User manual APPLE LEOPARD - SYSTEM IMAGING AND SOFTWARE UPDATE ADMINISTRATION

Mac OS X Server System Imaging and Software Update Administration For Version 10.5 Leopard K Apple Inc. © 2007 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple Inc., is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino CA 95014-2084 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the "keyboard" Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleShare, AppleTalk, Mac, Macintosh, QuickTime, Xgrid, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Finder is a trademark of Apple Inc. .Adobe and PostScript are trademarks of Adobe Systems Incorporated. Intel, Intel Core, Xeon are trademarks of Intel Corp. in the U.S. and other countries. PowerPCTM and the PowerPC logoTM are trademarks of International Business Machines Corporation, used under license therefrom. UNIX is a registered trademark of The Open Group. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. 019-0944/2007-09-01 1 Contents Preface 9 9 9 10 10 11 12 12 13 13 About This Guide What's New in System Imaging and Software Update What's in This Guide Using This Guide Using Onscreen Help Mac OS X Server Administration Guides Viewing PDF Guides on Screen Printing PDF Guides Getting Documentation Updates Getting Additional Information Part I Chapter 1 17 18 18 18 19 19 19 20 21 21 22 22 22 22 23 23 24 24 24 System Imaging Administration Understanding System Imaging Inside NetBoot Service Disk Images NetBoot Share Points Using NetBoot and NetInstall Images on Other Servers Client Information File Shadow Files NetBoot Image Folder Property List File Boot Server Discovery Protocol (BSDP) BootP Server Boot Files Trivial File Transfer Protocol Using Images Stored on Other Servers Security NetInstall Images Tools for Managing NetBoot Service Server Admin Workgroup Manager 3 25 25 Chapter 2 27 27 27 27 29 30 31 32 32 33 34 34 34 35 36 36 37 37 38 38 38 39 39 40 41 41 41 43 43 45 45 45 46 46 46 47 48 48 48 System Image Utility Command-Line Tools Creating NetBoot and NetInstall Images Using System Image Utility Creating Images Creating NetBoot Images Creating NetInstall Images Creating an Image from a Configured Computer Understanding Workflows Workflow Components Configuring the Customize Package Selection Action Configuring the Define Image Source Action Configuring the Add Packages and Post-Install Scripts Action Configuring the Add User Account Action Configuring the Apply System Configuration Settings Action Configuring the Create Image Action Configuring the Enable Automated Installation Action Configuring the Filter Clients by MAC Address Action Configuring the Filter Computer Models Action Configuring the Partition Disk Action Assembling Workflows Adding Existing Workflows Adding Existing Workflows Removing Workflows Assembling an Image Workflow Adding Software to NetBoot and NetInstall Images About Packages Creating Packages Viewing the Contents of a Package Setting Up NetBoot Service Setup Overview Before Setting Up NetBoot Service What You Must Know Client Computer Requirements Network Hardware Requirements Network Service Requirements Capacity Planning Serial Number Considerations Turning NetBoot Service On Setting Up NetBoot Service Configuring General Settings Chapter 3 4 Contents 49 49 50 50 51 51 52 52 53 53 54 55 55 Chapter 4 57 57 57 58 58 59 61 61 61 62 62 63 63 64 64 64 64 65 66 67 69 69 69 70 70 70 Configuring Images Settings Configuring Filters Settings Configuring Logging Settings Starting NetBoot and Related Services Managing Images Enabling Images Choosing Where Images Are Stored Choosing Where Shadow Files Are Stored Using Images Stored on Remote Servers Specifying the Default Image Setting an Image for Diskless Booting Restricting NetBoot Clients by Filtering Addresses Setting Up NetBoot Service Across Subnets Setting Up Clients to Use NetBoot and NetInstall Images Setting Up Diskless Clients Selecting a NetBoot Boot Image Selecting a NetInstall Image Starting Up Using the N Key Changing How NetBoot Clients Allocate Shadow Files Managing NetBoot Service Controlling and Monitoring NetBoot Turning Off NetBoot Service Disabling a Boot or Installation Image Viewing a List of NetBoot Clients Viewing a List of NetBoot Connections Checking the Status of NetBoot and Related Services Viewing the NetBoot Service Log Performance and Load Balancing Load Balancing NetBoot Images Distributing NetBoot Images Across Servers Distributing NetBoot Images Across Server Disk Drives Balancing NetBoot Image Access Distributing Shadow Files Solving System Imaging Problems General Tips If NetBoot Client Computers Won't Start If You Want to Change the Image Name Changing the Name of an Uncompressed Image Changing the Name of a Compressed Image Chapter 5 Chapter 6 Contents 5 Part II Chapter 7 75 75 76 76 76 77 77 77 77 77 78 78 78 79 79 81 81 82 82 83 83 83 84 84 84 85 85 86 86 87 87 88 89 89 90 90 90 91 91 Software Update Administration Understanding Software Update Administration Inside the Software Update Process Overview Catalogs Installation Packages Staying Up-To-Date with the Apple Server Limiting User Bandwidth Revoked Files Software Update Package Format Log Files Information That Is Collected Tools for Managing Software Update Service Server Admin Workgroup Manager Command-Line Tools Setting Up the Software Update Service Setup Overview Before Setting Up Software Update What You Must Know Client Computer Requirements Network Hardware Requirements Capacity Planning Before Setting Up Software Update Consider Which Software Update Packages to Offer Software Update Storage Organize Your Enterprise Client Computers Turning Software Update Service On Setting Up Software Update Configuring General Settings Configuring Updates Settings Starting Software Update Pointing Unmanaged Clients to a Software Update Server Managing the Software Update Service Manually Refreshing the Updates Catalog from the Apple Server Checking the Status of the Software Update Service Stopping the Software Update Service Limiting User Bandwidth for the Software Update Service Automatically Copying and Enabling Updates from Apple Copying and Enabling Selected Updates from Apple Chapter 8 Chapter 9 6 Contents 92 92 93 Chapter 10 95 95 95 95 95 Removing Obsolete Software Updates Removing Updates from a Software Update Server Identifying Individual Software Update Files Solving Software Update Service Problems General Tips If a Client Computer Can't Access the Software Update server If the Software Update Server Won't Sync with the Apple Server If Update Packages That the Software Update Server Lists Aren't Visible to Client Computers Index 103 Contents 7 8 Contents This guide describes how to configure and use NetBoot and NetInstall images within Mac OS X Server. It also describes the Software Update service you can set up using Mac OS X Server. Mac OS X Server v10.5 Leopard includes NetBoot service supporting NetBoot and NetInstall images and the improved System Image Utility--a stand-alone utility used to create Install and Boot images used with NetBoot service. Mac OS X Server v10.5 Leopard is Apple's Software Update Server. It is designed as a source for Apple Software Updates managed on your network. With Software Update service, you can directly manage which Apple Software Updates users on your network can access and apply to their computers. What's New in System Imaging and Software Update NetBoot service, System Imaging Utility, and Software Update service in Mac OS X Server v10.5 Leopard include the following valuable new features:  System Image Utility has major user interface enhancements.  System Image Utility allows auto-partitioning.  System Image Utility can add files and preinstall scripts to a NetInstall image.  System Image Utility provides address filtering for images. Served images can be made visible to certain clients on a per image basis. What's in This Guide This guide is organized as follows:  Part I--System Imaging Administration. The chapters in this part of the guide introduce you to system imaging and the applications and tools available for administering system imaging services. Preface 9 About This Guide  Part II--Software Update Administration. The chapters in this part of the guide introduce you to the Software Update service and the applications and tools available for administering it. Note: Because Apple periodically releases new versions and updates to its software, images shown in this book may be different from what you see on your screen. Using This Guide The following list contains suggestions for using this guide:  Read the guide in its entirety. Subsequent sections might build on information and recommendations discussed in prior sections.  The instructions in this guide should always be tested in a nonoperational environment before deployment. This non-production environment should simulate, as much as possible, the environment where this NetBoot/NetInstall environment will be deployed. Using Onscreen Help You can get task instructions onscreen in Help Viewer while you're managing Leopard Server. You can view help on a server or an administrator computer. (An administrator computer is a Mac OS X computer with Leopard Server administration software installed on it.) To get help for an advanced configuration of Leopard Server: m Open Server Admin or Workgroup Manager and then:  Use the Help menu to search for a task you want to perform.  Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse and search the help topics. The onscreen help contains instructions taken from Server Administration and other advanced administration guides described in "Mac OS X Server Administration Guides," next. To see the most recent server help topics: m Make sure the server or administrator computer is connected to the Internet while you're getting help. Help Viewer automatically retrieves and caches the most recent server help topics from the Internet. When not connected to the Internet, Help Viewer displays cached help topics. 10 Preface About This Guide Mac OS X Server Administration Guides Getting Started covers installation and setup for standard and workgroup configurations of Product Name. For advanced configurations, Server Administration covers planning, installation, setup, and general server administration. A suite of additional guides, listed below, covers advanced planning, setup, and management of individual services. You can get these guides in PDF format from the Mac OS X Server documentation website: www.apple.com/server/documentation This guide ... Getting Started and Installation & Setup Worksheet Command-Line Administration File Services Administration iCal Service Administration iChat Service Administration Mac OS X Security Configuration Mac OS X Server Security Configuration Mail Service Administration Network Services Administration Open Directory Administration Podcast Producer Administration Print Service Administration QuickTime Streaming and Broadcasting Administration Server Administration tells you how to: Install Mac OS X Server and set it up for the first time. Install, set up, and manage Mac OS X Server using UNIX commandline tools and configuration files. Share selected server volumes or folders among server clients using the AFP, NFS, FTP, and SMB protocols. Set up and manage iCal shared calendar service. Set up and manage iChat instant messaging service. Make Mac OS X computers (clients) more secure, as required by enterprise and government customers. Make Product Name and the computer it's installed on more secure, as required by enterprise and government customers. Set up and manage IMAP, POP, and SMTP mail services on the server. Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall, NAT, and RADIUS services on the server. Set up and manage directory and authentication services, and configure clients to access directory services. Set up and manage Podcast Producer service to record, process, and distribute podcasts. Host shared printers and manage their associated queues and print jobs. Capture and encode QuickTime content. Set up and manage QuickTime streaming service to deliver media streams live or on demand. Perform advanced installation and setup of server software, and manage options that apply to multiple services or to the server as a whole. Use NetBoot, NetInstall, and Software Update to automate the management of operating system and other software used by client computers. System Imaging and Software Update Administration Preface About This Guide 11 This guide ... Upgrading and Migrating User Management Web Technologies Administration Xgrid Administration and High Performance Computing Mac OS X Server Glossary tells you how to: Use data and service settings from an earlier version of Product Name or Windows NT. Create and manage user accounts, groups, and computers. Set up managed preferences for Mac OS X clients. Set up and manage web technologies, including web, blog, webmail, wiki, MySQL, PHP, Ruby on Rails, and WebDAV. Set up and manage computational clusters of Xserve systems and Mac computers. Learn about terms used for server and storage products. Viewing PDF Guides on Screen While reading the PDF version of a guide onscreen:  Show bookmarks to see the guide's outline, and click a bookmark to jump to the corresponding section.  Search for a word or phrase to see a list of places where it appears in the document. Click a listed place to see the page where it occurs.  Click a cross-reference to jump to the referenced section. Click a web link to visit the website in your browser. Printing PDF Guides If you want to print a guide, you can take these steps to save paper and ink:  Save ink or toner by not printing the cover page.  Save color ink on a color printer by looking in the panes of the Print dialog for an option to print in grays or black and white.  Reduce the bulk of the printed document and save paper by printing more than one page per sheet of paper. In the Print dialog, change Scale to 115% (155% for Getting Started). Then choose Layout from the untitled pop-up menu. If your printer supports two-sided (duplex) printing, select one of the Two-Sided options. Otherwise, choose 2 from the Pages per Sheet pop-up menu, and optionally choose Single Hairline from the Border menu. (If you're using Mac OS X v10.4 or earlier, the Scale setting is in the Page Setup dialog and the Layout settings are in the Print dialog.) You may want to enlarge the printed pages even if you don't print double sided, because the PDF page size is smaller than standard printer paper. In the Print dialog or Page Setup dialog, try changing Scale to 115% (155% for Getting Started, which has CD-size pages). 12 Preface About This Guide Getting Documentation Updates Periodically, Apple posts revised help pages and new editions of guides. Some revised help pages update the latest editions of the guides.  To view new onscreen help topics for a server application, make sure your server or administrator computer is connected to the Internet and click "Latest help topics" or "Staying current" in the main help page for the application.  To download the latest guides in PDF format, go to the Mac OS X Server documentation website: www.apple.com/server/documentation Getting Additional Information For more information, consult these resources:  Read Me documents--important updates and special information. Look for them on the server discs.  Mac OS X Server website (www.apple.com/server/macosx)--gateway to extensive product and technology information.  Mac OS X Server Support website (www.apple.com/support/macosxserver)--access to hundreds of articles from Apple's support organization.  Apple Training website (www.apple.com/training)--instructor-led and self-paced courses for honing your server administration skills.  Apple Discussions website (discussions.apple.com)--a way to share questions, knowledge, and advice with other administrators.  Apple Mailing Lists website (www.lists.apple.com)--subscribe to mailing lists so you can communicate with other administrators using email.  Open Source website (developer.apple.com/darwin/)--Access to Darwin open source code, developer information, and FAQs. Preface About This Guide 13 14 Preface About This Guide Part I: System Imaging Administration I The chapters in this part of the guide introduce you to system imaging and the applications and tools available for administering system imaging services. Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Understanding System Imaging Creating NetBoot and NetInstall Images Setting Up NetBoot Service Setting Up Clients to Use NetBoot and NetInstall Images Managing NetBoot Service Solving System Imaging Problems 1 Understanding System Imaging 1 This chapter describes how to start client computers using an operating system stored on a server and how to install software on client computers over the network. The NetBoot and NetInstall features of Mac OS X Server offer you alternatives for managing the operating system and application software that your Macintosh clients (or even other servers) require to start and do their work. Instead of going from computer to computer to install operating system and application software from CDs, you can prepare an installation image that installs on each computer when it starts up. You can also choose to not install software and have client computers start (or boot) from an image stored on the server. (In some cases, clients don't even need their own disk drives.) Using NetBoot and NetInstall, your client computers can start from a standardized Mac OS configuration suited to specific tasks. Because the client computers start from the same image, you can quickly update the operating system for users by updating a single boot image. A boot image is a file that looks and acts like a mountable disk or volume. NetBoot images contain the system software needed to act as a startup disk for client computers over the network. An installation image is an image that starts up the client computer long enough to install software from the image. The client can then start up from its own hard drive. Boot images (NetBoot) and installation images (NetInstall) are different kinds of disk images. The main difference is that a .dmg file is a proper disk image and a .nbi folder is a bootable network volume (which in the end contains a .dmg disk image file). Disk images are files that behave like disk volumes. 17 You can set up multiple NetBoot or NetInstall images to suit the needs of different groups of clients or provide copies of the same image on multiple NetBoot servers to distribute the client startup load. NetBoot service can be used with NetBoot and NetInstall images along with Mac OS X client management services to provide a personalized work environment for each user. For information about client management services, see User Management. You can use the following Mac OS X Server applications to set up and manage NetBoot and NetInstall:  System Image Utility to create Mac OS X NetBoot and NetInstall disk images. This utility is installed with Mac OS X Server software in the /Applications/Server/ folder.  Server Admin to enable and configure NetBoot service and supporting services. This utility is installed with Mac OS X Server software in the /Applications/Server/ folder.  PackageMaker to create package files that you use to add software to disk images. This utility is provided on the Mac OS X Server Administration Tools CD.  Property List Editor to edit property lists such as NBImageInfo.plist. This utility is included on the Mac OS X Server Administration Tools CD. Inside NetBoot Service This section describes how NetBoot service is implemented on Mac OS X Server, including information about the protocols, files, folder structures, and configuration details. Disk Images The disk images contain the system software and applications used over the network by client computers. These tools can be installed on a client computer with the Mac OS X Server Administration Tools CD. The name of a disk image file typically ends in .img or .dmg. Disk Utility--part of Mac OS X--can mount disk image files as volumes on the desktop. You use System Image Utility to create Mac OS X NetBoot or NetInstall images, using a Mac OS X installation disc or an existing system volume as the source. See "Creating Images" on page 27. NetBoot Share Points NetBoot service sets up share points to make images and shadow files available to clients. Shadow files are used for NetBoot clients that don't use their local hard drives to write out data when booted. NetBoot service creates share points for storing NetBoot and NetInstall images in /Library/NetBoot/ on each volume you enable and names them NetBootSPn, where n is 0 for the first share point and increases by 1 for each extra share point. 18 Chapter 1 Understanding System Imaging For example, if you decide to store images on three server disks, NetBoot service sets up three share points named NetBootSP0, NetBootSP1, and NetBootSP2. The share points for client shadow files are also created in /Library/NetBoot/ and are named NetBootClientsn. You can create and enable NetBootSPn and NetBootClientsn share points on other server volumes using the NetBoot service General settings in Server Admin. WARNING: Don't rename a NetBoot share point or the volume it resides on. Don't stop sharing a NetBoot share point unless you first deselect the share point for images and shadow files in Server Admin. Using NetBoot and NetInstall Images on Other Servers You can also specify the path of a NetBoot image residing on a different NFS server. When creating image files, you can specify which server the image will reside on. See "Using Images Stored on Remote Servers" on page 53. Client Information File NetBoot service gathers information about a client the first time a client selects a NetBoot or NetInstall volume to start from the Startup Disk. NetBoot service stores this information in the /var/db/bsdpd_clients file. Shadow Files Many clients can read from the same NetBoot image, but when a client must write back to its startup volume (such as print jobs and other temporary files), NetBoot service redirects the written data to the client's shadow files, which are separate from regular system and application software. Shadow files preserve the unique identity of each client while it is running from a NetBoot image. NetBoot service transparently maintains changed user data in shadow files while reading unchanged data from the shared system image. Shadow files are recreated at startup, so changes made to a user's startup volume are lost at restart. For example, if a user saves a document to the startup volume, after a restart that document will be gone. This behavior preserves the condition of the environment the administrator set up. Therefore users must have accounts on a file server on the network to save documents. Balancing the Shadow File Load NetBoot service creates an AFP share point on each server volume you specify (see "Choosing Where Shadow Files Are Stored" on page 52) and distributes client shadow files across them as a way of balancing the load for NetBoot clients. There is no performance gain if the volumes are partitions on the same disk. See "Distributing Shadow Files" on page 67. Chapter 1 Understanding System Imaging 19 Allocation of Shadow Files for Mac OS X NetBoot Clients When a client computer starts from a Mac OS X NetBoot image, it creates shadow files on a server NetBootClientsn share point or, if no share point is available, on a drive local to the client. For information about changing this behavior, see "Choosing Where Shadow Files Are Stored" on page 52. NetBoot Image Folder When you create a Mac OS X NetBoot image with System Image Utility, the utility creates a NetBoot image folder whose name ends with ".nbi" and stores in it the NetBoot image with other files (see the following table) required to start a client computer over the network. File booter mach.macosx mach.macosx.mkext System.dmg NBImageInfo.plist Description Startup file that the firmware uses to begin the startup process UNIX kernel Drivers Startup image file (can include application software) Property list file System Image Utility stores the folder whose name ends with .nbi on the NetBoot server in /Library/NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the name of the image). You can save directly to this folder or you can create the image elsewhere (even on another computer) and copy it to the /Library/NetBoot/NetBootSPn folder at a later time. Files for PowerPC-based Macintosh computers are stored under the ppc folder for Leopard images, while previous images may have the PowerPC files stored in the root of the .nbi folder. Files for Intel-based Macintosh computers are stored in the i386 folder. You use System Image Utility to set up NetBoot image folders. The utility lets you:  Name the image  Choose the image type (NetBoot or NetInstall)  Provide an image ID  Choose the default language  Choose the computer models the image will support  Create unique sharing names  Specify a default user name and password  Enable automatic installation for installation images  Add package or preinstalled applications For more information, see "Creating NetBoot Images" on page 27. 20 Chapter 1 Understanding System Imaging Property List File The property list file (NBImageInfo.plist) stores image properties. The following table gives more information about the property list for Mac OS X image files. Property Architectures BootFile Index Type Array String Integer Description An array of strings of the architectures the image supports. Name of boot file: booter. 1­4095 indicates a local image unique to the server. 4096­65535 is a duplicate, identical image stored on multiple servers for load balancing. True specifies this image file as the default boot image on the subnet. Sets whether the image is available to NetBoot (or Network Image) clients. True specifies a Network Install image; False specifies a NetBoot image. Name of the image as it appears in the Mac OS X Preferences pane. Specifies the path to the disk image on the server, or the path to an image on another server. See "Using Images Stored on Other Servers" on page 22. NFS or HTTP. True directs the NetBoot server to allocate space for the shadow files needed by diskless clients. Text describing the image. A code specifying the language to be used while starting from the image. IsDefault IsEnabled IsInstall Name RootPath Boolean Boolean Boolean String String Type SupportsDiskless Description Language String Boolean String String Initial values in NBImageInfo.plist are set by System Image Utility and you usually don't need to change the property list file directly. Some values are set by Server Admin. If you must edit a property list file, you can use TextEdit or Property List Editor, found in the Utilities folder on the Mac OS X Server Administration Tools CD. Boot Server Discovery Protocol (BSDP) NetBoot service uses an Apple-developed protocol based on DHCP known as Boot Server Discovery Protocol (BSDP). This protocol provides a way of discovering NetBoot servers on a network. NetBoot clients obtain their IP information from a DHCP server and their NetBoot information from BSDP. BSDP offers built-in support for load balancing. See "Performance and Load Balancing" on page 64. Chapter 1 Understanding System Imaging 21 BootP Server NetBoot service uses a BootP server (bootpd) to provide necessary information to client computers when they try to start from an image on the server. If you have BootP clients on your network and they request an IP address from the NetBoot BootP server, this request will fail because the NetBoot BootP server doesn't have addresses to offer. To prevent the NetBoot BootP server from responding to requests for IP addresses, use the dscl command-line tool to open the local folder on the NetBoot server and add a key named bootp_enabled with no value to the /config/ dhcp/ folder. Boot Files When you create a Mac OS X NetBoot image with System Image Utility, the utility generates the following boot files and stores them on the NetBoot server in /Library/ NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the name of the image):  booter  mach.macosx  mach.macosx.mkext Note: If you turn on NetBoot service when installing Mac OS X Server, the installer creates the NetBootSP0 share point on the server boot volume. Otherwise, you can set up NetBootSPn share points by choosing where to store NetBoot images from the list of volumes in the General pane of NetBoot service settings in Server Admin. Trivial File Transfer Protocol NetBoot service uses Trivial File Transfer Protocol (TFTP) to send boot files from the server to the client. When you start a NetBoot client, the client sends a request for startup software. The NetBoot server then delivers the booter file to the client using TFTP default port 69. Client computers access the startup software on the NetBoot server from the location where the image was saved. These files are typically stored in the /private/tftpboot/NetBoot/NetBootSPn/ folder. This path is a symbolic link to Library/NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the name of the image). Using Images Stored on Other Servers You can store Mac OS X NetBoot or NetInstall images on NFS servers other than the NetBoot server. For more information, see "Using Images Stored on Remote Servers" on page 53. 22 Chapter 1 Understanding System Imaging Security You can restrict access to NetBoot service on a case-by-case basis by listing the hardware addresses (also known as the Ethernet or MAC addresses) of computers that you want to permit or deny access to. The hardware address of a client computer is added to the NetBoot Filtering list when the client starts up using NetBoot and is, by default, enabled to use NetBoot service. You can specify other services. See "Restricting NetBoot Clients by Filtering Addresses" on page 55. NetInstall Images A NetInstall image is an image that starts up the client computer long enough to install software from the image. The client can then start up from its own hard drive. Just as a NetBoot image replaces the role of a hard drive, a NetInstall image is a replacement for an installation DVD. Like a bootable CD, NetInstall is a convenient way to reinstall the operating system, applications, or other software onto the local hard drive. For system administrators deploying large numbers of computers with the same version of Mac OS X, NetInstall can be very useful. NetInstall does not require the insertion of a CD into each NetBoot client because startup and installation information is delivered over the network. When you create a NetInstall image with System Image Utility, you can automate the installation process by limiting interaction at the client computer. Because an automatic network installation can be configured to erase the contents of the local hard drive before installation, data loss can occur. You must control access to this type of NetInstall image and must communicate the implications of using them to those using these images. Before using automatic network installations, it is always wise to inform users to back up critical data. You can perform software installations using NetInstall using a collection of packages or an entire disk image (depending on the source used to create the image). For more information about preparing NetInstall images to install software over the network, see "Creating NetInstall Images" on page 29. Chapter 1 Understanding System Imaging 23 Tools for Managing NetBoot Service The Server Admin and System Image Utility applications provide a graphical interface for managing NetBoot service in Mac OS X Server. In addition, you can manage NetBoot service from the command line by using Terminal. These applications are included with Mac OS X Server and can be installed on another computer with Mac OS X v10.5 or later, making that computer an administrator computer. For more information about setting up an administrator computer, see the server administration chapter of Getting Started. Server Admin The Server Admin application provides access to tools you use to set up, manage, and monitor NetBoot service and other services. You use Server Admin to:  Set up Mac OS X Server as a DHCP server and configure NetBoot service to use NetBoot and NetInstall images. For instructions, see Chapter 3, "Setting up NetBoot Service."  Manage and monitor NetBoot service. For instructions, see Chapter 5, "Managing NetBoot Service." For more information about using Server Admin, see Server Administration. This guide includes information about:  Opening and authenticating in Server Admin  Working with specific servers  Administering services  Using SSL for remote server administration  Customizing the Server Admin environment Server Admin is installed in /Applications/Server/. Workgroup Manager The Workgroup Manager application provides comprehensive management of clients of Mac OS X Server. For basic information about using Workgroup Manager, see User Management. This includes:  Opening and authenticating in Workgroup Manager  Administering accounts  Customizing the Workgroup Manager environment Workgroup Manager is installed in /Applications/Server/. 24 Chapter 1 Understanding System Imaging System Image Utility System Image Utility is a tool you use to create and customize NetBoot and NetInstall images. With System Image Utility, you can:  Create NetBoot images that can be booted to the Finder.  Create NetInstall images from a DVD or existing Mac OS X partition.  Assemble a workflow that creates customized NetBoot and NetInstall images. For instructions on using System Image Utility, see Chapter 2. System Image Utility is installed in /Applications/Server/. Command-Line Tools A full range of command-line tools is available for administrators who prefer to use command-driven server administration. For remote server management, submit commands in a secure shell (SSH) session. You can enter commands on Mac OS X servers and computers using the Terminal application, located in the /Applications/ Utilities/ folder. For information about useful command-line tools, see Command-Line Administration. Chapter 1 Understanding System Imaging 25 26 Chapter 1 Understanding System Imaging 2 Creating NetBoot and NetInstall Images 2 This chapter provides instructions for preparing NetBoot or NetInstall images you can use with NetBoot service. You can set up multiple NetBoot or NetInstall images to suit the needs of different groups of clients or to provide copies of the same image on multiple servers to distribute the client startup load. Using NetBoot service, you can provide a personalized work environment for each client computer user. Using System Image Utility System Image Utility is a tool you use to create and customize NetBoot and NetInstall images. With System Image Utility, you can:  Create NetBoot images that can be booted to the Finder.  Create NetInstall images from a DVD or existing Mac OS X partition.  Assemble a workflow that creates customized NetBoot and NetInstall images. Creating Images To create system and software images to use with NetBoot service, you use System Image Utility.  Creating NetBoot Images.  Creating NetInstall Images. Note: To create an image, you must have valid Mac OS X 10.5 image sources (either volumes or installation DVDs). You cannot create an image of the startup disk you are running on. Creating NetBoot Images You can create NetBoot images of Mac OS X that are then used to start client computers over the network. 27 You can also assemble a workflow to create a NetBoot image that permits advanced customization of your images. For more information, see "Understanding Workflows" on page 31. Note: You must purchase a Mac OS X user license for each client that starts from a NetBoot or NetInstall disk image. To create a NetBoot image: 1 Log in as an administrator user. 2 Open System Image Utility (in the /Applications/Server/ folder). 3 In the left sidebar select the image source. If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume. Note: To create an image, you must have valid Mac OS X v10.5 image sources (either volumes or installation DVDs). You cannot create an image of the startup disk you are running on. 4 Select NetBoot Image and click Continue. 5 In the Image Name field, enter a name for your image. This name identifies the image in the Startup Disk preferences pane on client computers. 6 (Optional) In the Description field, enter notes or other information to help you characterize the image. Clients can't see the description information. 7 If the image will be served from more than one server select the checkbox below the description field. This option generates an index ID for NetBoot server load balancing. 8 If your source volume is a Mac OS X Installation DVD, enter a user name, short name, and password (in the Password and Verify fields) for the administrator account in Create Administrator Account. You can log in to a booted client using this account. 9 Click Create. 10 In the Save As dialog, choose where to save the image. If you don't want to use the image name you entered earlier, change it by entering a new name in the Save As field. NetBoot service must be configured on a network port and Server Admin must be set to serve images from a volume for this option to appear in the pop-up menu. For more information, see "Setting Up NetBoot Service" on page 48. 28 Chapter 2 Creating NetBoot and NetInstall Images To save the image somewhere else, choose a location from the Where pop-up menu or click the triangle next to the Save As field and navigate to a folder. 11 Click Save and authenticate if prompted. Important: Do not attempt to edit content in the image destination folder while the image is being created. Creating NetInstall Images Use System Image Utility to create a NetInstall image that you can use to install software on client computers over the network. You can find this application in the /Applications/Server/ folder. To create a NetInstall image: 1 Log in as an administrator user. 2 Open System Image Utility (in the /Applications/Server/ folder). 3 In the left sidebar select the image source. If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume. Note: To create an image, you must have valid Mac OS X v10.5 image sources (either volumes or installation DVDs). You cannot create an image of the startup disk you are running on. 4 Select NetInstall Image and click Continue. 5 In the Image Name field, enter a name for your image. This name identifies the image in the Startup Disk preferences pane on client computers. 6 (Optional) In the Description field, enter notes or other information to help you characterize the image. Clients can't see the description information. 7 If the image will be served from more than one server, select the checkbox below the description field. This assigns an index ID to the image for NetBoot service load balancing. 8 Click Create. 9 In the Save As dialog, choose where to save the image. If you don't want to use the image name you entered earlier, change it by entering a new name in the Save As field. If you're creating the image on the same server that will serve it, choose a volume from the "Serve from NetBoot share point on" pop-up menu. Chapter 2 Creating NetBoot and NetInstall Images 29 NetBoot service must be configured on a network port and Server Admin must be set to serve images from a volume for this option to appear in the pop-up menu. For more information, see "Setting Up NetBoot Service" on page 48. To save the image somewhere else, choose a location from the Where pop-up menu or click the triangle next to the Save As field and navigate to a folder. 10 Click Save and authenticate if prompted. Important: Do not attempt to edit content in the image destination folder while the image is being created. Creating an Image from a Configured Computer If you have a client computer that's configured for users, you can use System Image Utility to create a NetBoot or NetInstall image based on that client configuration. You must start up from a volume other than the one you're using as the image source. For example, you could start up from an external FireWire hard disk or a second partition on the client computer hard disk. You can't create the image on a volume over the network. To create an image based on an existing system: 1 Start up the computer from a partition other than the one you're imaging. 2 Install System Image Utility on the client computer from the Mac OS X Server Administration Tools CD. 3 Open System Image Utility on the client computer (in the /Applications/Server/ folder). 4 In the left sidebar select the image source. If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume. Note: To create an image, you must have valid Mac OS X v10.5 image sources (either volumes or installation DVDs). You cannot create an image of the startup disk you are running on. 5 From the expanded list, select the image source. 6 Select NetBoot Image or NetInstall Image and click Continue. Select NetBoot if your client computers will start up from this image. Select NetInstall if your image will be installed on a computer disk drive. 7 In the Image Name field, enter a name for your image. This name identifies the image in the Startup Disk preferences pane on client computers. 8 (Optional) In the Description field, enter notes or other information to help you characterize the image. 30 Chapter 2 Creating NetBoot and NetInstall Images Clients can't see the description information. 9 If the image will be served from more than oner server, select the checkbox below the description field. This option generates an index ID for NetBoot server load balancing. 10 For NetBoot images, if your source volume is a Mac OS X Installation DVD, enter a user name, short name, and password (in the Password and Verify fields) for the administrator account in Create Administrator Account. You can log in to a booted client using this account. 11 Click Create. 12 In the Save As dialog, choose where to save the image. If you don't want to use the image name you entered earlier, change it by entering a new name in the Save As field. To save the image somewhere else, choose a location from the Where pop-up menu or click the triangle next to the Save As field and navigate to a folder. 13 Click Save and authenticate if prompted. Important: Do not attempt to edit content under the image destination folder while the image is being created. 14 After the image is created on the client computer, copy it to the /Library/NetBoot/ NetBootSPn share point on the server for use by the NetBoot service. Images should be stored in this folder. From the Command Line You can also create a NetBoot image clone of an existing system using the hdiutil command in Terminal. For more information, see the system image chapter of Command-Line Administration. Understanding Workflows System Image Utility now harnesses the power of Automator to help you create custom images by assembling workflows. The basic building block of a workflow is an automator action. You define the image customization by assembling automator actions into a workflow. You use workflows to create customized NetInstall or NetBoot images depending on the goals of your task.  Workflows that create custom NetInstall images assemble an image that installs the OS onto the computer, either originating from installation DVDs or from an installed OS volume. This image boots into the installer environment or similar shell environment and performs the workflow steps as defined. Chapter 2 Creating NetBoot and NetInstall Images 31  Workflows that create custom NetBoot images assemble a bootable image from installation DVDs or from an installed OS volume. This is an image that could be directly installed onto a target volume using the asr command-line tool or you can use NetBoot. Each action performs a single task, such as customizing a software package or adding a user account. Instead of being a do-it-all tool, an action is purpose-designed to perform a single task well. By combining several actions into a workflow, you can quickly accomplish a specific task that no one action can accomplish on its own. Workflow Components System Image Utility comes preloaded with a library of actions. You can use these actions to customize settings when creating an image. You access and organize this Automator library of actions within the workflow panes of System Image Utility. The following sections describe the workflow actions available in the Automator library and provide steps on how to configure their options. By themselves, these actions cannot create an image and must be assembled into a workflow to function. For more information, see "Assembling Workflows" on page 38.  "Configuring the Customize Package Selection Action" on page 32  "Configuring the Define Image Source Action" on page 33  "Configuring the Add Packages and Post-Install Scripts Action" on page 34  "Configuring the Add User Account Action" on page 34  "Configuring the Apply System Configuration Settings Action" on page 34  "Configuring the Create Image Action" on page 35  "Configuring the Enable Automated Installation Action" on page 36  "Configuring the Filter Clients by MAC Address Action" on page 36  "Configuring the Filter Computer Models Action" on page 37  "Configuring the Partition Disk Action" on page 37 Configuring the Customize Package Selection Action Use this action to customize the installation of the Mac OS X. This action has options to disable, enable, require, or prevent installation of packages or parts of packages in your image. This action is only valid when creating NetInstall images. 32 Chapter 2 Creating NetBoot and NetInstall Images To configure the Customize Package Selection workflow action: 1 From your System Image Utility workflow, select the Customize Package Selection action in the Automator Library and drag it into position in your workflow. 2 Enable or disable the installation of software packages using the Visible column. Select the checkbox in the Visible column to enable the software package. If enabled, the user can install the package from your image during installation. Deselect the checkbox in the Visible column to disable the software package. If disabled, the user cannot choose whether the package gets installed or not. 3 Require or prevent the installation of software packages using the Default and Visible columns. To require the installation of the software package, select the checkbox in the Default column and deselect the checkbox in the Visible column. The user cannot alter the package installation. To prevent the installation of the software package, deselect the checkbox in the Default column and deselect the checkbox in the Visible column. The user cannot see the package and the package will not be installed. Configuring the Define Image Source Action Use this action to select the source volume and the type of image to create from it. This action must be at the beginning of all image creation workflows. This action is valid when creating NetBoot and NetInstall images. To configure the Define Image Source workflow action: 1 From your System Image Utility workflow, select the Define Image Source action in the Automator Library and drag it to the beginning of your workflow. 2 From the Source pop-up menu, select the image source. When you select the source, this action will choose a default image type based on the contents of the selected source. Note: To create an image, you must have valid Mac OS X v10.5 image sources (either volumes or installation DVDs). You cannot create an image of the startup disk you are running on. 3 Choose NetBoot or NetInstall for the type of image you are creating. Select NetBoot if your client computers will start up from this image. Select NetInstall if your image will be installed on a computer disk drive. Chapter 2 Creating NetBoot and NetInstall Images 33 Configuring the Add Packages and Post-Install Scripts Action Use this action to add installer packages and post-install scripts to a NetInstall image. Post-install scripts provide the ability to customize each computer you deploy an image on. This action is only valid when creating a NetInstall image. To configure the Add Packages and Post-Install Scripts workflow action: 1 From your System Image Utility workflow, select the Add Packages and Post-Install Scripts action in the Automator Library and drag it into position in your workflow. 2 Add or Remove software packages or post-install scripts to your NetInstall image. To add a package, click the Add (+) button, select the packages or post-install script you want to add to your NetInstall image, then click Open. To remove a package or post-install script, select the item from the list and click the Delete (­) button. You can also drag items into the list from Finder and delete them by pressing the Delete key. Configuring the Add User Account Action Use this account to add a user account to the Mac OS X installation image. You can set this user to be an administrator. This action is only valid when creating a NetBoot image. To configure the Add User Account workflow action: 1 From your System Image Utility workflow, select the Add User Account action in the Automator Library and drag it into position in your workflow. 2 Enter a user name, short name, and password for the user account. 3 Select the "Allow user to administer the computer" checkbox to give the account administrator priveleges. Generally, a NetBoot computer created from a Mac OS X Installation DVD must have at least one administrator user account. You can log in to a booted client using this account. Configuring the Apply System Configuration Settings Action Use this action to set custom per-host settings on client computers. This action is only valid when creating NetInstall images. To configure the Apply System Configuration Settings workflow action: 1 From your System Image Utility workflow, select the Apply System Configuration Settings action in the Automator Library and drag it into position in your workflow. 34 Chapter 2 Creating NetBoot and NetInstall Images 2 Select from the following options to apply system configuration settings to your NetInstall image. If you want to copy the directory services configuration from the computer you are creating the image from, select "Apply directory services settings from this machine to all clients." If you want to bind clients one by one to their respective server or servers, click the triangle next to "Map clients to other directory servers" and add or remove clients with the Add (+) and Delete (­) buttons below the list. The Server column is the Open Directory server, Ethernet Address is the MAC address of the client computer, and the User Name and Password are the administrator credentials for the Open Directory server. If you have a configuration file that contains the Computer Name and Local Hostname settings for your image, select "Apply Computer Name and Local Hostname settings from a file" and enter the path to the file (or click Select File and browse to the file). If you are creating an image for multiple computers, select "Generate unique Computer Names starting with" and enter the name in the field below. This gives each computer with a deployed image a unique name on your network. If you want the image to transfer the computer preferences of the computer you are creating the image from, select "Change ByHost preferences to match client after install." Configuring the Create Image Action Use this action to produce a disk image that can be served from a NetBoot server. You must place this action at the end of all image creation workflows. This action is valid when creating NetBoot and NetInstall images. To configure the Create Image workflow action: 1 From your System Image Utility workflow, select the Create Image action in the Automator Library and drag it to the end of your workflow. 2 Choose where to save the image from the "In" pop-up menu. 3 Enter the name of the image file in the Named field. This name identifies the image file stored on the computer. 4 In the Volume Name field, enter a name for your image. This name identifies the image in the Startup Disk preferences pane on client computers. 5 (Optional) In the Description field, enter notes or other information to help you characterize the image. Clients can't see the description information. Chapter 2 Creating NetBoot and NetInstall Images 35 6 In the Index field, enter an Image ID:  To create an image that is unique to this server, choose an ID in the range 1­4095.  To create one of several identical images to be stored on different servers for load balancing, use an ID in the range 4096­65535. Multiple images of the same type with the same ID in this range are listed as a single image in a client's Startup Disk preferences pane. Configuring the Enable Automated Installation Action Use this action to set the options for automated (unattended) client installations. This action is only valid when creating NetInstall images. To configure the Enable Automated Installation workflow action: 1 From your System Image Utility workflow, select the Enable Automated Installation action in the Automator Library and drag it into position in your workflow. 2 Determine how you want the target volume to be selected. This is the volume that the image will be installed on. The Selected by user option permits users to select which volume on their client computer to install the image on. The Named option permits you to set the volume without interaction from the user by entering the name of target volume. 3 To erase the target volume before the image is installed, select the Erase before installing checkbox. WARNING: Using the Erase option removes all data from the target volume. Back up all data before using this option. 4 From the Primary Language pop-up menu, choose the image language. Configuring the Filter Clients by MAC Address Action Use this action to restrict client access to NetBoot or NetInstall images. This action is valid when creating NetBoot and NetInstall images. To configure the Filter Clients by MAC Address workflow action: 1 From your System Image Utility workflow, select the Filter Clients by MAC Address action in the Automator Library and drag it into position in your workflow. 2 Add MAC addresses to the list. To manually enter MAC addresses, click the Add (+) button or click Import and browse to a .txt or .rtf file that has a tab-delimited list of MAC addresses. 36 Chapter 2 Creating NetBoot and NetInstall Images To remove MAC addresses from the list, select the item to remove and click the Delete (­) button. 3 To restrict image access, choose Allow or Deny for each MAC address. Configuring the Filter Computer Models Action Use this action to limit the computer models that a Mac OS X image can be installed on. Only selected computer models have access to the image. This action is only valid when creating NetInstall images. To configure the Filter Computer Model workflow action: 1 From your System Image Utility workflow, select the Filter Computer Model action in the Automator Library and drag it into position in your workflow. 2 In the list, select the computer models you want to permit the image to install on. All other computer models will not have access to the image. Use the filter field in the upper right to narrow the list of computer models. Configuring the Partition Disk Action Use this action to configure the image to partition the destination drive before installing software. Partitioning a disk divides it into sections called volumes. This action is only valid when creating NetInstall images. To configure the Partition Disk workflow action: 1 From your System Image Utility workflow, select the Partition Disk action in the Automator Library and drag it into position in your workflow. 2 Define the number of partitions by choosing from the partition pop-up menu or by using the Split and Delete buttons to add or remove partitions. 3 Set the target disk to partition by selecting "Partition disk containing the volume" and entering the name of the volume. This partitions the disk containing the volume you specify. 4 To notify the user before the disk is partitioned, select "Display confirmation dialog before erase." WARNING: Partitioning a disk removes all data. Back up all data before using this action. 5 In the Name field enter a name for the new volume (partition). 6 From the "Format" pop-up menu, select the volume format. Chapter 2 Creating NetBoot and NetInstall Images 37 7 Set the size of the volume by choosing one of the following. Choose "Percentage of available disk" from the Size pop-up menu and enter a percentage. Select Minimum and enter the smallest size in GB for the volume (minimum size is only available if using percentage). Choose "Absolute size" from the Size pop-up menu and enter the size in GB. 8 To prevent the information from being updated when the disk is partitioned, select "Locked for editing." Assembling Workflows To assemble a workflow from a set of actions, drag and drop the actions from the Automator Library into the sequence where you want them to run. Each action in the workflow corresponds to a step you must perform manually. Each action has options and settings you can configure. System Image Utility connects these action components with the types of data that are flowing from one action to another. You can save your assembled workflows to reuse later. Adding Existing Workflows You can update or modify workflows by adding them to the System Image Utility. To add existing workflows to System Image Utility: 1 Open System Image Utility. 2 Click the Add (+) button and select the workflow you want to add to the System Image Utility. Workflows have the workflow file extension. 3 Click Open. Adding Existing Workflows You can update or modify workflows by adding them to the System Image Utility. To add existing workflows to System Image Utility: 1 Open System Image Utility. 2 Click the Add (+) button, and select the workflow that you want to add to the System Image Utility. Workflows have the workflow file extension. 3 Click Open. 38 Chapter 2 Creating NetBoot and NetInstall Images Removing Workflows You can remove workflows from the System Image Utility. To remove a workflow from System Image Utility: 1 Log in as an administrator user and open System Image Utility. 2 In the left sidebar click the triangle next to Workflows. The list of workflows appears. 3 Select the workflow you want to remove and click File > Remove Workflow. The workflow is removed from the System Image Utility but is not deleted from your computer. Assembling an Image Workflow Use System Image Utility workflows to create Mac OS X NetBoot and NetInstall images. Workflows let you manually define the contents of your image in System Image Utility. An image workflow must start with the Define Image Source action and end with the Create Image action. Also, all actions in a workflow must be connected. If the actions are not connected the workflow is invalid and the actions are not processed. To assemble an image workflow: 1 Log in as an administrator user. 2 Open System Image Utility (in the /Applications/Server/ folder). 3 In the image source list, click the triangle to the left of Sources. The list of sources appears. 4 From the expanded list, select the image source. When you select the source, this action chooses a default image type based on the contents of the selected source. 5 Choose which type of image you are creating (NetInstall or NetBoot image). 6 Click Customize for advanced image creation options. This opens the workflow pane and the Automator Library. The Define Image Source action is present as the first component in the workflow. 7 Configure the Define Image Source action for your image. This action is required at the beginning of all image workflows. See "Configuring the Define Image Source Action" on page 33. Chapter 2 Creating NetBoot and NetInstall Images 39 8 From the Automator Library, choose additional actions that your customized image requires and drag them into the Workflow pane. Assemble the actions in the order you like, configuring each action as you go. For more information on configuring the actions, see "Workflow Components" on page 32. 9 Drag the Create Image action to the end of your worklflow. This action is required at the end of image workflows. See "Configuring the Create Image Action" on page 35. 10 Save the workflow by clicking Save. Enter the name of your workflow in the Save As field and choose where to save the workflow. To save the workflow somewhere else, choose a location from the Where pop-up menu or click the triangle next to the Save As field and navigate to a folder. 11 Click Save. 12 To start the workflow, click Run and authenticate if prompted. Important: Do not attempt to edit content in the image destination folder while the image is being created. From the Command Line You can also use the automator tool in Terminal to run workflows. For example, to run a workflow with somevariable set to somevalue in myworkflow.workflow file, use the following: $ automator -D somevariable=somevalue myworkflow.workflow To create or edit a workflow, use System Image Utility. For more information, see the automator man pages. Adding Software to NetBoot and NetInstall Images There are two basic approaches to including software in an image:  Add applications and files to a system before creating an image using that system as the source. For more information, see "Creating an Image from a Configured Computer" on page 30.  Add packages containing the applications and files to an image as it is created. This is done using an image workflow in System Image Utility that has the Customize Package Selection action component. For more information, see "Configuring the Customize Package Selection Action" on page 32. 40 Chapter 2 Creating NetBoot and NetInstall Images About Packages To add application software or other files at image creation (instead of installing applications or files on the image source volume before you create the image), you must group the applications or files in a special file known as a package. A package is a collection of compressed files and related information used to install software onto a computer. The contents of a package are contained in a single file, which has the .pkg extension. Creating Packages To add applications or other files to an image (instead of installing them first on the image source volume before creating the image), use PackageMaker to create packages containing the application or files. PackageMaker is in the Utilities folder on the Mac OS X Server Administration Tools CD that comes with Mac OS X Server. For more information about creating packages, open PackageMaker and choose PackageMaker Help, PackageMaker Release Notes, or Package Format Notes from the Help menu. After creating packages, add them to your NetBoot or NetInstall image using System Image Utility workflows. From the Command Line You can also run the packagemaker tool from the command-line in Terminal on a computer with developer tools installed. You can access it from /Developer/usr/bin/ packagemaker. For more information, see the packagemaker man pages. Viewing the Contents of a Package To view the contents of a package, open a Finder window, hold down the Control key as you click the package, and choose Show Package Contents from the menu that appears. You use PackageMaker (included on the Mac OS X Server Administration Tools CD) to create application software packages to use with NetInstall images. From the Command Line You can also list the contents of a package using commands in Terminal. For more information, see the system image chapter of Command-Line Administration. Chapter 2 Creating NetBoot and NetInstall Images 41 42 Chapter 2 Creating NetBoot and NetInstall Images 3 Setting Up NetBoot Service 3 This chapter describes how to set up NetBoot service to make boot and installation images available to clients. Use Server Admin to configure the NetBoot service in conjunction with System Image Utility to create and edit images. Setup Overview Here is an overview of the basic steps for setting up NetBoot service. Step 1: Evaluate and update your network, servers, and client computers as necessary The number of client computers you can support using NetBoot is determined by the number of servers you have, how they're configured, hard disk storage capacity, and other factors. See "Capacity Planning" on page 46. Depending on the results of this evaluation, you might want to add servers or hard disks, add Ethernet ports to your server, or make other changes to your servers. You might also want to set up more subnets for BootP clients, depending on the number of clients you support. You might also want to implement subnets on this server (or other servers) to take advantage of NetBoot filtering. To provide authentication and personalized work environments for NetBoot client users by using Workgroup Manager, set up workgroups and import users from the Mac OS X Server Users & Groups database before you create disk images. Make sure you have at least one administrator user assigned to the Workgroup Manager for Mac OS X client. Step 2: Create disk images for client computers You can set up Mac OS X disk images for client computers to start from. To create Mac OS X disk images, you use System Image Utility. See "Creating Images" on page 27. You might also want to restrict access to NetBoot images by using Model Filtering. See "Creating NetBoot Images" on page 27. 43 To create application packages that you can add to an image, use PackageMaker. Application software packages can be installed by themselves or with Mac OS X system software. See "Creating Packages" on page 41. Step 3: Set up DHCP NetBoot requires that you have a DHCP server running on the local server or on another server on the network. Make sure you have a range of IP addresses sufficient to accommodate the number of clients that will use NetBoot at the same time. For more information about configuring DHCP, see Network Services Administration. If your NetBoot server also supplies DHCP service, you might get better performance if you configure your server as a gateway. That is, configure your subnets to use the server's IP address as the router IP address. Step 4: Configure and turn on NetBoot service You use the NetBoot settings in Server Admin to configure NetBoot on your server. See "Setting Up NetBoot Service" on page 43 You turn on NetBoot service using Server Admin. See "Starting NetBoot and Related Services" on page 50 and "Enabling Images" on page 51. Step 5: (Optional) Set up Ethernet address filtering NetBoot filtering is performed based on the client computer hardware address. Each client's hardware address is registered when the client selects a NetBoot or NetInstall volume from the startup disk. You can permit or deny specific clients by address. See "Restricting NetBoot Clients by Filtering Addresses" on page 55. Step 6: Test your NetBoot setup Because there is a risk of data loss or bringing down the network (by misconfiguring DHCP), you should test your NetBoot setup before implementing it. Test each Macintosh model you support to verify that there are no problems booting into the image on a particular hardware type. Step 7: Set up client computers to use NetBoot When you're satisfied that NetBoot is working on all types of client computers, set up the client computers to start from the NetBoot disk images. You can use the client computer's Startup Disk System Preference pane to select a startup disk image from the server and then restart the computer. See "Selecting a NetBoot Boot Image" on page 57. You can also restart the client computer and hold down the N key until the NetBoot icon starts flashing on the screen. The client starts from the default image on the NetBoot server. See "Starting Up Using the N Key" on page 58. 44 Chapter 3 Setting Up NetBoot Service Before Setting Up NetBoot Service Before you set up NetBoot service, review the following considerations and requirements. What You Must Know Before you set up NetBoot on your server, make yourself familiar with your network configuration, including the DHCP services it provides. Be sure you meet the following requirements:  You're the server administrator.  You're familiar with network setup.  You know the DHCP configuration. You might need to work with your networking staff to change network topologies, switches, routers, and other network settings. Client Computer Requirements All systems supported by Mac OS X v10.5 can use NetBoot to start from a Mac OS X disk image on a server. At the time of this publication, this includes the following Macintosh computers:  Any G4 or G5 PowerPC-based Macintosh computer  Any Intel-based Macintosh computer You must install the latest firmware updates on all client computers. Firmware updates are available from the Apple support website: www.apple.com/support/. Client Computer RAM Requirements Client computers using NetBoot to start from a boot image must have at least 512 MB of RAM. Client computers using Network Install must also have 512 MB of RAM. Software Updates for NetBoot System Disk Images You must use the latest system software when creating NetBoot disk images. New Macintosh computers require updates of system software, so if you have new Macintosh clients you'll need to update your NetBoot images. To update a Mac OS X disk image, you must recreate the image. New images can easily be recreated by running a saved image creation workflow. For more information, see "Creating Images" on page 27. Ethernet Support on Client Computers NetBoot is supported only over built-in Ethernet connections. Multiple Ethernet ports are not supported on client computers. Clients must have at least 100-Mbit Ethernet adapters. Chapter 3 Setting Up NetBoot Service 45 Network Hardware Requirements The type of network connections you must use depends on the number of clients you expect to boot over the network:  100-Mbit Ethernet (for booting fewer than 10 clients)  100-Mbit switched Ethernet (for booting 10­50 clients)  Gigabit Ethernet (for booting more than 50 clients) These are estimates for the number of clients supported. For more details of the optimal system and network configurations to support the number of clients you have, see "Capacity Planning" on page 46. Network Service Requirements Depending on the types of clients you want to boot or install, your NetBoot server must also provide the following supporting services. Service provided by NetBoot server DHCP NFS AFP HTTP TFTP For booting Mac OS X computers with hard disks Optional Required if no HTTP Not required Required if no NFS Required For booting Mac OS X computers without hard disks Optional Required if no HTTP Required Required if no NFS Required Note: DHCP service is listed as optional because although it is required for NetBoot it can be provided by a server other than the NetBoot server. Services marked required must be running on the NetBoot server. NetBoot and AirPort The use of AirPort wireless technology to boot clients using NetBoot is not supported by Apple and is discouraged. Capacity Planning The number of NetBoot client computers your server can support depends on how your server is configured, when your clients routinely start, the server's hard disk space, and a number of other factors. When planning for your server and network needs, consider these factors:  Ethernet speed: 100Base-T or faster connections are required for client computers and the server. As you add clients, you might need to increase the speed of your server's Ethernet connections. Ideally you want to take advantage of the Gigabit Ethernet capacity built in to your Mac OS X server hardware to connect to a Gigabit switch. From the switch, connect Gigabit Ethernet or 100-Mbit Ethernet to each NetBoot client. 46 Chapter 3 Setting Up NetBoot Service  Hard disk capacity and number of images: Boot and installation images occupy hard disk space on server volumes, depending on the size and configuration of the system image and the number of images being stored. Images can be distributed across multiple volumes or multiple servers. For more information, see "Performance and Load Balancing" on page 64.  Hard disk capacity and number of users: If you have a large number of diskless clients, consider adding a separate file server to your network to store temporary user documents. Because the system software for a disk image is written to a shadow image for each client booting from the disk image, you can get a rough estimate for the required hard disk capacity required by multiplying the size of the shadow image by the number of clients.  Number of Ethernet ports on the switch: Distributing NetBoot clients over multiple Ethernet ports on your switch offers a performance advantage. Each port must serve a distinct segment. Serial Number Considerations Before starting the NetBoot service, make sure you obtain a site license for the images you will serve. The license covers all NetBoot images served from a server. For every extra server, you must obtain a site license to provide NetBoot service. Contact Apple to obtain site licenses. If you plan on serving Network Install images for installing Mac OS X and Mac OS X Server, also make sure that you have a site license. If you plan on serving Network Install images for installing Mac OS X Server, you can use the Mac OS X Server Assistant to generate a setup file that you can add to the Network Install image so the server knows how to configure itself automatically. If you use a generic file, you'll need to enter the serial number manually using Server Admin. Chapter 3 Setting Up NetBoot Service 47 Turning NetBoot Service On Before you can configure NetBoot settings, you must turn NetBoot service on in Server Admin. To turn NetBoot service on: 1 Open Server Admin and connect to the server. 2 Click Settings. 3 Click Services. 4 Click the NetBoot checkbox. 5 Click Save. Setting Up NetBoot Service You set up NetBoot service by configuring the following four groups of settings on the Settings pane for NetBoot service in Server Admin.  General. Enable the NetBoot ports, select where images and client data resides, and set the number of AFP connections.  Images. Enable images and select the default image.  Filters. (Optional) Enable NetBoot and DHCP filtering to determine the hardware addresses of client computers you want to image.  Logging. Choose the level of detail that is recorded in the service log. The following sections describe the tasks for configuring these settings. A fifth section tells you how to start the NetBoot service after you configure it. From the Command Line You can also configure NetBoot service using the serveradmin and bootpd commands in Terminal. See the system image chapter of Command-Line Administration. Configuring General Settings You can use the General settings to enable NetBoot service on at least one port and select where image and client data resides. To configure NetBoot General settings: 1 Open Server Admin and connect to the server. 2 Click the triangle to the left of the server. The list of services appears. 3 From the expanded Servers list, select NetBoot. 4 Click Settings, then click General. 5 In the Enable column, click the checkbox next to the network ports you want to use for serving images. 48 Chapter 3 Setting Up NetBoot Service 6 In the Images column, click the checkbox to choose where to store images. 7 In the Client Data column, click the checkbox for each local disk volume where you want to store shadow files used by Mac OS X diskless clients. 8 Click Save. Configuring Images Settings You can use the Images settings to enable images and select the default image. To configure NetBoot Images settings: 1 Open Server Admin and connect to the server. 2 Click the triangle to the left of the server. The list of services appears. 3 From the expanded Servers list, select NetBoot. 4 Click Settings, then click Images. 5 Enable the images you want your clients to use, specify if they are available for diskless clients, and choose the protocol for delivering them. If you're not sure which protocol to use, choose NFS. 6 In the Default column, click the checkbox to select the default image. You must select separate default images for Intel-based and PowerPC-based Macintosh clients. 7 Click Save. Configuring Filters Settings To restrict client computers, you can set up filters that allow or deny access to the NetBoot service depending on the computer's MAC address. You can enter a MAC address as canonical or noncanonical in the filter list. The canonical form of a MAC address contains leading zeros and lowercase hex digits separated by a ". " For Example, 01:a1:0c:32:00:b0 is the canonical form of a MAC . address and 1:a1:c:32:0:b0 is the noncanonical form of the same MAC address. To configure NetBoot Filters settings: 1 Open Server Admin and connect to the server. 2 Click the triangle to the left of the server. The list of services appears. 3 From the expanded Servers list, select NetBoot. 4 Click Settings, then click Filters. 5 Select "Enable NetBoot/DHCP filtering." Chapter 3 Setting Up NetBoot Service 49 6 Select "Allow only clients listed below (deny others)" or "Deny only clients listed below (allow others)." 7 Use the Add (+) button to enter the canonical or noncanonical form of a hardware address to the filter list, or use the Delete (­) button to remove a MAC address from the filter list. To look up a MAC address, enter the client's DNS name or IP address in the Host Name field and click Search. To find the hardware address for a computer using Mac OS X, look on the TCP/IP pane of the computer's Network preference or run Apple System Profiler. 8 Click OK. 9 Click Save. Note: You can also restrict access to a NetBoot image by selecting the name of the image in the Images pane of the NetBoot service settings in Server Admin, clicking the Edit (/) button, and providing the required information. Configuring Logging Settings You can use the Logging settings to choose the level of detail that is recorded in the service log. To configure NetBoot Logging settings: 1 Open Server Admin and connect to the server. 2 Click the triangle to the left of the server. The list of services appears. 3 From the expanded Servers list, select NetBoot. 4 Click Settings, then click Logging. 5 From the pop-up menu, choose the log detail level (Low, Medium, or High). 6 Click Save. Starting NetBoot and Related Services NetBoot service uses AFP, NFS, DHCP, Web, and TFTP services, depending on the types of clients you're trying to boot (see "Network Service Requirements" on page 46). You can use Server Admin to start AFP, DHCP, Web, and NetBoot services. NFS and TFTP services start automatically. To start NetBoot service: 1 Open Server Admin and connect to the server. 2 Click the triangle to the left of the server. The list of services appears. 50 Chapter 3 Setting Up NetBoot Service