Apple MAC OS X SERVER 10.5 System Imaging And Software Update Administration

Mac OS X Server

System Imaging and Software
Update Administration

For Version 10.5 Leopard

K

Apple Inc.

© 2007 Apple Inc. All rights reserved.

The owner or authorized user of a valid copy of
Mac OS X Server software may reproduce this
publication for the purpose of learning to use such
software. No part of this publication may be reproduced
or transmitted for commercial purposes, such as selling
copies of this publication or for providing paid-for
support services.

Every effort has been made to ensure that the
information in this manual is accurate. Apple Inc., is not
responsible for printing or clerical errors.

Apple
1 Infinite Loop
Cupertino CA 95014-2084
www.apple.com

The Apple logo is a trademark of Apple Inc., registered
in the U.S. and other countries. Use of the “keyboard”
Apple logo (Option-Shift-K) for commercial purposes
without the prior written consent of Apple may
constitute trademark infringement and unfair
competition in violation of federal and state laws.

Apple, the Apple logo, AppleShare, AppleTalk, Mac,
Macintosh, QuickTime, Xgrid, and Xserve are trademarks
of Apple Inc., registered in the U.S. and other countries.
Finder is a trademark of Apple Inc.

.Adobe and PostScript are trademarks of Adobe Systems
Incorporated.

Intel, Intel Core, Xeon are trademarks of Intel Corp. in the
U.S. and other countries.

™

PowerPC
International Business Machines Corporation, used
under license therefrom.

UNIX is a registered trademark of The Open Group.

Other company and product names mentioned herein
are trademarks of their respective companies. Mention
of third-party products is for informational purposes
only and constitutes neither an endorsement nor a
recommendation. Apple assumes no responsibility with
regard to the performance or use of these products.

019-0944/2007-09-01

and the PowerPC logo™ are trademarks of

Contents

1

Preface 9 About This Guide

9

What’s New in System Imaging and Software Update

9

What’s in This Guide

10

Using This Guide

10

Using Onscreen Help

11

Mac OS X Server Administration Guides

12

Viewing PDF Guides on Screen

12

Printing PDF Guides

13

Getting Documentation Updates

13

Getting Additional Information

Part I System Imaging Administration

Chapter 1 17 Understanding System Imaging

18

Inside NetBoot Service

18
18
19
19
19

20

21

21
22
22
22
22
23
23
24
24
24

Disk Images
NetBoot Share Points
Using NetBoot and NetInstall Images on Other Servers
Client Information File
Shadow Files
NetBoot Image Folder
Property List File
Boot Server Discovery Protocol (BSDP)
BootP Server
Boot Files
Trivial File Transfer Protocol
Using Images Stored on Other Servers

Security
NetInstall Images
Tools for Managing NetBoot Service

Server Admin

Workgroup Manager

3

25
25

System Image Utility

Command-Line Tools

Chapter 2 27 Creating NetBoot and NetInstall Images

27

Using System Image Utility

27

Creating Images

27
29
30

31
32
32
33
34
34
34
35
36
36
37
37
38
38
38
39
39
40

41

41

41

Creating NetBoot Images
Creating NetInstall Images

Creating an Image from a Configured Computer
Understanding Workflows
Workflow Components

Configuring the Customize Package Selection Action

Configuring the Define Image Source Action

Configuring the Add Packages and Post-Install Scripts Action

Configuring the Add User Account Action

Configuring the Apply System Configuration Settings Action

Configuring the Create Image Action

Configuring the Enable Automated Installation Action

Configuring the Filter Clients by MAC Address Action

Configuring the Filter Computer Models Action

Configuring the Partition Disk Action
Assembling Workflows

Adding Existing Workflows

Adding Existing Workflows

Removing Workflows

Assembling an Image Workflow
Adding Software to NetBoot and NetInstall Images

About Packages

Creating Packages

Viewing the Contents of a Package

Chapter 3 43 Setting Up NetBoot Service

43

Setup Overview

45

Before Setting Up NetBoot Service

45
45
46
46
46
47
48
48
48

4

What You Must Know

Client Computer Requirements

Network Hardware Requirements

Network Service Requirements

Capacity Planning

Serial Number Considerations
Turning NetBoot Service On
Setting Up NetBoot Service

Configuring General Settings

Contents

49
49
50
50

51

51
52
52
53
53
54
55
55

Configuring Images Settings
Configuring Filters Settings
Configuring Logging Settings
Starting NetBoot and Related Services

Managing Images

Enabling Images
Choosing Where Images Are Stored
Choosing Where Shadow Files Are Stored
Using Images Stored on Remote Servers
Specifying the Default Image

Setting an Image for Diskless Booting
Restricting NetBoot Clients by Filtering Addresses
Setting Up NetBoot Service Across Subnets

Chapter 4 57 Setting Up Clients to Use NetBoot and NetInstall Images

57

Setting Up Diskless Clients

57

Selecting a NetBoot Boot Image

58

Selecting a NetInstall Image

58

Starting Up Using the N Key

59

Changing How NetBoot Clients Allocate Shadow Files

Chapter 5 61 Managing NetBoot Service

61

Controlling and Monitoring NetBoot

61
62
62
63
63
64
64
64
64
65
66
67

Turning Off NetBoot Service
Disabling a Boot or Installation Image
Viewing a List of NetBoot Clients
Viewing a List of NetBoot Connections
Checking the Status of NetBoot and Related Services
Viewing the NetBoot Service Log

Performance and Load Balancing

Load Balancing NetBoot Images
Distributing NetBoot Images Across Servers
Distributing NetBoot Images Across Server Disk Drives
Balancing NetBoot Image Access
Distributing Shadow Files

Chapter 6 69 Solving System Imaging Problems

69

General Tips

69

If NetBoot Client Computers Won’t Start

70

If You Want to Change the Image Name

70
70

Changing the Name of an Uncompressed Image
Changing the Name of a Compressed Image

Contents

5

Part II Software Update Administration

Chapter 7 75 Understanding Software Update Administration

75

Inside the Software Update Process

76
76
76
77
77
77
77
77
78
78 Tools for Managing Software Update Service
78 Server Admin
79 Workgroup Manager
79 Command-Line Tools

Chapter 8 81 Setting Up the Software Update Service

81 Setup Overview
82 Before Setting Up Software Update
82 What You Must Know
83 Client Computer Requirements
83 Network Hardware Requirements
83 Capacity Planning
84 Before Setting Up Software Update
84 Consider Which Software Update Packages to Offer
84 Software Update Storage
85 Organize Your Enterprise Client Computers
85 Turning Software Update Service On
86 Setting Up Software Update
86 Configuring General Settings
87 Configuring Updates Settings
87 Starting Software Update
88 Pointing Unmanaged Clients to a Software Update Server

Overview
Catalogs
Installation Packages
Staying Up-To-Date with the Apple Server
Limiting User Bandwidth
Revoked Files
Software Update Package Format
Log Files

Information That Is Collected

Chapter 9 89 Managing the Software Update Service

89 Manually Refreshing the Updates Catalog from the Apple Server
90 Checking the Status of the Software Update Service
90 Stopping the Software Update Service
90 Limiting User Bandwidth for the Software Update Service

91 Automatically Copying and Enabling Updates from Apple

91 Copying and Enabling Selected Updates from Apple

6

Contents

92 Removing Obsolete Software Updates
92 Removing Updates from a Software Update Server
93 Identifying Individual Software Update Files

Chapter 10 95 Solving Software Update Service Problems

95 General Tips
95 If a Client Computer Can’t Access the Software Update server
95 If the Software Update Server Won’t Sync with the Apple Server
95 If Update Packages That the Software Update Server Lists Aren’t Visible to Client

Computers

Index 10 3

Contents 7

8 Contents

About This Guide

This guide describes how to configure and use NetBoot
and NetInstall images within Mac OS X Server. It also
describes the Software Update service you can set up
using Mac OS X Server.

Mac OS X Server v10.5 Leopard includes NetBoot service supporting NetBoot and
NetInstall images and the improved System Image Utility—a stand-alone utility used to
create Install and Boot images used with NetBoot service.

Mac OS X Server v10.5 Leopard is Apple’s Software Update Server. It is designed as a
source for Apple Software Updates managed on your network. With Software Update
service, you can directly manage which Apple Software Updates users on your network
can access and apply to their computers.

Preface

What’s New in System Imaging and Software Update

NetBoot service, System Imaging Utility, and Software Update service in Mac OS X
Server v10.5 Leopard include the following valuable new features:

 System Image Utility has major user interface enhancements.

 System Image Utility allows auto-partitioning.

 System Image Utility can add files and preinstall scripts to a NetInstall image.

 System Image Utility provides address filtering for images. Served images can be

made visible to certain clients on a per image basis.

What’s in This Guide

This guide is organized as follows:

 Part I—System Imaging Administration. The chapters in this part of the guide

introduce you to system imaging and the applications and tools available for
administering system imaging services.

9

 Part II—Software Update Administration. The chapters in this part of the guide

introduce you to the Software Update service and the applications and tools
available for administering it.

Note: Because Apple periodically releases new versions and updates to its software,
images shown in this book may be different from what you see on your screen.

Using This Guide

The following list contains suggestions for using this guide:

 Read the guide in its entirety. Subsequent sections might build on information and

recommendations discussed in prior sections.

 The instructions in this guide should always be tested in a nonoperational

environment before deployment. This non-production environment should simulate,
as much as possible, the environment where this NetBoot/NetInstall environment
will be deployed.

Using Onscreen Help

You can get task instructions onscreen in Help Viewer while you’re managing Leopard
Server. You can view help on a server or an administrator computer. (An administrator
computer is a Mac OS X computer with Leopard Server administration software
installed on it.)

To get help for an advanced configuration of Leopard Server:

m Open Server Admin or Workgroup Manager and then:

 Use the Help menu to search for a task you want to perform.

 Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse

and search the help topics.

The onscreen help contains instructions taken from Server Administration and other
advanced administration guides described in “Mac OS X Server Administration Guides,”
next.

To see the most recent server help topics:

m Make sure the server or administrator computer is connected to the Internet while

you’re getting help.

Help Viewer automatically retrieves and caches the most recent server help topics
from the Internet. When not connected to the Internet, Help Viewer displays cached
help topics.

10 Preface About This Guide

Mac OS X Server Administration Guides

Getting Started covers installation and setup for standard and workgroup configurations
of Product Name. For advanced configurations, Server Administration covers planning,
installation, setup, and general server administration. A suite of additional guides, listed
below, covers advanced planning, setup, and management of individual services.

You can get these guides in PDF format from the Mac OS X Server documentation
website:

www.apple.com/server/documentation

This guide ... tells you how to:

Getting Started and
Installation & Setup Worksheet

Command-Line Administration Install, set up, and manage Mac OS X Server using UNIX command-

File Services Administration Share selected server volumes or folders among server clients

iCal Service Administration Set up and manage iCal shared calendar service.

iChat Service Administration Set up and manage iChat instant messaging service.

Mac OS X Security Configuration Make Mac OS X computers (clients) more secure, as required by

Mac OS X Server Security
Configuration

Mail Service Administration Set up and manage IMAP, POP, and SMTP mail services on the

Network Services Administration Set up, configure, and administer DHCP, DNS, VPN, NTP, IP firewall,

Open Directory Administration Set up and manage directory and authentication services, and

Podcast Producer Administration Set up and manage Podcast Producer service to record, process,

Print Service Administration Host shared printers and manage their associated queues and print

QuickTime Streaming and
Broadcasting Administration

Server Administration Perform advanced installation and setup of server software, and

System Imaging and Software
Update Administration

Install Mac OS X Server and set it up for the first time.

line tools and configuration files.

using the AFP, NFS, FTP, and SMB protocols.

enterprise and government customers.

Make Product Name and the computer it’s installed on more
secure, as required by enterprise and government customers.

server.

NAT, and RADIUS services on the server.

configure clients to access directory services.

and distribute podcasts.

jobs.

Capture and encode QuickTime content. Set up and manage
QuickTime streaming service to deliver media streams live or on
demand.

manage options that apply to multiple services or to the server as a
whole.

Use NetBoot, NetInstall, and Software Update to automate the
management of operating system and other software used by
client computers.

Preface About This Guide 11

This guide ... tells you how to:

Upgrading and Migrating Use data and service settings from an earlier version of Product

Name or Windows NT.

User Management Create and manage user accounts, groups, and computers. Set up

managed preferences for Mac OS X clients.

Web Technologies Administration Set up and manage web technologies, including web, blog,

webmail, wiki, MySQL, PHP, Ruby on Rails, and WebDAV.

Xgrid Administration and High
Performance Computing

Mac OS X Server Glossary Learn about terms used for server and storage products.

Set up and manage computational clusters of Xserve systems and
Mac computers.

Viewing PDF Guides on Screen

While reading the PDF version of a guide onscreen:

 Show bookmarks to see the guide’s outline, and click a bookmark to jump to the

corresponding section.

 Search for a word or phrase to see a list of places where it appears in the document.

Click a listed place to see the page where it occurs.

 Click a cross-reference to jump to the referenced section. Click a web link to visit the

website in your browser.

Printing PDF Guides

If you want to print a guide, you can take these steps to save paper and ink:

 Save ink or toner by not printing the cover page.

 Save color ink on a color printer by looking in the panes of the Print dialog for an

option to print in grays or black and white.

 Reduce the bulk of the printed document and save paper by printing more than one

page per sheet of paper. In the Print dialog, change Scale to 115% (155% for Getting
Started). Then choose Layout from the untitled pop-up menu. If your printer supports
two-sided (duplex) printing, select one of the Two-Sided options. Otherwise, choose
2 from the Pages per Sheet pop-up menu, and optionally choose Single Hairline from
the Border menu. (If you’re using Mac OS X v10.4 or earlier, the Scale setting is in the
Page Setup dialog and the Layout settings are in the Print dialog.)

You may want to enlarge the printed pages even if you don’t print double sided,
because the PDF page size is smaller than standard printer paper. In the Print dialog
or Page Setup dialog, try changing Scale to 115% (155% for Getting Started, which has
CD-size pages).

12 Preface About This Guide

Getting Documentation Updates

Periodically, Apple posts revised help pages and new editions of guides. Some revised
help pages update the latest editions of the guides.

 To view new onscreen help topics for a server application, make sure your server or

administrator computer is connected to the Internet and click “Latest help topics” or
“Staying current” in the main help page for the application.

 To download the latest guides in PDF format, go to the Mac OS X Server

documentation website:

www.apple.com/server/documentation

Getting Additional Information

For more information, consult these resources:

 Read Me documents—important updates and special information. Look for them on

the server discs.

 Mac OS X Server website (www.apple.com/server/macosx)—gateway to extensive

product and technology information.

 Mac OS X Server Support website (www.apple.com/support/macosxserver)—access to

hundreds of articles from Apple’s support organization.

 Apple Training website (www.apple.com/training)—instructor-led and self-paced

courses for honing your server administration skills.

 Apple Discussions website (discussions.apple.com)—a way to share questions,

knowledge, and advice with other administrators.

 Apple Mailing Lists website (www.lists.apple.com)—subscribe to mailing lists so you

can communicate with other administrators using email.

 Open Source website (developer.apple.com/darwin/)—Access to Darwin open source

code, developer information, and FAQs.

Preface About This Guide 13

14 Preface About This Guide

Part I: System Imaging

Administration

The chapters in this part of the guide introduce you to
system imaging and the applications and tools available for
administering system imaging services.

Chapter 1 Understanding System Imaging

Chapter 2 Creating NetBoot and NetInstall Images

Chapter 3 Setting Up NetBoot Service

Chapter 4 Setting Up Clients to Use NetBoot and NetInstall Images

Chapter 5 Managing NetBoot Service

Chapter 6 Solving System Imaging Problems

I

1 Understanding System Imaging

1

This chapter describes how to start client computers using an
operating system stored on a server and how to install
software on client computers over the network.

The NetBoot and NetInstall features of Mac OS X Server offer you alternatives for
managing the operating system and application software that your Macintosh clients
(or even other servers) require to start and do their work.

Instead of going from computer to computer to install operating system and
application software from CDs, you can prepare an installation image that installs on
each computer when it starts up.

You can also choose to not install software and have client computers start (or boot)
from an image stored on the server. (In some cases, clients don’t even need their own
disk drives.)

Using NetBoot and NetInstall, your client computers can start from a standardized
Mac OS configuration suited to specific tasks. Because the client computers start from
the same image, you can quickly update the operating system for users by updating a
single boot image.

A boot image is a file that looks and acts like a mountable disk or volume. NetBoot
images contain the system software needed to act as a startup disk for client
computers over the network.

An installation image is an image that starts up the client computer long enough to
install software from the image. The client can then start up from its own hard drive.

Boot images (NetBoot) and installation images (NetInstall) are different kinds of disk
images. The main difference is that a .dmg file is a proper disk image and a .nbi folder is
a bootable network volume (which in the end contains a .dmg disk image file). Disk
images are files that behave like disk volumes.

17

You can set up multiple NetBoot or NetInstall images to suit the needs of different
groups of clients or provide copies of the same image on multiple NetBoot servers to
distribute the client startup load.

NetBoot service can be used with NetBoot and NetInstall images along with Mac OS X
client management services to provide a personalized work environment for each user.
For information about client management services, see User Management.

You can use the following Mac OS X Server applications to set up and manage NetBoot
and NetInstall:

 System Image Utility to create Mac OS X NetBoot and NetInstall disk images. This

utility is installed with Mac OS X Server software in the /Applications/Server/ folder.

 Server Admin to enable and configure NetBoot service and supporting services. This

utility is installed with Mac OS X Server software in the /Applications/Server/ folder.

 PackageMaker to create package files that you use to add software to disk images.

This utility is provided on the Mac OS X Server Administration Tools CD.

 Property List Editor to edit property lists such as NBImageInfo.plist. This utility is

included on the Mac OS X Server Administration Tools CD.

Inside NetBoot Service

This section describes how NetBoot service is implemented on Mac OS X Server,
including information about the protocols, files, folder structures, and configuration
details.

Disk Images

The disk images contain the system software and applications used over the network
by client computers. These tools can be installed on a client computer with the
Mac OS X Server Administration Tools CD. The name of a disk image file typically ends in
.img or .dmg. Disk Utility—part of Mac OS X—can mount disk image files as volumes
on the desktop.

You use System Image Utility to create Mac OS X NetBoot or NetInstall images, using a
Mac OS X installation disc or an existing system volume as the source. See “Creating
Images” on page 27.

NetBoot Share Points

NetBoot service sets up share points to make images and shadow files available to
clients. Shadow files are used for NetBoot clients that don’t use their local hard drives
to write out data when booted.

NetBoot service creates share points for storing NetBoot and NetInstall images in
/Library/NetBoot/ on each volume you enable and names them NetBootSPn, where n is
0 for the first share point and increases by 1 for each extra share point.

18 Chapter 1 Understanding System Imaging

For example, if you decide to store images on three server disks, NetBoot service sets
up three share points named NetBootSP0, NetBootSP1, and NetBootSP2.

The share points for client shadow files are also created in /Library/NetBoot/ and are
named NetBootClientsn.

You can create and enable NetBootSPn and NetBootClientsn share points on other
server volumes using the NetBoot service General settings in Server Admin.

WARNING: Don’t rename a NetBoot share point or the volume it resides on. Don’t

stop sharing a NetBoot share point unless you first deselect the share point for
images and shadow files in Server Admin.

Using NetBoot and NetInstall Images on Other Servers

You can also specify the path of a NetBoot image residing on a different NFS server.
When creating image files, you can specify which server the image will reside on. See
“Using Images Stored on Remote Servers” on page 53.

Client Information File

NetBoot service gathers information about a client the first time a client selects a
NetBoot or NetInstall volume to start from the Startup Disk. NetBoot service stores this
information in the /var/db/bsdpd_clients file.

Shadow Files

Many clients can read from the same NetBoot image, but when a client must write
back to its startup volume (such as print jobs and other temporary files), NetBoot
service redirects the written data to the client’s shadow files, which are separate from
regular system and application software.

Shadow files preserve the unique identity of each client while it is running from a
NetBoot image. NetBoot service transparently maintains changed user data in shadow
files while reading unchanged data from the shared system image. Shadow files are
recreated at startup, so changes made to a user’s startup volume are lost at restart.

For example, if a user saves a document to the startup volume, after a restart that
document will be gone. This behavior preserves the condition of the environment the
administrator set up. Therefore users must have accounts on a file server on the
network to save documents.

Balancing the Shadow File Load

NetBoot service creates an AFP share point on each server volume you specify (see
“Choosing Where Shadow Files Are Stored” on page 52) and distributes client shadow
files across them as a way of balancing the load for NetBoot clients. There is no
performance gain if the volumes are partitions on the same disk. See “Distributing
Shadow Files” on page 67.

Chapter 1 Understanding System Imaging 19

Allocation of Shadow Files for Mac OS X NetBoot Clients

When a client computer starts from a Mac OS X NetBoot image, it creates shadow files
on a server NetBootClientsn share point or, if no share point is available, on a drive local
to the client. For information about changing this behavior, see “Choosing Where
Shadow Files Are Stored” on page 52.

NetBoot Image Folder

When you create a Mac OS X NetBoot image with System Image Utility, the utility
creates a NetBoot image folder whose name ends with “.nbi” and stores in it the
NetBoot image with other files (see the following table) required to start a client
computer over the network.

File Description

booter Startup file that the firmware uses to begin the startup process

mach.macosx UNIX kernel

mach.macosx.mkext Drivers

System.dmg Startup image file (can include application software)

NBImageInfo.plist Property list file

System Image Utility stores the folder whose name ends with .nbi on the NetBoot
server in /Library/NetBoot/NetBootSPn/image.nbi (where n is the volume number and
image is the name of the image). You can save directly to this folder or you can create
the image elsewhere (even on another computer) and copy it to the
/Library/NetBoot/NetBootSPn folder at a later time.

Files for PowerPC-based Macintosh computers are stored under the ppc folder for
Leopard images, while previous images may have the PowerPC files stored in the root
of the .nbi folder. Files for Intel-based Macintosh computers are stored in the i386
folder.

You use System Image Utility to set up NetBoot image folders. The utility lets you:

 Name the image

 Choose the image type (NetBoot or NetInstall)

 Provide an image ID

 Choose the default language

 Choose the computer models the image will support

 Create unique sharing names

 Specify a default user name and password

 Enable automatic installation for installation images

 Add package or preinstalled applications

For more information, see “Creating NetBoot Images” on page 27.

20 Chapter 1 Understanding System Imaging

Property List File

The property list file (NBImageInfo.plist) stores image properties. The following table
gives more information about the property list for Mac OS X image files.

Property Type Description

Architectures Array An array of strings of the architectures the image supports.

BootFile String Name of boot file: booter.

Index Integer 1–4095 indicates a local image unique to the server.

4096–65535 is a duplicate, identical image stored on multiple servers
for load balancing.

IsDefault Boolean True specifies this image file as the default boot image on the subnet.

IsEnabled Boolean Sets whether the image is available to NetBoot (or Network Image)

clients.

IsInstall Boolean Tru e specifies a Network Install image; False specifies a NetBoot image.

Name String Name of the image as it appears in the Mac OS X Preferences pane.

RootPath String Specifies the path to the disk image on the server, or the path to an

image on another server. See “Using Images Stored on Other Servers”
on page 22.

Type String NFS or HTTP.

SupportsDiskless Boolean True directs the NetBoot server to allocate space for the shadow files

needed by diskless clients.

Description String Text describing the image.

Language String A code specifying the language to be used while starting from the

image.

Initial values in NBImageInfo.plist are set by System Image Utility and you usually don’t
need to change the property list file directly. Some values are set by Server Admin. If
you must edit a property list file, you can use TextEdit or Property List Editor, found in
the Utilities folder on the Mac OS X Server Administration Tools CD.

Boot Server Discovery Protocol (BSDP)

NetBoot service uses an Apple-developed protocol based on DHCP known as Boot
Server Discovery Protocol (BSDP). This protocol provides a way of discovering NetBoot
servers on a network.

NetBoot clients obtain their IP information from a DHCP server and their NetBoot
information from BSDP. BSDP offers built-in support for load balancing. See
“Performance and Load Balancing” on page 64.

Chapter 1 Understanding System Imaging 21

BootP Server

NetBoot service uses a BootP server (bootpd) to provide necessary information to client
computers when they try to start from an image on the server.

If you have BootP clients on your network and they request an IP address from the
NetBoot BootP server, this request will fail because the NetBoot BootP server doesn’t
have addresses to offer. To prevent the NetBoot BootP server from responding to
requests for IP addresses, use the dscl command-line tool to open the local folder on
the NetBoot server and add a key named bootp_enabled with no value to the /config/

folder.

dhcp/

Boot Files

When you create a Mac OS X NetBoot image with System Image Utility, the utility
generates the following boot files and stores them on the NetBoot server in /Library/
NetBoot/NetBootSPn/image.nbi (where n is the volume number and image is the name
of the image):

 booter

 mach.macosx

 mach.macosx.mkext

Note: If you turn on NetBoot service when installing Mac OS X Server, the installer
creates the NetBootSP0 share point on the server boot volume. Otherwise, you can set
up NetBootSPn share points by choosing where to store NetBoot images from the list
of volumes in the General pane of NetBoot service settings in Server Admin.

Trivial File Transfer Protocol

NetBoot service uses Trivial File Transfer Protocol (TFTP) to send boot files from the
server to the client. When you start a NetBoot client, the client sends a request for
startup software. The NetBoot server then delivers the booter file to the client using
TFTP default port 69.

Client computers access the startup software on the NetBoot server from the location
where the image was saved.

These files are typically stored in the /private/tftpboot/NetBoot/NetBootSPn/ folder.
This path is a symbolic link to Library/NetBoot/NetBootSPn/image.nbi (where n is the
volume number and image is the name of the image).

Using Images Stored on Other Servers

You can store Mac OS X NetBoot or NetInstall images on NFS servers other than the
NetBoot server. For more information, see “Using Images Stored on Remote Servers” on
page 53.

22 Chapter 1 Understanding System Imaging

Security

You can restrict access to NetBoot service on a case-by-case basis by listing the
hardware addresses (also known as the Ethernet or MAC addresses) of computers that
you want to permit or deny access to.

The hardware address of a client computer is added to the NetBoot Filtering list when
the client starts up using NetBoot and is, by default, enabled to use NetBoot service.
You can specify other services. See “Restricting NetBoot Clients by Filtering Addresses”
on page 55.

NetInstall Images

A NetInstall image is an image that starts up the client computer long enough to install
software from the image. The client can then start up from its own hard drive. Just as a
NetBoot image replaces the role of a hard drive, a NetInstall image is a replacement for
an installation DVD.

Like a bootable CD, NetInstall is a convenient way to reinstall the operating system,
applications, or other software onto the local hard drive. For system administrators
deploying large numbers of computers with the same version of Mac OS X, NetInstall
can be very useful. NetInstall does not require the insertion of a CD into each NetBoot
client because startup and installation information is delivered over the network.

When you create a NetInstall image with System Image Utility, you can automate the
installation process by limiting interaction at the client computer.

Because an automatic network installation can be configured to erase the contents of
the local hard drive before installation, data loss can occur. You must control access to
this type of NetInstall image and must communicate the implications of using them to
those using these images. Before using automatic network installations, it is always
wise to inform users to back up critical data.

You can perform software installations using NetInstall using a collection of packages
or an entire disk image (depending on the source used to create the image).

For more information about preparing NetInstall images to install software over the
network, see “Creating NetInstall Images” on page 29.

Chapter 1 Understanding System Imaging 23

Tools for Managing NetBoot Service

The Server Admin and System Image Utility applications provide a graphical interface
for managing NetBoot service in Mac OS X Server. In addition, you can manage
NetBoot service from the command line by using Terminal.

These applications are included with Mac OS X Server and can be installed on another
computer with Mac OS X v10.5 or later, making that computer an administrator
computer. For more information about setting up an administrator computer, see the
server administration chapter of Getting Started.

Server Admin

The Server Admin application provides access to tools you use to set up, manage, and
monitor NetBoot service and other services. You use Server Admin to:

 Set up Mac OS X Server as a DHCP server and configure NetBoot service to use

NetBoot and NetInstall images. For instructions, see Chapter 3, “Setting up NetBoot
Service.”

 Manage and monitor NetBoot service. For instructions, see Chapter 5, “Managing

NetBoot Service.”

For more information about using Server Admin, see Server Administration. This guide
includes information about:

 Opening and authenticating in Server Admin

 Working with specific servers

 Administering services

 Using SSL for remote server administration

 Customizing the Server Admin environment

Server Admin is installed in /Applications/Server/.

Workgroup Manager

The Workgroup Manager application provides comprehensive management of clients
of Mac OS X Server. For basic information about using Workgroup Manager, see User
Management. This includes:

 Opening and authenticating in Workgroup Manager

 Administering accounts

 Customizing the Workgroup Manager environment

Workgroup Manager is installed in /Applications/Server/.

24 Chapter 1 Understanding System Imaging

System Image Utility

System Image Utility is a tool you use to create and customize NetBoot and NetInstall
images. With System Image Utility, you can:

 Create NetBoot images that can be booted to the Finder.

 Create NetInstall images from a DVD or existing Mac OS X partition.

 Assemble a workflow that creates customized NetBoot and NetInstall images.

For instructions on using System Image Utility, see Chapter 2.

System Image Utility is installed in /Applications/Server/.

Command-Line Tools

A full range of command-line tools is available for administrators who prefer to use
command-driven server administration. For remote server management, submit
commands in a secure shell (SSH) session. You can enter commands on Mac OS X
servers and computers using the Terminal application, located in the /Applications/
Utilities/ folder.

For information about useful command-line tools, see Command-Line Administration.

Chapter 1 Understanding System Imaging 25

26 Chapter 1 Understanding System Imaging

2 Creating NetBoot and NetInstall

Images

2

This chapter provides instructions for preparing NetBoot or
NetInstall images you can use with NetBoot service.

You can set up multiple NetBoot or NetInstall images to suit the needs of different
groups of clients or to provide copies of the same image on multiple servers to
distribute the client startup load. Using NetBoot service, you can provide a
personalized work environment for each client computer user.

Using System Image Utility

System Image Utility is a tool you use to create and customize NetBoot and NetInstall
images.

With System Image Utility, you can:

 Create NetBoot images that can be booted to the Finder.

 Create NetInstall images from a DVD or existing Mac OS X partition.

 Assemble a workflow that creates customized NetBoot and NetInstall images.

Creating Images

To create system and software images to use with NetBoot service, you use System
Image Utility.

 Creating NetBoot Images.

 Creating NetInstall Images.

Note: To create an image, you must have valid Mac OS X 10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.

Creating NetBoot Images

You can create NetBoot images of Mac OS X that are then used to start client
computers over the network.

27

You can also assemble a workflow to create a NetBoot image that permits advanced
customization of your images. For more information, see “Understanding Workflows”
on page 31.

Note: You must purchase a Mac OS X user license for each client that starts from a
NetBoot or NetInstall disk image.

To create a NetBoot image:

1 Log in as an administrator user.

2 Open System Image Utility (in the /Applications/Server/ folder).

3 In the left sidebar select the image source.

If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or
later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume.

Note: To create an image, you must have valid Mac OS X v10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.

4 Select NetBoot Image and click Continue.

5 In the Image Name field, enter a name for your image.

This name identifies the image in the Startup Disk preferences pane on client
computers.

6 (Optional) In the Description field, enter notes or other information to help you

characterize the image.

Clients can’t see the description information.

7 If the image will be served from more than one server select the checkbox below the

description field.

This option generates an index ID for NetBoot server load balancing.

8 If your source volume is a Mac OS X Installation DVD, enter a user name, short name,

and password (in the Password and Verify fields) for the administrator account in Create
Administrator Account.

You can log in to a booted client using this account.

9 Click Create.

10 In the Save As dialog, choose where to save the image.

If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.

NetBoot service must be configured on a network port and Server Admin must be set
to serve images from a volume for this option to appear in the pop-up menu. For more
information, see “Setting Up NetBoot Service” on page 48.

28 Chapter 2 Creating NetBoot and NetInstall Images

To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.

11 Click Save and authenticate if prompted.

Important: Do not attempt to edit content in the image destination folder while the

image is being created.

Creating NetInstall Images

Use System Image Utility to create a NetInstall image that you can use to install
software on client computers over the network. You can find this application in the
/Applications/Server/ folder.

To create a NetInstall image:

1 Log in as an administrator user.

2 Open System Image Utility (in the /Applications/Server/ folder).

3 In the left sidebar select the image source.

If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or
later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume.

Note: To create an image, you must have valid Mac OS X v10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.

4 Select NetInstall Image and click Continue.

5 In the Image Name field, enter a name for your image.

This name identifies the image in the Startup Disk preferences pane on client
computers.

6 (Optional) In the Description field, enter notes or other information to help you

characterize the image.

Clients can’t see the description information.

7 If the image will be served from more than one server, select the checkbox below the

description field.

This assigns an index ID to the image for NetBoot service load balancing.

8 Click Create.

9 In the Save As dialog, choose where to save the image.

If you don’t want to use the image name you entered earlier, change it by entering a
new name in the Save As field.

If you’re creating the image on the same server that will serve it, choose a volume from
the “Serve from NetBoot share point on” pop-up menu.

Chapter 2 Creating NetBoot and NetInstall Images 29

NetBoot service must be configured on a network port and Server Admin must be set
to serve images from a volume for this option to appear in the pop-up menu. For more
information, see “Setting Up NetBoot Service” on page 48.

To save the image somewhere else, choose a location from the Where pop-up menu or
click the triangle next to the Save As field and navigate to a folder.

10 Click Save and authenticate if prompted.

Important: Do not attempt to edit content in the image destination folder while the

image is being created.

Creating an Image from a Configured Computer

If you have a client computer that’s configured for users, you can use System Image
Utility to create a NetBoot or NetInstall image based on that client configuration.

You must start up from a volume other than the one you’re using as the image source.
For example, you could start up from an external FireWire hard disk or a second
partition on the client computer hard disk. You can’t create the image on a volume over
the network.

To create an image based on an existing system:

1 Start up the computer from a partition other than the one you’re imaging.

2 Install System Image Utility on the client computer from the Mac OS X Server

Administration Tools CD.

3 Open System Image Utility on the client computer (in the /Applications/Server/ folder).

4 In the left sidebar select the image source.

If no image sources are listed, make sure you have inserted a valid Mac OS X v10.5 or
later installation DVD or have mounted a valid Mac OS X v10.5 or later boot volume.

Note: To create an image, you must have valid Mac OS X v10.5 image sources (either
volumes or installation DVDs). You cannot create an image of the startup disk you are
running on.

5 From the expanded list, select the image source.

6 Select NetBoot Image or NetInstall Image and click Continue.

Select NetBoot if your client computers will start up from this image.

Select NetInstall if your image will be installed on a computer disk drive.

7 In the Image Name field, enter a name for your image.

This name identifies the image in the Startup Disk preferences pane on client
computers.

8 (Optional) In the Description field, enter notes or other information to help you

characterize the image.

30 Chapter 2 Creating NetBoot and NetInstall Images