In-Depth with Mac OS X Lion Server
by Andrew Cunningham on August 2, 2011 8:00 AM ESTNetBoot
The NetBoot service is one of my personal favorites - using a mix of standard PXE boot technology and some of Apple’s own mumbo-jumbo, you can use it to serve up OS images to client Macs over the network. Its uses are diverse - you can boot up a simple operating system designed to deploy OS X images to multiple computers at once (I recommend the excellent, free DeployStudio for this sort of work), you can serve up a vanilla OS X install disk, or you can use the System Image Utility (another of the Server Admin Tools) to capture a pre-configured OS X environment that can be served to many clients at once - the latter is particularly useful in classrooms, computer labs, public-use kiosks, and anywhere with a lot of Macs that need to look and act the same, since getting a clean instance of the OS is as easy as rebooting the system.
The actual setup and operation of the NetBoot service is basically identical to the way it was in Snow Leopard server (which looked a lot like Leopard’s implementation did, and so on). However, there are some inconveniences related to Lion’s dropping of support for Core Duo and Solo Macs if you’ve still got any hanging around - a bit of historical context will be useful here.
NetBoot dealt with the PPC-to-Intel transition by allowing administrators to choose what client architecture a particular image would boot - if you made one 10.4 NetBoot image for PowerPC systems and an equivalent image for Intel systems, you could set them both as the default images for their respective architectures, and offer the same services to all of your Macs regardless of architecture without incurring too much additional overhead.
10.5 made Universal images possible - these were simple times, because one image could boot basically all of your supported Macs (as long as you didn’t have any super-old G3s or G4s around), but you had to go back to the image-per-architecture model when 10.6 dropped support for PowerPC. It was a little extra work, but was totally doable.
As we discussed before, 10.7 drops support for the very earliest of the Intel Macs, but your Netboot architecture options remain the same - you can pick PowerPC, Intel, or Universal (for 10.5 images), but you can’t distinguish between supported and unsupported Intel Macs.
Granted, this problem will affect only a subset of Lion Server users - those who use NetBoot and need to support both the newest Macs (necessitating a recent 10.7 image, since as a rule OS X isn’t downgradeable) and a mix of older Macs - if this roughly describes your situation, begin devising workarounds now.
Using the System Image Utility
If you have several Macs on your network and are worried about Lion’s lack of restore media (and if, for some reason, you don’t want to make your own restore DVD or USB stick as we discussed in our Lion review), the NetBoot service provides you with one of the few supported methods for getting around it.
All you need to do is keep a copy of the Lion installer downloaded from the App Store. As long as you’ve got it stored somewhere on a drive that is readable by the computer, you can fire up the System Image Utility and see it listed as an image source.
Enabling ports and storage locations
Once everything is enabled, you should see your new NetBoot image as an option in the Startup Disk preference pane on your client Macs.
You can use the System Image Utility to make a NetBootable image of any OS X partition, as long as it’s running the same version of OS X as the Mac running the System Image Utility - Lion can make Lion boot images, Snow Leopard can make Snow Leopard boot images, and so on.
Software Update
Software Update downloads every update in Apple’s catalog and allows you to serve them up to your users. This includes every product updated by Software Update: OS X (versions 10.5, 10.6, and 10.7 are supported), Final Cut, iLife, iWork, and various firmware updates included. With Final Cut and others making the transition to the App Store, it’s uncertain whether Software Update will continue to offer updates for these products. Another question is whether iOS updates will be offered via Software Update once over-the-air delta updates become the norm in iOS 5 - as usual, we’ll have to wait and see.
The other advantage is that you can choose exactly which updates to serve to your clients. If, for example, you know that 10.7.1 deletes user data, or that iTunes 10.5 is going to have problems that are fixed days later by iTunes 10.5.1, or that Safari 5.2 causes problems with some internal sites you depend on, you can uncheck those updates and elect only to serve them up after issues have been fixed.
All you have to do is point your client computers to your Software Update server. This is easily done via policies in Workgroup Manager or Profile Manager for managed Macs, or via some command line trickery for non-managed Macs. Downloading the entire update catalog does consume a fair amount of disk space, so make sure you've got a few dozen spare GB on your drive somewhere before turning the service on.
Facebook
Twitter
RSS
77 Comments
View All Comments
jedimed - Thursday, August 4, 2011 - link
Does anyone know if Lion Server supports any DLNA media streaming?jay2901 - Saturday, August 6, 2011 - link
sorry if this has been answered already...but if you aren't interested in legacy nt domain controller functionality, can you join a windows 7 pc to lion server's open directory? would love to use this in a mixed (50-50) environment with mac/pcs without needing active directory.ATOmega - Monday, August 8, 2011 - link
Such a limiting selection of hardware and functionality.Running a server, it makes more sense to take advantage of the strong updates and packages in Debian/Ubuntu and just run with that.
I mean, if you're crazy about the Apple hardware, go nuts! But it's clear what Apple really does with server is integrate a handful of half baked UIs with otherwise free software packages. Calling it a "server edition" changes little from an existential perspective.
I'll never understand the appeal of paying up to 3x more to get the same if not less...
tumme_totte - Tuesday, August 9, 2011 - link
Andrew, you say that Windows computers can't join the OD since a Lion OD Master can't be Primary Domain Master for Windows. But in the documentation Apple says something else:https://help.apple.com/advancedserveradmin/mac/10....
Can this be verified? Windows 7 machines can't be joined to Leopard Server (neither Server 2008) and I was hoping Lion would solve this.
Te-Moz - Sunday, August 14, 2011 - link
Andrew, you can set up device management with a self signed SSL certificate.Obviously it's 'nicer' to have one that's authority signed, but for us, we just need Lion server to control our Macs and iPads, push updates and provide some shared storage. (Educational setting)
Great article, and if you wanted to do one on setting up a golden triangle with Lion Server OD and Win AD, then I'm sure a lot of folk would fine that really helpful also. ;)
reese637 - Saturday, December 24, 2011 - link
Hi all. I'm a young tech enthusiast who likes to get his hands dirty in networks and servers and what not. As of now, I've been running our home network with two Time Capsule routers (acting as access points, web servers, backup drives, and file sharing), and many mac desktops and laptops (I believe four MacBooks and two iMacs). For a while now, I've been interested in upgrading to the Server edition of OSX, but I was afraid that it had too many requirements such as xserves, server domains, etc. Now that Lion Server seems to be a bit more consumer friendly and a lot cheaper, I was seriously thinking in upgrading. Would any of you please be able to let me know if there is anything else I need to buy/do in order for OSX Lion Server to actually work in my home? Thank you.Ron Blatto - Thursday, February 2, 2012 - link
I'm new to using any kind of server software and your guide is exactly what I was looking for.