Managing Your Loadset, Post-Deploy
Volume Number: 24 (2008)
Issue Number: 01
Column Tag: Network Administration
Managing Your Loadset, Post-Deploy
How to keep machines up to date
from a central location
by Brian Best
Introduction
So, you've finally done it. All of your software is updated and volume-licensed. You've built your disk images. Your NetBoot restore server is up and running for deployment. And finally, the dream of easy reloads and setups of your Macs has come to fruition.
Then that tiny little update comes out: the critical bug fix that's not part of your Loadset. Or you've discovered a small glitch in your logout hook. What do you do now? One way would be to deploy your Loadset on a clean system. Install the update. Then re-image and redeploy. Yuck. All that work for a simple updater, and another one will likely be there tomorrow.
You could go back to "sneaker-net". Load the files on to a flash drive and walk it around to your workstations. Double yuck.
Building disk images for deploying loadsets is fantastic when you are wiping an entire volume and reloading all of the "installables". But sometimes you need more precise ways of making minor changes to your Loadset. Better yet, software that can manage and track these changes is ideal.
In this article, we'll explore solutions for managing your Loadset, post-deployment. Our focus will be on products that can run exclusively on the Mac: Apple Remote Desktop (with Task Server and Package Builder), University of Michigan's Radmind tools, FileWave, and LANrev.
Other solutions may exist, like LanDesk, for example. LanDesk has a client for Mac OS X that will accomplish our goal. However, since LanDesk's server component can only run on a Windows server, it does not fit our criteria.
One more exclusion that I'm sad to make, and it certainly won't win me any popularity contests here in Jayhawk-country: I have to exclude netOctopus by Motorola nee Netopia. I have concerns about the future of the Mac development of netOctopus now that it's no longer in the hands of a company that has a strong history of Mac development and support. The fact that it has not been updated in over a year, and that it's not a Universal Binary lends credence. I'd ask some of the developers at Netorola, but I'm sure they are under some kind of hush order. Hopefully I'm wrong and they are too busy trying to get the new version out the door to take my call anyway.
At the end, we'll look at how these tools handle the new challenge to the Mac admin: Windows. Many new Mac purchases are predicated on the fact that the user has either BootCamp or virtualization of a Windows OS at their fingertips. Most of the time, it's so they can continue to run just one or two Windows-only apps, but we all know how vital it is to keep Windows well-patched and virus-defined.
Apple Remote Desktop
It's conceivable that you already have ARD in your arsenal of network tools. If so, you can leverage it for simple software deployments using both the "Install Package" and "Copy Files" features.
Install Packages is most useful for any Apple deployment, as they will already be in the ".pkg" based in .pkg format. Granted, if you're running Mac OS X Server, you can use its ability to mirror Apple's updates. However, since many third party installs are now also based on packages, using ARD for the process becomes more appealing. In addition to being easy to deploy, you get the added benefit of having a receipt left over for things like permission repair. The process is relatively simple. Select your target computers, add the package (or packages) to the "Install Packages" dialog. Set your options, which include whether or not to reboot (which in the case of certain installs like an OS update is mandatory), where to run the task (see below), and how to deal with problems like interruptions or network bandwidth.
Figure 1 - Using ARD to install packages
One of the greatest new features in ARD 3 is the Task Server capability. It does require another license of ARD, but the extra expense is worth it, if you plan to use this solution for Loadset Management. While ARD tasks can be scheduled (note the button in the lower right) it's often difficult to catch those MacBook users while they're running out of the building. If you have a task server setup in your preferences, you can assign the "Install Packages" command to be performed by it. In addition to freeing up your computer for other tasks, the Task Server will watch for unavailable target computers to come on-line and perform the install when it sees them. While this may not be ideal for OS updates (since the user may abruptly reboot), for simple updaters it may be just the thing to ensure everyone stays current.
What if the items you want to install are not part of a Package file? ARD can still fit the bill. It includes PackageMaker for making your own .pkg distributions. How to use it is beyond the scope of this article, but if you pull out your December 2006 MacTech, there's a great how-to on PackageMaker.
Even if PackageMaker is more complex than you want, you can still leverage the "Copy Items" function of Apple Remote Desktop. When you get right down to it, an installer is really doing up to two things: copying files to the right locations, and executing pre and post flight scripts. Many non-Package installs don't even do the scripts part: they are just disk images that tell you to drag-and-drop files on to your Applications folder.
With that knowledge, if you wanted to distribute the latest build of Camino to your Loadset, you could simply mount the Camino disk image, drag the Camino.app into the "Copy Items" window and fire away.
You could do the same with virtually any file or folder, even shell scripts that you would use as a login hook. Just add your own destination folder to the "Copy Items" dialog.
While the "Copy Items" dialog lets you set owner and group on the file, you may want to use the "Send UNIX Command" function to send along a chmod to be sure.
Figure 2 - Following up with Unix permissions
But what about something more complex like an update that uses InstallerVISE to apply to an existing file set. This where ARD might be able to accomplish the goal but it gets a little cumbersome. You would have to install the update on a test workstation, figure out where all the pieces went, and then use "Copy Files" to send all of those individual pieces to the target workstations. Additionally, "Copy Files" is not a command that can be handed off to a Task Server. That's a bit too much manual labor for most administrators.
Bottom line: ARD works great in concert with Package-based installs and a Task Server, but it isn't going to be capable of handling all situations unless you want to put in substantial time to either build packages or manually determine what to copy. It can also be pricey. Two copies (one for you, one for your Task Server) can set you back almost $1000. But, if you're using it for its screen sharing and inventory management features, this is one more way to leverage Remote Desktop and make it that much more valuable.
Radmind
Of all of the items this article will examine, Radmind may be the most appealing because of one factor alone: its price tag. If you're even giving Radmind a look, be sure to thank the development team at the University of Michigan. (Sorry, Ohio State fans.) Not only do they put significant ongoing work into this project, they distribute it for free (provided you leave their copyrights in place).
So for clients who need a good Loadset Management system, but don't have the budget for some of the commercial products available, Radmind is a winner.
Radmind is primarily a UNIX tool with the guts of its operation accessible from the command line. After installation, you can look at /usr/local and (as you might expect) find your executables in bin and really good documentation in man. And if you're serious about using Radmind in the long-term, you'll want to get to know the contents of these folders. But, if you download and install the Radmind Assistant installer in addition to the radmind tools, you'll have Mac OS X GUI apps to get you started: the Radmind Assistant, Radmind Transcript Editor, and Radmind Server Manager.
Figure 3 - Radmind OS X GUI components
Start off by installing the software on both a test server, and a client that is running your current Loadset. If you open Radmind Assistant on your server, you'll be presented with the "First-Time Run" dialog that will assist you in getting stuff going.
Choose "I'm new, and I want to setup a Radmind server." Then decide if you want to let clients discover your server with Rendezvo--- er, Bonjour. When done, you'll get to use the Radmind Server Manager. This gives you your first hint about how it works.
Figure 4 - Radmind Server Manager
Radmind Server Manager is split into three windows.:
The "Radmind Loadsets" window displays all of your "transcripts". Transcripts are text files that detail installed files and folders, their extended attributes like permissions and modification dates. Initially, this window will be empty, because you have not made any transcripts and uploaded them. For reference, transcript files usually end in ".T"
The "Radmind Command File Editor" lets you build your "command" files. A command file is just a text file that lists a collection of transcripts that make up your complete installation. You'll note that a default command file is here; called "base.K" Yes, command files end in ".K" As you would expect, "base.K" is empty, since you have no transcripts to add to it.
And finally, the "Radmind Server Configuration Editor" lets you edit a simple config file that determines which computers use which Loadsets (or more accurately, which command files). You can specify clients by IP address, a range of IP addresses, and domain names. Additionally, a wild card means that any client can connect and get a designated Loadset.
If you're doing all of this in the command-line, you'll find all of the above in /var/radmind. Look for the config file, the command folder, and the transcript folder.
At install, the server is pre-configured to allow all clients and to use the default Command file (base.K). Since there are no Transcripts on the server yet, that's where we begin on the client.
Your first client needs to be a clean copy of your lLoadset. I'd suggest a fresh deployment to an erased hard drive. Then, install the Radmind packages on to it and open the Radmind Assistant. Just like on the server end, you should see the Setup Steps. This time, choose "I'm new, and I want to set up a managed client."
If you setup Bonjour discovery of your server, the client should automatically detect your server's address. Otherwise, you'll need to enter it here. LikewiseSimilarly, this is where you can configure more advanced options that are a bit beyond the scope of this article, but they give you a sense of what you can do with this software. If you're just starting out, go with the defaults.
Figure 5 - Setting up the client's preferences on first run
On the next screen, you get the options to configure Radmind automation. If you plan to go with Radmind as your Loadset Manager, you'll definitely want to explore this. Basically, the options will install login and logout hooks for use with iHook (another U of Mich product) to make Radmind execute during those times. It also includes a script for execution by the system's periodic process for daily, weekly, or monthly runs in the background. For now, though, just move past this. These options can be set later, and you may want to tweak the scripts for your own environment.
Figure 6 - Choosing your negative transcript
When you reach the screen in Figure 8, you're going to start with your first Transcript: the Negative Transcript. The easiest way to think of a negative transcript is to think of an exclusion list. However, the documentation will tell you that negatives are *not* exclusion lists, and they're right. In real practice, if a file or folder is listed in a negative transcript, Radmind will make sure it is present and then leave it alone and not manage its contents. You might not see the usefulness at first, but think of a situation where you need to have a folder present, but you don't care what's in it. For many Loadsets, /Users/Shared is a good example. The developers were good enough to give us default negative transcripts for both a lab environment and a desktop environment.
That brings us to the Golden Rule of Transcripts: always edit them! There's bound to be some file or folder in a transcript that you'll want to prune out before uploading it to the server. The negatives are no exception. Fortunately, there's a handy "Edit Negative Transcript" button sitting right there. This will launch the Radmind Transcript Editor application and let you check out its contents.
Figure 7 - Editing the negative transcript
In the negative presets, the developers were nice enough to document each line with comments about why you should exclude these files from Radmind management. Edit as you see fit. By the way, Radmind Transcripts are really just text files, but they are much easier to edit in their own app. Here'sSee Figure 10 to see what they look like in a text editor.:
Figure 8 - Raw transcript data
It's your call.
Now it's time to upload this transcript to the server.
Figure 9 - Uploading transcripts to the server
Since it is a negative transcript, and Radmind won't manage these files, it makes sense to check the "Store loadset as empty files on the server." But you'll want to uncheck that box on the next go round. Hit the continue button and the client will upload the transcript to the server. If you move back to the server and refresh the "Radmind Loadsets" window, you'll see that it found the new transcript wants to move it into production. Hit OK. It will do a quick scan and then offer to add the transcript to your default command file.
Figure 10 - Radmind Server after adding the negative transcript
Back to the client now. Here's where the fun begins. We need to create our first positive transcript. But first, we need to tell the client that the command file it's using now has the negative transcript. You do this by running a standard update procedure, and the client should be ready to do this, realizing that you're still in your first steps. The client will query the server for updates to its command file and download the new command file and any new transcripts. Once it has the production negative transcript in hand, it's ready to build your positive transcript.
Figure 11 - Radmind getting ready to build the base positive transcript
Feel free to give it your own name. When you press continue, the Radmind client will scan the contents of your boot disk, gathering info about every file and folder that is not already in the negative transcript. It puts this info into a new positive transcript for upload to the server. This time, be sure to leave the "store as empty files" UN-checked. You want these files to be on the server.
On the server end, walk through the same process as the negative transcript: refresh the Loadsets window, update/verify the newly uploaded Transcript, move it into production and add it to the Command file. Barring any hiccups, you should now have a working Radmind solution.
Let's try it out. Pretend that you're a naughty end-user who likes to install unauthorized, untested applications. Download a new app or if you're really feeling bold, a Mac OS X Combo Updater, and install it. Now, open up the Radmind Assistant run through "Update this machine."
You might already have the idea, but here's what happens:
Radmind Assistant checks for and if necessary downloads the latest Command file that matches your computer's info in the Config file.
ThThen the RA downloads any Transcripts specified in the Command file that it doesn't have yet.
RA runs "fsdiff" to compare your existing files and folders against what the sum of its transcripts say you are supposed to have. From this info, it builds an "applicable" transcript of the differences. You can view this transcript before proceeding to see just what Radmind is going to do.
On your go-ahead, the RA is going to run "lapply" which follows the applicable transcript. It will erase any extra files that didn't exist in your Radmind Loadset. It will download from the server any files that went missing or got changed and put them back.
It wants to reboot when done. At that point, the changess you (or your naughty end-users) made are gone.
But what if you want to make permanent changes to your Loadset? After all, that's what this article is about. Once you have a working Radmind solution, adding even minor changes is very easy: you just create a new positive transcript, upload it to the server, and add it to your command file. These new positive transcripts are usually referred to as "overloads". Overloads can be as simple as a one-file modification, a single new software installation, or multiple updates and new software packages. It depends on how you want to organize it.
Figure 12 - Adding overloads to the Command file
Note how the overload exists between the positive "base" transcript and the negative transcript in the Command file. Layering of Transcripts in a Command file works from bottom up. Ideally, you want the negative transcript first so that its contents are always ignored. Then you want your overload, which will mostly contain some newer files than those contained in the base positive. Then anything else in the base will be used.
Any of your workstations running the Radmind client will pull down the changes when they are told to run a Radmind update. This can be done manually at each station, or via "Send UNIX Command" in ARD, or through the aforementioned Radmind Automation, which you can access through the Preferences of the Radmind Assistant.
Bottom line: Radmind is perfect in situations where you have complete control of your Loadset. It's flexible enough to handle multiple Loadset configurations and can be set up with automation that works well if your IP scheme or DNS can support it. You can also do some advanced configurations with your command files and transcripts that makes short work of deploying retail licenses (as opposed to volume licensing) and deploying a single new transcript to all of your loadsets. Heck, Andrew Mortensen at umich even got an Intel version of Mac OS X to run on a G5 by stacking Radmind transcripts. So there's a *lot* of power here.
But where it fails is that to harness that power, you've got to put some serious effort into tweaking your Transcripts, and possibly even the included hooks. For many small shops that's too much work. In the setup I've described, Radmind is an all-or-none solution. For example, while it may be possible, it's not immediately obvious how one would just use Radmind to deploy an application without managing the entire boot disk and all of its applications.
That being said, it sure is hard to ignore that price tag. Many times, it's not hard to get approval to implement free software. :-)
FileWave
FileWave, by FileWave USA, Inc. and its sister product AssetTrustee bring us into the realm of non-Apple, commercial products. So, right off the bat, it's going to eclipse our previous two products in the fact that FileWave is going to work cross platform and it's going to have commercial-level support behind it.
The basic breakdown is that FileWave is responsible for software distribution, where AssetTrustee tracks licenses, hardware, and well...assets. FileWave is the product that fits the scope of this article, but as you go through FileWave's menus, you can tell that the company has made these products to be complimentary.
When you look at the FileWave install disk, you see four Package files representing the four FileWave components:
The server, FileWave Server, installs on your designated machine that will house all of the software files that are to be distributed. Obviously, this computer should be highly available and have plenty of room. The client, "fwcld" installs to all of your managed computers.
Much like Server Admin or Workgroup Manager on OS X Server, the FileWave Admin can be installed on any administrative workstation, as well as the server itself.
And then, there is the final component, the FileWave Booster. As the name would suggest, the Booster provides redundancy for your FileWave Server. Clients will be directed to try and contact the Server first, and then try up to 5 Boosters.
Since they are all .pkg based installs, if you're curious about what it's putting where, you can dig into them easily enough if you're curious about what it's putting where with the Show Files command of the Installer.app or with Pacifist. Pretty much all three hang out in the background as daemons, and they are all pretty easy to identify in Activity Monitor or top. The server, for example, runs as "fwxserver."
When you install the client, you are presented with a client Setup Assistant.
Figure 13 - FileWave Xclient Assistant
Obviously, you'll need to enter your server address and port number, but notice the little Bonjour symbols next to the fields. Don't be surprised if the client automatically finds your server. The ability to designate the first Booster should suggest to you that having multiple Boosters might not only provide some fault tolerance, but also allow for some load distribution for larger networks.
The client name and password will be unique to FileWave; your users will not need to know them. The fact that the server authenticates to clients is useful in larger organizations, where you might have more than one FileWave service in play. Each server can manage a unique set of clients. The Desktop Owner Name is the "shortname" of the primary user of the computer. Presumably this is for installers that try to add data to the user's home folder.
If you'd prefer to not have to install the client package manually, FW offers two other ways to do it from the FileWave Admin app. The first requires that you have SSH admin access to the workstation; it will send the client software and configuration via SSH to the target workstation. The other lets you do a mass deployment to all of the machines in your AssetTrustee database.
After entering your activation codes, when you log into FileWave Admin, it looks a bit like this.:
Figure 14 - FileWave Admin
At the top, you'll notice a status window that gives you a summary of what your license allows, versions, and the Model Number. (More on that in a moment.)
The "Clients & Groups" window, as you might guess from the name is where you'll add your clients and group them. And that's the first thing you'll want to do: add your clients. Do this by clicking the "Client Manager" button. A new window appears that lets you organize the clients and their groups.
Figure 15 - FileWave Clients & Groups Manager
In the lower right corner, click the "New Client" button. When you get into the new client area, you can see that the FileWave developers have given a lot of thought to leveraging existing tools that you may already have, like an LDAP or AD server.
If you pre-define your Groups, you can put clients into them as you add clients to the list. Otherwise, you can always drag and drop them later. Configure the groups in the logical arrangement that makes sense for your organization. Since the Clients will contact the server on their own, you need not worry about matching your IP scheme or DNS to the logical groupings you'll use in FW.
You can also specify that a single client exist in multiple groups with a familiar aliasing method. Option-drag a client into a group and the client appears in the group with a cute arrow on its icon and italicized text.
Figure 16 - A populated clients and groups window
In the "Filesets" window is where you start to add software for FileWave to deploy. By far, the easiest way to create a fileset is with simple drag-and-drop. Sticking with the Mozilla-based browsers, adding Camino to the mix simply requires dragging the app from its disk image into the FW Filesets window. It confirms that's what you want to do and then copies all the data from the app into the FW Server's file store. You do the same thing with Package based installers; the difference is that, instead of parsing the package and putting the files where they need to go, FW hands the entire package off to the FW client in /usr/local for installation on the client side.
But those are the easy kinds, right? What about VISE or other third-party installers? For this, you go under the Assistants menu and select FileSet XMagic. The process is very similar to that of generating a Radmind Transcript: first, FW generates a "snapshot" of the entire volume to which the software will be installed. You then install the software, open it, license it, configure it, etc. Return to FileSet XMagic and Create the Fileset. It compares the current state of the volume with the previous snapshot to isolate the differences and adds them to its new Fileset. Clearly, it makes the most sense to do this from a computer very much like the Loadset you are trying to manage. Remember, that FW Admin can run on any computer on the network and talk to your server remotely.
Figure 17 - Examining Fileset Contents
Once a Fileset is in the Filesets window, you can edit its contents by double-clicking the fileset entry. From here, you can modify the names of files and folders as well as extended attributes. You can also delete unwanted items or move things to different locations. Take notice of the "Hide unused folders" checkbox in the upper left. If you uncheck it, you'll see the common folder hierarchies of both a Mac OS X box and a modern Windows box along with where your files reside.
The final window of FW Admin that we have yet to discuss is the Associations window. This is where you say, "I want these files on this group of computers." IAnd it, too, is simple drag and drop: just drag a Fileset from the Filesets window onto a computer or group in the Clients & Groups window and you'll see the association appear.
Figure 18 - Setting up Associations
A nice feature of Associations is the ability to individually schedule them. Just double-click an association from the list and set times for downloading, activation, inactivity, or deletion. The disparity of installation and activity is particularly interesting. You can designate that download begins immediately, but it only gets moved to its active location (so people can use it) when you dictate. This would be especially useful if you have a number of laptop users and want to ensure that everyone starts using the new version at the same time. Or if an update does not go well for compatibility reasons, you can leave it installed in anticipation of a bug fix, and simply deactivate it until the fix is ready.
Figure 19 - Association options
Now after all of this setup you've done so far, nothing has changed. Filewave works with a database. When you make changes to any of the windows in FW Admin, those changes are not committed until you save the changes to the database. FileWave calls each combination of clients, filesets, and associations a "model" and as mentioned earlier, you can see which version of the model you are using in the Status window. You commit changes to the model by selecting Update Model from the FileWave Xserver menu. Likewise, if you make changes that you decide you don't like, before you go and commit to them, you can select Revert to Last Model.
After you update the model, take a look at what's going on with your client by right-clicking it in the list of clients and selecting "Open Client Status Monitor". While you've got the menu open, take a look at all the other commands they have added for your convenience; again leveraging other tools you may have.
Figure 20 - FileWave Client Status Monitor
Don't be surprised if you can't catch it actually copying the data from the server to the client. The way you can tell everything is talking is by watching your Model version. If the model version displayed in Client Status Monitor matches the current Model version on the server, the client is up-to-date. If you really want to be sure, click the Client Log button, as it will reveal any errors that may have occurred. To check the Model number on all of your clients, simply click the Clients Report button on the Clients & Groups window.
Another nice component of FW is that you don't have to schedule clients to make sure that everything is still present. They automatically check in with the server on a repeating basis to make sure that their Models are up-to-date and that the files they are supposed to have are still there. You can do this manually as well by clicking the Verify button in the Client Status Monitor.
Bottom line: FileWave is an extremely capable and scalable Loadset Manager. Its features are clearly designed with the administrator in mind. Support from the company appears to be very good; they include a lot of references to get you up to speed quickly, and then you can explore the user manual to get more in-depth into its capabilities. Matching FileWave with AssetTrustee's capabilities can only increase its usefulness.
It seems that earlier versions had a bad rap on the interface, speed, and system demands, but the reviews for version 3 seem to indicate that these issues are no more. If you haven't given FileWave a look lately, it might be time to download a new demo.
So, if you have the budget, and prefer to have a company's support team backing your solutions, FileWave is a winner.
LANrev
LANrev is a product of Pole Position Software. The model by this point should seem familiar: LANrev includes three components, a server, a client (called an "Agent"), and an administrative program.
Upon opening LANrev's admin program for the first time, you are walked through a setup assistant, asking for initial administrator name and password, server addressing, port numbers, and the option to retrieve authentication info from an existing LANrev server. Then, it brings you to the Computers window.
Figure 21 - LANrev Computer window
First impression of LANrev's interface should scream "iTunes" - clearly they have adopted the look and feel that Apple is presenting in its products, possibly in order to achieve a sense of uniformity. That's not a bad thing - chances are you already know how to get around the LANrev windows.
The Computers window is empty, of course, until you install Agents. The Mac Agent installer is a package. But a more interesting way of installing the Agent is via the built-in "Agent Deployment Center."
Figure 22 - LANrev Agent Deployment Center list
Select one or more stations discovered via Bonjour, and the system will ask you for an SSH login and password, as well as server configuration info, like in Figure 26.
Figure 23 - LANrev Agent Deployment Center client login
Once your clients are installed, the computers list will be populated. If you don't see it immediately, select "Synchronize All Tables" from the "Server" menu to update the Admin's info. I found it necessary to do this often to make sure I had the latest info.
Right off the bat, you'll see that LANrev is looking go beyond Loadset Management. Double-clicking a computer in your list reveals a wealth of information, akin to System Profiler. And if you go under the "Commands" menu, you'll notice a number of administrative tasks that might even give ARD a run for its money.
Before it can do what we want LANrev to do, the Agents need to gather info about their hosts and send it along to the Server. They do this automatically over time, but some initial information needs to be gathered manually. Do this by selecting "Gather Inventory" from the Commands menu. Check the box that says "Force full inventory" and click the Execute button.
Deploying software with LANrev can be done in the same mannerisms as ARD: copying individual files and folders to different locations on a target disk by using the "Transfer File/Folder Command." And again like ARD, you can copy down an installer and have it execute by using the "Execute Macintosh File" command. The problem is that you have to click through the buttons on the local workstation through something like VNC, or give instructions to your end-users. To really accomplish these sorts of tasks in LANrev, you're going to want to use the Software Distribution Center. Access it via the Window menu.
Figure 24 - LANrev Software Distribution Center
Looking at the list on the left of the window in Figure 27, you'll see the three main components to the SDC: software packages, staging servers, and distribution groups.
A staging server is going to be responsible for storing the data and distributing it to clients. An interesting capability of LANrev that aids in scalability of this feature is that any Agent can be a staging server, provided that it talks back to the main LANrev server. Carrying it a step further, any LANrev agent can also be a mirror of the main staging server. For small networks there is nothing wrong with having the LANrev server and the staging service on the same box. Set up your staging server in the SDC window by clicking the "gear" and selecting "New Staging Server."
Figure 25 - LANrev Setting up a new staging server
Note how you can define the root path of where software data is going to be stored. What I put in the window of Figure 28 is not a default - you could put the data on any attached volume. But, wherever you decide to store it, treat it like an iPhoto Library: modify it only through its application. The "mirroring" checkbox went gray when selecting this staging server to be a "master server." I left the assigned IP range blank, but presumably this would be an additional source of load balancing for your staging servers.
Now that this is in place, you'll want to add some software packages. Hit the "gear" again and select "New Software Package". I should clarify the use of the word "package." Usually, when we Mac admins think "package" we think of the "yellow-orange translucent cube coming out of the cardboard box" icon and ".pkg". It seems that when LANrev uses the word "package" they mean a collection of installer data that is packaged for distribution by LANrev SDC.
Figure 26 - LANrev New software package
In Figure 26 I have hit the Select button and pointed it to the ".pkg" I wanted. The "package name" field is unique only to LANrev as an identifier. It can be whatever you want to call it. Notice that I have designated the root as the target installation choice, which makes sense for this kind of update.
Leaving it blank would have had the same result, as "/" is the default.
LANrev also lets you select disk images here. Keeping with our theme, if we were looking to install Camino or Firefox, unlike the other software we have looked at, for LANrev, we'd keep it in its disk image and select the ".dmg" as the Executable. Using disk images may be a big boon to this software as it can match up the contents of a disk image with the target volume. While I didn't test it to see how well it works, you could theoretically deploy an entire Loadset through the LANrev interface and skip NetBoot/ASR altogether.
This once again brings us to the difficult installers. LANrev's solution to the problem is an application called LANrev InstallEase.:
Figure 27 - LANrev Install Ease
InstallEase gives us the same scan - install/config - capture differences as we've seen in the other apps. One difference is that InstallEase will also let us manually specify the locations to capture. So if you already know what goes where, you can skip the scanning process. One other surprising feature of InstallEase is that it will create an "uninstaller" package from an existing .pkg file. The fact that InstallEase saves the results into a more widely compatible installer format makes InstallEase appealing in its own right, independent of the rest of the LANrev suite.
Back to our setup in SDC, click the "Installation Options" tab.
Figure 28 - LANrev Package Install Options
The options are what you'd expect from any installer, with a few notables: the User interaction option can give the end-user a chance to defer the install to a later time, or just do it without their knowledge. You can define a particular staging server that will run this install. Also,nd the checkbox to ensure that no one is logged in when installing the software may be a welcome addition, especially in the case where a reboot is required.
And finally, the third tab lets you define conditions for install. By default, it will install the software on all targets. But, if you want to throw in some safeguards, this is the place to do it. Click OK to save the LANrev package.
Finally, we need to setup our distribution groups. By default, two groups already exist: "All Macs" and "All PCs". If you want to define smaller groups than that, just click the "gear" and select "New Distribution Group". Add individual computers to it through drag and drop from the "Computers" window. You'll also want to assign a staging server to each distribution group. Again, it's just drag-and-drop the staging server from the Staging Servers list into the "Assigned Staging Servers" section of the Distribution Group. You can also do this by editing the Staging Server's preferences.
Once you have all three items ready to go, performing an install is simple: just drag-and-drop the software package on to the distribution group, and the assignment is made.
But, you're not done. Since the Admin software can be run on any workstation, you need to commit the changes to the LANrev server. Do this by clicking the "Save Changes to Server" button in the upper left. When you do, you'll see all of your packages upload to the staging server.
You can check on the status of installs by looking at the Installation Status section of the SDC window. The process is completely automated, and sometimes doesn't happen immediately.
Figure 29 - Use only LANrev for OS updates
One unique and highly useful feature of LANrev is its ability to leverage the built-in software update mechanism of the OS. When Software Update detects a new update for the computer, the LANrev agent checks in with the SDC to see if it already has the update. If it does not, the Agent will download the update package, upload it to the server and put it in a group of the SDC called "Unconfirmed Updates". Before these get deployed, you have to go into the group and approve them by dragging them on to your Distribution Groups. If you'd rather not, drag them to the Rejected Updates group.
Bottom line: More so than any other program in the list, we haven't scratched the surface of what LANrev can do. We only focused on the features specific to Loadset Management, and it clearly does so much more. As the chief competitor to FileWave, it's only fair to mention that I did not evaluate Asset Trustee versus LANrev for things like license management and hardware inventory. Because it does so much more, LANrev seemed a little less intuitive to me than FileWave, but once the settings were in place, it functions very similarly.
Again, it's commercial software, which means you'll be shelling out some dough for it, but you'll also be getting some support resources from the developers. Given the swiss-army-knife-like amount of stuff you can do with LANrev, especially beyond the scope of this article, my suggestion is that if you can buy one, and *only* one set of tools for managing your Mac network, LANrev would have to be the choice.
Windows Support
I left Windows support for the end because if you're not dealing with it, then the rest of this article is of little importance to you. For those of us dealing more and more with cross platform deployments, even in a once all-Mac shop, the tools above have varying degrees of Windows capability.
Dealing with BootCamp is essentially dealing with a Windows PC that just happens to have an Apple logo on it. No doubt you're using some sort of distribution method, like Mike Bombich's NetRestore for putting it out there. But after that what do you do? And while at first glance, updating the virtual disks of Parallels or VMware might seem simple enough - shoot one big file across the network - it's really the same dilemma. You have a Loadset in a disk image and it needs updating.
Our first product, Apple Remote Desktop does ... uhh... well, it will VNC into the Windows box. So at least you can "sneakernet" from your desk. Yeah.
Radmind has a PC version of its Tools. They aren't updated nearly as often as the Mac/UNIX versions and they are a work in progress. They are essentially Windows ports of the command-line tools (no GUI assistants) with "ntfsdiff" instead of "fsdiff" and some extra registry tools. They also included some sample negative transcripts to get you started, but they are not defaults. You'll want to generate your own. Take a look at the Radmind Wiki for more details and how to get going:
http://webapps.itcs.umich.edu/radmind/index.php/Radmind-pc
FileWave is going to be much easier here.
Figure 30 - FileWave Windows Client
Look familiar? And once you get into the FW Admin, adding the client is essentially the same process. Mac and Windows clients sit side-by-side in your Clients & Groups window. Much like was done with Mac package installers, the Filesets window supports importing .MSI installers. The only trick is to be sure to edit the Fileset and drag all of the other support files that are with the .msi into the Fileset's contents. If you need the Magic component that scans the disk before and after to obtain the differences into a FileSet, the Windows installer includes a program to do the activity.
Figure 31 - FileWave Magic in Windows
LANrev takes Windows compatibility the furthest of the bunch in that every one of its functions can be installed on a Windows system and interoperate with the Mac components. The LANrev Admin for Windows operates smoothly talking to the same server that I had setup on my Mac OS X box earlier.
Figure 32 - LANrev Admin in Windows looking at the same server as the Mac version
In fact, you may want to have LANrev admin on both a Mac and a PC, regardless of which OS runs the server, so that you can create software packages on each platform. One caveat to remember when dealing .msi installers is to check the box for "Transfer all files in folder containing executable" when creating the Windows installer package.
Figure 33 - LANrev SDC in Windows
So if all of your available storage space is sitting attached to a Windows box, you might want to go with LANrev, just so the Windows box can be your staging server.
Conclusion
Like any other solution that you deploy, the Loadset Management system that you choose is going to depend on a number of factors. You should sit down with the demos of all of the applications at your test network and use this article, along with the product documentation, to evaluate them for yourself. Find out which one makes the most sense for your budget, time, skill level, and needs. Then rest happy knowing that the next time Software Update pops up, you're not looking at big redeploy.
�
Brian Best has been a self-employed Mac Consultant for seven years, serving the Northeast Kansas area and presenting Mac troubleshooting seminars nationally. When not working, he can be found sleeping, watching movies at home with his wife Candi giving NetFlix a run for their money, frequenting Kansas City's world-famous barbecue establishments, or screaming his throat raw at Arrowhead Stadium.
