PDA

View Full Version : Maintaining a Mac Computer Lab?




screwfilms
Jul 13, 2009, 06:09 PM
I help run a Computer Lab at a Film School in NYC, and we need a way to remotely maintain our lab.

Our lab consists of 50+ Macs (Mostly Intel Pro's and 24" Intel Imacs, with some PowerPc Imacs & Towers), and we've been using SuperDuper (http://www.shirt-pocket.com/SuperDuper/SuperDuperDescription.html) to maintain our systems (Updates, Install new software, restore defaults,etc.) and the process is constant: By the time we finish Restoring the last system, it's time to restart at the beginning. We've only got one Disk Image per Processor (one PPC, one Intel). Each image has ALL the applications we offer to the students (FCP Studio 2, CS3, etc) and anytime there's an update for these programs, or we add a program/workflow, we have to change the image.


What I would like to know is if anybody knows of a way for us to have our lab update on it's own, on a regular schedule? In a perfect world, we'd only have to maintain 2 machines (1 PPC, 1 Intel), and then each of the computers would clone the 2 Maintained images onto themselves, preferably once a day at night/one a week on weekends.

We'd like to be able to install a COMPLETE disk image (having to re-input the S/N's for our Volume Licenses are a dealbreaker).

Any thoughts? Bonus points for Terminal/Scripting Trickery, Open Source, et al.



assembled
Jul 13, 2009, 06:55 PM
instead of doing full disk images, just use differences

http://rsug.itd.umich.edu/software/radmind/

xparaparafreakx
Jul 14, 2009, 10:09 PM
Okay, so this is how to start the summer.

August, I create a new image and I like with all the apps I want and make the updates. I restore via firewire on a weekend. 15 minutes a machine and I have 3-4 laptops helping me.

Bind the machines to my Open Directory server. Set up apple remote desktop.

When updates come up, I NEVER INSTALL THEM. I learn some updates have bugs I do not want.

When I do want to do the updates, download the .pkg file from apple. On apple remote desktop, highlight the computer I want the update to be done. Click install package. Choose the update .pkg file that I downloaded from apple. It copies the .pkg file to each computer and installs it and restarts it.

What about updates that are not .pkg or need you to babysit it?

Use ard to send the file and run it. Then walk up to each machine and do the crap to it. Saved you time from putting in your flash drive and install it.

"Bonus points for Terminal/Scripting Trickery, Open Source, et al."

Use Mac OS X Server to host the image (.dmg). Have the computers on weekends to connect to the server and restore itself though the network.

I doubt you need to do that. Just use Apple Remote Desktop to send the updates you need.

Feel free to ask more questions or help on a step by step plan on your lab.

Les Kern
Jul 15, 2009, 07:12 AM
What I call "chasing updates" is a productivity killer. Most times it translates into "busy work", and offers no real benefit to the end user.
During the summer I begin working on the new images. Each lab or laptop cart (1,200 machines) has it's own needs, so about 12 different images are produced. Once the master is done, adding a CRITICAL update takes a few minutes. All images are sent via netrestore, and an entire lab takes a few hours after the workday is done. Once summer is over and all images have been restored using netboot, the work on updates ceases. Each machine, however, is linked to a specific update server in-house and used ONLY for critical updates during the school year. SOME software updates can be done via ARD, but again, only if they are deemed critical.
Unattended updates are a BAD idea, IMHO. You need to touch the machines and know.
So I'd suggest making the masters, hosting on one Intel server that also doubles as a local update server, and not touching it again unless REQUIRED. Use ARD for 3rd-party titles. If it is required, clone one machine, make a new master, toss it on the server, then netrestore all machines after work.

manowarwi
Jul 15, 2009, 10:17 AM
I help run a Computer Lab at a Film School in NYC, and we need a way to remotely maintain our lab.

Our lab consists of 50+ Macs (Mostly Intel Pro's and 24" Intel Imacs, with some PowerPc Imacs & Towers), and we've been using SuperDuper (http://www.shirt-pocket.com/SuperDuper/SuperDuperDescription.html) to maintain our systems (Updates, Install new software, restore defaults,etc.) and the process is constant: By the time we finish Restoring the last system, it's time to restart at the beginning. We've only got one Disk Image per Processor (one PPC, one Intel). Each image has ALL the applications we offer to the students (FCP Studio 2, CS3, etc) and anytime there's an update for these programs, or we add a program/workflow, we have to change the image.


What I would like to know is if anybody knows of a way for us to have our lab update on it's own, on a regular schedule? In a perfect world, we'd only have to maintain 2 machines (1 PPC, 1 Intel), and then each of the computers would clone the 2 Maintained images onto themselves, preferably once a day at night/one a week on weekends.

We'd like to be able to install a COMPLETE disk image (having to re-input the S/N's for our Volume Licenses are a dealbreaker).

Any thoughts? Bonus points for Terminal/Scripting Trickery, Open Source, et al.

I've started used DeployStudio which is a free imaging program that allows you to schedule reboots to the netboot server and then you can set an automatic workflow to then reimage them and rename them, etc.

Personally, I don't use this method. I create images once a year and clone all of my labs. With DeployStudio you can create custom workflows to install specific apps on specific machines based on group membership. On a weekly basis (or sometimes more or less often depending on Apple), I use ARD to push the unix command softwareupdate -i -a to install all of the Apple updates and use ARD to push .pkg updates for non-Apple apps. I only give my students User rights, so they can't mess anything up. Last year using this method I never had to reclone any workstations due to corruption. Only one system that had a failed HD.

xparaparafreakx
Jul 15, 2009, 12:30 PM
What I call "chasing updates" is a productivity killer. Most times it translates into "busy work", and offers no real benefit to the end user.

So damn true. My boss would say, hey there is an update. I would say there no *ucking point in doing them other then wasting our time.

This is high jacking but anyone if you guys do OD and AD integration?

manowarwi
Jul 15, 2009, 01:07 PM
So damn true. My boss would say, hey there is an update. I would say there no *ucking point in doing them other then wasting our time.

This is high jacking but anyone if you guys do OD and AD integration?

I do both. I don't use Apple's recommended OD passthrough for AD however - to me it adds a layer of complexity that is unnecessary. I bind first to OD for MCX Machine management only, and then bind to AD for user authentication (I don't do any additional OS X management at the user level).

xparaparafreakx
Jul 15, 2009, 01:15 PM
Okay this is going to sound crazy but wonder if this is possible.

I want the Mac computer to do its user authentication though AD and enforce GPO though OD. How would I do that?

manowarwi
Jul 15, 2009, 01:29 PM
Okay this is going to sound crazy but wonder if this is possible.

I want the Mac computer to do its user authentication though AD and enforce GPO though OD. How would I do that?

You may be confusing terms. Do you want to actually try to use Microsoft Group Policy Objects through OD to manage your Macs or are you just looking to use OD to enforce User/Group OS X policy that comes from AD? If you just want to manage Apple policy, those are MCX settings and you can either use OD alone to manage these settings or extend your AD schema and add your MCX settings there.

xparaparafreakx
Jul 15, 2009, 02:42 PM
You may be confusing terms. Do you want to actually try to use Microsoft Group Policy Objects through OD to manage your Macs or are you just looking to use OD to enforce User/Group OS X policy that comes from AD? If you just want to manage Apple policy, those are MCX settings and you can either use OD alone to manage these settings or extend your AD schema and add your MCX settings there.

Im looking to use OD to enforce Apple User/Group OS X policy.

Im sorry but I have no idea what MCX settings are. I guess you can call me a newbie Mac admin but I copied everything form the Mac OS X server book and it worked out for my lab plus or minus some research here and there. I been working for 3 years and only this year I have to add windows users to the mix.

manowarwi
Jul 15, 2009, 03:57 PM
Here is a great document for information on MCX settings:
http://web.me.com/johnd/JohnDs_Site/Tips_%26_Tricks/Entries/2008/10/27_Tips_%26_Tricks_for_Macintosh_Management_-_Leopard.html

Here is a different document that goes over integrating AD:
http://www.bombich.com/mactips/activedir.html

Oh and no need to apologize, this stuff is new to a lot of Mac users, especially as Macs are starting to integrate into PC dominated businesses and vise verse. I just wanted to make sure i was understanding you correctly before I gave any advice.

mperkins37
Jul 16, 2009, 01:05 PM
how do you handle fonts?
I have made made libraries before without testing each one and paid later...but how much font testing is enough?...do you have to print in each app you'll be using?

BittenApple
Jul 16, 2009, 01:25 PM
instead of doing full disk images, just use differences

http://rsug.itd.umich.edu/software/radmind/

radmind is the way to go. thats how we run one of the best mac labs in the country at my university. using radmind.

manowarwi
Jul 17, 2009, 08:07 AM
how do you handle fonts?
I have made made libraries before without testing each one and paid later...but how much font testing is enough?...do you have to print in each app you'll be using?

I used to use a group of fonts that were thrown together by our graphic design instructors and had numerous problems. I tried using Font Reserve and other management programs but always ran into trouble since the fonts came from all over - in fact I wasn't even sure if we had the legal right to use them.

A few years back I decided I had enough, got some lab grant money and purchased the Adobe Type Fonts for Education font set and install it on my image (no font management, just all active all the time). The faculty were happy with the selection and after that I haven't had any font problems. I think in three years I had 1 student complain about not having a desired font, but I have the faculty backing given the performance and stability improvement.