With Apple releasing updates to OS X every year, the Mac SysAdmin has yet another thing to worry about. As if increasingly frequent security updates and managing iOS devices were not enough to keep us busy, we must now add yearly releases to our work load. This presents quite the dilemma for us when we consider that it could take a few months to get our golden master images, settings and processes updated and nailed down before widely deploying the new OS X in our environments. If we were to take three months to get the new OS ready, we would find ourselves that much closer to a new release with more to test and get ready all over again.
What is the solution to this dilemma? A solid thin-imaging process.
Work smarter, not harder
Thin-imaging is a deployment workflow where a vanilla or slightly customized OS X image is laid down (or no image at all for new machines) followed by settings and software. This ensures that when a machine is deployed, it has the newest version of software available and the most recent managed settings.
With this workflow, it is trivial to get a test environment setup for a new or beta version of OS X. In most cases, you can crank out a vanilla version of the OS with System Image Utility or InstaDMG, place it in a copy of your current workflow and test it. You can forget the drudgery of an upgrade install on a golden master image or worse yet a full rebuild from the ground up. You skip directly to testing and figure out what pieces of your current system work, don’t work or could use some revision.
Sure this sounds great, but what exactly does this process look like anyways? Here are some steps in the process you could use for thin-image based deployments as well as apps and products that can accomplish them:
- Create base image – System Image Utility, InstaDMG, Casper Suite
- Netboot – OS X Server, NetSUS Appliance
- Apply Base Image – NetRestore, DeployStudio, Casper Suite
- Stage Settings/Software Management Tools – NetRestore, DeployStudio, Casper Suite
- Manage Settings – MCX/Profiles, Casper Suite, Absolute Manage, Puppet
- Install Software – Munki, Casper Suite, Absolute Manage, Puppet
These steps could be handled by any combination of the products listed. The key to this process is that you use what is most feasible for your environment. Perhaps you want to use all free products and opt to go with SIU to generate base images, NetSUS to netboot your machines, DeployStudio to apply the image as well as the settings/software management tools, Puppet for settings management and munki for software installs. Or perhaps you want to use InstaDMG for creating the base image and DeployStudio for laying down the image and Casper’s client, but prefer Casper suite for Settings and Software. This process is very much mix and match based upon your organization’s needs.
No image at all?
Wait a second, what was this nonsense about not using an image at all? Apple ships new machines with OS X pre-installed. This allows us to skip two steps in the thin-imaging process, creating a base image and applying the base image. You still NetBoot the machines, but you only stage them to manage settings (bind to AD/OD, etc) and install whichever tool you are using for first boot software installs or settings management. The rest happens just as if you had applied an image in the first place (except Apple has already done this step for us). The process now becomes:
- Netboot – OS X Server, NetSUS Appliance
- Stage Settings/Software Management Tools – NetRestore, DeployStudio, Casper Suite
- Manage Settings – MCX/Profiles, Casper Suite, Absolute Manage, Puppet
- Install Software – Munki, Casper Suite, Absolute Manage, Puppet
Reap the benefits
Thin-imaging enables Mac Admins to keep up with yearly OS X releases and improve their current environment using the time saved over traditional development and deployment methods. Why waste time rebuilding images year in and year out? Who doesn’t want more time to improve their infrastructure? Thin-image instead and reap the benefits.
If you have any questions regarding thin-imaging setups or how you can get started with it, feel free to discuss it on the forums.
step 5: manage: don’t forget Profile Manager (or other MDM systems) This seems to me the ‘future of MCX’
Noted! I updated the article to mention Profiles as well. MCX is delivered via Profiles in Lion and later, but I agree that mentioning profiles specifically is clearer.