Jamf Nation Community

Look at the jamf createAccount binary as it allows you many options. Then you can package or script out settings for individual users/groups
for remote access.

In your framework of the JAMF binary, you can have it set so that it
forces remote log in (ssh) is enabled at start up.

Are you talking about just pushing out software or are you talking about
completely erasing the HD's and imaging?

If you're talking about imaging your SSH user can be built into your base,
or created using the method Mr. Larkin laid out. If you are talking about
just getting your machines into your JSS for management or software
distribution then you can make a QuickAdd package and push that out with
ARD. That will install the SSH account you specify if it does not exist
and set you SSH settings as well as install the jamf binary and recon the
machine.

When we rolled out Casper in our district we had a lot of machines we
weren't ready to image. So our first step was to try and get everything
into the JSS and get management capability of them all. We did this via the
quickadd. And imaged as new machines came in, and imaged the old machines
as time allowed.

-- Dustin Dorey
Technology Support Cluster Specialist
ISD 196

Hey all,

The way I've typically handled these items is to set nothing (or as little as possible) in the OS package/image/installer.

SSH (remote login) and ARD (remote management) can be enabled via scripts (preferably separate scripts).
Accounts can be created with Casper Imaging, policies, or Casper Remote.

My deployment philosophy is to be as close to 100% modular as possible. If I build an account into my OS package and then decide to change it later, I need to rebuild my OS package. If I choose to create the account with Casper Imaging instead, then I don't need to change the OS package until the OS changes.

This is just my personal deployment philosophy, and is by no means the "correct answer" or even the "JAMF answer". It's just one of many valid answers.

I hope this helps...

--
Miles Leacy
Technical Training Manager
Mobile (347) 277-7321

miles at jamfsoftware.com
....................................................................
JAMF Software
1011 Washington Ave. S
Suite 350
Minneapolis, MN 55415
....................................................................
Office: (612) 605-6625
Facsimile: (612) 332-9054
....................................................................
US Support: (612) 216-1296
UK Support +44.(0)20.3002.3907
AU Support +61.(0)2.8014.7469
....................................................................
http://www.jamfsoftware.com

With version 7 you can do pristine installs by just dropping the OS X
DVD image into Casper Admin. Then you can just drop the latest combo
updater on top of that. You can package users and configurations with
scripts, and once you are all done you can compile them into one DMG
file for faster block copying over many package based deployments.

That way, as Miles points out, if you have something that doesn't work
or you need to change, you can just change that one package. Of course
you would have to delete and recreate your compiled configurations, and
that does take some time to do, but you can do it that way.

Hi Miles,
Miles Leacy <miles.leacy at jamfsoftware.com> wrote:

I agree about keeping everything that can be managed separately, off the image. The goal should be to have a base image that works in all environments (in our case, across different customer environments).

I haven't had a chance to play with Casper yet (will be building a sandbox soon), but on the imaging side, does it make sense to use the Apple installer defaults during the NetInstall base image process? I remember in the pre-OSX days, I worked with techs who like to strip out stuff on the base image (languages and other resources) during the image creation process. I was against doing that since things tend to break when patches are released.

What's the best practice when making the base image for Casper to deploy - do you stick to the defaults, or do you go to the Customize button and enable everything there? My preference is to do the later. Wanted to bounce that off you guys. Once the image is dropped onto a Mac, does the NetInstall process allow you to queue up images to be put onto the Mac? Or do you image, reboot, push additional packages, then reboot?

Sorry if these questions belong in another JAMF list - I've been lurking since Casper is one of the solutions I'm trying to get up to speed on.

Thanks,
Don

---------------------------
Don Montalvo
Cell: 347-421-2359
Email: donmontalvo at gmail.com
Web: http://donmontalvo.com
---------------------------

With Casper 7.0, you no longer need a "base image".
On 10/1/09 4:33 PM, "don montalvo" <donmontalvo at gmail.com> wrote:

A la InstaDMG, Casper Admin 7.0 can take a .dmg image of a Mac OS X 10 DVD
and use that as your single source for all base OS installs. You can then
create multiple custom configurations in just a couple of minutes.

I have one configuration that turns off everything for my "Restore"
partition. I have a second that turns off printers and extra languages that
we don't use in our environment. I have a third with everything installed.
You can make as many as you want and you're only consuming the space of just
the one DVD .dmg file.

This is one of my favorite features in Casper 7.0!

FYI, Casper Imaging 7.0.1 and 7.1 broke custom OS installs and JAMF is aware
of this. You can still, however, use Casper Imaging 7.0 or you can select
your DVD .dmg instead of a custom install.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

"Smith, William" <William.Smith at merrillcorp.com> wrote: On 10/1/09 4:33 PM, "don montalvo" <donmontalvo at gmail.com> wrote: What's the best practice when making the base image for Casper to deploy - do you stick to the defaults, or do you go to the Customize button and enable everything there? My preference is to do the later. Wanted to bounce that off you guys. Once the image is dropped onto a Mac, does the NetInstall process allow you to queue up images to be put onto the Mac? Or do you image, reboot, push additional packages, then reboot? With Casper 7.0, you no longer need a "base image". A la InstaDMG, Casper Admin 7.0 can take a .dmg image of a Mac OS X 10 DVD and use that as your single source for all base OS installs. You can then create multiple custom configurations in just a couple of minutes.

That sounds great, but if Casper Imaging is using a Mac OS X 10 DVD image to reimage, it sounds like how NetInstall can do installer based (slower file copy, flexible) versus ASR based (faster block copy, less flexible). Is there a way to combine the two by doing block copy for a base image and then have the process run selected pkg installers for the rest of the required stuff?

I have one configuration that turns off everything for my "Restore" partition. I have a second that turns off printers and extra languages that we don't use in our environment. I have a third with everything installed. You can make as many as you want and you're only consuming the space of just the one DVD .dmg file.

I checked the Casper Imaging documentation, so I see what you mean. Having the restored partition stripped down makes sense since it'll only be used to for rebuilding. Just concerned about speed since it's doing file copy instead of block copy.

This is one of my favorite features in Casper 7.0! FYI, Casper Imaging 7.0.1 and 7.1 broke custom OS installs and JAMF is aware of this. You can still, however, use Casper Imaging 7.0 or you can select your DVD .dmg instead of a custom install.

I'm trying to get my head around how a large deployment would be handled by Casper. Let's say you have a large firm with 1000 Macs spread across different regions/countries. You're told to reimage 100 of them (upgrade them from Tiger to Leopard). Using the installer deployment method you mentioned above, what are the chances of getting these boxes reimaged in short time?

Can Casper handle reimaging computers without touching the /Users directory? Let's say you have 100 computers that need to be upgraded from 10.4 to 10.5. They're spread across different subnets, and each of them have 100G in /Users that we need to protect. Can Casper Imaging do a reimage in place? Can the imaging process "trickle" the image down to the box - then trigger reimaging while preserving /Users data?

I haven't had my hands on the Casper Suite yet. Just trying to see what parts of the Casper Suite we may need to use and what parts we don't need to use. I say this since there may already be processes in place that work fine and are integrated with the client's environment, where parts of the Casper Suite may overlap in functionality. Trying to plan ahead to avoid re-architecting an environment and creating dependancies or redundancy.

Thanks,
Don

On 10/2/09 3:58 PM, "don montalvo" <donmontalvo at gmail.com> wrote: "Smith, William" <William.Smith at merrillcorp.com> wrote: With Casper 7.0, you no longer need a "base image". A la InstaDMG, Casper Admin 7.0 can take a .dmg image of a Mac OS X 10 DVD and use that as your single source for all base OS installs. You can then create multiple custom configurations in just a couple of minutes. That sounds great, but if Casper Imaging is using a Mac OS X 10 DVD image to reimage, it sounds like how NetInstall can do installer based (slower file copy, flexible) versus ASR based (faster block copy, less flexible). Is there a way to combine the two by doing block copy for a base image and then have the process run selected pkg installers for the rest of the required stuff?

The base Mac OS X software is installed using block copy if you create a
package. :-) But then you don't get the flexibility of multiple
configurations for one package file. :-(

I'm trying to get my head around how a large deployment would be handled by Casper. Let's say you have a large firm with 1000 Macs spread across different regions/countries. You're told to reimage 100 of them (upgrade them from Tiger to Leopard). Using the installer deployment method you mentioned above, what are the chances of getting these boxes reimaged in short time?

That all depends on whether or not your infrastructure is set up to do this.
If all your Macs have a Restore partition then you can boot to them and pull
packages from a local file server repository. Length of time depends on the
model of Macs you have, network speed and amount of shtuff to install. This,
of course, is also impacted by the amount of time you have to get this done.

If all machines will get the exact same software then you can use Casper
Admin to take a configuration of packages and create a monolithic image that
you can then install using block copy.

Can Casper handle reimaging computers without touching the /Users directory? Let's say you have 100 computers that need to be upgraded from 10.4 to 10.5. They're spread across different subnets, and each of them have 100G in /Users that we need to protect. Can Casper Imaging do a reimage in place? Can the imaging process "trickle" the image down to the box - then trigger reimaging while preserving /Users data?

Again, depends on whether or not you've set up your systems to enable this.
JAMF suggests that you create a separate partition for User folders if you
want to do this.

Casper cannot trickle, however, it can cache files for a later install time.
It cannot do this with the Mac OS itself but it can do this with updates.
You'll want to either set the updates to occur overnight when no one is
using the computers or at login/logout, when you know no apps are running.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

Casper 7 will do block copy if you "Compile" your configuration. If all you
want in your configuration is your OS image, then that's all that needs to
be there. But why not take advantage of Casper and have it push your basic
applications along with the OS?

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

Hey everyone-

Just wanted to chime in from JAMF on a few things...

The base Mac OS X software is installed using block copy if you
create a
package. :-) But then you don't get the flexibility of multiple
configurations for one package file. :-(

I'm not sure I follow. An image would be block copied to a target
computer. A pkg installer would be a file copy. Are you saying Casper
has a way of doing block copy using a pkg installer?

Not sure if I'm confusing things. If we have an image containing OS X
and common applications/tools (essentially, stuff every computer at
the firm needs), can Casper deploy that image? Can the deployment
process include running pkg installs for additional software?

I think that the main issue here is related to our rather liberal use of the term package. We don't limit the use of the term package to only PKG and MPKG packages. We also consider the following items "packages":

- Disk images of an OS ("OS Package")
- Disk images of any files that mirror the directory structure ("DMG Package")
- Disk images of a Mac OS X Installer DVD ("OS X Installer Package")
- Disk images of an Adobe Installer DVD ("Adobe Installer Package")
- Disk images of an Adobe Updater ("Adobe Updater Package")
- Winclone bundle ("Winclone Package")

The imaging process is capable of utilizing any combination of these at installation time. The Adobe installers actually have to run the silent installation at the time of the first reboot (that is automated with the same process that handles the directory bindings at reboot), but all other installers run before the reboot.

FileWAVE can also do a upgrade in place as well...the white paper
needs to
be updated since you can in fact do a Tiger>Leopard upgrade in place
as
scripting takes care of the old roadblocks:

It would be great if JAMF had a plan to add this kind of functionality
to Casper.

Don

Zach,
On Oct 8, 2009, at 6:07 PM, Zach Halmstad wrote:

I appreciate your response. I guess I was confusing the Apple pkg/mpkg format with the generic "package" term. I had a conversation with my Wintel colleagues (who manage huge environments) over lunch about the Adobe installer fiasco and they all had the same opinion...if it works, go with it. I'm all for it, since we all have the same goal, to distribute stuff using the most efficient, reliable, manageable and cost effective method. That said, as some of use have experienced, the Adobe silent install can fail and leave you with a mess on your hands. How does Casper handle failure of Adobe silent install?

I'm a huge fan of InstallDMG since it uses a very consistent and manageable method for image management. We have many environments set up with InstaDMG image workflows. How does the Casper Imaging workflow differ from the InstallDMG? Is it reasonable to assume that we can continue to use InstaDMG to manage our images (since it strictly uses Apple pkg/mpkg format installers as building blocks), and have Casper distribute the images - and along the way have Casper handle the cr at ppy Adobe installers on reboot? Trying to see if Casper can be used without having to re-architect workflows that are in place now (that work).

Thanks,
Don

Of course I meant InstaDMG...

You can absolutely continue to use InstaDMG to create the base image. Like
you I love InstaDMG and use it for my base images. I have seen some issues
trying to create 10.6 images with the 1.4 and even the 1.5 versions of
InstaDMG, but I'm just testing now and can wait for those to work themselves
out.

I create a base OS image using InstaDMG and then layer on all of the other
application installs. All of this is done thru Casper.

The only item I do not push as part of the initial imaging process are my
Adobe installs. I've seen the Adobe installs hang up after the first reboot
and cause problems. Instead I have a policy that installs Adobe products on
first login to the machine. During initial imaging I set the name of the
computer to the MAC address prefixed by the word IMAGED. I then have a
Smart Group set to collect all of these imaged machines. The policy that
pushes Adobe installs is scoped to that Smart Group. Hence, at login Adobe
software and udpates are all pushed. I capture all current Adobe updates
via Composer and build a package of udpates to push to the machines.

Using this method I have had zero issues pushing Adobe software.

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

Hi Steve,
On Oct 9, 2009, at 10:52 AM, Steve Wood wrote:

Thanks for confirming that Casper can deploy a base image created with InstaDMG. Your example (InstaDMG for base image, Casper deployment including Adobe silent install) sounds like just the ticket.

Thanks,
Don