#JNUC Thin Imaging: A Healthier Approach?

BradB
New Contributor III

Jeremy Borger and Tim Rocque will be presenting on their implementation of "Thin Imaging" within a Fortune 50 enterprise. Jeremy and Tim will talk about how and why their organization has chosen to take this approach, pros and cons of this approach, and how they've actually implemented this in production.

Feel free to use this thread to post thoughts, ideas, links, and questions regarding the presentation.

15 REPLIES 15

russell_kennyOL
New Contributor III

Gah, would love to see this, just investigating to change the way we image here to thin imaging!

SeanA
Contributor III

Were there any videos or slides from this presentation?

BradB
New Contributor III

Hi Sean, unfortunately due to some proprietary information contained within the presentation we weren't able to record the presentation or provide the slide deck.

SeanA
Contributor III

Disappointing, though I understand.

donmontalvo
Esteemed Contributor III

@beckerbm A bit of selective editing/censoring by a capable FCPX (etc.) guru..well.... :)

Oops...I missed the part about not being able to record.

--
https://donmontalvo.com

jhbush
Valued Contributor II

I sat through that session. Nothing proprietary about it. I use thin imaging at my company so I would be happy to answer a few questions. Lots of others on here do as well. It's not rocket science it just takes some planning.

SeanA
Contributor III

Here is my current workflow idea and I would appreciate any feedback.

Assume:
New Mac out of the box, connected via Ethernet to network.
No Netboot.
No golden master image anywhere in the process.
Going for a "keep it simple" process because eventually, after the process is created and the environment established, the day-to-day operations will be handed over to another team.

  1. Tech logs in with admin account (either from AD or creates local admin account)
  2. Mounts server share, where tech copies a Recon package to desktop
  3. Runs Recon package, which enrolls Mac into JSS, then, in post-flight script, policies to install software and to establish some settings will be run.
  4. Additional management of settings will be through configuration profiles.

frozenarse
Contributor II

Sean -
If the machine is straight out of the box, step 1 will require the creation of a local account correct? The machine has no prior knowledge of your domain.

donmontalvo
Esteemed Contributor III

In our testing:

  1. Set up Smart Computer Group with Serial Numbers of new Macs, or Macs to be (re)built.
  2. Install QuickAdd.
  3. JSS does the rest.

This assumes you'll have polices scoped to the group to do stuff like bind to domain, create user accounts, install software, configure services, add/delete stuff, etc...

Don

--
https://donmontalvo.com

stevewood
Honored Contributor II
Honored Contributor II

As @frozenarse stated, you'll need to setup a local account to do this. So your techs would have to run through the Setup Assistant to get to this point.

Rather than that, an external USB hard drive, or a thumb drive (I have not tried that yet), that has a minimal OS on it along with Casper Imaging is all you need:

  1. Tech unpacks the computer and plugs in the external drive.
  2. Hold down Option key to get boot picker and choose external drive to boot from.
  3. Casper Imaging starts up and the tech logs in to it and choose the thin config to load.
  4. Machine loads apps, scripts, and runs first boot script on restart.
  5. Tech logs in, unmounts external drive and unplugs. Hands computer to user.

That's a very down and dirty, very basic description. During step 4 your scripts would bind to your OD or AD, set any environment variables, etc. and all of your apps would get loaded.

To take it a step further and more automated, as @donmontalvo mentioned, you can create a Pre-Stage Imaging configuration that will make it automatic. This means that you'll need a system for getting serial numbers or MAC addresses into the JSS before the tech unboxes. A simple barcode reader can handle that in a few minutes.

  1. Tech that receives the equipment scans barcode into the Pre-Stage configuration for your thin imaging.
  2. Imaging tech unboxes equipment and plugs in external drive.
  3. Boots off of external drive. Casper Imaging is set to launch on startup.
  4. Casper Imaging finds the machine in the Pre-Stage config and automatically begins imaging machine.
  5. Machine loads apps, scripts, and runs first boot script on restart.
  6. Tech logs in, unmounts external drive and unplugs. Hands computer to user.

This is how I handle most of my machine imaging. I am a one man shop with a small foot print (roughly 140 machines) and we refresh a portion just about every month. I have about 35 machines coming in for my Feb/Mar refresh and I'll use this method (except I'll use a NBI to boot from). I can have a new machine imaged and ready (with CS 5.5 DS) loaded on it within 15 minutes.

Hope that helps.

donmontalvo
Esteemed Contributor III

@stevewood When we tested Thin Imaging, we installed QuickAdd and let JSS do the rest. This way you don't have to worry about booting off another drive, NetBoot, etc. In a global environment, as long as you have local Distribution Points, it's fairly fast and reliable.

To Steve's point, our test procedure did require a few minutes for the tech to get past the wizard and get to the Desktop to install QuickAdd. I have only done limited testing, very interested in getting some hands on (maybe at the DFW JAMF User Group? <g>).

--
https://donmontalvo.com

mahughe
Contributor

so, how do you all handle reimaging using the thin imaging method?

nessts
Valued Contributor II

well, we get images of new hardware for the forked instances and keep them around, and we make a unbooted image (many ways for that, AutoDMG, manually, the installer into the JSS etc) for all the hardware that can be supported by it. or you can do the internet recovery nightmare :)

donmontalvo
Esteemed Contributor III

@mahughe][/url We've always made base images, agnostic (including combo updater) handy, so we wouldn't have to rely on Internet Recovery to get the Base OS re-installed. Really trivial to build and manage, and great to be ready if there's a need. So while we try not to touch the OS on new Macs, we also have a fast/reliable/manageable way to re-image using Base OS images.

--
https://donmontalvo.com

mahughe
Contributor

we too have a base, and normally image everything even those out of the box with that image/config we use. I'm trying to use the same theory of Self Service OS X upgrade in the imaging process by dropping the OS X installer app into casper admin and running against it but not having any luck, though I just look at an old asr script we used that I'm going to try and modify if possible to run that installer as it would if it was called for via the script to launch the Self Service install.