Mac OS X Server System Imaging and Software Update Administration For Version 10.5 Leopard K Apple Inc. © 2007 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple Inc., is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino CA 95014-2084 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the "keyboard" Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleShare, AppleTalk, Mac, Macintosh, QuickTime, Xgrid, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Finder is a trademark of Apple Inc. .Adobe and PostScript are trademarks of Adobe Systems Incorporated. Intel, Intel Core, Xeon are trademarks of Intel Corp. in the U.S. and other countries. PowerPCTM and the PowerPC logoTM are trademarks of International Business Machines Corporation, used under license therefrom. UNIX is a registered trademark of The Open Group. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. 019-0944/2007-09-01 1 Contents Preface 9 9 9 10 10 11 12 12 13 13 About This Guide What's New in System Imaging and Software Update What's in This Guide Using This Guide Using Onscreen Help Mac OS X Server Administration Guides Viewing PDF Guides on Screen Printing PDF Guides Getting Documentation Updates Getting Additional Information Part I Chapter 1 17 18 18 18 19 19 19 20 21 21 22 22 22 22 23 23 24 24 24 System Imaging Administration Understanding System Imaging Inside NetBoot Service Disk Images NetBoot Share Points Using NetBoot and NetInstall Images on Other Servers Client Information File Shadow Files NetBoot Image Folder Property List File Boot Server Discovery Protocol (BSDP) BootP Server Boot Files Trivial File Transfer Protocol Using Images Stored on Other Servers Security NetInstall Images Tools for Managing NetBoot Service Server Admin Workgroup Manager 3 25 25 Chapter 2 27 27 27 27 29 30 31 32 32 33 34 34 34 35 36 36 37 37 38 38 38 39 39 40 41 41 41 43 43 45 45 45 46 46 46 47 48 48 48 System Image Utility Command-Line Tools Creating NetBoot and NetInstall Images Using System Image Utility Creating Images Creating NetBoot Images Creating NetInstall Images Creating an Image from a Configured Computer Understanding Workflows Workflow Components Configuring the Customize Package Selection Action Configuring the Define Image Source Action Configuring the Add Packages and Post-Install Scripts Action Configuring the Add User Account Action Configuring the Apply System Configuration Settings Action Configuring the Create Image Action Configuring the Enable Automated Installation Action Configuring the Filter Clients by MAC Address Action Configuring the Filter Computer Models Action Configuring the Partition Disk Action Assembling Workflows Adding Existing Workflows Adding Existing Workflows Removing Workflows Assembling an Image Workflow Adding Software to NetBoot and NetInstall Images About Packages Creating Packages Viewing the Contents of a Package Setting Up NetBoot Service Setup Overview Before Setting Up NetBoot Service What You Must Know Client Computer Requirements Network Hardware Requirements Network Service Requirements Capacity Planning Serial Number Considerations Turning NetBoot Service On Setting Up NetBoot Service Configuring General Settings Chapter 3 4 Contents 49 49 50 50 51 51 52 52 53 53 54 55 55 Chapter 4 57 57 57 58 58 59 61 61 61 62 62 63 63 64 64 64 64 65 66 67 69 69 69 70 70 70 Configuring Images Settings Configuring Filters Settings Configuring Logging Settings Starting NetBoot and Related Services Managing Images Enabling Images Choosing Where Images Are Stored Choosing Where Shadow Files Are Stored Using Images Stored on Remote Servers Specifying the Default Image Setting an Image for Diskless Booting Restricting NetBoot Clients by Filtering Addresses Setting Up NetBoot Service Across Subnets Setting Up Clients to Use NetBoot and NetInstall Images Setting Up Diskless Clients Selecting a NetBoot Boot Image Selecting a NetInstall Image Starting Up Using the N Key Changing How NetBoot Clients Allocate Shadow Files Managing NetBoot Service Controlling and Monitoring NetBoot Turning Off NetBoot Service Disabling a Boot or Installation Image Viewing a List of NetBoot Clients Viewing a List of NetBoot Connections Checking the Status of NetBoot and Related Services Viewing the NetBoot Service Log Performance and Load Balancing Load Balancing NetBoot Images Distributing NetBoot Images Across Servers Distributing NetBoot Images Across Server Disk Drives Balancing NetBoot Image Access Distributing Shadow Files Solving System Imaging Problems General Tips If NetBoot Client Computers Won't Start If You Want to Change the Image Name Changing the Name of an Uncompressed Image Changing the Name of a Compressed Image Chapter 5 Chapter 6 Contents 5 Part II Chapter 7 75 75 76 76 76 77 77 77 77 77 78 78 78 79 79 81 81 82 82 83 83 83 84 84 84 85 85 86 86 87 87 88 89 89 90 90 90 91 91 Software Update Administration Understanding Software Update Administration Inside the Software Update Process Overview Catalogs Installation Packages Staying Up-To-Date with the Apple Server Limiting User Bandwidth Revoked Files Software Update Package Format Log Files Information That Is Collected Tools for Managing Software Update Service Server Admin Workgroup Manager Command-Line Tools Setting Up the Software Update Service Setup Overview Before Setting Up Software Update What You Must Know Client Computer Requirements Network Hardware Requirements Capacity Planning Before Setting Up Software Update Consider Which Software Update Packages to Offer Software Update Storage Organize Your Enterprise Client Computers Turning Software Update Service On Setting Up Software Update Configuring General Settings Configuring Updates Settings Starting Software Update Pointing Unmanaged Clients to a Software Update Server Managing the Software Update Service Manually Refreshing the Updates Catalog from the Apple Server Checking the Status of the Software Update Service Stopping the Software Update Service Limiting User Bandwidth for the Software Update Service Automatically Copying and Enabling Updates from Apple Copying and Enabling Selected Updates from Apple Chapter 8 Chapter 9 6 Contents 92 92 93 Chapter 10 95 95 95 95 95 Removing Obsolete Software Updates Removing Updates from a Software Update Server Identifying Individual Software Update Files Solving Software Update Service Problems General Tips If a Client Computer Can't Access the Software Update server If the Software Update Server Won't Sync with the Apple Server If Update Packages That the Software Update Server Lists Aren't Visible to Client Computers Index 103 Contents 7 8 Contents This guide describes how to configure and use NetBoot and NetInstall images within Mac OS X Server. It also describes the Software Update service you can set up using Mac OS X Server. Mac OS X Server v10.5 Leopard includes NetBoot service supporting NetBoot and NetInstall images and the improved System Image Utility--a stand-alone utility used to create Install and Boot images used with NetBoot service. Mac OS X Server v10.5 Leopard is Apple's Software Update Server. It is designed as a source for Apple Software Updates managed on your network. With Software Update service, you can directly manage which Apple Software Updates users on your network can access and apply to their computers. What's New in System Imaging and Software Update NetBoot service, System Imaging Utility, and Software Update service in Mac OS X Server v10.5 Leopard include the following valuable new features:  System Image Utility has major user interface enhancements.  System Image Utility allows auto-partitioning.  System Image Utility can add files and preinstall scripts to a NetInstall image.  System Image Utility provides address filtering for images. Served images can be made visible to certain clients on a per image basis. What's in This Guide This guide is organized as follows:  Part I--System Imaging Administration. The chapters in this part of the guide introduce you to system imaging and the applications and tools available for administering system imaging services. Preface 9 About This Guide  Part II--Software Update Administration. The chapters in this part of the guide introduce you to the Software Update service and the applications and tools available for administering it. Note: Because Apple periodically releases new versions and updates to its software, images shown in this book may be different from what you see on your screen. Using This Guide The following list contains suggestions for using this guide:  Read the guide in its entirety. Subsequent sections might build on information and recommendations discussed in prior sections.  The instructions in this guide should always be tested in a nonoperational environment before deployment. This non-production environment should simulate, as much as possible, the environment where this NetBoot/NetInstall environment will be deployed. Using Onscreen Help You can get task instructions onscreen in Help Viewer while you're managing Leopard Server. You can view help on a server or an administrator computer. (An administrator computer is a Mac OS X computer with Leopard Server administration software installed on it.) To get help for an advanced configuration of Leopard Server: m Open Server Admin or Workgroup Manager and then:  Use the Help menu to search for a task you want to perform.  Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse and search the help topics. The onscreen help contains instructions taken from Server Administration and other advanced administration guides described in "Mac OS X Server Administration Guides," next. To see the most recent server help topics: m Make sure the server or administrator computer is connected to the Internet while you're getting help. Help Viewer automatically retrieves and caches the most recent server help topics from the Internet. When not connected to the Internet, Help Viewer displays cached help topics. 10 Preface About This Guide Mac OS X Server Administration Guides Getting Started covers installation and setup for standard and workgroup configurations of Product Name. For advanced configurations, Server Administration covers planning, installation, setup, and general server administration. A suite of additional guides, listed below, covers advanced planning, setup, and management of individual services. You can get these guides in PDF format from the Mac OS X Server documentation website: www.apple.com/server/documentation This guide ... Getting Started and Installation & Setup Worksheet Command-Line Administration File Services Administration iCal Service Administration iChat Service Administration Mac OS X Security Configuration Mac OS X Server Security Configuration Mail Service Administration Network Services Administration Open Directory Administration Podcast Producer Administration Print Service Administration QuickTime Streaming and Broadcasting Administration Server Administration tells you how to: Install Mac OS X Server and set it up for the first time. Install, set up, and manage Mac OS X Server using UNIX commandline tools and configuration files. Share selected server volumes or folders among server clients using the AFP, NFS, FTP, and SMB protocols. Set up and manage iCal shared calendar service. Set up and manage iChat instant messaging service. Make Mac OS X computers (clients) more secure, as required by enterprise and government customers. Make Product Name and the computer it's installed on more secure, as required by enterprise and government customers. Set up and manage IMAP, POP, and SMTP mail services on the server. Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall, NAT, and RADIUS services on the server. Set up and manage directory and authentication services, and configure clients to access directory services. Set up and manage Podcast Producer service to record, process, and distribute podcasts. Host shared p ...