Content Caching

gmce87
New Contributor III

Hi, I'm looking for a bit of advice around Content Caching.

I've got approx 300 iMacs which are behind a corporate firewall and proxy, and we don't allow our users access to the App Store to do updates currently. All of our software updating is being done via JSS policies which distribute packages from an on-site HTTP file server, however I'd like to try and simplify this if possible.

We don't have any OSX Servers running (servers are all running Windows) and we can't use any tools like NetSUS, Reposado or Munki to manage this. My plan is to give one machine a proxy exception to allow it to access the App Store and download updates via softwareupdate (tested this and I can get that working at least) and then use Content Caching to hopefully use this machine as a distribution point for updates.

All of the blog posts that I'm looking at online seem to indicate that it's just a matter of enabling Content Caching on the machine you want to serve content from, and that seems to be it. However I can't seem to find any info as to the points below:

  • Do you need to perform any further configuration on other devices to get them to use this device for updates, or does it just broadcast it transparently in the background somehow?
  • Will the other devices also require access to the App Store, or would invoking the softwareupdate command in Terminal just make them communicate with this content cache? Do I need to configure this machine in a Software Update config profile?

Any insight you could give would be appreciated!

2 REPLIES 2

crbeck
Contributor

Your machines have to be able to get to an update server somehow, if they can't reach the update server they won't know what updates they have. There's a catalog on the update server that tells the Mac what updates it has (it would hit https://swscan.apple.com/content/catalogs/others/index-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog for example if it was a High Sierra machine). Content caching just caches the actual packages. When a Mac checks with Apple's update servers to see if it has an update, Apple's update servers also tell the Mac about any content cache servers on the Mac's local network if there is one and tells it to get the appropriate package from that cache server.

I'm not sure why you can't run Reposado but you're allowed to have one Mac grab App Store updates directly and you have an HTTP file server. That's pretty much exactly what Reposado is doing except combined into one server.

What you're doing now is simpler than using caching server without giving all Macs access to an update server.

If all of your Macs had access to an update server, then yes it is as simple as activating the caching service, the service does all of the work for you in talking to Apple and registering itself as a local cache server. Software Update config profiles are where you'd put your local software update server (like Reposado) if you had one.

gmce87
New Contributor III

Thanks for the response, that's cleared things up a bit for me. Appreciated