View
3
Download
0
Category
Preview:
Citation preview
MANAGING MACS IN THE ENTERPRISEWalter Meyer
SUNY Purchase College
What is “Client Management”?
Software Updates and Installations•Update Apple Software (Mac OS 10.6.7, iTunes, Safari, etc.)•Update and Install Third-Party Software (Firefox, Adobe CS5, Microsoft Office, etc.)
Preference Management•Security Settings (Disable Airport, DVD/USB Access, Restrict Logins)•Application Preferences (iTunes, Microsoft Office, Safari Homepage, etc.)•System Preferences (Screensaver Timeout, Energy Settings, etc.)
Image Creation and Deployment•Automated/Scripted Image Creation•Network-based Image Deployment (Netboot, Multicast)•Other Initial Deployment Settings (Directory Service Binding, EFI Password)
Image Creation: What were we doing?
Manual Image Creation Process•Install Mac OS X on a Reference System•Install Applications•Configure System Preferences•Clean up junk from system (log files, caches, ssh keys, etc.)•Clone the Reference System
Problems•Time-Consuming (Manual Installs and Configuration)•Process is Error Prone (Technician Forgets Something)•Partially Hardware Dependent (Network Hardware)
Image Creation: What did we change?
New Requirements•Automated Image Build Process (Scripted)•“Clean”, Never-Booted System Images
New Solution•InstaDMG
•InstaDMG is a collection of scripts that allow for the automatic and “progmatic” creation of Mac OS X system images.
Features:•Free & Open Source•Leverages existing Apple technologies: Apple Installer & Sparse Disk Images•Written in Bash and Python•Actively used in enterprise and educational institutions•Actively developed•Active user and developer mailing list for support
What is InstaDMG?
Download @
http://code.google.com/p/instadmg/
What is InstaDMG?
1. Installs Base OS 2. Installs Updates 3. Installs Applications Sparse Disk Image
The Automated InstaDMG Workflow:
What is InstaDMG?
•InstaDMG is run from the command-line•When you want to build an image, you execute a simple command
sudo ./instaUp2Date.py -p faculty-staff-image.catalog
Run as root user Execute Python script Process A Catalog File
What is InstaDMG?
•InstaDMG is controlled using Catalog files that you create•Catalog files reference updates and/or other installers that are used to build your image
sudo ./instaUp2Date.py -p faculty-staff-image.catalog
What is InstaDMG?
•checksum.py is the InstaDMG tool you use to create your Catalog files.
./checksum.py vlc-1.1.10.dmg
Execute Python script A DMG/Installer
What is InstaDMG?
Enough talk, let’s try it!
Image Deployment: What were we doing?
Local Imaging•Put Mac into Target Disk Mode and Clone over Firewire Connection•Manually Bind to Domain, set EFI password, etc.
Problems•Extremely Time-Consuming•No automation•Required lots of Firewire cables
Image Deployment: What did we change?
New Requirements•Automated Image Deployment Process (Image, Bind to Domain, Set EFI Password, etc.)•Network-based deployment process•Support for Unicast and Multicast deployments•Secure (Active Directory/LDAP Authentication Support)
New Solution•DeployStudio
•DeployStudio is a collection of applications that allow you to image and configure thousands of Mac workstations in a centralized and granular fashion.
Features•Free•Flexible (Supports custom scripting and package installers)•Leverages/uses Apple’s Netboot•Actively used in enterprise and educational institutions•Actively developed•Active user and developer mailing list for support
Download @
http://www.deploystudio.com/
What is DeployStudio?
How DeployStudio Works
Mac OS X Server
Mac OS X Client
1. Client Looks for Netboot Server
2. Server Returns Boot Image
3. Client Boots Into DeployStudio
Netboot Service DeployStudio Service
What is DeployStudio?
What is DeployStudio?
Demo time!
Apple Software Update•Users needed admin rights to install and update software•Users called Helpdesk (sometimes) to get software installed or updated
Problems•Security: No automated installations or updates•Workload: Helpdesk intervention required for software installations/updates•Users Dissatisfied: Couldn’t install or update software without inconvenience•Third-party software cannot be updated via ASUS
Software Updates and Installations: What were we doing?
Software Updates and Installations: What did we change?
New Requirements•Update and Install Apple Software•Update and Install Third-Party Software•No admin rights required•Automated checks and installations•Ability to be more granular with software installs and updates (production and testing groups)•Optional Software Installations
New Solution•Munki
•Munki is a set of tools that, used together with a webserver-based repository of packages and package metadata, can be used by OS X administrators to manage software installs (and in many cases removals) on OS X client machines. (Source: Munki Google Code Page)
Features•Free & Open Source•Repository can be hosted on any standards-based web server (Apache, IIS)•Written in Cocoa/Python•Actively used in enterprise and educational institutions•Actively developed•Active user and developer mailing list for support
Download @
http://code.google.com/p/munki/
What is Munki?
How Munki works
What is Munki?
Munki Web Repository
InstallersXML Configuration Files
Munki Clients
1. Client Runs Periodic Check
2. Server Returns XML Config
3. Client Uses XML to Determine Installs and HTTP Requests Packages
4. Server Returns Packages
How the Munki server works•The Munki server is simply a web server that serves installers and configuration files•Any standards-based web server can be used (Apache, IIS, etc.)•With Munki, the client is “smart”, the web server is “dumb”•The Munki clients parse XML configuration files on the server to determine what needs to be installed•Clients then download package installers from the server as needed
What is Munki?
How Munki works continued...•Munki clients are set to check for new updates/installs hourly•Users are prompted on a daily basis to install new updates•If a user is NOT logged in, then Munki will install updates automatically•All of these default settings can be customized
What is Munki?
How Munki works continued...
What is Munki?
1. The client checks for updates...
2. If Updates are Found...
3. The client is prompted for installation.
What is Munki?
Let’s try it!
Local Preference Management•Set Preferences Manually Pre-Image Deployment•Set Preferences Using Apple Remote Desktop
Problems•Changes are Time-Consuming•Not Very Flexible (Settings Embedded in Image)•Changes Require Scripting or Manual Configuration•Computers Had to be ON to Get Changes•Disorganized (Technician Has to Document Settings)
Preference Management: What were we doing?
New Requirements•Centralized Preference Distribution•Ability to Apply Preferences in a Granular Fashion (Labs, Art Department, Staff, etc.)•Client Machines Pull Down Preferences Automatically
Preference Management: What did we change?
New Solution•MCX (Managed Client for Mac OS X)
•MCX: Managed Client for Mac OS X•Akin to Group Policy on Windows•Clients Get MCX (Managed Preferences) from a Directory Service•Any Standards-Based LDAP Server Can Be Used•Open Directory, Active Directory, OpenLDAP, or Local Directory•Can Used in Conjunction With Another Authentication Service (AD, Kerberos, etc.)
What is MCX?
•You Can Apply Managed Preferences to Your Macs in a Variety of Ways...
Mac OS X Clients
Open Directory Server Active Directory Server
Authentication and Authorization
Authentication and AuthorizationMCX Preferences
The “Magic Triangle” Configuration
Linux Directory Server
What is MCX?How to Implement Managed Preferences
•You Can Modify Your Third-Party LDAP Schema to Support MCX•Remember: MCX Preferences Can be Served from ANY LDAP Server!
Mac OS X Clients
Active Directory Server
Extending the LDAP Schema
Linux Directory Server
Authentication and AuthorizationMCX Preferences
What is MCX?How to Implement Managed Preferences
•Each Mac OS X Client Has a Local Directory Service•This Local Directory Can be Used to Store MCX Preferences•The Resulting Plist Generated Can then Be Deployed to All Clients
MCX Preferences
What is MCX?How to Implement Managed Preferences
Mac OS X Clients
Local MCX
Your Admin Machine
Generate Plist File
•How-to Deploy Local MCX (Video) http://goo.gl/muefo•Local MCX How-Tos (Blog) http://goo.gl/2OX0F•Modifying the Active Directory Schema for MCX (Video) http://goo.gl/xsaiv•Modifying the Active Directory Schema for MCX (PDF) http://goo.gl/txbDJ
MCX (Preferences)
Resource Wrap-Up
InstaDMG (Image Creation)•http://code.google.com/p/instadmg/
Munki (Software Updates)•http://code.google.com/p/munki/
DeployStudio (Image Deployment)•http://www.deploystudio.com/
•Email Me! walter.meyer@purchase.edu•Slides: http://students.purchase.edu/walter.meyer/stc2011.mov
Recommended