This chapter is from the book
This chapter is from the book
This chapter is from the book
Deploying System Images
Deploying system images is, relative to creating them, quick and easy. This, of course, is the point of system deployment; your goal is to deploy this system image as quickly as possible to your computers.
The Apple Software Restore (ASR) system built into Mac OS X suits this goal nicely by providing a highly optimized system restoration mechanism. The term “restore” is used here to mean the process by which you copy the contents of a system disk image to a bootable system volume. Thus, the ASR system is technically a volume duplication mechanism that can be used to make bit-for-bit clones of entire volumes in a matter of minutes.
In this section you will learn how to use the ASR system to restore system images to local volumes. The source for those system images can be either another local volume or shared on the network. Note that this section focuses specifically on system restore techniques, which will be demonstrated as if you were restoring to a single volume. Scaling out these techniques to all your computers simply means repeating the restoration workflow over and over again for each computer. This type of automation is easily handled using a script or a remote management tool such as Apple Remote Desktop 3.
Also note that, as with any system restoration mechanism, the ASR restoration process requires an actively booted system to run it. In other words, you cannot restore an operating system to a local volume without first booting the computer from another operating system that has already been deployed. Further, using the ASR system you cannot restore an operating system on top of the operating system your computer is currently using. Because most Macs have only a single local volume, this presents a “chicken before the egg” type of situation, the solution to which is the main focus of Chapter 5, “Using NetBoot for Deployment.”
Apple Software Restore Fundamentals
The ASR process is essentially a highly optimized volume duplication system. When restoring locally, the source can be a disk image prepared for deployment or any mounted Mac OS formatted volume, including volumes that reside on external drives, optical media, and nonprepared disk images. Thus, you could actually use the ASR restore mechanism to make perfect clones from one volume to another. The only requirement is that the ASR restore process must be able to unmount and copy the source volume. This requirement limits you to source volumes that are not currently being used as a startup disk.
The restore destination volume can be any nonoptical storage device mounted locally to the Mac running the restore process. This includes any nonsystem volumes on a partitioned hard drive, volumes on external drives, and even volumes that reside in read/write disk images. The only requirement is that the ASR process must be able to unmount and replace the destination volume contents. Again, this requirement is why you cannot restore to a volume that is currently being used as a startup disk.
The size of your restore destination is also a consideration. Obviously, the restore process works only if your destination volume is as large or larger than the source volume contents. If the destination volume is larger, the ASR process will simply leave the remaining volume space as is. The exception to this is when restoring at the device level. The ASR process can also restore or clone an entire storage device, including all partitions, to another device. This technique is rarely used because the ASR process will have to reformat the destination device with the exact same partition scheme as the source device. Thus, the destination device must always be as large or larger than the source device, and any extra space on the destination device will not be formatted.
ASR uses two methods for duplicating a volume. The most commonly used method is the erase and copy. With this method the ASR process completely erases the destination volume and performs a very fast block-level copy. This method is often 10 times faster than the alternative, and it always results in the “cleanest” system restore.
However, if you need to retain the contents of the destination volume, you can perform a file copy. With this method the ASR process copies the items one at a time, replacing any items on the destination volume with the items from the source volume. It’s important to realize that the ASR process does not consider the age or version of individual items and will replace all items on the destination volume with a similar item from the source volume.
Finally, ASR can perform a verification of the restore. The verification process ensures that your restore or clone was fully completed without error to the destination. It does this by comparing the destination to the source. This verification doubles the amount of time it takes to complete the ASR restoration process, but it guarantees an error-free restoration or clone.
Restoring System Images Locally
For very small deployments, or the occasional reimaging of a repaired computer, nothing beats the speed and simplicity of restoring your system image locally.
- If you have two Macs and a FireWire cable, you can place the destination Mac, the computer receiving the new system image, in FireWire target disk mode. Select the target disk mode either in the Startup Disk system preference or by holding down the T key during startup. Then plug the destination Mac into another Mac with access to your system image. You will be able to restore your entire system image to the destination Mac in a matter of minutes.
- If you don’t have a spare Mac handy, you can install a copy of Mac OS X to an external FireWire or USB drive and simply start from the external drive. This external drive should also contain your system image, which you would then restore to the internal drive of the Mac. Further, you can install additional administrative and maintenance tools on this external drive and create a portable Mac toolkit of sorts for all your local system administration needs.
- The ASR restoration mechanism is included on the bootable Mac OS X Install DVD, which is extremely useful if you need to restore an internal system drive but don’t have a second Mac handy to run the ASR process. Simply boot your Mac from the installation media, connect an external drive that contains the system image, and restore to the local volume. You can also use this technique to clone the internal system drive from your Mac, booted from the DVD, to the internal system drive of another Mac in target disk mode.
Regardless of the equipment setup or startup method you choose, you can access the ASR system from either the graphical interface using the Disk Utility application or the command line using the asr tool.
Using ASR Locally from the Disk Utility Application
To use ASR locally from the Disk Utility application:
- Open the Disk Utility application, select any storage item from the list on the left, and then click the Restore tab. The storage item you select from the list has no relation to the items you will choose for the restore process.
- From the Finder or the Disk Utility item list, drag a source volume or prepared disk image to the Source field. You can also click the Image button to select a disk image from an Open browser dialog.
- From the Disk Utility item list, drag a destination volume to the Destination field.
- Specify whether to perform the faster ASR erase and block-level copy method by selecting the “Erase destination” checkbox.
If you don’t select this option, ASR will use the slower file copy method. Then click Restore.
ASR verification is enabled by default when using Disk Utility and cannot be disabled in the Mac OS X v10.5 version of Disk Utility.
- In the verification dialog box that appears, click Erase, and then authenticate as an administrative user.
The ASR system will unmount the destination, and source volume if one was specified, and begin the restore or clone process.
Disk Utility will show you a progress indicator in the lower-right corner, and when ASR is complete will remount the destination volume. When a source volume, as opposed to a prepared disk image, is used, the source will be remounted as well.
)
)
)
Using ASR Locally from the Command Line
You can directly access the ASR system by using the asr command. The syntax is asr restore -source followed by the path to the source volume or prepared disk image, then -target followed by the path to the destination volume, and then any options such as -erase or -noverify.
In the following example, Michelle uses the asr command to restore a prepared disk image on her desktop, ModularSystem.dmg, to the Macintosh HD volume. Note that she has to run the asr command with root access and that she has specified the faster erase and block-level copy method. Also, because she chose the erase method, she was prompted to enter a “y” to validate her option, if she had entered the -noprompt option this safeguard would have been bypassed.
MyMac:~ michelle$ sudo asr restore -source Desktop/ModularSystem.dmg -target /Volumes/Macintosh\ HD/ -erase Password: Validating target...done Validating source...done Erase contents of /dev/disk1s10 (/Volumes/Macintosh HD)? [ny]: y Erasing target device /dev/disk1s10...done Retrieving scan information...done Validating sizes...done Restoring ....10....20....30....40....50....60....70....80....90....100 Verifying ....10....20....30....40....50....60....70....80....90....100 Remounting target volume...done
Restoring System Images via a Network
The ASR system can restore from disk images shared over a network connection. You can choose among several methodologies, including both unicast and multicast network protocols. Supported unicast network protocols include AFP, SMB, and HTTP file sharing; the only supported multicast protocol is the proprietary multicast ASR protocol.
Using the ASR system restore from a source disk image via the network still requires a method of starting up your computer from a drive other than the startup disk you wish to restore. Again, you can start a Mac from any local bootable volume containing an installed copy of Mac OS X.
Using Unicast Protocols with ASR
Unicast network protocols remain the dominant file-sharing protocols because most users require different information at different times. Unicast simply means there is a single connection between the computer sharing the resource and the computer accessing the resource. For smaller network deployments, unicast solutions are totally appropriate and easier to set up than multicast solutions.
You can restore an ASR image from an AFP, NFS, or SMB share point. This is similar to using an ASR image locally. You use exactly the same methods as you would with a locally stored disk image. Simply drag the disk image file into the Restore interface in Disk Utility, or specify the appropriate file system path when using the asr command.
The ASR system can also directly access a prepared disk image from an HTTP, or web, server. The transfer mechanism is still unicast, but many web servers have been highly optimized for multiple clients and can scale to provide tremendous throughput when accepting connections from multiple clients. The implementation process is as simple as placing your prepared disk images on a web server of your choice, and then entering the URL as the source when using the asr command.
The following example illustrates what Michelle would enter at the command line to restore a prepared system image, hosted on the PretendCo web server, to a local destination volume.
MyMac:~ michelle$ sudo asr restore -source http://www.pretendco.com/deployment/ ModularSystem.dmg-target /Volumes/Macintosh\ HD/ -erase
Multicast ASR Fundamentals
With multicast ASR you can share a prepared disk image over the network without setting up any other services. The ASR system can provide increased network performance by transmitting the disk image data via a multicast network protocol. Using a multicast protocol allows you to simultaneously restore a prepared disk image to 100 or 1,000 computers in roughly the same amount of time it would take to restore it for 1 computer.
This feat is accomplished by a single Mac, hosting the prepared disk image, broadcasting the disk image data to the network in a continuous loop. Other Macs on the network can “hook in” to this data stream and start restoring to a local volume. Because the data stream is on a continuous loop, it doesn’t matter where in the stream the destination Macs start their restore process because they can simply wait for the appropriate data to come around again until the entire image is restored. Also, if any network packets are missed by the destination Macs, they simply wait for those packets to come around again.
Therefore, if you have a multicast ASR stream running and you use a remote management tool such as ARD to kick off the restore process at the exact same time on all your deployed systems, they will all finish in roughly the same amount of time it would take you to restore a single Mac. If you were using a unicast network protocol and attempted the same thing, your server and network would slow to a crawl, as each Mac would attempt to initiate an individual connection to your server hosting the image.
The only caveats here, and they are big ones, is that your network hardware must support multicast protocols, and the multicast ASR stream can seriously degrade your network’s performance for other protocols. For these reasons multicast ASR streams should never be attempted during operational hours on your general use network. In many cases during an initial sitewide deployment, a preparation area is set up with a dedicated closed network running a looping multicast ASR stream. The computers are then brought into this area to be imaged and deployed when the imaging is complete.
Configuring a Multicast ASR Stream
To set up a multicast ASR server, all you need is a Mac OS X or Mac OS X Server computer connected to your wired Ethernet network, a copy of the system image you wish to deploy, and an ASR service configuration property list file. This configuration file is an XML-formatted text document that specifies the network settings for the multicast ASR stream. There are two property keys required by this file:
-
Multicast Address—This is the multicast address for the data stream. This address can be anywhere between 224.0.0.0 and 239.255.255.255, but you should consult with your network administrator for an appropriate address.
-
Data Rate—This is the desired data rate in bytes per second. For example, entering 5000000 would indicate that you want a stream of 5 megabits per second (Mbit/s).
Finding the correct data rate may take some experimenting, as data rates that are too high will yield high network packet loss, slowing the restore operation or causing it to fail. Other variables to take into consideration include network speed, other network traffic, computer processor speed, and destination drive speed. Generally, you can expect successful data rates between 2 Mbit/s and 20 Mbit/s. A good rule of thumb is to start with 6 Mbit/s on 100 megabit networks and 12 Mbit/s on gigabit networks, then make adjustments based on feedback from the asr restore process.
You can further fine-tune your multicast ASR stream by including the following optional keys:
-
DNS Service Discovery—This value determines if the server should be advertised via DNS Service Discovery. This setting defaults to true.
-
Client Data Rate—This is the data rate at which the slowest client can write data to its target.
-
Multicast TTL—This value indicates time to live on the multicast packets.
-
Port—Use this value to indicate a custom port used in the initial client-server handshake.
You can create the multicast ASR service configuration file using any text editor, the Property List Editor application, or the defaults command. The quickest way to get started is to use the defaults command. In the following example, Michelle uses defaults write to create a new ASR service configuration file named asrconfig.plist to her Documents folder. As you can see, she chooses a Data Rate of 6 Mbit/s and a Multicast Address of 244.0.0.10.
MyMac:~ michelle$ defaults write ~/Documents/asrconfig.plist "Data Rate" -int 6000000 MyMac:~ michelle$ defaults write ~/Documents/asrconfig.plist "Multicast Address" 224.0.0.10
Starting a Multicast ASR Stream
Once the multicast ASR service configuration file is created, you can use the asr command to start the multicast stream. Continuing the previous example, Michelle uses asr -server followed by the path to the configuration file she just created, and then -source followed by the path to the prepared disk image that will be streamed to the destination Macs. Notice that she must use root access to start the multicast ASR service.
MyMac:~ michelle$ sudo asr -server Documents/asrconfig.plist -source /Volumes/Storage/ModularSystem.dmg Password: Ready to start accepting clients Starting stream Wed Apr 15 18:29:29 2008 Starting stream Wed Apr 15 18:41:37 2008
The stream will not start until the first client makes the connection, as indicated by the asr command’s output of “Starting stream...” on the Mac hosting the stream. This stream will continue to loop, as indicated by each entry of “Starting stream...” The stream loop will continue indefinitely until it is killed either by a sudo killall asr command issued from another command-line session or by the Command-period keyboard combination entered at the terminal.
Restoring from a Multicast ASR Stream
Restoring from a multicast ASR stream is just as easy as restoring from any other source. The only change is that you specify the URL for the Mac hosting the ASR stream as the source image. The following example illustrates what Michelle would enter at the command line to restore from a multicast ASR stream hosted on a Mac at IP address 10.1.0.50 to a local destination volume.
MyMac:~ michelle$ sudo asr restore -source asr://10.1.0.50-target /Volumes/Macintosh\ HD/ -erase
Using the Apple Predelivery Deployment Solution for New Macs
As an alternative to deploying your custom system image to new Mac computers, you can have the Apple Custom Software Solutions (CSS) team do the work for you before your new Macs even arrive.
The CSS team will first build a system image for you based on your deployment requirements. Then they will thoroughly test the system image to make sure all software and configurations work properly. Once you sign off on a fully tested system image, you will be given a custom Apple part number to order from. Any time you order that part number the CSS team will deploy your custom system image to the new Mac hardware at the factory before the computer is shipped to your location.