Download Slides - Classroom and Lab Computing

clc.its.psu.edu

Download Slides - Classroom and Lab Computing

Penn State

Mac OS X Labs

Deployment

Justin Elliott

Information Technology Services

TLT/Classroom and Lab Computing

May 22, 2003


• 550+ Macs

OS 9 Environment

• 23 Labs, 9 of which are teaching labs

• 63 technology podiums

• Using Kerberos V4/5 for authentication

• Replacing 276 Macs not capable of

supporting Open Firmware password

protection


Deployment Time Line

Date Task Status

9/30/2002

12/2/2002

1/10/2003

April 2003

Early/Late

Summer 2003

Deploy initial 4 Kiosks in the HUB to Mac OS X

10.2.2

Deploy Mac OS X in remaining (6) HUB Kiosk

locations

Create docs for PSU Mac Admins: Authenticating

and Authorizing

Deploy Mac OS X 10.2.4 on 16 Macs, 4 per lab: 6

Findlay, 113 W.Pattee, 201 Pollock, 2 Willard

Upgrade current lab Macs to Mac OS X, install new

Macs with Mac OS X as default OS

Completed

Completed

Completed

Completed

Fall 2003 All Macs deployed with Mac OS X -

-


• Servers

Infrastructure

• OS 9 Labs: 8 servers running original, old

version of Mac OS X Server 1.2

• OS X Labs: New rack for XServes, 1 Xserve

in for testing, adding more soon

• Network Topology

• 100 Mb or higher, all switched

• 15 campus routers, all connected

• Gigabit ethernet to Pollock Lab currently


Locations Deployed

• Kiosks (15” iMacs)

• HUB : 10 installed

• Jan 12-18: 4095 total logins, 2727 unique

users

Labs (Four 17” iMacs per location)

• 201 Pollock

• 2 Willard

• 113 W. Pattee Library

• 6 Findlay


Kiosks Interface


Prototype Lab Interface


Prototype Lab Computers

• 17” flat panel LCD iMacs:

• 1 GHz G4 processor

• 1 GB RAM (1024 MB)

• 80 GB HD

• SuperDrive:

• CD, CD-R,CD-RW, DVD, DVD-R

• Feedback from users has been very

positive!


Feedback Form


Feedback Summary

• Positive Feedback

• Users love the iMac’s display

• Small footprint on desk

• SuperDrive

• Most Requested Items

• 2 Button scroll mice

• Roaming Home Directories

• Zip Drives

• Additional Applications (iDVD, FCPro, 3D)

• Interface Enhancements


Multimedia Macs

• Will be Dual 1.42 GHz Power Mac G4’s

• Dual G4 processors

• SuperDrives

• Patterson 302 and 401 all dual 1.42 G4’s

• Patterson 304 will be 17” iMacs

• 17” Apple LCD Displays


Lab User Environment

• News Flash Program

• Message of the day (currently)

• Will add ability to only show user new

information they haven’t already seen

• Programs window

• Search engine for applications

• PASS, UDrive access

• Desktop connection scripts


Tools & Resources

• Developed Tools

• Login/Logout Hooks

• psuScreenSaver for Login Window

• PSU Blast Image Config for OS install

• Documentation

• Kerberos Authentication / LDAP

Authorization

• Login/Logout Hooks


Prototype Lab Applications

• Internet Explorer

• Microsoft Office v.X

• Adobe Photoshop, Illustrator

• iMovie

• X11 - X window server

• Terminal for unix commands

• ssh, perl, shell, C/C++ compilers

• Lots more (iDVD, Maya, others)


• Initial Install of OS X

• Login authentication/authorization

• Login, Logout Hooks

• User Environment

Deployment

• Managing software licenses

• Automated File Updates/Distribution


PSU Blast Image Config

• Intended for Mac system admins who want

to:

• Quickly restore a Mac OS X system disk

image to a Mac’s boot hard disk

• Automatically set the Open Firmware boot

security mode and password

• Change the network settings on restored

disk

• Set the Open Firmware boot device to the

restore disk


• Freeware

Download and documentation available:

• http://clc.its.psu.edu/Labs/Mac/Resources/


• WebCast done this week through

www.macosxlabs.org and Apple


PSU Blast Image Config

• Archive of Webcast will be available soon:

• http://www.macosxlabs.org/webcasts/

index.html


PSU Blast Image Config

• Making the system disk image:

• Read the asr “man” page!

• Open /Applications/Utilities/Terminal

• type “man asr”

• Use “Carbon Copy Cloner”, or ...


PSU Blast Image Config

• Making the system disk image:

• Boot from another volume (firewire HD)

• Turn On permissions on drive to image

• Get info, UNcheck “Ignore Permissions”

• Copy Disk with Disk Copy’s “image from folder or

volume”

• Save image as read-write

• Mount image

• Cleanup files

• Save image as read-only or compressed

• Add asr checksum data, done!


PSU Blast Image Config

• Login as admin and launch:


PSU Blast Image Config

• Enables Open Firmware security mode (to

“command”) and set password

• Calls OFPW externally, which is available

here:

• http://www.macosxlabs.org/

documentation/ofpw_tool/intro.html


PSU Blast Image Config

• Set the date and time:


PSU Blast Image Config

• Select image to restore, and disk to restore:


PSU Blast Image Config

• Multiple images supported:


PSU Blast Image Config

• Ready to restore!


PSU Blast Image Config

• Enter static IP settings (if image configured):


PSU Blast Image Config

• Set boot device to restored drive:


PSU Blast Image Config

• Application: PSU Blast Image Config

• RestoreImages: Put system disk images here

• OFSecurityTool: Sets Open Firmware Security


PSU Blast Image Config

Download and documentation:

• http://clc.its.psu.edu/Labs/Mac/Resources/

• How to create system disk images

• How to use PSU BIC


psuScreenSaver

• LCD displays CAN get burned in!

• We developed a screen saver that runs

during the Login Window

• Cron job runs every few minutes, if no

console user detected, launches

• http://clc.its.psu.edu/Labs/Mac/Resources/


• Remote login

• Apple Remote Desktop

• Install applications remotely

• ssh (secure shell in Terminal application)


Maintenance

• Automated File System Updates (soon!)

• Radmind

• http://www.radmind.org

• http://www.macosxlabs.org/webcasts/

121702/index.html


Radmind

• Open Source Project from UMich

• Mac OS X replacement for RevRdist

• download: www.radmind.org

• GUI tools being developed, going well

• Very efficient - only downloads files that are

modified

• Tripwire mechanism - checksum on files


• Setup Master Mac

Radmind

• Create transcripts of local file system

• Upload transcripts and files to server

• Setup server config file with IP of Mac

• Install client on Mac to clone, get command

files, tells client which transcripts to use

• Compare local file system to transcripts,

download what’s different

• Run at logout via LogoutHook with iHook


Login/Logout Hooks

• Add to /etc/ttys file

• At Login:

• Setup home directory on login

• Setup printers

• Login to PALS

• At Logout:

• Logout of PALS

• Duplicate home directories (may change)

• http://clc.its.psu.edu/Labs/Mac/Help/

authdoc/loginhook.aspx


• Running from read-only disk image, shadow

file system

• Limited support

Classic Support

• Printing to a PDF required, then print from

OS X

• Only to support non OS X ready apps (some

Courseware applications)

• Emails sent to Faculty and Tech Pod Users


Printing

• Printers configured at login time via

LoginHook script calling

“psuPrinterSetup.pl”

• Perl script that reads location file, then stops

cupsd printing manager, copies config files,

restarts cupsd, printers ready!

• Docs and scripts will be posted to our web

site soon


Authentication

• Enable Kerberos authenticator

• Install edu.mit.Kerberos preferences file

• edit /etc/authorization to enable Kerberos

• Map LDAP attributes

• Don’t use “psmaclabgid” or

“psmaclabhomedir” attributes any longer!

• Use Static Mappings in LDAPv3 plugin

(10.2.2 and higher)

• http://clc.its.psu.edu/Labs/Mac/Help/

authdoc/


• Physical

• iMacs - difficult, G4 Towers - easy

• Operating System

• Open Firmware Security

• Permissions

Security

• Remove netinfo tools (dump passwords)

• Check for tools with setuid bit on

• Don’t touch official Apple tools


Macadmins Listserv

• ... For the discussion of topics and issues

related to the integration, distribution and

support of Apple’s Macintosh operating

systems on Penn State owned computers. ...

• To join the listserv, send an email to:

• L-macadmins-subscribe-request@lists.psu.edu

• Not moderated, open to anyone, but Mac

admins preferred


Next Steps

• Finish up KeyServer beta testing

• Radmind for automated file distribution

• More applications (95 already!)

• Interface enhancements

• Many more client configurations to work on


Final Thoughts

• Learn Perl, get comfortable with Terminal

• Extremely happy with Mac OS X

performance and stability

• Full deployment by Fall 2003

• See our web pages for tools and docs:

• http://clc.its.psu.edu/Labs/Mac/


PSU Mac Team

Ken Rosenberry

Justin Elliott

Ryan Booz

Contact us at:

clcmac@psu.edu

More magazines by this user
Similar magazines