NetBoot

NetBoot is deprecated and has been completely abandoned by Apple.

Macs no longer have the ability to boot off of the network since the introduction of the T2 Security Chip (and Apple Silicon).

Macs can still boot off of Internet Recovery mode if their local recovery partition doesn't exist, but this is 100% controlled by Apple and cannot be used to boot off of a local server.

The Legacy Documentation on this page is no longer relevant but might be interesting for those working with retro Macs.

Legacy Documentation

NetBoot is a service from Apple that allows Macs to boot from a network rather than a local hard drive. It is based on work from the Bootstrap Protocol (BOOTP) and works very similarily the Preboot Execution Environment (PXE). It was originally introduced with the first version of Mac OS X Server in 1999.

How We Use It

NetBoot is used to boot a machine from the network the same way we use PXE boot to diagnose/image PCs off of Asimov. NetBooting requires two key components: a NetBoot image (referred to as a "NetBoot Set") and a NetBoot server to provide access to the NetBoot image from the local network.

Apple created NetBoot to either deploy images (NetInstall) or have a group of Macs booted off of the network all running the same image (similar to our Nettop labs). We use it to temporarily boot a stripped down version of Mac OS X with our basic utilities (namely DeployStudio) to either diagnose or image a Mac.

NetBoot images are usually prepared on a Mac and then packed using System Image Utility. Instead, DeployStudio has a built in application (DeployStudio Assistant) to create a stripped down image with its utilities installed. With this "DeployStudio" NetBoot image, we can network boot a group of Macs to an image that is running our latest image/diagnostic utilities and run DeployStudio Runtime to deploy images setup on the DeployStudio Server (The NetBoot server is not always the same machine as the DeployStudio server).

How To NetBoot a Mac

NetBooting a Mac can be done by holding the N key during startup. When a globe icon appears, the key can be let go and the machine will search for available NetBoot servers. If one is found, it will boot off of the default NetBoot image set on the server.

If a Mac is protected with a firmware password, the machine can not NetBoot using the N key (this also applies to any other startup shortcuts such as Start from CD (C) or Boot to Restore (R or CMD-R)). Instead, hold down the ALT key to access all available boot options. If the firmware password is set on the machine, it will prompt you to input it. If the Mac is new enough, all NetBoot images made available to the machine will appear here after a few seconds.

If the Mac is firmware locked and too old to have the NetBoot images appear on the startup selection, the only way to boot off the network is to either remove the firmware password or manually specify the network as the default startup option under System Preferences -> Startup Disk (can be done on the installed OS on the machine (if any) or off of external media (install disc.etc)).

Managing NetBoot Sets

A NetBoot server used to require a Mac running Mac OS X Server. Now, Mac OS X "Server" isn't a separate operating system but is instead a Mac running the client version of Mac OS X and the $20 Server.app purchased from the App store. On Mac OS X 10.7+ Server, the NetBoot service is referred to as "NetInstall".

The NetBoot server interface has been simplified ever since Server.app was introduced. The service can be started or stopped using the on/off switch in the upper right corner of the pane.

You can further configure the service under Access. The two most important options under this section will be the ability to only provide NetBoot coverage on specific network interfaces (helpful if you have a server with multiple network interfaces on different networks and you only want to be providing NetBoot to one) and the ability to restrict NetBoot access (allows you to have a global whitelist of MAC addresses).

NetBoot Images (or "Sets") will be listed under Images (any NetBoot set under /Library/NetBoot/NetBootSP0 will appear here). All images that are enabled will show up as bootable options under the "Startup Disk" pane of all clients on the network (or by holding ALT on bootup), the "Default" NetBoot set will be the one selected by default if a user tries to NetBoot by just holding the N key on startup.

By double clicking a NetBoot set, you can view more advanced options for each set. If you want to change the Unique Identifier for the NetBoot set or restrict it to specific Mac models/MAC addresses (if you have a Nettop-esque setup) then you can do so here.

Edit Storage Settings at the bottom of the page can be used to change the repository where the NetBoot sets and client data is stored. Generally the default for this is fine for most uses.

How NetBoot works

How NetBoot Works -- An In-depth Analysis of BSDP and bootpd