NetBoot is a service that allows you to start up supported Apple computers from various types of disk images located on a Mac OS X Server, as shown in the following figure. You can create disk images containing Mac OS 9, Mac OS X, and Mac OS X Server system software that can be used by multiple network clients at once Because you can store up to 50 NetBoot/Network Install images on a NetBoot server, NetBoot provides a centralized source for system software you use to configure, test, and deploy. Note PowerPC- and Intel-based systems each require separate images, thus doubling the amount of space required to host images.
NetBoot is most effective in computing situations where there is a high possibility of user turnover and a large number of computers being deployed with a common set of tasks. NetBoot can also be used effectively in university computer labs, public kiosks, high performance clusters, and computers that are provided for reporters, for example, at sporting events. As with ASR, NetBoot requires a properly prepared and created disk image for the most efficient operation. This image can be created with the System Image Utility included with Mac OS X Server or by using NetRestore Helper. In this section, you will learn how to prepare and create a disk image to be used efficiently by the NetBoot service. NetBoot allows you to deploy software in three distinct ways:
Tip If using NetBoot or any full disk image restore to boot or load multiple machines running Mac OS X Server, you'll need to obtain a volume license key from your Apple sales representative. This is due to copy protection in place that prohibits multiple servers from using the same serial number. Similarly, if you have machines that came preinstalled with Mac OS X v10.3, you cannot install Mac OS X v10.4 without an upgrade license for each one of the machines set to receive the new image. NetBoot Image SourceA NetBoot image can be created using the following sources:
When you're creating a NetBoot image using a volume with an installed and configured Mac OS X system, the model computer on which you configure your image should be your newest and most powerful computer. Mac OS X is a highly portable operating system that will work with both newer hardware and older hardware; however, the move from the PowerPC to the Intel chipset will require separate NetBoot images, as neither system will recognize the other's bootable image. As with ASR images, you should also choose a computer that has the most hardware options and peripherals. For example, if you have at least one computer with a SuperDrive and/or a backlit keyboard, use that computer to create your image, even if most other computers don't have that option. Diskless NetBoot and the Role of the Local VolumeWith NetBoot, many clients can read from the same bootable image, but when a client needs to write anything back to its startup volume (such as print jobs and other temporary files), NetBoot automatically redirects the written data to shadow files on the client computer's file system, as shown in the following figure.
The shadow files preserve the unique identity of each client during the entire time it is started up from a NetBoot image. NetBoot transparently maintains changed user data in the shadow files and reads unchanged data from the shared system image. The shadow files are re-created at startup, so any changes made by the user to his or her startup volume are lost at restart. For example, if a user saves a document to the startup volume, after a restart that document will be gone. This behavior preserves the condition of the environment that the administrator set up. To allow users to save documents, provide accounts on a file server via Open Directory on Mac OS X Server using network accounts and network mounts. Shadow files are stored on the local startup volume unless the NetBoot image is designated as diskless. In this case, the shadow files are stored on the server. Designating a diskless NetBoot image is necessary if a local hard drive either doesn't exist or must remain untouched by system operationsfor instance, if you don't want your users to save any sensitive data to a local hard drive. Because the shadow files are frequently accessed, system performance can be affected when diskless NetBoot images are used. For this reason, shadow files should be stored on the local hard drive, except where diskless operation is necessary. Using System Image UtilityThe System Image Utility tool allows you to customize your NetBoot or Network Install images. This means that you can open an existing image, make changes, and re-create the image. System Image Utility replaces the older Network Image Utility of previous releases. Located in /Applications/Server in Mac OS X Server or on any computer with Server Administration tools installed, System Image Utility uses any one of the previously described image sources to create NetBoot images. Each tab of System Image Utility handles a different aspect of the image-creation manipulation process. The following are the tabs for both NetBoot and NetInstall images:
To create a new image with System Image Utility, do the following:
Note In early versions of Mac OS X v10.4, files and folders that are normally invisible appear when an image is deployed. To remedy this situation, mount the master image as read/write and insert the Mac OS X Install DVD. In the command line, navigate to the following directory
Then type sudo ./SetHidden /Volumes/mounted_master_disk_image_name hidden_MacOS9 Unmount the image,convert back to read-only, and rescan it for restore. Using NetRestore HelperIn addition to creating a master ASR disk image with NetRestore Helper, you can create Network Install images that are automatically set up to run NetRestore on startup. Use this to restore your target volume on your computers with your master image. To begin creating a Network Install image with NetRestore, do the following:
We've primarily discussed why these methods are a convenient way to administer computers. However, some of them also provide significant security protection for your computers. By using NetBoot or Radmind (see the Appendix, "Using Radmind") in your environment, you ensure that every time your computer is booted, the files in your operating system have not been tampered with and are the original files provided by your image. This significantly reduces the likelihood of malicious software living on your computer, and also protects against unauthorized user changes on public workstations. |