Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

  • Print
  • + Share This
This chapter is from the book

Deploying System Images

Deploying system images is, relative to creating them, quick and easy. This, of course, is the point of system deployment; your goal is to deploy this system image as quickly as possible to your computers.

The Apple Software Restore (ASR) system built into Mac OS X suits this goal nicely by providing a highly optimized system restoration mechanism. The term “restore” is used here to mean the process by which you copy the contents of a system disk image to a bootable system volume. Thus, the ASR system is technically a volume duplication mechanism that can be used to make bit-for-bit clones of entire volumes in a matter of minutes.

In this section you will learn how to use the ASR system to restore system images to local volumes. The source for those system images can be either another local volume or shared on the network. Note that this section focuses specifically on system restore techniques, which will be demonstrated as if you were restoring to a single volume. Scaling out these techniques to all your computers simply means repeating the restoration workflow over and over again for each computer. This type of automation is easily handled using a script or a remote management tool such as Apple Remote Desktop 3.

Also note that, as with any system restoration mechanism, the ASR restoration process requires an actively booted system to run it. In other words, you cannot restore an operating system to a local volume without first booting the computer from another operating system that has already been deployed. Further, using the ASR system you cannot restore an operating system on top of the operating system your computer is currently using. Because most Macs have only a single local volume, this presents a “chicken before the egg” type of situation, the solution to which is the main focus of Chapter 5, “Using NetBoot for Deployment.”

Apple Software Restore Fundamentals

The ASR process is essentially a highly optimized volume duplication system. When restoring locally, the source can be a disk image prepared for deployment or any mounted Mac OS formatted volume, including volumes that reside on external drives, optical media, and nonprepared disk images. Thus, you could actually use the ASR restore mechanism to make perfect clones from one volume to another. The only requirement is that the ASR restore process must be able to unmount and copy the source volume. This requirement limits you to source volumes that are not currently being used as a startup disk.

The restore destination volume can be any nonoptical storage device mounted locally to the Mac running the restore process. This includes any nonsystem volumes on a partitioned hard drive, volumes on external drives, and even volumes that reside in read/write disk images. The only requirement is that the ASR process must be able to unmount and replace the destination volume contents. Again, this requirement is why you cannot restore to a volume that is currently being used as a startup disk.

The size of your restore destination is also a consideration. Obviously, the restore process works only if your destination volume is as large or larger than the source volume contents. If the destination volume is larger, the ASR process will simply leave the remaining volume space as is. The exception to this is when restoring at the device level. The ASR process can also restore or clone an entire storage device, including all partitions, to another device. This technique is rarely used because the ASR process will have to reformat the destination device with the exact same partition scheme as the source device. Thus, the destination device must always be as large or larger than the source device, and any extra space on the destination device will not be formatted.

ASR uses two methods for duplicating a volume. The most commonly used method is the erase and copy. With this method the ASR process completely erases the destination volume and performs a very fast block-level copy. This method is often 10 times faster than the alternative, and it always results in the “cleanest” system restore.

However, if you need to retain the contents of the destination volume, you can perform a file copy. With this method the ASR process copies the items one at a time, replacing any items on the destination volume with the items from the source volume. It’s important to realize that the ASR process does not consider the age or version of individual items and will replace all items on the destination volume with a similar item from the source volume.

Finally, ASR can perform a verification of the restore. The verification process ensures that your restore or clone was fully completed without error to the destination. It does this by comparing the destination to the source. This verification doubles the amount of time it takes to complete the ASR restoration process, but it guarantees an error-free restoration or clone.

Restoring System Images Locally

For very small deployments, or the occasional reimaging of a repaired computer, nothing beats the speed and simplicity of restoring your system image locally.

  • If you have two Macs and a FireWire cable, you can place the destination Mac, the computer receiving the new system image, in FireWire target disk mode. Select the target disk mode either in the Startup Disk system preference or by holding down the T key during startup. Then plug the destination Mac into another Mac with access to your system image. You will be able to restore your entire system image to the destination Mac in a matter of minutes.
  • If you don’t have a spare Mac handy, you can install a copy of Mac OS X to an external FireWire or USB drive and simply start from the external drive. This external drive should also contain your system image, which you would then restore to the internal drive of the Mac. Further, you can install additional administrative and maintenance tools on this external drive and create a portable Mac toolkit of sorts for all your local system administration needs.
  • The ASR restoration mechanism is included on the bootable Mac OS X Install DVD, which is extremely useful if you need to restore an internal system drive but don’t have a second Mac handy to run the ASR process. Simply boot your Mac from the installation media, connect an external drive that contains the system image, and restore to the local volume. You can also use this technique to clone the internal system drive from your Mac, booted from the DVD, to the internal system drive of another Mac in target disk mode.

Regardless of the equipment setup or startup method you choose, you can access the ASR system from either the graphical interface using the Disk Utility application or the command line using the asr tool.

Using ASR Locally from the Disk Utility Application

To use ASR locally from the Disk Utility application:

  1. Open the Disk Utility application, select any storage item from the list on the left, and then click the Restore tab. The storage item you select from the list has no relation to the items you will choose for the restore process.
  2. From the Finder or the Disk Utility item list, drag a source volume or prepared disk image to the Source field. You can also click the Image button to select a disk image from an Open browser dialog.
  3. From the Disk Utility item list, drag a destination volume to the Destination field.
  4. Specify whether to perform the faster ASR erase and block-level copy method by selecting the “Erase destination” checkbox. If you don’t select this option, ASR will use the slower file copy method. Then click Restore.

    ASR verification is enabled by default when using Disk Utility and cannot be disabled in the Mac OS X v10.5 version of Disk Utility.

  5. In the verification dialog box that appears, click Erase, and then authenticate as an administrative user.

    The ASR system will unmount the destination, and source volume if one was specified, and begin the restore or clone process.

    Disk Utility will show you a progress indicator in the lower-right corner, and when ASR is complete will remount the destination volume. When a source volume, as opposed to a prepared disk image, is used, the source will be remounted as well.

Using ASR Locally from the Command Line

You can directly access the ASR system by using the asr command. The syntax is asr restore -source followed by the path to the source volume or prepared disk image, then -target followed by the path to the destination volume, and then any options such as -erase or -noverify.

In the following example, Michelle uses the asr command to restore a prepared disk image on her desktop, ModularSystem.dmg, to the Macintosh HD volume. Note that she has to run the asr command with root access and that she has specified the faster erase and block-level copy method. Also, because she chose the erase method, she was prompted to enter a “y” to validate her option, if she had entered the -noprompt option this safeguard would have been bypassed.

MyMac:~ michelle$ sudo asr restore -source Desktop/ModularSystem.dmg -target
/Volumes/Macintosh\ HD/ -erase
  Validating target...done
  Validating source...done
  Erase contents of /dev/disk1s10 (/Volumes/Macintosh HD)? [ny]: y
  Erasing target device /dev/disk1s10...done
  Retrieving scan information...done
  Validating sizes...done
  Restoring  ....10....20....30....40....50....60....70....80....90....100
  Verifying  ....10....20....30....40....50....60....70....80....90....100
  Remounting target volume...done

Restoring System Images via a Network

The ASR system can restore from disk images shared over a network connection. You can choose among several methodologies, including both unicast and multicast network protocols. Supported unicast network protocols include AFP, SMB, and HTTP file sharing; the only supported multicast protocol is the proprietary multicast ASR protocol.

Using the ASR system restore from a source disk image via the network still requires a method of starting up your computer from a drive other than the startup disk you wish to restore. Again, you can start a Mac from any local bootable volume containing an installed copy of Mac OS X.

Using Unicast Protocols with ASR

Unicast network protocols remain the dominant file-sharing protocols because most users require different information at different times. Unicast simply means there is a single connection between the computer sharing the resource and the computer accessing the resource. For smaller network deployments, unicast solutions are totally appropriate and easier to set up than multicast solutions.

You can restore an ASR image from an AFP, NFS, or SMB share point. This is similar to using an ASR image locally. You use exactly the same methods as you would with a locally stored disk image. Simply drag the disk image file into the Restore interface in Disk Utility, or specify the appropriate file system path when using the asr command.

The ASR system can also directly access a prepared disk image from an HTTP, or web, server. The transfer mechanism is still unicast, but many web servers have been highly optimized for multiple clients and can scale to provide tremendous throughput when accepting connections from multiple clients. The implementation process is as simple as placing your prepared disk images on a web server of your choice, and then entering the URL as the source when using the asr command.

The following example illustrates what Michelle would enter at the command line to restore a prepared system image, hosted on the PretendCo web server, to a local destination volume.

MyMac:~ michelle$ sudo asr restore -source
ModularSystem.dmg-target /Volumes/Macintosh\ HD/ -erase

Multicast ASR Fundamentals

With multicast ASR you can share a prepared disk image over the network without setting up any other services. The ASR system can provide increased network performance by transmitting the disk image data via a multicast network protocol. Using a multicast protocol allows you to simultaneously restore a prepared disk image to 100 or 1,000 computers in roughly the same amount of time it would take to restore it for 1 computer.

This feat is accomplished by a single Mac, hosting the prepared disk image, broadcasting the disk image data to the network in a continuous loop. Other Macs on the network can “hook in” to this data stream and start restoring to a local volume. Because the data stream is on a continuous loop, it doesn’t matter where in the stream the destination Macs start their restore process because they can simply wait for the appropriate data to come around again until the entire image is restored. Also, if any network packets are missed by the destination Macs, they simply wait for those packets to come around again.

Therefore, if you have a multicast ASR stream running and you use a remote management tool such as ARD to kick off the restore process at the exact same time on all your deployed systems, they will all finish in roughly the same amount of time it would take you to restore a single Mac. If you were using a unicast network protocol and attempted the same thing, your server and network would slow to a crawl, as each Mac would attempt to initiate an individual connection to your server hosting the image.

The only caveats here, and they are big ones, is that your network hardware must support multicast protocols, and the multicast ASR stream can seriously degrade your network’s performance for other protocols. For these reasons multicast ASR streams should never be attempted during operational hours on your general use network. In many cases during an initial sitewide deployment, a preparation area is set up with a dedicated closed network running a looping multicast ASR stream. The computers are then brought into this area to be imaged and deployed when the imaging is complete.

Configuring a Multicast ASR Stream

To set up a multicast ASR server, all you need is a Mac OS X or Mac OS X Server computer connected to your wired Ethernet network, a copy of the system image you wish to deploy, and an ASR service configuration property list file. This configuration file is an XML-formatted text document that specifies the network settings for the multicast ASR stream. There are two property keys required by this file:

  • Multicast Address—This is the multicast address for the data stream. This address can be anywhere between and, but you should consult with your network administrator for an appropriate address.

  • Data Rate—This is the desired data rate in bytes per second. For example, entering 5000000 would indicate that you want a stream of 5 megabits per second (Mbit/s).

Finding the correct data rate may take some experimenting, as data rates that are too high will yield high network packet loss, slowing the restore operation or causing it to fail. Other variables to take into consideration include network speed, other network traffic, computer processor speed, and destination drive speed. Generally, you can expect successful data rates between 2 Mbit/s and 20 Mbit/s. A good rule of thumb is to start with 6 Mbit/s on 100 megabit networks and 12 Mbit/s on gigabit networks, then make adjustments based on feedback from the asr restore process.

You can further fine-tune your multicast ASR stream by including the following optional keys:

  • DNS Service Discovery—This value determines if the server should be advertised via DNS Service Discovery. This setting defaults to true.

  • Client Data Rate—This is the data rate at which the slowest client can write data to its target.

  • Multicast TTL—This value indicates time to live on the multicast packets.

  • Port—Use this value to indicate a custom port used in the initial client-server handshake.

You can create the multicast ASR service configuration file using any text editor, the Property List Editor application, or the defaults command. The quickest way to get started is to use the defaults command. In the following example, Michelle uses defaults write to create a new ASR service configuration file named asrconfig.plist to her Documents folder. As you can see, she chooses a Data Rate of 6 Mbit/s and a Multicast Address of

MyMac:~ michelle$ defaults write ~/Documents/asrconfig.plist "Data Rate" -int 6000000
MyMac:~ michelle$ defaults write ~/Documents/asrconfig.plist "Multicast Address"

Starting a Multicast ASR Stream

Once the multicast ASR service configuration file is created, you can use the asr command to start the multicast stream. Continuing the previous example, Michelle uses asr -server followed by the path to the configuration file she just created, and then -source followed by the path to the prepared disk image that will be streamed to the destination Macs. Notice that she must use root access to start the multicast ASR service.

MyMac:~ michelle$ sudo asr -server Documents/asrconfig.plist
-source /Volumes/Storage/ModularSystem.dmg
Ready to start accepting clients
Starting stream Wed Apr 15 18:29:29 2008
Starting stream Wed Apr 15 18:41:37 2008

The stream will not start until the first client makes the connection, as indicated by the asr command’s output of “Starting stream...” on the Mac hosting the stream. This stream will continue to loop, as indicated by each entry of “Starting stream...” The stream loop will continue indefinitely until it is killed either by a sudo killall asr command issued from another command-line session or by the Command-period keyboard combination entered at the terminal.

Restoring from a Multicast ASR Stream

Restoring from a multicast ASR stream is just as easy as restoring from any other source. The only change is that you specify the URL for the Mac hosting the ASR stream as the source image. The following example illustrates what Michelle would enter at the command line to restore from a multicast ASR stream hosted on a Mac at IP address to a local destination volume.

MyMac:~ michelle$ sudo asr restore -source asr://
/Volumes/Macintosh\ HD/ -erase

Using the Apple Predelivery Deployment Solution for New Macs

As an alternative to deploying your custom system image to new Mac computers, you can have the Apple Custom Software Solutions (CSS) team do the work for you before your new Macs even arrive.

The CSS team will first build a system image for you based on your deployment requirements. Then they will thoroughly test the system image to make sure all software and configurations work properly. Once you sign off on a fully tested system image, you will be given a custom Apple part number to order from. Any time you order that part number the CSS team will deploy your custom system image to the new Mac hardware at the factory before the computer is shipped to your location.

  • + Share This
  • 🔖 Save To Your Account

Peachpit Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Peachpit and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Peachpit products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020