Apple Mac OS X Server System Imaging and Software Update Administration For Version 10.4 or Later User manual

Apple Mac OS X Server System Imaging and Software Update Administration For Version 10.4 or Later User manual

Mac OS X Server

System Imaging and Software

Update Administration

For Version 10.4 or Later

Second Edition

K

Apple Computer, Inc.

©

2006 Apple Computer, Inc. All rights reserved.

The owner or authorized user of a valid copy of

Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services.

Every effort has been made to ensure that the information in this manual is accurate. Apple Computer,

Inc., is not responsible for printing or clerical errors.

Apple

1 Infinite Loop

Cupertino CA 95014-2084 www.apple.com

The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the

“keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws.

Apple, the Apple logo, AppleShare, AppleTalk, Mac,

Macintosh, QuickTime, Xgrid, and Xserve are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. Finder is a trademark of Apple Computer, Inc.

Adobe and PostScript are trademarks of Adobe Systems

Incorporated.

UNIX is a registered trademark in the United States and other countries, licensed exclusively through

X/Open Company, Ltd.

Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products.

019-0683/02-09-06

1

Contents

Preface

Part I

Chapter 1

10

11

8

9

7

About This Guide

7

8

What’s New in NetBoot Service and Software Update Server Version 10.4

What’s in This Guide

Using Onscreen Help

The Mac OS X Server Suite

Getting Documentation Updates

Getting Additional Information

System Imaging Administration

21

21

22

22

23

24

24

20

20

20

21

18

19

19

20

16

17

17

17

15

About System Imaging Administration

16

16

Inside NetBoot

Disk Images

NetBoot Share Points

Using NetBoot and Network Install Images on Other Servers

Client Information File

Shadow Files

NetBoot Image Folder

Property List File

Boot Server Discovery Protocol (BSDP)

BootP Server

Boot Files

Trivial File Transfer Protocol

Using Images Stored on Other Servers

Security

Network Install Images

Before You Set Up NetBoot

What You Need to Know

Client Computer Requirements

Network Hardware Requirements

Network Service Requirements

Capacity Planning

3

4

Chapter 2

Chapter 3

Chapter 4

25

25

27

Serial Number Considerations

Setup Overview — NetBoot

Setup Overview — Network Install

38

38

39

39

35

35

35

37

40

40

41

41

33

33

34

34

29

Creating Boot and Install Images

29

Creating Mac OS X Boot Images

29

32

Creating a Mac OS X Boot Image

Adding an OS Update Package to a Mac OS X Boot Image

Creating a Mac OS X Boot Image from an Existing System

Synchronizing an Image with an Updated Source Volume

Choosing the Protocol Used to Deliver an Image

Compressing Images to Save Disk Space

Changing How Mac OS X NetBoot Clients Allocate Shadow Files

Creating Mac OS X Install Images

Creating an OS Install Image

Adding Software to Boot and Install Images

About Packages

Creating Packages

Adding Packages to a Boot or Install Image

Creating an Application-Only Install Image

Automating Image Installation

Viewing the Contents of a Package

Installing Mac OS Updates

Adding Post-Install Scripts to Install Images

47

48

48

49

49

50

50

45

46

46

47

43

Setting Up NetBoot Service

43

Configuring NetBoot Service

44

45

Starting NetBoot and Related Services

Enabling Images

Choosing Where Images Are Stored

Choosing Where Shadow Files Are Stored

Using Images Stored on Remote Servers

Moving Images to Other Servers

Deleting Images

Editing Images

Specifying the Default Image

Setting an Image for Diskless Booting

Restricting NetBoot Clients by Filtering Addresses

Changing Advanced NetBoot Options

Setting Up NetBoot Service Across Subnets

51

Setting Up Clients to Use NetBoot and Network Install

51

Setting Up Diskless Clients

Contents

Chapter 5

Chapter 6

Part II

Chapter 7

51

52

52

Selecting a NetBoot Boot Image

Selecting a Network Install Image

Starting Up Using the N Key

55

55

56

56

57

57

54

54

54

55

53

Managing NetBoot Service

53

Controlling and Monitoring NetBoot

53

54

Turning Off NetBoot Service

Disabling Individual Boot or Install Images

Viewing a List of NetBoot Clients

Checking the Status of NetBoot and Related Services

Viewing the NetBoot Service Log

Performance and Load Balancing

Boot Images

Distributing Boot Images Across Servers

Distributing Boot Images Across Server Disk Drives

Balancing Boot Image Access

Distributing Shadow Files

Advanced NetBoot Tuning

63

63

63

61

62

62

60

60

61

61

59

Solving Problems with System Imaging

59

General Tips

59

60

A NetBoot Client Computer Won’t Start Up

You’re Using Macintosh Manager and a User Can’t Log In to a NetBoot Client

The Create Button in System Image Utility Is Not Enabled

Controls and Fields in System Image Utility Are Disabled

Can’t Edit Image Name in System Image Utility

Changing the Name of an Uncompressed Image

Changing the Name of a Compressed Image

I Can’t Set an Image to Use Static Booting (NetBoot version 1.0)

Downloading the “NetBoot for Mac OS 9” Disk Image and Updating the Startup Disk

Control Panel

The Architecture Field in Server Admin Is Not Enabled

Server Admin Isn’t showing an Image for Intel-based Macs

A Network Install Image Burned to DVD Doesn’t Work

Software Update Administration

67

About Software Update Administration

67

Inside The Software Update Process

68

68

68

Overview

Catalogs

Install Packages

Contents

5

Chapter 8

Chapter 9

Chapter 10

Glossary

Index

69

69

69

69

69

69

70

Staying Up To Date with the Apple Server

Limiting User Bandwidth

Revoked Files

Software Update Package Format

Log Files

What Information Gets Collected

Before You Set Up the Software Update Server

70

70

70

70

What You Need to Know

Client Computer Requirements

Network Hardware Requirements

Capacity Planning

71

Setup Overview

73

Setting Up Software Update Service

73

Before You Begin

73

Consider Which Software Update Packages to Offer

73

Organize Your Enterprise Client Computers

74

Setting Up a Software Update Server

74

74

Starting Software Update Service

Automatically Mirroring and Enabling Updates from Apple

74

75

75

Limiting User Bandwidth for Software Update Service

Mirroring and Enabling Selected Updates from Apple

Pointing Non-Managed Clients to a Software Update Server

77

Managing Software Update Service

77

Manually Refreshing the Updates Catalog from the Apple Server

77

Checking the Status of Software Update Service

78

Turning Off Software Update Service

79

Solving Problems with Software Update Service

79

General Tips

79

A Client Computer Can’t Access the Software Update Server

79

Software Update Server Won’t Sync with the Apple Server

79

Software Update Server Has Update Packages Listed but They Aren’t Visible to Clients

81

87

6

Contents

About This Guide

Learn what’s new in this version of NetBoot and Network

Install services and Software Update Server.

Mac OS X Server version 10.4 includes NetBoot service supporting both NetBoot and

Network Install images and the improved System Image Utility (formerly Network

Image Utility)—a stand-alone utility used to create Install and Boot images used with

NetBoot service.

A new service added in Mac OS X Server version 10.4 is Apple’s Software Update Server.

Designed as a source for Apple Software Updates managed on your network. With SUS, you are able to directly manage which Apple Software Updates client users on your network can access and apply to their computers.

What’s New in NetBoot Service and Software Update Server

Version 10.4

 Virtually unlimited number of AFP connections.

 Create faster-installing, block copy, network install disk images. This feature allows you to install software up to five times faster compared to package install images.

Block copy images can also be used to burn discs that you can use to install software on client and server computers.

 Create images you can store on a remote server. Previously a command-line interface option, administrators can now specify an NFS or HTTP indirect path to store

NetBoot and Network Install images that NetBoot service can provide clients as if they were stored locally.

 Copy a Directory Service configuration to all clients using the same system image.

System Image Utility now provides an option to apply Directory Service settings from one computer to all clients using the NetBoot image you create.

 Use Software Update Server to manage which Software Update packages your client users may access from software lists that you control.

7

8

 As of Mac OS X Server 10.4.4, you can create, maintain, and serve disk images for

Intel-based Macintosh computers. You can also specify default NetBoot images for both Intel-based and PowerPC-based Macintosh clients. You must update to the latest Server Admin Tools and have Mac OS X 10.4.4 or later in order to create architecture-specific images using System Image Utility. Use Software Update to ensure that you have the latest version.

What’s in This Guide

This guide is organized as follows:

 Part I—System Imaging Administration. “The chapters in this part of the guide introduce you to system imaging and the applications and tools available for administering system imaging services.”

 Part II—Software Update Administration. “The chapters in this part of this guide introduce you to the software update service and the applications and tools available for administering the software update service.”

Note: Because Apple frequently releases new versions and updates to its software, images shown in this book may be different from what you see on your screen.

Using Onscreen Help

You can view instructions and other useful information that appear in this and other documents in the server suite by using onscreen help.

On a computer running Mac OS X Server, you can access onscreen help after opening

Workgroup Manager or Server Admin. From the Help menu, choose one of the options:

 Workgroup Manager Help or Server Admin Help displays information about the application.

 Mac OS X Server Help displays the main server help page, from which you can search or browse for server information.

 Documentation takes you to www.apple.com/server/documentation, from which you can download server documentation.

You can also access onscreen help from the Finder or other applications on a server or on an administrator computer. (An administrator computer is a Mac OS X computer with server administration software installed on it.) Use the Help menu to open the

Help Viewer, and then click Library > Mac OS X Server Help.

To see the latest server help topics, make sure the server or administrator computer is connected to the Internet while you’re using the Help Viewer. The Help Viewer automatically retrieves and caches the latest server help topics from the Internet.

When not connected to the Internet, the Help Viewer displays cached help topics.

Preface

About This Guide

The Mac OS X Server Suite

The Mac OS X Server documentation includes a suite of guides that explain the services and provide instructions for configuring, managing, and troubleshooting the services.

All of the guides are available in PDF format from: www.apple.com/server/documentation/

This guide...

Mac OS X Server Getting Started for Version 10.4 or Later

Mac OS X Server Upgrading and

Migrating to Version 10.4 or Later

Mac OS X Server User

Management for Version 10.4 or

Later

Mac OS X Server File Services

Administration for Version 10.4 or

Later

Mac OS X Server Print Service

Administration for Version 10.4 or

Later

Mac OS X Server System Image and Software Update

Administration for Version 10.4 or

Later

Mac OS X Server Mail Service

Administration for Version 10.4 or

Later

tells you how to:

Install Mac OS X Server and set it up for the first time.

Use data and service settings that are currently being used on earlier versions of the server.

Create and manage users, groups, and computer lists. Set up managed preferences for Mac OS X clients.

Share selected server volumes or folders among server clients using these protocols: AFP, NFS, FTP, and SMB/CIFS.

Host shared printers and manage their associated queues and print jobs.

Use NetBoot and Network Install to create disk images from which

Macintosh computers can start up over the network. Set up a software update server for updating client computers over the network.

Set up, configure, and administer mail services on the server.

Mac OS X Server Web

Technologies Administration for

Version 10.4 or Later

Set up and manage a web server, including WebDAV, WebMail, and web modules.

Mac OS X Server Network Services

Administration for Version 10.4 or

Later

Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall, and NAT services on the server.

Manage directory and authentication services.

Mac OS X Server Open Directory

Administration for Version 10.4 or

Later

Mac OS X Server QuickTime

Streaming Server Administration for Version 10.4 or Later

Set up and manage QuickTime streaming services.

Mac OS X Server Windows

Services Administration for

Version 10.4 or Later

Mac OS X Server Migrating from

Windows NT to Version 10.4 or

Later

Set up and manage services including PDC, BDC, file, and print for

Windows computer users.

Move accounts, shared folders, and services from Windows NT servers to Mac OS X Server.

Preface

About This Guide

9

This guide...

Mac OS X Server Java Application

Server Administration For Version

10.4 or Later

tells you how to:

Configure and administer a JBoss application server on Mac OS X

Server.

Use commands and configuration files to perform server administration tasks in a UNIX command shell.

Mac OS X Server Command-Line

Administration for Version 10.4 or

Later

Mac OS X Server Collaboration

Services Administration for

Version 10.4 or Later

Mac OS X Server High Availability

Administration for Version 10.4 or

Later

Mac OS X Server Xgrid

Administration for Version 10.4 or

Later

Mac OS X Server and Storage

Glossary

Set up and manage weblog, chat, and other services that facilitate interactions among users.

Manage IP failover, link aggregation, load balancing, and other hardware and software configurations to ensure high availability of

Mac OS X Server services.

Manage computational Xserve clusters using the Xgrid application.

Interpret terms used for server and storage products.

Getting Documentation Updates

Periodically, Apple posts new onscreen help topics, revised guides, and additional solution papers. The new help topics include updates to the latest guides.

 To view new onscreen help topics, make sure your server or administrator computer is connected to the Internet and click the Late-Breaking News link on the main

Mac OS X Server help page.

 To download the latest guides and solution papers in PDF format, go to the

Mac OS X Server documentation webpage: www.apple.com/server/documentation.

10 Preface

About This Guide

Getting Additional Information

For more information, consult these resources:

Read Me documents—important updates and special information. Look for them on the server discs.

Mac OS X Server website—gateway to extensive product and technology information.

www.apple.com/macosx/server/

AppleCare Service & Support—access to hundreds of articles from Apple’s support organization.

www.apple.com/support/

Apple customer training—instructor-led and self-paced courses for honing your server administration skills.

train.apple.com/

Apple discussion groups—a way to share questions, knowledge, and advice issues with other administrators.

discussions.info.apple.com/

Apple mailing list directory—subscribe to mailing lists so you can communicate with other administrators using email.

www.lists.apple.com/

Preface

About This Guide

11

12 Preface

About This Guide

Part I: System Imaging

Administration

I

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

The chapters in this part of the guide introduce you to system imaging and the applications and tools available for administering system imaging services.

About System Imaging Administration

Creating Boot and Install Images

Setting Up NetBoot Service

Setting Up Clients to Use NetBoot and Network Install

Managing NetBoot Service

Solving Problems with System Imaging

1

About System Imaging

Administration

1

This chapter describes how to start up client computers using an operating system stored on a server and how to install software on client computers over the network.

The NetBoot and Network Install features of Mac OS X Server offer you alternatives for managing the operating system and application software your Macintosh clients (or even other servers) need to start up and do their work. Instead of going from computer to computer to install operating system and application software from CDs, you can prepare an install image that is automatically installed on each computer when it starts up. Or, you can choose not to install software on the clients at all but, instead, have them start up (or “boot”) directly from an image stored on the server. In some cases, clients don’t even need their own disk drives.

Using NetBoot and Network Install, you can have your client computers start up from a standardized Mac OS configuration suited to their specific tasks. Because the client computers start up from the same image, you can quickly update the operating system for the entire group by updating a single boot image.

A boot image is a file that looks and acts like a mountable disk or volume. NetBoot boot images contain the system software needed to act as a startup disk for client computers via the network. An install image is a special boot image that boots the client long enough to install software from the image, after which the client can start up from its own hard drive. Both boot images and install images are special kinds of disk images. Disk images are files that behave just like disk volumes.

You can set up multiple boot or install images to suit the needs of different groups of clients or to provide several copies of the same image to distribute the client startup load.

You can use NetBoot in conjunction with Mac OS X client management services to provide a personalized work environment for each client computer user.

For information about client management services, see the user management guide.

15

16

You can use the following Mac OS X Server applications to set up and manage NetBoot and Network Install:

 System Image Utility: to create Mac OS X boot and install disk images. Installed with

Mac OS X Server software in the /Applications/Server folder.

 Server Admin: to enable and configure NetBoot service and supporting services.

Installed with Mac OS X Server software in the /Applications/Server folder.

 PackageMaker: to create package files that you use to add additional software to disk images. PackageMaker is installed into /Developer/Applications/Utilities by the

Xcode installer, provided with Mac OS X client software.

 Property List Editor: to edit property lists such as NBImageInfo.plist. Proper List Editor is installed into /Developer/Applications/Utilities by the Xcode installer, included with

Mac OS X client software.

Inside NetBoot

This section describes how NetBoot is implemented on Mac OS X Server, including information on the protocols, files, directory structures, and configuration details.

Disk Images

The read-only disk images contain the system software and applications used over the network by the client computers. The name of a disk image file typically ends in “.img” or “.dmg.” Disk Utility—a utility included with Mac OS X—can mount disk image files as volumes on the desktop.

You use System Image Utility to create Mac OS X disk images, using a Mac OS X install

disc or an existing system volume as the source. See “Creating a Mac OS X Boot Image” on page 29.

NetBoot Share Points

NetBoot sets up share points to make images and shadow files available to clients.

NetBoot creates share points for storing boot and install images in /Library/NetBoot on each volume you enable and names them NetBootSPn, where n is 0 for the first share point and increases by 1 for each additional share point. If, for example, you decide to store images on three separate server disks, NetBoot will set up three share points named NetBootSP0, NetBootSP1, and NetBootSP2.

The share points for client shadow files are also created in /Library/NetBoot and are named NetBootClientsn.

Chapter 1

About System Imaging Administration

You can create and enable additional NetBootSPn and NetBootClientsn share points on other server volumes using the NetBoot service General settings in Server Admin.

Warning:

Don’t rename a NetBoot share point or the volume on which it resides.

Don’t use Workgroup Manager to stop sharing for a NetBoot share point unless you first deselect the share point for images and shadow files in Server Admin.

Using NetBoot and Network Install Images on Other Servers

You can also specify the path of a NetBoot image residing on a different NFS server.

When creating your image files, you can specify on which server the image will reside.

See “Using Images Stored on Remote Servers” on page 46.

Client Information File

NetBoot gathers information about a client the first time the client tries to start up from the NetBoot server. NetBoot stores this information in the file

/var/db/bsdpd_clients.

Shadow Files

Many clients can read from the same boot image, but when a client needs to write anything back to its startup volume (such as print jobs and other temporary files),

NetBoot automatically redirects the written data to the client’s shadow files, which are separate from regular system and application software.

The shadow files preserve the unique identity of each client during the entire time it is running from a NetBoot image. NetBoot transparently maintains changed user data in the shadow files, while reading unchanged data from the shared system image.

The shadow files are re-created at boot time, so any changes made by the user to his or her startup volume are lost at restart.

For example, if a user saves a document to the startup volume, after a restart that document will be gone. This behavior preserves the condition of the environment the administrator set up. Therefore it is recommended that users have accounts on a file server on the network to save their documents.

Balancing the Shadow File Load

NetBoot creates an AFP share point on each server volume you specify (see “Choosing

Where Shadow Files Are Stored” on page 46) and distributes client shadow files across

them as a way of balancing the load for NetBoot clients. There is no performance gain

if the volumes are partitions on the same disk. See “Distributing Shadow Files” on page 57.

Chapter 1

About System Imaging Administration

17

Allocation of Shadow Files for Mac OS X NetBoot Clients

When a client computer starts up from a Mac OS X boot image, it creates its shadow files on a server NetBootClientsn share point or, if no share point is available, on a drive

local to the client. For information about changing this behavior, see “Changing How

Mac OS X NetBoot Clients Allocate Shadow Files” on page 35.

NetBoot Image Folder

When you create a Mac OS X NetBoot image with System Image Utility, it automatically creates a NetBoot image folder whose name ends with “.nbi” and stores in it the

NetBoot image and other files (see table below) required to start up a client computer over the network. System Image Utility stores the folder whose name ends with “.nbi” on the NetBoot server in /Library/NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the name of the image) Files for PowerPC-based

Macintosh computers are stored at the root level of the folder, those for Intel-based

Macintosh computers are stored in the i386 directory.

File

booter mach.macosx

mach.macosx.mkext

System.dmg

NBImageInfo.plist

Description

Boot file which the firmware uses to begin the startup process

UNIX kernel

Drivers

Startup image file (may include application software)

Property list file

You use System Image Utility to set up NetBoot image folders. The utility lets you:

 Name the image

 Choose the image type (NetBoot or Network Install)

 Provide an image ID

 Choose the default language

 Choose the computer models the image will support

 Create unique sharing names

 Specify a default user name and password

 Enable automatic installation for install images

 Add additional package or preinstalled applications

See “Creating a Mac OS X Boot Image” on page 29.

The name of a NetBoot image folder has the suffix “.nbi.”

18 Chapter 1

About System Imaging Administration

Property List File

The property list file (NBImageInfo.plist) stores image properties. The property list for

Mac OS X image files is described in the following table. Initial values in the

NBImageInfo.plist are set by System Image Utility and you usually don’t need to change the property list file directly. Some values are set by Server Admin. If you need to edit a property list file, however, you can use TextEdit or Property List Editor, which you can find in the Utilities folder on the Mac OS X Server Administration Tools CD.

Mac OS X property list

Property

Architectures

BootFile

Index

IsDefault

IsEnabled

Type

array

Description

An array of strings of the architectures the image supports.

String Name of boot ROM file: booter.

Integer 1–4095 indicates a local image unique to the server.

4096–65535 is a duplicate, identical image stored on multiple servers for load balancing.

Boolean True specifies this image file as the default boot image on the subnet.

Boolean Sets whether the image is available to NetBoot (or Network Image) clients.

Boolean True specifies a Network Install image; False specifies a NetBoot image.

IsInstall

Name

RootPath

String

String

Name of the image as it appears in the Mac OS X Preferences pane.

Specifies path to disk image on server, or the path to an image on

another server. See “Using Images Stored on Other Servers” on page 20.

NFS or HTTP.

Type String

SupportsDiskless Boolean True directs the NetBoot server to allocate space for the shadow files needed by diskless clients.

Description

Language

String

String

Arbitrary text describing the image.

A code specifying the language to be used while booted from the image.

Boot Server Discovery Protocol (BSDP)

NetBoot uses an Apple-developed protocol based on DHCP called Boot Server

Discovery Protocol (BSDP). This protocol provides a way of discovering NetBoot servers on a network. NetBoot clients obtain their IP information from a DHCP server and their

NetBoot information from BSDP. BSDP offers built-in support for load balancing. See

“Performance and Load Balancing” on page 55.

Chapter 1

About System Imaging Administration

19

20

BootP Server

NetBoot uses a BootP server (bootpd) to provide necessary information to client computers when they try to boot from an image on the server.

If you have BootP clients on your network, they might request an IP address from the

NetBoot BootP server, and this request will fail because the NetBoot BootP server doesn’t have addresses to offer. To prevent the NetBoot BootP server from responding to requests for IP addresses, use NetInfo Manager to open the NetBoot server’s local

NetInfo directory and add a key named bootp_enabled

with no value to the directory

/config/dhcp

.

Boot Files

When you create a Mac OS X NetBoot image with System Image Utility, it automatically generates three boot files and stores them on the NetBoot server in /Library/NetBoot/

NetBootSPn/image.nbi (where n is the volume number and image is the name of the image). These files are:

 booter

 mach.macosx

 mach.macosx.mkext

Note: If you enable NetBoot services when installing Mac OS X Server, the installer automatically creates NetBootSP0 share point on your server’s boot volume. Otherwise, you can set up NetBootSPn share points by choosing the volumes in which to store

NetBoot images from the list of volumes in the General pane of the Settings pane of

NetBoot service in Server Admin.

Trivial File Transfer Protocol

NetBoot uses the Trivial File Transfer Protocol (TFTP) to send boot files from the server to the client. When you start a NetBoot client, it sends out a request for startup software. The NetBoot server then delivers the booter file to the client via TFTP default port 69.

Client computers access the startup software on the NetBoot server from:

/private/tftpboot/NetBoot/NetBootSPn

This path is a symbolic link to Library/NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the name of the image).

Using Images Stored on Other Servers

You can store Mac OS X boot or install images on NFS servers other than the NetBoot

server itself. For more information, see “Using Images Stored on Remote Servers” on page 46.

Chapter 1

About System Imaging Administration

Security

You can restrict access to NetBoot service on a case-by-case basis by listing the hardware (also called the Ethernet or MAC) addresses of computers that you want to allow or deny access. A client computer’s hardware address is automatically added to the NetBoot Filtering list when the client starts up using NetBoot and is, by default,

enabled to use NetBoot. You can specify others. See “Restricting NetBoot Clients by

Filtering Addresses” on page 49.

Network Install Images

An install image is a special boot image that boots the client long enough to install software from the image, after which the client can boot from its own hard drive.

Just as a boot image replaces the role of a hard drive, an install image is a replacement for an installation CD.

Like a bootable CD-ROM disc, Network Install is a convenient way to reinstall the operating system, applications, or other software onto the local hard drive. For system administrators deploying large numbers of computers with the same version of

Mac OS X, Network Install can be very useful. Network Install does not require the insertion of a CD-ROM disk into each NetBoot client, because all startup and installation information is delivered over the network.

While creating an install image with System Image Utility, you have the option to automate the installation process by limiting the amount of interaction from anyone at the client computer. Because an automatic network installation can be configured to erase the contents of the local hard drive before installation, data loss can occur. You must control access to this type of Network Install disk image and must communicate to those using these images the implications of using them. It is always wise to inform users to back up critical data before using automatic network installations.

Software installations using Network Install can be performed using a collection of packages or an entire disk image (depending on the source used to create the image).

For more information on preparing install images to install software over the network

see “Creating Mac OS X Install Images” on page 35.

Before You Set Up NetBoot

Before you set up a NetBoot server, review the following considerations and requirements.

Chapter 1

About System Imaging Administration

21

22

What You Need to Know

To set up NetBoot on your server, you should be familiar with your network configuration, including the DHCP services it provides. Be sure you meet the following requirements:

 You’re the server administrator.

 You’re familiar with network setup.

 You know the DHCP configuration.

You might also need to work with your networking staff to change network topologies, switches, routers, and other network settings.

Client Computer Requirements

Most Macintosh computers that can run Mac OS X can use NetBoot to start up from a

Mac OS X disk image on a server. At the time of this publication, this includes the following Macintosh computers:

 Slot-loading G3 iMac (tray-loading iMacs are not supported)

 G4 iMac

 iMac G5

 Mac mini

 iBook

 eMac

 Power Mac G5

 Power Mac G4

 Power Mac G4 Cube

 PowerBook G3 (FireWire)

 PowerBook G4

 Xserve

 Xserve G5

You should install the latest firmware updates on all client computers. Firmware updates are available from the Apple support website: www.apple.com/support/.

The older Macintosh computers in the following list require NetBoot 1.0:

 iMacs with tray-loading CD drives

 G3 blue-and-white tower computers

 PowerBook G3 computers with bronze keyboards

Though Server Admin supports only NetBoot 2.0, you can enable support for these

NetBoot 1.0 clients using Terminal commands. For more information, see the system image chapter of the command-line administration guide.

Chapter 1

About System Imaging Administration

Note: AppleCare does not provide support for NetBoot 1.0 under the standard 90-day warranty, but will assist with issue resolution under a Mac OS X Server software support contract.

Client Computer RAM Requirements

Client computers using NetBoot to start up from a boot image must have at least 128

MB of RAM.

Client computers using Network Install must also have 128 MB of RAM.

Software Updates for NetBoot System Disk Images

You should use the latest system software when creating NetBoot disk images.

New Macintosh computers require updates of system software, so if you have new

Macintosh clients you’ll need to update your boot images.

To update a Mac OS X disk image, see “Adding an OS Update Package to a Mac OS X

Boot Image” on page 32.

Ethernet Support on Client Computers

NetBoot is supported only over the built-in Ethernet connection. Multiple Ethernet ports are not supported on client computers. Clients should have at least 100-Mbit

Ethernet adapters.

Network Hardware Requirements

The type of network connections you should use depends on the number of clients you expect to boot over the network:

 100-Mbit Ethernet (for booting fewer than 10 clients)

 100-Mbit switched Ethernet (for booting 10–50 clients)

 Gigabit Ethernet (for booting more than 50 clients)

These are estimates for the number of clients supported. See “Capacity Planning” on page 24 for a more detailed discussion of the optimal system and network

configurations to support the number of clients you have.

Chapter 1

About System Imaging Administration

23

24

Network Service Requirements

Depending on the types of clients you want to boot or install, your NetBoot server must also provide the following supporting services.

Service provided by

NetBoot Server

DHCP

NFS

AFP

HTTP

TFTP

For booting Mac OS X computers with hard disks

optional

For booting Mac OS X computers without hard disks

optional required if no HTTP not required required if no NFS required required if no HTTP required required if no NFS required

Note: DHCP service is listed as optional because, although it is required for NetBoot, it can be provided by a server other than the NetBoot server. Services marked “required” must be running on the NetBoot server.

NetBoot and AirPort

The use of AirPort wireless technology to NetBoot clients is not supported by Apple and is discouraged.

Capacity Planning

The number of NetBoot client computers your server can support depends on how your server is configured, when your clients routinely start up, the server’s hard disk space, and a number of other factors. When planning for your server and network needs, consider these factors:

 Ethernet speed: 100Base-T or faster connections are required for both client computers and the server. As you add more clients, you may need to increase the speed of your server’s Ethernet connections. Ideally you want to take advantage of the Gigabit Ethernet capacity built in to your Mac OS X server hardware to connect to a Gigabit switch. From the switch you should connect Gigabit Ethernet or 100-

Mbit Ethernet to each of the NetBoot clients.

 Hard disk capacity and number of images: Boot and install images occupy hard disk space on server volumes, depending on the size and configuration of the system image , the number of images being stored, including architecture-specific images that you need for Intel-based and PowerPC-based Macintosh clients. Images can be distributed across multiple volumes or multiple servers. For more information, see

“Performance and Load Balancing” on page 55.

 Hard disk capacity and number of users: If you have a large number of diskless clients, consider adding a separate file server to your network to store temporary user documents. Because the system software for a disk image is written to a shadow image for each client booting from the disk image, you can get a rough estimate for the required hard disk capacity required by multiplying the size of the shadow image by the number of clients.

Chapter 1

About System Imaging Administration

 Number of Ethernet ports on the switch: Distributing NetBoot clients over multiple

Ethernet ports on your switch offers a performance advantage. Each port must serve a distinct segment.

Serial Number Considerations

Before starting the NetBoot service, make sure that you obtain a site license for the images you intend on serving. The license covers all the NetBoot images served from a particular server. For every additional server, you need to obtain a site license to provide NetBoot service. Contact Apple to obtain site licenses.

If you plan on serving Network Install images for installing Mac OS X and Mac OS X

Server, also make sure that you have a site license.

If you plan on serving Network Install images for installing Mac OS X Server, you can use the Mac OS X Server Assistant to generate a setup file that you can add to the

Network Install image so that the server knows how to configure itself automatically.

If you use a generic file, you’ll have to enter the serial number manually using Server

Admin.

Setup Overview — NetBoot

Here is an overview of the basic steps for setting up NetBoot service.

Step 1: Evaluate and update your network, servers, and client computers as necessary

The number of client computers you can support using NetBoot is determined by the number of servers you have, how they’re configured, hard disk storage capacity, and

other factors. See “Capacity Planning” on page 24.

Depending on the results of this evaluation, you may want to add servers or hard disks, add Ethernet ports to your server, or make other changes to your servers. You may also want to set up more subnets for your BootP clients, depending on how many clients you support.

You may also want to implement subnets on this server (or other servers) to take

advantage of NetBoot filtering. See “Restricting NetBoot Clients by Filtering Addresses” on page 49.

If you plan to provide authentication and personalized work environments for NetBoot client users by using Workgroup Manager, you should set up workgroups and import users from the Mac OS X Server Users & Groups database before you create disk images. Make sure you have at least one Macintosh Manager user assigned to the

Workgroup Manager for Mac OS X clients.

Chapter 1

About System Imaging Administration

25

26

Step 2: Create disk images for client computers

You can set up Mac OS X disk images for client computers to start up from. To create

Mac OS X disk images, you use System Image Utility. See “Creating a Mac OS X Boot

Image” on page 29.

You may also want to restrict access to NetBoot images by using Model Filtering.

See “Creating an OS Install Image” on page 35.

To create application packages that you can add to an image, use PackageMaker.

Application software packages can be installed by themselves or along with Mac OS X

system software. See “Creating Packages” on page 38.

Step 3: Set up DHCP

NetBoot requires that you have a DHCP server running either on the local server or another server on the network. Make sure that you have a range of IP addresses sufficient to accommodate the number of clients that will be using NetBoot at the same time.

If your NetBoot server is also supplying DHCP service, you might get better performance if you configure your server as a gateway. That is, configure your subnets to use the server’s IP address as the router IP address.

Step 4: Configure and turn on NetBoot service

You use the NetBoot settings in Server Admin to configure NetBoot on your server.

See Chapter 3, “Setting Up NetBoot Service.”

You turn on NetBoot service using Server Admin. See “Starting NetBoot and Related

Services” on page 44 and “Enabling Images” on page 45.

Step 5: Set up Ethernet address filtering (optional)

NetBoot filtering is done by client computer hardware address. Each client’s hardware address is automatically registered the first time the client attempts to start up from a NetBoot disk image. You can allow or disallow specific clients by address.

See “Restricting NetBoot Clients by Filtering Addresses” on page 49.

Step 6: Test your NetBoot setup

Because there is risk of data loss or bringing down the network (by misconfiguring

DHCP), it is recommended that you test your NetBoot setup before implementing it on all your clients. You should test each different model of Macintosh that you’re supporting. This is to make sure that there are no problems with the boot ROM for a particular hardware type.

Step 7: Set up all client computers to use NetBoot

When you’re satisfied that NetBoot is working on all types of client computers, then you can set up the client computers to start up from the NetBoot disk images.

Chapter 1

About System Imaging Administration

You can use the client computer’s Startup Disk System Preference pane to select a

startup disk image from the server, then restart the computer. See “Selecting a NetBoot

Boot Image” on page 51. Or, you can restart the client computer and hold down the N

key until the NetBoot icon starts flashing on the screen. The client starts up from the

default image on the NetBoot server. See “Starting Up Using the N Key” on page 52.

Setup Overview — Network Install

Here is an overview of the basic steps for setting up Network Install service.

Step 1: Evaluate and update your network, servers, and client computers as necessary

The number of client computers you can support using NetBoot is determined by the number of servers you have, how they’re configured, hard disk storage capacity, and

other factors. See “Capacity Planning” on page 24.

Depending on the results of this evaluation, you may want to add servers or hard disks, add Ethernet ports to your server, or make other changes to your servers. You may also want to set up more subnets for your BootP clients, depending on how many clients you support.

You may also want to implement subnets on this server (or other servers) to take

advantage of NetBoot filtering. See “Restricting NetBoot Clients by Filtering Addresses” on page 49.

If you plan to provide authentication and personalized work environments for NetBoot client users by using Workgroup Manager, you should set up workgroups and import users from the Mac OS X Server Users & Groups database before you create disk images. Make sure you have at least one Macintosh Manager user assigned to the

Workgroup Manager for Mac OS X clients.

Step 2: Create disk images for client computers

You can set up Mac OS X disk images for client computers to start up from. To create

Mac OS X disk images, you use System Image Utility. See “Creating a Mac OS X Boot

Image” on page 29.

You may also want to restrict access to Network Install images by using Model Filtering.

See “Creating an OS Install Image” on page 35.

To create application packages that you can add to an image, use PackageMaker.

Application software packages can be installed by themselves or along with Mac OS X

system software. See “Creating Packages” on page 38.

Chapter 1

About System Imaging Administration

27

28

Step 3: Set up DHCP

NetBoot requires that you have a DHCP server running either on the local server or another server on the network. Make sure that you have a range of IP addresses sufficient to accommodate the number of clients that will be using NetBoot at the same time.

If your NetBoot server is also supplying DHCP service, you might get better performance if you configure your server as a gateway. That is, configure your subnets to use the server’s IP address as the router IP address.

Be sure DHCP service is started.

Step 4: Configure and turn on NetBoot service

You use the NetBoot settings in Server Admin to configure NetBoot on your server.

See Chapter 3, “Setting Up NetBoot Service.”

You turn on NetBoot service using Server Admin. See “Starting NetBoot and Related

Services” on page 44 and “Enabling Images” on page 45.

Step 5: Set up Ethernet address filtering (optional)

NetBoot filtering is done by client computer hardware address. Each client’s hardware address is automatically registered the first time the client attempts to start up from a NetBoot disk image. You can allow or disallow specific clients by address.

See “Restricting NetBoot Clients by Filtering Addresses” on page 49.

Step 6: Test your NetBoot setup

Because there is risk of data loss or bringing down the network (by misconfiguring

DHCP), it is recommended that you test your NetBoot setup before implementing it on all your clients. You should test each different model of Macintosh that you’re supporting. This is to make sure that there are no problems with the boot ROM for a particular hardware type.

Step 7: Set up all client computers to use NetBoot

When you’re satisfied that NetBoot is working on all types of client computers, then you can set up the client computers to start up from the NetBoot disk images.

You can use the client computer’s Startup Disk System Preference pane to select a

startup disk image from the server, then restart the computer. See “Selecting a NetBoot

Boot Image” on page 51. Or, you can restart the client computer and hold down the N

key until the NetBoot icon starts flashing on the screen. The client starts up from the

default image on the NetBoot server. See “Starting Up Using the N Key” on page 52.

Chapter 1

About System Imaging Administration

2

Creating Boot and Install Images

2

This chapter provides step-by-step instructions for preparing boot or install images that can be used with NetBoot service.

This chapter is divided into the following sections:

 “Creating Mac OS X Boot Images” on page 29

 “Creating Mac OS X Install Images” on page 35

 “Adding Software to Boot and Install Images” on page 37

 “Adding Post-Install Scripts to Install Images” on page 41

Creating Mac OS X Boot Images

The instructions in this section show how to create boot images of the Mac OS X operating system that you can use to start up client computers over the network.

As of Mac OS X Server10.4.4, you can create NetBoot images for Intel-based and

PowerPC-based Macintosh computers. To do so, you must have Mac OS X 10.4.4 or later and the latest version of System Image Utility. Use Software Update to ensure that you have the latest version.

Creating a Mac OS X Boot Image

You use System Image Utility to create Mac OS X NetBoot images.

Note: You must purchase an OS user license for each client that starts up from a

NetBoot disk image.

To create a boot image:

1

Log in to the server as an administrative user.

2

Open System Image Utility.

3

If creating an image from a Mac OS X v10.2 source, enable image compression.

If the image is not compressed, it might not boot. See “Compressing Images to Save

Disk Space” on page 34 for more information.

4

Click New Boot.

29

30

5

In the General pane, type a name for the image you’re creating.

This name will identify the image in the Startup Disk preferences pane on client computers.

6

In the image index field, type an Image ID.

To create an image that is unique to this server, choose an ID in the range 1–4095.

To create one of several identical images to be stored on different servers for load balancing, use an ID in the range 4096–65535. Multiple images of the same type with the same ID in this range are listed as a single image in a client’s Startup Disk preferences panel.

7

(Optional) Type notes or other information that will help you characterize the image in the Description field. Clients can’t see what you type.

8

Choose whether the image is to be delivered using NFS or HTTP. If you’re not sure which to choose, choose NFS.

9

To serve the image on the server on which you’re creating the image, choose Local.

10

(optional) To store the image on a remote computer and offer it via NFS or HTTP click

Remote.

 (remote service only) To deliver the image to users via HTTP on a remote server, complete the path with the remote server’s host name, the HTTP user name, and password used to access the file. Complete the entry by providing the port used to access the HTTP server (typically port 80).

 (remote service only) To deliver the image to users via NFS on a remote server, complete the path with the IP address, image path where the file will be stored on the server, and the NFS export setting (client, world, or subnet).

Important:

System Image Utility will create the actual image on the local server.

By completing the information requested in the path pane, an indirect NFS or HTTP path will be created for your image. Once you create the image, the admin user of the remote server must copy the image to and serve it from the exact remote path you specified.

11

Click Contents and choose the source for the image.

You can choose an install CD or DVD, a mounted boot volume, or an existing disk image. If you’re creating the image from CD or DVD, be sure it is inserted.

If you’re creating a Mac OS X v10.4 NetBoot image, System Image Utility creates a minimal boot image. Similarly, if creating a Mac OS X v10.3 NetBoot image, System

Image Utility creates a minimal boot image and will only use the first 2 CDs. If creating a Mac OS X v10.2 NetBoot image, however, the resulting image will contain everything in the installation CDs.

If you don’t want a minimal boot image, click Customize.

Chapter 2

Creating Boot and Install Images

Note: If your network includes both Intel-based and PowerPC-based Macintosh computers, you must create separate images for each architecture, using the appropriate architecture-specific OS install DVD or volume as the source for the image.

Important:

If you have created a standard disk image (.dmg file) from an OS install CD and want to use that image as the source for a NetBoot image, double-click the .dmg file in the Finder to mount the image, then choose it from the pop-up menu.

12

(CD source only) Choose the default language for the system. (Available only if you have already inserted the CD and chosen it as the source.)

13

(Optional) Click the Add (+) button below the Other Items list to add an application package, system update package, or post-install script to the image.

14

(CD source only) Click Default User, type a user name, short name, and password (in both the Password and Verify fields) for the system’s default user account. You can log in to a booted client using this account.

15

(Optional) Click Model Filter, and select the radio button to allow only computers to boot that are enabled in the list of models. If you want to allow any Macintosh computer to boot, select Allow any Apple Computer.

16

(Optional) Click Sharing Prefs and in the Computer Name field, type the name that the

NetBoot or Network Install client gets after installation or booting.

Note: Each client will have its computer name and local hostname set to the name you supplied plus the MAC address (without the colons) of the client.

Note: Alternatively, type the path to a tab-delimited .txt or .rtf file that has a list of MAC addresses and their corresponding computer names and local hostnames. Each client will get the name that corresponds to its MAC address in the specified file.

17

(Optional) Click Directory Services. Click Apply Directory Services settings from this machine to all clients, if you are not using DHCP to provide NetBoot clients with

Open Directory information. If you want each client that will boot from this image to get a unique set of directory service settings each time it boots, click Authenticate and authorize this selection.

Note: To create per CPU Directory Services bindings, the machine you are creating the image on should itself be bound to the DS server. Otherwise clicking the authenticate button will give an error dialogue saying “No DS bindings found.”

Note: For the checkbox that says “Apply directory services settings from this machine to all clients,” we recommend that the user sets up the machine he or she is creating the image on to bind to a DS server using Directory Access app and then check the checkbox.

18

Click Create.

If the Create button is not enabled, make sure you have entered an image name and

ID, and have chosen an image source.

Chapter 2

Creating Boot and Install Images

31

32

19

In the Save As dialog, choose where to save the image.

If you don’t want to use the image name you typed earlier, you can change it now by typing a new name in the Save As field.

If you’re creating the image on the same server that will serve it, choose a volume from the “Serve from NetBoot share point on” pop-up menu.

To save the image somewhere else, choose a location from the Where pop-up menu or click the triangle next to the Save As field and navigate to a folder.

20

Click Save.

To check progress, look in the lower-left corner of the window. If you need to insert another CD, you’ll be prompted there. To create the image without including the contents of a subsequent CD, click Finish when you are prompted to insert it.

Important:

Don’t open the .nbi folder in /Library/NetBoot/NetBootSPn while the image is being created; clients won’t be able to use the resulting image.

From the Command Line

You can also create a boot image using commands in Terminal. For more information, see the system image chapter of the command-line administration guide.

Adding an OS Update Package to a Mac OS X Boot Image

You can add a Mac OS X system update package to an existing NetBoot image so that your clients start up from the latest available system.

To apply a Mac OS X update to a NetBoot image:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Disable the image you want to update to prevent access while you’re modifying it.

Click Settings, click Images, deselect Enabled for the image, and click Save.

3

Open System Image Utility and click Images.

4

Select the image and click Edit.

5

In the Contents tab, click the Add (+) button and choose the OS update package.

6

Click Save.

7

Reenable the image in the Images pane of Server Admin NetBoot settings.

From the Command Line

You can also update a boot image using commands in Terminal. For more information, see the system image chapter of the command-line administration guide.

Chapter 2

Creating Boot and Install Images

Creating a Mac OS X Boot Image from an Existing System

If you already have a client computer set up to suit your users, you can use System

Image Utility to create a boot image that is based on that client’s configuration, including its architecture.

You need to boot from a volume other than the one you’re using as the image source

(boot from an external FireWire hard disk or a second partition on the client’s hard disk, for example). You can’t create the image on a volume over the network.

To create a boot image based on an existing system:

1

Boot the computer from a partition other than the one you’re imaging.

2

Copy System Image Utility to the client computer.

Note: To create architecture-specific images you must have Mac OS X 10.4.4 or later and the latest version of the System Image Utility. Use Software Update to obtain the latest version.

3

Open System Image Utility on the client and click New Boot.

4

Click Contents and choose the partition to use from the Image Source pop-up menu.

5

Enter the remaining image information in the other panes as usual, then click Create.

6

After the image has been created on the client, export it to the server.

Click Images, select the image in the list, and click Export.

From the Command Line

You can also create a boot image clone of an existing system using the hdiutil command in Terminal. For more information, see the system image chapter of the command-line administration guide.

Synchronizing an Image with an Updated Source Volume

If you create an image from a system volume and later update the original volume, you can automatically apply the updates to the image without re-creating it using System

Image Utility.

Important:

Be sure you synchronize the image with the correct original volume.

The updated original volume must be a local volume on the server where the image is being edited.

To sync an image with an updated source volume:

1

Make sure that the image you want to synchronize is not in use.

2

Open System Image Utility (in /Applications/Server).

3

Choose System Image Utility > Preferences, enable “Add items and sync with source when editing,” and close the preferences window.

Note: Due to the nature of the block copy process, you cannot add items to an image that has been created with block copy enabled.

Chapter 2

Creating Boot and Install Images

33

4

Click Images, select the image, and click Edit.

5

Click Contents and choose the updated source volume from the Image Source pop-up menu.

6

Click Save.

7

Reenable the image using Server Admin.

Choosing the Protocol Used to Deliver an Image

You can use either NFS or HTTP to send images from the server to a client. You can choose the protocol when you create the image using System Image Utility or later when the image is listed in Server Admin.

To choose the protocol when you create the image, choose either NFS or HTTP in the

General pane in System Image Utility.

To choose the protocol for an existing image, choose the NetBoot service in Server

Admin, click Settings, and choose a protocol from the pop-up list next to the image in the Images pane.

From the Command Line

You can also change the delivery protocol by modifying the image’s

NBImageInfo.plist

file using Terminal. For more information, see the system image chapter of the command-line administration guide.

Compressing Images to Save Disk Space

You can create compressed images by setting a preference in System Image Utility.

To create compressed images:

1

Open System Image Utility.

2

Choose System Image Utility > Preferences and select “Compress image when creating or editing.”

Be sure the volume on which you’re creating the image has enough free space for both the uncompressed image and the compressed image.

From the Command Line

You can also compress images using the hdiutil

command in Terminal. For more information, see the system image chapter of the command-line administration guide.

34 Chapter 2

Creating Boot and Install Images

Changing How Mac OS X NetBoot Clients Allocate Shadow Files

By default, a Mac OS X NetBoot client places its shadow files in a NetBootClientsn share point on the server. If no such share point is available, the client tries to store its shadow files on a local hard disk.

For Mac OS X version 10.3 and later images set for diskless booting, you can change this behavior by using a text editor to specify a value for the

NETBOOT_SHADOW

variable in the image’s /etc/hostconfig file. These values are allowed:

Value of

NETBOOT_SHADOW

-NETWORK-

-NETWORK_ONLY-

-LOCAL-

-LOCAL_ONLY-

Client shadow file behavior

(Default) Try to use a server NetBootClientsn share point for storing shadow files. If no server share point is available, use a local drive.

Try to use a server NetBootClientsn share point for storing shadow files. If no server share point is available, don’t boot.

Try to use a local drive for storing shadow files. If no local drive is available, use a server NetBootClientsn share point.

Try to use a local drive for storing shadow files. If no local drive is available, don’t boot.

Note: This value is set in the /etc/hostconfig file in the image .dmg file, not in the server’s hostconfig file.

Creating Mac OS X Install Images

The following sections show how to create images you can use to install software on client computers over the network.

Creating an OS Install Image

To create an image that will install Mac OS X software on a client computer, use System

Image Utility. You can find this application in the folder /Applications/Server/.

To create an OS install image:

1

Log in to the server as an administrative user.

2

Open System Image Utility and click New Install.

3

In the General pane, type a name for the image you’re creating.

4

Type an Image Index number.

Choose a number in the range 1–4095 for an image that will be available on a single server, or 4096–65535 for an image that you plan to make available on multiple servers but want to list only once in the client computer Startup Disk preferences.

Chapter 2

Creating Boot and Install Images

35

36

5

(CD source only) Choose the default language for the software. (Available only if you have already inserted the CD and chosen it as the source.)

Note: This is the language used by the installed software only. The installer that runs always appears in English (if this is not an automated install).

6

To serve the image on the server creating the image, choose Local. This will place the image in the /Library/NetBoot/ folder on your server.

7

(optional) To store the image on a remote computer and offer it via NFS choose

Remote.

Note: Network Install images can be served only via NFS.

8

(remote service only) To deliver the image to users via NFS on a remote server, complete the path pane with the IP address, image path where the file will be stored on the server, and the NFS export setting (client, world, or subnet).

Important:

System Image Utility will create the actual image on the local server.

By completing the information requested in the path pane, an indirect NFS path will be created for your image. Once you create the image, the admin user of the remote server must copy the image to and serve it from the exact remote path you specified.

9

On the Contents pane, choose the source for the image.

Choose an appropriate architecture-specific install CD, mounted boot volume, or existing disk image.

10

(Optional) Click the Add (+) button below the list to add applications or post-install scripts to the image.

11

To have the software install with limited or no interaction at the client computer, select

“Enable automated installation” in the Installation Options pane, then click Options.

Here you can set a specific volume name to install the contents of the image, the option to erase the volume before installing, restart the client computer after installing, and whether you want the client user to confirm the installation actions.

12

In the Installation Options pane, select “Verify destination after installing” to have the installer verify the integrity of the image after it is installed. (For images from volume source only.)

Selecting this option is highly recommended even though it slightly slows installation.

13

In the Installation Options pane, select “Change ByHost preferences to match client after install” so that the ByHost preferences of the installed software match those of the computer on which the software is installed.

14

(Optional) Click Model Filter, and select the radio button to allow only computers to boot that are enabled in the list of models. If you want to allow any Macintosh computer to boot, select Allow any Apple Computer.

Chapter 2

Creating Boot and Install Images

15

(Optional) Click Sharing Prefs and type the name in the Computer Name field that the

NetBoot or Network Install client gets after installation or booting.

Each client will have its computer name and local hostname set to the name you supplied plus the MAC address (without the colons) of the client.

You can also type the path to a tab-delimited .txt or .rtf file that has a list of MAC addresses and their corresponding computer names and local hostnames. Each client will get the name that corresponds to its MAC address in the specified file.

16

(Optional) Click Directory Services and do the following:

If you are not using DHCP to provide NetBoot clients with Open Directory information, use Directory Access to bind to a directory server, then select “Apply Directory Services settings from this machine to all clients.”

If you want clients to bind to directory services that are available to the computer you’re imaging, click Authenticate and authorize this selection.

Note: If the computer you’re imaging is not bound to directory servers, you’ll get an error message when you click Authenticate.

17

Click Create Image.

If the Create button is not enabled, make sure you have entered an image name and

ID, and have chosen an image source.

18

In the Save As dialog, choose where to save the image.

If you don’t want to use the image name you typed earlier, you can change it now by typing a new name in the Save As field.

If you’re creating the image on the same server that will serve it, choose a volume from the “Serve from NetBoot share point on” pop-up menu.

To save the image somewhere else, choose a location from the Where pop-up menu or click the triangle next to the Save As field and navigate to a folder.

19

Click Save.

To check progress, look in the lower-left corner of the window. If you need to insert another CD, you’ll be prompted there. To create the image without including the contents of a subsequent CD, click Finish when you are prompted to insert it.

Adding Software to Boot and Install Images

There are two basic approaches to including additional software in an image:

 Add additional applications and files to an existing system before creating an image

using that system as the source (see “Creating a Mac OS X Boot Image from an

Existing System” on page 33).

 Add packages containing the additional applications and files to an existing image

(see “Creating an Application-Only Install Image” on page 39).

Chapter 2

Creating Boot and Install Images

37

About Packages

If you plan to add application software or other files to an image at creation time

(instead of installing the applications or files on the image source volume before you create the image), you need to group the applications or files into a special file called a

package.

A package is a collection of compressed files and related information used to install software onto a computer. The contents of a package are contained within a single file, which has the extension “.pkg.” The following table lists the components of a package.

File in Package

product.pax.gz

product.bom

product.info

product.sizes

product.tiff

product.status

product.location

software_version

Description

The files to be installed, compressed with gzip and archived with pax. (See man pages for more information about gzip and pax.)

Bill of Materials: a record of where files are to be installed. This is used in the verification and uninstall processes.

Contains information to be displayed during installation.

Text file; contains the number of files in the package.

Contains custom icon for the package.

Created during the installation, this file will either say “installed” or

“compressed.”

Shows location where the package will be installed.

(Optional) Contains the version of the package to be installed.

Creating Packages

To add applications or other files to an image (instead of installing them first on the image source volume before creating the image), use PackageMaker to create packages containing the application or files. PackageMaker is in the Utilities folder on the Mac OS X Server Administration Tools CD that comes with Mac OS X Server.

For more information on creating packages, open PackageMaker and choose

PackageMaker Help, PackageMaker Release Notes, or Package Format Notes from the

Help menu.

After creating the packages, add them to your boot or install image using System

Image Utility. See “Creating an Application-Only Install Image” on page 39, or “Adding

Packages to a Boot or Install Image” on page 39.

38 Chapter 2

Creating Boot and Install Images

Adding Packages to a Boot or Install Image

To include additional application (.app) or file (.pkg) packages in an image, add the packages to the image using System Image Utility.

You can add packages at the time you create an image or add packages to an existing image.

To add packages to a new image you’re creating using System Image Utility, click the

Add (+) button after you select the image source in the Contents pane.

To add packages to an existing image, open System Image Utility, click Images, and select the image in the list. Then click Edit, and click the Add (+) button in the Contents pane.

In either case, you can drag package icons from the Finder to the Other Items list in the

Contents tab instead of using the Add (+) button.

Note: Using System Image Utility, you can add only embedded metapackages like iTunes and Apple Remote Desktop, which contain the packages they reference. As for unembedded metapackages (.mpkg files), you can’t add them to an image using

System Image Utility, but you can add the packages that they reference directly from the Finder.

From the Command Line

You can also add packages to a boot or install image by modifying the image and its associated rc.cdrom.packagePath or minstallconfig.xml file in Terminal. For more information, see the system image chapter of the command-line administration guide.

Creating an Application-Only Install Image

To create an install image that contains application software but no operating system software, deselect the Include Mac OS X option in the Contents pane in System Image

Utility.

Note: You can’t use System Image Utility to create an automated install image that contains a metapackage or more than one regular package. You can do this using commands in Terminal. For more information, see the system image chapter of the command-line administration guide.

To add packages to a new image you’re creating using System Image Utility, click the

Add (+) button after you select the image source in the Contents pane.

You can drag package icons from the Finder to the Other Items list in the Contents tab instead of using the Add (+) button.

Chapter 2

Creating Boot and Install Images

39

40

Automating Image Installation

To install Mac OS X software (along with any packages you add) with limited or no interaction from anyone at the client computer, use System Image Utility to create an automated install image. Otherwise, a user at the client computer will have to respond to questions from the installer.

To set up an OS image for automated installation:

1

Open System Image Utility and click New Install.

2

Provide information in the General and Contents panes as usual.

3

In the Installation Options pane, select “Enable automated installation.”

4

Click the Options button.

5

For unattended installation, choose “Install on volume” next to Target Volume and type the name of the volume on the client computer where the software will be installed.

To allow the user at the client computer to select the volume on which to install, choose “User selects.”

6

To install the software on a clean drive, enable “Erase the target volume before installing.”

7

To install without requiring user confirmation at the client computer, disable “Require client user to respond to a confirmation dialog.”

8

If the installed software requires a restart, enable “Restart the client computer after installing.”

If the name you provide for the install volume does not match the name of a volume on the client computer, a user at the client computer must respond to an installer prompt for another target volume.

From the Command Line

You can also set up an image for automated install by modifying the associated minstallconfig.xml file using Terminal. For more information, see the system image chapter of the command-line administration guide.

Viewing the Contents of a Package

To view the contents of a package, hold down the Control key as you click the package in a Finder window and choose Show Package Contents from the menu that appears.

You use PackageMaker (in the /Developer/Applications/Utilities folder after you install

Xcode using the disc included with the Mac OS X client software) to create application software packages to use with Network Install.

From the Command Line

You can also list the contents of a package using commands in Terminal. For more information, see the system image chapter of the command-line administration guide.

Chapter 2

Creating Boot and Install Images

Installing Mac OS Updates

To use Network Install to install operating system updates on client computers, add the system update package to an install image in the same way you would add any other

package. See “Adding Packages to a Boot or Install Image” on page 39.

You can download Mac OS updates from www.apple.com/support.

Adding Post-Install Scripts to Install Images

Post-install scripts let you make changes to software after it has been installed on client computers. As the name implies, post-install scripts run at the end of the network install process.

You can use the scripts to perform any tasks you want—within the limitations of the scripts themselves. However, post-install scripts are typically used to make minor changes to network-installed software when you don’t want to create additional install images. For example, you may use post-install scripts to delete files, set startup items, or create a user after installing software on a client computer.

Note: One good use of post-install scripts is to alter items in the ~/Library/Preferences/

ByHost folder to ensure that settings in the original image persist or to override them.

For example, you can create a script to replace the MAC address in the names of items in the ByHost folder with the MAC address of the computer on which the image has been installed. In this way, any imaged computer will retain the settings (such as display and print preferences) in the original image.

Post-install scripts work only with install images created from volumes mounted on your computer; they cannot be used with install images created from CDs. Post-install scripts must be written as shell scripts. Perl scripts are not supported.

To add post-install scripts to a new install image you’re creating using System Image

Utility, click the Add (+) button in the Contents pane and select the scripts you want to add.

To add post-install scripts to an existing image, open System Image Utility, click Images, and select the image in the list. Then click Edit, click the Add (+) button in the Contents pane, and select the scripts you want to add.

When you create an install image with post-install scripts, System Image Utility copies the scripts to the /var/db/emptyScriptFolder/ directory. The Network Install application runs the scripts in the order that you add them to the image in System Image Utility.

The order of the scripts is recorded in the text file /private/etc/emptyScript, which contains a list of the paths to each of the scripts. To change the order the scripts are executed, edit the text file, which you can do by mounting the image on your server.

Chapter 2

Creating Boot and Install Images

41

When you have rearranged the entries in the text file, save the file and eject the image.

The image is updated automatically. (If you cannot edit the text file because the image is read-only, use Disk Utility to convert the file to read/write. Don’t forget to convert the image back to read-only when you are finished.)

From the Command Line

You can also edit the /private/etc/emptyScript file from Terminal. For more information, see the system image chapter of the command-line administration guide.

42 Chapter 2

Creating Boot and Install Images

3

Setting Up NetBoot Service

3

This chapter describes how to set up NetBoot service to make boot and install images available to clients.

You set up NetBoot service using Server Admin as described in this chapter.

Configuring NetBoot Service

You use Server Admin to configure the Mac OS X Server NetBoot service.

To configure NetBoot:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click the Settings button, then click General.

3

Click Enable next to the network ports you want to use for serving images.

4

Click in the Images column of the Volume list to choose where to store images.

5

Click in the Client Data column of the Volume list for each local disk volume on which you want to store shadow files used by Mac OS X diskless clients.

6

Click Save, then click Images.

7

Enable the images you want your clients to use, specify if they are available for diskless clients, and choose the protocol for delivering them.

If you’re not sure which protocol to use, choose NFS.

8

Click in the Default column of the Image list to select the default image. You can select separate default images for Intel-based and PowerPC-based Macintosh clients.

Note: If your network includes Intel-based and PowerPC-based Macintosh computers, you need to provide separate architecture-specific NetBoot images. The architecture column in the Images list displays the processor type that the image supports. See

“Creating a Mac OS X Boot Image” on page 29 for information about creating the

images.

9

Click Save.

10

(Optional) Click the Filters tab to restrict clients to a known group. For more

information, see “Restricting NetBoot Clients by Filtering Addresses” on page 49.

43

44

From the Command Line

You can also configure NetBoot service using the serveradmin

command in Terminal.

See the system image chapter of the command-line administration guide.

Starting NetBoot and Related Services

NetBoot service uses AFP, NFS, DHCP, Web, and TFTP services, depending on the types

of clients you’re trying to boot (see “Network Service Requirements” on page 24).

You can use Server Admin to start AFP, DHCP, Web, and NetBoot. NFS and TFTP start automatically.

Note: NetBoot does not start automatically after server restart when you enable

NetBoot service in the Setup Assistant when you first install the server software.

Only the required share points are set up.

To start NetBoot service:

1

Open Server Admin.

2

If you’ll be booting diskless Mac OS X clients, start AFP service.

Select AFP in the Computers & Services list and click Start Service.

3

If your server is providing DHCP service, make sure the DHCP service is configured and running. Otherwise, DHCP service must be supplied by another server on your network.

If your NetBoot server is also supplying DHCP service, you might get better performance if you configure your server as a gateway. That is, configure your subnets to use the server’s IP address as the router IP address.

4

Select NetBoot in the Computers & Services of Server Admin.

5

Click Settings.

6

Select which network ports to use for providing NetBoot service.

You can select one or more network ports to serve NetBoot images. For example, if you have a server with two network interfaces, each connected to a network, you can choose to serve NetBoot images on both networks.

7

Click Images.

8

Select the images to serve.

9

Click Save.

10

Click Start Service.

From the Command Line

You can also start NetBoot and supporting services using commands in Terminal.

For more information, see the system image chapter of the command-line administration guide.

Chapter 3

Setting Up NetBoot Service

Enabling Images

You must enable one or more disk images on your server to make the images available to client computers for NetBoot startups.

To enable disk images:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click Images.

3

Click in the Enable column for each image you want your clients to see.

4

Click Save.

Choosing Where Images Are Stored

You can use Server Admin to choose the volumes on your server you want to use for storing boot and install images.

Warning:

Don’t rename a NetBoot share point or the volume on which it resides.

Don’t use Workgroup Manager to stop sharing for a NetBoot share point unless you first deselect the share point for images and shadow files in Server Admin.

To choose volumes for storing image files:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click General.

3

In the list of volumes in the lower half of the window, click the checkbox in the Images column for each volume you want to use to store image files.

4

Click Save.

From the Command Line

You can also specify that a volume should be used to store image files using the serveradmin

command in Terminal. For more information, see the system image chapter of the command-line administration guide.

Chapter 3

Setting Up NetBoot Service

45

46

Choosing Where Shadow Files Are Stored

When a diskless client boots, temporary “shadow” files are stored on the server. You can use Server Admin to specify which server volumes are used to store the temporary files.

Warning:

Don’t rename a NetBoot share point or the volume on which it resides.

Don’t use Workgroup Manager to stop sharing for a NetBoot share point unless you first deselect the share point for images and shadow files in Server Admin.

To use a volume for storing shadow files:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click General.

3

In the list of volumes in the lower half of the window, click the checkbox in the Client

Data column for the volumes you want to use to store shadow files.

4

Click Save.

From the Command Line

You can also specify that a volume should be used to store shadow files using the serveradmin

command in Terminal. For more information, see the system image chapter of the command-line administration guide.

Using Images Stored on Remote Servers

You can store boot or install images on remote NFS or HTTP servers other than the

NetBoot server itself.

To store an image on a separate remote server:

1

Create the image on the NetBoot server with System Image Utility.

When creating the image, you need to specify where to store the image. To specify where to store the image on a remote server:

a

In System Image Utility, click General.

b

Click NFS or HTTP.

c

Click Remote.

d

In the sheet that appears, provide the required information.

If storing images on an NFS server, provide the host name or IP address of the server, the path of the mount point (NFS Export), and the path to the image relative to the mount point.

If storing images on an HTTP server, provide the host name or IP address of the server, the path to the image (the path of the root disk image relative to the .nbi directory), a username and password for accessing the image, and a port number.

The NetBoot server assumes that the .nbi directory under NetBootSPn is exported via

HTTP using the following convention:

Chapter 3

Setting Up NetBoot Service

http://server_ip/NetBoot/NetBootSPn/image_path.nbi

Where server_ip is the IP address of the server, n is the volume number, and

image_path is the path to the image.

e

Click OK.

2

Copy the image (.dmg) file from the .nbi folder on the NetBoot server to a shared

(exported) directory on the other server. Leave the .nbi folder and the other files it contains on the NetBoot server.

You can also copy the image to the other server by selecting the image in the Images pane of System Image Utility, clicking Export, and selecting the .dmg file to export.

Using the Export button is the safest way to copy the image to the other server because it ensures that the image has the proper permissions.

If the image is already on the remote server, you can create the .nbi folder on the

NetBoot server by duplicating an existing .nbi folder and adjusting the values in its

NBImageInfo.plist file.

Moving Images to Other Servers

Use the Export feature of System Image Utility to move images to another server, including servers without displays or keyboards.

To copy an image to another server:

1

Open System Image Utility and click Images.

2

Select the image in the list and click Export, and provide the target information.

Important:

To avoid problems with file permissions, don’t use Terminal or the Finder to copy boot or install images across the network to other servers.

Deleting Images

When you delete images, System Image Utility only moves them to the Trash and doesn’t erase them from the drive.

To delete an image:

1

Open System Image Utility and click Images.

2

Select the image in the list and choose Edit > Delete.

Chapter 3

Setting Up NetBoot Service

47

Editing Images

When you edit images, System Image Utility gives you the option to back them up.

To edit an image:

1

Open System Image Utility and click Images.

2

Select the image in the list and click Edit.

System Image Utility prompts you whether you want to back up the image. You can back up the image to any drive on your computer.

3

When you’re done editing, click Save.

Specifying the Default Image

The default image is the image used when you start a client computer while holding

down the N key. See “Starting Up Using the N Key” on page 52. If you’ve created more

than one startup disk image, you can use the NetBoot service settings in Server Admin to select the default startup image.

Important:

If you have diskless clients, set their boot image as the default image.

If you have more than one NetBoot server on the network, a client uses the default image on the first server that responds. There is no way to control which default image is used when more than one is available.

To specify the default boot image:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click Images.

3

Click the checkbox in the Default column next to the image. You can select separate default images for Intel-based and PowerPC-based Macintosh computers. The architecture column displays the image type.

4

Click Save.

From the Command Line

You can also specify the default image using the serveradmin

command in Terminal.

For more information, see the system image chapter of the command-line administration guide.

48 Chapter 3

Setting Up NetBoot Service

Setting an Image for Diskless Booting

You can use Server Admin to make an image available for booting client computers that have no local disk drives. Setting an image for diskless booting instructs the

NetBoot server to allocate space for the client’s shadow files.

To make an image available for diskless booting:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click Images.

3

Click the box in the Diskless column next to the image in the list.

4

Click Save.

Important:

If you have diskless clients, set their boot image as the default image.

For help specifying where the client’s shadow files are stored, see “Choosing Where

Shadow Files Are Stored” on page 46.

From the Command Line

You can also set an image to boot diskless using the serveradmin

command in

Terminal. For more information, see the system image chapter of the command-line administration guide.

Restricting NetBoot Clients by Filtering Addresses

The filtering feature of NetBoot service lets you restrict access to the service based on the client’s Ethernet hardware (MAC) address. A client’s address is added to the filter list automatically the first time it starts up from an image on the server, and is allowed access by default, so it is usually not necessary to enter hardware addresses manually.

To restrict client access to NetBoot service:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click Filters.

3

Select either “Allow only clients listed below” or “Deny only clients listed below.”

4

Select “Enable NetBoot filtering.”

5

Use the Add (+) and Delete (-) buttons to set up the list of client addresses.

To look up a MAC address, type the client’s DNS name or IP address in the Host Name field and click the Search button.

To find the hardware address for a computer using Mac OS X, look on the TCP/IP pane of the computer’s Network preference or run Apple System Profiler.

Note: You can also restrict access to a NetBoot image by double-clicking the name of the image in the Images pane of the NetBoot pane of Server Admin and providing the required information.

Chapter 3

Setting Up NetBoot Service

49

Changing Advanced NetBoot Options

You can control additional NetBoot options by running the bootpd

program directly and by modifying configuration parameters in NetInfo. For more information, read the bootpd man page.

To view the bootpd man page:

1

Open Terminal.

2

Type man bootpd

.

Setting Up NetBoot Service Across Subnets

A network boot starts by a client computer broadcasting for any computers that will respond to the Boot Service Discovery Protocol (BSDP). Routers are usually configured by default to block broadcast traffic in order to reduce the amount of unnecessary data flowing to other parts of the network. If you need to provide NetBoot service across subnets you must configure the router to pass on BSDP traffic to the NetBoot server.

Check with your router manufacturer to see if your router is capable of passing

BSDP traffic.

50 Chapter 3

Setting Up NetBoot Service

4

Setting Up Clients to Use NetBoot and Network Install

4

This chapter describes how to set up client computers to start up from or install software from images on a server.

Setting Up Diskless Clients

NetBoot makes it possible to configure client computers without locally installed operating systems or even without any installed disk drives. “System-less” or diskless

clients can start up from a NetBoot server using the N key method. (See “Starting Up

Using the N Key” on page 52.)

After the client computer has started up, you can use the Startup Disk preference pane to select the NetBoot disk image as the startup disk for the client. That way you no longer need to use the N key method to start up the client from the server.

Removing the system software from client computers gives you additional control over users’ environments. By forcing the client to boot from the server and using client management to deny access to the client computer’s local hard disk, you can prevent users from saving files to the local hard disk.

Selecting a NetBoot Boot Image

If your computer is running Mac OS X version 10.2 or later, you use the Startup Disk

System Preferences pane to select a NetBoot boot image.

To select a NetBoot startup image from Mac OS X:

1

In System Preferences select the Startup Disk pane.

2

Select the network disk image you want to use to start up the computer.

3

Click Restart.

The NetBoot icon appears, and then the computer starts up from the selected image.

51

Selecting a Network Install Image

If your computer is running Mac OS X version 10.2 or later, you use the Startup Disk

System Preferences pane to select a network install image.

To select an install image from Mac OS X:

1

In System Preferences select the Startup Disk pane.

2

Select the network disk image you want to use to start up the computer.

3

Click Restart.

The NetBoot icon appears, the computer starts up from the selected image, and the installer runs.

Starting Up Using the N Key

You can use this method to start up any supported client computer from a NetBoot disk image. When you start up with the N key, the client computer starts up from the default NetBoot disk image. (If multiple servers are present, then the client starts up from the default image of the first server to respond.)

Note: See the manual that came with the computer for additional information about using the N key when starting the system. Some computers have additional capabilities.

If you have an older client computer that requires BootP for IP addressing (a trayloading iMac, blue and white PowerMac G3, or older computer), you must use this method for starting up from a NetBoot disk image. Older computers don’t support selecting a NetBoot startup disk image from the Startup Disk control panel or preferences pane.

The N key also provides a way to start up client computers that don’t have system

software installed. See “Setting Up Diskless Clients” on page 51.

To start up from a NetBoot disk image using the N key:

1

Turn on (or restart) the client computer while holding the N key down on the keyboard.

Hold the N key down until the NetBoot icon appears in the center of the screen.

2

If a login window appears, enter your name and password.

The network disk image has an icon typical of server volumes.

52 Chapter 4

Setting Up Clients to Use NetBoot and Network Install

5

Managing NetBoot Service

5

This chapter describes typical day-to-day tasks you might perform to keep NetBoot service running efficiently, and includes information on load balancing across multiple volumes on a server or across multiple servers.

Controlling and Monitoring NetBoot

The following sections show how to stop NetBoot service, disable individual images, and monitor or restrict clients.

Turning Off NetBoot Service

The best way to prevent clients from using NetBoot on the server is to disable NetBoot service on all Ethernet ports.

To disable NetBoot:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Stop Service.

To stop service on a specific Ethernet port, click Settings, click General, and deselect the

Enable checkbox for the port.

To stop serving a particular image, click Settings, click Images, and deselect the Enable checkbox for the image.

To stop service to a particular client, click Settings, click Filters, select Enable NetBoot

Filtering, choose “Deny only clients listed below,” and add the client’s hardware address to the list.

From the Command Line

You can also stop NetBoot service or disable images using the serveradmin

command in Terminal. For more information, see the system image chapter of the command-line administration guide.

53

54

Disabling Individual Boot or Install Images

Disabling an image prevents client computers from starting up using the image.

To disable a NetBoot disk image:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click Images.

3

Deselect the checkbox in the Enable column for the image.

4

Click Save.

From the Command Line

You can also disable images using the serveradmin

command in Terminal. For more information, see the system image chapter of the command-line administration guide.

Viewing a List of NetBoot Clients

You can use Server Admin to see a list of clients that have booted from the server.

To view the client list:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Clients.

Note: This is a cumulative list—a list of all clients that have connected—not a list of just currently connected clients. The last boot time is shown for each client.

Checking the Status of NetBoot and Related Services

You can use Server Admin to check the status of NetBoot service and the other services

(such as NFS and TFTP) that it uses.

To check NetBoot service status:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

To see a summary of service status, click Overview. To view the log file, click Logs.

From the Command Line

You can check the status of NetBoot and its supporting services using commands in

Terminal. See the system image chapter of the command-line administration guide.

Viewing the NetBoot Service Log

You can use Server Admin to view a log containing diagnostic information.

To view NetBoot service log:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Logs.

Chapter 5

Managing NetBoot Service

From the Command Line

You can see the log by viewing the contents of the log file in Terminal. For more information, see the system image chapter of the command-line administration guide.

Performance and Load Balancing

For good startup performance, it is critical that the NetBoot server be available to the client computer relying on it. To provide responsive and reliable NetBoot service, you can set up multiple NetBoot servers in your network infrastructure.

Many sites using NetBoot achieve acceptable responsiveness by staggering the boot times of client computers in order to reduce network load. Generally, it isn’t necessary to boot all client computers at exactly the same time; rather, client computers are booted early in the morning and remain booted throughout the work day. You can program staggered startup times using the Energy Saver preferences pane.

Boot Images

If heavy usage and simultaneous client startups are overloading a NetBoot server and causing delays, consider adding additional NetBoot servers to distribute the demands of the client computers across multiple servers (load balancing). When incorporating multiple NetBoot servers, it is important to use switches in your network infrastructure, as the shared nature of hubs creates a single shared network on which additional servers would have to vie for time.

Distributing Boot Images Across Servers

If you set up more than one NetBoot server on your network, you can place copies of a particular boot image on multiple servers to distribute the load. By assigning the copies the same image ID in the range 4096–65535, you can advertise them to your clients as a single image to avoid confusion.

To distribute an image across servers:

1

Open System Image Utility on the server where the original image is stored.

2

Click Images (near the top of the window) and select the image in the list.

3

If the image’s Index is 4095 or lower, click Edit and give the image an index in the range

4096–65535.

4

Use the Export button to place copies of the image on the other servers.

5

On each of the other servers, use Server Admin to enable the image.

Clients still see the image listed only once in their Startup Disk preferences, but the server that delivers its copy of the image is automatically selected based on how busy the individual servers are.

Chapter 5

Managing NetBoot Service

55

Smaller improvements can be achieved by distributing boot images across multiple disk drives on a single server.

Distributing Boot Images Across Server Disk Drives

Even with a single NetBoot server, you might improve performance by distributing copies of an image across multiple disk drives on the server. By assigning the copies the same image ID in the range 4096–65535, you can advertise them to your clients as a single image.

Note: Don’t distribute images across different partitions of the same physical disk drive.

Doing so does not improve, and can even reduce, performance.

To distribute an image across disk drives:

1

Open Server Admin and select NetBoot in the Computers & Services list.

2

Click Settings, then click General.

3

Click in the Images column for each volume you want to use for storing images.

Choose volumes on different physical disk drives.

4

Click Save, then click Images.

5

If the image’s ID in the Index column is 4095 or lower, double-click the ID, type an index in the range 4096–65535, and save the change.

6

Open Terminal, and use the secure copy, scp

, command to copy the image to the

NetBootSPn share points on the other volumes. For example: scp /Library/NetBoot/NetBootSP0/image.nbi [admin_name]@[ip_address]:/

Volumes/Drive2/Library/NetBoot/NetBootSP1

Where

[admin_name]

is an admin login and

[ip_address]

is the correct IP address for that server. You will be prompted for the password of the admin login you supply.

Balancing Boot Image Access

If you add a second NetBoot server to a network, have your clients reselect their boot image in the Startup Disk control panel or preferences pane. This causes the NetBoot load to be redistributed among the servers. You can also force redistribution of the load by deleting the file /var/db/bsdpd_clients from the existing NetBoot server. Similarly, if you’re recovering from a server or infrastructure failure, and your clients have been booting from a reduced number of NetBoot servers, you’ll need to delete the bsdpd_clients file from the running servers so that clients can once again spread out across the entire set of servers.

56 Chapter 5

Managing NetBoot Service

The bsdpd_clients file on any given server holds the Ethernet Media Access Control

(MAC) addresses of the computers that have selected this server as their NetBoot server. As long as a client has an entry in an available server’s bsdpd_clients file, it will always boot from that server. If that server should become unavailable to those clients, they will locate and associate themselves with an available server until such time as you remove their entries (or the entire files) from their servers.

Note: If a client is registered on more than one server because an unavailable server comes back on line, the client boots from the server with the fewest number of clients booted off of it.

Distributing Shadow Files

Clients booting from Mac OS X diskless images store temporary “shadow” files on the server.

By default, NetBoot for Mac OS X clients creates a share point for client shadow files on

the server boot volume. (You can change this behavior; see “Changing How Mac OS X

NetBoot Clients Allocate Shadow Files” on page 35.) You can use Server Admin to see

this share point and to add others. The share points are named NetBootClientsn where

n is the share point number. Share points are numbered starting with zero.

For example, if your server has two disk volumes, the default shadow-file directory is

NetBootClients0 on the boot volume. If you use Server Admin to specify that client data should also be stored on the second volume, the directory is named NetBootClients1.

NetBoot stores the first client’s shadow files on NetBootClients0, the second client’s shadow files on NetBootClients1, the third client’s shadow files on NetBootSP0, and so on. Likewise, with three volumes selected and eight clients, the first, fourth, and seventh clients will use the first volume; the second, fifth, and eighth clients will use the second volume; and the third and sixth clients will use the third volume.This load balancing is automatic and usually ensures optimal performance.

To prevent shadow files from being placed on a particular volume, use the General pane in the NetBoot service settings in Server Admin. Deselect the client data checkbox for any volume in which you don’t want shadow files placed.

You can also prevent the shadow files from being placed on a particular volume or partition by deleting the hidden file /Library/NetBoot/.clients, which is a symbolic link, from the volume, then stopping and restarting NetBoot service.

Advanced NetBoot Tuning

You can adjust a wide range of NetBoot options by running the bootpd

program directly and by modifying configuration parameters in specific NetInfo directories.

For more information, read the bootpd man page. To view the man page, open

Terminal and type man bootpd

.

Chapter 5

Managing NetBoot Service

57

58 Chapter 5

Managing NetBoot Service

6

Solving Problems with System

Imaging

6

This chapter provides solutions for common problems you may encounter while working with NetBoot and

Network Install.

This chapter contains solutions to common problems.

General Tips

 Make sure a DHCP service is available on your network. It can be provided by the

Mac OS X Server DHCP service or another server.

 Make sure required services are started on the server. See “Network Service

Requirements” on page 24. Open Server Admin and make sure:

 AFP is started if you’re booting Mac OS X diskless clients

 Web service is started if you’re using HTTP instead of NFS to deliver images

A NetBoot Client Computer Won’t Start Up

 Sometimes a computer may not start up immediately because other computers are putting a heavy demand on the network. Wait a few minutes and try starting up again.

 Make sure that all the cables are properly connected and that the computer and server are getting power.

 If you installed memory or an expansion card in the client computer, make sure it is installed properly.

 If the server has more than one Ethernet card, or you’re using more than one port on a multiport Ethernet card, check to see if other computers using the same card or port can start up. If they can’t, check to be sure the Ethernet port you set up on the server is the same port to which the client computer is connected. It’s easy to mistake Ethernet port 1 for Ethernet port 4 on a multiport card. On the cards that come preinstalled in Macintosh servers, the ports are numbered 4, 3, 2, 1 (from left to right), if you’re looking at the back of the computer.

59

60

 If the computer has a local hard disk with a System Folder on it, disconnect the

Ethernet cable and try to start up the computer from the local hard disk. Then reconnect the Ethernet cable and try to start up the computer from the network.

 Boot the client computer from a local drive and check that it is getting an IP address from DHCP.

 On a diskless or systemless client, start up from a system CD and use the Startup Disk preferences to select a boot image.

 Make sure that there is a architecture-specific image available on the server that the

client is using. See “Creating a Mac OS X Boot Image” on page 29 for information on

creating images for Intel-based and PowerPC-based Macintosh computers.

 Make sure that you have specified a default image for the architecture of the client

Macintosh computer. See “Specifying the Default Image” on page 48.

You’re Using Macintosh Manager and a User Can’t Log In to a

NetBoot Client

 Check to see if the user can log in to other computers. If the user can log in to other computers, then the computer the user can’t log into may be connected to a

Macintosh Manager server on which the user does not have an account. If there is more than one Macintosh Manager server, make sure the user has selected a server on which he or she has an account.

 Open Macintosh Manager and make sure the user is a member of at least one workgroup.

 Open Macintosh Manager and reset the user’s password.

The Create Button in System Image Utility Is Not Enabled

 Make sure you have entered an image name and ID in the General pane.

 Make sure you have chosen an image source in the Contents pane.

 For an image based on a CD or DVD source, make sure you have entered a default user name with a password that is at least four characters long in the Default User pane.

Controls and Fields in System Image Utility Are Disabled

Click New Boot or New Install at the top of the window, or close and reopen the

System Image Utility.

Chapter 6

Solving Problems with System Imaging

Can’t Edit Image Name in System Image Utility

System Image Utility doesn’t let you edit the name of an image after you have created it. There are, however, other ways to do that. This section describes how to change the name of an uncompressed image that you have created using System Image Utility.

Changing the Name of an Uncompressed Image

1

Mount the image in the finder.

Open the .nbi folder containing the image and double-click it.

2

Open a Terminal window and type the following command to rename the image: sudo diskutil rename /Volumes/<image> <new_name> where

<image>

is the name of the image you want to rename and

<new_name>

is the new name of the image.

3

Enter the root password when prompted.

The name of the image changes.

4

Unmount the image.

5

Remount the image to verify that it has been renamed.

Changing the Name of a Compressed Image

This section describes how to change the name of a compressed image that you have created using System Image Utility.

To change the name of an compressed image:

1

Mount the image in the Finder.

Open the .nbi folder containing the image and double-click it.

2

Launch Disk Utility.

3

Select the image and click Convert.

4

Type a name in the Save As field.

5

Select a different location in which to save the image.

For example, save the image on the Desktop folder.

6

Choose read/write from the Image Format menu.

7

Click Save.

8

Unmount the image.

9

Mount the new image in the Finder.

10

Open a Terminal window and type the following command to rename the image: sudo diskutil rename /Volumes/<image> <new_name> where

<image>

is the name of the image you want to rename and

<new_name>

is the new name of the image.

Chapter 6

Solving Problems with System Imaging

61

62

11

Enter the root password when prompted.

The name of the image changes.

12

Unmount the image.

13

Remount the image to verify that the image has been renamed.

14

Unmount the image.

15

Remove the original image from the .nbi folder and store it somewhere else.

16

In Disk Utility, select the new image and click Convert.

17

Give the image the same name as the one it had inside the .nbi folder.

18

In the Where field, select the .nbi folder.

19

Choose compressed from the Format menu.

20

Click Save.

21

Test the new image to make sure that it mounts properly.

22

Discard the old image.

I Can’t Set an Image to Use Static Booting (NetBoot version 1.0)

Static network booting, as provided by NetBoot version 1.0, is not supported in

Mac OS X Server version 10.3.

Downloading the “NetBoot for Mac OS 9” Disk Image and

Updating the Startup Disk Control Panel

If you’re using Mac OS X Server v10.3 or have upgraded to Mac OS X Server v10.4 and want to provide NetBoot services to Mac OS 9 clients, you’ll need to replace the clients’

Startup Disk control panel with version 9.2.6 of the Startup Disk control panel, which allows the clients to see available NetBoot disk images.

1

Download the “NetBoot for Mac OS 9” disk image from article 120243, “NetBoot for

Mac OS 9: Information and Download,” on the AppleCare Search & Support website at: www.info.apple.com/kbnum/n120243

2

Mount the image and double-click NetBoot.pkg to begin the installation process.

3

Install the NetBoot package on your NetBoot server.

4

Once the installation is complete, navigate to the following folder:

/Library/NetBoot/NetBootSP0/MacOS92Default.nbi/

5

Double-click the “NetBoot HD.img” disk image file to mount it on the Desktop.

Chapter 6

Solving Problems with System Imaging

6

Navigate to the following folder, which contains version 9.2.6 of the Startup Disk control panel:

/Volumes/NetBoot HD/System Folder/Control Panels/

7

Use the Startup Disk control panel from the disk image to replace the Startup Disk control panel in the “System Folder: Control Panels” folder on client Mac OS 9 computers.

Note: If you make a clean installation of Mac OS X Server v10.4, you won’t be able to support NetBoot for Mac OS 9.

The Architecture Field in Server Admin Is Not Enabled

The Architecture field displays the image type. To create an architecture-specific image

see “Creating a Mac OS X Boot Image” on page 29

Server Admin Isn’t showing an Image for Intel-based Macs

Mac OS X Server 10.4.4 or later is required for supporting images for Intel-based

Macintosh computers. Mac OS X 10.4.4 or later and the latest System Image Utility are required to create and maintain architecture-specific images.

A Network Install Image Burned to DVD Doesn’t Work

To create a DVD from a System Image Utility restore image, you must be using a computer with the same architecture for which the image was created. For example, use an Intel-based Macintosh to create a restore DVD for use with Intel-based

Macintosh computers.

Chapter 6

Solving Problems with System Imaging

63

64 Chapter 6

Solving Problems with System Imaging

Part II: Software Update

Administration

II

Chapter 7

Chapter 8

Chapter 9

Chapter 10

The chapters in this part of this guide introduce you to the software update service and the applications and tools available for administering the software update service.

About Software Update Administration

Setting Up Software Update Service

Managing Software Update Service

Solving Problems with Software Update Service

7

About Software Update

Administration

7

This chapter describes how to set up and administer Software

Update service as a controlled environment for updating

Apple software on your network.

Software Update service offers you ways to manage Macintosh software updates from

Apple on your network. In an uncontrolled environment, users may connect to the

Apple Software Update servers at any time and update your client computers with software that is not approved by your IT group for use in your enterprise or school.

Using local Software Update servers your client computers access only the software updates you allow from software lists that you control, thus giving you more flexibility in managing computer software updates. For example you can:

 Download software updates from the Apple Software Update servers to a local server for sharing with local network clients and reduce the amount of bandwidth used outside of your enterprise network.

 Direct users, groups, and computers to specific local Software Update servers using managed preferences.

 Manage the software update packages users can access by enabling and disabling individual packages at the local server.

 Mirror updates automatically between Apple Software Update servers and your server to ensure you have the most current updates available.

Note: You can’t use Software Update service to provide third-party software updates.

Inside The Software Update Process

This section describes how Software Update servers are implemented on Mac OS X

Server, including information on the protocols, files, directory structures, and configuration details.

67

Overview

The process that starts Software Update service is

SoftwareUpdateServer

. When you start Software Update service, it contacts Apple’s Software Update server and requests a list of available software to download locally. You can choose to mirror (copy and store packages locally) and enable (make the packages available to users) any of the files presented in the list. You can also limit user bandwidth for updates and choose to automatically mirror and enable newer updates from the Apple server.

Note: The Software Update service stores its configuration information in the file /etc/ swupd/swupd.conf.

Catalogs

When Software Update service is started, your Software Updates server receives a list of currently available software updates from the Apple Software Update service.

Your server will automatically synchronize the contents of the software catalog with

Apple’s Software Update server when you restart your server or when you execute the following command:

/usr/local/bin/swupd_syncd

To manually update the current catalog, select the Update Now button in the General pane of the Software Update Server.

Install Packages

Software Update service supports only pkm.en file types recognized only by

Mac OS X v10.4 and later. As you mirror updates on your server, your server will download and store update packages at the following location:

/usr/share/swupd/html/

While this path is static and can’t be modified to store the packages in an alternate location, it is possible to modify the URL to access a different server.

Note: This version of Mac OS X Server supports only Apple-specific software packages for use with your update server. Modified Apple and third-party update software packages cannot be shared.

Once the packages are mirrored locally, you can choose to enable the packages for users to update their software. Mac clients running Software Update will see only the list of enabled packages in the list of available software for their computer.

68 Chapter 7

About Software Update Administration

Staying Up To Date with the Apple Server

In order to keep your service synchronized with the most current information, your

Software Update Server must always remain in contact with the Apple server. The

Software Update service regularly checks-in with Apple’s Software Update servers to update usage information and send lists of newly available software to your updates catalog on your server as they become available. Apple’s Software Update server uses a synchronization daemon, swupd_syncd that determines the time period between updates to your server to ensure the latest update packages are available to you.

Limiting User Bandwidth

The Software Update service in Mac OS X Server lets you limit the bandwidth that client computers may use when downloading software updates from your Software

Update server. Setting a limit on the bandwidth allows you to control traffic on your network and prevents Software Update clients from slowing down the network.

For example, if you limit the bandwidth to 56 Kbps, each software update client will download updates at 56 Kbps. If five clients connect simultaneously to the server, the total bandwidth used by the clients will be 280 Kbps (56 Kbps x 5).

Revoked Files

On a rare occasion that Apple provides a software update and should want to remove the package from circulation, Apple can revoke the update package and remove it from your stored packages. When building the list of files available to users, any revoked packages are not listed.

Software Update Package Format

You can’t make your own Software Update packages. For security considerations and to protect attackers from faking packages, the Software Update package installer won’t install a package unless its signed by Apple. In addition, Software Update service will work only with the new package format supported in Mac OS X Server v10.4 or later.

Log Files

The log file for the Software Update Server is located at:

/Library/Logs/SoftwareUpdateServer.log

What Information Gets Collected

Apple’s Software Update server collects the following information from client Software

Update servers:

 Language

 Type

 Browser

Chapter 7

About Software Update Administration

69

70

Before You Set Up the Software Update Server

Before you set up a Software Update server, review the following considerations and requirements.

What You Need to Know

To set up Software Update on your server, you should be familiar with your network configuration. Be sure you meet the following requirements:

 You’re the server administrator.

 You’re familiar with network setup.

You might also need to work with your networking staff to change network topologies, switches, routers, and other network settings.

Client Computer Requirements

Any Macintosh computers running Mac OS X v10.4 or later networked to a

Mac OS X v10.4 server can use Software Update service to update Apple software.

Network Hardware Requirements

The type of network connections you should use depends on the number of clients you expect to serve software updates over the network:

 100-Mbit Ethernet (for providing regular updates to fewer than 10 clients)

 100-Mbit switched Ethernet (for providing regular updates to 10–50 clients)

 Gigabit Ethernet (for providing regular updates to more than 50 clients)

These are estimates for the number of clients supported. See “Capacity Planning” for a

more detailed discussion of the optimal system and network configurations to support the number of clients you have.

Note: In Mac OS X Server, software update service automatically operates across all network interfaces for which TCP/IP is configured.

Capacity Planning

The number of client computers your server can support accessing Software Update service depends on how your server is configured, when and how often your clients check for updates, the size of the updates, and a number of other factors. When planning for your server and network needs, consider these main factors:

 Ethernet speed: 100Base-T or faster connections are required for both client computers and the server. As you add more clients, you may need to increase the speed of your server’s Ethernet connections. Ideally you want to take advantage of the Gigabit Ethernet capacity built-in to your Mac OS X server hardware to connect to a Gigabit switch. From the switch you should connect Gigabit Ethernet or

100-Mbit Ethernet to each of the Macintosh clients.

Chapter 7

About Software Update Administration

 Hard disk capacity and number of packages: Software Update packages can occupy considerable hard disk space on server volumes, depending on the size and configuration of the package and the number of packages being stored.

 Number of Ethernet ports on the switch: Distributing Macintosh clients over multiple

Ethernet ports on your switch offers a performance advantage. Each port must serve a distinct segment.

 Number of Software Update servers on the network: You may want to provide different software updates to various groups of users. By configuring Directory Services you can offer different update services by network or hardware type, each targeting a different Software Update server on the network.

Note: You can’t configure Software Update servers to talk to one another.

Setup Overview

Here is an overview of the basic steps for setting up Software Update service.

Step 1: Evaluate and update your network, servers, and client computers as necessary

The number of client computers you can support using Software Update service is determined by the number of servers you have, how they’re configured, hard disk

storage capacity, and other factors. See “Capacity Planning” on page 70.

Depending on the results of this evaluation, you may want to add servers or hard disks, add Ethernet ports to your server, or make other changes to your servers.

Update all client computers to Mac OS X v10.4 or later in order for them to use the local

Software Update service.

Step 2: Create your software update service plan

Decide which users you want to access your software update service. You may have groups of users to whom you want to provide unlimited access while offering others a more limited choice of software updates. Such a plan would require more than one software update server with client machines bound via directory services to managed user preferences.

Step 3: Configure the Software Update Server

Decide whether you want to mirror and enable software updates from Apple automatically or manage them manually. Set the maximum bandwidth you want a single computer to use when downloading update packages from your server.

Step 4: Start the Software Update Service

Your server will automatically synchronize with the Apple Software Update server by requesting a catalog of available updates. If you chose to automatically mirror updates, your server will begin to download all available software update packages.

Chapter 7

About Software Update Administration

71

Step 5: Manually mirror and enable selected packages (optional)

If you do not mirror and enable all Apple software updates automatically, manually select software update packages to mirror and enable.

Step 6: Set up client computers to use the correct Software Update Server

Set preferences in Workgroup Manager by user, group, or computer to access your

Software Update server. For more information on how to configure managed preferences for the Software Update server, see the user management guide.

Step 7: Test your Software Update server setup

Test your software update service by requesting software updates from the server using a client bound to preferences you set in Workgroup Manager. Ensure the desired packages are accessible to your users.

72 Chapter 7

About Software Update Administration

8

Setting Up Software Update

Service

8

This chapter provides step-by-step instructions to setup

Software Update service on your network for use with your

Mac OS X 10.4 clients.

You use the Software Update service in Server Admin to provide local software updates service to networked client computers.

Before You Begin

Consider the following topics before you set up a Software Update server.

Consider Which Software Update Packages to Offer

Before you set up software updates service, you need consider whether you want to provide all or only part of Apple’s software updates. Your client computers may run application software that may require a specific version of Apple software in order for it to operate correctly. You can configure your Software Update server with only the software update packages you approve. Restricting access to particular update packages might help prevent future maintenance and compatibility problems with your computers.

You can restrict client access to only specific update packages through Software

Update server by disabling automatic mirror and enable functions in the General

Settings pane. You manage specific updates in the Updates pane of the Software

Updates Server.

Organize Your Enterprise Client Computers

In your organization, you might identify individuals, groups, or groups of computers with common needs for only a few software update packages while others you may allow unrestricted access to all software updates. To provide varied access to software update packages, you’ll need to set-up multiple Software Update servers. Use managed preferences to configure these computers to access a specific Software Update server.

For more information on how to configure managed preferences for the Software

Update server, see the user management guide.

73

74

Setting Up a Software Update Server

This section describes:

 How to start Software Update service

 How to mirror and enable updates from Apple

 How to limit user bandwidth for software updates

 How to mirror and enable selected updates from Apple

You use Server Admin to accomplish these tasks.

Starting Software Update Service

You use the Software Update Server module from the Computers & Services pane in

Server Admin to start Software Update service.

To start Software Update service:

1

Open Software Update Server module in the Computers & Services pane in Server

Admin.

2

Click start service in the Server Admin toolbar.

Automatically Mirroring and Enabling Updates from Apple

You use the Software Update Server module from the Computers & Services pane in

Server Admin to mirror software updates automatically from Apple.

To automatically mirror software updates packages and enable them for download by clients:

1

Open Software Update Server module in the Computers & Services pane in Server

Admin.

2

Click “Automatically mirror updates from Apple”.

3

Click “Automatically enable mirrored updates”.

4

Click Save.

Limiting User Bandwidth for Software Update Service

You use the Software Update Server module from the Computers & Services pane in

Server Admin to limit user bandwidth.

To limit user bandwidth for Software Update service:

1

Open Software Update Server module in the Computers & Services pane in Server

Admin.

2

Click “Limit user bandwidth for updates to.”

3

Enter the maximum rate of package download per user.

4

Select KB/second or MB/second from the pop-up menu.

5

Click Save.

Chapter 8

Setting Up Software Update Service

Mirroring and Enabling Selected Updates from Apple

You use the Software Update Server module from the Computers & Services pane in

Server Admin to mirror software updates automatically from Apple.

To mirror selected software updates packages and enable them for download by clients:

1

Open Software Update Server module in the Computers & Services pane in Server

Admin.

2

Make sure “Automatically mirror updates from Apple” is deselected.

3

Make sure “Automatically enable mirrored updates” is deselected.

4

Click Save.

5

Click the Updates button.

6

Select the individual software update packages you want to mirror by selecting the checkbox in the mirror column of the package.

7

Select the individual software update packages you want to enable by selecting the checkbox in the enable column of the package.

Pointing Non-Managed Clients to a Software Update Server

Use the following command to point non-managed client computers to a particular

Software Update server: defaults write com.apple.SoftwareUpdate CatalogURL

URL

Where URL is the URL of the Software Update server. For example: http://su.domain_name.com:8088/

To remove a specific software update:

1

On the local Software Update server, open a Terminal window and type the following command to list the folders that correspond to each software update: grep swupd /etc/swupd/com.apple.server.swupdate.plist > ~/Desktop/ update_list.txt

This creates a file on your Desktop named update_list.txt. The file contains a list of all of the software updates stored on the server.

2

Open the update_list.txt file. You’ll see that it contains information similar to the following:

<string>/usr/share/swupd/html/061-2036/.../SecUpd2005-007Ri.tar</string>

<string>/usr/share/swupd/html/061-2048/.../SafariUpdate-2.0.1.tar</string>

Each update resides in a folder. In this example output, the folder /061-2048/ stores the

Safari 2.0.1 update.

Chapter 8

Setting Up Software Update Service

75

3

In Terminal, type the following command to delete a software update from the server: sudo rm -rf /usr/share/swupd/html/ updatefolder/

Note: Substitute updatefolder with the name of the folder that stores the software update you want to delete.

For example, to remove the Safari 2.0.1 update, you would type the following command: sudo rm -rf /usr/share/swupd/html/061-2048/

Enter the administrator password when prompted.

76 Chapter 8

Setting Up Software Update Service

9

Managing Software Update

Service

9

This chapter describes how to perform day-to-day management tasks for software update server once you have it configured and running.

The following sections show how to stop Software Update service, and monitor client activity.

Manually Refreshing the Updates Catalog from the Apple

Server

You use the Software Update Server module from the Computers & Services pane in

Server Admin to manually update the updates catalog

To manually refresh the updates catalog from the Apple server:

1

Click Software Update Server in the Computers & Services pane in Server Admin.

2

Select the Setup button.

3

Select the Updates button in the setup pane.

4

Click the Refresh updates list now button.

Checking the Status of Software Update Service

You use the Software Update Server module from the Computers & Services pane in

Server Admin to check the status of Software Update service.

To check Software Update service status:

1

Open Server Admin and select Software Update Server in the Computers & Services list.

2

To see a summary of service status, click Overview. To view the log file, click Logs.

77

Turning Off Software Update Service

You use the Software Update Server module from the Computers & Services pane in

Server Admin to stop Software Update service.

To disable Software Update service:

1

Open Server Admin and select Software Update Server in the Computers & Services list.

2

Click Stop Service in the Server Admin toolbar.

78 Chapter 9

Managing Software Update Service

10

Solving Problems with Software

Update Service

10

This chapter provides solutions for common problems you may encounter while working with software update server.

This section contains solutions to common problems.

General Tips

 Make sure required services are installed.

 Make sure the Software Update packages you have enabled are meant for the client accessing them.

 Check the network load if you detect poor response from the Software Update

server. See “Capacity Planning” on page 70 for more information.

 Delete old updates to make space for new ones.

A Client Computer Can’t Access the Software Update Server

 Make sure that the client can access the network.

 Make sure that the client’s Software Update managed preference points to the

Software Update server.

 Make sure that the Software Update server is running.

Software Update Server Won’t Sync with the Apple Server

Make sure that the Apple server is accessible.

Software Update Server Has Update Packages Listed but They

Aren’t Visible to Clients

Make sure that the package are enabled.

79

80 Chapter 10

Solving Problems with Software Update Service

Glossary

AFP Apple Filing Protocol. A client/server protocol used by Apple file service on

Macintosh-compatible computers to share files and network services. AFP uses TCP/IP and other protocols to communicate between computers on a network.

address A number or other identifier that uniquely identifies a computer on a network, a block of data stored on a disk, or a location in a computer memory. See also IP

address, MAC address.

administrator A user with server or directory domain administration privileges.

Administrators are always members of the predefined “admin” group.

Apple Filing Protocol See AFP.

automount To make a share point appear automatically on a client computer. See also

mount.

bit A single piece of information, with a value of either 0 or 1.

CIFS Common Internet File System. See SMB/CIFS.

client A computer (or a user of the computer) that requests data or services from another computer, or server.

command line The text you type at a shell prompt when using a command-line interface.

command-line interface A way of interfacing with the computer (for example, to run programs or modify file system permissions) by entering text commands at a shell prompt.

Common Internet File System See SMB/CIFS.

daemon A program that runs in the background and provides important system services, such as processing incoming email or handling requests from the network.

81

82

DHCP Dynamic Host Configuration Protocol. A protocol used to dynamically distribute

IP addresses to client computers. Each time a client computer starts up, the protocol looks for a DHCP server and then requests an IP address from the DHCP server it finds.

The DHCP server checks for an available IP address and sends it to the client computer along with a lease period—the length of time the client computer may use the address.

directory Also known as a folder. A hierarchically organized list of files and/or other directories.

directory domain A specialized database that stores authoritative information about users and network resources; the information is needed by system software and applications. The database is optimized to handle many requests for information and to find and retrieve information quickly. Also called a directory node or simply a directory.

DNS Domain Name System. A distributed database that maps IP addresses to domain names. A DNS server, also known as a name server, keeps a list of names and the IP addresses associated with each name.

DNS domain A unique name of a computer used in the Domain Name System to translate IP addresses and names. Also called a domain name.

DNS name A unique name of a computer used in the Domain Name System to translate IP addresses and names. Also called a domain name.

domain Part of the domain name of a computer on the Internet. It does not include the Top Level Domain designator (for example, .com, .net, .us, .uk). Domain name

“www.example.com” consists of the subdomain or host name “www,” the domain

“example,” and the top level domain “com.”

domain name See DNS name.

Domain Name System See DNS.

drop box A shared folder with privileges that allow other users to write to, but not read, the folder’s contents. Only the owner has full access. Drop boxes should be created only using AFP. When a folder is shared using AFP, the ownership of an item written to the folder is automatically transferred to the owner of the folder, thus giving the owner of a drop box full access to and control over items put into it.

file server A computer that serves files to clients. A file server may be a generalpurpose computer that’s capable of hosting additional applications or a computer capable only of serving files.

File Transfer Protocol See FTP.

Glossary

FTP File Transfer Protocol. A protocol that allows computers to transfer files over a network. FTP clients using any operating system that supports FTP can connect to a file server and download files, depending on their access privileges. Most Internet browsers and a number of freeware applications can be used to access an FTP server.

logical disk A storage device that appears to a user as a single disk for storing files, even though it might actually consist of more than one physical disk drive. An Xsan volume, for example, is a logical disk that behaves like a single disk even though it consists of multiple storage pools that are, in turn, made up of multiple LUNs, each of which contains multiple physical disks.

group A collection of users who have similar needs. Groups simplify the administration of shared resources.

home directory A folder for a user’s personal use. Mac OS X also uses the home directory, for example, to store system preferences and managed user settings for

Mac OS X users.

host Another name for a server.

host name A unique name for a server, historically referred to as the UNIX hostname.

The Mac OS X Server host name is used primarily for client access to NFS home directories. A server determines its host name by using the first name available from the following sources: the name specified in the /etc/hostconfig file

(HOSTNAME=some-host-name); the name provided by the DHCP or BootP server for the primary IP address; the first name returned by a reverse DNS (address-to-name) query for the primary IP address; the local hostname; the name “localhost.”

Internet Generally speaking, a set of interconnected computer networks communicating through a common protocol (TCP/IP). The Internet (note the capitalization) is the most extensive publicly accessible system of interconnected computer networks in the world.

Internet Protocol See IP.

IP Internet Protocol. Also known as IPv4. A method used with Transmission Control

Protocol (TCP) to send data between computers over a local network or the Internet. IP delivers packets of data, while TCP keeps track of data packets.

IP address A unique numeric address that identifies a computer on the Internet.

IP subnet A portion of an IP network, which may be a physically independent network segment, that shares a network address with other portions of the network and is identified by a subnet number.

MAC Media access control. See MAC address.

Glossary

83

84

MAC address Media access control address. A hardware address that uniquely identifies each node on a network. For AirPort devices, the MAC address is called the

AirPort ID.

Mac OS X The latest version of the Apple operating system. Mac OS X combines the reliability of UNIX with the ease of use of Macintosh.

Mac OS X Server An industrial-strength server platform that supports Mac, Windows,

UNIX, and Linux clients out of the box and provides a suite of scalable workgroup and network services plus advanced remote management tools.

mount (verb) In general, to make a remote directory or volume available for access on a local system. In Xsan, to cause an Xsan volume to appear on a client’s desktop, just like a local disk.

Network File System See NFS.

network interface Your computer’s hardware connection to a network. This includes

(but isn’t limited to) Ethernet connections, AirPort cards, and FireWire connections.

NFS Network File System. A client/server protocol that uses Internet Protocol (IP) to allow remote users to access files as though they were local. NFS exports shared volumes to computers according to IP address, rather than user name and password.

Open Directory The Apple directory services architecture, which can access authoritative information about users and network resources from directory domains that use LDAP, NetInfo, or Active Directory protocols; BSD configuration files; and network services.

open source A term for the cooperative development of software by the Internet community. The basic principle is to involve as many people as possible in writing and debugging code by publishing the source code and encouraging the formation of a large community of developers who will submit modifications and enhancements.

owner The owner of an item can change access permissions to the item. The owner may also change the group entry to any group in which the owner is a member. By default the owner has Read & Write permissions.

password An alphanumeric string used to authenticate the identity of a user or to authorize access to files or services.

pathname The location of an item within a file system, represented as a series of names separated by slashes (/).

permissions Settings that define the kind of access users have to shared items in a file system. You can assign four types of permissions to a share point, folder, or file: read/ write, read-only, write-only, and none (no access). See also privileges.

Glossary

port A sort of virtual mail slot. A server uses port numbers to determine which application should receive data packets. Firewalls use port numbers to determine whether data packets are allowed to traverse a local network. “Port” usually refers to either a TCP or UDP port.

process A program that has started executing and has a portion of memory allocated to it.

protocol A set of rules that determines how data is sent back and forth between two applications.

QTSS QuickTime Streaming Server. A technology that lets you deliver media over the

Internet in real time.

QuickTime A set of Macintosh system extensions or a Windows dynamic-link library that supports the composition and playing of movies.

QuickTime Streaming Server See QTSS.

server A computer that provides services (such as file service, mail service, or web service) to other computers or network devices.

Server Message Block/Common Internet File System See SMB/CIFS.

share point A folder, hard disk (or hard disk partition), or CD that’s accessible over the network. A share point is the point of access at the top level of a group of shared items.

Share points can be shared using AFP, Windows SMB, NFS (an “export”), or FTP protocols.

short name An abbreviated name for a user. The short name is used by Mac OS X for home directories, authentication, and email addresses.

SMB/CIFS Server Message Block/Common Internet File System. A protocol that allows client computers to access files and network services. It can be used over TCP/IP, the

Internet, and other network protocols. Windows services use SMB/CIFS to provide access to servers, printers, and other network resources.

TCP Transmission Control Protocol. A method used along with the Internet Protocol

(IP) to send data in the form of message units between computers over the Internet.

IP takes care of handling the actual delivery of the data, and TCP takes care of keeping track of the individual units of data (called packets) into which a message is divided for efficient routing through the Internet.

Transmission Control Protocol See TCP.

UID User ID. A number that uniquely identifies a user within a file system. Mac OS X computers use the UID to keep track of a user’s directory and file ownership.

Glossary

85

URL Uniform Resource Locator. The address of a computer, file, or resource that can be accessed on a local network or the Internet. The URL is made up of the name of the protocol needed to access the resource, a domain name that identifies a specific computer on the Internet, and a hierarchical description of a file location on the computer.

user ID See UID.

user name The long name for a user, sometimes referred to as the user’s “real” name.

See also short name.

volume A mountable allocation of storage that behaves, from the client’s perspective, like a local hard disk, hard disk partition, or network volume. In Xsan, a volume consists of one or more storage pools. See also logical disk.

86

Glossary

Index

A

Architecture-specific images 43, 48

automating Network Install 40

B

booter file 18

BootFile property 19 specifying for NetBoot image 19

BootFile

NetBoot image property 19

BootP Server 20

Boot Server Discovery Protocol

See BSDP

BSDP (Boot Server Discovery Protocol) 19 role in NetBoot 19

bsdpd_clients file

determining client NetBoot server 57

role and location 17

C

capacity planning

NetBoot 24

Software Update Server 70

client computers

start up using N key 52

client computers, Mac OS X

selecting NetBoot install image 52

selecting NetBoot startup image 51

D

Description

NetBoot image property 19

directory access

configuring in boot images 31, 37

disk images, NetBoot 16

creating 26, 27, 29

creating from existing clients 33

on an NFS server 20

unlocking 45, 46, 49, 50

updating Mac OS X 32, 33

disk images, Network Install

unlocking 45, 46, 49, 50

updating 41

diskless booting

and default boot image 48

required services 24

diskless client

setup 51

E

empty install images

See custom package install images

Ethernet

disabling NetBoot on ports 53

requirements for NetBoot 24

requirements for Software Update Server 70

I

image folder, NetBoot 18

Index

NetBoot image property 19

install image, selecting 52

Intel-based image 18, 19, 31, 63

IsDefault

NetBoot image property 19

IsEnabled

NetBoot image property 19

IsInstall

NetBoot image property 19

L

Language

NetBoot image property 19

load balancing

NetBoot and 55

M

mirror updates

automatically 74

87

88

N

Name

NetBoot image property 19

NBImageInfo.plist

NetBoot property file 18, 19

NetBoot 19

administrator requirements 22

administrator tools for 16

AirPort and 24

Boot Server Discovery Protocol (BSDP) 19

capacity planning 24

client computers 51, 52

configuring 43

creating images from existing clients 33

creating Mac OS X disk images 29

default image 48

disabling images 54

disabling on Ethernet ports 53

disk images 16

diskless clients 51

enabling 44, 45

feature overview 15

filtering clients 49

image folder 18

load balancing 55

monitoring Mac OS X clients 54

property lists 19

security 21

server requirements 23

set up client computer to use 28

setup overview 25, 27

shadow files 17

supported clients 22

Trivial File Transfer Protocol (TFTP) 20

updating Mac OS X images 32, 33

NETBOOT_SHADOW variable

table of values 35

NetBootClientsn share points

allocating shadow files 18

NetBootSPn share points

adding or removing 45 don’t rename volume 45

location 16 overview 16

Network Install

about packages 38

automating installation 40

creating an image 35, 41

creating custom packages 38

feature overview 15

P

PackageMaker

help for 38 where to find 38

packages

about 38

adding to an image 39

creating 38

viewing contents of 40

R

RootPath

NetBoot image property 19

S

security

NetBoot 21

Server Status

monitoring Mac OS X NetBoot clients 54

shadow files

about 17

allocation options 35

distributing 57

overview 17

share points for 16

share points

for images 16 for shadow files 16

software update packages

mirror and enable 74

software updates catalog

refresh manually 77

Software Update Server

administrator requirements 70 capacity planning 70

check status 77

limiting bandwidth 74

mirror and enable selected updates 75

server requirements 70

setup overview 71

starting 74

turn off 78

starting up using N key 52

startup image, selecting 51

SupportsDiskless

NetBoot image property 19

synchronizing

image with source 33

System Image Utility 18

creating disk image 35

creating Mac OS X disk image 29

where to find 35

Index

T

TFTP (Trivial File Transfer Protocol)

role in NetBoot 20

Trivial File Transfer Protocol

See TFTP

Type

NetBoot image property 19

U

unlocking disk images 45, 46, 49, 50

updating NetBoot images 32, 33

Index

89

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement