The document discusses managing Macs at NC State University using Jamf's Casper Suite. It provides an overview of the Casper Suite and NC State's implementation, then describes three scenarios: deploying a new Mac, upgrading an existing Mac, and installing a critical update. For new Mac deployment, it outlines the NetBoot, imaging, and post-imaging configuration process. For upgrades, it discusses continuous integration using additions, uninstalls, upgrades, and maintenance policies. For critical updates, it explains using extension attributes, smart groups, and targeted policies.
Strategies for Landing an Oracle DBA Job as a Fresher
Managing Macs with JAMF's Casper Suite
1. The Friendly Ghost
in the Machine:
Managing Macs with JAMF’s Casper Suite
Jason_Robinson@ncsu.edu
Everette_Allen@ncsu.edu
Tuesday, November 19, 13
2. Casper Suite - Overview
JSS (JAMF Software Server)
- web application (Tomcat and MySQL)
jamf binary
- installed on managed clients
Other components (Recon, Composer, Remote)
Tuesday, November 19, 13
3. Casper Suite 8
NCSU implementation
•
JSS setup - 2 Xserves with 4 T Xraid SAN
storage, 2 REL Virtual Machines (VMware) on
independent chassis under virtual ip address,
clustered.
•
Distributed support model on campus decisions made at college / department level
•
NC State manages 3532 total devices
(OS X 2778 and iOS 754)
Tuesday, November 19, 13
4. 3 Scenarios
1. Deploy a new Mac
2. Upgrade an existing Mac
3. Install a critical update
Tuesday, November 19, 13
5. Scenario 1 - Deploy a new Mac
Workflow:
•
•
•
•
Tuesday, November 19, 13
Unbox, plug in to network
(thunderbolt-ethernet adapter)
NetBoot
Casper Imaging runs automatically
Complete post-imaging tasks
6. Scenario 1 - Deploy a new Mac
NetBoot server, custom NetBoot image
•
•
•
•
Tuesday, November 19, 13
Recent OS X (10.8.5 / 10.9)
Auto login as root
Casper Imaging runs at login
MAC address filters on NetBoot image
7. Scenario 1 - Deploy a new Mac
Configuration (on JSS)
•
•
•
•
Tuesday, November 19, 13
Packages (e.g. Office, Chrome, etc.)
Scripts (e.g. set network time server)
Directory Bindings
Management account
8. Scenario 1 - Deploy a new Mac
PreStage (on JSS)
•
•
•
Tuesday, November 19, 13
installs the Configuration
sets Department (CALS-NEW)
limits scope (by Network Segment)
9. Scenario 1 - Deploy a new Mac
Post-imaging tasks
• Edit location information in JSS
• Add to Groups in JSS
• Add to network
• Migrate account(s)
Tuesday, November 19, 13
10. Scenario 1 - Deploy a new Mac
Why use thunderbolt-ethernet adapters?
So we don't have to:
• wait for DHCP updates (hourly)
• update MAC filter on NetBoot server
• update Scope of the PreStage on the JSS
Tuesday, November 19, 13
11. Scenario 2 - Update Existing Mac
aka Continuous Integration
Tuesday, November 19, 13
12. Scenario 2 - Update Existing Mac
aka Continuous Integration
Additions, Uninstalls, Upgrades: Set Priority
• Sweep out /Users
• Repair and Maintenance
Tuesday, November 19, 13
13. Scenario 2 - Update Existing Mac
aka Continuous Integration
Additions, Uninstalls, Upgrades: Set Priority
• Sweep out /Users
• Repair and Maintenance
Tuesday, November 19, 13
14. Scenario 2 - Update Existing Mac
aka Continuous Integration
Additions, Uninstalls, Upgrades: Set Priority
• Sweep out /Users
• Repair and Maintenance
Tuesday, November 19, 13
15. Scenario 2 - Update Existing Mac
aka Continuous Integration
Tuesday, November 19, 13
16. Scenario 2 - Update Existing Mac
aka Continuous Integration
Additions - New install of package
Tuesday, November 19, 13
17. Scenario 2 - Update Existing Mac
aka Continuous Integration
Additions - New install of package
• Uninstalls/Deletes - Script or uninstall
Tuesday, November 19, 13
18. Scenario 2 - Update Existing Mac
aka Continuous Integration
Additions - New install of package
• Uninstalls/Deletes - Script or uninstall
• Upgrades - Prioritized packages with
before/after scripts
Tuesday, November 19, 13
19. Scenario 2 - Update Existing Mac
aka Continuous Integration
Tuesday, November 19, 13
20. Scenario 2 - Update Existing Mac
aka Continuous Integration
Sweep out /Users ??
Tuesday, November 19, 13
21. Scenario 2 - Update Existing Mac
aka Continuous Integration
Sweep out /Users ??
• Are user files in /Uses on boot drive
Tuesday, November 19, 13
22. Scenario 2 - Update Existing Mac
aka Continuous Integration
Sweep out /Users ??
• Are user files in /Uses on boot drive
• Do we really want to “nuke” all users files
Tuesday, November 19, 13
23. Scenario 2 - Update Existing Mac
aka Continuous Integration
Sweep out /Users ??
• Are user files in /Uses on boot drive
• Do we really want to “nuke” all users files
• Do we need a backup first
Tuesday, November 19, 13
24. Scenario 2 - Update Existing Mac
aka Continuous Integration
Sweep out /Users ??
• Are user files in /Uses on boot drive
• Do we really want to “nuke” all users files
• Do we need a backup first
• NO UNDO!!
Tuesday, November 19, 13
25. Scenario 2 - Update Existing Mac
aka Continuous Integration
Tuesday, November 19, 13
26. Scenario 2 - Update Existing Mac
aka Continuous Integration
Repair and Maintenance
Tuesday, November 19, 13
27. Scenario 2 - Update Existing Mac
aka Continuous Integration
Repair and Maintenance
• Policy to do all cache cleans, maintenance, etc
Tuesday, November 19, 13
28. Scenario 2 - Update Existing Mac
aka Continuous Integration
Repair and Maintenance
• Policy to do all cache cleans, maintenance, etc
• Apply all Apple updates
Tuesday, November 19, 13
29. Scenario 2 - Update Existing Mac
aka Continuous Integration
Repair and Maintenance
• Policy to do all cache cleans, maintenance, etc
• Apply all Apple updates
• Only update inventory and reboot on last policy
Tuesday, November 19, 13
30. Scenario 3 - Apply a critical update
Goal: Apply a critical security update to
managed Macs quickly and efficiently.
Quickly = The next time a computer checks
in w/ the JSS.
Efficiently = Install on all clients that need
it, and only those that need it.
Tuesday, November 19, 13
31. Scenario 3 - Apply a critical update
Extension Attribute
•
Runs a script to collection information,
stores the result in the JSS.
#!/bin/bash
JavaPluginVersion=$(/usr/bin/defaults read
"/Library/Internet Plug-Ins/
JavaAppletPlugin.plugin/Contents/info"
CFBundleVersion)
echo "<result>$JavaPluginVersion</result>"
Tuesday, November 19, 13
32. Scenario 3 - Apply a critical update
Smart Group
•
Tuesday, November 19, 13
Based on the Extension Attribute, this group
contains an up-to-date list of all clients that
need the update
33. Scenario 3 - Apply a critical update
Policy
•
•
Tuesday, November 19, 13
Installs the update package
Scope is limited to the Smart Group
34. Scenario 3 - Apply a critical update
Reusable - Build once, re-use with only
minor changes for future updates.
Example:
•
•
•
Tuesday, November 19, 13
upload new .pkg
edit Smart Group criteria
flush policy history