Mac OS X Server

System Imaging & Software Update

Administration
Version 10.6 Snow Leopard
KKApple Inc.
© 2009 Apple Inc. All rights reserved.
The owner or authorized user of a valid copy of
Mac OS X Server software may reproduce this
publication for the purpose of learning to use such
software. No part of this publication may be reproduced
or transmitted for commercial purposes, such as selling
copies of this publication or for providing paid-for
support services.
Every effort has been made to ensure that the
information in this manual is accurate. Apple Inc., is not
responsible for printing or clerical errors.
Apple
1 Infinite Loop
Cupertino CA 95014
www.apple.com
The Apple logo is a trademark of Apple Inc., registered
in the U.S. and other countries. Use of the “keyboard”
Apple logo (Option–Shift–K) for commercial purposes
without the prior written consent of Apple may
constitute trademark infringement and unfair
competition in violation of federal and state laws.
Apple, the Apple logo, AppleShare, AppleTalk, Mac,
Macintosh, QuickTime, Xgrid, and Xserve are trademarks
of Apple Inc., registered in the U.S. and other countries.
Finder is a trademark of Apple Inc.
Adobe and PostScript are trademarks of Adobe Systems
Incorporated.
Intel, Intel Core, Xeon are trademarks of Intel Corp. in the
U.S. and other countries.
PowerPC™ and the PowerPC logo™ are trademarks
of International Business Machines Corporation, used
under license therefrom.
UNIX is a registered trademark of The Open Group.
Other company and product names mentioned herein
are trademarks of their respective companies. Mention
of third-party products is for informational purposes
only and constitutes neither an endorsement nor a
recommendation. Apple assumes no responsibility with
regard to the performance or use of these products.
019-1423/2009-08-01
 Contents

9 Preface:  About This Guide

9 What’s New in System Imaging and Software Update
10 What’s in This Guide
10 Using Onscreen Help
11 Documentation Map
12 Viewing PDF Guides Onscreen
12 Printing PDF Guides
13 Getting Documentation Updates
13 Getting Additional Information

Part I:  System Imaging Administration

16 Chapter 1:  Understanding System Imaging
17 Inside NetBoot Service
17 Disk Images
19 NetBoot Image Folder
20 Property List File
21 Boot Server Discovery Protocol (BSDP)
22 BootP Server
22 Boot Files
22 Trivial File Transfer Protocol (TFTP)
22 Using Images Stored on Other Servers
23 Security
23 NetInstall Images
24 Tools for Managing NetBoot Service
24 Server Admin
24 Workgroup Manager
25 System Image Utility
25 Command-Line Tools

 3
 26 Chapter 2:  Creating NetBoot and NetInstall Images
26 Using System Image Utility
26 Creating Images
27 Creating NetBoot Images
28 Creating NetInstall Images
29 Creating NetRestore Images
30 Creating an Image from a Configured Computer
32 Updating an Image
33 Understanding Workflows
33 Workflow Components
33 Configuring the Customize Package Selection Action
34 Configuring the Define Image Source Action
34 Configuring the Add Packages and Post-Install Scripts Action
35 Configuring the Add User Account Action
35 Configuring the Apply System Configuration Settings Action
36 Configuring the Create Image Action
37 Configuring the Enable Automated Installation Action
37 Configuring the Filter Clients by MAC Address Action
38 Configuring the Filter Computer Models Action
38 Configuring the Partition Disk Action
39 Assembling Workflows
39 Adding Existing Workflows
39 Removing Workflows
40 Assembling an Image Workflow
41 Adding Software to NetBoot and NetInstall Images
41 About Packages
42 Creating Packages
42 Viewing the Contents of a Package

43 Chapter 3:  Setting Up NetBoot Service

43 Setup Overview
45 Before Setting Up NetBoot Service
45 What You Must Know
45 Client Computer Requirements
46 Network Hardware Requirements
46 Network Service Requirements
46 Capacity Planning
47 Serial Number Considerations
47 Turning NetBoot Service On
48 Setting Up NetBoot Service
48 Configuring NetBoot General Settings
48 Configuring Images Settings
49 Configuring Filters Settings

4 Contents
 50 Configuring NetBoot Logging Settings
50 Enabling NetBoot 1.0 for Older NetBoot Clients
51 Starting NetBoot and Related Services
52 Managing Images
52 Enabling Images
52 Choosing Where Images Are Stored
54 Choosing Where Shadow Files Are Stored
56 Using Images Stored on Remote Servers
56 Specifying the Default Image
57 Setting an Image for Diskless Booting
58 Restricting NetBoot Clients by Filtering Addresses
59 Setting Up NetBoot Service Across Subnets

60 Chapter 4:  Setting Up Clients to Use NetBoot and NetInstall Images

60 Setting Up Diskless Clients
60 Selecting a NetBoot Boot Image
61 Imaging Multiple Clients Using the Multicast asr Command
62 Selecting a NetInstall Image
62 Starting Up Using the N Key
63 Changing How NetBoot Clients Allocate Shadow Files

64 Chapter 5:  Managing NetBoot Service

64 Controlling and Monitoring NetBoot
64 Turning Off NetBoot Service
65 Disabling a Boot or Installation Image
65 Viewing a List of NetBoot Clients
66 Viewing a List of NetBoot Connections
66 Checking the Status of NetBoot and Related Services
67 Viewing the NetBoot Service Log
67 Performance and Load Balancing
67 Load Balancing NetBoot Images
68 Distributing NetBoot Images Across Servers
68 Distributing NetBoot Images Across Server Disk Drives
69 Balancing NetBoot Image Access
70 Distributing Shadow Files

71 Chapter 6:  Solving System Imaging Problems

71 General Tips
71 If NetBoot Client Computers Won’t Start
72 If You Want to Change the Image Name
72 Changing the Name of an Uncompressed Image
72 Changing the Name of a Compressed Image

Contents 5
 Part II:  Software Update Administration
76 Chapter 7:  Understanding Software Update Administration
77 Inside the Software Update Process
77 Overview
77 Catalogs
77 Installation Packages
78 Staying Up-To-Date with the Apple Server
78 Limiting User Bandwidth
78 Revoked Files
79 Software Update Package Format
79 Log Files
79 Information That Is Collected
79 Tools for Managing Software Update
80 Server Admin
80 Workgroup Manager
80 Command-Line Tools

81 Chapter 8:  Setting Up Software Update

81 Setup Overview
82 Considerations and Requirements
82 What You Must Know
82 Client Computer Requirements
83 Network Hardware Requirements
83 Capacity Planning
84 Before Setting Up Software Update
84 Consider Which Software Update Packages to Offer
84 Software Update Storage
85 Organize Your Enterprise Client Computers
85 Turning Software Update On
85 Setting Up Software Update
86 Configuring Software Update General Settings
87 Configuring Updates Settings
87 Starting Software Update
88 Redirecting Software Update Server and Unmanaged Clients
88 Redirecting your Software Update Server
88 Pointing Unmanaged Clients to a Software Update Server

90 Chapter 9:  Managing Software Update

90 Manually Refreshing the Updates Catalog from the Apple Server
91 Checking the Status of Software Update
91 Stopping Software Update
91 Limiting User Bandwidth for Software Update

6 Contents
 92 Automatically Copying and Enabling Updates from Apple
92 Copying and Enabling Selected Updates from Apple
93 Removing Obsolete Software Updates
94 Identifying Individual Software Update Files

95 Chapter 10:  Solving Software Update Problems

95 General Tips
95 If a Client Computer Can’t Access the Software Update Server
95 If the Software Update Server Won’t Sync with the Apple Server
95 If Update Packages That the Software Update Server Lists Aren’t Visible to Client
Computers

96 Appendix:  Command-Line Parameters
96 NetBoot Service Settings
97 The Storage Record Array
97 The Filters Record Array
98 The Image Record Array
99 The Port Record Array

100 Index

Contents 7
 8
 About This Guide

Preface
This guide describes how to configure and use NetBoot and
NetInstall images within Mac OS X Server. It also describes
Software Update service, which you can set up using
Mac OS X Server.
Mac OS X Server version 10.6 includes NetBoot service supporting NetBoot and
NetInstall images and the improved System Image Utility—a stand-alone utility used
to create Install and Boot images used with NetBoot service.

Mac OS X Server v10.6 also includes Apple’s Software Update service. It is designed as a
source for Apple Software Updates managed on your network. With Software Update,
you can directly manage which Apple software updates users on your network can
access and apply to their computers.

What’s New in System Imaging and Software Update

NetBoot service, System Image Utility, and Software Update offer major enhancements
in several key areas:
ÂÂ NetRestore Image:  System Image Utility allows you to create a NetRestore image
that you can use to restore a volume over the network.
ÂÂ Software Update storage:  The Software Update catalog and downloads can be
stored on another volume to free up space on the boot volume.

 9
 What’s in This Guide
This guide includes the following sections:
ÂÂ Part I:  System Imaging Administration. The chapters in this part of the guide
introduce you to system imaging and the applications and tools available for
administering System Image Utility.
ÂÂ Part II:  Software Update Administration. The chapters in this part of the guide
introduce you to Software Update and the applications and tools available for
administering it.

Note:  Because Apple periodically releases new versions and updates to its software,
images shown in this book may be different from what you see on your screen.

Using Onscreen Help

You can get task instructions onscreen in Help Viewer while you’re managing
Mac OS X Server. You can view help on a server or on an administrator computer.
(An administrator computer is a Mac OS X computer with Mac OS X Server
administrator software installed on it.)

To get the most recent onscreen help for Mac OS X Server:

mm Open Server Admin or Workgroup Manager and then:
ÂÂ Use the Help menu to search for a task you want to perform.
ÂÂ Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse
and search the help topics.
The onscreen help contains instructions taken from Advanced Server Administration
and other administration guides.

To see the most recent server help topics:

mm Make sure the server or administrator computer is connected to the Internet while
you’re getting help.
Help Viewer automatically retrieves and caches the most recent server help topics
from the Internet. When not connected to the Internet, Help Viewer displays cached
help topics.

10 Preface    About This Guide

 Documentation Map
Mac OS X Server has a suite of guides that cover management of individual services.
Each service may depend on other services for maximum utility. The documentation
map below shows some related guides that you may need in order to fully configure
System Imaging and Software Update to your specifications. You can get these guides
in PDF format from the Mac OS X Server Resources website at www.apple.com/server/
macosx/resources/.

System Imaging and

Information
Technologies
Dictionary
Provides onscreen
definitions of server,
System Image Utility,
and software update
service terminology.
Introduction to
Command-Line
Administration
Explains how to use
UNIX shell commands to
configure and manage
servers and services.
Software Update Advanced Server
Administration Administration
Explains how to use Describes using Server Admin
System Image Utility, to install, configure, and
and describes advanced administer server software
options for setting up, and services. Includes best
configuring, and managing practices and advice for system
software update service. planning, security, backing up,
and monitoring.
System Image
Utility Help
Provides onscreen
instructions and
answers when you’re
using System Image
Utility to create
computer images.
Network Services
Administration
Explains how to set up
DHCP, NFS, AFP, HTTP, Server Admin Help
and TFTP for use with Provides onscreen
NetBoot service. instructions and answers
when you’re using Server
Admin to set up NetBoot
service and software
update service.

File Server
Administration
Explains how to share
server volumes or folders
among server clients
using the AFP, NFS, FTP,
and SMB protocols.

Preface    About This Guide 11

 Viewing PDF Guides Onscreen
While reading the PDF version of a guide onscreen:
ÂÂ Show bookmarks to see the guide’s outline, and click a bookmark to jump to the
corresponding section.
ÂÂ Search for a word or phrase to see a list of places where it appears in the document.
Click a listed place to see the page where it occurs.
ÂÂ Click a cross-reference to jump to the referenced section. Click a web link to visit the
website in your browser.

Printing PDF Guides

If you want to print a guide, you can take these steps to save paper and ink:
ÂÂ Save ink or toner by not printing the cover page.
ÂÂ Save color ink on a color printer by looking in the panes of the Print dialog for an
option to print in grays or black and white.
ÂÂ Reduce the bulk of the printed document and save paper by printing more than
one page per sheet of paper. In the Print dialog, change Scale to 115% (155%
for Getting Started). Then choose Layout from the untitled pop-up menu. If your
printer supports two-sided (duplex) printing, select one of the Two-Sided options.
Otherwise, choose 2 from the Pages per Sheet pop-up menu, and optionally choose
Single Hairline from the Border menu. (If you’re using Mac OS X v10.4 or earlier,
the Scale setting is in the Page Setup dialog and the Layout settings are in the
Print dialog.)

You may want to enlarge the printed pages even if you don’t print double sided,
because the PDF page size is smaller than standard printer paper. In the Print dialog
or Page Setup dialog, try changing Scale to 115% (155% for Getting Started, which has
CD-size pages).

12 Preface    About This Guide

 Getting Documentation Updates
Periodically, Apple posts revised help pages and new editions of guides. Some revised
help pages update the latest editions of the guides.
ÂÂ To view new onscreen help topics for a server application, make sure your server or
administrator computer is connected to the Internet and click “Latest help topics” or
“Staying current” in the main help page for the application.
ÂÂ To download the latest guides in PDF format, go to the Mac OS X Server Resources
website at www.apple.com/server/resources/.
ÂÂ An RSS feed listing the latest updates to Mac OS X Server documentation and
onscreen help is available. To view the feed use an RSS reader application such as
Safari or Mail and go to:
feed://helposx.apple.com/rss/snowleopard/serverdocupdates.xml

Getting Additional Information

For more information, consult these resources:
ÂÂ Read Me documents—get important updates and special information. Look for them
on the server discs.
ÂÂ Mac OS X Server website (www.apple.com/server/macosx/)—enter the gateway to
extensive product and technology information.
ÂÂ Mac OS X Server Support website (www.apple.com/support/macosxserver/)—access
hundreds of articles from Apple’s support organization.
ÂÂ Apple Discussions website (discussions.apple.com/)—share questions, knowledge,
and advice with other administrators.
ÂÂ Apple Mailing Lists website (www.lists.apple.com/)—subscribe to mailing lists so you
can communicate with other administrators using email.
ÂÂ Apple Training and Certification website (www.apple.com/training/)—hone
your server administration skills with instructor-led or self-paced training, and
differentiate yourself with certification.
ÂÂ Open Source website (developer.apple.com/darwin/)—Access to Darwin open source
code, developer information, and FAQs.

Preface    About This Guide 13

 14
 Part I:  System Imaging
Administration I
The chapters in this part of the guide introduce you to
system imaging and the applications and tools available for
administering System Image Utility.
Chapter 1 Understanding System Imaging
Chapter 2 Creating NetBoot and NetInstall Images
Chapter 3 Setting Up NetBoot Service
Chapter 4 Setting Up Clients to Use NetBoot and NetInstall Images
Chapter 5 Managing NetBoot Service
Chapter 6 Solving System Imaging Problems
 Understanding System Imaging
1
Use this chapter to learn the basics of how to start client
computers using an operating system stored on a server
and how to install software on client computers over the
network.
The NetBoot, NetInstall, and NetRestore features of Mac OS X Server offer you
alternatives for managing the operating system and application software that your
Macintosh clients (or even other servers) require to start and do their work.

Instead of going from computer to computer to install operating system and

application software from CDs, you can prepare an installation image that installs on
each computer when it starts up.

You can also choose to not install software and have client computers start (or boot)
from an image stored on the server. (In some cases, clients don’t even need their own
hard disk.)

Using NetBoot and NetInstall, your client computers can start from a standardized
Mac OS configuration suited to specific tasks. Because the client computers start from
the same image, you can quickly update the operating system for users by updating a
single boot image.

A boot image is a file that looks and acts like a mountable disk or volume. NetBoot
images contain the system software needed to act as a startup disk for client
computers over the network.

An installation image is an image that starts up the client computer long enough to
install software from the image. The client can then start up from its own hard disk.

Boot images (used with NetBoot) and installation images (used with NetInstall) are
different kinds of disk images. The main difference is that a .dmg file is a proper disk
image and a .nbi folder is a bootable network volume (which contains a .dmg disk
image file). Disk images are files that behave like disk volumes.

16
 You can set up multiple NetBoot or NetInstall images to suit the needs of different
groups of clients or you can provide copies of the same image on multiple NetBoot
servers to distribute the client startup load. You can also use a NetRestore image to
quickly restore a volume.

NetBoot service can be used with NetBoot and NetInstall images along with Mac OS X
client management services to provide a personalized work environment for each user.
For information about client management services, see User Management.

You can use the following Mac OS X Server applications to set up and manage
NetBoot, NetInstall, and NetRestore:
ÂÂ System Image Utility to create Mac OS X NetBoot, NetInstall, and NetRestore disk
images. This utility is installed with Mac OS X Server software in the /Applications/
Server/ folder.
ÂÂ Server Admin to enable and configure NetBoot service and supporting services. This
utility is installed with Mac OS X Server software in the /Applications/Server/ folder.
ÂÂ PackageMaker to create package files that you use to add software to disk images.
This utility is provided on the Mac OS X Server Administration Tools CD.
ÂÂ Property List Editor to edit property lists such as NBImageInfo.plist. This utility is
included on the Mac OS X Server Administration Tools CD.

Note:  To create an image, you must have valid Mac OS X v10.6 image sources
(either volumes or install DVDs). You cannot create an image of the startup disk
you are running on.

Inside NetBoot Service

This section describes how NetBoot service is implemented on Mac OS X Server,
including information about the protocols, files, folder structures, and configuration
details.

Disk Images
The disk images contain the system software and applications used over the network
by client computers. These tools can be installed on a client computer with the
Mac OS X Server Administration Tools CD. The name of a disk image file typically ends in
.img or .dmg. Disk Utility—part of Mac OS X—can mount disk image files as volumes
on the desktop.

You use System Image Utility to create Mac OS X NetBoot or NetInstall images, using
a Mac OS X installation disc or an existing system volume as the source. See “Creating
Images” on page 26.

Chapter 1    Understanding System Imaging 17

 NetBoot Share Points
NetBoot service sets up share points to make images and shadow files available to
clients. Shadow files are used for NetBoot clients that don’t use their local hard disks to
write out data when booted.

NetBoot service creates share points for storing NetBoot and NetInstall images in
/Library/NetBoot/ on each volume you enable and names them NetBootSPn, where
n is 0 for the first share point and increases by 1 for each extra share point.

For example, if you decide to store images on three server disks, NetBoot service sets
up three share points named NetBootSP0, NetBootSP1, and NetBootSP2.

The share points for client shadow files are also created in /Library/NetBoot/ and are
named NetBootClientsn, where n is the share point number.

You can create and enable NetBootSPn and NetBootClientsn share points on other
server volumes using the NetBoot Service General settings in Server Admin.

WARNING:  Don’t rename a NetBoot share point or the volume it resides on. Don’t
stop sharing a NetBoot share point unless you first deselect the share point for
images and shadow files in Server Admin.

Using NetBoot and NetInstall Images on Other Servers

You can also specify the path of a NetBoot image residing on a different NFS server.
When creating image files, you can specify which server the image will reside on.
See “Using Images Stored on Remote Servers” on page 56.

Client Information File

NetBoot service gathers information about a client the first time a client selects a
NetBoot or NetInstall volume to start from the Startup Disk. NetBoot service stores this
information in the /var/db/bsdpd_clients file.

Shadow Files
Many clients can read from the same NetBoot image, but when a client must write
back to its startup volume (such as print jobs and other temporary files), NetBoot
service redirects the written data to the client’s shadow files, which are separate from
regular system and application software.

Shadow files preserve the unique identity of each client while it is running from a
NetBoot image. NetBoot service transparently maintains changed user data in shadow
files while reading unchanged data from the shared system image. Shadow files are
recreated at startup, so changes made to a user’s startup volume are lost at restart.

18 Chapter 1    Understanding System Imaging

 For example, if a user saves a document to the startup volume, after a restart that
document is gone. This behavior preserves the condition of the environment the
administrator set up. Therefore users must have accounts on a file server on the
network to save documents.

Balancing the Shadow File Load

NetBoot service creates an AFP share point on each server volume you specify (see
“Choosing Where Shadow Files Are Stored” on page 54) and distributes client shadow
files across them as a way of balancing the load for NetBoot clients. There is no
performance gain if the volumes are partitions on the same disk. See “Distributing
Shadow Files” on page 70.

Allocation of Shadow Files for Mac OS X NetBoot Clients

When a client computer starts from a Mac OS X NetBoot image, it creates shadow files
on a server NetBootClientsn share point or, if no share point is available, on a drive
local to the client. For information about changing this behavior, see “Choosing Where
Shadow Files Are Stored” on page 54.

NetBoot Image Folder

When you create a Mac OS X NetBoot image with System Image Utility, the utility
creates a NetBoot image folder whose name ends with .nbi and stores in it the
NetBoot image with other files (see the following table) required to start a client
computer over the network.

File Description
booter Startup file that the firmware uses to begin the
startup process
mach.macosx UNIX kernel
mach.macosx.mkext Drivers
System.dmg Startup image file (can include application
software)
NBImageInfo.plist Property list file

System Image Utility stores the folder whose name ends with .nbi on the NetBoot
server in /Library/NetBoot/NetBootSPn/image.nbi (where n is the volume number and
image is the name of the image). You can save directly to this folder or you can create
the image elsewhere (even on another computer) and copy it to the /Library/NetBoot/
NetBootSPn folder later.

Chapter 1    Understanding System Imaging 19

 Files for PowerPC-based Macintosh computers are stored in the ppc folder for
Mac OS X Server v10.5 images, while previous images might storePowerPC files in the
root of the .nbi folder. Files for Intel-based Macintosh computers are stored in the i386
folder. Mac OS X Server v10.6 and later do not support imaging of PowerPC-based
computers.

You use System Image Utility to set up NetBoot image folders. The utility lets you:
ÂÂ Name the image
ÂÂ Choose the image type (NetBoot or NetInstall)
ÂÂ Provide an image ID
ÂÂ Choose the default language
ÂÂ Choose the computer models the image supports
ÂÂ Create unique sharing names
ÂÂ Specify a default user name and password
ÂÂ Enable automatic installation for installation images
ÂÂ Add package or preinstalled applications

For more information, see “Creating NetBoot Images” on page 27.

Property List File

The property list file NBImageInfo.plist stores image properties. The following table
gives more information about the property list file for Mac OS X image files.

Property Type Description

Architectures Array An array of strings of the
architectures the image
supports.
BootFile String Name of boot file: booter.
Index Integer 1–4095 indicates a local image
unique to the server.
4096–65535 is a duplicate,
identical image stored on
multiple servers for load
balancing.

20 Chapter 1    Understanding System Imaging

 Property Type Description
IsDefault Boolean True specifies this image file as
the default boot image on the
subnet.
IsEnabled Boolean Sets whether the image
is available to NetBoot (or
Network Image) clients.
IsInstall Boolean True specifies a Network Install
image; False specifies a NetBoot
image.
Name String Name of the image as it appears
in the Mac OS X Preferences
pane.
RootPath String Specifies the path to the disk
image on the server, or the path
to an image on another server.
See “Using Images Stored on
Other Servers” on page 22.
Type String NFS or HTTP.
SupportsDiskless Boolean True directs the NetBoot server
to allocate space for the shadow
files needed by diskless clients.
Description String Text describing the image.
Language String A code specifying the language
to be used while starting from
the image.

Initial values in NBImageInfo.plist are set by System Image Utility and you usually don’t
need to change the property list file directly. Some values are set by Server Admin. If
you must edit a property list file, you can use TextEdit or Property List Editor, found in
the Utilities folder on the Mac OS X Server Administration Tools CD.

Boot Server Discovery Protocol (BSDP)

NetBoot service uses an Apple-developed protocol based on DHCP known as Boot
Server Discovery Protocol (BSDP). This protocol provides a way of discovering NetBoot
servers on a network.

NetBoot clients obtain their IP information from a DHCP server and their NetBoot
information from BSDP. BSDP offers built-in support for load balancing. See
“Performance and Load Balancing” on page 67.

Chapter 1    Understanding System Imaging 21

 BootP Server
NetBoot service uses a BootP server (bootpd) to provide necessary information to
client computers when they try to start from an image on the server.

If BootP clients on your network request an IP address from the NetBoot BootP server,
this request fails because the NetBoot BootP server doesn’t have addresses to offer. To
prevent the NetBoot BootP server from responding to requests for IP addresses, use
the dscl command-line tool to open the local folder on the NetBoot server and add a
key named bootp_enabled with no value to the /config/dhcp/ folder.

Boot Files
When you create a Mac OS X NetBoot image with System Image Utility, the utility
generates the following boot files and stores them on the NetBoot server in /Library/
NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the
name of the image):
ÂÂ booter
ÂÂ mach.macosx
ÂÂ mach.macosx.mkext

Note:  If you turn on NetBoot service when installing Mac OS X Server, the installer
creates the NetBootSP0 share point on the server boot volume. Otherwise, you can set
up NetBootSPn share points by choosing where to store NetBoot images from the list
of volumes in the General pane of NetBoot Service settings in Server Admin.

Trivial File Transfer Protocol (TFTP)

NetBoot service uses Trivial File Transfer Protocol (TPTP) to send boot files from the
server to the client. When you start a NetBoot client, the client sends a request for
startup software. The NetBoot server then delivers the booter file to the client using
TFTP default port 69.

Client computers access the startup software on the NetBoot server from the location
where the image was saved.

These files are typically stored in the /private/tftpboot/NetBoot/NetBootSPn/ folder.

This path is a symbolic link to Library/NetBoot/NetBootSPn/image.nbi (where n is the
volume number and image is the name of the image).

Using Images Stored on Other Servers

You can store Mac OS X NetBoot or NetInstall images on NFS servers other than the
NetBoot server. For more information, see “Using Images Stored on Remote Servers” 
on page 56.

22 Chapter 1    Understanding System Imaging

 Security
You can restrict access to NetBoot service on a case-by-case basis by listing the
hardware addresses (also known as the Ethernet or MAC addresses) of computers that
you want to permit or deny access to.

The hardware address of a client computer is added to the NetBoot Filtering list
when the client starts up using NetBoot and is, by default, enabled to use NetBoot
service. You can specify other services. See “Restricting NetBoot Clients by Filtering
Addresses” on page 58.

NetInstall Images
A NetInstall image is an image that starts up the client computer long enough to
install software from the image. The client can then start up from its own hard disk.
In the same way that a NetBoot image replaces the role of a hard disk, a NetInstall
image is a replacement for an installation DVD.

Like a bootable CD, NetInstall is a convenient way to reinstall the operating system,
applications, or other software onto the local hard disk. For system administrators
deploying large numbers of computers with the same version of Mac OS X, NetInstall
can be very useful. NetInstall does not require the insertion of a CD into each NetBoot
client because startup and installation information is delivered over the network.

When you create a NetInstall image with System Image Utility, you can automate the
installation process by limiting interaction at the client computer.

Because an automatic network installation can be configured to erase the contents of

the local hard disk before installation, data loss can occur. You must control access to
this type of NetInstall image and must communicate the implications of using them
to those using these images. Before using automatic network installations, it is always
wise to inform users to back up critical data.

You can perform software installations through NetInstall using a collection of

packages or an entire disk image (depending on the source used to create the image).

For more information about preparing NetInstall images to install software over the
network, see “Creating NetInstall Images” on page 28.

Chapter 1    Understanding System Imaging 23

 Tools for Managing NetBoot Service
The Server Admin and System Image Utility applications provide a graphical interface
for managing NetBoot service in Mac OS X Server. In addition, you can manage
NetBoot service from the command line by using Terminal.

These applications are included with Mac OS X Server and can be installed on another
computer with Mac OS X v10.6 or later, making that computer an administrator
computer. For more information about setting up an administrator computer, see the
server administration chapter of Getting Started.

Server Admin
Server Admin provides access to tools you use to set up, manage, and monitor
NetBoot service and other services. You use Server Admin to:
ÂÂ Set up Mac OS X Server as a DHCP server and configure NetBoot service to use
NetBoot and NetInstall images. For instructions, see Chapter 3, “Setting Up NetBoot
Service.”
ÂÂ Manage and monitor NetBoot service. For instructions, see Chapter 5, “Managing
NetBoot Service.”

For more information about using Server Admin, see Advanced Server Administration.
This guide includes information about:
ÂÂ Opening and authenticating in Server Admin
ÂÂ Working with specific servers
ÂÂ Administering services
ÂÂ Using SSL for remote server administration
ÂÂ Customizing the Server Admin environment

Server Admin is installed in /Applications/Server/.

Workgroup Manager
The Workgroup Manager application provides comprehensive management of clients
of Mac OS X Server. For basic information about using Workgroup Manager, see User
Management. This includes:
ÂÂ Opening and authenticating in Workgroup Manager
ÂÂ Administering accounts
ÂÂ Customizing the Workgroup Manager environment

Workgroup Manager is installed in /Applications/Server/.

24 Chapter 1    Understanding System Imaging

 System Image Utility
System Image Utility is a tool you use to create and customize NetBoot, NetInstall, and
NetRestore images. With System Image Utility, you can:
ÂÂ Create NetBoot images that can be booted to the Finder.
ÂÂ Create NetInstall images from a DVD or existing Mac OS X partition.
ÂÂ Create NetRestore images form an existing volume.
ÂÂ Assemble a workflow that creates customized NetBoot and NetInstall images.

For instructions on using System Image Utility, see Chapter 2, “Creating NetBoot and
NetInstall Images.”

System Image Utility is installed in /Applications/Server/.

Command-Line Tools
A full range of command-line tools is available for administrators who prefer to
use command-driven server administration. For remote server management,
submit commands in a secure shell (SSH) session. You can enter commands on
Mac OS X servers and computers using the Terminal application, located in the
/Applications/Utilities/ folder.

Chapter 1    Understanding System Imaging 25

 Creating NetBoot and NetInstall
Images 2
Use this chapter to prepare NetBoot, NetInstall, and
NetRestore images used with NetBoot service or Apple
Software Restore.

You can set up multiple NetBoot or NetInstall images to suit the needs of different
groups of users or to provide copies of the same image on multiple servers to
distribute the client startup load. You can also set up NetRestore images to restore
Mac OS X volumes. Using NetBoot service, you can provide a personalized work
environment for each user.

Using System Image Utility

System Image Utility is a tool you use to create and customize NetBoot, NetInstall,
and NetRestore images.

With System Image Utility, you can:

ÂÂ Create NetBoot images that can be booted using Finder.
ÂÂ Create NetInstall images from a DVD or existing Mac OS X partition.
ÂÂ Create NetRestore images from an existing Mac OS X volume.
ÂÂ Assemble a workflow that creates customized NetBoot and NetInstall images.

Creating Images
To create system and software images to use with NetBoot service or the asr tool,
use System Image Utility.

Note:  To create an image, you must have valid Mac OS X v10.6 image sources (volumes
or installation DVDs). You cannot create an image of the startup disk you are running on.

26
 Creating NetBoot Images
You can create NetBoot images of Mac OS X that are then used to start client
computers over the network.

You can also assemble a workflow to create a NetBoot image that permits
advanced customization of your images. For more information, see “Understanding
Workflows” on page 33.

Note:  You must purchase a Mac OS X user license for each client that starts from a
NetBoot or NetInstall disk image.

To create a NetBoot image:

1 Log in as an administrator user.
2 Open System Image Utility (in the /Applications/Server/ folder).
3 In the left sidebar, select the image source.
If no image sources are listed, make sure you inserted a valid Mac OS X v10.6 or later
installation DVD or mounted a valid Mac OS X v10.6 or later boot volume.
Note:  To create an image, you must have valid Mac OS X v10.6 image sources (volumes
or installation DVDs). You cannot create an image of the startup disk you are running on.
4 Select NetBoot Image and click Continue.
5 In the Network Disk field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
6 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
7 If the image will be served from more than one server, select the checkbox below the
description field.
This option generates an index ID for NetBoot server load balancing.
8 If your source volume is a Mac OS X Installation DVD, enter a user name, short name,
and password (in the Password and Verify fields) for the administrator account in
Create Administrator Account.
You can log in to a booted client using this account.
9 Click Create.
10 In the Save As dialog, choose where to save the image.
If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.

Chapter 2    Creating NetBoot and NetInstall Images 27

 NetBoot service must be configured on a network port and Server Admin must be set
to serve images from a volume for this option to appear in the pop-up menu. For more
information, see “Setting Up NetBoot Service” on page 48.
To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.
11 Click Save and authenticate if prompted.

Important:  Do not attempt to edit content in the image destination folder while the
image is being created.

Creating NetInstall Images

Use System Image Utility to create a NetInstall image that you can use to install
software on client computers over the network. You can find this application in the
/Applications/Server/ folder.

To create a NetInstall image:

1 Log in as an administrator user.
2 Open System Image Utility (in the /Applications/Server/ folder).
3 In the left sidebar select the image source.
If no image sources are listed, make sure you inserted a valid Mac OS X v10.6 or later
installation DVD or mounted a valid Mac OS X v10.6 or later boot volume.
Note:  To create an image, you must have valid Mac OS X v10.6 image sources (volumes
or installation DVDs). You cannot create an image of the startup disk you are running on.
4 Select NetInstall Image and click Continue.
5 In the Network Disk field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
6 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
7 If the image will be served from more than one server, select the checkbox below the
description field.
This assigns an index ID to the image for NetBoot service load balancing.
8 Click Create.
9 In the Save As dialog, choose where to save the image.
If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.

28 Chapter 2    Creating NetBoot and NetInstall Images

 If you’re creating the image on the same server that will serve it, choose a volume from
the Serve from NetBoot share point on pop-up menu.
NetBoot service must be configured on a network port and Server Admin must be set
to serve images from a volume for this option to appear in the pop-up menu. For more
information, see “Setting Up NetBoot Service” on page 48.
To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.
10 Click Save and authenticate if prompted.
Important:  Do not attempt to edit content in the image destination folder while the
image is being created.

Creating NetRestore Images

If you have a client computer that’s already configured, you can use System Image
Utility to create a NetRestore image based on that client configuration.You can create
a NetRestore image of a Mac OS X volume that is used to restore client computers over
the network using NetBoot service or Apple Software Recovery asr. When you create a
NetRestore image you are creating a clone of a volume.

You can also use the asr tool to restore a system image onto a volume or to clone
volumes.

You must start up from a volume other than the one you’re using as the image source.
For example, you could start up from an external FireWire hard disk or a second
partition on the client computer hard disk. You can’t create the image on a volume
over the network.

You can also assemble a workflow to create a NetRestore image that permits
advanced customization of your images. For more information, see “Understanding
Workflows” on page 33.

To create a NetRestore image:

1 Log in as an administrator user.
2 Open System Image Utility (in the /Applications/Server/ folder).
3 In the left sidebar, select the image source.
If no image sources are listed, make sure you inserted a valid Mac OS X v10.6 or later
installation DVD or mounted a valid Mac OS X v10.6 or later boot volume.
Note:  To create an image, you must have valid Mac OS X v10.6 image sources (volumes
or installation DVDs). You cannot create an image of the startup disk you are running on.
4 Select NetRestore Image and click Continue.

Chapter 2    Creating NetBoot and NetInstall Images 29

 5 In the Network Disk field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client computers.
6 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
7 If the image will be served from more than one server, select the checkbox below the
description field.
This assigns an index ID to the image for NetBoot service load balancing.
8 Click Create.
9 In the Save As dialog, choose where to save the image.
If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.
If you’re creating the image on the same server that will serve it, choose a volume from
the Serve from NetBoot share point on pop-up menu.
NetBoot service must be configured on a network port and Server Admin must be set
to serve images from a volume for this option to appear in the pop-up menu. For more
information, see “Setting Up NetBoot Service” on page 48.
To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.
10 Click Save and authenticate if prompted.
Important:  Do not attempt to edit content in the image destination folder while the
image is being created.

From the Command Line:

When you use asr to restore a volume, the target disk is erased.
mm To clone a volume:
$ sudo asr -source /Volumes/Classic -target /Volumes/install
mm To restore a system image onto a volume:
$ sudo asr -source compressedimage -target <targetvol> -erase

Creating an Image from a Configured Computer

If a client computer is already configured, you can use System Image Utility to create a
NetBoot or NetInstall image based on that client configuration.

You must start up from a volume other than the one you’re using as the image source.
For example, you could start up from an external FireWire hard disk or a second
partition on the client computer hard disk. You can’t create the image on a volume
over the network.

30 Chapter 2    Creating NetBoot and NetInstall Images

 To create an image based on an existing system:
1 Start up the computer from a partition other than the one you’re imaging.
2 Install System Image Utility on the client computer from the Mac OS X Server
Administration Tools CD.
3 Open System Image Utility on the client computer (in the /Applications/Server/ folder).
4 In the left sidebar, select the image source.
If no image sources are listed, make sure you inserted a valid Mac OS X v10.6 or later
installation DVD or mounted a valid Mac OS X v10.6 or later boot volume.
Note:  To create an image, you must have valid Mac OS X v10.6 image sources (volumes
or installation DVDs). You cannot create an image of the startup disk you are running on.
5 From the expanded list, select the image source.
6 Select NetBoot Image, NetInstall Image, or NetRestore Image and click Continue.
ÂÂ Select NetBoot if your client computers will start up from this image.
ÂÂ Select NetInstall if your image will be installed on a hard disk.
ÂÂ Select NetRestore if your image is a clone of a volume.
7 In the Image Name field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
8 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
9 If the image will be served from more than oner server, select the checkbox below the
description field.
This option generates an index ID for NetBoot server load balancing.
10 For NetBoot images, if your source volume is a Mac OS X Installation DVD, enter a
user name, short name, and password (in the Password and Verify fields) for the
administrator account in Create Administrator Account.
You can log in to a booted client using this account.
11 Click Create.
12 In the Save As dialog, choose where to save the image.
If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.
To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.

Chapter 2    Creating NetBoot and NetInstall Images 31

 13 Click Save and authenticate if prompted.
Important:  Do not attempt to edit content in the image destination folder while the
image is being created.
14 After the image is created on the client computer, copy it to the /Library/NetBoot/
NetBootSPn share point on the server for use by NetBoot service.
Images should be stored in this folder.

From the command line:

You can also create a NetBoot image clone of a system using the hdiutil command in
Terminal to manipulate disk images. You can use this tool to perform many functions
such as creating, compressing, mounting, unmounting, and resizing images. You can
also display image information and burn images onto CDs.
mm To verify an image by comparing it to its internal checksum:
$ hdiutil verify myimage.img
mm To split an image into three segments:
$ hdiutil segment -segmentSize 10m -o /tmp/aseg 30m.dmg

This creates three files: aseg.dmg, aseg.002.dmgpart, and aseg.003.dmgpart.

mm To convert an image to a CD, export image with a .toast extension:
$ hdiutil convert master.dmg -format UDTO -o master
mm To burn an image onto a CD:
$ hdiutil burn myImage.dmg
mm To create an image from a folder:
$ hdiutil create -srcfolder mydir mydir.dmg

For information about how to manipulate disk images, see the hdiutil man page.
For the basics of command-line tool usage, see Introduction to Command-Line
Administration.

Updating an Image
To update a Mac OS X disk image, you must recreate the image. New images can easily
be recreated by running a saved image creation workflow. For more information, see
“Creating Images” on page 26.

From the command line:

To update a NetBoot image from the command line, use the installer tool the same
way you would to install packages on your default installation volume.
mm To update an image:
$ installer -pkg pkg.mpkg -target image_path

For information about installer, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

32 Chapter 2    Creating NetBoot and NetInstall Images

 Understanding Workflows
System Image Utility now harnesses the power of Automator to help you create
custom images by assembling workflows. The basic building block of a workflow is
an automator action. You define the image customization by assembling automator
actions into a workflow.

You use workflows to create customized NetInstall or NetBoot images depending on

the goals of your task:
ÂÂ Workflows that create custom NetInstall images assemble an image that installs
the OS onto the computer, either originating from installation DVDs or from an
installed OS volume. This image boots into the installer environment or similar shell
environment and performs the workflow steps you define.
ÂÂ Workflows that create custom NetBoot images assemble a bootable image from
installation DVDs or from an installed OS volume. This is an image that could be
directly installed onto a target volume using the asr command-line tool or you can
use NetBoot.

Each action performs a single task, such as customizing a software package or adding
a user account.

Instead of being a do-it-all tool, an action is purpose-designed to perform a single

task well. By combining several actions into a workflow, you can quickly accomplish a
specific task that no one action can accomplish on its own.

Workflow Components
System Image Utility comes preloaded with a library of actions. You can use these
actions to customize settings when creating an image. You access and organize this
Automator Library of actions within the workflow panes of System Image Utility.

The following sections describe the workflow actions available in the Automator
Library and provide steps on how to configure their options. By themselves, these
actions cannot create an image and must be assembled into a workflow to function.
For more information, see “Assembling Workflows” on page 39.

Configuring the Customize Package Selection Action

Use this action to customize the installation of the Mac OS X. You can disable, enable,
require, or prevent installation of packages or parts of packages in your image.

This action is only valid when creating NetInstall images.

To configure the Customize Package Selection workflow action:

1 From your System Image Utility workflow, select the Customize Package Selection
action in the Automator Library and drag it into position in your workflow.

Chapter 2    Creating NetBoot and NetInstall Images 33

 2 Enable or disable the installation of software packages using the Visible column:
ÂÂ Select the checkbox in the Visible column to enable the software package.
If enabled, the user can install the package from your image during installation.
ÂÂ Deselect the checkbox in the Visible column to disable the software package.
If disabled, the user cannot choose whether the package gets installed or not.
3 Require or prevent the installation of software packages using the Default and
Visible columns:
ÂÂ To require the installation of the software package, select the checkbox in the
Default column and deselect the checkbox in the Visible column. The user cannot
alter the package installation.
ÂÂ To prevent the installation of the software package, deselect the checkbox in the
Default column and deselect the checkbox in the Visible column. The user cannot
see the package and the package will not be installed.

Configuring the Define Image Source Action

Use this action to select the source volume and the type of image to create from it.
This action must be at the beginning of all image creation workflows.

This action is valid when creating NetBoot, NetInstall, and NetRestore images.

To configure the Define Image Source workflow action:

1 From your System Image Utility workflow, select the Define Image Source action in the
Automator Library and drag it to the beginning of your workflow.
2 From the Source pop-up menu, select the image source.
Note:  To create an image, you must have valid Mac OS X v10.6 image sources (volumes
or installation DVDs). You cannot create an image of the startup disk you are running on.

Configuring the Add Packages and Post-Install Scripts Action

Use this action to add installer packages and post-install scripts to a NetInstall image.
Post-install scripts provide the ability to customize each computer you deploy an
image on.

This action is only valid when creating a NetInstall image.

To configure the Add Packages and Post-Install Scripts workflow action:

1 From your System Image Utility workflow, select the Add Packages and Post-Install
Scripts action in the Automator Library and drag it into position in your workflow.
2 Add or Remove software packages or post-install scripts to your NetInstall image:
ÂÂ To add a package, click the Add (+) button, select the packages or post-install script
you want to add to your NetInstall image, then click Open.

34 Chapter 2    Creating NetBoot and NetInstall Images

 ÂÂ To remove a package or post-install script, select the item from the list and click
the Delete (–) button.
You can also drag items into the list from Finder and delete them by pressing the
Delete key.

Configuring the Add User Account Action

Use this account to add a user account to the Mac OS X installation image. You can
set this user to be an administrator.

Generally, a NetBoot computer created from a Mac OS X Installation DVD must

have at least one administrator user account. You can log in to a booted client using
this account.

This action is only valid when creating a NetBoot image.

To configure the Add User Account workflow action:

1 From your System Image Utility workflow, select the Add User Account action in the
Automator Library and drag it into position in your workflow.
2 Enter a user name, short name, and password for the user account.
3 Select the “Allow user to administer the computer” checkbox to give the account
administrator priveleges.

Configuring the Apply System Configuration Settings Action

Use this action to set custom per-host settings on client computers.

This action is only valid when creating NetInstall images.

To configure the Apply System Configuration Settings workflow action:

1 From your System Image Utility workflow, select the Apply System Configuration
Settings action in the Automator Library and drag it into position in your workflow.
2 Select from the following options to apply system configuration settings to your
NetInstall image.
ÂÂ If you want to copy the directory services configuration from the computer you are
creating the image from, select “Apply directory services settings from this machine
to all clients.”
ÂÂ If you want to bind clients one by one to their respective server or servers, click the
triangle next to “Map clients to other directory servers” and add or remove clients
with the Add (+) and Delete (–) buttons below the list.
The Server column is the Open Directory server, Ethernet Address is the MAC
address of the client computer, and User Name and Password are the administrator
credentials for the Open Directory server.

Chapter 2    Creating NetBoot and NetInstall Images 35

 ÂÂ If you have a configuration file that contains the Computer Name and Local
Hostname settings for your image, select “Apply Computer Name and Local
Hostname settings from a file” and enter the path to the file (or click Select File
and browse to the file).
ÂÂ If you are creating an image for multiple computers, select “Generate unique
Computer Names starting with” and enter the name in the field below. This gives
each computer with a deployed image a unique name on your network.
ÂÂ If you want the image to transfer the computer preferences of the computer you
are creating the image from, select “Change By Host preferences to match client
after install.”

Configuring the Create Image Action

Use this action to produce a disk image that can be served from a NetBoot server.
You must place this action at the end of all image creation workflows.

This action is valid when creating NetBoot, NetInstall, and NetRestore images.

To configure the Create Image workflow action:

1 From your System Image Utility workflow, select the Create Image action in the
Automator Library and drag it to the end of your workflow.
2 From the Save To pop-up menu, choose where to save the image.
3 In the Image Named field, enter the name of the image file.
This name identifies the image file stored on the computer.
4 In the Network Disk field, enter a name for your image.
This name identifies the image in the Startup Disk preferences pane on client
computers.
5 (Optional) In the Description field, enter notes or other information to help you
characterize the image.
Clients can’t see the description information.
6 In the Image Index field, enter an Image ID:
ÂÂ To create an image that is unique to this server, choose an ID in the range 1–4095.
ÂÂ To create one of several identical images to be stored on different servers for load
balancing, use an ID in the range 4096–65535.
Multiple images of the same type with the same ID in this range are listed as a
single image in a client’s Startup Disk preferences pane.

36 Chapter 2    Creating NetBoot and NetInstall Images

 Configuring the Enable Automated Installation Action
Use this action to set the options for automated (unattended) client installations.

This action is only valid when creating NetInstall or NetRestore images.

To configure the Enable Automated Installation workflow action:

1 From your System Image Utility workflow, select the Enable Automated Installation
action in the Automator Library and drag it into position in your workflow.
2 Determine how you want the target volume to be selected.
This is the volume that the image will be installed on.
The Selected by user option permits users to select which volume on their client
computer to install the image on.
The Named option permits you to set the volume without interaction from the user by
entering the name of the target volume.
3 To erase the target volume before the image is installed, select the “Erase before
installing” checkbox.

WARNING:  Using the Erase option removes all data from the target volume. Back up
all data before using this option.

4 From the Primary Language pop-up menu, choose the image language.

Configuring the Filter Clients by MAC Address Action

Use this action to restrict client access to NetBoot or NetInstall images.

This action is valid when creating NetBoot, NetInstall, or NetRestore images.

To configure the Filter Clients by MAC Address workflow action:

1 From your System Image Utility workflow, select the Filter Clients by MAC Address
action in the Automator Library and drag it into position in your workflow.
2 Add MAC addresses to the list.
To manually enter MAC addresses, click the Add (+) button or click Import and browse
to a .txt or .rtf file that has a tab-delimited list of MAC addresses.
To remove MAC addresses from the list, select the item to remove and click the Delete
(–) button.
3 To restrict image access, choose Allow or Deny for each MAC address.

Chapter 2    Creating NetBoot and NetInstall Images 37

 Configuring the Filter Computer Models Action
Use this action to limit the computer models that a Mac OS X image can be installed
on. Only selected computer models have access to the image.

This action is only valid when creating NetInstall or NetRestore images.

To configure the Filter Computer Model workflow action:

1 From your System Image Utility workflow, select the Filter Computer Model action
in the Automator Library and drag it into position in your workflow.
2 In the list, select the computer models you want to permit the image to install on.
No other computer models will have access to the image.
Use the filter field in the upper right to narrow the list of computer models.

Configuring the Partition Disk Action

Use this action to configure the image to partition the destination disk before
installing software. Partitioning a disk divides it into sections called volumes.

This action is only valid when creating NetInstall or NetRestore images.

To configure the Partition Disk workflow action:

1 From your System Image Utility workflow, select the Partition Disk action in the
Automator Library and drag it into position in your workflow.
2 Define the number of partitions by choosing from the partition pop-up menu or
by using the Split and Delete buttons to add or remove partitions.
3 Set the target disk to partition by selecting “Partition disk containing the volume”
and entering the name of the volume.
This partitions the disk containing the volume you specify.
4 To notify the user before the disk is partitioned, select “Display confirmation dialog
before erase.”

WARNING:  Partitioning a disk removes all data. Back up all data before using this action.

5 In the Name field enter a name for the new volume (partition).
6 From the Format pop-up menu, select the volume format.
7 Set the size of the volume by choosing one of the following.
ÂÂ Choose “Percentage of available disk” from the Size pop-up menu and enter a
percentage. Select Minimum and enter the smallest size in GB for the volume
(minimum size is only available if using percentage).
ÂÂ Choose “Absolute size” from the Size pop-up menu and enter the size in GB.
8 To prevent the information from being updated when the disk is partitioned,
select “Locked for editing.”

38 Chapter 2    Creating NetBoot and NetInstall Images

 Assembling Workflows
To assemble a workflow from a set of actions, drag and drop the actions from the
Automator Library into the sequence where you want them to run. Each action in the
workflow corresponds to a step you must perform manually.

Each action has options and settings you can configure. System Image Utility connects
these action components with the types of data that are flowing from one action
to another.

You can save your assembled workflows to reuse later.

Adding Existing Workflows

You can update or modify workflows by adding them to System Image Utility.

To add existing workflows to System Image Utility:

1 Open System Image Utility.
2 Click the Add (+) button and select Add Existing Workflow.
3 Select the workflow you want to add to System Image Utility.
Workflows have the workflow file extension.
4 Click Open.

Removing Workflows
You can remove workflows from System Image Utility.

To remove a workflow from System Image Utility:

1 Log in as an administrator user and open System Image Utility.
2 In the left sidebar, click the triangle next to Workflows.
The list of workflows appears.
3 Select the workflow you want to remove and click File > Remove Workflow.
4 Click Remove to confirm the action.
The workflow is removed from System Image Utility but is not deleted from
your computer.

Chapter 2    Creating NetBoot and NetInstall Images 39

 Assembling an Image Workflow
Use image workflows to create Mac OS X NetBoot and NetInstall images. Workflows let
you manually define the contents of your image in System Image Utility.

An image workflow must start with the Define Image Source action and end with
the Create Image action. Also, all actions in a workflow must be connected. If not, the
workflow is invalid and the actions are not processed.

To assemble an image workflow:

1 Log in as an administrator user.
2 Open System Image Utility (in the /Applications/Server/ folder).
3 In the image source list, click the triangle at the left of Sources.
The list of sources appears.
4 From the expanded list, select the image source.
When you select the source, this action chooses a default image type based on the
contents of the selected source.
5 Choose which type of image you are creating (NetInstall, NetBoot, or NetRestore image).
6 Click Customize for advanced image creation options.
This opens the workflow pane and Automator Library.
The Define Image Source action is present as the first component in the workflow.
7 Configure the Define Image Source action for your image.
This action is required at the beginning of all image workflows. See “Configuring the
Define Image Source Action” on page 34.
8 From Automator Library, choose additional actions that your customized image
requires and drag them into the Workflow pane between the Define Image Source
action and the Create Image action.
Assemble the actions in the order you like, configuring each action as you go.
For more information on configuring the actions, see “Workflow Components” 
on page 33.
9 Add the Create Image action to the end of your workflow.
This action is required at the end of image workflows. See “Configuring the Create
Image Action” on page 36.
10 Save the workflow by clicking Save.
Enter the name of your workflow in the Save As field and choose where to save
the workflow.
To save the workflow somewhere else, choose a location from the Where pop-up
menu or click the triangle next to the Save As field and navigate to a folder.

40 Chapter 2    Creating NetBoot and NetInstall Images

 11 Click Save.
12 To start the workflow, click Run and authenticate if prompted.
Important:  Do not attempt to edit content in the image destination folder while
the image is being created.

From the command line:

mm To run a workflow with somevariable set to somevalue in the myworkflow.workflow file:
$ automator -D somevariable=somevalue myworkflow.workflow

To create or edit a workflow, use System Image Utility. For more information, see the
automator man pages and the following sections:

ÂÂ “Adding Existing Workflows” on page 39

ÂÂ “Removing Workflows” on page 39
ÂÂ “ Workflow Components” on page 33

Adding Software to NetBoot and NetInstall Images

There are two basic approaches to including software in an image:
ÂÂ Add applications and files to a system before creating an image using that system
as the source. For more information, see “Creating an Image from a Configured
Computer” on page 30.
ÂÂ Add packages containing the applications and files to an image as it is created.
This is done using an image workflow in System Image Utility that has the
Customize Package Selection action component. For more information, see
“Configuring the Customize Package Selection Action” on page 33.

About Packages
To add application software or other files at image creation (instead of installing
applications or files on the image source volume before you create the image),
you must group the applications or files in a special file known as a package.

A package is a collection of compressed files and related information used to install

software onto a computer. The contents of a package are contained in a single file that
has the .pkg extension.

Chapter 2    Creating NetBoot and NetInstall Images 41

 Creating Packages
To add applications or other files to an image (instead of installing them on the image
source volume before creating the image), use PackageMaker to create packages
containing the application or files. PackageMaker is in the Utilities folder on the
Mac OS X Server Administration Tools CD that comes with Mac OS X Server.

For more information about creating packages, open PackageMaker and choose
PackageMaker Help, PackageMaker Release Notes, or Package Format Notes from the
Help menu.

After creating packages, add them to your NetBoot or NetInstall image using System
Image Utility workflows.

From the command line:

You can also run the packagemaker tool from the command line in Terminal on a
computer with developer tools installed. You can access it from /Developer/usr/bin/
packagemaker. For more information, open PackageMaker and choose PackageMaker
Help, PackageMaker Release Notes, or Package Format Notes from the Help menu.

Viewing the Contents of a Package

To view the contents of a package, open a Finder window, hold down the Control
key as you click the package, and choose Show Package Contents from the menu
that appears.

You use PackageMaker (included on the Mac OS X Server Administration Tools CD) to
create application software packages to use with NetInstall images.

From the command line:

mm To list the contents of a package:
$ ls package

For information about ls, see its man page. For the basics of command-line tool usage,
see Introduction to Command-Line Administration.

42 Chapter 2    Creating NetBoot and NetInstall Images

 Setting Up NetBoot Service
3
Use this chapter to set up NetBoot service to make boot and
installation images available to clients.

Use Server Admin to configure the NetBoot service in conjunction with System Image
Utility to create and edit images.

Setup Overview
Here is an overview of the basic steps for setting up NetBoot service.

Step 1:  Evaluate and update your network, servers, and client computers as
necessary.
The number of client computers you can support using NetBoot is determined by
the number of servers you have, how they’re configured, hard disk storage capacity,
and other factors. See “Capacity Planning” on page 46.

Depending on the results of this evaluation, you might want to add servers or hard
disks, add Ethernet ports to your server, or make other changes to your servers. You
might also want to set up more subnets for BootP clients, depending on the number
of clients you support.

You might also want to implement subnets on this server (or other servers) to take
advantage of NetBoot filtering.

To provide authentication and personalized work environments for NetBoot client

users by using Workgroup Manager, set up workgroups and import users from the
Mac OS X Server Users & Groups database before you create disk images. Make sure
you have at least one administrator user assigned to the Workgroup Manager for
Mac OS X client.

Step 2:  Create disk images for client computers.

You can set up Mac OS X disk images for client computers to start from. To create
Mac OS X disk images, you use System Image Utility. See “Creating Images” on page 26.

 43
 You might also want to restrict access to NetBoot images by using Model Filtering.
See “Creating NetBoot Images” on page 27.

To create application packages that you can add to an image, use PackageMaker.
Application software packages can be installed by themselves or with Mac OS X
system software. See “Creating Packages” on page 42.

Step 3:  Set up DHCP.

NetBoot requires that you have a DHCP server running on the local server or on
another server on the network. Make sure you have a range of IP addresses sufficient
to accommodate the number of clients that will use NetBoot at the same time.
For more information about configuring DHCP, see Network Services Administration.

If your NetBoot server also supplies DHCP service, you might get better performance
if you configure your server as a gateway. That is, configure your subnets to use the
server’s IP address as the router IP address.

Step 4:  Configure and turn on NetBoot service.

You use the NetBoot settings in Server Admin to configure NetBoot on your server.
See “Setting Up NetBoot Service” on page 48.

You turn on NetBoot service using Server Admin. See “Starting NetBoot and Related
Services” on page 51 and “Enabling Images” on page 52.

Step 5:  (Optional) Set up Ethernet address filtering.

NetBoot filtering is performed based on the client computer hardware address. Each
client’s hardware address is registered when the client selects a NetBoot or NetInstall
volume from the startup disk. You can permit or deny specific clients by address.
See “Restricting NetBoot Clients by Filtering Addresses” on page 58.

Step 6:  Test your NetBoot setup.

Because there is a risk of data loss or bringing down the network (by misconfiguring
DHCP), you should test your NetBoot setup before implementing it. Test each
Macintosh model you support to verify that there are no problems booting into the
image on a specified hardware type.

Step 7:  Set up client computers to use NetBoot.

When you’re satisfied that NetBoot is working on all types of client computers, set up
the client computers to start from the NetBoot disk images.

You can use the client computer’s Startup Disk System Preference pane to select a
startup disk image from the server and then restart the computer. See “Selecting a
NetBoot Boot Image” on page 60.

You can also restart the client computer and hold down the N key until the NetBoot
icon starts flashing on the screen. The client starts from the default image on the
NetBoot server. See “Starting Up Using the N Key” on page 62.

44 Chapter 3    Setting Up NetBoot Service

 Before Setting Up NetBoot Service
Before you set up NetBoot service, review the following considerations and
requirements.

What You Must Know

Before you set up NetBoot on your server, make yourself familiar with your network
configuration, including the DHCP services it provides. Be sure you meet the following
requirements:
ÂÂ You’re the server administrator.
ÂÂ You’re familiar with network setup.
ÂÂ You know the DHCP configuration.

You might need to work with your networking staff to change network topologies,
switches, routers, and other network settings.

Client Computer Requirements

All systems supported by Mac OS X v10.6 can use NetBoot to start from a Mac OS X
disk image on a server. At the time of this publication, this includes any Intel-based
Macintosh computer.

You must install the latest firmware updates on all client computers. Firmware updates
are available from the Apple support website: www.apple.com/support/.

Client Computer RAM Requirements

NetBoot client computers must have at least 512 MB of RAM.

Network Install client computers must also have 512 MB of RAM.

Software Updates for NetBoot System Disk Images

You must use the latest system software when creating NetBoot disk images. New
Macintosh computers require updates of system software, so if you have new
Macintosh clients you must update your NetBoot images.

To update a Mac OS X disk image, you must recreate the image. New images can easily
be recreated by running a saved image creation workflow. For more information, see
“Creating Images” on page 26.

Ethernet Support on Client Computers

NetBoot is supported only over built-in Ethernet connections. Multiple Ethernet ports
are not supported on client computers. Clients must have at least 100-Mbit Ethernet
adapters.

Chapter 3    Setting Up NetBoot Service 45

 Network Hardware Requirements
The type of network connections you must use depends on the number of clients you
expect to boot over the network:
ÂÂ 100-Mbit Ethernet (for booting fewer than 10 clients)
ÂÂ 100-Mbit switched Ethernet (for booting 10–50 clients)
ÂÂ Gigabit Ethernet (for booting more than 50 clients)

These are estimates for the number of clients supported. For more details of the
optimal system and network configurations to support the number of clients you have,
see “Capacity Planning” on page 46.

Network Service Requirements

Depending on the types of clients you want to boot or install, your NetBoot server
must also provide the following supporting services.

Service provided by For booting Mac OS X For booting Mac OS X

NetBoot server computers with hard disks computers without hard disks
DHCP Optional Optional
NFS Required if no HTTP Required if no HTTP
AFP Not required Required
HTTP Required if no NFS Required if no NFS
TFTP Required Required

Note:  DHCP service is listed as optional because although it is required for NetBoot it

can be provided by a server other than the NetBoot server. Services marked required
must be running on the NetBoot server.

NetBoot and AirPort

The use of AirPort wireless technology to boot clients using NetBoot is not supported
by Apple and is discouraged.

Capacity Planning
The number of NetBoot client computers your server can support depends on how
your server is configured, when your clients routinely start, the server’s hard disk space,
and a number of other factors. When planning for your server and network needs,
consider these factors:
ÂÂ Ethernet speed:  100Base-T or faster connections are required for client computers
and the server. As you add clients, you might need to increase the speed of your
server’s Ethernet connections.
Ideally you want to take advantage of the Gigabit Ethernet capacity built in to your
Mac OS X server hardware to connect to a Gigabit switch. From the switch, connect
Gigabit Ethernet or 100-Mbit Ethernet to each NetBoot client.

46 Chapter 3    Setting Up NetBoot Service

 ÂÂ Hard disk capacity and number of images:  Boot and installation images occupy
hard disk space on server volumes, depending on the size and configuration of the
system image and the number of images being stored.
Images can be distributed across multiple volumes or multiple servers. For more
information, see “Performance and Load Balancing” on page 67.
ÂÂ Hard disk capacity and number of users:  If you have a large number of diskless
clients, consider adding a separate file server to your network to store temporary
user documents.
Because the system software for a disk image is written to a shadow image for each
client booting from the disk image, you can get a rough estimate for the required
hard disk capacity required by multiplying the size of the shadow image by the
number of clients.
ÂÂ Number of Ethernet ports on the switch:  Distributing NetBoot clients over multiple
Ethernet ports on your switch offers a performance advantage. Each port must serve
a distinct segment.

Serial Number Considerations

Before starting NetBoot service, make sure you obtain a site license for the images you
will serve. The license covers all NetBoot images served from a server. For every extra
server, you must obtain a site license to provide NetBoot service. Contact Apple to
obtain site licenses.

If you plan on serving Network Install images for installing Mac OS X and Mac OS X
Server, also make sure that you have a site license.

If you plan on serving Network Install images for installing Mac OS X Server, you can
use the Mac OS X Server Assistant to generate a setup file that you can add to the
Network Install image so the server knows how to configure itself automatically.

If you use a generic file, you’ll need to enter the serial number manually using
Server Admin.

Turning NetBoot Service On

Before you can configure NetBoot settings, you must turn NetBoot service on in Server
Admin.

To turn NetBoot service on:

1 Open Server Admin and connect to the server.
2 Click Settings.
3 Click Services.
4 Click the NetBoot checkbox.
5 Click Save.

Chapter 3    Setting Up NetBoot Service 47

 Setting Up NetBoot Service
You set up NetBoot service by configuring the following groups of settings on the
Settings pane for NetBoot service in Server Admin.
ÂÂ General. Enable the NetBoot ports, select where images and client data resides, and
set the number of AFP connections.
ÂÂ Images. Enable images and select the default image.
ÂÂ Filters. (Optional) Enable NetBoot and DHCP filtering to determine the hardware
addresses of client computers you want to image.
ÂÂ Logging. Choose the level of detail that is recorded in the service log.

The following sections describe the tasks for configuring these settings and how to
start NetBoot service after you configure it.

Configuring NetBoot General Settings

You use General settings to enable NetBoot service on at least one port and select
where image and client data resides.

To configure NetBoot General settings:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.
5 In the Enable column, click the checkbox next to the network ports you want to use
for serving images.
6 In the Images column, click the checkbox to choose where to store images.
7 In the Client Data column, click the checkbox for each local disk volume where you
want to store shadow files used by Mac OS X diskless clients.
8 Click Save.

Configuring Images Settings

You use Images settings to enable images and select the default image.

To configure NetBoot Images settings:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.

48 Chapter 3    Setting Up NetBoot Service

 4 Click Settings, then click Images.
5 Enable the images you want your clients to use, specify if they are available for diskless
clients, and choose the protocol for delivering them.
If you’re not sure which protocol to use, choose NFS.
6 In the Default column, click the checkbox to select the default image.
You must select separate default images for Intel-based and PowerPC-based Macintosh
clients.
7 Click Save.

Configuring Filters Settings

To restrict client computers, you can set up filters that allow or deny access to NetBoot
service depending on the computer’s MAC address.

You can enter a MAC address as canonical or noncanonical in the filter list. The
canonical form of a MAC address contains leading zeros and lowercase hex digits
separated by a “:”. For example, 01:a1:0c:32:00:b0 is the canonical form of a MAC address
and 1:a1:c:32:0:b0 is the noncanonical form of the same MAC address.

To configure NetBoot Filters settings:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Filters.
5 Select “Enable NetBoot/DHCP filtering.”
6 Select “Allow only clients listed below (deny others)” or “Deny only clients listed below
(allow others).”
7 Use the Add (+) and Delete (–) buttons to set up the list of client addresses, and click OK.
To look up a MAC address, enter the client’s DNS name or IP address in the Host Name
field and click Find.
To find the hardware address for a computer using Mac OS X, look on the TCP/IP pane
of the computer’s Network preference or run Apple System Profiler.
8 Click Save.
Note:  You can also restrict access to a NetBoot image by selecting the name of the
image in the Images pane of NetBoot service settings in Server Admin, clicking the
Edit (/) button, and providing the required information.

Chapter 3    Setting Up NetBoot Service 49

 Configuring NetBoot Logging Settings
You use Logging settings to choose the level of detail that is recorded in the service log.

To configure NetBoot Logging settings:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Logging.
5 From the pop-up menu, choose the log detail level (Low, Medium, or High).
6 Click Save.

From the command line:

mm To configure a NetBoot service setting:
$ sudo serveradmin settings netboot:logging_level = value
mm To view NetBoot service configuration settings:
$ sudo serveradmin settings netboot

Parameter Description
logging_level Default = Medium
Possible values are Low, Medium, or High.

For information about command-line parameters, see “NetBoot Service Settings” on

page 96. For information about serveradmin, see its man page. For the basics of
command-line tool usage, see Introduction to Command-Line Administration.

Enabling NetBoot 1.0 for Older NetBoot Clients

If you want older computers, such as tray-loading iMac or Power Macintosh G3 (Blue
and White) computers, to use NetBoot, you must enable NetBoot 1.0. You can do so by
using the dscl tool.

Note:  NetBoot 1.0 and 2.0 can run on the same network simultaneously.

To enable NetBoot 1.0:

$ sudo dscl . create /config/dhcp old_netboot_enabled port_list
$ sudo killall bootpd

Parameter Description
port_list List of ports you want to enable for NetBoot 1.0,
formatted like en0 en1 en2.

50 Chapter 3    Setting Up NetBoot Service

 Starting NetBoot and Related Services
NetBoot service uses AFP, NFS, DHCP, Web, and TFTP services, depending on the types
of clients you’re trying to boot (see “Network Service Requirements” on page 46).
You can use Server Admin to start AFP, DHCP, Web, and NetBoot services. NFS and TFTP
services start automatically.

To start NetBoot service:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 If you’ll be booting diskless Mac OS X clients, start AFP service by selecting AFP in the
Servers list and clicking the Start AFP button (below the Servers list).
4 If your server is providing DHCP service, make sure the DHCP service is configured and
running; otherwise, DHCP service must be supplied by another server on your network.
If your NetBoot server is also supplying DHCP service, you might get better
performance if you configure your server as a gateway. That is, configure your subnets
to use the server’s IP address as the router IP address.
5 From the expanded Servers list, select NetBoot.
6 Click Settings, then click General.
7 Select which network ports to use for providing NetBoot service.
You can select one or more network ports to serve NetBoot images. For example, if
you have a server with two network interfaces, each connected to a network, you can
choose to serve NetBoot images on both networks.
8 Click Images.
9 Select the images to serve.
10 Click Save.
11 Click the Start NetBoot button (below the Servers list).

From the command line:

mm To start NetBoot and supporting services:
$ sudo serveradmin start netboot

If you get the following response, you have not yet enabled NetBoot on a network port:
$ netboot:state = "STOPPED"
$ netboot:status = 5000

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Chapter 3    Setting Up NetBoot Service 51

 Managing Images
After you set up NetBoot service, you can use Server Admin and System Image Utility
to customize and manage images for your network environment.

Enabling Images
You must enable disk images on your server to make the images available to client
computers for NetBoot startups.

To enable disk images:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 For each image you want your clients to see, click the checkbox in the Enable column.
6 Click Save.

From the command line:

mm To enable disk images:
$ sudo serveradmin settings netboot:netBootImagesRecordsArray:_array_
index:n:IsEnabled = yes

Parameter Description
netBootImagesRecordsArray:_array_ Default = no
index:<n>:IsEnabled Sets whether the image is available to NetBoot.

n Specifies the array index number of the volume

you want to set as the default image.

For information about command-line parameters, see “NetBoot Service Settings” on

page 96. For information about serveradmin, see its man page. For the basics of
command-line tool usage, see Introduction to Command-Line Administration.

Choosing Where Images Are Stored

You can use Server Admin to choose volumes to use for storing NetBoot and
NetInstall images.

WARNING:  Don’t rename a NetBoot share point or the volume it resides on. Don’t
use Server Admin to stop sharing for a NetBoot share point unless you first deselect
the share point for images and shadow files.

52 Chapter 3    Setting Up NetBoot Service

 To choose volumes for storing image files:
1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.
5 In the list of volumes (in the lower half of the pane), click the checkbox in the Images
column for each volume you want to store image files on.
6 Click Save.

From the command line:

mm To specify a volume to store image files:
$ sudo serveradmin settings
netboot:netBootStorageRecordsArray:_array_index:n:sharepoint = value
netboot:netBootStorageRecordsArray:_array_index:n:clients = value
netboot:netBootStorageRecordsArray:_array_index:n:ignorePrivs = value
netboot:netBootStorageRecordsArray:_array_index:n:volType = value
netboot:netBootStorageRecordsArray:_array_index:n:path = value
netboot:netBootStorageRecordsArray:_array_index:n:volName = value
netboot:netBootStorageRecordsArray:_array_index:n:volIcon = value
netboot:netBootStorageRecordsArray:_array_index:n:okToDeleteClients =
value
netboot:netBootStorageRecordsArray:_array_index:n:okToDeleteSharepoint =
value
Control–D

Parameter (netboot:) Description

netBootStorageRecordsArray:_array_ First parameter in an array describing a volume
index:<n>:sharepoint available to serve images.
Default = "no"

netBootStorageRecordsArray:_array_ Default = "no"

index:<n>:clients

netBootStorageRecordsArray:_array_ Default = "false"

index:<n>:ignorePrivs

Chapter 3    Setting Up NetBoot Service 53

 Parameter (netboot:) Description
netBootStorageRecordsArray:_array_ Default = <voltype>
index:<n>:volType Example: "hfs"

netBootStorageRecordsArray:_array_ Default = "/"

index:<n>:path

netBootStorageRecordsArray:_array_ Default = <name>

index:<n>:volName

netBootStorageRecordsArray:_array_ Default = <icon>

index:<n>:volIcon

netBootStorageRecordsArray:_array_ Default = "yes"

index:<n>:okToDeleteClients

netBootStorageRecordsArray:_array_ Default = "yes"

index:<n>:okToDeleteSharepoint

n The array index number of the volume you want

to set as the default image.

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Choosing Where Shadow Files Are Stored

When a diskless client boots, temporary (shadow) files are stored on the server.
You can use Server Admin to specify which server volumes are used to store the
temporary files.

WARNING:  Don’t rename a NetBoot share point or the volume it resides on. Don’t
use Server Admin to stop sharing for a NetBoot share point unless you first deselect
the share point for images and shadow files.

To use a volume for storing shadow files:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.
5 In the list of volumes (in the lower half of the pane), click the checkbox in the
Client Data column for the volumes you want to store shadow files on.
6 Click Save.

54 Chapter 3    Setting Up NetBoot Service

 From the command line:
mm To specify a volume to store shadow files on:
$ sudo serveradmin settings
netboot:netBootStorageRecordsArray:_array_index:n:sharepoint = value
netboot:netBootStorageRecordsArray:_array_index:n:clients = yes
netboot:netBootStorageRecordsArray:_array_index:n:ignorePrivs = value
netboot:netBootStorageRecordsArray:_array_index:n:volType = value
netboot:netBootStorageRecordsArray:_array_index:n:path = value
netboot:netBootStorageRecordsArray:_array_index:n:volName = value
netboot:netBootStorageRecordsArray:_array_index:n:volIcon = value
netboot:netBootStorageRecordsArray:_array_index:n:okToDeleteClients =
value
netboot:netBootStorageRecordsArray:_array_index:n:okToDeleteSharepoint =
value
Control–D

Parameter (netboot:) Description

netBootStorageRecordsArray:_array_ First parameter in an array describing a volume
index:<n>:sharepoint available to serve images.
Default = "no"

netBootStorageRecordsArray:_array_ Default = "no"

index:<n>:clients

netBootStorageRecordsArray:_array_ Default = "false"

index:<n>:ignorePrivs

netBootStorageRecordsArray:_array_ Default = <voltype>

index:<n>:volType Example: "hfs"

netBootStorageRecordsArray:_array_ Default = "/"

index:<n>:path

netBootStorageRecordsArray:_array_ Default = <name>

index:<n>:volName

netBootStorageRecordsArray:_array_ Default = <icon>

index:<n>:volIcon

netBootStorageRecordsArray:_array_ Default = "yes"

index:<n>:okToDeleteClients

netBootStorageRecordsArray:_array_ Default = "yes"

index:<n>:okToDeleteSharepoint

n The array index number of the volume you want

to set as the default image.

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Chapter 3    Setting Up NetBoot Service 55

 Using Images Stored on Remote Servers
You can store NetBoot or NetInstall images on separate remote servers other than
the NetBoot server. You must copy the images from the NetBoot server to the remote
server and then configure the remote server to use the images.

To store an image on a separate remote server:

1 Copy the image.nbi folder from the NetBoot server to the remote server on a NetBoot
sharepoint (/Library/NetBoot/NetBootSPn).
If the image is on the remote server, you can create the .nbi folder on the NetBoot
server by duplicating an existing .nbi folder and adjusting the values in its
NBImageInfo.plist file.
2 Open Server Admin and connect to the remote server.
3 Click the triangle at the left of the server.
The list of services appears.
4 From the expanded Servers list, select NetBoot.
5 Click Settings, then click Images.
6 For each image you want your clients to see from the remote server, click the
checkbox in the Enable column.
7 Select the protocol you want NetBoot to use when serving your image (NFS or HTTP).
8 Click Save.

Specifying the Default Image

The default image is the image used when you start up a client computer while
holding down the N key, providing that the client hasn’t selected a NetBoot or
NetInstall volume via Startup Disk. See “Starting Up Using the N Key” on page 62.

If you’ve created more than one startup disk image, you can use NetBoot service
settings in Server Admin to select the default startup image.

Important:  If you have diskless clients, set their boot image as the default image.

If you have more than one NetBoot server on the network, a client uses the default
image from the first server that responds. There is no way to control which default
image is used when more than one is available.

To specify the default boot image:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.

56 Chapter 3    Setting Up NetBoot Service

 4 Click Settings, then click Images.
5 In the Default column, click the checkbox next to the image.
You can select separate default images for Intel-based and PowerPC-based Macintosh
computers. The architecture column shows the image type. Mac OS X v10.6 images can
boot Intel-based Macintosh computers only.
6 Click Save.

From the command line:

mm To specify the default image:
$ sudo serveradmin settings netboot:netBootImagesRecordsArray:_array_
index:n:IsDefault = yes

Parameter (netboot:) Description

netBootImagesRecordsArray:_array_ yes
index:<n>:IsDefault Specifies this image file as the default boot image
on the subnet.

n Specifies the array index number of the volume

you want to set as the default image.

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Setting an Image for Diskless Booting

You can use Server Admin to make an image available for booting client computers
that have no local disk drives. Setting an image for diskless booting instructs the
NetBoot server to allocate space for the client’s shadow files.

To make an image available for diskless booting:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 In the Diskless column, click the box next to the image in the list.
6 Click Save.
Important:  If you have diskless clients, set their NetBoot image as the default image.
For help specifying where the client’s shadow files are stored, see “Choosing Where
Shadow Files Are Stored” on page 54.

Chapter 3    Setting Up NetBoot Service 57

 From the command line:
mm To set an image for a diskless boot:
$ sudo serveradmin settings netboot:netBootImagesRecordsArray:_array_
index:n:SupportsDiskless = yes

Parameter (netboot:) Description

netBootImagesRecordsArray:_array_ yes
index:<n>:SupportsDiskless Directs the NetBoot server to allocate space for
shadow files needed by diskless clients.

n Specifies the array index number of the volume

you want to set as the default image.

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Restricting NetBoot Clients by Filtering Addresses

The filtering feature of NetBoot service lets you restrict access to the service based on
the client’s Ethernet hardware (MAC) address. A client’s hardware address is added to
the filter list the first time it starts from an image on the server and is permitted access
by default, so it is usually not necessary to enter hardware addresses manually.

To restrict client access to NetBoot service:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Filters.
5 Select “Enable NetBoot/DHCP filtering.”
6 Select “Allow only clients listed below (deny others)” or “Deny only clients listed below
(allow others).”
7 Use the Add (+) and Delete (–) buttons to set up the list of client addresses, and click OK.
To look up a MAC address, enter the client’s DNS name or IP address in the Host Name
field and click Find.
To find the hardware address for a computer using Mac OS X, look on the TCP/IP pane
of the computer’s Network preference or run Apple System Profiler.
8 Click Save.
Note:  You can also restrict access to a NetBoot image by selecting the name of the
image in the Images pane of NetBoot service settings in Server Admin, clicking the
Edit (/) button, and providing the required information.

58 Chapter 3    Setting Up NetBoot Service

 From the command line:
mm To enable disk images:
$ sudo serveradmin settings
netboot:netBootFiltersRecordsArray:_array_index:n:hostName = value
netboot:netBootFiltersRecordsArray:_array_index:n:filterType = value
netboot:netBootFiltersRecordsArray:_array_index:n:hardwareAddress = value
Control–D

Parameter (netboot:) Description

netBootFiltersRecordsArray:_array_ The host name of the filtered computer, if
index:<n>:hostName available.

netBootFiltersRecordsArray:_array_ Whether the specified computer is allowed or

index:<n>:filterType denied access. Options:
"allow"
"deny"

netBootFiltersRecordsArray:_array_ The Ethernet hardware (MAC) address of the

index:<n>:hardwareAddress filtered computer.

n The array index number of the volume you want

to set as the default image.

For information about command-line parameters, see “NetBoot Service Settings” on

page 96. For information about serveradmin, see its man page. For the basics of
command-line tool usage, see Introduction to Command-Line Administration.

Setting Up NetBoot Service Across Subnets

A network boot starts when the client computer broadcasts for computers that will
respond to Boot Service Discovery Protocol (BSDP). By default, routers are usually
configured to block broadcast traffic to reduce the amount of unnecessary data
flowing to other parts of the network.

To provide NetBoot service across subnets, you must configure the router to pass on
BSDP traffic to the NetBoot server. To see if your router is capable of passing BSDP
traffic, check with your router manufacturer. Sometimes this is also referred to as using
a DHCP helper or a DHCP relay agent.

Chapter 3    Setting Up NetBoot Service 59

 Setting Up Clients to Use NetBoot
and NetInstall Images 4
Use this chapter to set up client computers to start or install
software from images on a server.

After NetBoot service and images are configured on the server, you must set up the
client computers to access and use the images.

Setting Up Diskless Clients

NetBoot service enables you to configure client computers without locally installed
operating systems or even without installed disk drives. Systemless or diskless clients
can start from a NetBoot server using the N key method. (See “Starting Up Using the N
Key” on page 62.)

After the client computer starts, you can use Startup Disk preferences to select the
NetBoot disk image as the startup disk for the client. That way you no longer need to
use the N key method to start the client from the server.

Removing the system software from client computers gives you more control over
user environments. By forcing the client to start up from the server and using client
management to deny access to the client computer local hard disk, you can prevent
users from saving files to the local hard disk.

Selecting a NetBoot Boot Image

If your computer is running Mac OS X v10.2 or later, you use Startup Disk preferences
to select a NetBoot boot image.

To select a NetBoot startup image from Mac OS X:

1 In System Preferences, select Startup Disk.
2 Select the network volume you want to start the computer with.
3 Click Restart.
The NetBoot icon appears and the computer starts from the selected image.

60
 From the command line:
mm To select a NetBoot startup image:
> setenv boot-file enet:YourServerIPAddress,NetBoot\NetBootsSP*\<name of
.nbi folder>\mach.macosx
> setenv boot-args rp=nfs: YourServerIPAddress:/private/tftpboot/NetBoot/
NetBootSP*:<name of .nbi folder>/<Name of image>.dmg
> setenv boot-device enet: YourServerIPAddress,NetBoot\NetBootSP*\<name
of .nbi folder>\booter
> mac-boot
mm To choose a boot device:
$ sudo systemsetup -setstartupdisk /volume/Disk\ 2/System/Library/
CoreServices

Parameter Description
volume The path to the boot device.

Disk\ 2 The name of the boot device.

For information about systemsetup, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Imaging Multiple Clients Using the Multicast asr Command

You can enable a multicast image server using the Mac OS X Server Multicast asr
command. Multicast asr can restore multiple clients simultaneously from one looping
multicast of an asr disk image.

Each client can receive the restore image at any time during a multicast of the image,
and the client continues receiving the first part of the next multicast until the client
receives the complete restore image.

The server multicasts only one copy of the restore image at a time, and all clients
receive this copy.

If the server finishes multicasting the restore image and a client is still requesting the
image, the server multicasts the image again. Thus, using multicast asr to stream
images to multiple clients doesn’t congest the network nearly as much as Network
Install with multiple clients.

To enable the image server, use the asr tool with the -server flag and a correctly
built image and plist file.

Chapter 4    Setting Up Clients to Use NetBoot and NetInstall Images 61

 To start a multicast server for a specified image:
$ asr -source <compressedimage> -server <configuration.plist>

The image does not start multicasting on the network until a client attempts to start a
restore. The server continues to multicast the image until the process is terminated.

To configure a client to receive a multicast stream:

$ sudo asr -source asr://<hostname> -target <targetvol> -erase

The client receives the multicast stream from <hostname> and saves it to the client.
To overwrite an existing image, add -erase. Using -erase with -target indicates an
image should be overwritten when doing a multicast.

Selecting a NetInstall Image

If your computer is running Mac OS X v10.2 or later, you use Startup Disk preferences
to select a NetInstall image.

To select a NetInstall image from Mac OS X:

1 In System Preferences, select Startup Disk.
2 Select the network volume you want to start the computer with.
3 Click Restart.
The NetBoot icon appears, the computer starts from the selected image, and the
installer runs.

Starting Up Using the N Key

You can use this method to start up any supported client computer from a NetBoot
disk image. When you start up with the N key, the client computer starts up from the
default NetBoot disk image. If multiple servers are present, the client starts up from the
default image of the first server to respond.

Note:  For more information about using the N key when starting the system, see the
manual that was provided with the computer. Some computers have extra capabilities.

If an older client computer requires BootP for IP addressing (such as a tray-loading

iMac, blue and white PowerMac G3, or older computer), use this method for starting
up from a NetBoot disk image. Older computers don’t support selecting a NetBoot
startup disk image from the Startup Disk control pane or preferences pane.

The N key also provides a way to start up client computers that don’t have system
software installed. See “Setting Up Diskless Clients” on page 60.

62 Chapter 4    Setting Up Clients to Use NetBoot and NetInstall Images

 To start from a NetBoot disk image using the N key:
1 Hold the N key down on the keyboard until the NetBoot icon appears in the center of
the screen, then turn on (or restart) the client computer.
2 If a login window appears, enter your name and password.
The network disk image has an icon typical of server volumes.

Changing How NetBoot Clients Allocate Shadow Files

By default, a Mac OS X NetBoot client places its shadow files in a NetBootClientsn
share point on the server, where n is the share point number. If no such share point is
available, the client tries to store its shadow files on a local hard disk.

For Mac OS X v10.3 and later images set for diskless booting, you can change this
behavior by using a text editor to specify a value for the NETBOOT_SHADOW variable in
the image /etc/hostconfig file.

These values are permitted:

Value of NETBOOT_SHADOW Client shadow file behavior

-NETWORK- (Default) Try to use a server NetBootClientsn
share point for storing shadow files. If no server
share point is available, use a local drive.
-NETWORK_ONLY- Try to use a server NetBootClientsn share point
for storing shadow files. If no server share point is
available, don’t boot.
-LOCAL- Try to use a local drive for storing shadow
files. If no local drive is available, use a server
NetBootClientsn share point.
-LOCAL_ONLY- Try to use a local drive for storing shadow files.
If no local drive is available, don’t boot.

Note:  This value is set in the /etc/hostconfig file in the image .dmg file, not in the
server hostconfig file.

Chapter 4    Setting Up Clients to Use NetBoot and NetInstall Images 63

 Managing NetBoot Service
5
Use this chapter to learn about daily tasks that keep NetBoot
service running efficiently, and to learn about load balancing
across multiple volumes on a server or across multiple servers.

You can manage NetBoot service using Server Admin. Server Admin enables you to
verify the overall status of the connection, to review logs, to control clients, and to
manage boot and installation images. You can use System Image Utility to distribute
boot images across servers for load balancing.

Controlling and Monitoring NetBoot

The following sections show how to stop NetBoot service, disable images, and monitor
or restrict clients.

Turning Off NetBoot Service

The best way to prevent clients from using NetBoot on the server is to disable NetBoot
service on all Ethernet ports.

To stop NetBoot:
1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click the Stop NetBoot button (below the Servers list) and perform one of the
following tasks:
ÂÂ To stop service on a specific Ethernet port, click Settings, click General, and deselect
the Enable checkbox for the port.
ÂÂ To stop serving a specific image, click Settings, click Images, and deselect the Enable
checkbox for the image.
ÂÂ To stop service to a client, click Settings, click Filters, select Enable NetBoot Filtering,
choose “Deny only clients listed below,” and add the client’s hardware address to the list.

64
 From the command line:
mm To stop NetBoot service or disable images:
$ sudo serveradmin stop netboot

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Disabling a Boot or Installation Image

Disabling an image prevents client computers from starting using the image.

To disable a NetBoot disk image:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click Images.
5 In the Enable column, deselect the checkbox for the image.
6 Click Save.

From the command line:

mm To stop NetBoot service or disable images:
$ sudo serveradmin stop netboot

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

Viewing a List of NetBoot Clients

You can use Server Admin to see a list of clients that have booted from the server.

To view the client list:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Clients.
5 To update the list, click the Refresh button (below the Servers list).
Note:  This is a cumulative list–a list of all clients that have connected–not a list of
connected clients. The last boot time is shown for each client.

Chapter 5    Managing NetBoot Service 65

 Viewing a List of NetBoot Connections
You can use Server Admin to see a list of clients that are booted from the server.
NetInstall clients display install progress information.

To view the NetBoot connections list:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Connections.
5 To update the list, click the Refresh button (below the Servers list).

Checking the Status of NetBoot and Related Services

You can use Server Admin to check the status of NetBoot service and the services
(such as NFS and HTTP) it uses.

To check NetBoot service status:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Overview to see if the service is running, when the last client update occurred,
and which related services are running for an image type.
5 To review the event log, click Log.
6 To see a list of NetBoot clients that have booted from the server, click Clients.
7 To see a list of connected users, click Connections.
The list includes the client computer name, IP address, the percentage complete,
and the status.

From the command line:

mm To see if the service is running:
$ sudo serveradmin status netboot
mm To see the complete service status:
$ sudo serveradmin fullstatus netboot

For information about serveradmin, see its man page. For the basics of command-line
tool usage, see Introduction to Command-Line Administration.

66 Chapter 5    Managing NetBoot Service

 Viewing the NetBoot Service Log
You can use Server Admin to view a log containing diagnostic information.

To view the NetBoot service log:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Log, then use the Filter field to search for specific entries.

From the command line:

mm To view the latest entries in a log:
$ tail log-file
mm To see where service logs are located:
$ sudo serveradmin command netboot:command = getLogPaths

For information about tail and serveradmin, see their man pages. For the basics of
command-line tool usage, see Introduction to Command-Line Administration.

Performance and Load Balancing

For good startup performance, the NetBoot server must be available to the client
computer relying on it. To provide responsive and reliable NetBoot service, set up
multiple NetBoot servers in your network.

Many sites using NetBoot service achieve acceptable responsiveness by staggering the
boot times of client computers to reduce network load. Generally, it isn’t necessary to
boot client computers at the same time; rather, client computers are booted early in
the morning and remain booted throughout the work day.

You can program staggered startup times using the Energy Saver preferences pane.

Load Balancing NetBoot Images

If heavy usage and simultaneous client startups are overloading a NetBoot server and
causing delays, consider load balancing by adding extra NetBoot servers to distribute
the demands of the client computers across multiple servers.

When incorporating multiple NetBoot servers, use switches in your network

infrastructure. The shared nature of hubs creates a single shared network on which
extra servers must vie for time.

Chapter 5    Managing NetBoot Service 67

 Distributing NetBoot Images Across Servers
If you set up more than one NetBoot server on your network, you can place copies of
a specific NetBoot image on multiple servers to distribute the load. By assigning the
copies the same image index ID in the range 4096–65535, you can advertise them to
your clients as a single image to avoid confusion.

Note:  You must customize the image by creating a workflow with the Create Image
action to assign the image an index ID.

To distribute an image across servers:

1 Locate the image file on the server where the original image is stored.
2 If the image index ID is 4095 or lower, recreate the image and modify the index ID
using the Create Image action in a workflow, then assign the image an index ID in
the range 4096–65535.
For more information, see “Assembling Workflows” on page 39.
The image ID can be changed from Server Admin by double-clicking the Image ID
field and entering the new ID.
3 Create copies or move image files to other servers.
4 On each server, use Server Admin to enable the image for NetBoot service.

Clients still see the image listed only once in Startup Disk preferences, but the server
that delivers its copy of the image is selected based on server activity.

Smaller improvements can be achieved by distributing NetBoot images across

multiple disk drives on a single server. For high-performance disk storage, consider
using an Xserve RAID or Xsan volume to store the images on.

Distributing NetBoot Images Across Server Disk Drives

Even with a single NetBoot server, you might improve performance by distributing
copies of an image across multiple disk drives on the server. By assigning the copies
the same image index ID in the range 4096–65535, you can advertise them to your
clients as a single image.

Important:  Don’t distribute images across different partitions of the same physical disk
drive. Doing so does not improve, and can even reduce, performance.

To distribute an image across disk drives:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select NetBoot.
4 Click Settings, then click General.

68 Chapter 5    Managing NetBoot Service

 5 In the Images column, select the checkbox for each volume you want to store images on.
Choose volumes on different physical disk drives.
6 Click Save, then click Images.
7 If the image’s index is 4095 or lower, double-click the ID, enter an index in the range
4096–65535, and save the change.
8 Open Terminal and use the scp secure copy tool to copy the image to the NetBootSPn
share points on the other volumes.
For example:
$ scp /Library/NetBoot/NetBootSP0/image.nbi [admin_name]@[ip_address]:/
Volumes/Drive2/Library/NetBoot/NetBootSP1

where [admin_name] is an admin login and [ip_address] is the correct IP address for
that server.
You are prompted for the password of the admin login you supply.

Balancing NetBoot Image Access

If you add a second NetBoot server to a network, have your users reselect their
NetBoot image in the Startup Disk control pane or preferences pane. This causes the
NetBoot server load to be redistributed among the servers.

You can also force redistribution of the load by deleting the /var/db/bsdpd_clients file
from the existing NetBoot server.

Note:  After deleting the bsdpd_clients file, the server does not remember which
clients selected which NetBoot or NetInstall volumes via Startup Disk. Unless the
clients reselect their intended NetBoot or NetInstall volumes, the clients will boot into
the default image on the server.

Similarly, if you’re recovering from a server or infrastructure failure and your clients
have been starting up from a reduced number of NetBoot servers, delete the
bsdpd_clients file from the running servers so clients can again start from among the
entire set of servers.

The bsdpd_clients file holds the Ethernet MAC addresses of the computers that have
selected the server as their NetBoot server.

As long as a client has an entry in an available server’s bsdpd_clients file, it always

starts from that server. If that server becomes unavailable, the clients locate and
associate themselves with an available server until you remove their entries (or the
files) from their servers.

Note:  If a client is registered on more than one server because an unavailable server
comes back on line, the client starts up from the server with the fewest number of
clients that started from it.

Chapter 5    Managing NetBoot Service 69

 Distributing Shadow Files
Clients starting up from Mac OS X diskless images store temporary (shadow) files on
the server.

By default, NetBoot for Mac OS X clients creates a share point for client shadow files on
the server boot volume. (You can change this behavior. See “Choosing Where Shadow
Files Are Stored” on page 54.)

You can use Server Admin to see this share point and to add others. The share points
are named NetBootClientsn where n is the share point number.

Share points are numbered starting with zero. For example, if your server has two disk
volumes, the default shadow-file folder is NetBootClients0 on the boot volume. If you
use Server Admin to specify that client data will also be stored on the second volume,
the folder is named NetBootClients1. NetBoot stores the first client’s shadow files on
NetBootClients0, the second client’s shadow files on NetBootClients1, the third client’s
shadow files on NetBootSP0, and so on.

Likewise, with three volumes and eight clients, the first, fourth, and seventh clients
use the first volume; the second, fifth, and eighth clients use the second volume; and
the third and sixth clients use the third volume. This load balancing is automatic and
usually provides optimal performance.

To prevent shadow files from being placed on a specific volume, use the NetBoot
Service General settings in Server Admin. Deselect the client data checkbox for any
volume you don’t want shadow files placed in.

You can also prevent shadow files from being placed on a specific volume or partition
by deleting the hidden file /Library/NetBoot/.clients, which is a symbolic link, and then
stopping and restarting NetBoot service.

70 Chapter 5    Managing NetBoot Service

 Solving System Imaging Problems
6
Use this chapter to find solutions for common problems you
might encounter while working with NetBoot and NetInstall.

This chapter contains solutions to common system imaging problems.

General Tips
ÂÂ Make sure a DHCP service is available on your network. It can be provided by the
Mac OS X Server DHCP service or another server.
ÂÂ Make sure required services are started on the server. See “Network Service
Requirements” on page 46. Open Server Admin and verify the following:
ÂÂ If you’re booting Mac OS X diskless clients, AFP is started
ÂÂ If you’re using HTTP instead of NFS to deliver images, Web service is started

If NetBoot Client Computers Won’t Start

If your NetBoot client computers will not start:
ÂÂ Sometimes a computer might not start immediately because other computers are
putting a heavy demand on the network. Wait a few minutes and try starting again.
ÂÂ Make sure cables are properly connected and that the computer and server are
getting power.
ÂÂ If you installed memory or an expansion card in the client computer, make sure it is
installed properly.
ÂÂ If the computer has a local hard disk with a System Folder on it, disconnect
the Ethernet cable and try to start the computer from the local hard disk, then
reconnect the Ethernet cable and try to start the computer from the network.
ÂÂ Boot the client computer from a local disk and verify that it is getting an IP address
from DHCP.
ÂÂ On a diskless or systemless client, start from a system CD and use Startup Disk
preferences to select a boot image.

 71
 If You Want to Change the Image Name
You can’t edit the name of an image with System Image Utility after you create it.
However, there are other ways to change the name, as shown in the following sections.

Changing the Name of an Uncompressed Image

This section describes how to change the name of an uncompressed image that you
created using System Image Utility.

To change the name of an uncompressed image:

1 Mount the image in Finder by opening the .nbi folder containing the image and
double-clicking it.
2 Open Terminal and enter the following command to rename the image:
$ sudo diskutil rename /Volumes/image new_name

Replace image with the name of the image you want to rename and new_name with
the new name of the image.
3 When prompted, enter your administrator password.
The name of the image changes.
4 Unmount the image.
5 Remount the image to verify that it has been renamed.

Changing the Name of a Compressed Image

This section describes how to change the name of a compressed image that you
created using System Image Utility.

To change the name of a compressed image:

1 Mount the image in Finder by opening the .nbi folder containing the image and
double-clicking it.
2 Open Disk Utility.
3 Select the image and click Convert.
4 In the Save As field, enter a name.
5 Select a different location to save the image to.
For example, save the image on the Desktop folder.
6 From the Image Format menu, choose read/write.
7 Click Save.
8 Unmount the image.
9 Mount the new image in the Finder.

72 Chapter 6    Solving System Imaging Problems

 10 Open a Terminal window and enter the following to rename the image:
$ sudo diskutil rename /Volumes/image new_name

Replace image with the name of the image you want to rename and new_name with
the new name of the image.
11 When prompted, enter your administrator password.
The name of the image changes.
12 Unmount the image.
13 Remount the image to verify that the image has been renamed.
14 Unmount the image.
15 Remove the original image from the .nbi folder and store it somewhere else.
16 In Disk Utility, select the new image and click Convert.
17 Give the image the same name as the one it had inside the .nbi folder.
18 In the Where field, select the .nbi folder.
19 From the Format menu, choose Compressed.
20 Click Save.
21 Test the new image to make sure it mounts properly.
22 Discard the old image.

Chapter 6    Solving System Imaging Problems 73

 Part II:  Software Update
Administration II
The chapters in this part of the guide introduce you to
Software Update and the applications and tools available for
administering Software Update.
Chapter 7 Understanding Software Update Administration
Chapter 8 Setting Up Software Update
Chapter 9 Managing Software Update
Chapter 10 Solving Software Update Problems
 Understanding Software Update
Administration 7
Use this chapter to learn how to use Software Update to
update Apple software on your network.
Software Update offers you ways to manage Macintosh software updates from
Apple on your network. In an uncontrolled environment, users might connect to Apple
Software Update servers at any time and update their computers with software that
is not approved by your IT group.

Using local Software Update servers, your client computers access only the software
updates you permit from software lists that you control, improving your ability to
manage computer software updates. For example you can:
ÂÂ Download software updates from the Apple Software Update servers to a local
server for sharing with local network clients and reduce the amount of bandwidth
used outside your enterprise network.
ÂÂ Direct users, groups, and computers to specific local Software Update servers using
managed preferences.
ÂÂ Manage the software update packages users can access by enabling and disabling
packages at the local server.
ÂÂ Mirror updates between Apple Software Update servers and your server to make
sure you have the most current updates.

Note:  Software Update does not update software on the server. For information about
keeping your server software current, see Advanced Server Administration.

Note:  You can’t use Software Update to provide third-party software updates.

76
 Inside the Software Update Process
This section describes how Software Update servers are implemented on Mac OS X,
including information about the protocols, files, folder structures, and configuration
details.

Overview
The process that starts Software Update is swupd_syncd. When you start Software
Update, it contacts Apple’s Software Update server and requests a list of available
software to download locally.

You can copy (store packages locally) and enable (make the packages available to
users) any files in the list. You can also limit user bandwidth for updates and choose to
automatically copy and enable newer updates from the Apple server.

Note:  Software Update stores its configuration information in the file /etc/swupd/

swupd.conf.

Catalogs
When Software Update starts, your Software Update server receives a list of available
software updates from the Apple Software Update service. Your server synchronizes
the contents of the software catalog with Apple’s Software Update server when you
restart your server or when you enter the following command:
$ sudo /usr/sbin/swupd_syncd -sync

To manually update the catalog, select the Refresh button in the Updates pane of
Software Update settings.

Changes in the Apple published catalog are immediately reflected on your local
server. Deprecated software packages are automatically disabled when a replacement
package for that update is enabled. An administrator can disable the new software
package and continue offering the deprecated package.

Installation Packages
Software Update supports pkm.en and .tar file types, recognized only by Mac OS X
v10.4 and later. As you copy updates on your server, your server downloads and stores
update packages in the /var/db/swupd/html/ folder.

This path can be modified to store the packages in an alternate location.

Note:  This version of Mac OS X Server supports only Apple-specific software packages

for use with your update server. Modified Apple and third-party update software
packages cannot be shared.

Chapter 7    Understanding Software Update Administration 77

 After packages are copied locally, you can enable them for users to update their
software. Mac clients running Software Update see only enabled packages in the list of
available software for their computer.

Deprecated software packages are automatically disabled when a replacement

package for that update is enabled. An administrator can disable the new software
package and continue offering the deprecated package.

Staying Up-To-Date with the Apple Server

To keep your service synchronized with the most current information, your Software
Update server must always remain in contact with the Apple server. Software Update
service regularly checks with an Apple Software Update to update usage information
and send lists of newly available software to the updates catalog on your server as
they become available.

The Apple Software Update server executes the swupd_syncd synchronization daemon
to make sure the latest update packages are available. The scheduled execution of
swupd_syncd is controlled by launchd by means of the StartCalendarInterval setting at
/System/Library/LaunchDaemons/com.apple.swupdate.sync.plist.

Limiting User Bandwidth

Software Update lets you limit the bandwidth that client computers can use when
downloading software updates from your Software Update server.

Setting a limit on the bandwidth enables you to control traffic on your network and
prevents Software Update clients from slowing the network. For example, if you limit
the bandwidth to 56 Kbps, each software update client can download updates at 56
Kbps. If five clients connect simultaneously to the server, the total bandwidth used by
the clients will be 280 Kbps (56 Kbps x 5).

Revoked Files
On a rare occasion Apple might provide a software update and want to revoke or
deprecate a package from circulation.

If Apple revokes the update package, the package is removed from your catalog and
stored packages, making it unavailable to clients

If Apple deprecates a software package and provides a replacement package, the older
software package is disabled, making it unavailable to clients. The package remains in
your catalog and stored packages until you remove it.

An administrator can disable the new software package and continue offering the
deprecated package.

78 Chapter 7    Understanding Software Update Administration

 Software Update Package Format
You can’t make your own Software Update packages. For security considerations and
to protect from attackers faking packages, the Software Update package installer won’t
install a package unless it is signed by Apple.

In addition, Software Update works only with the new package format supported in
Mac OS X Server v10.4 or later.

Log Files
The log files for Software Update are located in the /var/log/swupd/ folder. The log
files record Software Update events as they occur.

The log files for Software Update include the following:

ÂÂ swupd_syncd_log: logs the swupd_syncd daemon
ÂÂ swupd_error_log: reports messages from the httpd daemon controlled by Software
Update
ÂÂ swupd_access_log: reports messages from the httpd daemon controlled by
Software Update

The logs can be viewed in Server Admin in the Software Update Logs panel or using
the Console application located in the /Applications/Utilities/ folder.

Information That Is Collected

The Apple Software Update server collects the following information from client
Software Update servers:
ÂÂ Language
ÂÂ Type
ÂÂ Browser

Tools for Managing Software Update

The Workgroup Manager and Server Admin applications provide a graphical interface
for managing Software Update in Mac OS X Server. In addition, you can manage
Software Update from the command line by using Terminal.

These applications are included with Mac OS X Server and can be installed on another
computer with Mac OS X v10.6 or later, making that computer an administrator
computer. For more information on setting up an administrator computer, see the
server administration chapter of Getting Started.

Chapter 7    Understanding Software Update Administration 79

 Server Admin
Server Admin provides access to tools you use to set up, manage, and monitor
Windows services and other services. You use Server Admin to:
ÂÂ Set up Mac OS X Server as a Software Update server. For instructions, see
Chapter 8, “Setting Up Software Update.”
ÂÂ Manage and monitor Software Update service. For instructions, see
Chapter 4, “Setting Up Clients to Use NetBoot and NetInstall Images.”

For more information about using Server Admin, see Advanced Server Administration.
This includes information about:
ÂÂ Opening and authenticating in Server Admin
ÂÂ Working with specific servers
ÂÂ Administering services
ÂÂ Using SSL for remote server administration
ÂÂ Customizing the Server Admin environment

Server Admin is installed in /Applications/Server/.

Workgroup Manager
Workgroup Manager provides comprehensive management of clients of Mac OS X
Server. You use Workgroup Manager to set preferences by user, group, or computer
to access your Software Update server. For more information about how to configure
managed preferences for the Software Update server, see User Management.

For basic information about using Workgroup Manager, see User Management. This
includes:
ÂÂ Opening and authenticating in Workgroup Manager
ÂÂ Administering accounts
ÂÂ Customizing the Workgroup Manager environment

Workgroup Manager is installed in /Applications/Server/.

Command-Line Tools
A full range of command-line tools is available for administrators who prefer to
use command-driven server administration. For remote server management,
submit commands in a secure shell (SSH) session. You can enter commands on
Mac OS X servers and computers using the Terminal application, located in the
/Applications/Utilities/ folder.

80 Chapter 7    Understanding Software Update Administration

 Setting Up Software Update
8
Use this chapter to set up Software Update on your network
for Mac OS X v10.6 clients.

You use Software Update in Server Admin to provide local software updates to client
computers.

Setup Overview
Here is an overview of the basic steps for configuring your Software Update server.
This includes setting up Software Update service, configuring client computer access
to the server, and testing.

Step 1:  Evaluate and update your network, servers, and client computers as
necessary.
The number of client computers you can support using Software Update is
determined by the number of servers you have, how they’re configured, hard disk
storage capacity, and other factors. See “Capacity Planning” on page 83.

Depending on the results of this evaluation, you might want to add servers or hard
disks, add Ethernet ports, or make other changes to your servers.

For your client computers to use the local Software Update service, you must update
them to Mac OS X v10.4 or later.

Step 2:  Create your Software Update service plan.

Decide which users will access Software Update.

You might have groups who need unlimited access while others might need a more
limited choice of software updates. Such a plan requires more than one Software
Update server with client computers bound using directory services to manage user
preferences.

 81
 Step 3:  Configure the Software Update server.
Decide how you want to copy and enable software updates from Apple: automatically
or manually. Set the maximum bandwidth you want a single computer to use when
downloading update packages from your server. See “Setting Up Software Update” 
on page 85.

Step 4:  Start Software Update.

Your server synchronizes with the Apple Software Update server by requesting a
catalog of available updates. If you chose to automatically copy updates, your server
will begin to download all available software update packages. See “Starting Software
Update” on page 87.

Step 5:  (Optional) Manually copy and enable selected packages.

If you do not choose to automatically copy and enable all Apple software updates, you
must manually select software update packages to copy and enable. See “Copying and
Enabling Selected Updates from Apple” on page 92.

Step 6:  Set up client computers to use the correct Software Update server.
Set preferences in Workgroup Manager by user, group, or computer to access your
Software Update server. For more information about how to configure managed
preferences for the Software Update server, see User Management.

Step 7:  Test your Software Update server setup.

Test Software Update by requesting software updates from the server using a client
bound to preferences you set in Workgroup Manager. Make sure the packages are
accessible to your users.

Considerations and Requirements

Before you set up a Software Update server, review the following hardware and
network considerations and requirements.

What You Must Know

Before you set up Software Update on your server, you must be familiar with your
network configuration and you must meet the following requirements:
ÂÂ You’re the server administrator.
ÂÂ You’re familiar with network setup.

You might also need to work with your networking staff to change network topologies,
switches, routers, and other network settings.

Client Computer Requirements

Macintosh computers running Mac OS X v10.4 or later that are networked to a server
running Mac OS X Server v10.4 or later can use Software Update to update Apple
software.

82 Chapter 8    Setting Up Software Update

 Network Hardware Requirements
The type of network connections to use depends on the number of clients you expect
to serve software updates to:
ÂÂ To provide regular updates to fewer than 10 clients, use 100-Mbit Ethernet.
ÂÂ To provide regular updates to 10–50 clients, use 100-Mbit switched Ethernet.
ÂÂ To provide regular updates to more than 50 clients, use Gigabit Ethernet.

These are estimates for the number of clients supported. For more details about the
optimal system and network configurations to support the number of clients you have,
see “Capacity Planning” on page 83.

Note:  In Mac OS X Server, Software Update operates across all network interfaces that
TCP/IP is configured for.

Capacity Planning
The number of client computers your server can support when accessing Software
Update depends on how your server is configured, when and how often your clients
check for updates, the size of the updates, and a number of other factors.

When planning for your server and network needs, consider these main factors:
ÂÂ Ethernet speed: 100Base-T or faster connections are required for client computers
and the server. As you add clients, you might need to increase the speed of the
Ethernet connections of your server.
Ideally you want to take advantage of the Gigabit Ethernet capacity built in to your
Mac OS X server hardware to connect to a Gigabit switch. From the switch, connect
Gigabit Ethernet or 100-Mbit Ethernet to each Macintosh client.
ÂÂ Hard disk capacity and number of packages: Software Update packages can
occupy considerable hard disk space on server volumes, depending on the size and
configuration of the package and the number of packages being stored.
ÂÂ Number of Ethernet ports on the switch: Distributing Macintosh clients over
multiple Ethernet ports on your switch offers a performance advantage. Each port
must serve a distinct segment.
ÂÂ Number of Software Update servers on the network: You might want to provide
different software updates to various groups of users. By configuring directory
services you can offer different update services by network or hardware type, each
targeting a different Software Update server on the network.
Note:  You can’t configure Software Update servers to talk to one another.

Chapter 8    Setting Up Software Update 83

 Before Setting Up Software Update
Before you set up Software Update, consider the following topics.

Consider Which Software Update Packages to Offer

Before you set up Software Update, consider whether to provide all or only part of
Apple’s software updates. Your client computers might run application software that
requires a specific version of Apple software for the application to operate correctly.

You can configure your Software Update server to serve only Software Update
packages you approve. Restricting access to update packages might help prevent
maintenance and compatibility problems with your computers.

You can restrict client access in a Software Update server by disabling automatic
mirror-and-enable functions in the General Settings pane. You manage specific
updates in the Updates pane of the Software Update server.

Software Update Storage

Software updates can easily take a large amount of disk space over time and cause
problems with system resources. In a production environment, it is important to
prevent the system disk from becoming full and causing instability.

To eliminate the possibility of software updates filling a volume, system administrators

normally limit the type of data being stored on the root partition and place data that
could grow substantially in size on other partitions. For example, you could use an
Xserve RAID to store software updates.

By default, software updates are stored in the /var/db/swupd/ folder. To store software
updates in another location, choose a different partition or volume in the Software
Update General settings pane.

To modify existing Software Update storage:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 If Software Update is started, click the Stop Software Update button.
5 Click General.
6 Click Choose and select the location to store downloaded software updates.
7 Click Save.
8 (Optionally) If software updates were previously downloaded, use Terminal to copy the
default software update folder to the new location:

84 Chapter 8    Setting Up Software Update

 $ sudo cp -p /private/var/db/swupd/html /Volumes/My_Volume/My_Software_
Updates_Folder/
9 Click the Start Software Update button to confirm the operation.
10 (Optionally) Use Terminal to delete the previous storage location to reclaim startup
volume space:
$ sudo rm -rf /private/var/db/swupd/html

Organize Your Enterprise Client Computers

You might have individuals, groups, or groups of computers with common needs for
only a few software update packages, while others might need unrestricted access to
all software updates.

To provide varied access to software update packages, you must set up multiple
Software Update servers. Use managed preferences to configure these computers to
access a specific Software Update server.

For more information about how to configure managed preferences for the Software
Update server, see User Management.

Turning Software Update On

Before you can configure Software Update settings, you must turn on Software Update
in Server Admin.

To turn Software Update on:

1 Open Server Admin and connect to the server.
2 Click Settings.
3 Click Services.
4 Click the Software Update checkbox.
5 Click Save.

Setting Up Software Update

You set up Software Update by configuring the following groups of settings on the
Settings pane for Software Update in Server Admin.
ÂÂ General. This sets information about automatically copying and enabling updates,
purging obsolete updates, and limiting user bandwidth.
ÂÂ Updates. This lists available updates and provides date, name, version, and size
information for each.

The following sections describe the tasks for configuring these settings and how to
start Software Update after you configure it.

Chapter 8    Setting Up Software Update 85

 Configuring Software Update General Settings
You can use the General settings to set system update copy and enable settings, to
remove obsolete updates, and to limit user bandwidth.

To configure Software Update General settings:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Settings.
5 To limit client user bandwidth, select “Limit user bandwidth for updates to” and enter
the maximum rate of update bandwidth per user.
6 From the pop-up menu, choose KB/second or MB/second.
7 Click Choose and select where the Software Update catalog and downloads will be stored.
The default location is /var/db/swupd/html.
8 To specify a port that software updates are provided through, enter a port number in
the “Provide updates using port” field.
9 To keep a copy of the software updates on your server, select “Copy __ updates from
Apple” and choose from the following options.
ÂÂ If you want all updates copied from the Apple update server, choose “all” in the
pop-up menu.
ÂÂ If you want only new updates copied from the Apple update server, choose “all new”
in the pop-up menu.
10 To immediately enable all software updates for client users, select “Automatically
enable copied updates.”
Enabling this feature retrieves all Apple published catalog updates and automatically
disables deprecated software packages that have a replacement package available.
An administrator can disable the new software package and continue offering the
deprecated package.
If this feature is not selected and an administrator manually enables updates, disabling
of deprecated software packages is performed as individual replacement packages
are enabled.
11 To remove obsolete software updates from the Software Update storage location,
select the “Delete outdated software update packages” checkbox.
Enabling this feature does not remove obsolete or deprecated software updates from
the local Software Update catalog.
12 Click Save.

86 Chapter 8    Setting Up Software Update

 Configuring Updates Settings
You can use Updates settings to refresh the software update catalog, to copy and
enable individual updates, and to view specific update information.

Downloading Apple updates automatically disables deprecated software packages

that have a replacement package available. An administrator can disable the new
software package and continue offering the deprecated package.

To configure Updates settings:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Updates.
5 Click the Refresh button to synchronize with the Apple server.
An unscheduled synchronization does not change or delay the next scheduled
synchronization operation, which occurs every 24 hours at 03:00 (local time) by default.
An administrator can change the scheduled synchronization time by modifying
the StartCalendarInterval > Hour value at /System/Library/LaunchDaemons/com.
apple.swupdate.sync.plist. To restore the default launchd settings, remove the
com.apple.swupdate.sync.plist file and restart Software Update.
6 Click Copy Now to copy software updates to your server.
7 Select the checkbox in the Enable column for each update you want to make available
to client computers.
The Enable column is disabled if the “Automatically enable copied updates” checkbox
is selected. To manually enable or disable updates, deselect this checkbox in the
Settings pane.
8 Click Save.

Starting Software Update

Use Server Admin to start Software Update.

To start Software Update:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click the Start Software Update button (below the Servers list).

Chapter 8    Setting Up Software Update 87

 Redirecting Software Update Server and Unmanaged Clients
You can use Terminal to redirect Software Update to obtain updates from a different
location and point unmanaged client to a specified Software Update server.

Redirecting your Software Update Server

To load balance the distribution of Software Update across multiple Software Update
servers or conserve bandwidth to the Internet, you can change the /etc/swupd/swupd.
plist file to redirect where your Software Update server obtains the software updates.

By redirecting your Software Update server, you can have multiple Software Update
servers on your private network. However, only one Software Update server needs
access outside your private Intranet to obtain software updates from the Apple
Software Update server. Then each additional server can access the internal server to
obtain the software updates.

To redirect your Software Update server:

1 On the internal Software Update server, open Terminal.
2 Enter the following command:
$ vi /etc/swupd/swupd.plist
3 Locate the following metaIndexURL key:
...
<key>metaIndexURL</key>
<string>http://swscan.apple.com/content/meta/mirror-config-1.plist</
string>
4 Change the URL within the tags <string></string> to the location of your selected
Software Update server. For example:
<key>metaIndexURL</key>
<string>http://myserver.example.com:8088/catalogs.sucatalog</string>
5 Save the changes and exit Terminal.

Pointing Unmanaged Clients to a Software Update Server

Mac OS X Server v10.6 and later provide the ability to publish separate catalogs for
specific versions of Mac OS X. This allows each client to view only the updates that
relate to the operating system installed on that system.

If you are not using Client Management, use the defaults command in Terminal
to point unmanaged client computers to a Software Update server. You must be an
administrator to use the defaults command.

88 Chapter 8    Setting Up Software Update

 To point unmanaged clients to a software update server:
1 On the unmanaged client, open Terminal.
2 Enter the following command:
$ defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL
URL
Replace URL with the URL of the Software Update server, including the port number
and the name of the catalog file for the specific version of Mac OS X. For example:
ÂÂ For Mac OS Xv10.4:
http://su.domain_name.com:8088/index.sucatalog
ÂÂ For Mac OS X v10.5:
http://su.domain_name.com:8088/index-leopard.merged-1.sucatalog
ÂÂ For Mac OS X v10.6:
http://su.domain_name.com:8088/index-leopard-snowleopard.merged-1.
sucatalog

You can verify your change using the following command:

$ defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL

To point the unmanaged client computer back to the Apple Software Update server,
use the following command:
$ defaults delete /Library/Preferences/com.apple.SoftwareUpdate
CatalogURL

Chapter 8    Setting Up Software Update 89

 Managing Software Update
9
Use this chapter to perform day-to-day management tasks
for a Software Update server after the server is configured
and running.

The following sections show how to manually refresh the updates catalog from the
Apple server, check the status of Software Update, stop the service, and control the
software updates cataloged and distributed by the service.

Manually Refreshing the Updates Catalog from the

Apple Server
Use Server Admin to manually update the updates catalog.

Note:  Downloading Apple updates automatically disables deprecated software

packages that have a replacement package available. An administrator can disable the
new software package and continue offering the deprecated package.

To manually refresh the updates catalog from the Apple server:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Updates.
5 Click the Refresh button.

90
 Checking the Status of Software Update
Use Server Admin to check the status of Software Update.

To check Software Update status:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 To see whether the service is running, when it started, when it last checked for
updates, the number of updates that are copied or enabled, and whether auto-copy
and auto-enable are turned on, click Overview.
5 To review the Software Update service log, click Log.

Stopping Software Update

Use Server Admin to stop Software Update.

To stop Software Update:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click the Stop Software Update button (below the Servers list).

Limiting User Bandwidth for Software Update

Use Server Admin to limit user bandwidth.

To limit user bandwidth for Software Update:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click General.
5 Select “Limit user bandwidth for updates to.”
6 Enter the maximum rate of update bandwidth per user.
7 From the pop-up menu, choose KB/second or MB/second.
8 Click Save.

Chapter 9    Managing Software Update 91

 Automatically Copying and Enabling Updates from Apple
Use Server Admin to copy and enable software updates automatically from Apple.

Enabling this feature retrieves all Apple published catalog updates and automatically
disables deprecated software packages that have a replacement package available.
An administrator can disable the new software package and continue offering the
deprecated package.

If this feature is not selected and an administrator manually enables updates, disabling
of deprecated software packages is performed as individual replacement packages are
enabled.

To automatically copy software updates and enable them for download:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click General.
5 Select “Copy __ updates from Apple” and choose one of the following options from
the pop-up menu:
ÂÂ If you want all updates copied from the Apple update server, choose “all.”
ÂÂ If you want only new updates copied from the Apple update server, choose “all new.”
6 Select “Automatically enable copied updates.”
7 Click Save.

Copying and Enabling Selected Updates from Apple

Use Server Admin to copy selected software updates automatically from Apple.

Downloading Apple updates automatically disables deprecated software packages

that have a replacement package available. An administrator can disable the new
software package and continue offering the deprecated package.

To copy selected software updates and enable them for download:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.

92 Chapter 9    Managing Software Update

 4 Click General.
5 Make sure “Copy __ updates from Apple” is deselected.
6 Make sure “Automatically enable copied updates” is deselected.
7 Click Save.
8 Click Updates.
9 Click Copy Now to copy software updates to your server.
This copies software updates to your server.
10 To enable individual software updates, select the checkbox in the Enable column of
the update.
11 Click Save.

Removing Obsolete Software Updates

Use Server Admin to remove obsolete software updates from packages stored on the
server. You can configure Software Update to automatically purge obsolete updates.

Enabling this feature does not remove obsolete or deprecated software updates from
the local Software Update catalog.

To purge obsolete software updates:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click General.
5 Select the “Delete outdated software update packages” checkbox.
6 Click Save.

Chapter 9    Managing Software Update 93

 Identifying Individual Software Update Files
Software updates are stored in the /var/db/swupd/html folder by default. Sometimes
you might want to locate a specific software update file. Each software update that is
copied to the server is stored with product ID numbers for a file name.

To make sure that you are selecting the correct software update file, correlate the
file name (product ID) with the software update product ID in Server Admin. Each
software update lists their product ID below the description field in the Updates
Settings pane of Server Admin.

To view the product ID number of a software update:

1 Open Server Admin and connect to the server.
2 Click the triangle at the left of the server.
The list of services appears.
3 From the expanded Servers list, select Software Update.
4 Click Updates.
5 Select the software update from the list.
The software update product ID is displayed below the description field.

94 Chapter 9    Managing Software Update

 Solving Software Update Problems
10
Use this chapter to find solutions for common problems you
might encounter while working with Software Update.

This section contains solutions to common Software Update problems.

General Tips
ÂÂ Make sure required services are installed.
ÂÂ Make sure the Software Update packages you enable are meant for the client
accessing them.
ÂÂ If you detect poor response from the Software Update server, check the network
load. For more information, see “Capacity Planning” on page 83.
ÂÂ Delete old updates to make space for new ones.

If a Client Computer Can’t Access the Software Update Server

ÂÂ Make sure the client can access the network.
ÂÂ Make sure the client’s Software Update managed preference points to the Software
Update server.
ÂÂ Make sure the Software Update server is running.

If the Software Update Server Won’t Sync with the Apple

Server
Make sure the Apple server is accessible.

If Update Packages That the Software Update Server Lists

Aren’t Visible to Client Computers
Make sure the packages are enabled in Server Admin.

 95
 Command-Line Parameters

Appendix
NetBoot Service Settings
To configure general NetBoot service setting from Terminal, use the following
parameters with the serveradmin tool.

Parameter (netboot:) Description

filterEnabled A parameter that specifies whether client filtering
is enabled.
Default = "no"

netBootStorageRecordsArray... An array of values for each server volume

used to store boot or installation images. For a
description, see “The Storage Record Array” on
page 97.

netBootFiltersRecordsArray... An array of values for each computer explicitly

allowed or disallowed access to images. For a
description, see “The Filters Record Array” on
page 97.

netBootImagesRecordsArray... An array of values for each boot or installation

image stored on the server. For a description, see
“The Image Record Array” on page 98.

netBootPortsRecordsArray... An array of values for each server network port

used to deliver boot or installation images. For
a description, see “The Port Record Array” on
page 99.

96
 The Storage Record Array
An array of the following values appears in NetBoot service settings for each volume
on the server used to store boot or installation images.

Parameter (netboot:) Description

netBootStorageRecordsArray:_array_ The first parameter in an array describing a
index:<n>:sharepoint volume available to serve images.
Default = "no"

netBootStorageRecordsArray:_array_ Default = "no"

index:<n>:clients

netBootStorageRecordsArray:_array_ Default = "false"

index:<n>:ignorePrivs

netBootStorageRecordsArray:_array_ Default = <voltype>

index:<n>:volType Example: "hfs"

netBootStorageRecordsArray:_array_ Default = "/"

index:<n>:path

netBootStorageRecordsArray:_array_ Default = <name>

index:<n>:volName

netBootStorageRecordsArray:_array_ Default = <icon>

index:<n>:volIcon

netBootStorageRecordsArray:_array_ Default = "yes"

index:<n>:okToDeleteClients

netBootStorageRecordsArray:_array_ Default = "yes"

index:<n>:okToDeleteSharepoint

The Filters Record Array

An array of the following values appears in NetBoot service settings for each computer
explicitly allowed or denied access to images stored on the server.

Parameter (netboot:) Description

netBootFiltersRecordsArray:_array_ The host name of the filtered computer, if
index:<n>:hostName available.

netBootFiltersRecordsArray:_array_ Whether the specified computer is allowed or

index:<n>:filterType denied access. Options:
"allow"
"deny"

netBootFiltersRecordsArray:_array_ The Ethernet hardware (MAC) address of the

index:<n>:hardwareAddress filtered computer.

Appendix    Command-Line Parameters 97
 The Image Record Array
An array of the following values appears in NetBoot service settings for each image
stored on the server.

Parameter (netboot:) Description

netBootImagesRecordsArray:_array_ The name of the image as it appears in the
index:<n>:Name Startup Disk control panel (Mac OS 9) or
Preferences pane (Mac OS X).

netBootImagesRecordsArray:_array_ yes
index:<n>:IsDefault Specifies this image file as the default boot image
on the subnet.

netBootImagesRecordsArray:_array_ The path to the .dmg file.

index:<n>:RootPath

netBootImagesRecordsArray:_array_ Whether the image is edited.

index:<n>:isEdited

netBootImagesRecordsArray:_array_ Name of the boot ROM file: booter.

index:<n>:BootFile

netBootImagesRecordsArray:_array_ Arbitrary text describing the image.

index:<n>:Description

netBootImagesRecordsArray:_array_ yes
index:<n>:SupportsDiskless Directs the NetBoot server to allocate space for
shadow files needed by diskless clients.

netBootImagesRecordsArray:_array_ NFS or HTTP.

index:<n>:Type

netBootImagesRecordsArray:_array_ The path to the parameter list file in the .nbi

index:<n>:pathToImage folder on the server describing the image.

netBootImagesRecordsArray:_array_ 1–4095
index:<n>:Index Indicates a local image unique to the server.
4096–65535 is a duplicate, identical image
stored on multiple servers for load balancing.

netBootImagesRecordsArray:_array_ Sets whether the image is available to NetBoot

index:<n>:IsEnabled (or Network Image) clients.

netBootImagesRecordsArray:_array_ yes
index:<n>:IsInstall Specifies a network installation image.
no
Specifies a NetBoot image.

98 Appendix    Command-Line Parameters
 The Port Record Array
An array of the following items is included in the NetBoot service settings for each
network port on the server set to deliver images.

Parameter (netboot:) Description

netBootPortsRecordsArray:_array_ The first parameter in an array describing a
index:<m>:isEnabledAtIndex network interface available for responding to
netboot requests.
Default = "no"

netBootPortsRecordsArray:_array_ Default = "<devname>"

index:<m>:nameAtIndex Example: "Built-in Ethernet"

netBootPortsRecordsArray:_array_ Default = "<dev>"

index:<m>:deviceAtIndex Example: "en0"

Appendix    Command-Line Parameters 99
 Index

Index
A NetBoot  30
access network requirements  46
client management  60, 81, 83 setup  60, 62
load balancing  69 shadow files  54, 63, 70
path for client  22 troubleshooting NetBoot startup  71
restricting NetBoot  37, 38, 49, 58 See also Automator actions, Software Update
restricting Software Update  76, 84, 85 service
Add Packages and Post-Install Scripts action  34 clients
Add User Account action  35 capacity planning  46
AFP (Apple Filing Protocol) service  46 diskless startup  71
AirPort wireless network  46 groups  17, 81, 83, 85
Apple Filing Protocol service. See AFP imaging multiple  61
Apply System Configuration Settings action  35 NetBoot  18, 19, 22
Architectures property  20 viewing lists of  65, 66
ASR (Apple Software Restore)  29 command-line tools
asr tool  29, 30, 61 assmbling workflows  41
Automator actions creating images  32
Add Packages and Post-Install Scripts  34 disabling images  65
Add User Account  35 enabling images  52, 59
Apply System Configuration Settings  35 logs  67
Create Image  36 NetBoot settings  25, 96, 97, 98, 99
Customize Package Selection  33 package-making  42
Define Image Source  34 restoring images  30
Enable Automated Installation  37 service settings  50
Filter Clients by MAC Address  37 Software Update service  80
Filter Computer Model  38 starting NetBoot  51
overview  33 startup image selection  61
Partition Disk  38 status checking  66
stopping service  65
B storing image files  53, 55
bandwidth limitations for Software Update  78, 91 computer name  36
boot image, definition  16 configuration, client settings  35
See also NetBoot service Create Image action  36
Boot Server Discovery Protocol. See BSDP Customize Package Selection action  33
BootFile property  20
BootP (Bootstrap Protocol)  22, 62 D
Bootstrap Protocol. See BootP Define Image Source action  34
BSDP (Boot Server Discovery Protocol)  21, 59 Description property  21
DHCP (Dynamic Host Configuration Protocol)
C service  21, 44, 46, 51, 71
client computers disk images. See NetBoot service, NetInstall
diskless startup  54, 56, 57, 60 diskless startup  54, 56, 57, 60, 71
hardware requirements  45 disks

100
 capacity planning  38, 47, 83 Name property  21
distribution of images across  68 naming conventions  52, 72
partitions  38 NetBoot service
documentation  11, 12, 13 adding packages to images  41, 42
drives. See disks boot file management  22
Dynamic Host Configuration Protocol. See DHCP capacity planning  46
client setup  45, 46, 60
E creating images  26, 27, 29, 30
Enable Automated Installation Action  37 default settings  56
Ethernet  45, 46, 83 disabling images  65
enabling images  52
F filters  49, 58
file services  46 image folder  19
See also share points management tools  24, 25, 52
files monitoring of  64, 65, 66, 67, 68, 69, 70
boot  22 NetBoot 1.0 support  50
Software Update storage  84 network service requirements  46
Filter Clients by MAC Address action  37 overview  9, 16, 17, 18, 19
Filter Computer Model action  38 prerequisites  45
filters record array, NetBoot  97 property list file  20
filters, NetBoot  49, 58 security  23
folders, NetBoot image  19 selecting boot image  60
server discovery  21, 59
G settings  48, 96, 97, 98, 99
groups, setup  17, 81, 83, 85 setup  35, 43, 48
starting  47, 51
status checking  66
H
stopping  64
hardware requirements  45, 46, 82, 83
storage for images  22, 52, 54, 56
hdiutil tool  32
testing  44
help, using  10
troubleshooting  71, 72
host name, local  36
updating images  32
HTTP (Hypertext Transfer Protocol)  46
viewing client lists  65, 66
workflows  33, 34, 35, 36, 37, 38, 39, 40
I See also Automator actions
image record array, NetBoot  98
NetBootClientsn share points  19, 63, 70
images. See NetBoot service, NetInstall
NetBootSPn  18, 22
Index property, NetBoot image  20
NetInstall
installation image, definition  16
adding software to images  41, 42
See also NetInstall
creating images  26, 28, 30
IsDefault property  21
overview  9, 16, 18, 23
IsEnabled property  21
selecting install image  62
IsInstall property  21
using stored images  22
workflows  33, 34, 35, 36, 37, 38, 39, 40
L See also Automator actions
Language property  21
NetRestore   29
load balancing  19, 67, 68, 69, 70
Network File System. See NFS
logs  50, 67, 79
network requirements  46, 83
network services  21, 44, 46, 51, 71
M NFS (Network File System)  46
MAC address  37, 49, 58
memory, requirements for  45 P
multicast  61 package install images  33, 34, 41, 42
PackageMaker  17, 42
N packages, Software Update  77, 78, 79, 83, 84, 94
N key startup procedure  62 Partition Disk action  38

Index 101
 port record array, NetBoot  99 storage record array, NetBoot  97
post-install scripts  34 streaming media, multicast  61
problems. See troubleshooting subnets  59
Property List Editor  17 SupportsDiskless property  21
property list files  20 System Image Utility
protocols creating images  26
AFP  46 overview  9, 17, 20, 25
BootP  22, 62 system imaging. See NetBoot service, NetInstall
BSDP  21, 59 systemsetup tool  61
DHCP  21, 44, 46, 71
HTTP  46 T
TFTP  22, 46 TFTP (Trivial File Transfer Protocol)  22, 46
troubleshooting
R NetBoot service  71, 72
RAM (random-access memory)  45 Software Update service  95
remote servers, images stored on  56 Type property  21
RootPath property  21
U
S updating disk images  45
security  23 See also Software Update service
See also access user accounts, adding  35
serial number, server  47 See also client computers
Server Admin  17, 24, 80 users. See clients
servers
discovery of  21, 59 V
images on remote  56 volumes, cloning  29
load balancing  67, 68, 69
NetBoot  18 W
Software Update  83, 89, 95 workflows  33
setup procedures. See configuration, installation adding  39
shadow files  18, 19, 54, 63, 70 assembling  39, 40
share points Automator actions  33, 34, 35, 36, 37, 38
NetBootClientsn  19, 63, 70 removing  39
NetBootSPn  18, 22 Workgroup Manager  24, 80
shadow files  18, 19, 70 workgroups  43
software requirements  45, 81
Software Update service
automatic settings  92
capacity planning  83
catalog management  77, 90, 93
clients  76, 78, 82, 85, 89
file packages  77, 78, 79, 83, 84, 94
file storage  84
identifying files  94
limitations on bandwidth  78, 91
management tools  79, 80, 90
monitoring of  78, 79
overview  9, 76, 77
prerequisites  82, 83
settings  84, 85, 86, 87
setup overview  81
starting  85, 87
status checking  91
stopping  91
troubleshooting  95
startup. See NetBoot service

102 Index