Imaging on a private network?

kuwaharg
New Contributor III

Hello All,

I am hoping you can give me ideas on how to transition my method of imaging from DeployStudio to Casper.

I have 200 new laptops that need imaging into the fold. Their regular connection to the world is via Wi-Fi, but to make things go faster I use an Ethernet connection to image the laptops.

My original deployment strategy with DeployStudio is a stand-alone server and an Ethernet switch. With the server I create my own private network with it doing DHCP and DNS along with the Deploystudio bits (Netboot, AFP and all the images). I would hook up laptops 25 at a time to the private network via Ethernet, netboot and re-image them.

I would like to figure out a method similar to this one with Casper. So far I can netboot and have them launch Casper imaging, but (understandably) they want to talk to the Casper server which is not on the private network (it is on the campus network). I’d like to keep the imaging traffic on the private network, if possible.

Any ideas on how I can (or if) get this to work?

Thanks!
--Gretchen

6 REPLIES 6

jarednichols
Honored Contributor

Take a look at local drive imaging.

fsjjeff
Contributor II

I do the same thing a lot here where I work - we reimage thousands of student laptops every summer, so we have a handful of 'mobile cloning' servers setup that our techs take onsite. These are MacBooks or small MacBook Pros configured with OS X Server, which connect to our wireless network and serve DHCP/Netboot off the Ethernet, passing through the network traffic via NAT/Firewall settings.

The technology stack isn't that fancy - basically you need the Netboot / AFP / DHCP that you already have, but you need to add the routing aspect to allow the netbooted computers to route to the Internet to connect to your JSS>

I have to confess that I've been having increasing difficulties getting this to work reliably with each new version of OS X Server. With Lion server the routing had to be enabled manually from the command line, but then the routing kept dying which was extremely frustrating. Now with Mountain Lion server looks like I need to learn how to configure DHCP via the command line as well...

With that in mind I'm in the process of bailing on OS X Server - thanks to the Jamf NetSUS appliance, I'm currently testing Ubuntu Server 12.04 with the NetSUS software, and some custom configured DHCP and routing. So far in testing it's working very nicely. The only challenge is that the JAMF webadmin will overwrite your DHCP config if you touch the Netboot config, so once I get things setup you can't use the webadmin anymore. My programmer here is going to try to recode the relevant portions of the NetSUS code to allow DHCP configuration when he has some time this fall.

I need to fully document my procedures for getting this up and running - if you don't get a better solution / or just want the setup info let me know and I'll try to send along the instructions.

tlarkin
Honored Contributor

Hey Gretchen,

To answer your question, you can absolutely image over a private network. At my previous job we did just that. Every summer we did our mass reimage and inventory projects. I worked for a K12 school system, and we had 6,000 Macbook Airs to reimage. When they first arrived we centralized our project since they were coming to us on pallets. In our main imaging command center (yes it was a command center!) I had set up 3 Mac Mini servers, each behind a retail router with a gigabit switch. The router ran DNS and DHCP and the Mac Mini just hosted netboot and AFP file shares.

I then created a static DHCP setting for each Mini's server in the router's control panel, ie 192.168.1.10, 192.168.1.11, 192.168.12, and so forth. Then in Casper defined each IP as a netboot server. So I could mass edit auto run data and also scope prestages.

We used the router because our Network Admin had lots of network management running. Spanning tree, OSPF, portfast, storm control, and some services were not routable over multiple subnets. So, we decided to just image on a non managed private network to not have to deal with testing and making sure imaging and netboot worked in that environment. The machine just needs to hit the JSS over HTTPS to get autorun data and configurations.

later on, each building tech had the same set up in their office. A Mini Server, a gigabit switch, and a consumer level router that they could have their own private network. They used this network for imaging and for testing, so nothing from the testing side ever got onto actual subnets where production machines lived.

In hindsight to be honest, I would have done it differently now. I would have probably looked at a thin imaging solution over netboot and laying down a whole new image. If these machines are brand new out of the box, you could look at a thin imaging solution.

There are four main methods I would say to image with the Casper Suite, and they would be:

1- Netboot
2- Local Drive imaging
3- Target Disk Mode Imaging
4- Thin Imaging

So, you have plenty of options to explore. Just have to figure out which one works best for you.

I hope this answers your questions,

Thanks,
Tom

kuwaharg
New Contributor III

Thanks for the information! I knew it probably could be done, but I wasn't sure how.

I'm not all that great with network stuff, so any help on how to get the clients to chat with the JSS server would be helpful.

--Gretchen

jarednichols
Honored Contributor

Depending on your network setup, you may also be able to have a line dropped into your network that essentially only goes to your JSS. My last job was able to do this for us.

kuwaharg
New Contributor III

I figured it out. The missing component was setting up NAT on OS X server so that the clients can see the JSS server though the OS X server. Thanks for your help. --Gretchen