NetBoot/SUS Appliance User Guide. Version 1.0

(1)

(2)

JAMF Software, LLC

JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software

301 4th Ave S Suite 1075 Minneapolis, MN 55415-1039 (612) 605-6625

Under the copyright laws, this publication may not be copied, in whole or in part, without the written consent of JAMF Software, LLC.

Apple and Mac OS are trademarks of Apple Inc., registered in the United States and other countries. Intel is a registered trademark of the Intel Corporation in the U.S. and other countries.

The JAMF Software logo is a trademark of JAMF Software, LLC in the United States and other countries. Maker’s Mark is a registered trademark of Beam Global Spirits & Wine, Inc.

(3)

Overview

Apple allows you to host NetBoot servers and internal software update servers (SUSs) on Mac OS X Server only. The Appliance creates an Ubuntu virtual machine (VM) that acts as a NetBoot server and/or SUS. This allows you to host a NetBoot server and/or internal SUS using any system that supports virtualization. The Appliance also installs a web application that can be used to easily manage your NetBoot server and/or SUS.

Requirements

The minimum system requirements are:

100 GB of disk space available

1 GB of RAM

Virtualization software installed that supports Open Virtualization Format

To set up a NetBoot server using the Appliance, you need a NetBoot image (.nbi folder). For instructions on creating a NetBoot image for use with the Casper Suite, see the following Knowledge Base article:

https://jamfnation.jamfsoftware.com/article.html?id=307

Only Intel-based Macs can boot to a NetBoot image hosted on a NetBoot server that is running on the Appliance.

Setting Up the NetBoot/SUS Appliance

Before using the Appliance to set up a NetBoot server and/or SUS, you need to import the Appliance file (.ova) into the virtualization software on the system you want to use to host the NetBoot server and/or SUS. This creates an Ubuntu VM that has running SMB and AFP shares. The first time you power on the VM, a page displaying the URL for the Appliance web application appears.

(5)

Managing Accounts

The following table lists the default credentials for all accounts associated with the Appliance:

Account User name Password

Appliance web application webadmin webadmin Administering the Appliance

from Terminal shelluser shelluser

AFP share afpuser afpuser

SMB share smbuser smbuser

You can change the user name and password for:

The Appliance web application

Administering the Appliance from Terminal

You can also change the password for the AFP and SMB shares.

To change the credentials for the Appliance web application: 1. Log in to the Appliance web application with a web browser.

2. Click the Change Account link at the top of the page.

3. Enter the current password.

4. Enter a new user name and password, and then click Save Web Admin Account.

To change the credentials for administering the Appliance from Terminal: 1. Log in to the Appliance web application with a web browser.

2. Click the Change Account link at the top of the page.

(6)

4. Enter a new user name and password, and then click Save Shell Account.

To change the password for the AFP or SMB share:

1. Log in to the Appliance web application with a web browser.

2. Click the Admin link at the top of the page.

3. If you are changing the password for the AFP share, select the AFP category in the sidebar. If you are changing the password for the SMB share, select the SMB category.

4. Enter a new password. If you are changing the password for the AFP share, click Change AFP Password. If you are changing the password for the SMB share, click Change SMB Password.

Managing a Software Update Server

The Appliance creates an internal SUS using Reposado, an open source software update application. Use the Appliance web application to easily set up and manage the SUS.

(7)

Setting Up the SUS

Before using the SUS, you must set it up using the Appliance web application. This requires you to create at least one branch and specify a base URL for the SUS.

To set up the SUS:

3. Select the SUS category in the sidebar.

4. Enter a base URL for the SUS, and then click Change Base URL. For example, https://sus.mycompany.corp

5. If you want to store software update packages on the internal SUS, select the Store software updates on

this SUS checkbox.

When this checkbox is selected, clients install software updates from the internal SUS. When this checkbox is deselected, clients download and install software updates from Apple's Software Update Server.

6. Type a branch name in the Add Branch field, and then click Add SUS Branch.

Creating Additional Branches

If you want different user groups or clients to install different software updates, you can create additional branches in the SUS.

To create an additional SUS branch:

(8)

4. Type a branch name in the Add Branch field, and then click Add SUS Branch.

Managing Software Update Packages

This section explains how to do the following:

Update the list of available software update packages

Enable or disable software update packages for a branch

Updating the List of Available Software Update Packages

You can update the list of available software update packages by syncing your SUS with Apple’s Software Update server. This can be done manually or on a schedule.

To manually sync the SUS:

4. Click the Sync SUS button.

To create a sync schedule for the SUS:

(9)

Enabling or Disabling Software Update Packages

You can manually enable or disable packages for a branch, or you can choose to have a branch automatically enable all available updates.

To enable or disable packages:

4. Click the name of the branch you want to enable or disable packages for.

5. To manually enable or disable packages, select or deselect the checkboxes next to the packages.

6. If you want the branch to automatically enable all available updates, select the Automatically Enable New Updates checkbox below the list of packages.

7. Click the Apply button below the list of packages.

Using the SUS with the Casper Suite

(10)

Pointing Clients at a SUS Branch

There are several methods for pointing clients at a SUS branch:

Make a branch the root branch and add it to the JSS—You can make a branch the root branch using

the Appliance web application. Then, add the root branch to the JSS and use Casper Remote or a policy to point clients at the root branch.

Use Managed Preferences—Create and apply a Managed Preference to point clients at a SUS branch.

This requires that you have enabled Managed Preferences in the JSS.

Execute a command—Use Casper Remote or a policy to execute a command that points clients at a

SUS branch.

To make a branch the root branch and add it to the JSS: 1. Make a branch the root branch:

a. Log in to the Appliance web application with a web browser.

b. Click the Admin link at the top of the page.

c. Select the SUS category in the sidebar.

d. Click the name of the branch you want to make the root branch.

e. Select the Root Branch checkbox below the list of packages.

f. Click the Apply button below the list of packages.

2. Follow the instructions in the “Adding Software Update Servers” section of the Casper Suite Administrator’s

Guide to add the root branch to the JSS.

Enter the domain name of the base URL specified in the Appliance web application. For example, if your base URL is "https://sus.mycompany.corp/", enter "sus.mycompany.corp".

Enter “80” for the port.

(11)

To use Managed Preferences to point clients at a SUS branch:

Follow the instructions in the "Managed Preferences" section of the Casper Suite Administrator’s Guide to add the "Software Update Server" preference from the com.apple.SoftwareUpdate template.

In the Key Name field on the Definition tab, enter the branch URL. See “Branch URLs” for more information.

To execute a command that points clients at a SUS branch:

Use Casper Remote or a policy to execute the following command on client computers:

defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL <Branch URL>

Substitute <Branch URL> with the branch URL. See “Branch URLs” for more information.

Branch URLs

Branch URLs will vary depending on the operating system running on clients. Example branch URLs for clients running Mac OS X 10.5, 10.6, and 10.7 are listed below.

(12)

Installing Software Updates on Clients

(13)

Managing a NetBoot Server

Use the Appliance web application to easily set up and manage a NetBoot server.

Setting Up a NetBoot Server

The instructions in this section explain how to set up a NetBoot server for the first time. To set up a NetBoot server, you need a NetBoot image (.nbi folder). See the “Requirements” section for more information.

To set up a NetBoot server:

3. Select the NetBoot category in the sidebar.

4. Click the Upload NetBoot Image button.

You will be connected to the SMB share where NetBoot images are stored.

5. Enter credentials for the SMB share, and then click Connect.

6. Copy a NetBoot image (.nbi folder) to the SMB share.

Important: The name of the folder cannot contain any spaces.

Important: You must add a subnet that includes the IP address of the NetBoot server.

7. Return to the Appliance web application and refresh the page.

(14)

9. Choose the NetBoot image from the pop-up menu, and then click the Enable NetBoot button at the bottom of the page.

If NetBoot was successfully enabled, the NetBoot status icon turns green.

Using the NetBoot Server with the Casper Suite

Like standard NetBoot servers, you can add the NetBoot server created with the Appliance to the JSS. This allows you to use Casper Remote or a policy to boot client computers to a NetBoot image.

When adding the NetBoot server to the JSS, choose to boot the server to a default image, and enter the IP address specified in the Appliance web application.

For complete instructions on adding a NetBoot server to the JSS, see “Adding NetBoot Servers” in the

Casper Suite Administrator’s Guide.

Restarting the AFP and SMB Shares

You may need to restart the AFP or SMB share for troubleshooting purposes. This section explains how to restart these shares using the Appliance web application.

To restart the AFP or SMB share:

3. If you are restarting the AFP share, select the AFP category in the sidebar. If you are restarting the SMB share, select the SMB category in the sidebar.

(15)

Managing NetBoot/SUS Appliance Settings

This section explains how to:

Configure network settings

Change the server date and time

Configuring Network Settings

The following information is automatically populated in the Appliance web application:

Host name for the server

IP address

Netmask

Gateway

DNS servers

This section explains how to change these settings using the Appliance web application.

To change network settings:

3. Click the Network tab.

(16)

Changing the Server Date and Time

You can use the Appliance web application to change the date and time of your NetBoot server and/or SUS.

To change the server date and time:

3. Click the Date/Time tab.

4. Choose a time zone from the Current Time Zone pop-up menu.

5. (Optional) Enter the name of a network time server that you want to use to synchronize the date and time. For example, "pool.ntp.org".