Hi, I have been doing a bit of reading on the new terminal based deployments for OS deploys. Its all very well and nice but im curious what other organisations are doing for masses of macs and larger images.
for instance, our sound image requires logic, protools and ableton - with all the libraries. thats over 80gb of data that isnt best sent over our network times hundreds of macs. prior to this we created a master image with all things required, then used a combo of jamfpro imaging with pen drives. the images were coming back ridiculously fast (destroying our SCCM PXE and USB times) and they require pretty much no interaction - named, on domain, all first runs bypassed and ready to go literally coming back to a login screen. the beauty of it was we could kick it off and walk away (ie kick off labs and go home) knowing a student could just log in as normal when it was done.
i like the idea of OS pkg deployment and scripting a partition and install but as near as i can tell it doesnt give the machine a meaningful name, nor does it get rid of the first run process. its suddenly a massive manual job and a huge step back.
perhaps i have missed something and other folks are doing more clever things? if anyone is doing something similar can you take 2mins to drop a post here and i would be very grateful...
many thanks in advance...
It's a different way of doing it but once it's setup it's better since it's more modular.
You can either add prestage packages or install the packages locally so they re-install when running an erase/re-install script.
Once the the re-install has been done our remaining installs are based on smart groups (exist, doesn't exist etc).
I noticed (after we migrated to our new install proceess) that lot of our Mac's were missing firmware updates because we used monolithic imagin so there's are lot's of benefits of keeping it vanilla.
For better or for worse the modern solution in 2020 is using DEP (now automated device enrollment) with a specific prestage for those Macs that pumps the 80 GB's of packages over the network along with any scripts/custom settings you need for first time launch.
It's not as simple as back in the good ole days of just running through everything and then capturing the image, so it does require more management back end work. The main advantage of this process is that its modular. So yes you might be installing 20 bulky pkgs over the network to several labs, but you can swap out those packages each semester/year (or even during the semester!) as needed without having to create a whole new image.
So at the end of the day I don't think you really save any time in the present, where you save time is in the years to come. You'll just update and tweak that prestage and those policies as needed and depending on how you config should be able to do everything over the network with a very simple light touch to go through Apple Setup every time a Mac is wiped or replaced.
My two cents: times have changed, and you should be investing in your network capacity to be able to handle network deployments. You are sacrificing a lot, primarily agility, to save up-front deployment time that you can make up in other areas.
With a DEP workflow, I have our complete setup from boot to "done" down to 8 minutes. Only ~1 minute of that requires the tech/user to get through Apple Setup, the rest is fully automated and 100% modular so I can make changes at any time (update a pkg, config, etc). Pen drives need to be updated and people sometimes forget, but centralized network-based deployments are always current and can't be messed up.
Look at the big picture, not just one aspect of it. Don't get hung up on your limitations, unless you are planning to take proactive action to address them instead of work around them. If you make sure your network is modernized, then you can give time back to the people who are building and testing images, updating pen drives, etc.
thanks for the input folks. i think its clear i need to rebuild this wheel. Ill go do some more reading to look at DEP. If our network isnt up to it (sometimes the phones go down when we do OSX deployments with large libraries) then i guess thats on the network team to modernise.
Depending on what other infrastructure you have available a specific prestage is not a requirement. All you really need is a way to get the computers into the right smart groups and then deploy as you would any other pkg.
I configured ours to have a first run script that pulled the machines location from an asset database, re invenroied, the re checked fornew deployments. As a result there were just smart groups based on location with appropriate deployments configured that ran shortly after first boot.
All third party stuff worked fine, the biggest issue was actually VPP apps, there is always some delay before these successfully deploy.
All our non DEP Mac's have got specific packages cached which are re-installed together with the "One button re-install" approach (https://www.jamf.com/blog/reinstall-a-clean-macos-with-one-button/). The script wipes and re-installs the MacOS, installs the admin account package (for the securetoken) and finally the quickadd package and Splashbuddy. After the re-install (which takes about 10-15 mins for the MacOS) we input the Mac name and location in SplashBuddy. All the other application installs are then handled by smart groups.
I used this to create the admin package: https://github.com/gregneagle/pycreateuserpkg
I used this to skip the applesetup assistant: https://github.com/MagerValp/SkipAppleSetupAssistant
I signed the packages using these instructions: https://managingosx.wordpress.com/2017/11/17/customized-high-sierra-install-issues-and-workarounds/
After testing that the packages work I created a script which I wrapped it up as an application with Platypus.
Finally I've created a package which contains all the folders and MacOS installer which I roll out to all Mac's in a pre-specified support folder location. Any user with admin rights can initiate it (or it can be initiated via Jamf as a policy either automatically or via SelfService).
Hope this helps.
@Paitcheson I highly recommend MacDeployStick, or MDS check them out at macadmins slack #twocanoes-mds. You can combine MDS with DEPNotify or SplashBuddy. You can use Automatons to make it automated. We use this using our thunderbolt external ssd drives and not worry about network congestion. And the BEST part, its FREE!