Download Slides - Classroom and Lab Computing

Download Slides - Classroom and Lab Computing

Penn State

Mac OS X Labs


Justin Elliott

Information Technology Services

TLT/Classroom and Lab Computing

May 22, 2003

• 550+ Macs

OS 9 Environment

• 23 Labs, 9 of which are teaching labs

• 63 technology podiums

• Using Kerberos V4/5 for authentication

• Replacing 276 Macs not capable of

supporting Open Firmware password


Deployment Time Line

Date Task Status




April 2003


Summer 2003

Deploy initial 4 Kiosks in the HUB to Mac OS X


Deploy Mac OS X in remaining (6) HUB Kiosk


Create docs for PSU Mac Admins: Authenticating

and Authorizing

Deploy Mac OS X 10.2.4 on 16 Macs, 4 per lab: 6

Findlay, 113 W.Pattee, 201 Pollock, 2 Willard

Upgrade current lab Macs to Mac OS X, install new

Macs with Mac OS X as default OS





Fall 2003 All Macs deployed with Mac OS X -


• Servers


• OS 9 Labs: 8 servers running original, old

version of Mac OS X Server 1.2

• OS X Labs: New rack for XServes, 1 Xserve

in for testing, adding more soon

• Network Topology

• 100 Mb or higher, all switched

• 15 campus routers, all connected

• Gigabit ethernet to Pollock Lab currently

Locations Deployed

• Kiosks (15” iMacs)

• HUB : 10 installed

• Jan 12-18: 4095 total logins, 2727 unique


Labs (Four 17” iMacs per location)

• 201 Pollock

• 2 Willard

• 113 W. Pattee Library

• 6 Findlay

Kiosks Interface

Prototype Lab Interface

Prototype Lab Computers

• 17” flat panel LCD iMacs:

• 1 GHz G4 processor

• 1 GB RAM (1024 MB)

• 80 GB HD

• SuperDrive:


• Feedback from users has been very


Feedback Form

Feedback Summary

• Positive Feedback

• Users love the iMac’s display

• Small footprint on desk

• SuperDrive

• Most Requested Items

• 2 Button scroll mice

• Roaming Home Directories

• Zip Drives

• Additional Applications (iDVD, FCPro, 3D)

• Interface Enhancements

Multimedia Macs

• Will be Dual 1.42 GHz Power Mac G4’s

• Dual G4 processors

• SuperDrives

• Patterson 302 and 401 all dual 1.42 G4’s

• Patterson 304 will be 17” iMacs

• 17” Apple LCD Displays

Lab User Environment

• News Flash Program

• Message of the day (currently)

• Will add ability to only show user new

information they haven’t already seen

• Programs window

• Search engine for applications

• PASS, UDrive access

• Desktop connection scripts

Tools & Resources

• Developed Tools

• Login/Logout Hooks

• psuScreenSaver for Login Window

• PSU Blast Image Config for OS install

• Documentation

• Kerberos Authentication / LDAP


• Login/Logout Hooks

Prototype Lab Applications

• Internet Explorer

• Microsoft Office v.X

• Adobe Photoshop, Illustrator

• iMovie

• X11 - X window server

• Terminal for unix commands

• ssh, perl, shell, C/C++ compilers

• Lots more (iDVD, Maya, others)

• Initial Install of OS X

• Login authentication/authorization

• Login, Logout Hooks

• User Environment


• Managing software licenses

• Automated File Updates/Distribution

PSU Blast Image Config

• Intended for Mac system admins who want


• Quickly restore a Mac OS X system disk

image to a Mac’s boot hard disk

• Automatically set the Open Firmware boot

security mode and password

• Change the network settings on restored


• Set the Open Firmware boot device to the

restore disk

• Freeware

Download and documentation available:


• WebCast done this week through and Apple

PSU Blast Image Config

• Archive of Webcast will be available soon:



PSU Blast Image Config

• Making the system disk image:

• Read the asr “man” page!

• Open /Applications/Utilities/Terminal

• type “man asr”

• Use “Carbon Copy Cloner”, or ...

PSU Blast Image Config

• Making the system disk image:

• Boot from another volume (firewire HD)

• Turn On permissions on drive to image

• Get info, UNcheck “Ignore Permissions”

• Copy Disk with Disk Copy’s “image from folder or


• Save image as read-write

• Mount image

• Cleanup files

• Save image as read-only or compressed

• Add asr checksum data, done!

PSU Blast Image Config

• Login as admin and launch:

PSU Blast Image Config

• Enables Open Firmware security mode (to

“command”) and set password

• Calls OFPW externally, which is available




PSU Blast Image Config

• Set the date and time:

PSU Blast Image Config

• Select image to restore, and disk to restore:

PSU Blast Image Config

• Multiple images supported:

PSU Blast Image Config

• Ready to restore!

PSU Blast Image Config

• Enter static IP settings (if image configured):

PSU Blast Image Config

• Set boot device to restored drive:

PSU Blast Image Config

• Application: PSU Blast Image Config

• RestoreImages: Put system disk images here

• OFSecurityTool: Sets Open Firmware Security

PSU Blast Image Config

Download and documentation:


• How to create system disk images

• How to use PSU BIC


• LCD displays CAN get burned in!

• We developed a screen saver that runs

during the Login Window

• Cron job runs every few minutes, if no

console user detected, launches


• Remote login

• Apple Remote Desktop

• Install applications remotely

• ssh (secure shell in Terminal application)


• Automated File System Updates (soon!)

• Radmind





• Open Source Project from UMich

• Mac OS X replacement for RevRdist

• download:

• GUI tools being developed, going well

• Very efficient - only downloads files that are


• Tripwire mechanism - checksum on files

• Setup Master Mac


• Create transcripts of local file system

• Upload transcripts and files to server

• Setup server config file with IP of Mac

• Install client on Mac to clone, get command

files, tells client which transcripts to use

• Compare local file system to transcripts,

download what’s different

• Run at logout via LogoutHook with iHook

Login/Logout Hooks

• Add to /etc/ttys file

• At Login:

• Setup home directory on login

• Setup printers

• Login to PALS

• At Logout:

• Logout of PALS

• Duplicate home directories (may change)



• Running from read-only disk image, shadow

file system

• Limited support

Classic Support

• Printing to a PDF required, then print from


• Only to support non OS X ready apps (some

Courseware applications)

• Emails sent to Faculty and Tech Pod Users


• Printers configured at login time via

LoginHook script calling


• Perl script that reads location file, then stops

cupsd printing manager, copies config files,

restarts cupsd, printers ready!

• Docs and scripts will be posted to our web

site soon


• Enable Kerberos authenticator

• Install preferences file

• edit /etc/authorization to enable Kerberos

• Map LDAP attributes

• Don’t use “psmaclabgid” or

“psmaclabhomedir” attributes any longer!

• Use Static Mappings in LDAPv3 plugin

(10.2.2 and higher)



• Physical

• iMacs - difficult, G4 Towers - easy

• Operating System

• Open Firmware Security

• Permissions


• Remove netinfo tools (dump passwords)

• Check for tools with setuid bit on

• Don’t touch official Apple tools

Macadmins Listserv

• ... For the discussion of topics and issues

related to the integration, distribution and

support of Apple’s Macintosh operating

systems on Penn State owned computers. ...

• To join the listserv, send an email to:


• Not moderated, open to anyone, but Mac

admins preferred

Next Steps

• Finish up KeyServer beta testing

• Radmind for automated file distribution

• More applications (95 already!)

• Interface enhancements

• Many more client configurations to work on

Final Thoughts

• Learn Perl, get comfortable with Terminal

• Extremely happy with Mac OS X

performance and stability

• Full deployment by Fall 2003

• See our web pages for tools and docs:


PSU Mac Team

Ken Rosenberry

Justin Elliott

Ryan Booz

Contact us at:

More magazines by this user
Similar magazines