Enterprise • 59:28
Apple Remote Desktop is a powerful desktop management solution for Mac OS X that blends software distribution, asset management, and remote assistance into one easy to use application. Get under the hood and learn how you can extend Apple Remote Desktop to streamline your desktop management processes at this informative session.
Speakers: Nader Nafissi, Tony Graham, Steve Hayman, Mike Bombich
Unlisted on Apple Developer site
Transcript
This transcript was generated using Whisper, it has known transcription errors. We are working on an improved version.
All right, good afternoon. My name is Nader Nafissi. And I'm the product manager for Apple Remote Desktop. This is our last session on ARD this week. We've had a couple so far, and it's been really well received. And this session is, we're not going to repeat the lock screen demos anymore. This is going to be totally, thank you, yeah. This is going to be more about just applying some of the features you've learned about so far this week.
So just to review, Apple Remote Desktop, it's all about software distribution, asset management, remote administration, remote assistance. And it is based on open standards. And that's what we're really going to be hinging the rest of this presentation on. We're going to be showing you how you can plug in and extend some of the capabilities we have in the product. And we've got three presenters here that each one is going to be walking through different parts of the product and just showing you and giving you a little bit of a look at what they're doing.
And we're going to be giving you ideas. Some of them you can start using, but some of the other demonstrations are really intended to be just giving you ideas about how you can extend and integrate the product into your environment. So without further ado, I'm going to introduce Tony Graham here on stage.
I was actually planning on demonstrating the lock feature. That was my whole shtick. Thanks, Nader. Actually, I'm going to cover two possible uses for Apple Remote Desktop's capabilities. The fact that it is based on open standards and utilizing a database behind the scenes and also has some command line tools for managing and monitoring it.
Actually, I'm going to cover two possible uses for Apple Remote Desktop's capabilities. The fact that it is based on open standards and utilizing a database behind the scenes and also has some command line tools for managing and monitoring it.
[Transcript missing]
I find, and I'll show you in a moment how that works, that if you run it with the dash H switch, you'll get about three pages worth of very, very useful information. But there's one particular thing that I use it for every single time I use Apple Remote Desktop and Kickstart, and that is to find out how to turn it on and enable all privileges for a particular user, usually an administrator.
So conveniently in the documentation, their example for turning on Remote Desktop using Kickstart is for a user named Bob. So if you run system library core service remote management ARD agent.app contents resources kickstart-h and pipe that to grep on Bob, you'll get a convenient one line example for what you need to do to turn on Apple Remote Desktop. So conveniently in the documentation, their example for turning on Remote Desktop using Kickstart is for a user named Bob.
So if you run system library core service remote management ARD agent.app contents resources kickstart-h and pipe that to grep on Bob, you'll get a convenient one line example for what you need to do to turn on Apple Remote Desktop. SSH is enabled by default on all servers. So if you walk into an environment where you've got existing servers and you need graphical control over them, or perhaps you're setting up a cluster, which could be eight servers up to thousands of servers, and you want to enable Apple Remote Desktop, this is immediately going to be useful to you.
In a client scenario, SSH may or may not be enabled, so you may or may not be able to take advantage of this. Now, the path is rather long, and the commands are rather long, so I'll also show you how you can wrap that command around a GUI using a number of technologies, but I'll show you with one of them.
The way I chose to do that is with a program that I wrote called the Activator. And the Activator is a simple, real basic application that uses asynchronous shells so it can issue Unix shell commands. I pipe that big, long script in there, click a button, and it turns on Remote Desktop on that machine.
With the addition of an inexpensive plugin, Real Basic can browse and retrieve entries on a rendezvous-enabled network. And SSH on Mac OS X systems will advertise their ability through rendezvous. So I can actually get a list of all the machines on my network that have SSH on, so I don't need to know the IP addresses in advance.
Now we'll switch gears. I'll show you the demo on the activator in a moment, and then we'll switch gears to database access. As you probably know, Apple Remote Desktop stores the data that it retrieves when doing a system report in a Postgres database. Now by default, ARD is really the only thing that can talk to that database, but there are two configuration files that you can modify that will allow you to access that database through command line tools, through graphical environments like Real Basic, or any other of a number of database access technologies that can deal with Postgres.
Now by default, ARD is really the only thing that can talk to that database, but there are two configuration files that you can modify that will allow you to access that database through command line tools, through graphical environments like Real Basic, or any other of a number of database access technologies that can deal with Postgres. The first one is called Rmdb, and it runs in a standard Postgres installation, for the instance that Apple Remote Desktop is using.
Now, using a graphical environment like Real Basic and a plug-in that comes with it, you can tap into the database and explore it. And I'll show you in a moment how to do that. There are two tables in the database that you'll see. One is the property name map table. I haven't really found too much to use that for. The main one that I've used is the system information table.
And in this table, you'll find a line for every conceivable property that Remote Desktop can capture and the value that it captured. One thing to note, though, is that ARD only stores the last value for that particular property that was searched. So there's no historical data. You can't say, for example, what was the amount of RAM on this system last week.
So again, using Real Basic, an application called ARD Tracker allows you to periodically pull that database, ARD's database, capture the information that you care about, and store that in another database so that you can, over time, collect that. Folks could use this in lab management scenarios or security scenarios where you're monitoring your equipment and then one day you notice, because you're getting a report, that the RAM in several of the machines has gone down, which is not normally the way you want that to go.
So I'm not going to actually demonstrate the removal of RAM from these machines. I'll actually be capturing file sharing information so we'll be able to see if file sharing has been enabled or disabled on those systems. So we've got a couple of demos that we'll do. Thank you.
First thing we want to do is take a quick look at the Kickstart script. You've all been taking notes, so you're going to tell me where it is, right?
[Transcript missing]
This one line kickstart command will configure the agent, turn access on with all privileges for the following users. In their example, they use admin and Bob, so you can set multiple users in one command. I don't have a Bob user on here, but I can do that remotely.
Now, we've got a bank of iMacs to your right. There's nine of them. And they currently have the SSH daemon enabled, the remote login daemon enabled, but not Apple Remote Desktop. So let's see if we can figure out how to do that on one of those systems. Nader Nafissi, Tony Graham, Steve Hayman, Mike Bombich Get into one of those machines, 192.168 and 0.14, and I'm going to send it a tail minus f on /var/log/system.log. As the agent is enabled or disabled, it'll log to that file. So we'll watch it in real time.
In this screen. And I don't, yeah, I guess that was lab number one. So I gotta give it an admin user. And this application is fairly simple. It's simply going to take the administrator that I punched in there and the password that I punched in there. You have to have that account on the remote machine, and that has to be the account that you are, in fact, enabling. As you saw on the command line, you could enable any number of accounts.
But this application will simply assume that you want to enable that one administrator account. So let's see what happens when we activate it. And while that's going, I probably should show you that in Apple Remote Desktop, Some of these systems are in fact off, or at least not visible to Apple Remote Desktop.
So some of them are starting to come out now, and it could take a while. It actually, when you activate the agent, it's going to start a number of processes, including the database processes and the VNC process. So we'll give that a minute. Sometimes I get impatient, I hit the button a few times.
While we're waiting for that to come up, let's tap into the database as well. As you probably know, you can select machines in your list and run a system overview report. In this case, I'm going to choose sharing. And then we collect new data for the report. Those values are being stored in Postgres. Now using Real Basic with the Postgres plugin, I can develop a quick application. Switch these around. I first have to add a new data source.
And prior to doing the demo, I did go into those two configuration files and make two changes that would allow another application to talk to the ARD database. So the database name is ARD, and the password is ARD. Sorry, the user is ARD. And I blew my punchline. The password is ARD as well.
And if you're able to talk to your database, you should be able to double click on this and see those two tables I told you about. And the system information is the table that I find the most useful. If I hit edit schema here, you can see the fields that are in there. And the computer ID is a unique ID for every machine that you've added to your database, and that's based on the built-in Ethernet MAC address. That shouldn't change.
Then for the things that you're interested in, there should be a property name like file sharing is enabled and a value like true or false, yes or no, or a string or a number, something along those lines. Actually, they're all going to be essentially strings, but you get the idea. Now, if I want to see what's in that database, I can switch to an empty window here, and I'm going to drag a multi-column list box off my palette.
And we'll set that list box to grow with the window. And in fact, we should tell the window that it can, in fact, grow. And I'm going to add a data-- what do we call these things? A database query control. The database query control needs to be told which database it's querying. In this case, it's the ARD. Can you all see that? The ARD database that I established earlier. And I need to give it an SQL query. So that's going to be something like select star from system information.
Now we're going to use something called binding with the command and shift keys to drag to the list box from that database query control and say, I'd like that list box to display the results of my database query. And finally, I'll set the list box to have five columns.
I should be able to run this project and get an application that now sees everything in the ARD database. But you're probably going to want to narrow that down a little bit. So I'll quit that and drag a pop-up menu onto the field. And let's make it a little wider. We're going to add another database query control for that pop-up menu.
Command drag from that database query control to the pop-up menu. I would like that pop-up menu to display the results of this query. And this query is going to be talking to the same ARD database, slightly different SQL code. This is going to be select distinct computer ID from system information.
So if I run that, this pop-up menu should display all of the unique Mac addresses of every machine that I've ever run a report on. And you probably all know that reports can be run manually, but you can also set your clients to periodically send that data to your database. So you don't necessarily have to be constantly updating this database yourself.
All right, so the last step is to take this pop-up menu that is getting a list of the unique Mac addresses and bind that to our original search. We're going to bind that database query with the selection from the pop-up menu. And I have to modify that database query slightly. I want to select only two things. Let's get the property name.
and the value from system information. And I apologize if this is a little bit small. Where computer ID equals, and then in quotes I can put percent one. So that's going to hold the value that the pop-up menu gives it when I change the selection. We'll switch the number of columns back down to two.
And now I should be able to stretch this guy wider, pick a machine, and see all the properties that the database stores for that machine. And some of those properties would be things like And now I should be able to stretch this guy wider, pick a machine, and see all the properties that the database stores for that machine. And some of those properties would be things like So I've got a number of machines now.
I'm going to show you a finished project that uses the same techniques that I just showed you called ARD Tracker. And ARD Tracker is going to periodically do queries against ARD's database using the Postgres plugin. But it's going to save that data in its own database as well. So as those values change over time, this application will know that. And we've got some historical data already in there. Let's see if we can find the most recent value for Lab 1.
And again, I'm going to check file sharing because it's something I can easily do. But you might want to check things like hardware properties, amount of RAM, free space, operating system installed, and that sort of thing. So Lab 1 has currently got file sharing on. Let's use Remote Desktop to control that guy. Go to sharing and turn off personal file sharing.
ARD isn't going to know immediately that file sharing has been turned off. We need to run a report. And ordinarily, this thing isn't going to be pulling your database every 10 seconds. It probably will be doing something similar once a day, once a week, at an interval that you decide. I'm going to go ahead and select all of the machines here. We'll do a system overview report, and I'm going to uncheck all of the options except for sharing.
We'll do a system overview report, and I'm going to uncheck all of the options except for sharing.
[Transcript missing]
We'll do a system overview report, and I'm going to uncheck all of the options except for sharing. And in fact, you can embed Apple Scripts within these things, so the Apple Script could do a number of things. And speaking of AppleScript, I think that's probably it for my portion of today's demo. So I'll introduce Steve Hayman to you, who will show you even more useful things you can do with Apple Remote Desktop.
Thanks Tony. I know this has been a very busy week for everyone, what with the Canadian election on Monday and yesterday being Canada Day, so I'm really glad that you're all still here. One of the things Tony was doing was using Remote Desktop. He's using SSH to turn on Remote Desktop. I have the wonderful advantage of going after him here. So I'm going to use Remote Desktop to turn off remote login so that he can't do that demo anymore. So one of the great features here is this Send Unix Command button.
I am personally a bulk user of this button. And just to mess up, Tony, we're going to do... Oh, pardon me. Could we have demo two, please? Or the other demo, whichever this one is? Thank you. I selected a list of machines here, and I'm going to use system setup dash F dash set remote login off.
Now Tony's demo will not work anymore, so this is the great advantage of going second in the session. If I could go back to slides, please. We'll do more exciting ones than that in a minute, I promise. I've been a Unix guy for a long time and I can't believe how lucky I am that they've put in this Send Unix Command feature in Apple Remote Desktop. I want to personally thank Nader for responding to the harassing way that I demanded that this valuable feature be added.
Nader Nafissi, Tony Graham, Steve Hayman, Mike Bombich So I want to show you interesting ways you can muck around with this fleet of iMacs that we have over here using the Send Unix Command feature. I want to talk a little bit about discovering how the machines are set up. I want to show you how you can change how they're set up. And at the end, I might build something that might kind of remind you of a software update server.
So this is the magic button. It's my favorite button and I'm sure it will soon be your favorite button as well. So this is the magic button. It's my favorite button and I'm sure it will soon be your favorite button as well. Here's a different user which is necessary if nobody happens to be logged in at the moment.
ARD takes what you typed, sends it to each of the remote machines in parallel, feeds it into the bash shell. runs the output and displays it and the exit status in a new computer list. So on the remote side, it's using Bash. It's not actually copying a shell script file. It's actually starting up a Bash process. Process? Process? Process. Process.
Who says Java? Who says Java? Not Java. It's Java, right? All right, it starts a process on the remote machine and it feeds whatever you type into the standard input of that, I can't say it, process. With this convenient path all set up, and there's one weird directory in there that I'll talk about in a moment. So your commands run as the remote user of your choice, maybe root, maybe the login user.
So what can you type? Well, you can type anything that you might find in the regular Unix path. Here's a couple of ideas. Periodic weekly. You might want to do that script that only get executed at, what is it, 4:30 on Saturday mornings if the computer happens to be turned on. You can run that script right now, periodic weekly. You might want to run repair permissions. You might want to run software update dash L to get a list of what's needed. Anything that's in the standard Unix path directories you can just type.
Type anything else if you want to give it a full path name. But my favorite part is because it's actually using bash to interpret whatever you type, you can type several commands separated by semicolons or on new lines, or even a little miniature bash script if you want.
What do you get back? You get the last line of the output. Nader and I have had a number of discussions about that feature. And you get an indication of the success or failure of the task that you ran. It could be that the command you ran failed. A lot of Unix commands execute with success or failure depending on some condition. You can spot that quite easily here in your script.
So here's an example. The command I ran in this case last, which gives you a list of users, and I piped it into grep shayman. Of these five machines, where has shayman actually logged in? And you can see that the grep command failed on the third machine, which is actually an iBook from Henrico Public Schools, where I'm not actually a student. So I have never logged into that particular computer.
But you can spot right away which commands succeeded, which commands failed. And you've got these buttons where you can pick a subset of the machines and continue on to do something else. So the results come back. You can run the same task again or possibly a different one. Now, the bonus tool that I like is this awkward path here, which includes two tools, system setup and network setup.
These are a couple of tremendously powerful command line tools that are buried in that directory. But because that directory happens to be part of the path, you can just type the path name directly. And what can you do with these things? Well, the one command you really need to know is dash help, system setup dash help. We'll show you a huge list of all the different-- I'll show you a list of all the different options you can set on the computer. You can set the date and the time. You can turn the airport power off.
You actually should really warn you to say, you might not be able to do this again after you turn the airport power off. Are you sure? You can turn off remote login, as I just did. You can fool with the computer name and the startup disk and so on.
There's also a corresponding network setup command, which is a way of setting and getting virtually every property you might find in the network preference pane. What DHCP server should we use? What DNS server? What IP server should we use? You could set the gopher proxy. Imagine how much time you're going to save not having to walk around setting gopher proxies on all those computers.
Save me a lot of time already. Boy, I tell you. Or, and if you like, you could, theoretically, you could send some Apple Script. Now, with Remote Desktop, there's other ways to send Apple Script if you have a file, but you can type a little bit of Apple Script and use the command line OSA script tool to copy that script over and execute it.
You could even get kind of close to a software update server. Now, I don't pretend to suggest that what I'm going to show you is anything like the software update server that's been talked about for Tiger. But since it's possible to manipulate software updates via the command line, and since software updates are really just collections of packages, there are some interesting things you can do with grabbing packages locally rather than going out onto the internet to find Apple's software updates. So let's try some of this. If I could go back to this one.
Us Unix guys are used to typing little commands like this, uptime, how long has this computer been up, date, what time is it right now? All these commands are things that you could easily do in Remote Desktop. You could pick a list of computers like this, say I want to send a Unix command and I want to see the date on all of those computers.
And here comes the date on all those computers, and one of them seems to be a little bit off here. So this might be a good opportunity to take the same set of computers, try a slightly different command. I want to use system setup dash get using network time.
Are these computers actually using network time service or not? So they'll just run that command and show me the output. Oh, the network time service seems to be on on three of them and off on the others. Now there's a corresponding dash set network time command where with a simple command like this you can turn network time on and off on all those computers as well.
I think it's a very iterative process using this feature. I do a lot of experimentation myself, trying little commands in the terminal and then seeing if they work the same way in this tool, which of course they do. So for instance, one of the things I've often used is the command line software update tool, software update dash L. There's a list of all the software updates that this computer needs.
This one happens to be up to date. I know some of those aren't. But you could easily run software update tools like this to download and install updates, which I'll show you a little bit about in a minute. So all the power of the command line here is available in this tool as well.
Now I have to admit that there are a number of pointless things you can do with this product as well. I've got eight machines over there. I might want to execute a little bit of AppleScript. I'll say script. I'll feed some AppleScript on standard input. Say the current date. as a string using cellos. See how that goes. Thank you. The syntax checking built into this tool is amazing. If you mistype a command, the product manager will personally phone you and correct it. Try this again here. Here we go. Eight computers over there.
All singing the date, isn't that fabulous? Now, did you notice that they were all singing in sync? The choir was actually doing pretty well because all these commands are actually executed in parallel and then the output comes back. Now, one might want to do a slightly more elaborate thing. I don't know how useful singing the current date is, but one might want to sing a list of software updates. Let's see here. No, you can do this. You don't have to be rude for this one.
That was an airport update and a garage band update. I'm not sure. That was about right. So when you come up with good tasks like this, you can certainly save them and reuse them later. Sing the software updates. I'll be wanting to do this one a lot, so I want to save that one. I'm going to actually add it to my task list. There's this notion of a list of tasks that you've previously-- all right already.
The script is still going. The task is finished. But the singing is still, I think there were more software updates on that one than I thought. So I have a list here. Are we done? Thank you, ladies. I have a list here of some interesting tools that I've-- command scripts that I've written over the past little while. And the one that I just saved is in there as well.
So for instance, let me just see here. Set proxies everywhere. Where did that one go? Oh, thank you. I'm just a little fascinated by... No, hang on. Set proxies everywhere. Thank you very much. I was just humming that song. It's stuck in my head now.
[Transcript missing]
You can set the gopher proxy or the web proxy for the airport with one command, for the ethernet with another command, for the connection through your cell phone with another command, but it's certainly possible to write little scripts that ask for a list of all the network services and then apply the update command to each one.
This is all using basic bash scripting. I'm running one command, I'm looking at its output, and I'm looping through everything else. O'Reilly's got a pretty good book on bash, which I just actually picked up today. And this is a great way to get started with writing little mini scripts like this. Part of the task is learning the syntax of the bash language for doing a loop like that. Part of the syntax is learning the details of the particular command. Please don't everybody go and set their web proxy to hayman.net. That's my server. It's just an example.
So I could run that one if I wanted to and set the web proxy on all of those computers. and now none of them will be able to do anything because it turns out my server at home is down right at the moment. So fortunately I saved another one of these here that puts the proxies back to the way they were. One might very quickly build up a little toolkit of useful routines in this way.
Now let me talk about software updates for a moment. If you run software update dash L, it will show you in a multi-line format all the software updates that are available for your computer. When I ran it earlier on here, it turns out this particular presentation system doesn't need any software updates. So it just said your software is up to date. But if you've ever tried it, you'll see that several lines of output come out. You need this update. You need that one. This one's required. This one needs a reboot.
[Transcript missing]
is that better? You name dash R will conveniently tell me whether I'm on Jaguar or Panther by handing out a number that ends in a six or a seven. That's so handy. The syntax of the software update command actually changed between Jaguar and Panther. On my script here, I can account for that. If we run this one, this will just show me a nice little one line list of who needs what software update. One of the machines, they all need airport extreme and several of them need garage band.
So after a while, you build up a little collection of tools like this. You could then pick this one, and you might want to run another script that actually did software update with that one. But I want to suggest a different strategy. The way software updates actually work is that your computer, and again, I'm talking about how it works now, not the future software update server, your computer talks to Akamai or Apple or something and gets a list of what packages are available.
And then your computer goes and downloads the 80 megabyte update. And maybe all 500 computers in your building go and download the 80 megabyte update and install it. Now, we're making some great progress with the software update server for Tiger, but I want to suggest a way you might like to work around this locally.
Software updates are just packages. They're just .pkg files like anything else. Let's suppose you had a server, and you put the interesting packages that you liked on the server. Maybe you've got the trial version of Omni something, and you've got the Apple security update. Put them all in a shared folder on a server.
And then you can have a little script that says, all right, I want to mount that server. I want to see what packages are in that folder. And remember, I'm going to do this on every computer. I want to compare that to library receipts, which is the list of packages that are in that folder.
And then I want to use the list of what packages I've already installed so that I don't waste any time installing a package I've already got. And then I'd like to use the command line installer command to grab packages off my local server, maybe the server down the hall or in the school, and install them locally.
So I spent a little bit of time messing around with something like that. And let's see here. Install packages from server. This is just really a starting point for-- oh boy, this is tricky. Hang on, let me back out a little bit here. This is a starting point for discussion, let's say.
I want to look and see if anybody is logged in. And I want to exit if someone is logged in. It's kind of rude to do a software update while someone's logged in. And then I want to mount-- this is ugly. I want to mount this server here. That's a server we have over here. I want to mount it via AFP. And that's going to give me a mount point called slash temp slash packages or something.
And then I want to go through that mount point. And for every package I see there, for every .pkg, I want to compare that with what I've got in slash library receipts on this computer. In other words, have I installed that package already or not? And then building up a little list. And then for each one in the needed list, I'm going to run the installer to install that particular package.
Let's give it a shot. I only have a couple of phony packages. In fact, I think I only have one phony package on my server over there. But you could certainly add other packages of your choice, commercial applications, packages that you've made, Apple software updates that you've downloaded directly. And if we actually run this, all those machines are in use.
You noticed that my script exited if the machine was in use. That was kind of polite. Well, let me log out a few people. Where do you do that? You noticed that my script exited if the machine was in use. That was kind of polite. Well, let me log out a few people.
Where do you do that? Now, here's an interesting situation. Nobody was logged in, so I can't do any of this as the current user. What I really should be doing, thank you for coughing, I wish you'd coughed about 30 seconds ago. It'd be better to do this as root rather than the current user. You can always do things as root whether anybody's logged in or not. Let's try this again here. Well, what's going on there? We'll keep going.
Well, you know what? It actually worked the previous time I was doing it. Actually, all needed packages have been installed on those two computers. The other ones are in use or something has happened to the client software, what we were discussing here. Probably because I logged people out. What does it need to be? Hey, tech support guy, you helped me with a double quote before.
What do we do now? So this is just a starting point for discussion. I think you'll find that you could have packages stored locally to your end users and then you as an administrator run a script like this once in a while that grabs the packages and installs them rather than everybody going and pulling them from Akamai at vast cost to everyone. I plan on cleaning this script up a little bit and posting it on the WWDC server when we're all done. Oh, no, wait, no, but wait, but wait, no, wait.
You can't phone me about it, okay? So one last thing I wanted to try here. We were having a few cocktails and gosh, I'd really like it if those two were still on here for this little effect guys. What do you want to do here? Hang on a moment. Let's just, it never hurts to quit remote desktop and start it again.
Well, we'll try it anyway. We're going to take all these machines that are up. Eh, not that one here. I found the greatest little command the other day. I don't know if you know about this. DRU till tray open. DRU till tray close. I'm going to put that in a loop.
We'll go around ten times. I was doing it infinitely before. That was kind of mean. Oh, I need a do up there. I've got a little iMac ballet going here. It's going to fail on the machines, two of the machines, but the other six are going to go. Thank you.
and in. You can sing at the same time. and Dan. Oh, that only went around once. I must have done the jot wrong. Well, you know, this is why it's great to have these commands I was showing this to somebody earlier. I was telling them about it. I said I was going to have all these trays come in. By the way, this is a great script. If you're in one of our retail stores, just go to one of the computers and-- Maybe Mike, if you wouldn't mind logging in there, that would help me.
The fun thing to do, make it a startup items or something, so, well, they're not looking, so that they reboot and the machines all come out and go in. Are you restarting those two there? So I was describing this to somebody earlier, and he said, "Wouldn't it be great, "it was great to have them coming in and out, "but wouldn't it be great if you could make them do the wave? "Ah ha ha ha ha." I hate it when people say that. Somebody said that to me at lunch. So I had to go and figure that out. So if you'll just stand by here. We'll do the wave on these iMacs.
I hate it when people say that. Somebody said that to me at lunch. So I had to go and figure that out. So if you'll just stand by here. We'll do the wave on these iMacs. I probably spent more time on that than I did on the software update server script.
Anyway, I think I've pretty much hosed these machines in one way or another. There's one thing I think as system administrators that we all wish after we've really messed up a machine, we really wish Mike Bombich was around to help us out of a jam. Mike here? Oh, Mike is here. Hi, Mike.
Thank you, Steve. Gotta leave it up to a systems engineer and a consulting engineer to walk into some iMacs and do some damage. Yep, that's why we're here. So I think that Tony and Steve have shown you how Remote Desktop has a great set of tools for day-to-day management of a whole bunch of machines, or just eight machines that you can no longer buy.
For the machines that you can still get, they're still the arduous task of doing mass deployments. And, uh, oops, wrong button. And there's still some challenges that face system administrators when it comes to deploying software onto a whole bunch of machines. You have things like managing multiple configurations of machines, if you have lots of different labs for different uses, just having a large number of machines to deploy software onto, machines located really far away and you don't feel like getting your butt off your chair and running out to that machine, and managing machine-specific settings, you know, sneaker net running around each machine and getting things all set. And then yada yada, limited time in training and nobody has money and we all sing the same story.
So there's actually several solutions to some of these problems. First of all, if you create a master disk image of the software that's common to all of your machines and then couple that with block level copying and network booting, you can greatly reduce the amount of time that it takes to get software out onto 50, 100, or 32,000 machines.
With Apple Remote Desktop's set network disk or set startup disk command, this kind of solves the problem of dealing with machines located remotely. And then if you can get a machine to set its own machine specific settings, you spend a lot less time running around to each machine and a lot more time sitting on your butt playing Quake or something. So the final challenge, of course, is the management of machine specific settings. And this is where I think the Postgres database is going to be the most important. database in ARD2 can really be a great solution.
The database in ARD2 can really be a great solution. We'll collect machine and software data using the system profiler frameworks and cache that information locally, hand that information on to the ARD client, and the ARD client returns it up to the ARD admin and that plugs it into the database. Tony's already shown you quite a bit about the database, so I won't go into the ins and outs of the database, but I am going to show you a little bit more about what we can do with that database.
will collect machine and software data using the system profiler frameworks and cache that information locally, hand that information on to the ARD client, and the ARD client returns it up to the ARD admin and that plugs it into the database. Tony's already shown you quite a bit about the database, so I won't go into the ins and outs of the database, but I am going to show you a little bit more about what we can do with that database.
To access information from the ARD database, you could use tools like Tony showed, or you can just use the P-SQL command that's in our favorite directory, remote management inside core services. And here I have an example of just some basic syntax that will dump all the information from the database.
Perhaps a more friendly way of accessing the information is to use the functions that are built into PHP for accessing data from a Postgres database. If you were to store your database, for example, on a Mac OS X server, you could set up a PHP script that could return an entire record about a computer back to the client that requested it. And you could do this in any format you want. I have XML as an example.
So the client could then request a PHP script and download it using curl and use its own Mac address as an argument. And then your PHP script can send it back and the client can store it in the temp directory. And you can access it on your client machines while they're net booted or whatever and retrieve values from that plist file using the defaults command. So I've actually built a PHP script like this.
Much bigger up there. And you can see an example of the kind of output that you can generate using PHP. Now, I used XML formatting because that met my requirements. If you're just using a shell script and you're just using awk or grep-- and awk is my favorite program-- then you could certainly just have flat text and use just a couple lines for your output.
So how do we actually use the ARD Postgres database to make deployment easier? After all, that's what we're looking for. Well, the database is more or less read-only. However, there are those four computer information fields that you can plug data into. And again, I'm not trying to add any work to your schedule to run around and type information into each one of these.
Fortunately, the admin application has a change client settings dialog that allows you to change the data in these fields. You can do it on a per machine basis, or you can select a group of machines and do that. So, Select a group of machines and then choose the change client settings option from the manage menu and then plug some data into those fields.
And you can use data like the path to a disk image that you would like to restore to the machine or maybe the room number or the building that the machine is in. And then on the client side in a shell script, you can use that information to either apply that disk image to the local drive or say set up printers based on what room it's in.
Finally, get your database all set up, then you can initiate deployment using Apple Remote Desktop's chain startup disk and set it to boot from your net install disk image and get 'er done. So here's what a deployment can now look like with ARD's database. Note that I do-- mentioned the use of a third-party product in here. However, you can use the tools that are built into Mac OS X, Mac OS X Server, and some shell scripts.
So first, Get your master machine set up exactly the way you want it. Use Disk Utility or Net Restore Helper to create a disk image of your master machine, store it on a file server. Next, use Network Image Utility or Net Restore Helper to create a net install image set that will boot up to any type of application that will use ASR to do some restores.
Finally, use Apple Remote Desktop to tell all of your target machines to reboot from your NetInstall image set. When the client machines are finished booting, they launch the ASR application. The ASR application queries the ARD database, retrieves a record specific to that target machine. The ASR application then looks through that record, pulls out the information it needs to find the disk image, applies that disk image to the internal drive, and finally, to wrap everything up, it runs some post-action scripts to apply any other machine-specific settings that were in that machine record. Not quite as sexy as the stuff Steve was doing, but it's really going to save you a lot of time every day.
So that scenario is going to work great for a lot of people. There's going to be some people, some system administrators, however, that may want to store more machine-specific data than can be supported by those four custom computer information fields. For these people, we can go ahead and extend the functionality of the ARD database. After all, it is just a standard Postgres database.
So one thing that should be pointed out is that the system information table is essentially read-only. It's read-only insofar as every time you collect a system information report, any changes that you may have made will get wiped out. So system information table is for ARD, no touchy. If you want, you can add additional tables for system imaging information. I have some syntax up here for that. And then populate that database or that table with your own machine-specific information.
There is one other caveat, though. ARD, if it ever has trouble accessing the database, it'll try three times, and if it fails the third time, it'll just wipe out the database and start from scratch. So you may just want to create another database instead and put, say, maybe a PHP front-end on that. And then when a client requests information from your database, your PHP script can pull that information together. and provide it back in a unified format.
So if you wanted to do something like this on Mac OS X server, you would first need to install the Postgres aware version of PHP. Mark Lionage has a great little package installer that makes it really simple. Next, develop a front end for managing system imaging data and a database for that.
And finally, develop a front end to report on various information from your ARD system information database. Sounds easy, huh? So everybody run out and do that. Well, actually, I have developed a prototype and, of course, it's free and open source, so there's a great starting point for developing something like this.
Thanks, but I'm not done. So the first thing that I'd like to show is change client settings. So I've got a list set up here of these eight machines. And the change client settings dialog can actually do a lot of things. But I'm going to go ahead and skip through these.
It basically just sets any preferences that you find in the sharing preference pane for ARD. And on the last item, we can go ahead and say-- www.admob.com/diskimages/wdc-master and we'll call this North Beach. That's okay. It's not really gonna do anything. So we could go ahead and set these.
Receiving settings, prepping, changing, And then we can go ahead and gather another system information report. And I'm not quite as picky as Tony. I'm just going to grab a new one. And it'll collect that changed information from each machine and now your database has been updated and it's got the new information required to do whatever you need to do to that lab. So of course, you would need some client side scripts in your net install image set that would do something with this data. I'm actually not going to cover that. What I will cover, and I don't really need to change this.
So again, just for thoroughness, for raw Postgres access, you just use the rmdb.bundle, the commands within there. And run a standard SQL query. Get lots and lots of data. This isn't really very useful. For us, so what we can do instead is allow our ARD database to be accessed by the local host, by a PHP.
And to do that, you can modify those files that Tony was mentioning or I actually just released this yesterday. It's called Atom, Apple Remote Desktop Database Access Manager. You click a button and it enables local host access. Just a little quick and dirty guy. Next, write yourself some PHP scripts. And this is a pretty simple one right here. It basically will just return an entire record from the ARD database. Or not. There it is.
So this is actually pretty short, but basically just loops through that data to each of those system information elements and returns that data back to the client. So finally, when you get your entire... PHP database solution all set up and looking pretty. You can set up groups. And here I have a group of computers. There's eight computers over here.
And this particular script will report back from two databases, from the NetRestore database that I created and from the ARD database that already exists. So what we have here is a summary of information from the ARD database. If you want to get more information, you can click a link and it will return data for that computer.
Looking nice and pretty. And then we can also use this for management. And that's the most exciting part. So right now, you can see that all of these computers, well, first of all, these are the preferences for network store, if you recognize them. Right now, everything's set to no, and there's no configuration. But we can go ahead and say, apply some parameters to this specific machine. Or I can go in here and I can say, apply these parameters to all of these machines.
Restore the WWDC master to the first drive available. It's updated my database. And now... I heard he doesn't have quite enough cowbells and sound effects, does he? He's going to work on that. So we can go ahead and typically I would just use the set network startup disk and tell all the machines to reboot from a net install server, but I don't have a net install server here. So I will simulate it by copying out Net Restore to each machine and open it up. Let me delete this task.
Let's try this again. Copy items. And then if we take a look at one of these machines, In the final release, it'll work great. But essentially, this is what it's going to look like. The machine will come up. And actually, fortunately, it wouldn't do a... It's probably because I enabled a fully automate.
But it automatically picked WWDC Master, and I've got my imaging information, all of my options, and it would have just... Gotten or done. A few clicks of a button and your machines are re-imaged. So that's it. Coming soon to a version tracker near you. Alright so just where you can get more information on the documentation for the product and who to contact. You can contact me for the product specific information as well as Jason Skip from a developer relations perspective.