In-Depth with Mac OS X Lion Serverby Andrew Cunningham on August 2, 2011 8:00 AM EST
The NetBoot service is one of my personal favorites - using a mix of standard PXE boot technology and some of Apple’s own mumbo-jumbo, you can use it to serve up OS images to client Macs over the network. Its uses are diverse - you can boot up a simple operating system designed to deploy OS X images to multiple computers at once (I recommend the excellent, free DeployStudio for this sort of work), you can serve up a vanilla OS X install disk, or you can use the System Image Utility (another of the Server Admin Tools) to capture a pre-configured OS X environment that can be served to many clients at once - the latter is particularly useful in classrooms, computer labs, public-use kiosks, and anywhere with a lot of Macs that need to look and act the same, since getting a clean instance of the OS is as easy as rebooting the system.
The actual setup and operation of the NetBoot service is basically identical to the way it was in Snow Leopard server (which looked a lot like Leopard’s implementation did, and so on). However, there are some inconveniences related to Lion’s dropping of support for Core Duo and Solo Macs if you’ve still got any hanging around - a bit of historical context will be useful here.
NetBoot dealt with the PPC-to-Intel transition by allowing administrators to choose what client architecture a particular image would boot - if you made one 10.4 NetBoot image for PowerPC systems and an equivalent image for Intel systems, you could set them both as the default images for their respective architectures, and offer the same services to all of your Macs regardless of architecture without incurring too much additional overhead.
10.5 made Universal images possible - these were simple times, because one image could boot basically all of your supported Macs (as long as you didn’t have any super-old G3s or G4s around), but you had to go back to the image-per-architecture model when 10.6 dropped support for PowerPC. It was a little extra work, but was totally doable.
As we discussed before, 10.7 drops support for the very earliest of the Intel Macs, but your Netboot architecture options remain the same - you can pick PowerPC, Intel, or Universal (for 10.5 images), but you can’t distinguish between supported and unsupported Intel Macs.
Granted, this problem will affect only a subset of Lion Server users - those who use NetBoot and need to support both the newest Macs (necessitating a recent 10.7 image, since as a rule OS X isn’t downgradeable) and a mix of older Macs - if this roughly describes your situation, begin devising workarounds now.
Using the System Image Utility
If you have several Macs on your network and are worried about Lion’s lack of restore media (and if, for some reason, you don’t want to make your own restore DVD or USB stick as we discussed in our Lion review), the NetBoot service provides you with one of the few supported methods for getting around it.
All you need to do is keep a copy of the Lion installer downloaded from the App Store. As long as you’ve got it stored somewhere on a drive that is readable by the computer, you can fire up the System Image Utility and see it listed as an image source.
Enabling ports and storage locations
Once everything is enabled, you should see your new NetBoot image as an option in the Startup Disk preference pane on your client Macs.
You can use the System Image Utility to make a NetBootable image of any OS X partition, as long as it’s running the same version of OS X as the Mac running the System Image Utility - Lion can make Lion boot images, Snow Leopard can make Snow Leopard boot images, and so on.
Software Update downloads every update in Apple’s catalog and allows you to serve them up to your users. This includes every product updated by Software Update: OS X (versions 10.5, 10.6, and 10.7 are supported), Final Cut, iLife, iWork, and various firmware updates included. With Final Cut and others making the transition to the App Store, it’s uncertain whether Software Update will continue to offer updates for these products. Another question is whether iOS updates will be offered via Software Update once over-the-air delta updates become the norm in iOS 5 - as usual, we’ll have to wait and see.
The other advantage is that you can choose exactly which updates to serve to your clients. If, for example, you know that 10.7.1 deletes user data, or that iTunes 10.5 is going to have problems that are fixed days later by iTunes 10.5.1, or that Safari 5.2 causes problems with some internal sites you depend on, you can uncheck those updates and elect only to serve them up after issues have been fixed.
All you have to do is point your client computers to your Software Update server. This is easily done via policies in Workgroup Manager or Profile Manager for managed Macs, or via some command line trickery for non-managed Macs. Downloading the entire update catalog does consume a fair amount of disk space, so make sure you've got a few dozen spare GB on your drive somewhere before turning the service on.