Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 23-26 Las Vegas, NV. Mirage Resort. Session ID # Mac Provisioning Best Practices Mike Stahulak – Development Engineer Bennett.

Published byJeffry Cummings Modified over 7 years ago

Similar presentations

Presentation on theme: "May 23-26 Las Vegas, NV. Mirage Resort. Session ID # Mac Provisioning Best Practices Mike Stahulak – Development Engineer Bennett."— Presentation transcript:

1 May 23-26 Las Vegas, NV. Mirage Resort

2 Session ID # Mac Provisioning Best Practices Mike Stahulak – Development Engineer Mike.stahulak@landesk.com Bennett Norton – Pre-sales Engineer @bennettnorton blog: http://appleintheenterprise.com UEMB160

3 New OS X Provisioning Actions  Core Storage  Fusion Drive  Recovery Partition  Device Name Prompter  Mapped Software  Agent Settings  Configure Agent

4 Demo Click to Watch the Example Video

5 GitHub Script Repository 5 https://github.com/northice/LDMS-Scripts

6 The Big 5 Architecture Pieces LDMS 2016, SU3 & OS X Agent 1081 NetBoot Image NetBoot Listener or NBI USB Preferred Package Server AFP or SMB Image Share

7 Understanding the LANDESK NBI 77 System Image Utility Step 1 Apple NBI Step 2 Apple NBI OS X Startup Scripts LANDESK Agent LANDESK Disk Stamper Utility LANDESK NBI

8 LANDESK NBI Build Tips  Always use the latest OS installer from Apple, paying attention to the dot release  Ensure you have the most up-to-date LANDESK Mac agent  Compress the NBI when transferring to a Windows machine and extract on the machine itself 88 Click to Watch the Example Video

9 Configure the NetBoot Service OS X Server NetInstall LANDESK PXE Representative

10 System Integrity Protection & NetBoot  You cannot remotely reboot to NetBoot on an El Capitan machine unless you have whitelisted the NetBoot server  Boot to the machine’s recovery disk, OS Installer or NetBoot environment and run ‘csrutil netboot add ipaddress’  This requires a physical touch to every machine  Resetting the NVRAM removes this setting  Script provided in the notes to add to a whitelist specific NetBoot image. See the video for details.  1010 Click to Watch the Example Video

11 Preferred Package Server & Image Share Preferred Package Server SMB or AFP File Share Click to Watch the Example Video

12 Creating Your Gold Image  Use the open source tool AutoDMG – it builds an image directly from the OS X installer making the image completely hardware independent  As part of the image creation process, AutoDMG will also create everything needed to deploy the Recovery partition  Leverage additional tools/scripts with AutoDMG such as CreateUserPkg, Skip Apple Setup Assistant and Disable iCloud and Diagnostics Pop  Shout out to Per Olofsson and Rich Trouton for the scripts/utilities  Links to the scripts/utilities available in the speaker notes  1212 Click to Watch the Example Video

13 Discovering the Correct Partition Identifier for Templates  Open Terminal on the you’ll either be capturing or deploying to  Make note of the Identifier for the partition(s). You’ll need the proper Identifier when creating the capture template or when disabling Core Storage on your deployment template.  Typically the correct identifier for OS X will be disk0s2 unless Core Storage has been enabled and then the logical volume of disk1 may be the correct choice. §Open Terminal on your machine you want to capture the image from, run the command Diskutil List and make note of the Identifier for the partition to be imaged. You’ll need the proper Identifier when creating the capture template. In this example, disk1 is the proper Identifier.

14 Provisioning Template Chooser  Only templates in the Public Folder will be displayed  When prompted for credentials, make sure the user provided is a LANDESK user.  A valid Windows account will grant you access to select a template, but it will fail to create a scheduled task on the core.  If your LANDESK user is tied to a domain account, make sure you enter your username as a domain\user.  1414

15 Provisioning Template Chooser – Detailed View  To watch the provisioning actions being executed from within a terminal window during the provisioning process, prior to booting into the NBI session, open up a Terminal window and run the command:  sudo nvram ldosdterm=1  Note: This is a permanent flag that would need to be removed if you want the template picker to automatically show the next time you image the machine. To so do, from within a terminal window, type: sudo nvram –d ldosdterm  Boot to the LANDESK NBI  When the NBI loads, you’ll be presented with a terminal prompt instead of the Template Choooser  Within the terminal window, type: /Library/Application\ Support/LANDesk/bin/ldpprovision  Select your desired template and authenticate  1515

16 Deploy Template Best Practice

17 The Five Steps of a Deployment Template System Migration All actions take place within the pre-OS boot environment or within the OS currently installed Use this step to mount shares, copy files off, collect user data and reboot the device to NetBoot Pre-OS Installation All actions take place within the NetBoot environment This phase is destructive to any existing data Use this step to create the partition structure, typically a the OS partition and a Recovery partition OS Installation All actions take place within the NetBoot environment Use this step to deploy your Mac image, Recovery partition image and Windows image if desired Post-OS Installation All actions take place within the NetBoot environment Use this step to rename the machine, deploy the LANDESK agent and reboot into the newly deployed operating system System Configuration All actions take place within the newly deployed operating system Use this step to deploy software, change agent settings (configuration profiles with LDAP bindings, security settings, WiFi), install mapped software and restore previously copied off profile information

18 Creating a Mac Deploy Template  Go to Tools > Provisioning > OS Provisioning > New Template and select Mac Deploy Template  Provide a template name  Enter a template description if desired  Specify the SMB or AFP path for your captured OS X image, i.e. smb://ldserver.ldlab.org/Imaging/OSX.dmg  If also deploying a Windows image, check the Include Windows Image box  Provide the SMB or AFP path for your captured Windows image, i.e. smb://ldserver.ldlab.org/Imaging/Windows10.i mage  Ignore the profile path

19 NetBoot Reboot  If you do not plan to use the NetBoot feature (i.e. provisioning a brand new machine), remove this action completely. If you don’t remove it, when the device reboots into the System Configuration phase it will attempt to retry the failed NetBoot action at that point causing the whole process to start over.  If you are going to Netboot, edit the Netboot action in the System Migration step  Ensure the NetBoot radio button is selected  Enter the NetBoot server using the format ‘bdsp://ipaddress.’ This will be your PXE representative or OS X server

20 Disable Core Storage  You can’t erase a drive that is involved with core storage. So in order to partition the disk, Core Storage needs to be disabled.  Add the Partition action to the Pre-OS Installation step  Select Set Core Storage for the Action Type  Select the Disable radio button  Enter the disk identifier for the Logical Volume, likely disk1. Diskutil list will tell you for sure  Rename the action to something more identifiable, by right clicking on the action and selecting properties.

21 Create Partitions  Edit the Create Partitions action in the Pre-OS Installation step  Change the Disk ID from 0 to disk0. The template wizard does not automate this piece correctly.  If using the AutoDMG image, no additional partitions will need to be added. If you’ve captured your image from a machine, add in a second partition for the recovery partition. Name the volume Recovery HD and set the size to 860 with a Journaled HFS+ file system type  Add a MSDOS partition if deploying a Windows image as well. You can specify the size in a percentage of the drive if you desire.

22 Fusion Drive Partitions  If deploying to a Fusion Drive, edit the Create Partitions action in the Pre-OS Installation phase  Change the Action type to Create an OS X Fusion Drive  Set the partition identifiers, likely disk0s2 and disk1s2  Provide the desired volume name, the default is Macintosh HD, and set the file system type to Journaled HFS+  Rename the action to something more identifiable by right clicking on the action and selecting properties.  Note: Fusion drives do not need the enable core storage action

23 Deploy an Image  It’s likely you’ll not need to tweak the Deploy an Image action in the OS Installation step, the only item to pay attention to is the disk identifier (/dev/disk0s2) listed in the command line. Make sure this matches to what you’ve defined in the Create Partitions action.  If deploying to a Fusion drive, you may need to set the identifier to disk2 or other depending on the number of drives in the device.  If you want to enable Core Storage, perform that action after you’ve deployed your image and rebooted into the OS so you know exactly what identifiers to use

24 Deploy a Recovery Image  Again, if using the AutoDMG image, this step will not be required. It will take care of it automatically as part of the standard image deploy action.  If using your own image capture, add the Deploy an Image action to the OS Installation step  Provide the SMB or AFP file path and recovery image name ending with.dmg  Select the Mac Image radio button  Check the box for ‘This is a recovery partition’  Click the Validate button to build the command-line parameters  Change the disk0s2 to disk0s3 or whatever you set in the Create Recovery Partition action.  Rename the action to something more identifiable, by right clicking on the action and selecting properties.

25 Configure Agent  The Configure Agent action from the GUI, is only available in the System Configuration phase. However, in order to successfully move into the System Configuration phase, you’ll need to move your Configure Agent action into the Post-OS Installation area. So add your action in the System Configuration step, select your desired agent from the Configuration dropdown menu, apply it and then drag it up to the Post-OS Installation step.  Note: Make sure your agent you’re deploying does not include Mac AV at this point. The reboots caused by AV will mess up the provisioning process. If you want to add in AV, deploy it as your last action in the System Configuration phase.  In addition to moving the action into the Post-OS Installation step, there is a variable that needs to be added to tell the agent installer to what partition do you want to write to. Go to the properties of the action and add in the variable “volumename” and insert the name of the disk volume specified in your Create Partitions action, the default name for OS X being Macintosh HD * This action has some known issues in LDMS 2016. An update post SU3 will address them.

26 Reboot Action  In order to continue on the provisioning process, once the OS loads, we need to schedule a task to start provisioning again. Do this with a reboot action, specifying the correct partition.  Add the action Reboot/shutdown to the Post-OS Installation step as the last action in that section*  Select the Reboot radio button  Set a timeout value if desired  Set the partition identifier to disk0s2 or to whatever matches your Deploy Image action.  If you’ve enabled Core Storage the value may be disk1. Best practice would be to enable Core Storage in the System Configuration to avoid confusion  If you’re working with a Fusion drive, the value may be disk2, depending on the number of drives in the system. * This action has some known issues in LDMS 2016. An update post SU3 will address them.

27 Device Name Prompter  Add the action Device Name Prompter to the Post-OS Installation step  Select the desired radio button, LDHostName, Mapped HostName or Name Template.  If choosing Name Template, create your naming schema using sequences and machine variables

28 Distribute Software  Add the action Distribute Software to the System Configuration step  Select your desired package from your packages list  Rename the action in the Properties panel for the action to match the name of the software to deploy

29 Install Mapped Software  Add the Install Mapped Software action to the System Configuration phase  This action is only needed if performing an upgrade or a rebuild. If there are no machine mappings, this step will show as successful and just move on.  Make sure you’ve performed the software mappings under Provisioning > OS Provisioning > Tools > Product to Package Mappings

30 Change Agent Settings  You can easily tweak how the standard agent behaves or apply additional configuration profiles using the Change Agent Settings  Add the action Change Agent Settings to the System Configuration step  Select the Mac Configuration Profile agent setting that contains all of the desired configuration profiles  Adjust any other desired agent setting, such as the Reboot settings or Distribution and Patch settings  Rename the action to something more identifiable by right clicking on the action and selecting properties.

31 Active Directory Binding  To bind a Mac to AD, you’ll need to build a Configuration Profile in Profile Manager on an OS X server and import that profile into a Mac Configuration Profile agent setting  Add the action Change Agent Settings to the System Configuration step  From the Mac Configuration Profile type, select your agent setting that contains your AD binding profile  Rename the action to something more identifiable by right clicking on the action and selecting properties.

32 Enable Core Storage  Core Storage is enabled by default on all new Macs. It is a good idea to re-enable this option on your newly deployed Mac image. Unless you deployed to a Fusion Drive, you’ll need to create an action to do this.  In the OS Installation area, add a Provisioning Action.  Select Set Core Storage for the Action Type  Select the Enable radio button  Enter the disk identifier for the drive you deployed your image to, likely disk0s2.  Rename the action to something more identifiable, by right clicking on the action and selecting properties.  Now move the action to the System Configuration phase. If you leave it in the OS Installation step, it’ll be harder to know what identifier to use in your other actions.

33 LANDESK Actions as Package Scripts  Add the action Distribute Software to the System Configuration step  Select your package script from your list of Software Distribution packages  Rename the action to something more identifiable by right clicking on the action and selecting properties. From the Distribute Software

34 Capture Template Best Practice

35 Image Capture Decision  In most scenarios, using AutoDMG to create your image is going to be the most ideal as the image will be completely hardware independent.  However, if you want to capture a unique custom configuration, maybe with multiple partitions (Mac and Windows), you can leverage a Capture Mac Template

36 The Five Steps of a Capture Template System Migration All actions take place within the pre-OS boot or within the OS currently installed Use this step to reboot the fully configured device to NetBoot Pre-OS Installation All actions take place within the NetBoot environment This phase is destructive to any existing data so use caution It's likely that you will not need to perform any actions for a capture template OS Installation All actions take place within the NetBoot environment Use this step to capture your Mac image, Recovery partition image and Windows image if desired Post-OS Installation All actions take place within the NetBoot environment Use this step to reboot or shutdown the machine after the image capture System Configuration All actions take place within the newly deployed operating system This step is not needed for a capture tempalte

37 Creating a Capture Template  Go to Tools > Provisioning > OS Provisioning > New Template and select Empty Template  Provide a name for your capture template  Change the Boot Environment to NetBoot  Change the Target OS to Mac OS X  Add a description if desired

38 Netboot Reboot  Add the Reboot/shutdown action to the System Migration step  Select the NetBoot radio button  Enter the NetBoot server using the format ‘bdsp://ipaddress’  Deselect the box ’Stop processing the template if this action fails’

39 Capture an OS X Image  Add the Capture an Image action to the OS Installation phase  Provide the image capture path and file name appending with.dmg  Ensure the Mac Image radio button is selected  Hit the validate button  Change the partition identifier in the command based on your ‘diskutil list’ command; it’s likely disk0s2 is correct but verify on your machine

40 Capture an OS X Recovery Partition  Add the Capture an Image action to the OS Installation phase  Provide the image capture path and file name appending with.dmg  Ensure the Mac Image radio button is selected  Hit the validate button  Change the partition identifier in the command based on your ‘diskutil list’ command; it’s likely that it’ll be disk0s3 but verify on your machine

41 Capture a Windows Image  Add the Capture an Image action to the OS Installation phase  Provide the image capture path and file name appending with.image  Ensure the Windows Image radio button is selected  Hit the validate button  Change the partition identifier in the command based on your ‘diskutil list’ command; it’s likely that it’ll be disk0s3 or disk0s4 but verify on your machine

42 Reboot / Shutdown Action  Add the Reboot/shutdown action to the Post-OS Installation Phase  Select the Reboot or Shutdown radio button  If selecting Reboot, enter the desired Partition to reboot to, likely disk0s2

43 Troubleshooting https://community.landesk.com/docs/DOC-35276

44 Thank you

Download ppt "May 23-26 Las Vegas, NV. Mirage Resort. Session ID # Mac Provisioning Best Practices Mike Stahulak – Development Engineer Bennett."

Similar presentations

FILEMAKER SERVER SOFTWARE & REMOTE ADMINISTRATION

FILEMAKER SERVER SOFTWARE & REMOTE ADMINISTRATION
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.

VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.

Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.
Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003.

Hands-On Microsoft Windows Server 2003 Administration Chapter 10 Monitoring and Troubleshooting Windows Server 2003.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Chapter 12 - Backup and Disaster Recovery1 Ch. 12 – Backups and Disaster Recovery MIS 431 – Created Spring 2006.

Chapter 12 - Backup and Disaster Recovery1 Ch. 12 – Backups and Disaster Recovery MIS 431 – Created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Lab 03 Windows Operating Systems (Cont.). PYP002 Preparatory Computer ScienceWindows Operating System2 Objectives Develop a good understanding of 1. The.

Lab 03 Windows Operating Systems (Cont.). PYP002 Preparatory Computer ScienceWindows Operating System2 Objectives Develop a good understanding of 1. The.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
Week:#14 Windows Recovery

Week:#14 Windows Recovery
SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.

SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Installing Windows Vista Lesson 2. Skills Matrix Technology SkillObjective DomainObjective # Performing a Clean Installation Set up Windows Vista as the.

Installing Windows Vista Lesson 2. Skills Matrix Technology SkillObjective DomainObjective # Performing a Clean Installation Set up Windows Vista as the.
Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.
Guide to MCSE 70-290, Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Mac OS X Imaging Training for Deployment Server 6.9 May 27, 2009.

Mac OS X Imaging Training for Deployment Server 6.9 May 27, 2009.
Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.

Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.

Similar presentations

Ads by Google