How do I set up NetBoot?

I'd like to help, but I haven't been through it yet myself. We're going to be switching our computer classroom with 2 Power Macs and 34 iMacs to a netboot configuration with our Mac OS X Server as soon as school is out in June. We weren't brave enough to switch while school was in session. I wish you luck and will be glad to share my experiences once we start the transformation.

We've gotten used to managing our own setup because of improperly trained I.T. people. Last week, the Los Angeles Unified School District decided to change the IP address range assigned to our school. Did they think to tell us? No. All of our Internet access stopped working. When we complained, they sent a techie out, who reprogrammed the main router and then tried to change our Mac OS X Server setup while saying "I don't really know Macs." He of course didn't do it right and left it worse than when he started. The student computers could no longer connect to the server within the room. So two of us volunteers went in this morning, undid what he did, and made the correct changes. And this I.T. guy gets paid for his work!

I mentioned above that we plan to switch our computer classroom to netbooting at the end of the school year. Well, it's time. We're going to start the switchover this Saturday.

If anybody has advice for me, now's the time to post it! Thanks.

And I'll report how it went when we finish.

--- What we have now ---

Server:
* Power Mac G4 Server, Mac OS X Server 10.1

Clients, all with Mac OS X 10.1:
* 34 CRT iMacs for 34 students
* 1 Power Mac G4 for the teaching assistant
* 1 Power Mac G4 for the teacher

Applications for students: Photoshop, Illustrator, Dreamweaver MX, Flash MX, MS Office, MS Internet Explorer, UltraKeys (keyboarding), and all the iApps from Apple.

Application for the teacher: Apple Remote Desktop

Booting, users, and file access: Each machine boots off its own disk. Individual login names are defined for 34 students times 6 class periods. All home directories reside on the server. Applications are installed separately on each machine.

Network: hardwired within room, T1 line to the Internet (shared directly, no filtering by the server), one subnet used. Individual IP addresses are assigned to each Mac (not using DHCP).

--- What we plan ---

We have purchased Jaguar for all machines and will start by upgrading the server and the teacher G4.

We plan to set up the 34 iMacs and T.A. Power Mac for netbooting, leaving only the server and teacher Power Mac booting on their own. We think this will save us maintenance work in the long run.

The procedure to establish a vanilla netboot of Mac OS X seems straightforward, but I'm not sure how to make sure all of our applications will run. For example, I don't know whether they should be in the netboot image or whether they should be run from the server. And I don't know what licensing surprises await us when we try to run them with every Mac being a Jango Fett-style clone of every other Mac. I imagine that we'll have to get preference settings set up correctly before cloning and that it'll take a few tries to get it right.

Well, I spent 9 hours in our computer classroom yesterday, doing the upgrade to Jaguar and trying netbooting for the first time. My co-volunteer and I set up this classroom a year ago, using Mac OS X 10.1 and this was our chance to move to 10.2. (See above for a description of our setup.)

Here are the steps we took and where things went right and wrong. All steps were performed on the server unless otherwise noted. To avoid embarrassing myself, I've conveniently omitted the missteps where I did something stupid and then undid it and backed up a step; the story is long enough without all that!

1. We used Server Admin to export our 300-or-so user and group definitions as an XML file.

2. We used Carbon Copy Cloner to back up the boot disk to its second disk. We booted off it to make sure it worked.

3. On the server and one iMac, we installed Mac OS X 10.2 fresh because previous experience has taught us that upgrading from 10.1 to 10.2 produces various problems that a clean install avoids. We added our applications back to the iMac.

4. We used Workgroup Manager to (a) define the sharepoint we use for student home folders (on the second disk), (b) set them to automount, and (c) import the 300 users and groups.

5. We used Macintosh Manager to define a group, import the user list from Workgroup Manager, and set the server directory that we use for student home folders to be automounted.

6. We read and reread documentation because something puzzled us. We already use DHCP with our router as the DHCP server, so we didn't want to also run DHCP on our 10.2 server. But the Network Image Utility, which creates netboot images, clearly requires that DHCP service be active. However, we found that we could turn on DHCP service while we created netboot images and then turn it off, with no effect on whether or not the netboot images worked. Odd, but our trick worked.

7. We used Server Settings to start DHCP service and the Configure DHCP/Netboot option to enable dynamic netbooting on the builtin Ethernet interface.

8. We used Network Image Utility to create a netboot image (test.nbi), using Mac OS X 10.2.3 installation CDs as the source, so we'd have a perfectly "vanilla" system from which to try netbooting.

9. We used Server Settings to enable test.nbi and to turn off DHCP service.

10. We set the iMac's startup disk to be test.nbi and restarted. It found the image and started the netboot, only to get a kernel panic partway through (spinning stripes phase). Using another Mac, we confirmed that the netboot image was at fault, not the iMac. We could find no way around this problem, as it appeared that Network Image Utility produced a broken netboot image, even though its content looked as expected (a system disk dmg and supporting metafiles).

11. On the iMac, we used a feature of Carbon Copy Cloner to create a netboot image of the iMac onto an external firewire drive. We moved the resulting imac.nbi file to the /Library/Netboot folder on the server where netboot images reside. We enabled it with Server Settings on the server.

12. We set the iMac's startup disk to be imac.nbi and restarted. It found the image and the netboot worked! We finally exhaled! Then we patted ourselves on the back and said "thank heaven for Carbon Copy Cloner".

We had some followup steps to do to make sure applications still worked but this went better than expected. We will need to make a few adjustments to the "master" iMac, add the latest client for Apple Remote Desktop, and then recreate the netboot image, since we got a few settings wrong and you apparently can't use Network Image Utility to update an existing netboot image, only to create a new one from scratch, despite Apple's documentation to the contrary.

Bottom line: Once we upgrade all other iMacs to Jaguar, they will all be able to netboot. That was our goal and we're pleased with what we accomplished in a single day.

Another followup task will be to upgrade the teacher's Power Mac to the latest Apple Remote Desktop and see if/how it works with a room full of netbooted iMacs. I don't know how Apple Remote Desktop identifies its clients when they are clones of each other. They get dynamic (DHCP) IP addresses and they'll have identical boot disks, with will contain within System Preferences the "computer name" for Apple Remote Desktop purposes, so I don't see how they can be distinguished.

Following are some mysteries that we didn't resolve. We aren't especially worried about them. Since things are working, we don't really have to resolve them.

(a) Why does DHCP service have to be active to create netboot images even though it doesn't have to be active to use them?

(b) Why did Network Image Utility produce a broken netboot image?

(c) Why does Apple claim you can use Network Image Utility to update an image when is apparently no way to do so? (I don't think it would help us in any case; I think by "update" they may mean "update the version of Mac OS", rather than "update other files within the disk image".)

(d) Why did Macintosh Manager rename 40 of our users (one classroom's worth) to the automatically generated names netboot100, netboot101, etc.? This seemed to have no effect but at the same time had no explanation.

(e) Why did Property List Editor incorrectly display the netboot image's property list? String properties, which are represented in the property list as <string>here is the value</string>, worked fine but when Property List Editor came to Boolean properties represented as <True/> it showed the wrong name for that property, making it look like the property list had duplicate names. This was very confusing until we figured out to look at the property lists with vi instead!

Thank you to the other members who gave me advice. I hope this writeup helps those who venture into netboot territory next!