompted.
Important: Do not attempt to edit content in the image destination folder while the
image is being created.
Creating an Image from a Configured Computer
If you have a client computer that’s configured for users, you can use System Image
Utility to create a NetBoot or NetInstall image based on that client configuration.
You must start up from a volume other than the one you’re using as the image source.
For example, you could start up from an external FireWire hard disk or a second
partition on the client computer hard disk. You can’t create the image on a volume over
the network.
To create an image based on an existing system:
1 Start up the computer from a partition other than the one you’re imaging.
2 Install System Image Utility on the client computer from the Mac OS X Server
Administration Tools CD.
3 Open System Image Utility on the client computer (in the /Applications/Server/ folder).
4 In the left sidebar select the image source.
If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or
later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume.
Note: To create an image, you must have valid Mac OS X v10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.
5 From the expanded list, select the image source.
6 Select NetBoot Image or NetInstall Image and click Continue.
Select NetBoot if your client computers will start up from this image.
Select NetInstall if your image will be installed on a computer disk drive.
7 In the Image Name field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
8 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
30
Chapter 2 Creating NetBoot and NetInstall Images
Clients can’t see the description information.
9 If the image will be served from more than oner server, select the checkbox below the
description field.
This option generates an index ID for NetBoot server load balancing.
10 For NetBoot images, if your source volume is a Mac OS X Installation DVD, enter a user
name, short name, and password (in the Password and Verify fields) for the
administrator account in Create Administrator Account.
You can log in to a booted client using this account.
11 Click Create.
12 In the Save As dialog, choose where to save the image.
If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.
To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.
13 Click Save and authenticate if prompted.
Important: Do not attempt to edit content under the image destination folder while
the image is being created.
14 After the image is created on the client computer, copy it to the /Library/NetBoot/
NetBootSPn share point on the server for use by the NetBoot service.
Images should be stored in this folder.
From the Command Line
You can also create a NetBoot image clone of an existing system using the hdiutil
command in Terminal. For more information, see the system image chapter of
Command-Line Administration.
Understanding Workflows
System Image Utility now harnesses the power of Automator to help you create
custom images by assembling workflows. The basic building block of a workflow is an
automator action. You define the image customization by assembling automator
actions into a workflow.
You use workflows to create customized NetInstall or NetBoot images depending on
the goals of your task.
 Workflows that create custom NetInstall images assemble an image that installs the
OS onto the computer, either originating from installation DVDs or from an installed
OS volume. This image boots into the installer environment or similar shell
environment and performs the workflow steps as defined.
Chapter 2 Creating NetBoot and NetInstall Images
31
 Workflows that create custom NetBoot images assemble a bootable image from
installation DVDs or from an installed OS volume. This is an image that could be
directly installed onto a target volume using the asr command-line tool or you can
use NetBoot.
Each action performs a single task, such as customizing a software package or adding a
user account.
Instead of being a do-it-all tool, an action is purpose-designed to perform a single task
well. By combining several actions into a workflow, you can quickly accomplish a
specific task that no one action can accomplish on its own.
Workflow Components
System Image Utility comes preloaded with a library of actions. You can use these
actions to customize settings when creating an image. You access and organize this
Automator library of actions within the workflow panes of System Image Utility.
The following sections describe the workflow actions available in the Automator library
and provide steps on how to configure their options. By themselves, these actions
cannot create an image and must be assembled into a workflow to function. For more
information, see “Assembling Workflows” on page 38.
 “Configuring the Customize Package Selection Action” on page 32
 “Configuring the Define Image Source Action” on page 33
 “Configuring the Add Packages and Post-Install Scripts Action” on page 34
 “Configuring the Add User Account Action” on page 34
 “Configuring the Apply System Configuration Settings Action” on page 34
 “Configuring the Create Image Action” on page 35
 “Configuring the Enable Automated Installation Action” on page 36
 “Configuring the Filter Clients by MAC Address Action” on page 36
 “Configuring the Filter Computer Models Action” on page 37
 “Configuring the Partition Disk Action” on page 37
Configuring the Customize Package Selection Action
Use this action to customize the installation of the Mac OS X. This action has options to
disable, enable, require, or prevent installation of packages or parts of packages in your
image.
This action is only valid when creating NetInstall images.
32
Chapter 2 Creating NetBoot and NetInstall Images
To configure the Customize Package Selection workflow action:
1 From your System Image Utility workflow, select the Customize Package Selection
action in the Automator Library and drag it into position in your workflow.
2 Enable or disable the installation of software packages using the Visible column.
Select the checkbox in the Visible column to enable the software package. If enabled,
the user can install the package from your image during installation.
Deselect the checkbox in the Visible column to disable the software package. If
disabled, the user cannot choose whether the package gets installed or not.
3 Require or prevent the installation of software packages using the Default and Visible
columns.
To require the installation of the software package, select the checkbox in the Default
column and deselect the checkbox in the Visible column. The user cannot alter the
package installation.
To prevent the installation of the software package, deselect the checkbox in the
Default column and deselect the checkbox in the Visible column. The user cannot see
the package and the package will not be installed.
Configuring the Define Image Source Action
Use this action to select the source volume and the type of image to create from it. This
action must be at the beginning of all image creation workflows.
This action is valid when creating NetBoot and NetInstall images.
To configure the Define Image Source workflow action:
1 From your System Image Utility workflow, select the Define Image Source action in the
Automator Library and drag it to the beginning of your workflow.
2 From the Source pop-up menu, select the image source.
When you select the source, this action will choose a default image type based on the
contents of the selected source.
Note: To create an image, you must have valid Mac OS X v10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.
3 Choose NetBoot or NetInstall for the type of image you are creating.
Select NetBoot if your client computers will start up from this image.
Select NetInstall if your image will be installed on a computer disk drive.
Chapter 2 Creating NetBoot and NetInstall Images
33
Configuring the Add Packages and Post-Install Scripts Action
Use this action to add installer packages and post-install scripts to a NetInstall image.
Post-install scripts provide the ability to customize each computer you deploy an image
on.
This action is only valid when creating a NetInstall image.
To configure the Add Packages and Post-Install Scripts workflow action:
1 From your System Image Utility workflow, select the Add Packages and Post-Install
Scripts action in the Automator Library and drag it into position in your workflow.
2 Add or Remove software packages or post-install scripts to your NetInstall image.
To add a package, click the Add (+) button, select the packages or post-install script
you want to add to your NetInstall image, then click Open.
To remove a package or post-install script, select the item from the list and click the
Delete (–) button.
You can also drag items into the list from Finder and delete them by pressing the
Delete key.
Configuring the Add User Account Action
Use this account to add a user account to the Mac OS X installation image. You can set
this user to be an administrator.
This action is only valid when creating a NetBoot image.
To configure the Add User Account workflow action:
1 From your System Image Utility workflow, select the Add User Account action in the
Automator Library and drag it into position in your workflow.
2 Enter a user name, short name, and password for the user account.
3 Select the “Allow user to administer the computer” checkbox to give the account
administrator priveleges.
Generally, a NetBoot computer created from a Mac OS X Installation DVD must have at
least one administrator user account. You can log in to a booted client using this
account.
Configuring the Apply System Configuration Settings Action
Use this action to set custom per-host settings on client computers.
This action is only valid when creating NetInstall images.
To configure the Apply System Configuration Settings workflow action:
1 From your System Image Utility workflow, select the Apply System Configuration
Settings action in the Automator Library and drag it into position in your workflow.
34
Chapter 2 Creating NetBoot and NetInstall Images
2 Select from the following options to apply system configuration settings to your
NetInstall image.
If you want to copy the directory services configuration from the computer you are
creating the image from, select “Apply directory services settings from this machine to
all clients.”
If you want to bind clients one by one to their respective server or servers, click the
triangle next to “Map clients to other directory servers” and add or remove clients with
the Add (+) and Delete (–) buttons below the list.
The Server column is the Open Directory server, Ethernet Address is the MAC address
of the client computer, and the User Name and Password are the administrator
credentials for the Open Directory server.
If you have a configuration file that contains the Computer Name and Local Hostname
settings for your image, select “Apply Computer Name and Local Hostname settings
from a file” and enter the path to the file (or click Select File and browse to the file).
If you are creating an image for multiple computers, select “Generate unique Computer
Names starting with” and enter the name in the field below. This gives each computer
with a deployed image a unique name on your network.
If you want the image to transfer the computer preferences of the computer you are
creating the image from, select “Change ByHost preferences to match client after
install.”
Configuring the Create Image Action
Use this action to produce a disk image that can be served from a NetBoot server. You
must place this action at the end of all image creation workflows.
This action is valid when creating NetBoot and NetInstall images.
To configure the Create Image workflow action:
1 From your System Image Utility workflow, select the Create Image action in the
Automator Library and drag it to the end of your workflow.
2 Choose where to save the image from the “In” pop-up menu.
3 Enter the name of the image file in the Named field.
This name identifies the image file stored on the computer.
4 In the Volume Name field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
5 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
Chapter 2 Creating NetBoot and NetInstall Images
35
6 In the Index field, enter an Image ID:
 To create an image that is unique to this server, choose an ID in the range 1–4095.
 To create one of several identical images to be stored on different servers for load
balancing, use an ID in the range 4096–65535.
Multiple images of the same type with the same ID in this range are listed as a single
image in a client’s Startup Disk preferences pane.
Configuring the Enable Automated Installation Action
Use this action to set the options for automated (unattended) client installations.
This action is only valid when creating NetInstall images.
To configure the Enable Automated Installation workflow action:
1 From your System Image Utility workflow, select the Enable Automated Installation
action in the Automator Library and drag it into position in your workflow.
2 Determine how you want the target volume to be selected.
This is the volume that the image will be installed on.
The Selected by user option permits users to select which volume on their client
computer to install the image on.
The Named option permits you to set the volume without interaction from the user by
entering the name of target volume.
3 To erase the target volume before the image is installed, select the Erase before
installing checkbox.
WARNING: Using the Erase option removes all data from the target volume. Back up
all data before using this option.
4 From the Primary Language pop-up menu, choose the image language.
Configuring the Filter Clients by MAC Address Action
Use this action to restrict client access to NetBoot or NetInstall images.
This action is valid when creating NetBoot and NetInstall images.
To configure the Filter Clients by MAC Address workflow action:
1 From your System Image Utility workflow, select the Filter Clients by MAC Address
action in the Automator Library and drag it into position in your workflow.
2 Add MAC addresses to the list.
To manually enter MAC addresses, click the Add (+) button or click Import and browse
to a .txt or .rtf file that has a tab-delimited list of MAC addresses.
36
Chapter 2 Creating NetBoot and NetInstall Images
To remove MAC addresses from the list, select the item to remove and click the Delete
(–) button.
3 To restrict image access, choose Allow or Deny for each MAC address.
Configuring the Filter Computer Models Action
Use this action to limit the computer models that a Mac OS X image can be installed
on. Only selected computer models have access to the image.
This action is only valid when creating NetInstall images.
To configure the Filter Computer Model workflow action:
1 From your System Image Utility workflow, select the Filter Computer Model action in
the Automator Library and drag it into position in your workflow.
2 In the list, select the computer models you want to permit the image to install on.
All other computer models will not have access to the image.
Use the filter field in the upper right to narrow the list of computer models.
Configuring the Partition Disk Action
Use this action to configure the image to partition the destination drive before
installing software. Partitioning a disk divides it into sections called volumes.
This action is only valid when creating NetInstall images.
To configure the Partition Disk workflow action:
1 From your System Image Utility workflow, select the Partition Disk action in the
Automator Library and drag it into position in your workflow.
2 Define the number of partitions by choosing from the partition pop-up menu or by
using the Split and Delete buttons to add or remove partitions.
3 Set the target disk to partition by selecting “Partition disk containing the volume” and
entering the name of the volume.
This partitions the disk containing the volume you specify.
4 To notify the user before the disk is partitioned, select “Display confirmation dialog
before erase.”
WARNING: Partitioning a disk removes all data. Back up all data before using this
action.
5 In the Name field enter a name for the new volume (partition).
6 From the “Format” pop-up menu, select the volume format.
Chapter 2 Creating NetBoot and NetInstall Images
37
7 Set the size of the volume by choosing one of the following.
Choose “Percentage of available disk” from the Size pop-up menu and enter a
percentage. Select Minimum and enter the smallest size in GB for the volume
(minimum size is only available if using percentage).
Choose “Absolute size” from the Size pop-up menu and enter the size in GB.
8 To prevent the information from being updated when the disk is partitioned, select
“Locked for editing.”
Assembling Workflows
To assemble a workflow from a set of actions, drag and drop the actions from the
Automator Library into the sequence where you want them to run. Each action in the
workflow corresponds to a step you must perform manually.
Each action has options and settings you can configure. System Image Utility connects
these action components with the types of data that are flowing from one action to
another.
You can save your assembled workflows to reuse later.
Adding Existing Workflows
You can update or modify workflows by adding them to the System Image Utility.
To add existing workflows to System Image Utility:
1 Open System Image Utility.
2 Click the Add (+) button and select the workflow you want to add to the System Image
Utility.
Workflows have the workflow file extension.
3 Click Open.
Adding Existing Workflows
You can update or modify workflows by adding them to the System Image Utility.
To add existing workflows to System Image Utility:
1 Open System Image Utility.
2 Click the Add (+) button, and select the workflow that you want to add to the System
Image Utility.
Workflows have the workflow file extension.
3 Click Open.
38
Chapter 2 Creating NetBoot and NetInstall Images
Removing Workflows
You can remove workflows from the System Image Utility.
To remove a workflow from System Image Utility:
1 Log in as an administrator user and open System Image Utility.
2 In the left sidebar click the triangle next to Workflows.
The list of workflows appears.
3 Select the workflow you want to remove and click File > Remove Workflow.
The workflow is removed from the System Image Utility but is not deleted from your
computer.
Assembling an Image Workflow
Use System Image Utility workflows to create Mac OS X NetBoot and NetInstall images.
Workflows let you manually define the contents of your image in System Image Utility.
An image workflow must start with the Define Image Source action and end with the
Create Image action. Also, all actions in a workflow must be connected. If the actions
are not connected the workflow is invalid and the actions are not processed.
To assemble an image workflow:
1 Log in as an administrator user.
2 Open System Image Utility (in the /Applications/Server/ folder).
3 In the image source list, click the triangle to the left of Sources.
The list of sources appears.
4 From the expanded list, select the image source.
When you select the source, this action chooses a default image type based on the
contents of the selected source.
5 Choose which type of image you are creating (NetInstall or NetBoot image).
6 Click Customize for advanced image creation options.
This opens the workflow pane and the Automator Library.
The Define Image Source action is present as the first component in the workflow.
7 Configure the Define Image Source action for your image.
This action is required at the beginning of all image workflows. See “Configuring the
Define Image Source Action” on page 33.
Chapter 2 Creating NetBoot and NetInstall Images
39
8 From the Automator Library, choose additional actions that your customized image
requires and drag them into the Workflow pane.
Assemble the actions in the order you like, configuring each action as you go.
For more information on configuring the actions, see “Workflow Components” on
page 32.
9 Drag the Create Image action to the end of your worklflow.
This action is required at the end of image workflows. See “Configuring the Create
Image Action” on page 35.
10 Save the workflow by clicking Save.
Enter the name of your workflow in the Save As field and choose where to save the
workflow.
To save the workflow somewhere else, choose a location from the Where pop-up menu
or click the triangle next to the Save As field and navigate to a folder.
11 Click Save.
12 To start the workflow, click Run and authenticate if prompted.
Important: Do not attempt to edit content in the image destination folder while the
image is being created.
From the Command Line
You can also use the automator tool in Terminal to run workflows. For example, to run a
workflow with somevariable set to somevalue in myworkflow.workflow file, use the
following:
$ automator -D somevariable=somevalue myworkflow.workflow
To create or edit a workflow, use System Image Utility. For more information, see the
automator man pages.
Adding Software to NetBoot and NetInstall Images
There are two basic approaches to including software in an image:
 Add applications and files to a system before creating an image using that system as
the source. For more information, see “Creating an Image from a Configured
Computer” on page 30.
 Add packages containing the applications and files to an image as it is created. This is
done using an image workflow in System Image Utility that has the Customize
Package Selection action component. For more information, see “Configuring the
Customize Package Selection Action” on page 32.
40
Chapter 2 Creating NetBoot and NetInstall Images
About Packages
To add application software or other files at image creation (instead of installing
applications or files on the image source volume before you create the image), you
must group the applications or files in a special file known as a package.
A package is a collection of compressed files and related information used to install
software onto a computer. The contents of a package are contained in a single file,
which has the .pkg extension.
Creating Packages
To add applications or other files to an image (instead of installing them first on the
image source volume before creating the image), use PackageMaker to create
packages containing the application or files. PackageMaker is in the Utilities folder on
the Mac OS X Server Administration Tools CD that comes with Mac OS X Server.
For more information about creating packages, open PackageMaker and choose
PackageMaker Help, PackageMaker Release Notes, or Package Format Notes from the
Help menu.
After creating packages, add them to your NetBoot or NetInstall image using System
Image Utility workflows.
From the Command Line
You can also run the packagemaker tool from the command-line in Terminal on a
computer with developer tools installed. You can access it from /Developer/usr/bin/
packagemaker. For more information, see the packagemaker man pages.
Viewing the Contents of a Package
To view the contents of a package, open a Finder window, hold down the Control key
as you click the package, and choose Show Package Contents from the menu that
appears.
You use PackageMaker (included on the Mac OS X Server Administration Tools CD) to
create application software packages to use with NetInstall images.
From the Command Line
You can also list the contents of a package using commands in Terminal. For more
information, see the system image chapter of Command-Line Administration.
Chapter 2 Creating NetBoot and NetInstall Images
41
42
Chapter 2 Creating NetBoot and NetInstall Images
3
Setting Up NetBoot Service
3
This chapter describes how to set up NetBoot service to make
boot and installation images available to clients.
Use Server Admin to configure the NetBoot service in conjunction with System Image
Utility to create and edit images.
Setup Overview
Here is an overview of the basic steps for setting up NetBoot service.
Step 1: Evaluate and update your network, servers, and client computers as
necessary
The number of client computers you can support using NetBoot is determined by the
number of servers you have, how they’re configured, hard disk storage capacity, and
other factors. See “Capacity Planning” on page 46.
Depending on the results of this evaluation, you might want to add servers or hard
disks, add Ethernet ports to your server, or make other changes to your servers. You
might also want to set up more subnets for BootP clients, depending on the number of
clients you support.
You might also want to implement subnets on this server (or other servers) to take
advantage of NetBoot filtering.
To provide authentication and personalized work environments for NetBoot client users
by using Workgroup Manager, set up workgroups and import users from the Mac OS X
Server Users & Groups database before you create disk images. Make sure you have at
least one administrator user assigned to the Workgroup Manager for Mac OS X client.
Step 2: Create disk images for client computers
You can set up Mac OS X disk images for client computers to start from. To create
Mac OS X disk images, you use System Image Utility. See “Creating Images” on page 27.
You might also want to restrict access to NetBoot images by using Model Filtering. See
“Creating NetBoot Images” on page 27.
43
To create application packages that you can add to an image, use PackageMaker.
Application software packages can be installed by themselves or with Mac OS X system
software. See “Creating Packages” on page 41.
Step 3: Set up DHCP
NetBoot requires that you have a DHCP server running on the local server or on
another server on the network. Make sure you have a range of IP addresses sufficient to
accommodate the number of clients that will use NetBoot at the same time. For more
information about configuring DHCP, see Network Services Administration.
If your NetBoot server also supplies DHCP service, you might get better performance if
you configure your server as a gateway. That is, configure your subnets to use the
server’s IP address as the router IP address.
Step 4: Configure and turn on NetBoot service
You use the NetBoot settings in Server Admin to configure NetBoot on your server. See
“Setting Up NetBoot Service” on page 43
You turn on NetBoot service using Server Admin. See “Starting NetBoot and Related
Services” on page 50 and “Enabling Images” on page 51.
Step 5: (Optional) Set up Ethernet address filtering
NetBoot filtering is performed based on the client computer hardware address. Each
client’s hardware address is registered when the client selects a NetBoot or NetInstall
volume from the startup disk. You can permit or deny specific clients by address. See
“Restricting NetBoot Clients by Filtering Addresses” on page 55.
Step 6: Test your NetBoot setup
Because there is a risk of data loss or bringing down the network (by misconfiguring
DHCP), you should test your NetBoot setup before implementing it. Test each
Macintosh model you support to verify that there are no problems booting into the
image on a particular hardware type.
Step 7: Set up client computers to use NetBoot
When you’re satisfied that NetBoot is working on all types of client computers, set up
the client computers to start from the NetBoot disk images.
You can use the client computer’s Startup Disk System Preference pane to select a
startup disk image from the server and then restart the computer. See “Selecting a
NetBoot Boot Image” on page 57.
You can also restart the client computer and hold down the N key until the NetBoot
icon starts flashing on the screen. The client starts from the default image on the
NetBoot server. See “Starting Up Using the N Key” on page 58.
44
Chapter 3 Setting Up NetBoot Service
Before Setting Up NetBoot Service
Before you set up NetBoot service, review the following considerations and
requirements.
What You Must Know
Before you set up NetBoot on your server, make yourself familiar with your network
configuration, including the DHCP services it provides. Be sure you meet the following
requirements:
 You’re the server administrator.
 You’re familiar with network setup.
 You know the DHCP configuration.
You might need to work with your networking staff to change network topologies,
switches, routers, and other network settings.
Client Computer Requirements
All systems supported by Mac OS X v10.5 can use NetBoot to start from a Mac OS X disk
image on a server. At the time of this publication, this includes the following Macintosh
computers:
 Any G4 or G5 PowerPC-based Macintosh computer
 Any Intel-based Macintosh computer
You must install the latest firmware updates on all client computers. Firmware updates
are available from the Apple support website: www.apple.com/support/.
Client Computer RAM Requirements
Client computers using NetBoot to start from a boot image must have at least 512 MB
of RAM.
Client computers using Network Install must also have 512 MB of RAM.
Software Updates for NetBoot System Disk Images
You must use the latest system software when creating NetBoot disk images. New
Macintosh computers require updates of system software, so if you have new
Macintosh clients you’ll need to update your NetBoot images.
To update a Mac OS X disk image, you must recreate the image. New images can easily
be recreated by running a saved image creation workflow. For more information, see
“Creating Images” on page 27.
Ethernet Support on Client Computers
NetBoot is supported only over built-in Ethernet connections. Multiple Ethernet ports
are not supported on client computers. Clients must have at least 100-Mbit Ethernet
adapters.
Chapter 3 Setting Up NetBoot Service
45
Network Hardware Requirements
The type of network connections you must use depends on the number of clients you
expect to boot over the network:
 100-Mbit Ethernet (for booting fewer than 10 clients)
 100-Mbit switched Ethernet (for booting 10–50 clients)
 Gigabit Ethernet (for booting more than 50 clients)
These are estimates for the number of clients supported. For more details of the
optimal system and network configurations to support the number of clients you have,
see “Capacity Planning” on page 46.
Network Service Requirements
Depending on the types of clients you want to boot or install, your NetBoot server
must also provide the following supporting services.
Service provided by
NetBoot server
For booting Mac OS X computers
with hard disks
For booting Mac OS X computers
without hard disks
DHCP
Optional
Optional
NFS
Required if no HTTP
Required if no HTTP
AFP
Not required
Required
HTTP
Required if no NFS
Required if no NFS
TFTP
Required
Required
Note: DHCP service is listed as optional because although it is required for NetBoot it
can be provided by a server other than the NetBoot server. Services marked required
must be running on the NetBoot server.
NetBoot and AirPort
The use of AirPort wireless technology to boot clients using NetBoot is not supported
by Apple and is discouraged.
Capacity Planning
The number of NetBoot client computers your server can support depends on how
your server is configured, when your clients routinely start, the server’s hard disk space,
and a number of other factors. When planning for your server and network needs,
consider these factors:
 Ethernet speed: 100Base-T or faster connections are required for client computers
and the server. As you add clients, you might need to increase the speed of your
server’s Ethernet connections.
Ideally you want to take advantage of the Gigabit Ethernet capacity built in to your
Mac OS X server hardware to connect to a Gigabit switch. From the switch, connect
Gigabit Ethernet or 100-Mbit Ethernet to each NetBoot client.
46
Chapter 3 Setting Up NetBoot Service
 Hard disk capacity and number of images: Boot and installation images occupy
hard disk space on server volumes, depending on the size and configuration of the
system image and the number of images being stored.
Images can be distributed across multiple volumes or multiple servers. For more
information, see “Performance and Load Balancing” on page 64.
 Hard disk capacity and number of users: If you have a large number of diskless
clients, consider adding a separate file server to your network to store temporary
user documents.
Because the system software for a disk image is written to a shadow image for each
client booting from the disk image, you can get a rough estimate for the required
hard disk capacity required by multiplying the size of the shadow image by the
number of clients.
 Number of Ethernet ports on the switch: Distributing NetBoot clients over multiple
Ethernet ports on your switch offers a performance advantage. Each port must serve
a distinct segment.
Serial Number Considerations
Before starting the NetBoot service, make sure you obtain a site license for the images
you will serve. The license covers all NetBoot images served from a server. For every
extra server, you must obtain a site license to provide NetBoot service. Contact Apple
to obtain site licenses.
If you plan on serving Network Install images for installing Mac OS X and Mac OS X
Server, also make sure that you have a site license.
If you plan on serving Network Install images for installing Mac OS X Server, you can
use the Mac OS X Server Assistant to generate a setup file that you can add to the
Network Install image so the server knows how to configure itself automatically.
If you use a generic file, you’ll need to enter the serial number manually using Server
Admin.
Chapter 3 Setting Up NetBoot Service
47
Turning NetBoot Service On
Before you can configure NetBoot settings, you must turn NetBoot service on in Server
Admin.
To turn NetBoot service on:
1 Open Server Admin and connect to the server.
2 Click Settings.
3 Click Services.
4 Click the NetBoot checkbox.
5 Click Save.
Setting Up NetBoot Service
You set up NetBoot service by configuring the following four groups of settings on the
Settings pane for NetBoot service in Server Admin.
 General. Enable the NetBoot ports, select where images and client data resides, and
set the number of AFP connections.
 Images. Enable images and select the default image.
 Filters. (Optional) Enable NetBoot and DHCP filtering to determine the hardware
addresses of client computers you want to image.
 Logging. Choose the level of detail that is recorded in the service log.
The following sections describe the tasks for configuring these settings. A fifth section
tells you how to start the NetBoot service after you configure it.
From the Command Line
You can also configure NetBoot service using the serveradmin and bootpd commands
in Terminal. See the system image chapter of Command-Line Administration.
Configuring General Settings
You can use the General settings to enable NetBoot service on at least one port and
select where image and client data resides.
To configure NetBoot General settings:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.
5 In the Enable column, click the checkbox next to the network ports you want to use for
serving images.
48
Chapter 3 Setting Up NetBoot Service
6 In the Images column, click the checkbox to choose where to store images.
7 In the Client Data column, click the checkbox for each local disk volume where you
want to store shadow files used by Mac OS X diskless clients.
8 Click Save.
Configuring Images Settings
You can use the Images settings to enable images and select the default image.
To configure NetBoot Images settings:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 Enable the images you want your clients to use, specify if they are available for diskless
clients, and choose the protocol for delivering them.
If you’re not sure which protocol to use, choose NFS.
6 In the Default column, click the checkbox to select the default image.
You must select separate default images for Intel-based and PowerPC-based Macintosh
clients.
7 Click Save.
Configuring Filters Settings
To restrict client computers, you can set up filters that allow or deny access to the
NetBoot service depending on the computer’s MAC address.
You can enter a MAC address as canonical or noncanonical in the filter list. The
canonical form of a MAC address contains leading zeros and lowercase hex digits
separated by a “. ”. For Example, 01:a1:0c:32:00:b0 is the canonical form of a MAC
address and 1:a1:c:32:0:b0 is the noncanonical form of the same MAC address.
To configure NetBoot Filters settings:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Filters.
5 Select “Enable NetBoot/DHCP filtering.”
Chapter 3 Setting Up NetBoot Service
49
6 Select “Allow only clients listed below (deny others)” or “Deny only clients listed below
(allow others).”
7 Use the Add (+) button to enter the canonical or noncanonical form of a hardware
address to the filter list, or use the Delete (–) button to remove a MAC address from the
filter list.
To look up a MAC address, enter the client’s DNS name or IP address in the Host Name
field and click Search.
To find the hardware address for a computer using Mac OS X, look on the TCP/IP pane
of the computer’s Network preference or run Apple System Profiler.
8 Click OK.
9 Click Save.
Note: You can also restrict access to a NetBoot image by selecting the name of the
image in the Images pane of the NetBoot service settings in Server Admin, clicking the
Edit (/) button, and providing the required information.
Configuring Logging Settings
You can use the Logging settings to choose the level of detail that is recorded in the
service log.
To configure NetBoot Logging settings:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Logging.
5 From the pop-up menu, choose the log detail level (Low, Medium, or High).
6 Click Save.
Starting NetBoot and Related Services
NetBoot service uses AFP, NFS, DHCP, Web, and TFTP services, depending on the types
of clients you’re trying to boot (see “Network Service Requirements” on page 46). You
can use Server Admin to start AFP, DHCP, Web, and NetBoot services. NFS and TFTP
services start automatically.
To start NetBoot service:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
50
Chapter 3 Setting Up NetBoot Service
3 If you’ll be booting diskless Mac OS X clients, start AFP service by selecting AFP in the
Servers list and clicking the Start Service button (below the Servers list).
4 If your server is providing DHCP service, make sure the DHCP service is configured and
running; otherwise, DHCP service must be supplied by another server on your network.
If your NetBoot server is also supplying DHCP service, you might get better
performance if you configure your server as a gateway. That is, configure your subnets
to use the server’s IP address as the router IP address.
5 From the expanded Servers list, select NetBoot.
6 Click Settings, then click General.
7 Select which network ports to use for providing NetBoot service.
You can select one or more network ports to serve NetBoot images. For example, if you
have a server with two network interfaces, each connected to a network, you can
choose to serve NetBoot images on both networks.
8 Click Images.
9 Select the images to serve.
10 Click Save.
11 Click the Start NetBoot button (below the Servers list).
From the Command Line
You can also start NetBoot and supporting services using commands in Terminal. For
more information, see the system image chapter of Command-Line Administration.
Managing Images
After you set up NetBoot service, you can use Server Admin and the System Image
Utility to customize and manage images for your network environment.
Enabling Images
You must enable one or more disk images on your server to make the images available
to client computers for NetBoot startups.
To enable disk images:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 For each image you want your clients to see, click the checkbox in the Enable column.
6 Click Save.
Chapter 3 Setting Up NetBoot Service
51
Choosing Where Images Are Stored
You can use Server Admin to choose volumes to use for storing NetBoot and NetInstall
images.
WARNING: Don’t rename a NetBoot share point or the volume it resides on. Don’t use
Server Admin to stop sharing for a NetBoot share point unless you first deselect the
share point for images and shadow files.
To choose volumes for storing image files:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.
5 In the list of volumes (in the lower half of the pane), click the checkbox in the Images
column for each volume you want to store image files on.
6 Click Save.
From the Command Line
You can also specify a volume to store image files by using the serveradmin command
in Terminal. For more information, see the system image chapter of Command-Line
Administration.
Choosing Where Shadow Files Are Stored
When a diskless client boots, temporary (shadow) files are stored on the server. You can
use Server Admin to specify which server volumes are used to store the temporary files.
WARNING: Don’t rename a NetBoot share point or the volume it resides on. Don’t use
Server Admin to stop sharing for a NetBoot share point unless you first deselect the
share point for images and shadow files.
To use a volume for storing shadow files:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.
5 In the list of volumes (in the lower half of the pane), click the checkbox in the Client
Data column for the volumes you want to store shadow files on.
52
Chapter 3 Setting Up NetBoot Service
6 Click Save.
From the Command Line
You can also specify a volume to store shadow files on by using the serveradmin
command in Terminal. For more information, see the system image chapter of
Command-Line Administration.
Using Images Stored on Remote Servers
You can store NetBoot or NetInstall images on separate remote servers other than the
NetBoot server. You must copy the images from the NetBoot server to the remote
server and then configure the remote server to use the images.
To store an image on a separate remote server:
1 Copy the image.nbi folder from the NetBoot server to the remote server on a NetBoot
sharepoint (/Library/NetBoot/NetBootSPn).
If the image is on the remote server, you can create the .nbi folder on the NetBoot
server by duplicating an existing .nbi folder and adjusting the values in its
NBImageInfo.plist file.
2 Open Server Admin and connect to the remote server.
3 Click the triangle to the left of the server.
The list of services appears.
4 From the expanded Servers list, select NetBoot.
5 Click Settings, then click Images.
6 For each image you want your clients to see from the remote server, click the checkbox
in the Enable column.
7 Select the protocol you want NetBoot to use when serving your image (NFS or HTTP).
8 Click Save.
Specifying the Default Image
The default image is the image used when you start a client computer while holding
down the N key, providing that the client hasn’t selected a NetBoot or NetInstall
volume via Startup Disk. See “Starting Up Using the N Key” on page 58.
If you’ve created more than one startup disk image, you can use the NetBoot service
settings in Server Admin to select the default startup image.
Important: If you have diskless clients, set their boot image as the default image.
If you have more than one NetBoot server on the network, a client uses the default
image from the first server that responds. There is no way to control which default
image is used when more than one is available.
Chapter 3 Setting Up NetBoot Service
53
To specify the default boot image:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 In the Default column, click the checkbox next to the image.
You can select separate default images for Intel-based and PowerPC-based Macintosh
computers. The architecture column shows the image type. Mac OS X v10.5 images are
universal and a single image can boot PowerPC and Intel-based Macintosh computers.
6 Click Save.
From the Command Line
You can also specify the default image using the serveradmin command in Terminal.
For more information, see the system image chapter of Command-Line Administration.
Setting an Image for Diskless Booting
You can use Server Admin to make an image available for booting client computers
that have no local disk drives. Setting an image for diskless booting instructs the
NetBoot server to allocate space for the client’s shadow files.
To make an image available for diskless booting:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 In the Diskless column, click the box next to the image in the list.
6 Click Save.
Important: If you have diskless clients, set their NetBoot image as the default image.
For help specifying where the client’s shadow files are stored, see “Choosing Where
Shadow Files Are Stored” on page 52.
From the Command Line
You can also set an image for a diskless boot using the serveradmin command in
Terminal. For more information, see the system image chapter of Command-Line
Administration.
54
Chapter 3 Setting Up NetBoot Service
Restricting NetBoot Clients by Filtering Addresses
The filtering feature of NetBoot service lets you restrict access to the service based on
the client’s Ethernet hardware (MAC) address. A client’s hardware address is added to
the filter list the first time it starts from an image on the server and is permitted access
by default, so it is usually not necessary to enter hardware addresses manually.
To restrict client access to NetBoot service:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Filters.
5 Select “Enable NetBoot/DHCP filtering.”
6 Select “Allow only clients listed below (deny others)” or “Deny only clients listed below
(allow others).”
7 Use the Add (+) and Delete (–) buttons to set up the list of client addresses.
To look up a MAC address, enter the client’s DNS name or IP address in the Host Name
field and click Search.
To find the hardware address for a computer using Mac OS X, look on the TCP/IP pane
of the computer’s Network preference or run Apple System Profiler.
Note: You can also restrict access to a NetBoot image by double-clicking the name of
the image in the Images pane of the NetBoot service settings in Server Admin and
providing the required information.
Setting Up NetBoot Service Across Subnets
A network boot starts by a client computer broadcasting for any computers that will
respond to the Boot Service Discovery Protocol (BSDP). By default, routers are usually
configured to block broadcast traffic to reduce the amount of unnecessary data
flowing to other parts of the network.
To provide NetBoot service across subnets, you must configure the router to pass on
BSDP traffic to the NetBoot server. To see if your router is capable of passing BSDP
traffic, check with your router manufacturer. Sometimes this is also referred to as using
a DHCP helper or a DHCP relay agent.
Chapter 3 Setting Up NetBoot Service
55
56
Chapter 3 Setting Up NetBoot Service
4
Setting Up Clients to Use NetBoot
and NetInstall Images
4
This chapter describes how to set up client computers to start
or install software from images on a server.
After the NetBoot service and images are configured on the server, you must set up the
client computers to access and use the images.
Setting Up Diskless Clients
NetBoot service enables you to configure client computers without locally installed
operating systems or even without installed disk drives. Systemless or diskless clients
can start from a NetBoot server using the N key method. (See “Starting Up Using the N
Key” on page 58.)
After the client computer starts, you can use Startup Disk preferences to select the
NetBoot disk image as the startup disk for the client. That way you no longer need to
use the N key method to start the client from the server.
Removing the system software from client computers gives you more control over user
environments. By forcing the client to start up from the server and using client
management to deny access to the client computer local hard disk, you can prevent
users from saving files to the local hard disk.
Selecting a NetBoot Boot Image
If your computer is running Mac OS X v10.2 or later, you use Startup Disk preferences to
select a NetBoot boot image.
To select a NetBoot startup image from Mac OS X:
1 In System Preferences, select Startup Disk.
2 Select the network volume you want to start the computer with.
3 Click Restart.
The NetBoot icon appears and the computer starts from the selected image.
57
Selecting a NetInstall Image
If your computer is running Mac OS X v10.2 or later, you use Startup Disk preferences to
select a NetInstall image.
To select an NetInstall image from Mac OS X:
1 In System Preferences, select Startup Disk.
2 Select the network volume you want to start the computer with.
3 Click Restart.
The NetBoot icon appears, the computer starts from the selected image, and the
installer runs.
Starting Up Using the N Key
You can use this method to start any supported client computer from a NetBoot disk
image. When you start with the N key, the client computer starts from the default
NetBoot disk image. If multiple servers are present, the client starts from the default
image of the first server to respond.
Note: For more information about using the N key when starting the system, see the
manual that was provided with the computer. Some computers have extra capabilities.
If you have an older client computer that requires BootP for IP addressing (such as a
tray-loading iMac, blue and white PowerMac G3, or older computer), you must use this
method for starting from a NetBoot disk image. Older computers don’t support
selecting a NetBoot startup disk image from the Startup Disk control pane or
preferences pane.
The N key also provides a way to start client computers that don’t have system
software installed. See “Setting Up Diskless Clients” on page 57.
To start from a NetBoot disk image using the N key:
1 Hold the N key down on the keyboard until the NetBoot icon appears in the center of
the screen, then turn on (or restart) the client computer.
2 If a login window appears, enter your name and password.
The network disk image has an icon typical of server volumes.
58
Chapter 4 Setting Up Clients to Use NetBoot and NetInstall Images
Changing How NetBoot Clients Allocate Shadow Files
By default, a Mac OS X NetBoot client places its shadow files in a NetBootClientsn share
point on the server. If no such share point is available, the client tries to store its
shadow files on a local hard disk.
For Mac OS X v10.3 and later images set for diskless booting, you can change this
behavior by using a text editor to specify a value for the NETBOOT_SHADOW variable in the
image /etc/hostconfig file.
These values are permitted:
Value of NETBOOT_SHADOW
Client shadow file behavior
-NETWORK-
(Default) Try to use a server NetBootClientsn share point for storing
shadow files. If no server share point is available, use a local drive.
-NETWORK_ONLY-
Try to use a server NetBootClientsn share point for storing shadow
files. If no server share point is available, don’t boot.
-LOCAL-
Try to use a local drive for storing shadow files. If no local drive is
available, use a server NetBootClientsn share point.
-LOCAL_ONLY-
Try to use a local drive for storing shadow files. If no local drive is
available, don’t boot.
Note: This value is set in the /etc/hostconfig file in the image .dmg file, not in the
server hostconfig file.
Chapter 4 Setting Up Clients to Use NetBoot and NetInstall Images
59
60
Chapter 4 Setting Up Clients to Use NetBoot and NetInstall Images
5
Managing NetBoot Service
5
This chapter describes daily tasks you perform to keep
NetBoot service running efficiently, and includes information
about load balancing across multiple volumes on a server or
across multiple servers.
You can manage NetBoot service using Server Admin. Server Admin enables you to
verify the overall status of the connection, to review logs, to control clients, and to
manage boot and installation images. You can use System Image Utility to distribute
boot images across servers for load balancing.
Controlling and Monitoring NetBoot
The following sections show how to stop NetBoot service, disable individual images,
and monitor or restrict clients.
Turning Off NetBoot Service
The best way to prevent clients from using NetBoot on the server is to disable NetBoot
service on all Ethernet ports.
To stop NetBoot:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click the Stop NetBoot button (below the Servers list) and perform one of the following
tasks:
 To stop service on a specific Ethernet port, click Settings, click General, and deselect
the Enable checkbox for the port.
 To stop serving a specific image, click Settings, click Images, and deselect the Enable
checkbox for the image.
61
 To stop service to a client, click Settings, click Filters, select Enable NetBoot Filtering,
choose “Deny only clients listed below,” and add the client’s hardware address to the
list.
From the Command Line
You can also stop NetBoot service or disable images using the serveradmin command
in Terminal. For more information, see the system image chapter of Command-Line
Administration.
Disabling a Boot or Installation Image
Disabling an image prevents client computers from starting using the image.
To disable a NetBoot disk image:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 In the Enable column, deselect the checkbox for the image.
6 Click Save.
From the Command Line
You can also disable images using the serveradmin command in Terminal. For more
information, see the system image chapter of Command-Line Administration.
Viewing a List of NetBoot Clients
You can use Server Admin to see a list of clients that have booted from the server.
To view the client list:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Clients.
5 To update the list, click the Refresh button (below the Servers list).
Note: This is a cumulative list—a list of all clients that have connected—not a list of
currently connected clients. The last boot time is shown for each client.
62
Chapter 5 Managing NetBoot Service
Viewing a List of NetBoot Connections
You can use Server Admin to see a list of clients that are booted from the server.
NetInstall clients display install progress information.
To view the NetBoot connections list:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Connections.
5 To update the list, click the Refresh button (below the Servers list).
Checking the Status of NetBoot and Related Services
You can use Server Admin to check the status of NetBoot service and the other services
(such as NFS and HTTP) it uses.
To check NetBoot service status:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Overview to see if the service is running, when the last client update occurred,
and which related services are running for an image type.
5 To review the event log, click Log.
6 To see a list of NetBoot clients that have booted from the server, click Clients.
7 To see a list of connected users, click Connections.
The list includes the client computer name, IP address, the percentage completed, and
the status.
From the Command Line
You can check the status of NetBoot and its supporting services using commands in
Terminal. See the system image chapter of Command-Line Administration.
Chapter 5 Managing NetBoot Service
63
Viewing the NetBoot Service Log
You can use Server Admin to view a log containing diagnostic information.
To view NetBoot service log:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Log, then use the Filter field below the log to search for specific entries.
From the Command Line
You can see the log by viewing the contents of the log file in Terminal. For more
information, see the system image chapter of Command-Line Administration.
Performance and Load Balancing
For good startup performance, the NetBoot server must be available to the client
computer relying on it. To provide responsive and reliable NetBoot service, set up
multiple NetBoot servers in your network.
Many sites using NetBoot service achieve acceptable responsiveness by staggering the
boot times of client computers to reduce network load. Generally, it isn’t necessary to
boot client computers at the same time; rather, client computers are booted early in
the morning and remain booted throughout the work day.
You can program staggered startup times using the Energy Saver preferences pane.
Load Balancing NetBoot Images
If heavy usage and simultaneous client startups are overloading a NetBoot server and
causing delays, consider load balancing by adding extra NetBoot servers to distribute
the demands of the client computers across multiple servers.
When incorporating multiple NetBoot servers, use switches in your network
infrastructure. The shared nature of hubs creates a single shared network on which
extra servers must vie for time.
Distributing NetBoot Images Across Servers
If you set up more than one NetBoot server on your network, you can place copies of a
specific NetBoot image on multiple servers to distribute the load. By assigning the
copies the same image index ID in the range 4096–65535, you can advertise them to
your clients as a single image to avoid confusion.
Note: You must customize the image by creating a workflow with the Create Image
action to assign the image an index ID.
64
Chapter 5 Managing NetBoot Service
To distribute an image across servers:
1 Locate the image file on the server where the original image is stored.
2 If the image index ID is 4095 or lower, recreate the image and modify the index ID
using the Create Image action in a workflow, then assign the image an index ID in the
range 4096–65535.
For more information, see “Assembling Workflows” on page 38.
The image ID can be changed from Server Admin by double-clicking the Image ID field
and entering the new ID.
3 Create copies or move the image files to the other servers.
4 On each of the other servers, use Server Admin to enable the image for NetBoot
service.
Clients still see the image listed only once in their Startup Disk preferences, but the
server that delivers its copy of the image is selected based on how busy the servers are.
Smaller improvements can be achieved by distributing NetBoot images across multiple
disk drives on a single server. For high-performance disk storage, consider using an
Xserve RAID or Xsan volume to store the images on.
Distributing NetBoot Images Across Server Disk Drives
Even with a single NetBoot server, you might improve performance by distributing
copies of an image across multiple disk drives on the server. By assigning the copies
the same image index ID in the range 4096–65535, you can advertise them to your
clients as a single image.
Important: Don’t distribute images across different partitions of the same physical disk
drive. Doing so does not improve, and can even reduce, performance.
To distribute an image across disk drives:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.
5 Click in the Images column for each volume you want to store images on.
Choose volumes on different physical disk drives.
6 Click Save, then click Images.
7 If the image’s index is 4095 or lower, double-click the ID, enter an index in the range
4096–65535, and save the change.
Chapter 5 Managing NetBoot Service
65
8 Open Terminal and use the scp secure copy tool to copy the image to the NetBootSPn
share points on the other volumes.
For example:
$ scp /Library/NetBoot/NetBootSP0/image.nbi [admin_name]@[ip_address]:/
Volumes/Drive2/Library/NetBoot/NetBootSP1
where [admin_name] is an admin login and [ip_address] is the correct IP address for
that server.
You are prompted for the password of the admin login you supply.
Balancing NetBoot Image Access
If you add a second NetBoot server to a network, have your users reselect their NetBoot
image in the Startup Disk control pane or preferences pane. This causes the NetBoot
server load to be redistributed among the servers.
You can also force redistribution of the load by deleting the /var/db/bsdpd_clients file
from the existing NetBoot server.
Note: After deleting the bsdpd_clients file, the server will not remember which clients
selected which NetBoot or NetInstall volumes via Startup Disk. Unless the clients
re-select their intended NetBoot or NetInstall volumes, the clients will boot into the
default image on the server.
Similarly, if you’re recovering from a server or infrastructure failure and your clients
have been starting up from a reduced number of NetBoot servers, delete the
bsdpd_clients file from the running servers so clients can again start from among the
entire set of servers.
The bsdpd_clients file on any given server holds the Ethernet MAC addresses of the
computers that have selected this server as their NetBoot server.
As long as a client has an entry in an available server’s bsdpd_clients file, it will always
start from that server. If that server becomes unavailable, the clients will locate and
associate themselves with an available server until you remove their entries (or the
entire files) from their servers.
Note: If a client is registered on more than one server because an unavailable server
comes back on line, the client starts up from the server with the fewest number of
clients that started from it.
66
Chapter 5 Managing NetBoot Service
Distributing Shadow Files
Clients starting up from Mac OS X diskless images store temporary (shadow) files on
the server.
By default, NetBoot for Mac OS X clients creates a share point for client shadow files on
the server boot volume. (You can change this behavior. See “Choosing Where Shadow
Files Are Stored” on page 52.)
You can use Server Admin to see this share point and to add others. The share points
are named NetBootClientsn where n is the share point number.
Share points are numbered starting with zero. For example, if your server has two disk
volumes, the default shadow-file folder is NetBootClients0 on the boot volume. If you
use Server Admin to specify that client data will also be stored on the second volume,
the folder is named NetBootClients1. NetBoot stores the first client’s shadow files on
NetBootClients0, the second client’s shadow files on NetBootClients1, the third client’s
shadow files on NetBootSP0, and so on.
Likewise, with three volumes and eight clients, the first, fourth, and seventh clients will
use the first volume; the second, fifth, and eighth clients will use the second volume;
and the third and sixth clients will use the third volume. This load balancing is
automatic and usually provides optimal performance.
To prevent shadow files from being placed on a specific volume, use the NetBoot
service General settings in Server Admin. Deselect the client data checkbox for any
volume you don’t want shadow files placed in.
You can also prevent shadow files from being placed on a specific volume or partition
by deleting the hidden file /Library/NetBoot/.clients, which is a symbolic link, and then
stopping and restarting NetBoot service.
Chapter 5 Managing NetBoot Service
67
68
Chapter 5 Managing NetBoot Service
6
Solving System Imaging Problems
6
This chapter provides solutions for common problems you
might encounter while working with NetBoot and NetInstall.
This chapter contains solutions to common system imaging problems.
General Tips
 Make sure a DHCP service is available on your network. It can be provided by the
Mac OS X Server DHCP service or another server.
 Make sure required services are started on the server. See “Network Service
Requirements” on page 46. Open Server Admin and verify the following:
 If you’re booting Mac OS X diskless clients, AFP is started
 If you’re using HTTP instead of NFS to deliver images, Web service is started
If NetBoot Client Computers Won’t Start
If your NetBoot client computers will not start:
 Sometimes a computer might not start immediately because other computers are
putting a heavy demand on the network. Wait a few minutes and try starting again.
 Make sure all cables are properly connected and that the computer and server are
getting power.
 If you installed memory or an expansion card in the client computer, make sure it is
installed properly.
 If the computer has a local hard disk with a System Folder on it, disconnect the
Ethernet cable and try to start the computer from the local hard disk, then reconnect
the Ethernet cable and try to start the computer from the network.
 Boot the client computer from a local drive and verify that it is getting an IP address
from DHCP.
 On a diskless or systemless client, start from a system CD and use Startup Disk
preferences to select a boot image.
69
If You Want to Change the Image Name
You can’t edit the name of an image with System Image Utility after you create it.
However, there are other ways to change the name, as follows.
Changing the Name of an Uncompressed Image
This section describes how to change the name of an uncompressed image that you
created using System Image Utility.
To change the name of an uncompressed image:
1 Mount the image in Finder by opening the .nbi folder containing the image and
double-clicking it.
2 Open Terminal and enter the following command to rename the image:
$ sudo diskutil rename /Volumes/image new_name
Replace image with the name of the image you want to rename and new_name with the
new name of the image.
3 When prompted, enter your administrator password.
The name of the image changes.
4 Unmount the image.
5 Remount the image to verify that it has been renamed.
Changing the Name of a Compressed Image
This section describes how to change the name of a compressed image that you
created using System Image Utility.
To change the name of an compressed image:
1 Mount the image in Finder by opening the .nbi folder containing the image and
double-clicking it.
2 Open Disk Utility.
3 Select the image and click Convert.
4 In the Save As field, enter a name.
5 Select a different location to save the image to.
For example, save the image on the Desktop folder.
6 From the Image Format menu, choose read/write.
7 Click Save.
8 Unmount the image.
9 Mount the new image in the Finder.
70
Chapter 6 Solving System Imaging Problems
10 Open a Terminal window and enter the following to rename the image:
$ sudo diskutil rename /Volumes/image new_name
Replace image with the name of the image you want to rename and new_name with the
new name of the image.
11 When prompted, enter your administrator password.
The name of the image changes.
12 Unmount the image.
13 Remount the image to verify that the image has been renamed.
14 Unmount the image.
15 Remove the original image from the .nbi folder and store it somewhere else.
16 In Disk Utility, select the new image and click Convert.
17 Give the image the same name as the one it had inside the .nbi folder.
18 In the Where field, select the .nbi folder.
19 From the Format menu, choose Compressed.
20 Click Save.
21 Test the new image to make sure it mounts properly.
22 Discard the old image.
Chapter 6 Solving System Imaging Problems
71
72
Chapter 6 Solving System Imaging Problems
Part II: Software Update
Administration
II
The chapters in this part of the guide introduce you to the
Software Update service and the applications and tools
available for administering the Software Update service.
Chapter 7
Understanding Software Update Administration
Chapter 8
Setting Up the Software Update Service
Chapter 9
Managing the Software Update Service
Chapter 10
Solving Software Update Service Problems
7
Understanding Software Update
Administration
7
This chapter describes how to use Software Update service to
update Apple software on your network.
Software Update service offers you ways to manage Macintosh software updates from
Apple on your network. In an uncontrolled environment, users might connect to Apple
Software Update servers at any time and update your client computers with software
that is not approved by your IT group.
Using local Software Update servers, your client computers access only the software
updates you permit from software lists that you control, giving you more flexibility in
managing computer software updates. For example you can:
 Download software updates from the Apple Software Update servers to a local server
for sharing with local network clients and reduce the amount of bandwidth used
outside your enterprise network.
 Direct users, groups, and computers to specific local Software Update servers using
managed preferences.
 Manage the software update packages users can access by enabling and disabling
packages at the local server.
 Mirror updates between Apple Software Update servers and your server to make
sure you have the most current updates.
Note: You can’t use Software Update service to provide third-party software updates.
Inside the Software Update Process
This section describes how Software Update servers are implemented on Mac OS X
Server, including information about the protocols, files, folder structures, and
configuration details.
75
Overview
The process that starts Software Update service is SoftwareUpdateServer. When you
start Software Update service, it contacts Apple’s Software Update server and requests
a list of available software to download locally.
You can choose to copy (store packages locally) and enable (make the packages
available to users) any of the files presented in the list. You can also limit user
bandwidth for updates and choose to automatically copy and enable newer updates
from the Apple server.
Note: The Software Update service stores its configuration information in the file /etc/
swupd/swupd.conf.
Catalogs
When Software Update service starts, your Software Update server receives a list of
available software updates from the Apple Software Update service. Your server
synchronizes the contents of the software catalog with Apple’s Software Update server
when you restart your server or when you enter the following command:
$ /usr/local/bin/swupd_syncd
To manually update the current catalog, select Update List in the Updates pane of the
Software Update service settings.
Installation Packages
Software Update service supports only pkm.en file types, recognized only by
Mac OS X v10.4 and later. As you copy updates on your server, your server will
download and store update packages in the /usr/share/swupd/html/ folder.
Although this path is static and can’t be modified to store the packages in an alternate
location, you can change the URL to access a different server.
Note: This version of Mac OS X Server supports only Apple-specific software packages
for use with your update server. Modified Apple and third-party update software
packages cannot be shared.
After the packages are copied locally, you can enable the packages for users to update
their software. Mac clients running Software Update see only enabled packages in the
list of available software for their computer.
76
Chapter 7 Understanding Software Update Administration
Staying Up-To-Date with the Apple Server
To keep your service synchronized with the most current information, your Software
Update server must always remain in contact with the Apple server. The Software
Update service regularly checks with an Apple Software Update server to update usage
information and send lists of newly available software to the updates catalog on your
server as they become available.
The Apple Software Update server uses the swupd_syncd synchronization daemon to
determine the time between updates to your server and to make sure the latest update
packages are available.
Limiting User Bandwidth
The Software Update service in Mac OS X Server lets you limit the bandwidth that
client computers can use when downloading software updates from your Software
Update server.
Setting a limit on the bandwidth enables you to control traffic on your network and
prevents Software Update clients from slowing the network. For example, if you limit
the bandwidth to 56 Kbps, each software update client can download updates at 56
Kbps. If five clients connect simultaneously to the server, the total bandwidth used by
the clients will be 280 Kbps (56 Kbps x 5).
Revoked Files
On a rare occasion that Apple might provide a software update and want to remove
the package from circulation, Apple can revoke the update package and remove it
from your stored packages. When building the list of files available to users, revoked
packages are not listed.
Software Update Package Format
You can’t make your own Software Update packages. For security considerations and to
protect from attackers faking packages, the Software Update package installer won’t
install a package unless it is signed by Apple.
In addition, Software Update service works only with the new package format
supported in Mac OS X Server v10.4 or later.
Log Files
The log file for the Software Update server is /Library/Logs/SoftwareUpdateServer.log.
This log file records the Software Update service events as they occur.
Chapter 7 Understanding Software Update Administration
77
Information That Is Collected
The Apple Software Update server collects the following information from client
Software Update servers:
 Language
 Type
 Browser
Tools for Managing Software Update Service
The Workgroup Manager and Server Admin applications provide a graphical interface
for managing Software Update service in Mac OS X Server. In addition, you can manage
Software Update service from the command line by using Terminal.
These applications are included with Mac OS X Server and can be installed on another
computer with Mac OS X v10.5 or later, making that computer an administrator
computer. For more information on setting up an administrator computer, see the
server administration chapter of Getting Started.
Server Admin
The Server Admin application provides access to tools you use to set up, manage, and
monitor Windows services and other services. You use Server Admin to:
 Set up Mac OS X Server as a software update server. For instructions, see Chapter 8,
“Setting Up Software Update Service”.
 Manage and monitor Software Update service. For instructions, see Chapter 4,
“Setting Up Clients to Use NetBoot and NetInstall Images.”
For more information about using Server Admin, see Server Administration.
This includes information about:
 Opening and authenticating in Server Admin
 Working with specific servers
 Administering services
 Using SSL for remote server administration
 Customizing the Server Admin environment
Server Admin is installed in /Applications/Server/.
78
Chapter 7 Understanding Software Update Administration
Workgroup Manager
The Workgroup Manager application provides comprehensive management of clients
of Mac OS X Server. You use Workgroup Manager to set preferences by user, group, or
computer to access your Software Update server. For more information about how to
configure managed preferences for the Software Update server, see User Management.
For basic information about using Workgroup Manager, see User Management.
This includes:
 Opening and authenticating in Workgroup Manager
 Administering accounts
 Customizing the Workgroup Manager environment
Workgroup Manager is installed in /Applications/Server/.
Command-Line Tools
A full range of command-line tools is available for administrators who prefer to use
command-driven server administration. For remote server management, submit
commands in a secure shell (SSH) session. You can enter commands on Mac OS X
servers and computers using the Terminal application, located in the /Applications/
Utilities/ folder.
For information about useful command-line tools, see Command-Line Administration.
Chapter 7 Understanding Software Update Administration
79
80
Chapter 7 Understanding Software Update Administration
8
Setting Up the Software Update
Service
8
This chapter provides instructions for setting up the Software
Update service on your network for Mac OS X v10.5 clients.
You use the Software Update service in Server Admin to provide local software updates
to client computers.
Setup Overview
Here is an overview of the basic steps for configuring your Software Update server. This
includes setting up the Software Update service, configuring client computer access to
the server, and testing.
Step 1: Evaluate and update your network, servers, and client computers as
necessary
The number of client computers you can support using the Software Update service is
determined by the number of servers you have, how they’re configured, hard disk
storage capacity, and other factors. See “Capacity Planning” on page 83.
Depending on the results of this evaluation, you might want to add servers or hard
disks, add Ethernet ports, or make other changes to your servers.
For your client computers to use the local Software Update service, you must update
them to Mac OS X v10.4 or later.
Step 2: Create your Software Update service plan
Decide which users will access your Software Update service.
You might have groups who need unlimited access while others might need a more
limited choice of software updates. Such a plan requires more than one Software
Update server with client computers bound using Directory Services to manage user
preferences.
81
Step 3: Configure the Software Update server
Decide how you want to copy and enable software updates from Apple: automatically
or manually. Set the maximum bandwidth you want a single computer to use when
downloading update packages from your server. See “Setting Up Software Update” on
page 86.
Step 4: Start the Software Update service
Your server synchronizes with the Apple Software Update server by requesting a
catalog of available updates. If you chose to automatically copy updates, your server
will begin to download all available software update packages. See “Starting Software
Update” on page 87.
Step 5: (Optional) Manually copy and enable selected packages
If you do not choose to automatically copy and enable all Apple software updates, you
must manually select software update packages to copy and enable. See “Copying and
Enabling Selected Updates from Apple” on page 91.
Step 6: Set up client computers to use the correct Software Update server
Set preferences in Workgroup Manager by user, group, or computer to access your
Software Update server. For more information about how to configure managed
preferences for the Software Update server, see User Management.
Step 7: Test your Software Update server setup
Test your software update service by requesting software updates from the server
using a client bound to preferences you set in Workgroup Manager. Make sure the
packages are accessible to your users.
Before Setting Up Software Update
Before you set up a Software Update server, review the following hardware and
network considerations and requirements.
What You Must Know
Before you set up Software Update on your server, you must be familiar with your
network configuration and you must meet the following requirements:
 You’re the server administrator.
 You’re familiar with network setup.
You might also need to work with your networking staff to change network topologies,
switches, routers, and other network settings.
82
Chapter 8 Setting Up the Software Update Service
Client Computer Requirements
Macintosh computers running Mac OS X v10.4 or later that are networked to a server
running Mac OS X Server v10.4 or later can use the Software Update service to update
Apple software.
Network Hardware Requirements
The type of network connections to use depends on the number of clients you expect
to serve software updates to:
 To provide regular updates to fewer than 10 clients, use 100-Mbit Ethernet.
 To provide regular updates to 10–50 clients, use 100-Mbit switched Ethernet.
 To provide regular updates to more than 50 clients, use Gigabit Ethernet.
These are estimates for the number of clients supported. For more details about the
optimal system and network configurations to support the number of clients you have,
see “Capacity Planning.”
Note: In Mac OS X Server, software update service operates across all network
interfaces that TCP/IP is configured for.
Capacity Planning
The number of client computers your server can support when accessing the Software
Update service depends on how your server is configured, when and how often your
clients check for updates, the size of the updates, and a number of other factors.
When planning for your server and network needs, consider these main factors:
 Ethernet speed: 100Base-T or faster connections are required for client computers
and the server. As you add clients, you might need to increase the speed of the
Ethernet connections of your server. Ideally you want to take advantage of the
Gigabit Ethernet capacity built in to your Mac OS X server hardware to connect to a
Gigabit switch. From the switch, connect Gigabit Ethernet or 100-Mbit Ethernet to
each Macintosh client.
 Hard disk capacity and number of packages: Software Update packages can
occupy considerable hard disk space on server volumes, depending on the size and
configuration of the package and the number of packages being stored.
 Number of Ethernet ports on the switch: Distributing Macintosh clients over
multiple Ethernet ports on your switch offers a performance advantage. Each port
must serve a distinct segment.
 Number of Software Update servers on the network: You might want to provide
different software updates to various groups of users. By configuring Directory
Services you can offer different update services by network or hardware type, each
targeting a different Software Update server on the network.
Note: You can’t configure Software Update servers to talk to one another.
Chapter 8 Setting Up the Software Update Service
83
Before Setting Up Software Update
Before you set up Software Update, consider the following topics.
Consider Which Software Update Packages to Offer
Before you set up the Software Update service, consider whether to provide all or
only part of Apple’s software updates. Your client computers might run application
software that requires a specific version of Apple software for the application to
operate correctly.
You can configure your Software Update server to serve only Software Update
packages you approve. Restricting access to update packages might help prevent
maintenance and compatibility problems with your computers.
You can restrict client access in a Software Update server by disabling automatic
mirror-and-enable functions in the General Settings pane. You manage specific updates
in the Updates pane of the Software Update server.
Software Update Storage
Software updates can easily take a large amount of disk space over time and cause
problems with system resources. In a production environment, it is important to
prevent the system disk from becoming full and causing instability.
To eliminate the possibility of software updates filling a volume, system administrators
normally limit the type of data being stored on the root partition and place any data
that could grow substantially in size on other partitions. For example, you could use an
Xserve RAID to store your software updates.
All software updates must be stored in the /usr/share/swupd/html/ folder to make
them available to client computers. To store software updates in a different location,
use a symbolic link to a separate partition or volume.
A symbolic link is a specific kind of file that points to another file, much like an alias.
Using a symbolic link allows software updates to be served from alternate locations as
if they were in the /usr/share/swupd/html/ folder.
Important: Before creating a symbolic link to the software update folder, stop the
Software Update service and move or delete the /usr/share/swupd/html/ folder.
Move the software update folder if you have already downloaded updates to the folder
and want to keep them.
84
Chapter 8 Setting Up the Software Update Service
To delete the software update folder in Terminal:
$ sudo rm -rf /usr/share/swupd/html
To move the software update folder in Terminal (to save downloaded updates):
$ mv /usr/share/swupd/html /new_storage_location
Replace new_storage_location with the location you want the folder moved to.
To create a symbolic link in Terminal:
$ ln -s /new_storage_location /usr/share/swupd/html
Replace new_storage_location with the path to where you want to store downloaded
software updates.
Organize Your Enterprise Client Computers
You might have individuals, groups, or groups of computers with common needs for
only a few software update packages, while others might need unrestricted access to
all software updates.
To provide varied access to software update packages, you must set up multiple
Software Update servers. Use managed preferences to configure these computers to
access a specific Software Update server.
For more information about how to configure managed preferences for the Software
Update server, see User Management.
Turning Software Update Service On
Before you can configure Software Update settings, you must turn on the Software
Update service in Server Admin.
To turn Software Update on:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Server.
4 Click Settings.
5 Click Services.
6 Click the Software Update checkbox.
7 Click Save.
Chapter 8 Setting Up the Software Update Service
85
Setting Up Software Update
You set up the Software Update service by configuring the following groups of settings
on the Settings pane for Software Update in Server Admin.
 General. This sets information about automatically copying and enabling updates,
purging obsolete updates, and limiting user bandwidth.
 Updates. This lists available updates and provides date, name, version, and size
information for each.
The following sections describe the tasks for configuring these settings. A third section
tells you how to start the Software Update service after you configure the service.
Configuring General Settings
You can use the General settings to set system update copy and enable settings, to
remove obsolete updates, and to limit user bandwidth.
To configure Software Update General settings:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click General.
5 To specify a specific port that software updates are provided through, enter a port
number in the “Provide updates using port” field.
6 To keep a copy of the software updates on your server, select “Automatically copy __
updates from Apple” and choose from the following options:
 If you want all updates copied from the Apple update server, choose “all” in the popup menu.
 If you want only new updates copied from the Apple update server, choose “all new”
in the pop-up menu.
7 To immediately enable all software updates for client users, select “Automatically
enable copied updates.”
8 To remove obsolete software updates, select the “Purge unused/legacy software
update packages automatically” checkbox.
9 To limit client user bandwidth, select “Limit user bandwidth for updates to” and enter
the maximum rate of update download per user.
Choose KB/second or MB/second from the pop-up menu.
10 Click Save.
86
Chapter 8 Setting Up the Software Update Service
Configuring Updates Settings
You can use Updates settings to refresh the software update catalog, to copy and
enable individual updates, and to view specific update information.
To configure Updates settings:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click Updates.
5 Click Update List to refresh the list of available software updates.
This list provides the date the update was posted and the name, version number, and
size of the update.
6 Click Copy Now to copy software updates to your server.
This copies software updates to your server.
7 Select the checkbox in the Enable column for each update that you want to make
available to client computers.
8 Click Save.
Starting Software Update
Use Server Admin to start Software Update.
To start the Software Update service:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click the Start Software Update button (below the Servers list).
Chapter 8 Setting Up the Software Update Service
87
Pointing Unmanaged Clients to a Software Update Server
Use the defaults command in Terminal to point unmanaged client computers to a
specific Software Update server:
To point unmanaged clients to a specific software update server:
1 Open Terminal on the unmanaged client.
2 Enter the following command:
$ defaults write com.apple.SoftwareUpdate CatalogURL URL
Replace URL with the URL of the Software Update server. For example:
http://su.domain_name.com:8088/
88
Chapter 8 Setting Up the Software Update Service
9
Managing the Software Update
Service
9
This chapter describes how to perform day-to-day
management tasks for a Software Update server after the
server is configured and running.
The following sections show how to manually refresh the updates catalog from the
Apple server, check the status of the Software Update service, stop the service, and
control the software updates cataloged and distributed by the service.
Manually Refreshing the Updates Catalog from the Apple
Server
Use Server Admin to manually update the updates catalog.
To manually refresh the updates catalog from the Apple server:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click Updates.
5 Click Update List.
89
Checking the Status of the Software Update Service
Use Server Admin to check the status of the Software Update service.
To check Software Update service status:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 To see whether the service is running, when it started, when it last checked for updates,
the number of updates that are copied or enabled, and whether auto-copy and autoenable are turned on, click Overview.
5 To review the Software Update server log, click Log.
Stopping the Software Update Service
Use Server Admin to stop Software Update service.
To stop Software Update service:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click the Stop Software Update button (below the Servers list).
Limiting User Bandwidth for the Software Update Service
Use Server Admin to limit user bandwidth.
To limit user bandwidth for Software Update service:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click General.
5 Select “Limit user bandwidth for updates to.”
6 Enter the maximum rate of update download per user.
7 From the pop-up menu, choose KB/second or MB/second.
8 Click Save.
90
Chapter 9 Managing the Software Update Service
Automatically Copying and Enabling Updates from Apple
Use Server Admin to copy and enable software updates automatically from Apple.
To automatically copy software updates and enable them for download:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click General.
5 Select “Automatically copy __ updates from Apple” and choose one of the following
options from the pop-up menu:
 If you want all updates copied from the Apple update server, choose “all.”
 If you want only new updates copied from the Apple update server, choose “all new.”
6 Select “Automatically enable copied updates.”
7 Click Save.
Copying and Enabling Selected Updates from Apple
Use Server Admin to copy software updates automatically from Apple.
To copy selected software updates and enable them for download:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click General.
5 Make sure “Automatically copy __ updates from Apple” is deselected.
6 Make sure “Automatically enable copied updates” is deselected.
7 Click Save.
8 Click Updates.
9 Click Copy Now to copy software updates to your server.
This copies software updates to your server.
10 To enable individual software updates, select the checkbox in the Enable column of the
update.
11 Click Save.
Chapter 9 Managing the Software Update Service
91
Removing Obsolete Software Updates
Use Server Admin to remove obsolete software updates from the update catalog. You
can configure the Software Update service to automatically purge obsolete updates.
To purge obsolete software updates:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click General.
5 Select the “Purge unused/legacy software update packages automatically” checkbox.
6 Click Save.
Removing Updates from a Software Update Server
When your local Software Update server downloads updates from Apple Software
Update servers, the update packages remain on the local Software Update server until
you delete them. These instructions describe how to manually delete updates.
To remove a specific software update:
1 On the local Software Update server, open Terminal and enter the following command
to list the folders that correspond to each software update:
$ grep swupd /etc/swupd/com.apple.server.swupdate.plist > ~/Desktop/
update_list.txt
This creates a file on your Desktop named update_list.txt. The file contains a list of
software updates stored on the server.
2 Open the update_list.txt file.
This file contains information similar to the following:
<string>/usr/share/swupd/html/061-2036/.../SecUpd2005-007Ri.tar</string>
<string>/usr/share/swupd/html/061-2048/.../SafariUpdate-2.0.1.tar</string>
Each update resides in a folder. In this example, the folder /061-2048/ stores the Safari
2.0.1 update.
3 In Terminal, enter the following command to delete a software update from the server:
$ sudo rm -rf /usr/share/swupd/html/updatefolder/
Replace updatefolder with the name of the folder that stores the software update you
want to delete.
For example, to remove the Safari 2.0.1 update, you would enter the following
command:
$ sudo rm -rf /usr/share/swupd/html/061-2048/
92
Chapter 9 Managing the Software Update Service
4 When prompted, enter your administrator password.
Identifying Individual Software Update Files
All software updates are stored in the /usr/share/swupd/html/ folder. Sometimes you
may want to locate a specific software update file. Each software update that is copied
to the server is stored with product ID numbers for a file name.
To make sure that you are selecting the correct software update file, correlate the file
name (product ID) with the software update product ID in Server Admin. Each software
update lists their product ID below the description field in the Updates Settings pane
of Server Admin.
To view the product ID number of a software update:
1 Open Server Admin and connect to the server.
2 Click the triangle to the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings, then click Updates.
5 Select the software update from the list.
The software update product ID is displayed below the description field.
Chapter 9 Managing the Software Update Service
93
94
Chapter 9 Managing the Software Update Service
10
Solving Software Update Service
Problems
10
This chapter provides solutions for common problems you
might encounter while working with Software Update.
This section contains solutions to common Software Update problems.
General Tips
 Make sure required services are installed.
 Make sure the Software Update packages you enable are meant for the client
accessing them.
 If you detect poor response from the Software Update server, check the network
load. For more information, see “Capacity Planning” on page 83.
 Delete old updates to make space for new ones.
If a Client Computer Can’t Access the Software Update server
 Make sure the client can access the network.
 Make sure the client’s Software Update managed preference points to the Software
Update server.
 Make sure the Software Update server is running.
If the Software Update Server Won’t Sync with the Apple
Server
Make sure the Apple server is accessible.
If Update Packages That the Software Update Server Lists
Aren’t Visible to Client Computers
Make sure the packages are enabled in Server Admin.
95
96
Chapter 10 Solving Software Update Service Problems
Glossary
Glossary
AFP Apple Filing Protocol. A client/server protocol used by Apple file service to share
files and network services. AFP uses TCP/IP and other protocols to support
communication between computers on a network.
address A number or other identifier that uniquely identifies a computer on a network,
a block of data stored on a disk, or a location in a computer’s memory. See also IP
address, MAC address.
administrator A user with server or directory domain administration privileges.
Administrators are always members of the predefined “admin” group.
Apple Filing Protocol See AFP.
automount To make a share point appear automatically on a client computer. See also
mount.
bit A single piece of information, with a value of either 0 or 1.
CIFS Common Internet File System. See SMB.
client A computer (or a user of the computer) that requests data or services from
another computer, or server.
command line The text you type at a shell prompt when using a command-line
interface.
command-line interface A way of interacting with the computer (for example, to run
programs or modify file system permissions) by entering text commands at a shell
prompt. See also shell; shell prompt.
daemon A program that runs in the background and provides important system
services, such as processing incoming email or handling requests from the network.
97
DHCP Dynamic Host Configuration Protocol. A protocol used to dynamically distribute
IP addresses to client computers. Each time a client computer starts up, the protocol
looks for a DHCP server and then requests an IP address from the DHCP server it finds.
The DHCP server checks for an available IP address and sends it to the client computer
along with a lease period—the length of time the client computer may use the
address.
directory See folder.
directory domain A specialized database that stores authoritative information about
users and network resources; the information is needed by system software and
applications. The database is optimized to handle many requests for information and to
find and retrieve information quickly. Also called a directory node or simply a directory.
DNS Domain Name System. A distributed database that maps IP addresses to domain
names. A DNS server, also known as a name server, keeps a list of names and the IP
addresses associated with each name.
DNS domain A unique name of a computer used in the Domain Name System to
translate IP addresses and names. Also called a domain name.
DNS name A unique name of a computer used in the Domain Name System to
translate IP addresses and names. Also called a domain name.
domain Part of the domain name of a computer on the Internet. It does not include
the top-level domain designator (for example, .com, .net, .us, .uk). Domain name
“www.example.com” consists of the subdomain or host name “www,” the domain
“example,” and the top-level domain “com.”
domain name See DNS name.
Domain Name System See DNS.
drop box A shared folder with privileges that allow other users to write to, but not
read, the folder’s contents. Only the owner has full access. Drop boxes should be
created only using AFP. When a folder is shared using AFP, the ownership of an item
written to the folder is automatically transferred to the owner of the folder, thus giving
the owner of a drop box full access to and control over items put into it.
file server A computer that serves files to clients. A file server may be a generalpurpose computer that’s capable of hosting additional applications or a computer
capable only of serving files.
FTP File Transfer Protocol. A protocol that allows computers to transfer files over a
network. FTP clients using any operating system that supports FTP can connect to a file
server and download files, depending on their access privileges. Most Internet browsers
and a number of freeware applications can be used to access an FTP server.
98
Glossary
group A collection of users who have similar needs. Groups simplify the administration
of shared resources.
host Another name for a server.
host name A unique name for a computer, historically referred to as the UNIX
hostname.
Internet A set of interconnected computer networks communicating through a
common protocol (TCP/IP). The Internet is the most extensive publicly accessible
system of interconnected computer networks in the world.
Internet Protocol See IP.
IP Internet Protocol. Also known as IPv4. A method used with Transmission Control
Protocol (TCP) to send data between computers over a local network or the Internet. IP
delivers data packets and TCP keeps track of data packets.
IP address A unique numeric address that identifies a computer on the Internet.
IP subnet A portion of an IP network, which may be a physically independent network
segment, that shares a network address with other portions of the network and is
identified by a subnet number.
logical disk A storage device that appears to a user as a single disk for storing files,
even though it might actually consist of more than one physical disk drive. An Xsan
volume, for example, is a logical disk that behaves like a single disk even though it
consists of multiple storage pools that are, in turn, made up of multiple LUNs, each of
which contains multiple disk drives.
MAC Media access control. See MAC address.
MAC address Media access control address. A hardware address that uniquely
identifies each node on a network. For AirPort devices, the MAC address is called the
AirPort ID.
Mac OS X The latest version of the Apple operating system. Mac OS X combines the
reliability of UNIX with the ease of use of Macintosh.
Mac OS X Server An industrial-strength server platform that supports Mac, Windows,
UNIX, and Linux clients out of the box and provides a suite of scalable workgroup and
network services plus advanced remote management tools.
mount (verb) To make a remote directory or volume available for access on a local
system. In Xsan, to cause an Xsan volume to appear on a client’s desktop, just like a
local disk.
Network File System See NFS.
Glossary
99
network interface Your computer’s hardware connection to a network. This includes
(but isn’t limited to) Ethernet connections, AirPort cards, and FireWire connections.
NFS Network File System. A client/server protocol that uses Internet Protocol (IP) to
allow remote users to access files as though they were local. NFS can export shared
volumes to computers based on IP address, and also support single sign-on (SSO)
authentication through Kerberos.
Open Directory The Apple directory services architecture, which can access
authoritative information about users and network resources from directory domains
that use LDAP, Active Directory protocols, or BSD configuration files, and network
services.
open source A term for the cooperative development of software by the Internet
community. The basic principle is to involve as many people as possible in writing and
debugging code by publishing the source code and encouraging the formation of a
large community of developers who will submit modifications and enhancements.
owner The owner of an item can change access permissions to the item. The owner
may also change the group entry to any group the owner is a member of. By default,
the owner has Read & Write permissions.
password An alphanumeric string used to authenticate the identity of a user or to
authorize access to files or services.
pathname The location of an item within a file system, represented as a series of
names separated by slashes (/).
permissions Settings that define the kind of access users have to shared items in a file
system. You can assign four types of permissions to a share point, folder, or file: Read &
Write, Read Only, Write Only, and No Access.
port A sort of virtual mail slot. A server uses port numbers to determine which
application should receive data packets. Firewalls use port numbers to determine
whether data packets are allowed to traverse a local network. “Port” usually refers to
either a TCP or UDP port.
process A program that has started executing and has a portion of memory allocated
to it.
protocol A set of rules that determines how data is sent back and forth between two
applications.
QTSS QuickTime Streaming Server. A technology that lets you deliver media over the
Internet in real time.
100
Glossary
QuickTime A set of Macintosh system extensions or a Windows dynamic-link library
that supports the composition and playing of movies.
QuickTime Streaming Server See QTSS.
server A computer that provides services (such as file service, mail service, or web
service) to other computers or network devices.
Server Message Block See SMB.
share point A folder, hard disk (or hard disk partition), or optical disc that’s accessible
over the network. A share point is the point of access at the top level of a group of
shared items. Share points can be shared using AFP, SMB, NFS (an export), or FTP.
short name An abbreviated name for a user. The short name is used by Mac OS X for
home folders, authentication, and email addresses.
SMB Server Message Block. A protocol that allows client computers to access files and
network services. It can be used over TCP/IP, the Internet, and other network protocols.
SMB services use SMB to provide access to servers, printers, and other network
resources.
TCP Transmission Control Protocol. A method used with the Internet Protocol (IP) to
send data in the form of message units between computers over the Internet. IP
handles the actual delivery of the data, and TCP keeps track of the units of data (called
packets) into which a message is divided for efficient routing through the Internet.
Transmission Control Protocol See TCP.
UID User ID. A number that uniquely identifies a user within a file system. Mac OS X
computers use the UID to keep track of a user’s folder and file ownership.
URL Uniform Resource Locator. The address of a computer, file, or resource that can be
accessed on a local network or the Internet. The URL is made up of the name of the
protocol needed to access the resource, a domain name that identifies a specific
computer on the Internet, and a hierarchical description of a file location on the
computer.
user ID See UID.
user name The long name for a user, sometimes referred to as the user’s real name.
See also short name.
volume A mountable allocation of storage that behaves, from the client’s perspective,
like a local hard disk, hard disk partition, or network volume. In Xsan, a volume consists
of one or more storage pools. See also logical disk.
Glossary
101
102
Glossary
A
access
and client management 57, 81, 83
load balancing 66
path for client 22
restricting NetBoot 36, 37, 49, 50, 55
restricting Software Update 75, 84, 85
Add Packages and Post-Install Scripts action 34
Add User Account action 34
AFP (Apple Filing Protocol) service 46
AirPort wireless network 46
Apple Filing Protocol service. See AFP
Apply System Configuration Settings action 34
Architectures property 21
Automator actions
Add Packages and Post-Install Scripts 34
Add User Account 34
Apply System Configuration Settings 34
Create Image 35
Customize Package Selection 32
Define Image Source 33
Enable Automated Installation 36
Filter Clients by MAC Address 36
Filter Computer Model 37
overview 31
Partition Disk 37
Index
Index
and NetBoot 30
network requirements 46
setup 57, 58
shadow files 52, 59, 67
troubleshooting NetBoot startup 69
troubleshooting Software Update 95
See also Automator actions; Software Update
service
clients
and capacity planning 46
diskless startup 69
groups 18, 81, 83, 85
and NetBoot 19, 20, 22
viewing lists of 62, 63
command line tools
creating images 31
NetBoot service 25, 48
Software Update service 79
computer name 35
configuration, client settings 34
Create Image action 35
Customize Package Selection action 32
D
bandwidth limitations for Software Update 77, 90
BootFile property 21
boot image, definition 17
See also NetBoot service
BootP (Bootstrap Protocol) 22, 58
bootpd tool 48
Boot Server Discovery Protocol. See BSDP
Bootstrap Protocol. See BootP
BSDP (Boot Server Discovery Protocol) 21, 55
Define Image Source action 33
Description property 21
DHCP (Dynamic Host Configuration Protocol)
service 21, 44, 46, 51, 69
disk images. See NetBoot service; NetInstall
diskless startup 52, 53, 54, 57, 69
disks
capacity planning 37, 47, 83
distribution of images across 65
partitions 37
documentation 11, 12, 13
drives. See disks
Dynamic Host Configuration Protocol. See DHCP
C
E
B
client computers
diskless startup 52, 53, 54, 57
hardware requirements 45
Enable Automated Installation Action 36
Ethernet 45, 46, 83
103
F
files
boot 22
Software Update storage 84
file services 46
See also share points
Filter Clients by MAC Address action 36
Filter Computer Model action 37
filters, NetBoot 49, 55
folders, NetBoot image 20
G
groups, setup 18, 81, 83, 85
H
hardware
requirements 45, 46, 83
hdiutil tool 31
help, using 10
host name, local 35
HTTP (Hypertext Transfer Protocol) 46
I
images. See NetBoot; NetInstall
Index property, NetBoot image 21
install image, definition 17
See also NetInstall
IsDefault property 21
IsEnabled property 21
IsInstall property 21
L
Language property 21
load balancing
index ID for 28, 29, 31, 36
and performance 19, 64, 65, 66, 67
logs 50, 64, 77
M
MAC address 36, 49, 55
memory, requirements for 45
N
Name property 21
naming conventions 52, 70
NetBootClientsn share points 20, 59, 67
NetBoot service
adding software packages to images 40, 41
boot file management 22
capacity planning 46
client setup 45, 46, 57
configuration 34
creating images 27, 30
default settings 53
disabling images 62
104
Index
enabling images 51
filters 49, 55
image folder 20
management tools 24, 25, 51
monitoring of 61, 62, 63, 64, 65, 66, 67
network service requirements 46
overview 9, 17, 18, 19
prerequisites 45
property list file 21
security 23
selecting boot image 57
server discovery 21, 55
settings 48, 49
setup overview 43, 48
starting 48, 50
status checking 63
stopping 61
storage for images 52, 53
testing 44
troubleshooting 69, 70
viewing client lists 62, 63
workflows 31, 32, 38, 39
See also Automator actions
NetBootSPn 18, 22
NetInstall
adding software to images 40, 41
creating images 27, 29, 30
overview 9, 17, 19, 23
selecting install image 58
workflows 31, 32, 38, 39
See also Automator actions
Network File System. See NFS
network requirements 46, 83
network services 21, 44, 46, 51, 69
NFS (Network File System) 46
N key startup procedure 58
P
package install images 32, 34, 40, 41
PackageMaker 18, 41
packages, Software Update 76, 77, 83, 84, 93
Partition Disk action 37
post-install scripts 34
problems. See troubleshooting
Property List Editor 18
property list files 21
R
RAM (random-access memory) 45
remote servers, images stored on 53
RootPath property 21
S
security 23
See also access
serial number, server 47
Server Admin 18, 24, 78
serveradmin tool 48
servers
discovery of 21, 55
images on remote 53
load balancing 28, 29, 31, 36, 64, 65, 66
NetBoot 19
Software Update 83, 88
setup procedures. See configuration; installation
shadow files 19, 20, 52, 59, 67
share points
NetBootClientsn 20, 59, 67
NetBootSPn 18, 22
shadow files 19, 20, 67
software
requirements 45, 81
Software Update service
automatic settings 91
capacity planning 83
catalog management 76, 89, 92
clients 75, 77, 83, 85, 88
file packages 76, 77, 83, 84, 93
file storage 84
identifying files 93
limitations on bandwidth 77, 90
management tools 78, 79, 89
monitoring of 77, 78
overview 9, 75, 76
prerequisites 82, 83
removing updates 92
settings 86, 87
setup overview 81
Index
starting 85, 87
status checking 90
stopping 90
troubleshooting 95
startup. See NetBoot service
subnets 55
SupportsDiskless property 21
System Image Utility
creating images 27
overview 9, 18, 20, 25
system imaging. See NetBoot service; NetInstall
T
TFTP (Trivial File Transfer Protocol) 22, 46
troubleshooting
NetBoot service 69, 70
Software Update service 95
Type property 21
U
updating disk images 45
See also Software Update service
user accounts, adding 34
See also client computers
users. See clients
W
workflows 31, 32, 38, 39
See also Automator actions
Workgroup Manager 24, 79
workgroups 43
105
Download PDF