PSUMAC203: Deployment Getting Tired of Us Yet?

PSUMAC203: Deployment Getting Tired of us yet?

• Justin Elliott, Penn State University • IT Manager, Classroom and Lab Computing • Rusty Myers, Penn State University • IT Support Specialist, College of Education Overview

• What is Deployment • Deployment Methods • Deployment Tools • Demo Time Quick Audience Survey

• New to Deployment for Macs? • How many Macs do you need to image? • Have more than 1 network segment? • Have Mac OS X Server(s)? • Have Windows (SMB) Servers? Deployment

System Image System Image Deploying System Images! Considerations

• Frequency of Imaging • Amount of Data to Restore • Number of Macs to Image • Number of Staff • Budgetary Restrictions Booting Methods Local Disk Booting

• Local Volumes • DVDs - Cheap, Slow • FireWire, USB Hard Drives • Fast • Relatively Inexpensive Network Booting

• Network (NetBoot) • Requires fast switched networks, DHCP, Local NetBoot Server or router HelperIPs • Very convenient when it all works correctly • Sometimes difﬁcult network requirements Image Sources Local Image Sources

• Second Partition • Firewire, USB Drives • Great for larger images • Hassle to manage portable disks Network Image Sources

• Network Shares • AFP, SMB, HTTP • ASR Multicast Server Prep for HTTP

• Segment images served by Apache (before version 2.0) Web Server $ hdiutil segment -segmentSize 1.9g -o Image.dmg • Keep all of the .dmgpart ﬁles in the same directory Prep for ASR Multicast

• Images must be “Scanned For Restore” • Re-orders and optimizes image for multicast • Images should not be compressed Deployment Tools Apple Software Restore

• ASR is at the heart of all OS X system restore utilities • Disk Utility, System Image Utility • Blast Image Conﬁg, DeployStudio • Can be scripted at the command line too • Located at /usr/sbin/asr Multicast ASR Server

• ASR can run as a multicast server for one image • Start asr with server mode, config, image path % asr server --source master.dmg --config configuration.plist • Can literally kill your networks. Use with caution ... • Remember to use uncompressed Images Multicast ASR Server

• ASR Multicast Tuning data rates • http://www.bombich.com/mactips/multicast.html • Proton Pack Server Disk Utility Disk Utility

• Easy to Use • Very manual process • Use this for test restoring your images, if 3rd party tool fails, could be a bad image or OS X bug Disk Utility

• Boot Machine via alternate source • Choose system image as source • Choose your Destination Drive • Restore System Image Utility NetBoot

• An Apple technology for booting Macs over the network • Also is a custom, full OS X Environment • No changes to ﬁle system kept at shutdown • Useful for restoring lab, maintenance tool images NetBoot Image Structure

My NetBoot Image.nbi NetBoot.dmg

Macintosh HD

Applications

Users NetBoot Image Creation

• Create Image with System Image Utility (SIU) • Copy to OS X NetBoot Server • Enable image, Diskless if needed • Filter on Mac Models, MAC Addr, System Architecture • DHCP, BSDP on local subnet, or IPHelpers NetBoot Across Subnets

• Local subnet must provide DHCP • Local subnet must also provide BSDP answer or you can script the netboot server • % sudo bless --netboot --server bsdp:// some.server.name.tld • Mike Bombich’s Netboot Across Subnets Docs • http://www.bombich.com/mactips/nbas.html NetBoot Troubleshooting

• % mount, /private/var/netboot afpfs or hfs? • If AFP fails, uses internal Mac HD, can’t image it with imaging tools since shadow files stored on Mac HD • sudo ipconfig netbootpacket • http://www.bombich.com/mactips/netboot.html • Check SACL of AFP for Allow All Users and Groups Allows NetBoot clients to access Shadow file NetInstall

• OS X Installer via Network • Requires NetBoot • Created with System Image Utility (SIU) • Great for Upgrading Macs with Existing System • Basic Troubleshooting NetRestore

• New Feature, Workﬂows in 10.6 Server • Restore Disk Image to Machine • Minimized NetBoot System • Restore Master Disk Image, or • Restore from one or selection of Network Images • Requires NetBoot NetRestore

• Modular Building • Create Users • Install Packages • Post Install Scripts • Deﬁne Multiple Sources NetRestore Process

• Select the disk to restore to, and the HTTP image will be restored. Deﬁne NetRestore Source

• New workflow “Define NetRestore Source” • Specify List of Image Sources NetRestore Workflow

• Launch SIU • Create New Workflow • NOT Required to Have Source Volume, Ignore Warnings • Delete the default ‘Define Image Source’ action by clicking the X NetRestore Workflow

• Add ‘Deﬁne NetRestore Source’ • Enter Image Sources • Sources Accessed During NetBoot NetRestore Workﬂow

• Critical: Change ‘Type’ to ‘NetRestore’ • Save and Run Workﬂow • Copy the Resulting .nbi To NetBoot Server Client NetRestore Boot

• NetBooted Mac • Shows 2 Different Image Sources • Same As Specified In SIU Workflow PSU Blast Image Config Overview

• Developed by Justin Elliott, Penn State University • Quickly restores ASR disk images and configures Macs back to a known state • Configures firmware security (Intel and PowerPC) • Run pre- and post- restore scripts • Supports Mac OS X 10.2.2 and higher • Free Folder Structure

• Easy to Use • Simple Install • Settings and ﬁles contained in one folder RestoreImages

• Copy master disk image(s) here, or... • Restore images can also be network based (AFP, HTTP, SMB, mASR) • Can script auto- mounting of AFP/SMB Network Shares too ConﬁgFiles

• Settings for defaults • Single or multiple configurations supported • Select configuration to run with at launch time ConfigPrefs

• Easy to edit text files • Sample configurations included ConfigPrefs

• Add conf prefs to master list ﬁle • Master ﬁle read at launch time Resources

• FWPW tool (OFPW) • ncutil Firmware Security

• Prevent booting from other volumes

• ‘Command’ mode recommended for public use Macs Select Conﬁguration

• Select conﬁguration at launch

• Reads conﬁg, runs with defaults Pre-Restore-Scripts

• Run manually or automatically • Turn off sleep modes, mount servers, etc. • Runs with admin privs Static IP Settings

• For Built-In Ethernet • Specify network settings for DHCP, Static IP, or ignore Restore Image Dialog

• Select restore image • Select restore disk Finishing Conﬁgs

• Apply network settings • Blesses boot volume and startup disk setting Post Restore Script

• Receives path of restored volume and IP • Install additional packages, send logs, unmount servers, etc. Demo Future Development

• Totally new UI for 3.0 • GUI app for editing conﬁg ﬁles • If you use BIC, consider joining the PSU BIC public discussion list: http://tinyurl.com/psubic Deploy Studio Overview

• Partitions Drives, Image • Restore System Images: • OS X • *nix • Windows • Automator Style Workﬂows • Free Tasks

• Combined into Workﬂows • Install Packages and Run Scripts • Advanced Computer Reconﬁguration • Bind to OD & AD • Periodic NetBoot setup • Firmware Password Features

• Server Tells the Client What Workflows Are Available • Easy to Configure Workflows • Shines with NetBoot • Diskless NetBooting and Restoring System Images • Local firewire disk restores also supported DS Repository

• Folder With Master Disk Images, Packages, Scripts, Logs, and Databases (Computers and Workflows) • Can Reside On: • Same filesystem (Local Drive Deployment) • Network file share (Network Based Deployment) DS Assistant

• First Tool That You’ll Use To Start DeployStudio • Installs, Restarts, Conﬁgures DeployStudio Server • Create DeployStudio Bootable External Drive, or DeployStudio Netboot Sets • Easy to Use, Intuitive DS Admin

• Used to Connect to and Configure the Server • Configure Workflows, Computer Lists, Scripts • Monitor Clients Connected to the Server and Their Running Workflows • VNC Control of Machines DS Runtime

• Connect to the Server to Obtain Deployment Workﬂow. • Client Executes the Workﬂow • Can Be Run Without Local DS Server Running • Can run on booted OS X system • Requires Admin Access • Can’t restore to booted system DS NetBoot Set

• There are basically two options for running DeployStudio: • Local Boot and Restore (ﬁrewire disk). • From the network: • This option utilizes creating a NetBoot image which has the DeployStudio Runtime client and settings installed to connect to the DeployStudio Server. DS NetBoot Set

• Requires Mac OS X Server for NetBoot • The Process: Create the NetBoot Image • Copy It to the NetBoot Server • NetBoot the Client With the DS NetBoot Image • Select A Workﬂow, Let DS Do the Rest DS NetBoot Set: Create

• Create a NetBoot set launch the Assistant and select ‘Create a DeployStudio NetBoot Set.” DS NetBoot Set

Copy the resulting .nbi to your Mac OS X Server, place in the /Library/NetBoot/NetBootSP0 directory. Use Apple Server Admin to enable the NetBoot image. NetBoot the client with the new DS NetBoot image to run the DS Runtime client and workﬂow. DS Admin Workﬂows

• Workﬂows • Multiple Actions • Deploy • System Images • Packages • Scripts DS Admin Workﬂows

• Automate by MAC address • Combine Tasks in Workflows • Drag and drop actions to build workflows • Nest Workflows DS Admin Workflows

• Selected workflow installs • Master disk image • installs package named ‘createUser.pkg’ • Some workflows have more settings that can be configured. Runtime Workflow (Client)

• NetBooted client in Runtime • Selectable Workflows • Group access control to workflows Runtime Workflow (Client)

• Workflows enable automation •91% • Provide flexibility of choices • Can Skip tasks or go back Runtime Workflow (Client)

• Finished Workﬂow • Can Be • Restarted • Shutdown • Continue to return to workﬂows First Boot

• Verbose Boot Insert Image • No Prompt of First boot • Shows Logs • Installs Packages • Runs Binding Scripts • Removes itself and Reboots Post Deployment Bind to AD/OD

• First Boot Script • LaunchD & Script • Manually • Apple Remote Desktop Firmware Security

• Apple’s Firmware Password Utility on OS X Install DVDs • Disables “Snag” Keys at bootup • Disable booting from other volumes, single user mode, safe boot • FWPW Tool (Formerly OFPW) • Set it from the command line via ‘nvram’ Demo Time Blast Image Conﬁg DeployStudio Resources

• PSU Only: Lynda.com training videos on SL Server http://its.psu.edu/training/lynda/ • Apple’s Lists for system imaging http://lists.apple.com/mailman/listinfo/system-imaging • PSU MacAdmins http://macadmins.psu.edu/ Resources

• Apple’s OS X Server docs are excellent and free! http://tinyurl.com/xservedocs • Comfortable in the terminal? Read man pages for: • % man asr • % man hdiutil • % man diskutil Resources

• The Apple Training Series books are excellent resources written by Apple industry experts. • Mac OS X Deployment v10.6: A Guide to Deploying and Maintaining Mac OS X and Mac OS X Software • Many other books in the series are available. Q & A

Justin Elliott [email protected] Rusty Myers [email protected]