Upload
dinhphuc
View
218
Download
0
Embed Size (px)
Citation preview
ApexSupportBulletin: DeployingaMAUCachingServerRevision1.1[October21,2016][email protected](MAU)isautilitythatdetects,downloadsandappliesupdatestoMicrosoftapplicationsinstalledonmacOS.Specifically,MAUsupportsOffice2016,Office2011,SkypeforBusinessandLyncapps.MAUisnotusedforMicrosoftappsthataredownloadedfromtheMacAppStore.Bydefault,MAUwillperformversionchecksagainstMicrosoft’sContentDeliveryNetwork(CDN)ontheInternettodeterminewhetherthelocallyinstalledapphasanupdateavailable.Ifanupdateisavailable,MAUwilldeterminethesmallestpackagetodownloadtobringthelocallyinstalledversionoftheappup-to-date.TherearetwoscenarioswhereenterpriseITadminsmightwantbettercontrolovertheupdateworkflow:
1. TheabilityforMAUtousealocalnetworksourceforretrievingupdatepackagesinsteadoftheMicrosoftCDNontheInternet.Thisscenarioisgoodfor‘branch’scenarios,andcaseswhereInternetbandwidthislimited.Forthisscenario,MAUcanbeconfiguredtousean‘UpdateCache’.
2. AnenterprisemightwanttohavestrictcontrolonwhichversionofOfficeapplicationscanbeinstalled.Forexample,MicrosoftreleasesproductionqualityupdatesonthesecondorthirdTuesdayofeachmonth.Anenterprisemightwanttotemporarilypreventusersfromupdatingtothenewbuildtoverifycompatibilitywithcustomapplications.Forthisscenario,MAUcanbeconfiguredtouseacustom‘ManifestServer’.
Bothofthescenariosabovecanbedeployedindependently,ortogether,dependingontherequirementsofthebusiness.MAU3.8orlaterisrequiredtosupportbothofthesescenarios.HowMAUWorksMAUdetectsapplicationupdatesevery12hoursbycheckingaversionnumberembeddedinanXMLfile(knownasa‘manifest’)ontheInternetandcomparingthatagainsttheversionofthelocallyinstalledapp.IfthebackgrounddaemonnoticesthattheXMLfilereferencesanewerversionthanwhatisinstalled,thefullMAUapplicationwindowisopenedandusersarepromptedtoupdate.TheexactURLoftheXMLfileisdictatedbytwofactors1)theupdatechannelthattheuserissubscribedto2)theidentifieroftheapplicationthatisbeingchecked.Thefollowingend-pointsarethebaseURLsforeachofthechannelsthatMAUsupports:
ChannelName ChannelPurpose BaseURLProduction Highest-qualitymonthly
releaseshttps://officecdn.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/OfficeMac/
External InsiderSlow–Highquality,earlyaccessbuilds
https://officecdn.microsoft.com/pr/1ac37578-5a24-40fb-892e-b89d85b6dfaa/OfficeMac/
InsiderFast InsiderFast–Goodqualityweeklybuilds
https://officecdn.microsoft.com/pr/4B2D7701-0A4F-49C8-B4CB-0C2D4043F51F/OfficeMac/
Applicationidentifiersconsistofa4-characterlanguageidentifier,4-characterappnameand2-characterversionnumber.Typicalexamplesareasfollows:
Application FullApplicationIdentifierWord2016forMac 0409MSWD15Excel2016forMac 0409XCEL15PowerPoint2016forMac 0409PPT315Outlook2016forMac 0409OPIM15OneNote2016forMac 0409ONMC15Office2011forMac(English) 0409MSOf14Lync2011forMac 0409UCCP14SkypeforBusinessMac 0409MSFB16MicrosoftAutoUpdate 0409MSau03
Importantnotes:
1. TheinternalversionofOffice2016forMacapplicationsis‘15’,whereastheinternalversionof2011applicationsis‘14’2. Office2016applicationsarelanguage-neutralbuildsanduseafixedlanguageidentifierof0409,regardlessofthelanguagepreference3. Office2011updatesaredeliveredasasuite,soall2011appsuseasingleappnameof‘MSOf’
Ifyouknowthechannelandapplication,youcandeterminetheexactURLoftheXMLfilethatMAUwillusetocheckforupdates.Forexample,PowerPoint2016ontheInsiderFastchannelwillusehttps://officecdn.microsoft.com/pr/4B2D7701-0A4F-49C8-B4CB-0C2D4043F51F/OfficeMac/0409PPT315.xmltocheckforupdates.InadditiontotheXMLfile,aMicrosoft-signedsecuritycatalog(.CAT)ofthesamenameisusedtoverifythatboththeXMLfilehasn’tbeentamperedwith,andtheupdatepackageshavenotbeenalteredinanyway.ThecombinationofXMLandCATarecommonlyknownas‘collateral’.MAUrequiresboththeXMLandCATfiletobepresenttosuccessfullydetectupdates.Scenario1:Deployingan‘UpdateCache’ServiceTherearethreecomponentsthatmakeuptheUpdateCachesolution:
1. TheMAUCacheAdmintoolwhichcopiesfilesfromMicrosoft’sCDNtoafolderofyourchoice.2. AnHTTP/HTTPSwebservicethatexposesyourfoldertoclientsonyournetwork.3. AconfigurationchangetotheMAUclientoneachusers’machine.
TheMAUCacheAdmintoolThe‘MAUCacheAdmin’toolcanbeusedtocopybothcollateralandupdatepackagesfromtheMicrosoftCDNtoafolderofyourchoice.ThelatestversionofMAUCacheAdmin,whichisabashscript,canbedownloadedfromhttps://github.com/pbowden-msft/MAUCacheAdminBydefault,theMAUCacheAdmintoolcheckstheCDNanddownloadsupdatesjustonce.Ifyouwishtorunthetoolinaloopusethe--CheckIntervalcommand-lineparameter.Allavailableupdatepackagesaredownloadedintotherootofthefolderthatyouspecifywiththe--CachePathcommand-lineparameter.Onlyproductionqualitybuildsaredownloadedbythetool.ForOffice2016applications,thetoolwilldownloadboth‘full’updates,and‘delta’updatesforthepreviousthreereleases.Atypicalmonthlyupdateforallappswillconsume~8GBofdiskspace.
HTTP/HTTPSwebserviceYouwillneedtoexposetheCachePathfolderaspartofanHTTPorHTTPSserver.MAUhasnodependencyontheoperatingsystemorversionofthewebhost.AnyHTTPserver,includingApache,InternetInformationService(IIS),andevenpython’sSimpleWebServeriscapableofhostingMAUcontent.TheonlyrequirementthatMAUhasisthattheservermustreturna404responseifitdoesn’thaveacopyoftherequestedpackage.NOTE:Thewebservicemustusethestandardportsof80and443.MAUdoesnotsupportcustomportdefinitions.
ConfiguringtheMAUclienttousealocalserverOnceyourwebserverisdeployed,youmustconfigureeachusers’MAUclienttopreferthelocalserviceovertheCDN.YoucanuseConfigurationProfilestodeploytheseoverrides,orsimplyusethedefaultscommand-linetooltosetlocalpreferences:
defaults write com.microsoft.autoupdate2 UpdateCache -string 'https://server/folder/' IMPORTANT:EnsurethatatrailingslashisusedwhenspecifyingthevaluefortheUpdateCachepreference.Thisismandatory.Inthisscenario,MAUwillstillusethecollateralontheMicrosoftCDNtodetectupdates,butbeforedownloadingthoseupdatepackagesovertheInternetfromtheCDN,itwillfirstchecktheUpdateCacheserver.IftheUpdateCacheserverhasalocalcopyoftheupdate,a200responsewillbesenttotheclientandMAUwillobtainitsupdatefromthelocalserver.Iftheserverreturnsa404(notfound)response,MAUwillfall-backtodownloadingthepackagefromtheCDN.Scenario2:DeployingaCustom‘ManifestServer’ServiceTherearethreecomponentsthatmakeuptheManifestServersolution:
1. ObtainingcopiesofMAU’scollateral2. AnHTTP/HTTPSwebservicethatexposesthecollateraltoclientsonyournetwork.3. AconfigurationchangetotheMAUclientoneachusers’machine.
ObtainingMAUcollateralYoucanusetheMAUCacheAdmintooltoobtaincollateralfromtheCDN.Oneachcheckingcycle,MAUCacheAdminwilldownloadthelatestcollateralandplaceitinthe‘collateral’sub-folderoftheCachePath.ForOffice2016forMacapps,theXMLandCATfilesarestoredunderaper-versionfolder.Office2011collateralisstoredunderasub-foldercalled‘Legacy’.
YoucanalsouseatoolsuchascurltodownloadcopiesofcollateralfromMicrosoft’sserverstoyourcustomserver.Forexample:
curl -# --output --url "https://officecdn.microsoft.com/pr/4B2D7701-0A4F-49C8-B4CB-0C2D4043F51F/OfficeMac/0409PPT315.{xml,cat}"
Finally,youcanfindarchivesofOffice2016applicationcollateralathttp://macadmins.software.SimplydownloadtheDMGrelativetothe‘maximum’versionyouwantMAUtosee.HTTP/HTTPSwebserviceYouwillneedtoexposeyourcollateralfolderaspartofanHTTPorHTTPSserver.MAUhasnodependencyontheoperatingsystemorversionofthewebhost.AnyHTTPserver,includingApache,InternetInformationService(IIS),andevenpython’sSimpleWebServeriscapableofhostingMAUcontent.Itisrecommendedthatyoucreateafoldercalled‘Production’anddragtherelevantapplicationcollateralintothatfolder.ThisflatfolderofapplicationcollateraliswhattheMAUclientwillusetodetermineinanupdateisavailable.Thinkoftheversionedfoldersasalong-termarchive.Youmustdeploycollateralforallapplicationstoyourcustommanifestserver,notjusttheappsthatyouwishtocontrol.Forexample,ifyoudon’tdeploy0409UCCP14collateral,MAUwillnotbeabletocheckforLyncupdates.Ifyourcustommanifestserverisonyourcorporatenetwork,userswhotaketheirmachineshomemaynothavedirectaccesstothewebserverandMAUwillnotbeabletocheckforupdates.IfyouaredeployingbothanUpdateCacheandcustomManifestServer,youcanuseeitherthesamewebserver,ordifferentservers–it’syourchoice.NOTE:Thewebservicemustusethestandardportsof80and443.MAUdoesnotsupportcustomportdefinitions.
ConfiguringtheMAUclienttousecustommanifestsInadditiontoMicrosoft-definedupdatechannels,MAUsupportsacustomchannelwhereyoucanspecifyyourownmanifestserver.YoucanuseConfigurationProfilestodeploytheseoverrides,orsimplyusethedefaultscommand-linetooltosetlocalpreferences:
defaults write com.microsoft.autoupdate2 ChannelName -string 'Custom' defaults write com.microsoft.autoupdate2 ManifestServer -string 'https://server/folder/'
IMPORTANT:EnsurethatatrailingslashisusedwhenspecifyingthevaluefortheManifestServerpreference.Thisismandatory.IfMAUhasbeenconfiguredtouseacustommanifestserver,itwillusethatexactpathasthesingleauthorityofupdates.Ifyourcustommanifestserverisdownornon-functional,MAUwillreportthattheupdateservercouldnotbereached.Itwillnotfail-throughtoMicrosoft’sservers.YoucannotuseMAUtodeploycustomapplications.Attemptingtoalterthemanifest(XML)filewillcauseafilesignaturechange,whichMAUwillreject.
DocumentHistory
Date/Version ChangesOctober6,2016–1.0 Initialversion,basedoncontentsfrom‘ImplementingaCustomManifestServerforMAU’October21,2016–1.1 RevisedtheMAUCacheAdminsectionasthetoolnowjustrunsoncebydefault