Managing Macs with JAMF's Casper Suite

1,648 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,648
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Managing Macs with JAMF's Casper Suite

  1. 1. The Friendly Ghost in the Machine: Managing Macs with JAMF’s Casper Suite Jason_Robinson@ncsu.edu Everette_Allen@ncsu.edu Tuesday, November 19, 13
  2. 2. Casper Suite - Overview JSS (JAMF Software Server) - web application (Tomcat and MySQL) jamf binary - installed on managed clients Other components (Recon, Composer, Remote) Tuesday, November 19, 13
  3. 3. Casper Suite 8 NCSU implementation • JSS setup - 2 Xserves with 4 T Xraid SAN storage, 2 REL Virtual Machines (VMware) on independent chassis under virtual ip address, clustered. • Distributed support model on campus decisions made at college / department level • NC State manages 3532 total devices (OS X 2778 and iOS 754) Tuesday, November 19, 13
  4. 4. 3 Scenarios 1. Deploy a new Mac 2. Upgrade an existing Mac 3. Install a critical update Tuesday, November 19, 13
  5. 5. Scenario 1 - Deploy a new Mac Workflow: • • • • Tuesday, November 19, 13 Unbox, plug in to network (thunderbolt-ethernet adapter) NetBoot Casper Imaging runs automatically Complete post-imaging tasks
  6. 6. Scenario 1 - Deploy a new Mac NetBoot server, custom NetBoot image • • • • Tuesday, November 19, 13 Recent OS X (10.8.5 / 10.9) Auto login as root Casper Imaging runs at login MAC address filters on NetBoot image
  7. 7. Scenario 1 - Deploy a new Mac Configuration (on JSS) • • • • Tuesday, November 19, 13 Packages (e.g. Office, Chrome, etc.) Scripts (e.g. set network time server) Directory Bindings Management account
  8. 8. Scenario 1 - Deploy a new Mac PreStage (on JSS) • • • Tuesday, November 19, 13 installs the Configuration sets Department (CALS-NEW) limits scope (by Network Segment)
  9. 9. Scenario 1 - Deploy a new Mac Post-imaging tasks • Edit location information in JSS • Add to Groups in JSS • Add to network • Migrate account(s) Tuesday, November 19, 13
  10. 10. Scenario 1 - Deploy a new Mac Why use thunderbolt-ethernet adapters? So we don't have to: • wait for DHCP updates (hourly) • update MAC filter on NetBoot server • update Scope of the PreStage on the JSS Tuesday, November 19, 13
  11. 11. Scenario 2 - Update Existing Mac aka Continuous Integration Tuesday, November 19, 13
  12. 12. Scenario 2 - Update Existing Mac aka Continuous Integration Additions, Uninstalls, Upgrades: Set Priority • Sweep out /Users • Repair and Maintenance Tuesday, November 19, 13
  13. 13. Scenario 2 - Update Existing Mac aka Continuous Integration Additions, Uninstalls, Upgrades: Set Priority • Sweep out /Users • Repair and Maintenance Tuesday, November 19, 13
  14. 14. Scenario 2 - Update Existing Mac aka Continuous Integration Additions, Uninstalls, Upgrades: Set Priority • Sweep out /Users • Repair and Maintenance Tuesday, November 19, 13
  15. 15. Scenario 2 - Update Existing Mac aka Continuous Integration Tuesday, November 19, 13
  16. 16. Scenario 2 - Update Existing Mac aka Continuous Integration Additions - New install of package Tuesday, November 19, 13
  17. 17. Scenario 2 - Update Existing Mac aka Continuous Integration Additions - New install of package • Uninstalls/Deletes - Script or uninstall Tuesday, November 19, 13
  18. 18. Scenario 2 - Update Existing Mac aka Continuous Integration Additions - New install of package • Uninstalls/Deletes - Script or uninstall • Upgrades - Prioritized packages with before/after scripts Tuesday, November 19, 13
  19. 19. Scenario 2 - Update Existing Mac aka Continuous Integration Tuesday, November 19, 13
  20. 20. Scenario 2 - Update Existing Mac aka Continuous Integration Sweep out /Users ?? Tuesday, November 19, 13
  21. 21. Scenario 2 - Update Existing Mac aka Continuous Integration Sweep out /Users ?? • Are user files in /Uses on boot drive Tuesday, November 19, 13
  22. 22. Scenario 2 - Update Existing Mac aka Continuous Integration Sweep out /Users ?? • Are user files in /Uses on boot drive • Do we really want to “nuke” all users files Tuesday, November 19, 13
  23. 23. Scenario 2 - Update Existing Mac aka Continuous Integration Sweep out /Users ?? • Are user files in /Uses on boot drive • Do we really want to “nuke” all users files • Do we need a backup first Tuesday, November 19, 13
  24. 24. Scenario 2 - Update Existing Mac aka Continuous Integration Sweep out /Users ?? • Are user files in /Uses on boot drive • Do we really want to “nuke” all users files • Do we need a backup first • NO UNDO!! Tuesday, November 19, 13
  25. 25. Scenario 2 - Update Existing Mac aka Continuous Integration Tuesday, November 19, 13
  26. 26. Scenario 2 - Update Existing Mac aka Continuous Integration Repair and Maintenance Tuesday, November 19, 13
  27. 27. Scenario 2 - Update Existing Mac aka Continuous Integration Repair and Maintenance • Policy to do all cache cleans, maintenance, etc Tuesday, November 19, 13
  28. 28. Scenario 2 - Update Existing Mac aka Continuous Integration Repair and Maintenance • Policy to do all cache cleans, maintenance, etc • Apply all Apple updates Tuesday, November 19, 13
  29. 29. Scenario 2 - Update Existing Mac aka Continuous Integration Repair and Maintenance • Policy to do all cache cleans, maintenance, etc • Apply all Apple updates • Only update inventory and reboot on last policy Tuesday, November 19, 13
  30. 30. Scenario 3 - Apply a critical update Goal: Apply a critical security update to managed Macs quickly and efficiently. Quickly = The next time a computer checks in w/ the JSS. Efficiently = Install on all clients that need it, and only those that need it. Tuesday, November 19, 13
  31. 31. Scenario 3 - Apply a critical update Extension Attribute • Runs a script to collection information, stores the result in the JSS. #!/bin/bash JavaPluginVersion=$(/usr/bin/defaults read "/Library/Internet Plug-Ins/ JavaAppletPlugin.plugin/Contents/info" CFBundleVersion) echo "<result>$JavaPluginVersion</result>" Tuesday, November 19, 13
  32. 32. Scenario 3 - Apply a critical update Smart Group • Tuesday, November 19, 13 Based on the Extension Attribute, this group contains an up-to-date list of all clients that need the update
  33. 33. Scenario 3 - Apply a critical update Policy • • Tuesday, November 19, 13 Installs the update package Scope is limited to the Smart Group
  34. 34. Scenario 3 - Apply a critical update Reusable - Build once, re-use with only minor changes for future updates. Example: • • • Tuesday, November 19, 13 upload new .pkg edit Smart Group criteria flush policy history
  35. 35. Questions? Tuesday, November 19, 13
  36. 36. More Resources: jamfsoftware.com jamfnation.com slideshare.net Jason_Robinson@ncsu.edu Everette_Allen@ncsu.edu Tuesday, November 19, 13

×