ABOUT BENCH FORUMS PODCAST LOGIN REGISTER
PC Components
Smartphones & tablets
Systems
ENTERPRISE & IT
GUIDES
DEALS

In-Depth with Mac OS X Lion Server

 by Andrew Cunningham on August 2, 2011 8:00 AM EST
77 Comments | Add A Comment
77 Comments

NetBoot

The NetBoot service is one of my personal favorites - using a mix of standard PXE boot technology and some of Apple’s own mumbo-jumbo, you can use it to serve up OS images to client Macs over the network. Its uses are diverse - you can boot up a simple operating system designed to deploy OS X images to multiple computers at once (I recommend the excellent, free DeployStudio for this sort of work), you can serve up a vanilla OS X install disk, or you can use the System Image Utility (another of the Server Admin Tools) to capture a pre-configured OS X environment that can be served to many clients at once - the latter is particularly useful in classrooms, computer labs, public-use kiosks, and anywhere with a lot of Macs that need to look and act the same, since getting a clean instance of the OS is as easy as rebooting the system.

There are three different types of NetBoot images: The first, called NetBoot, boots a Mac to an entirely server-hosted disk image where you can run apps and use the Mac pretty much as you normally would, though all user-created data is wiped out when the Mac is restarted. NetInstall can be used to make copies of OS X install media that are bootable from the network instead of discs or USB drives. The last, NetRestore, will copy the contents of an image to a Mac’s hard drive, making it easy to mass-deploy customized OS X images to multiple computers.

The actual setup and operation of the NetBoot service is basically identical to the way it was in Snow Leopard server (which looked a lot like Leopard’s implementation did, and so on). However, there are some inconveniences related to Lion’s dropping of support for Core Duo and Solo Macs if you’ve still got any hanging around - a bit of historical context will be useful here.

NetBoot dealt with the PPC-to-Intel transition by allowing administrators to choose what client architecture a particular image would boot - if you made one 10.4 NetBoot image for PowerPC systems and an equivalent image for Intel systems, you could set them both as the default images for their respective architectures, and offer the same services to all of your Macs regardless of architecture without incurring too much additional overhead.

10.5 made Universal images possible - these were simple times, because one image could boot basically all of your supported Macs (as long as you didn’t have any super-old G3s or G4s around), but you had to go back to the image-per-architecture model when 10.6 dropped support for PowerPC. It was a little extra work, but was totally doable.

As we discussed before, 10.7 drops support for the very earliest of the Intel Macs, but your Netboot architecture options remain the same - you can pick PowerPC, Intel, or Universal (for 10.5 images), but you can’t distinguish between supported and unsupported Intel Macs.

Granted, this problem will affect only a subset of Lion Server users - those who use NetBoot and need to support both the newest Macs (necessitating a recent 10.7 image, since as a rule OS X isn’t downgradeable) and a mix of older Macs - if this roughly describes your situation, begin devising workarounds now.

Using the System Image Utility


If you have several Macs on your network and are worried about Lion’s lack of restore media (and if, for some reason, you don’t want to make your own restore DVD or USB stick as we discussed in our Lion review), the NetBoot service provides you with one of the few supported methods for getting around it.

All you need to do is keep a copy of the Lion installer downloaded from the App Store. As long as you’ve got it stored somewhere on a drive that is readable by the computer, you can fire up the System Image Utility and see it listed as an image source.

Go ahead and create a basic NetInstall image of it, and save the resultant *.nbi folder to your server's \Library\NetBoot\NetBootSP0 folder, and then enable it in the Images tab in Server Admin (note that the NetBoot folder is only created once you choose to store images and client data on your hard drive in Server Admin, and that your images only become visible to clients when you’ve enabled NetBoot on your server’s Ethernet port).

Enabling ports and storage locations

Once everything is enabled, you should see your new NetBoot image as an option in the Startup Disk preference pane on your client Macs.

You can use the System Image Utility to make a NetBootable image of any OS X partition, as long as it’s running the same version of OS X as the Mac running the System Image Utility - Lion can make Lion boot images, Snow Leopard can make Snow Leopard boot images, and so on.

For the new MacBook Airs and Mac Minis without optical drives (and, one assumes, for many other models going forward), the NetBoot service provides the backbone of the new Internet Recovery feature - the only difference there is that you're NetBooting from one of Apple's servers instead of your own. NetBoot and Lion Server allow you to offer this functionality to all of your Macs.
 

Software Update

Software Update downloads every update in Apple’s catalog and allows you to serve them up to your users. This includes every product updated by Software Update: OS X (versions 10.5, 10.6, and 10.7 are supported), Final Cut, iLife, iWork, and various firmware updates included. With Final Cut and others making the transition to the App Store, it’s uncertain whether Software Update will continue to offer updates for these products. Another question is whether iOS updates will be offered via Software Update once over-the-air delta updates become the norm in iOS 5 - as usual, we’ll have to wait and see.

Why do this when your Macs could just talk to Apple’s servers? First and foremost, it can help you if you need to conserve Internet bandwidth: instead of having 20 computers download a 1GB update from Apple, you can have one computer download the 1GB update from Apple, and have 20 computers download the update from it. This is also usually faster than connecting to Apple’s server, especially over a modern gigabit network.

The other advantage is that you can choose exactly which updates to serve to your clients. If, for example, you know that 10.7.1 deletes user data, or that iTunes 10.5 is going to have problems that are fixed days later by iTunes 10.5.1, or that Safari 5.2 causes problems with some internal sites you depend on, you can uncheck those updates and elect only to serve them up after issues have been fixed.

All you have to do is point your client computers to your Software Update server. This is easily done via policies in Workgroup Manager or Profile Manager for managed Macs, or via some command line trickery for non-managed Macs. Downloading the entire update catalog does consume a fair amount of disk space, so make sure you've got a few dozen spare GB on your drive somewhere before turning the service on.
Server Admin Tools: DHCP, DNS, Firewall, NAT, and RADIUS Xgrid and Xgrid Admin
PRINT THIS ARTICLE
Comments Locked

77 Comments

View All Comments

  • GrizzledYoungMan - Tuesday, August 2, 2011 - link

    I probably should have toned down my sarcasm a bit, but my point is that while yes, Apple said they support SMB since 10.2, it just plain old doesn't work right.

    Google Thursby DAVE to see what I mean.

  • repoman27 - Tuesday, August 2, 2011 - link

    I'm familiar with DAVE, and you're right that obviously much is to be desired with Apple's SMB implementation if there is still an aftermarket product that costs more than the OS itself just to fix this particular issue.

    I kinda feel like more of the problem has to do with Mac OS X's lack of native support for NTFS though, rather than SMB actually malfunctioning.

    I chuckle that while you're thinking about "all the time that has been wasted trying to get OS X desktop clients to do things that have worked out in the real world for years now," I'm thinking about how much time I've wasted trying to get Windows Home versions to do things that Microsoft has artificially prevented them from doing so that they could sell customers an "upgrade". For instance, try setting up file sharing with user-level passwords and NTFS permissions on a network with Windows XP Home and Widows 7 Home Premium machines...

  • GrizzledYoungMan - Tuesday, August 2, 2011 - link

    You'll get no argument from me that Windows' tiered pricing is a bummer. Up-selling is sleazy.

    But overall, I'd say that Windows actually represents a better value if you make the right upgrade choices (ie, XP straight to 7). For the price of a few of Apple's annual updates, you get something that lasts a few years longer, does a lot more, and puts you through the OS-version-transition rumpus less frequently.

    While I can understand why the press loves the frequency of OS X revisions, I don't see it as a good thing for the user (and certainly not my own personal experience). Upgrading your OS is a pain, and to do it every year - lest you suffer the consequences of running a two year old, unsupported version of OS X - is a burden. And as I mentioned, the end result of this accelerated schedule is that the end users become the beta testers.

    No wonder they're getting out of the desktop business. They can't handle anything much more complicated than a mobile phone OS.

  • repoman27 - Tuesday, August 2, 2011 - link

    Since version 10.3, Mac OS X has been on a major revision update schedule that is much closer to once every 2 years (Leopard actually came 2.5 years after Tiger). In the early days of Mac OS X there were some teething issues that resulted in a more rapid release cycle, but I also seem to recall Microsoft releasing Windows 98, 98SE, ME, and 2000 in rather quick succession.

    Mac users are also free to skip every other version. Not to mention that upgrade pricing for Mac OS is way cheaper than Windows when you realize that you're getting the full-feature client version with a far more liberal license scheme and no activation based copy protection for $30. How much would it cost to legitimately upgrade every machine that you own or control from Windows Vista Home Basic 32-bit OEM to Windows 7 Ultimate 64-bit?

    Apple released updates for Tiger for more than 3 years after it was discontinued. I guess if they had a stubborn enough install base they would be forced to continue support for a 9 year-old version of their OS as well.

    What does a client version of Windows itself do that Mac OS does not, aside from allowing playback of Blu-ray discs?

    If you've ever bought a retail Windows machine, you probably know that out of the box, under normal usage, the thing will be all but unusable in less than 18 months time, forcing you to buy another cheap POS Windows machine, or to perform a clean install of your OS. I love sacrificing 16% of a new system's performance to anti-virus software right off the bat, too.

  • RubberJ - Tuesday, August 2, 2011 - link

    My system has been running Win7 since RTM and hasn't slowed.

    And does Antivirus really take 16% of your system performance or are you just talking out your arse?

    http://www.tomshardware.com/reviews/anti-virus-vir...

    Just as i thought...mac fanboy alert...

  • repoman27 - Wednesday, August 3, 2011 - link

    Yeah, as soon as I posted that last comment I realized I had crossed the line into religious war territory.

    My point about crappy system performance and having to reinstall the OS was regarding the way retail PC's come preconfigured, and what the typical end-user then subjects them to, not your particular case. My personal Windows systems (I do actually use Windows on the daily) tend to work fine for years, but then again I also spend a lot of time building performance tuned system images. I also don't personally run antivirus software anymore, because I'm not a sucker.

    As for that, I tend to refer more to the testing done by AV comparatives, and my own personal testing, but I certainly wasn't talking out my arse. 16% may indeed be hyperbole when talking about a new Sandy Bridge based system running Windows 7, but not at all on legacy equipment running XP or when running in a virtualized environment.

    Anywho, my initial intent was merely to clarify various exaggerations or inaccuracies in this thread, but I guess I did end up painting myself as the fanboy with that previous rant.

  • Wizzdo - Wednesday, August 3, 2011 - link

    As a power user, developer, and servicer for Windows and OS X I can tell you quite simply that, relative to OS X, Windows is an expensive frustrating bag of hurt for a great many typical users. OS X comes with a fantastic suite of software tailored very well to work with the OS and the OS is in turn tuned very well to work with the Hardware. Updates (even Major ones) are painless and offer excellent value for the investment. They are generally highly looked forward to by most OS X users.

    Anyone who claims Windows and a generic PC will likely serve the average user better simply does not have a clue. There really is little comparison now and OS X Lion just pushes the experience that much further ahead.

    For much of my day I am forced to use Windows to develop SQL Server infrastructures. SQL Server is IMHO the best piece of software Microsoft has ever managed to make. However, my blood pressure drops considerably when I get to boot back into OS X where I can get some creative work done in a responsive pleasing modern environment that does not feel like a thinly veiled version of DOS.

    Apple gets it right and that is why they are the revered technology leader in the industry right now.

    Timemachine alone is worth the price of admission for anyone who values there work and wants effortless trustworthy backup and retrieval of it. Watch MS scramble to get this into their next OS just like so many other features. Apple didn't invent them all but knows how to make them work the way they should.

  • GrizzledYoungMan - Wednesday, August 3, 2011 - link

    I would just like to point out that Wizzdo lives in a universe in which Windows 7 is a thinly veiled version of DOS, and Timemachine is a novel, useful feature.

    Sigh. OS X users.

  • ex2bot - Friday, August 5, 2011 - link

    Actually, Time Machine IS a useful feature. Is it "novel"? It is novel in the sense that it is drop-dead simple. You plug in an external drive and click the 'Yes' button. Then as long as it is attached it makes complete + sequential backups. I use it on my Macs. I also clone periodically. Well, I don't clone. My drives do.

    The backup review interface works well, too. It's basically a specialized Finder window. I admit the star field is . . . interesting.

    GrizzledYoungMan, has Time Machine not been useful for you? What happened when you used it? It's worked for me on multiple machines. Backing up is useful because hard drives fail eventually. Even hard drives attached to Windows PCs.

    And Windows 7 *is* a thinly veiled version of DOS. See, Windows just a shell that sits on DOS. . . Nahhh! I'm just kidding ya. I know it's son of NT (or grandson maybe).

    Ex2bot
    Positronic Mac Fanbot ("Cannot harm humans" is just a guideline, I believe.)

  • justinf79 - Friday, August 5, 2011 - link

    Way to show your ignorance there buddy...

    Windows, the security/virus nightmare where you're bombarded by OS security patches daily gets old fast. And quite frankly OS X is more powerful AND simpler. Windows has always been garbage.
Copyright © 2024. All rights reserved.
BENCH
TOPICS
FOLLOW
ABOUT

Log in

Don't have an account? Sign up now