Mac OS X Support Approach
This information (so far) pertains only to a Mac workstation. It is a work in progress, driven by discussions of those CSCF staff who do Mac support. Our first discussion was held 2013-10-04. We got bogged down in debates about when to (not) image vs when to install just applications/configuration on an existing system.OS Installation
For a new personal workstation, we generally rely upon the OS that it comes installed with. For OS updates, or when a new machine doesn't have a current, or desired (e.g. for labs) OS on it, we create a desired OS image, and install that. How do we determine whether we should always image ? The imaging approach is used especially when we buy in large blocks. Why do we buy admin staff Macs one at a time, rather than in bulk? Images may provide a more efficient way of setting preferences. Why aren't we always imaging Macs in the way we do for Windows ? Cost factors:- OS differences across clients
- setting preferences multiple times
- installing common apps multiple times
- OS downgrade
- image compatibility
- more time available for a single image than potentially multiple versions
- easier to add extra apps
OS Versions
We prefer to have the same release everywhere. This is especially true for the labs, and the ISG machines. However that may not always be practical? The Mac OS Version Notes page describes lots of versions.DNS/DHCP
DHCP is used to configure the usual parameters for each workstation. We're still setting such network parameters in the image as well, which would seem to introduce an unnecessary subnet dependence.Applications to Install
Common to both approaches of OS installation, are selecting and installing specific applications. What's installed depends upon the intended use of a workstation. It is documented here: TBD Perhaps in RoleRoleName, e.g. RoleGradStudent, RoleISGISC, RoleReceptionist, RoleISGManager, RoleDirectorsAssistant, RoleAdministrativeOfficer, ... ?Packaging
For some software, especially licensed Adobe products, we make our own Mac OS packages, using JAMF Composer. This avoids various manual installation steps that would otherwise be required for each instance of an installation. Composer is licensed software; we have 2 licenses (as of 2013-10).Common
Role Specific
- teaching labs
- ISC/ISA's
- admin staff
- Acrobat Pro
- Office
- course masters
- grads
- researchers
- loaner/surplus
Setting Preferences
- printer preferences
- disable natural scrolling
- display properties
Creating a Golden Image
Each audience has difference application/preferences/config needs. Some of these can be automated. We have these audiences:- teaching labs
- ISC/ISA's
- admin staff
- course masters
- grads
- researchers
- loaner/surplus
- recent Mac Mini
- iMac (they're all compatible now)
- laptops (we conjecture that they're all compatible)
Golden Image Servers
Where do we store the images ?Methods for Deploying a Golden Image
ASR (Apple Software Restore)
This can be used manually, from the workstation console. It is present on all machines (typically /usr/sbin/asr). It is used by Deploy Studio (at least). ASR copies a disk image to the local disk, from one of a:- local disk
- remote HTTP(s) server
- remote multicast (via an "asr://" URL)
Deploy Studio (preferred method)
Deploy Studio:- creates a "NetBoot Image" (NBI), which is a small kernel used for installing new images
- somehow it installs an NBI on the client (how?)
- causes the client to reboot using the NBI
- causes the client to invoke ASR to replace the current image, and then reboot
- it is unclear what Deploy Studio uses to control the client machine
Disk Utility
The graphical "Disk Utility.app" (as opposed to thg `diskutil` command), can "restore" a disk partition or disk image. It can do this via directly connecting the imaged and imaging machines. And it claims to be able to do it from a WWW server. * Does it use ASR ?An External Drive
This is a specific case of using Disk Utility, with a drive rather than an entire being the source.Carbon Copy Cloner
This looks to be a functional subset of Disk Utility. It too does disk to disk copies. We have an older copy, prior to it requiring a purchase. It's possible that it copies files, rather than blocks, and thus is slower than Disk Utility.Post Flight Installation
We have some things to change on each machine after it has a running OS.User Accounts
AD Bind
This is done via ARD to run a script that is stored on Empire in /USERS/cscf-adm/Documentation/scripts/imacscript to either unbind or bind a machine to the AD.Local Accounts
We install common admin accounts, although for historical reasons we're using "cscfadm" instead of ("cscf-adm", "cscf-op"). "cscf-adm" can become administrator, "cscf-op" can't.Administrative Access
Security Updates
Backups
Time Machine
Legato
Preferences
Local
Managed
Ongoing Maintenance
Security Updates
Application Updates
Application Additions
Siting
Physical Security
Surplus
Existing Mac Documentation
A recent survey found these pages with "Mac" in their name:| 5 | AdvancedMacConfigurationTopics |
| 16 | MacTaskGroup |
Topic revision: r4 - 2016-05-11 - DevonMerner
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback