Help

Yosemite: Re-image or in-place upgrade?

mthakur
Contributor

Posted on ‎05-21-2015 06:45 AM

Hello everyone,

My management is asking some questions about deploying Yosemite, and any feedback or recommendations based on your experience would be very welcome.

  • Would you recommend an in-place upgrade vs a wipe/re-image to install Yosemite (or any minor version upgrade of OSX in general – moving from 10.x to 10.y)?
  • What problems have you incurred with in-place upgrades, as opposed to a wiping the filesystem and re-imaging?
  • What's the typical size of a network download, both for in-place updates and for an image?
  • How long does it typically take per computer, start to finish, to update in place, vs wipe/re-image?
  • If wipe/re-imaging is preferred, would you recommend a remote or network install (i.e. machine to network), or a Thunderbolt 2 connection (i.e. machine to machine/external drive)?
  • If wipe/re-imaging is recommended, how best to preserve user login accounts and customizations, such as background screen, custom dictionaries, and the like, during the wipe-and-reinstall?
  • Does use of EFI firmware passwords, or FileVault 2 encryption tilt the balance towards either in-place updates or wipe/re-image?
  • Should an exception, i.e. separate update path, be made for specific computers that need their firmware to be updated (e.g. EFI or SMC or Thunderbolt firmware)?
  • Should in-place updates and/or network installs be preferred for desktop hardware (e.g. 27" iMacs, MacPros), since they are more difficult to move physically to/from an imaging station?
  • Any other general advice or words of wisdom?

Background:
The major issue for management appears to be the costs of additional labor (e.g. overtime) for techs to visit each user in person, retrieve the computers, wipe/re-image at an imaging station, and then return the computers to users. What really got management's attention is that these costs have to be repeated each year, since Apple typically releases OS X updates annually.
So anything that would speed up the update process, or reduce the need for labor, would be greatly welcomed.

Thank you very much!

Current environment: 1/3 desktops (iMacs, MacPros), 2/3 laptops, all 2013 models or later, running Mavericks with EFI firmware passwords, and FileVault 2 encryption on the laptops (only). The Macs are bound into Active Directory and are managed via JAMF Casper Suite v9.72 (JSS, Composer, and Casper Admin).

Labels:
0 Kudos
Reply
3 REPLIES 3

wdpickle
Contributor

Posted on ‎05-21-2015 07:16 AM

We do both reimage and in-place upgrades. It depends on a few things. We are K-12 so lab machines are reimaged, period. Thunderbolt drives either USB for older models or the thunderbolt connector for newer, 15~20 minutes. We do not force filevault so only tech staff have this typically. EFI passwords are tech staff only.
Other machines are an either or situation for us. If the user has all data backed up (or so they say) we will image with the understanding that all personalizations will go away. We image and return the machine within about 20 minutes. The machine is clean and updated to a "standard" set up.
For in-place upgrades we allow either download from the store or run from Self Service. For self service we cache the packages locally(10ish minutes to drop on a user's machine). Download time for the store varies with the user's network. Inside the district down load normally takes about 20~30 minutes.10.10.3 upgrade takes about an hour from start to finish (normally).
We have had 2 users lose all data on the MacBooks they were upgrading on their own. Somehow it was taking to long so they unplugged the power, shut the lids and took them home. One of the users found out Monday (yes, they left on Friday) the MacBook would not finish the upgrade, we discovered the hard drive was less than pristine. A re-partition and re-format resolved both issues. Neither user had backups on other media, one had copied all their data to a folder on their desktop. No, not a good place to store a backup.
Hope that helps some.

0 Kudos
Reply

sanaumann
New Contributor III

Posted on ‎05-21-2015 08:00 AM

Couldn't you set up something where users can be pushed the upgrade and then the policies will follow?

0 Kudos
Reply

cdev
Contributor III

Posted on ‎05-21-2015 11:37 AM

I think both options are perfectly viable, but YMMV. In the case of our environment, we had significant issues with machines bricking after running the upgrade (the dreaded 10.10.2 boot cache issue) among other problems (disabled the antivirus, upgrades took 1-4 hours, etc), and so our deployment was as an erase and re-image (about 20-40 minutes). Users were able to kick-off the process via Self Service to simplify the process, so all in all, pretty painless. After 3 consecutive years of nuke and pave, however, we're getting a lot of pressure to make the upgrade in-place an option for the next time around (and one I hope to provide).

0 Kudos
Reply