Embed Size (px)
Citation preview
The Friendly Ghostin the Machine:
Managing Macs with JAMF’s Casper Suite
[email protected][email protected]
Tuesday, November 19, 13
Casper Suite - Overview
JSS (JAMF Software Server)- web application (Tomcat and MySQL)
jamf binary- installed on managed clients
Other components (Recon, Composer, Remote)
Tuesday, November 19, 13
Casper Suite 8NCSU implementation
• JSS setup - 2 Xserves with 4 T Xraid SAN storage, 2 REL Virtual Machines (VMware) on independent chassis under virtual ip address, clustered.
• Distributed support model on campus - decisions made at college / department level
• NC State manages 3532 total devices(OS X 2778 and iOS 754)
Tuesday, November 19, 13
3 Scenarios
1. Deploy a new Mac
2. Upgrade an existing Mac
3. Install a critical update
Tuesday, November 19, 13
Scenario 1 - Deploy a new Mac
Workflow:
• Unbox, plug in to network(thunderbolt-ethernet adapter)
• NetBoot
• Casper Imaging runs automatically
• Complete post-imaging tasks
Tuesday, November 19, 13
Scenario 1 - Deploy a new Mac
NetBoot server, custom NetBoot image
• Recent OS X (10.8.5 / 10.9)
• Auto login as root
• Casper Imaging runs at login
• MAC address filters on NetBoot image
Tuesday, November 19, 13
Scenario 1 - Deploy a new Mac
Configuration (on JSS)
• Packages (e.g. Office, Chrome, etc.)
• Scripts (e.g. set network time server)
• Directory Bindings
• Management account
Tuesday, November 19, 13
Scenario 1 - Deploy a new Mac
PreStage (on JSS)• installs the Configuration
• sets Department (CALS-NEW)
• limits scope (by Network Segment)
Tuesday, November 19, 13
Scenario 1 - Deploy a new Mac
Post-imaging tasks• Edit location information in JSS
• Add to Groups in JSS
• Add to network
• Migrate account(s)
Tuesday, November 19, 13
Why use thunderbolt-ethernet adapters?
So we don't have to:• wait for DHCP updates (hourly)• update MAC filter on NetBoot server• update Scope of the PreStage on the JSS
Scenario 1 - Deploy a new Mac
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Additions, Uninstalls, Upgrades: Set Priority
• Sweep out /Users
• Repair and Maintenance
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Additions, Uninstalls, Upgrades: Set Priority
• Sweep out /Users
• Repair and Maintenance
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Additions, Uninstalls, Upgrades: Set Priority
• Sweep out /Users
• Repair and Maintenance
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Additions - New install of package
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Additions - New install of package• Uninstalls/Deletes - Script or uninstall
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Additions - New install of package• Uninstalls/Deletes - Script or uninstall• Upgrades - Prioritized packages with
before/after scripts
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Sweep out /Users ??
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Sweep out /Users ??• Are user files in /Uses on boot drive
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Sweep out /Users ??• Are user files in /Uses on boot drive
• Do we really want to “nuke” all users files
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Sweep out /Users ??• Are user files in /Uses on boot drive
• Do we really want to “nuke” all users files
• Do we need a backup first
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Sweep out /Users ??• Are user files in /Uses on boot drive
• Do we really want to “nuke” all users files
• Do we need a backup first
• NO UNDO!!
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Repair and Maintenance
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Repair and Maintenance• Policy to do all cache cleans, maintenance, etc
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Repair and Maintenance• Policy to do all cache cleans, maintenance, etc
• Apply all Apple updates
Tuesday, November 19, 13
Scenario 2 - Update Existing Macaka Continuous Integration
Repair and Maintenance• Policy to do all cache cleans, maintenance, etc
• Apply all Apple updates
• Only update inventory and reboot on last policy
Tuesday, November 19, 13
Scenario 3 - Apply a critical update
Goal: Apply a critical security update to managed Macs quickly and efficiently.
Quickly = The next time a computer checks in w/ the JSS.
Efficiently = Install on all clients that need it, and only those that need it.
Tuesday, November 19, 13
Scenario 3 - Apply a critical update
Extension Attribute• Runs a script to collection information,
stores the result in the JSS.#!/bin/bash
JavaPluginVersion=$(/usr/bin/defaults read "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/info" CFBundleVersion)
echo "<result>$JavaPluginVersion</result>"
Tuesday, November 19, 13
Scenario 3 - Apply a critical update
Smart Group• Based on the Extension Attribute, this group
contains an up-to-date list of all clients that need the update
Tuesday, November 19, 13
Scenario 3 - Apply a critical update
Policy• Installs the update package
• Scope is limited to the Smart Group
Tuesday, November 19, 13
Scenario 3 - Apply a critical update
Reusable - Build once, re-use with only minor changes for future updates.
Example:
• upload new .pkg
• edit Smart Group criteria
• flush policy history
Tuesday, November 19, 13
Questions?
Tuesday, November 19, 13
More Resources:
jamfsoftware.com
jamfnation.com
slideshare.net
[email protected][email protected]
Tuesday, November 19, 13
