Enterprise • 1:09:15
In this session you'll learn about Apple's evolving desktop management strategy in increasingly complex and rapidly changing environments. You'll learn about the changes and updates to the tools that Apple provides to make managing user environments easier and more powerful than ever.
Speaker: Mike Lopp
Unlisted on Apple Developer site
Transcript
This transcript was generated using Whisper, it has known transcription errors. We are working on an improved version.
Good morning everyone. Let's get started. From your desktop management solutions team, please welcome Senior Engineering Manager Michael Lopp. Good morning everyone. I hope you've had your coffee because it's early. All right. My name is Michael Lopp. I am the senior engineering manager for desktop management solutions. And we're going to be talking about a lot of things today.
We're going to be talking about what Apple's evolving management strategy is. More importantly, we're going to be talking about what management actually means. We're going to be talking about how you're going to be seeing this stuff as I'm going to give you a couple live demonstrations. And we're also going to give you some overviews of some of the features you've probably heard about in previous sessions. So let's jump right into it.
What is desktop management? This is a slide I used last year and we're still using it because it's a pretty good message. What you're doing out there right now as you're managing all these machines and hardware and software is you're probably going through about three states. There's a fourth one too.
But the three states are you're sitting down, you're getting a new piece of hardware and you're figuring out what needs to go on that machine. And then you are actually deploying that machine out to users, making sure that it has the right stuff in it. That's all that needs to be on there. And you're managing it. You're making sure the desktop is correct and has the correct preferences.
And then you're assessing it. You're trying to figure out, okay, what information is on this machine that I need to get back? It's this process of all of this constantly going around. And that's just for a single machine. You're adding more hardware. You're replacing hardware. You're adding more software. You're constantly managing these machines. And there's another thing that you're doing.
Things go wrong. I gave a demo on Tuesday, which you're going to see here in a second, of ARD. And it went swimmingly well. We did really well. But at the very end I did one wrong thing and something on the end of the demo wasn't quite working. So I had to do a little troubleshooting.
I'm guessing a lot of what you're doing, a lot of the management tasks that you guys are doing, is troubleshooting. It's when things go wrong. And we need to be developing tools and technology to help you with that. So let's talk about a couple scenarios, a couple of different management scenarios. You guys seen this slide? This is University of Tokyo.
That's a whole lot of Macs. What you probably haven't heard about this slide is that there's not a single hard drive in the screen. What they're doing is actually what the University of Tokyo has done in this lab is they're disc-lessly netbooting all of these machines over the wire. So what their management solution is is to have a single image on a netboot server and then actually boot the lab up every morning over the wire.
That's pretty cool. If they want to redeploy these machines and make it something completely different, they just change the image on the server, and that's it. So that's one of the people that are using our technology. And this is something that's actually in Panther's server right now. Here's another group of people that we worry about. Slides? There we go. I call these hostile users.
[Transcript missing]
The other thing we've done, another one of our goals, is we've got to evolve with technology. There's a lot of different things that are happening right now. First off, you've got wireless, becoming very prevalent so you don't know whether you're going to be on the network or off the network. How do you have management policy if the user is no longer on your network? You've got portables, people are opening and closing them so they may not be on and off and, again, they may be leaving the network. You've got hybrid infrastructure.
You've got PCs, you've got Linux boxes. I know you have these. So you've got to be able to interact with those. So what you're going to see here is we put some features in to allow you to interact with some of those. And the other thing is you've got an explosion of Mac OS X applications that, again, you're going to want to manage these things. So we're going to show you guys a bunch of stuff today to actually help you with that. Okay. So first thing we're going to do here is we're going to talk about Apple Remote Desktop 2, which I believe you now all have a copy of.
So we're going to give you guys a demo of that. We're going to go into some detail there. We're going to talk a little bit about Workgroup Manager. We've got a new preference management strategy we're going to give you guys a good demonstration of. We're going to talk about the mobile home directories feature.
This is the feature that you're expecting, a mobile home directory. We're going to talk about system imaging and we're going to talk about software update server as well. We don't have demos for all of these and some of these are actually not in the DVD that you have, but we're going to give you a lot of detail around each of these features. Okay. Let's move along. Okay. ARD. This has been my life for the past three months. This is all I've been doing.
For those of you, how many of you have used ARD 1.2? Excellent. Wow, that's just about everyone. Have you seen this screen before? This is the 1.2 screen right now. This is a little long in the tooth is the way that I think about it. It's a very useful interface, but it's sort of dated. Then you have our favorite multi-observe, four windows open, that's it, you know, very modal interface. So what we've done over the past year : We've completely redone it.
We've completely redone ARD 1.2, I mean ARD into the Apple Remote Desktop 2 product. It's pretty. It's not just pretty, but what it is, it's also extremely useful. We're going to go into a big demo of it right now. You can look. We've kind of adopted the iTunes interface for Management Console.
[Transcript missing]
Really quickly, some big ticket features that we put into ARD. As you saw already, we've got the brand new user interface. We've improved multi-observe vastly. We've introduced a task metaphor. The task is basically any action that you can do against a set of computers, you can actually save that, reuse it, schedule it, schedule it again and again. So we've given that and made that kind of a first class object. We've integrated scheduling into tasks, as I just said. So it's really easy to have a set of tasks that you can actually use and reuse on a scheduled basis. You're going to see scanners everywhere.
First thing you're going to do when you pull this out of the box is you're going to go look for machines, right? So we're giving you a lot of different ways to actually find all your assets on the network. From the architectural perspective, again, we've totally rewritten screen sharing on VNC. This is an open protocol and it means that you can actually go and observe the data.
So we've added a lot of different things to the network. We've added a lot of different things to the network. So we've added a lot of different things to the network. So we've added a lot of different things to the network. observe a PC or Linux or anyone who's running VNC on the server. And we've also added some great, amazing speed improvements to it as well.
You're going to see much, much better performance than against Arity 1.2. You guys are going to like this one. We put a SQL database as well. There's a SQL database behind that's holding all the reporting data. And if you want to, you can go and access that and use it for whatever means that you want. Thank you.
So, and also we've done an offline reporting architecture, which is to address the mobile deployments. What this is, is currently in the ARD 1.2 product, you're all reporting and everything the admin needs to be running to get all the reports. What we've done is we've allowed you to specify an alternate data source for reporting information. So you can actually have clients which are reporting up to that data source whether or not the admin's running. So that way you can always have up-to-date data about your deployments, whether or not the machines are there, or whether or not the admin is running as well.
My favorite feature, send Unix. This is a command that allows you to send any Unix command to your set of machines. If you can do it in Unix, you can do it via ARD. I'm going to show this in a second. It's very exciting. We've got more ASP than ASP.
We've got a huge amount of data that you can actually pull out of these machines as well. We've got directory integration and we've also really simplified client installation. So, enough of me talking. Let's go to two here and take a look at this. But first I'm going to get my water. There it is, running right now.
We've got our set of remote desktops over here on our left. These nine machines that I'm going to be controlling. So just a quick lay of the land in ARD. What we got here is, like I said, it's sort of an iTunes interface. Over here on the left you've got all our different computer lists. I've got my master list.
I've got a test list. I've got my problem children. I've got a video lab. I've got a bunch of different machines. These are all just basically my assets that I have here. I have the scanner, which I'll go to in a second. It gives me the ability to actually scan for machines. And then I've got the save task feature.
What this is, is this is just a set of tasks that I've kept. And these are just dummy tasks, but just to give you an idea of some of the things we do, we've got a locked video lab. That's just a task to close that lab down, make sure the screen kind of looks like this. It means, everybody go home.
Really simple. Thank you. So what you saw here when I did, I just executed our first task and I want to give you guys a little bit of an explanation about what we're looking at. We have the main window here and what happened when I ran the task was this task progress came up.
But the task progress is the detail about everything that just happened in that task. So what I did was I went and ran a task against its machine and it succeeded really easily. What you have up here on the left, as we call these the select-o-matics, we call that that, I'm not sure what marketing calls it.
But what these do is these actually allow you to select groups of computers based off of what their state was. Since everything worked here, everything is selected. But if you had some tasks that actually failed, reporting didn't happen, something didn't occur, you can actually go and easily select it and do that.
These task progress show up for every task that you run. If you don't want this coming up, you can turn it off and just have a preference and via the preferences and you can just look at it here. Again, here's the task that just ran right there. : All right.
And so that's just a quick overview of the interface. Oh, the other thing is we've -- ARD does a lot of different tasks. I've got to show you guys this. There's a lot of things you can do, right? And there's other commands in there that do things you can't even imagine. So We'll go ahead and we'll actually create a scanner first. So what I'm going to do here is I'm actually scanning a local network and ironically I'm seeing all of my machines right there. Let's go ahead and first unlock them. Another task.
. Let's go ahead and create a scanner now. You can create as many of these scanners as you want. So let's go ahead and create one. Let's see. These are all the machines that we're currently seeing. I'll go ahead and create a new one from this list. We'll call this WWDC live. .
There it is. It's a pretty simple thing. Just a list of computers. But what you're going to see is any time that you can see a list of computers using ARD, multi-observe, reports, you can constantly create lists from this to actually make yourself Post-it notes, is what I call them, to actually say I need to do this or that to a certain set of machines.
So we have our WWC live list right here. But let's tackle this. Maybe I have a different way that I want to look for machines. Maybe you've got an Excel spreadsheet that has all of your assets in it. It's really easy via the file import to actually just drag any arbitrary file that's got IP addresses. You can just take it, plop it in there.
: So, we're going to go ahead and start the session. And we scan it. Any file. As long as it's got IPs, we're going to find it. So, PDF, Excel, whatever you want. So, however you're managing it. And as I go and edit that file, if I just want to reload it, I can just reload it and, again, start creating lists from there.
So once you've got your set of machines, the first thing you're probably going to want to do is you want to upgrade them because everyone's probably running ARD 1.2 right now. These are all actually up to the 2.0 client right now, but just to quickly show you how easy it is to take ARD 1.2 and bring it up to the 2.0 is we've got an upgrade client software. If these machines were 1.2, what you'd see is you'd actually see them in there.
You can authenticate to them, but the current status would be old software ARD 1.2.4. All you have to do to actually upgrade it is select those machines, click upgrade, we install a package, we restart the agent, you're golden. That's it. It's a single click to upgrade all the software. It's a really handy feature.
So let's actually do a different task here. What I want to actually do is I'm going to change some client settings on these machines. Let's go ahead and walk through client settings. Now what client settings is doing is it actually setting the preferences for the client. So let's say the agent software has already been upgraded. So I want to set some preferences. I want the menu extra to be there. Again, so we kind of have a setup assistant kind of walk through. We'll go through and we're going to say I'll leave the startup element enabled. I'll leave the menu bar running.
I'm not going to create any users right now. I'm not going to specify any access privileges. I am going to talk about this one really quickly. But this setting here, this first one here, set request permission option, this is guest access. This is one of the most requested features that we've had. What this is is the ability to say, okay, I maybe have some politics at my deployment. I have people that are fine with my desktop, but I want them to ask before they go in.
So what guest access allows you to do is to specify, okay, I can be observed and controlled, but only at my permission. So what will happen when you set this permission is it will actually prompt -- when you go to control one of the users, it will actually prompt them and say, do you want this person to actually help you out? So they get at least -- they get to be -- respond and allow you to run it -- allow them to be observed. You can also set this VNC viewer access. So if you have a VNC viewer that you want to use, we can actually do that in here as well. What I'm going to do just for this demo is actually set some of the system information.
Go ahead and set the field there. Set that. What you're seeing again, here it is, the task window. It's everywhere. Any time you run a task, you're going to see this. Just real quickly to give you a little bit of detail about this, what you see down here are these two buttons. These are always on every single task.
This gives you the ability to schedule a task. This was in the current product, but now we've made it really easy to use. And also, if you want to target it at a set of machines, you can do that as well here. We're just going to go ahead and run this.
I'm just going to set one client setting, one system information setting. We'll go ahead and just copy it down there. See our task progress going. See the status changing on all the machines over there? You're not going to see anything there as it goes and installs a package and changes all the settings.
changes all the settings. Little bit more about the buttons and the task progress. You see these other-- you see these other bezel buttons up here. What these allow you to do is actually repeat tasks. Or if you want, you want to actually duplicate it, you can easily just create another task based off that.
So if you've got something that you want to say, well, I was close with this task, but it wasn't everything that I wanted, you can actually create another task right there as well. Lots of flexibility. Okay. So we've updated our client software. We've done some settings. Let's do that lock screen again because that's always interesting.
I'm going to lock it. It's pretty handy. So let's actually do some real world scenarios. Let's say that we've got a new version of Safari out there. You want to know whether or not these systems have Safari or not, or which version they have. I have a version on this machine that I want to use. : I happen to know they all have the same version, but for the sake of the demo, let's go ahead and just generate a report.
You guys all use 1.2. You're all wondering, how did that report come up so quickly? Because normally it's this live active report that you see in 1.2. What happened is, is what I was talking about earlier, is we have a SQL database under there. And what I was doing is I was actually running the report from a cache that was built a while ago based off my reporting policy. If it was the first time that this report had actually been run, it would have been a little bit longer as the machine was actually caching and doing that. So.
Let's see here. This is our report window. Again, it's a computer list. If I want to create a list from here, it's really simple. Let's say, hypothetically, that these four machines have an older version of Safari. Just like every other window, I can go ahead and create a list from this.
I'll call this old Safari. Safari old. All right. Now I have yet another list that I work from. And again, the idea here is I left a little mental note for myself saying, OK, these have old version Safari. I want to copy something down to this. So let's go ahead and actually copy down a package. And we're getting into sort of the software distribution features of ARD.
What we're going to do here is we're actually going to copy a package. This is a dummy package that is designed for speed rather than usefulness. We'll go ahead and I've got this dummy Safari package, which is actually going to just copy it down just to give you an idea of the install package feature. This is something that we had in 1.2.
So it's the same feature with the whole new task metaphor wrapped around it. You can install any set of packages. What's going to happen here is the package is going to be copied down, and the install is going to be run. And it's going to be installed. Let's go ahead and just do that.
Again, detailed task progress, copying the package down. It's installing? Success. Knock on wood, everything's going swell. Okay, so what we did there was we actually copied it down and now we installed whatever package we had just had right there. So let's actually verify that. Let's go ahead and open up Safari on these applications, on these machines over here. So what I'm going to go ahead and do is use the open application task. Again, tasks just like any other. What we're seeing here is all of the applications I have on the local machine. I'll go down to Safari.
"Wherever that is, S, go ahead and open it. And it's opened." Great. We're on the internet. Excellent. Okay, so let's go ahead now and close the application. Close the application. Oh, there is no close application. That's right. We don't have a close application command. This gives me an opportunity to show you something really cool.
We have a command called sendunix that we added as a part of ARD2. Sendunix is pretty much what it sounds like it is. It's the ability to send a Unix command to any machine that you want. Remember, you're running as root on both sides, so don't get yourself in trouble.
So what I'm going to do here is I'm actually going to go and since I don't have a closed application, I'm going to type kill all Safari. Again, what this is doing is this is sending this command to all of these machines. Let's go ahead and click send. All the windows are gone. Success.
Send Unix. I don't know what you guys are going to do with this, but it's a lot of flexibility. It's a lot--you can do some amazing amount of stuff there. For example, let's just do a couple other examples. Let's go ahead and let's say I didn't know there was an open application command, so I'm going to go ahead and use the open command, "set via send unix,"
[Transcript missing]
That was SendUNIX. Let's talk a little bit more about reporting here. As I said a little bit earlier, we have the ability to have offline collecting of reporting data.
Let me just show you guys how we actually set that up. I'm actually not going to demonstrate it, but just to give you an idea from the admin perspective what you need to do. So here's my preferences window. I'm going to go ahead and jump over to data collection. What you see here is I have the ability to say, listen, don't get reporting data from me. Get it from somewhere else.
You can set that there. Then if you wanted to change for the clients to say, okay, don't use me as a reporting resource. Use someone else. It's again, it's very similar to everything else that I've been showing you. You just set the reporting policy. Here it is, the task again.
What this says to these client machines is don't use me. Use someone else and do it this often. Again, so this is the idea is to give you the ability to have mobile computing dumping the data to a mobile computer is dumping the data to this database so you always have a fresh set of data.
As fresh as it can be, right? Because you can't actually get data from a machine that's not there, but you can get the last time it was there. So we're improving the likelihood that you can get a good quality report from the set of machines that you're managing.
All right. So let's do a little bit more. Let's try a file search. I'm going to go ahead and do a file search. I'm going to search for the word -- I'm going to search for "incredibles." Well, incredible. Go ahead. We'll go ahead and do that. Again, nice and fast. First time you do it, it may be a little bit slower, but the second time, it will be nice and fast. We'll go ahead and see this. We found what looks like a QuickTime movie here.
Again, I want to go back to the idea that all of these windows, the paths that you can do against them, the verbs that you can do to them, you can do in any of these windows. So I've got a report here. This is just a static report and set of data.
It's actually not. It's a computer list which says, this computer has this set of information on it. So I'm going to go ahead. : I found these things, go ahead and start running, go ahead and open it with whatever the associated application is, which in this case is QuickTime.
You're going to see a trailer here in a second. It's The Incredibles. But again, this is visually interesting, but what is really interesting is how you're going to use this. In a lab situation or maybe in some sort of institutional situation, it's a really handy way of actually opening applications, setting an initial state for the desktops that you want. And once again, we have success. All right.
So what I want to do here is now that I've got this trailer running and you're all distracted, you're looking at that, you're not looking at me anymore. So what I'm going to do is I'm going to actually reuse one of these tasks down here just to show you a little flexibility of the interface.
So I have the send Unix command down here. That was system setup. What was this one? This was open that. So what was I doing? I forgot that command that I liked. Oh, it was kill all. That's right. So let's go ahead and use this again. I just did it. I duplicated the task. And quick time player. I'll go ahead and send it.
All cleaned up, except for the one that I didn't select because I probably didn't do them all. That's right. So I'll duplicate it again. And this time since I missed the other ones, what I'm going to do here is I'm actually going to grab the ones that I didn't run against, remove the ones we already did it against, : Grab the ones we are still running on, drag those over into the well.
Let's get a little real estate here. Drag those over into the well. Again, these windows, it's not a modal interface. We've gotten rid of all the modality of the interface. You see what I'm doing is I'm jumping around, moving stuff between different wells. If you had a little more real estate here, I can imagine a lot of task windows, the task progress maybe being up all the entire time. It's a flexible tool. So go ahead and send this command to kill the QuickTime player, which is still running.
[Transcript missing]
What we're going to do now is we're going to go into a little bit of the more demoable features of ARD because they're so visual. As I've already showed you a little bit of the reporting and the other features that we have here, what we're going to get into is some of the interaction stuff.
So what I'm going to do to set this up is I'm going to do another powerful feature kind of akin to signed Unix. What I'm going to do is I'm going to copy an Apple script down. This Apple script is just doing some finder stuff to actually give a little visual interest to the screen here. But again, what I'm going to do is I'm going to copy it down and I'm going to run it.
And the idea here is that you could do whatever sort of Apple script you want to do. It's a good way to actually distribute some sort of automated tasks that you want to do. Again, who knows what you're going to do with it. You're just giving the ability to do so. So let's go ahead and do that. I'm going to go ahead and copy the items down. What I have here is I'll go ahead and copy items.
A little bit of detail on this one here. This is very similar to the one-two feature. It's basically saying, OK, go ahead and copy this file down. I'm going to actually put it on the user's home directory. And the thing I'm going to do here that's different is I'm actually going to say, once it's there, kind of like we did with the Incredibles trailer, I'm going to say, go ahead and open it.
I already have it there, so what it's saying to me is like, listen, are you sure you want to overwrite this? You bet I do. Okay, once again, success. Here goes the screens. In the demo on Tuesday, everyone just started watching that. I don't want you to watch that. I want you to watch me. So, locked.
Andy. Hi. Okay. So what's going on behind the screen right now is the Finder script is still running, but as I showed you right there, this gives you the ability to kind of focus the attention. Again, this is more for sort of the institutional, the lab situation. So let's go ahead and unlock those.
Let's talk a little bit about observe and control. Everything seems to be going along reasonably well. You see here as the students are sitting at their desktop, the current application status is changing. This one's in Finder. This one's now in TextEdit. I don't know why, but they're moving along. So let's go ahead and start up with what ARD 1.2 used to look like. There you go. You've got your four screens. You've got your students doing whatever they're doing right now.
But you know, there's a lot more machines out there than four, right? What you want to do is you want to look at a lot of machines. And maybe you don't want it to be that size, you want it to be this size. Maybe you want it to be this size. Who knows? Multi-observe is vastly improved. Whether you've got two machines or 200, this is going to be a really handy way for you to actually look at these machines.
Let's just quickly go through the task bar. What you have up here is all the tasks that you can do against it. Just like we can do in any other list, all the tasks work. So let's do this, my favorite command today. Lock all the screens. It's just like any of the other Windows. Anything else you want to do to these machines, any other tasks you want to run, you can do. So we'll go ahead and select them all, unlock them.
Closing again. They're merrily going along. This first slider up here gives you the ability to adjust how many machines you want. Again, you want four, you want two. How many do you want? What's on the next page? Maybe I want to look at two and I want to see something on the next page.
Hi, I'm Mike Lopp. I'm a computer scientist at the University of Michigan. I'm going to talk about the new technology that's coming out in the future. I'm going to talk about the new technology that's coming out in the future. I'm going to talk about the new technology that's coming out in the future.
If I want to adjust the time, I can just adjust it over here. I've turned it off right now because, you know, after a while it kind of gets annoying. But, so the other thing is we actually have the ability to change the codec that's being used right now. So what you're seeing right now is thousands of colors.
If you want to go to a different one, you can go up to millions or you can go down to grayscale. Why would I want to go to grayscale? Why don't I want full color? You don't want this because it's taking up a lot of bandwidth. Maybe you're really starved for bandwidth and you want it to look like a very old version of some OS.
who knows? But the idea is here these codecs give you the ability to adjust your multi-observe session to whatever your bandwidth situation might be. So let's go back up to a little more color here. Give us a little more machines to work with. : Again, I'm going to hammer this and keep on saying this one because it's really important.
There's a lot of flexibility here. Before, you had a multi-observed window open. You couldn't do anything else. You were looking at the machines. You weren't getting the cool cube effect. Now you can do whatever you want. You want to open this one here. Okay, let's do that one. I want to control this one here. I missed it, sorry. Control that one over here.
Click. There we go. Oops. Slow down. Control that. There we go. Here's our second window open. Sorry, I don't really want them that big. I want this one this big. Sorry, students. Excellent. Thank you. It's really flexible. Again, what you're going to do with it, how you're going to set it up, who knows. We've given you the tools to get yourself into whatever sort of trouble you want.
All right. In a single observe, you're going to see a couple different options here. What I'm seeing here is I'm looking at this machine right now, and I'm actually not controlling it. And I know that because I've got this icon up here, which is sort of the universal control icon that we have.
If I wanted to take control, all I need to do is click it. Boom. I'm in control now. Click on system preferences. It's doing its little bouncy thing over there, and it popped up. These scripts are still running, so I'm sort of fighting for contention with them right now, but it gives you the idea.
The other one here is the ability to actually share the cursor with the user. If you want to, you can actually turn that on and off. So if someone's fighting for you with a cursor, you can just turn it off, and they don't have any cursor control. They can still see what you're doing on the machine, but they can't actually start dragging with it.
Mark, who you'll be talking with shortly, was messing with me the other day when he was sitting at one of the machines, so I just turned it off. The other thing that you can see is maybe you've got some sort of weird resolution situation. Maybe you're looking at one of these massive machines. Maybe you want a lot more detail. If you've got less resolution, we've actually added a new mode called panning.
[Transcript missing]
Let's go ahead and close this. And we talked a little about the colors. We talked a lot about a lot of stuff. So the other one is-- we talked about controlling, and we talked about observing.
Now the other one that we have is the ability to actually send the screen. Sending the screen is sort of a special case. Because what you're doing is you're actually going to send this screen from this machine to all of the other computers. This isn't popular for maybe in a training situation when you want to say, watch me. Take a look at this. You can actually give people a live demo. It's using the same technology as Observe and Control. Amen.
I want to talk about this window really quick. What's going on here is I'm going to share this screen. But you see there's another option there. It says share another screen. What you can do with ARD2 and the prior version as well is you can actually broken an agreement between two machines and say, listen, this gentleman's screen over here, I want you to see the rest of the screen anywhere. You can set up whatever arbitrary screen sharing relationships you want. Again, schedulable and all the other things are there.
So here we go. There I am in eight machines. One thing you probably notice is the task progress is still up. What happened there was this task is still going on, right? The screen sharing is still going on, so you're actually getting that idea and you're getting an interesting redraw effect as well. I'll just erase that. Okay. So we'll go ahead and stop that.
[Transcript missing]
So that's a really quick, super fast version of ARD. Just to get us cleaned up and start up, what we're going to do is something that's a lot of fun, is actually going to go and restart all these machines. This is the thing that didn't work on the demo on Tuesday. We're actually going to do it right this time.
What we're going to do is actually-- we have these scripts running. Some of these things have text edit running. So I'm about to actually lose some data because I have text edit files with data in there. But we have the ability to actually restart and just close the user. So maybe at the end of the day, you actually want to just shut them all down or restart them in this case.
Thank you. Oh, there's one more thing. Sorry. There was one more thing. So all these machines are offline right now. They're black, right? There's one other thing that's a really good benefit of screen sharing is we've got this one machine here. says VNC. You're probably wondering what that is. You can probably guess at this point. This is another machine. You don't actually have all the ARD functionality on it, such as all the tasks, but what you do have is you have the ability to control this machine if you need to in a pinch. Yeah.
We like to make fun of it, but the fact of the matter is you guys got a lot of different hardware out there and you need to interact with this. So here we have a PC under there that we have the ability to control. Just like anything else, you're running it, you can actually use it.
You've got a remote desktop for PCs. This is a great feature. If it's a Linux box, if it's a PC, whatever you want, you now have the ability to observe and control. It's important to remember that you don't have the ability to do all the other tasks. That's a whole other part of our technology. You can't do the copy items. It's just a screen sharing piece. So that's ARD 2.0. If you guys like it, I'd like to hear a round of applause. because we've been working our tails off on that.
Okay, so that's ARD. And there's a lot more coming. All right. First off, with mobile home directories. You guys aren't going to get a demo of this, but you're going to hear a lot about it right now. I have an apology first. We had a feature in Panther called Mobile Accounts. And you guys said, mobile accounts? That's a great feature. I want to have the ability to actually cache my local account.
But a lot of people said, listen, does it actually cache my entire home directory? No, it actually doesn't. It was just the account. So Panther was mobile accounts. What Tiger will have is a feature called Mobile Home Directories. This is the feature that you're expecting, right? This is the ability to have This is the ability to have essentially a mobile home directory. That's the best way to call it. The idea is to provide a mobile solution for portables.
Portables are on the network and they're off the network. You want your home directory to be local so that you can actually have a mobile solution so that when the network's there you can actually use it. We want to leverage the convenience of network storage. If you've got a network home or a network mount, you want to actually have it be there, back up to it. The other thing is we want to build a solution on top of the file sync services. They're actually building into Tiger as well. So let's talk about how it works. So here's a pretty standard basic setup.
What you're seeing here is actually for mobile home directories, the basic use case is this. I'm a user. I'm this gentleman right here in the front row. I log in. I'm an admin, I'm sorry. I go and I say, this gentleman's account is mobile now. What happens is, the first time he logs in, he gets a warning. He says, listen, you're about to go mobile. Do you want to cache your account in your local home directory? And he gets to choose something. He gets to basically choose what we call the truth. The truth is this. The truth is saying, listen, I'm the user.
I'm smart enough to know that either my local home directory is the current version of the directory I want, or the server version is. And they pick it. And they say, my local home directory is the one that I want to be using. And then we go, and it copies via the synchronization services. It copies it from one direction to the other in whatever choice you had.
You could also say, I trust my admin. My admin's home directory up on the server is the one I want to be used, and I'll sync it down. And then what happens is, nothing. Actually, one little thing happens. It's trickle syncing. As you're making changes, to the local home directory, they're being synced back up to the server.
You're not seeing this in any other way except via the menu extra. What happens, and this is the cool part, is when the network goes away, you just have your home directory. It's just sitting there, and it's waiting for the network mount to come back. But in all the changes, nothing's happening. There's no network bandwidth there. It's just sitting there waiting. When those network mounts come back, The synchronization occurs again. So this is a very, very, very powerful feature. This is something that everybody wants, because everyone has portable computers. They may have a network home directory.
So let's talk about the-- Let's talk about the case that everyone cares about. This is an error case that everyone wonders about. Because what if the dog does eat my iBook? Right? What that means is what if my iBook vanishes? And this case actually really gives you a good example of what this power of this feature is. So this is the scenario we care about.
Let's just walk it through. So how we can-- let's talk about how mobile homes solve it. First off, let's just say the iBook is eaten. OK. So the user somehow gets a new iBook, right? And they've already logged in once before using the mobile accounts feature. And what happens is-- What happens is the synchronization, I log in, I type in my network password and it says, oh, you've already logged in, you've already had a mobile home directory, but the sync between the network store and the local store is out of date. So again, you get the same choice that you had when you started. You get to pick the truth again. You get to say, listen, I want my network home directory because that's the current version of what I had.
And what it does, it does the same thing it does at the initial login. The truth gets copied down again from the local backup. So what you lost in that case is only what happened between when you went off the network and when the dog actually ate your iBook. Thank you.
I'm greatly simplifying this feature. I know you guys are sitting there going, well, what about this, or what about that? And there's a lot of different ways to-- synchronization is hard, is the slide I originally had. And it is hard. Synchronization is a very hard thing to do.
We want to-- you can't get into a case-- there's a lot of cases you want to avoid with mobile home directories. You want to avoid the multiple writer situation. Multiple writers is this, is I've got my mobile home that I'm using, my local home directory. I'm typing away. I'm changing stuff. And somehow, someone is also typing or getting data into my network home.
That's a bad thing, because we're not talking about a single file. We're talking about thousands of files here. And we don't want to give you guys suddenly a case where you're getting thousands of conflicts, dialogues, and saying, pick this file, pick this file. How we solve this is when the mobile home is checked out, when the mobile home is first bound to a network home directory and checked out, you can't get to that network home.
Administrators can get to it, but the users can't get to it. So you can't actually-- so that's a store, basically, up on the network home directory. Home directories are also extremely complex beasts. There's semantically intertwined files. There's lots of files. If you were getting conflict dialogues, how would you know which one to pick? Because you don't even know what the file is, right? Because there's a lot of stuff that's non-human readable.
So we actually-- that's why we got this concept of the truth, which is saying, "Listen, we want to do big block copies of the network homes to move them around." The other thing is we're going to give you a lot of flexibility. Maybe you don't need to do the entire home directory.
Maybe you only want to do portions of it. Maybe you just want to say, "I want documents to be synced." Just a documents folder. That's a little bit easier thing. So you can really go ahead and you'll see via-- you can actually define a policy that makes sense for your users.
So mobile home directories are not actually in the Tiger server. This is in the Tiger server version that you have. But this is a feature that we're going to include in it. I think you guys are going to like this a lot. I think there's going to be a lot of usage of this feature.
So moving along, software update server. Again, a well-named feature. This is pretty much exactly what it sounds like. The problems we have with software update right now is that there's a lot of software updates. And again, your policy may vary. At Apple, they just let us install whatever we want.
But at an educational institution, maybe you want to have some control over what updates are actually installed. Or maybe you want to do some testing before it's installed. There's a lot of them coming out, and your job is to really make sure that all of your hardware and your software is working.
The other thing is that bandwidth can be really expensive, right? It's never cheap. So the thing is that we also-- for example, when you have a 10.3.4 update, maybe you're getting a lot of bills because every one of your users is actually pulling down this big, huge update. So we wanted to put together a solution that gave you basically a way of proxying software updates, but also gives you the ability to maybe intercept and test before you actually land things. So here we are again.
Let's talk about how it works. What you're seeing here is-- I'll do a simplified version of this. What happens right now when you click the software update client is two things happen. First off, the client says, listen, tell me what I need to know, tell me what I need to download in terms of software updates relative to my machine. I call that the catalog. Then it says, OK, and tell me where I can find them.
Those are the two things that happen right now. And what happens is all that information comes from our servers via the internet, and it goes to your clients. That's where you're spending a lot of the time. So there's a lot of transactions that are happening from your clients up to the servers and back and forth and back and forth. And the catalog isn't big. It's a small file, but the updates can get really big. What software update server does is it allows you to put a server right in the middle.
That server's a proxy for all of the updates that you have there. So this server is the only one who's actually talking to our servers to actually pull down the catalog information and to pull down the updates as well. So they're all just talking to that single server.
So it's a really handy way for doing that, and as you probably expected, it's integrated straight into server admin. This is a screenshot. Again, this isn't in the Tiger DVD that you guys have, but here you go, and you can take a look at it. It should look very familiar. It's basically the software update client plopped into our server here.
But there's some other options. You can actually give the ability to mirror updates, enable or disable them. You can define your policy however you want. Maybe you just want to mirror them and just save the bandwidth costs, and you don't want to worry about testing them before they go in. and you're going to ask, can you add your own updates to this? You can't currently, you're not going to be able to do that as part of Tiger Server. Let's get that question done right now.
So there's a lot of features that we have as part of Software Update Server. There's the flexible approval policy. Do I just mirror everything or do I want to approve things or do I want to selectively approve? We have bandwidth throttling in here as well. So you have the ability to, if I'm worried about maybe a lot of updates coming down from my server and I don't want to wedge my server, you can actually adjust bandwidth throttling on it. The other piece of this, the other half of this equation here is Software Update Client, right? You've got to be able to do something about that.
You've got to be able to point that another way. So as you're going to see here in a little bit, we're going to actually show you management via a work group manager. So Software Update Clients can be a high level plugin that allows you to be managed via a work group manager. You could also use remote desktop to copy your preferences out or you can just go individually to the clients and actually manually configure them.
But each of the client will support the ability to point at a different server. All right, moving right along. We also have a technology called Netboot and Netinstall. This is our system imaging solution. For those of you who don't know, Netboot comes in basically two flavors. There's the ability to Netboot kind of like the University of Tokyo did.
[Transcript missing]
We've spent a lot of time on the last release and this release on a tool that we originally called Network Image Utility. Network Image Utility has actually been redubbed System Image Utility because it's not really a network that you're imaging, you're actually imaging systems. That makes sense.
What happens when you have a single image is you run into a situation where you want to have specific client information on each individual client. For example, IP addresses or a machine name or something like that. So what you're going to see in a lot of the features that we put into NetBoot and NetInstall is the support for directory services.
I can build an image and I can also add directory services information. We can have per CPU directory services binding information associated with it. We have the ability to say, "Okay, I don't want these set of hardware to boot from this." We have model property filtering. And also, I know this is something that everyone's been interested in, we have the ASR block copy. What this means... Thank you.
It's our block copy for those of you who don't know why everyone is clapping, means really fast installs. So that's something else that's going to be in there. So and also we have the ability to set machine specific settings, rendezvous, computer name, host name, all these things so that when I boot from a machine I have unique information associated with it when I use one of the Netboot installs. So let's take a quick look at System Image Utility.
This is the same tool as before. You're going to see some new features here. We have the ability to change the by host preferences, do some check some checking after we install. This is the new ability to actually have an image be associated with a certain set of hardware.
And then the ability to actually set the client settings for these images as well. So that's System Image Utility. We're working on it hard. We would love your feedback about it. We want to make sure that this is just a great application to be able to do system imaging with.
So-- Okay, last but certainly not least is going to be the work with manager discussion. We're actually going to get back to a demo here. So manage desktop. This is a very vague term. Managed desktop, if I could have one thing before you guys leave here, is to really understand what's going on with managed desktop.
Managed desktop is basically managed preferences. What's happening with managed desktop is via the server, via open directory, you have the ability to define a set of preferences, in some cases, which are associated with the users, groups, and they're actually blasted out and copied down to an individual computer at login window time. So this way, a managed desktop really allows you to set the user experience when they log in.
Make sure they've got certain mounts already there. Make sure the user interface looks in a certain way. And because it's integrated straight into the client, you all have this ability as long as you're running open directory. The other thing about managed desktop is it's extremely backwardly compatible, meaning that if you have Tiger Server with WorkRoute Manager running, there's going to be features that are going to be only specific to Tiger, but you're also going to see plug-ins from Jaguar, features that were only maybe in Jaguar or maybe in Panther.
We do a lot of work to make sure that you can see the features that are only in Jaguar. And we can continue to manage back as far as basically when managed desktop first landed. So here we are, preference management. You're going to see this in a second. This is the WorkRoute Manager in the preference pane. We've got our users over there on the left.
I got all the preferences. It looks very familiar. There's a System Preferences over there. You're going to see this in a little more detail in a second. But the idea is, these are all the preferences that you can set. There's a hitch, though. What we found is, what the feedback is, all of these preferences are really associated with things that are Apple.
All these management options that we have are System Preferences or things that are ours. And fortunately for us, there's a lot of other applications out there. There's a lot of new features coming out in the OS and other stuff. So we need to have a strategy which scales around this. We need to have the ability to actually manage things which are outside of our domain. And what we're going to do, what we've added as part of Tiger and Tiger Server, is we've added a preference editor.
This gives you super fine-grained control over the preferences. This is not for the weak of heart. It's something that you can get in and you can tweak whatever you want in terms of preferences. The thing about preferences, and quickly what's going on here, what you're seeing here is actually the preferences for Peter and Timmy here.
They've got preferences associated with Dashboard, which is a new feature. There's no high-level plug-in for that. Finder, QuickTime Player, Safari, the Terminal, and Dock. What you're going to see here in a second, you can actually drill down and you get a sheet. It gives you the ability to change any of this stuff. So that means next time that this person logs in, they're going to get these preferences associated with it, and they're tweaked to whatever you guys want to be able to do with them.
There's one other quick-- Thank you. There's a catch though. Plists are not necessarily human readable. We like to go in there and tweak around and say, "Well, what's this going to do? Well, that's interesting, right?" So what we've done is we've -- and they also actually often contain features of the product that you don't even know about. And you go, "Well, I'll add this and see what happens." So what we're doing as part of a Mac OS X server -- part of an entire server is we're actually introducing the concept of a preference manifest.
A preference manifest is a template for preferences. It says, "Listen, I know you're a human being and you want to be able to actually read these preferences." It's a template that we use to actually describe preferences in a way that's useful. And you're going to see this here in a second as part of our demo here.
Obviously, for preference manifest to be useful, they've got to be everywhere. So what we're doing is first off we're making -- we're working with the application groups at Apple and the tools group to make sure that a manifest is included as part of every bundle. So that would mean like this.
If I wanted to manage Safari, let's say, how I'd work it is, I'd actually pull this Safari preference manifest, put it into the preference editor -- and you'll see this in a second -- and I can see all the things that are manageable as part of this. So the demo preference manifests and managed desktop -- I'm going to have Mark Rammel, one of the engineers on the team, come up here and give us a little tour, and I can stop talking for a second. Hey, Mark. Hi, everybody.
Hi, my name is Mark Rammel. I'm the QA lead for the managed desktop product and let's just get started. What you see here now is I'm currently running 10-4 client. This is the same build that's been distributed to everybody here. You should have, most of you have probably already installed this.
I also have the server administration tools installed and I'm running work group manager in the local node. Who here, I mean pretty much everybody I'm going to assume has run work group manager, but who has run say preference management for any users, groups? Okay, cool. We're going to start with the work group manager.
We're going to give a little bit of a high level overview before we jump right into the preference management. So I'm running work group manager in the local node. I'm running the same build everybody has. You can run in the local node, but primarily you would really want to stick for a server client solution.
This is probably too powerful to use on just a single client to client scenario and not everything will work. I've created a couple of users for this demo. I've got a user name, a shell, a local server, and a server client. I've got a local home directory defined for each one of these as well as some preferences defined for each user. For this user, I've got a finder and doc, and for the people who haven't used worker manager for preference management, we're going to jump right in. For the finder here, I've set an always preference.
Currently for since 10.2, we've had two different types of preference management. We have, well, never, nothing is managed for this particular high level plug-in. We have an always management option, which will then copy prefs that we've defined in here to the client's managed domain. Each log in, these preferences will be rewritten to the managed domain, which you've probably found is in the library, managed preferences, user name. Then the other option here we have is once.
These preferences will be written the first time the user logs in after these preferences have been defined into their user's home directory. For example, if I were to set these preferences here via once, I would have to set them here as always. These would be defined when they log in, but then they could change it. Right now I've set this as always, maybe to reduce clutter for the demo here. We're not going to show hard disks, removable media, et cetera, and always.
Additionally for these users, both these users have the same preferences. I've also set doc preferences. Pretty standard. I've defined this as my default user template for these two users. They have Safari, Mail, iChat, whatnot, and pretty standard doc display. I don't want the user to change this. This is the default user template. I've set it to a new one. I'm going to go ahead and show you how to do this. So I'm going to go ahead and show you how to do this.
So I'm going to go back to the preferences overview. And for those of you who have been using Worker Manager for preferences for a while, you see this new feature that Michael showed earlier. This is details. Currently, I've set some finder preferences, which are defined in the finder plist and the global preferences plist and the doc plist.
The first part of the demo I'm going to do here is I've set these preferences, but I want to tweak them a little bit more than what they were probably designed to do. So what I'm going to do is I'm going to go ahead and open up the doc preference right here. And we have something that Michael didn't touch on earlier. We have always and we have once, but we have this new management feature we're introducing for Tiger. This is called often.
This is like always, but it's written every time the user logs in, it's rewritten into their home directory. So maybe for a kiosk or a classroom setting, you want users to have a little bit of flexibility. You want to give them the creative control to make sure that they're not just sitting in a classroom setting. You want them to make mistakes. But the next time they log in, we're going to wipe a clean slate. So these are the preferences that I've set for the doc.
We've got a lot of strings. A lot of this stuff doesn't really make much sense. Magnification. I can set this to true, but I'm not really sure what that does. Some of you guys out there already play around with plists. I'm going to add a new key. I'm going to call this key pinning. And I'm going to add "and". I'm going to save this. And it's done. So for this demo right here, since I'm running locally, I'm just going to fast user switch into this Mark user.
So you've probably already seen that the dock is over here. This is something the dock does. It's built into the OS. Nobody really knows about it. I'm sure pretty much everybody here has probably played around with that as well, though. And for the people new to preference management, notice I cannot move the dock. I can't change the size. It says dock preferences. It will bring up a system preference pane with blank options. Everything will be grayed out and mutable.
And that's it. An important point before I jump back to the administration console is I've set this preference for Mark. But as you've seen, I could have very easily selected a group, groups, a computer list. I could have easily set this setting for hundreds, if not thousands, of potential clients in the future.
And as Michael touched on earlier, everything I've set here will be set and written to preferences back to 1024 clients, will be what we will support. Now, of course, since keys change and new keys are introduced all the time, we can't really promise everything will be managed, but nothing will harm those older clients.
So let me log back into the administration console. Oops. Okay, so we've created an example preference manifest for the doc just to give you an idea of what the preference manifest can do. We saw all those options earlier. We saw Boolean, we saw True, we saw some numbers. We weren't exactly sure what they did.
So we're going to add something to this list. My desktop, manage preferences, and this manifest. Bam. The doc has changed. It no longer gives a generic plist description. It's no longer italicized. This is more of an native thing to the preference editor. This is telling us that things are defined.
And if we go in here and we look at this again, We have human readable text. We see a largest tile size. This tells us and we have a description for each of these strings below that would tell us what might not be common sense. For example, this minimization UI, true to disable the minimization effect pop-up menu, et cetera, et cetera.
This is pretty slick. Since we also tweaked this file, there's something in here that's getting our attention, something that's non-native to this particular plist. Right here, the pinning. This doesn't match. And it says right here, additionally, the template files we changed for the doc items, we added Safari and a couple other things. Those are also flagged as non-default. So that's a pretty basic overview of the preference manifest.
Now, the second part of this demo that I'd like to go into is Editing individual strings and keys is great and all, but that's very time consuming. What I'd like to do is, and what a lot of people did for other products before, is using, say for example, this administration account I've created to mimic preferences for a different user. I can change settings here in the administration console and then push those plists to another user, group, computer list.
For this demo I've got a user called Michael. Let's say for example I have an engineering manager who's a bit of a control freak and he likes things his certain way. I'm going to change things for him. I'm going to set things up the way he likes them.
Since he's a bit of a control freak, he likes granularity. He likes the ability to manage anything and change any setting that he can. He wants everything there and he never wants to launch the system preferences utility. So what I've done here is I've added everything I could to the menu bar. I'm going to push this preference on to Michael.
Let him have it. So we're going to go into my-- this is my administer-- and for those of you who haven't been using this before, I'm in my admin account, library, preferences. And I've taken the time to find out which actual plist here has been modified. This is the system UI server plist.
And this has now been set for Michael. And just to give you an example that-- And earlier I edited a doc plist and I showed you the finder plist, but here I'm going to set this via often. This is the default for now. Here you go. You can add even more to this or remove things that you don't want.
Let's see, what else is Michael like? Hmm, Michael's probably like a lot of you guys out there. He likes his terminal green on black. He likes to be able to see through it. Let's give it to him. We're going to go back into my admin account, library preferences. We're going to find the terminal plist.
There we go. So we can try logging in as Michael, but what's going to happen? We'll find out. Okay, there we go. We've got his, Michael has all his menu items. Thank you, thank you. For example, Michael did not have the doc defined the same way that the mark user did, so Michael's back in the center with the default items. And he also has terminal.
There we So now we're going to do a little bit of a bonus round. I was pretty surprised during Steve's keynote on Monday to see the bleeding edge new items that he added and what were in Michael's earlier screenshot. We've got dashboard. This is brand new. This is, I mean, can we manage it? Let's find out. So I've set up for Michael. Michael likes things a certain way. He likes everything staggered and stepped. Let's see what happens.
[Transcript missing]
Running the Workroom Manager in the local node is probably a really good example of how developers can use Workroom Manager to see if their applications are managed or not. But for most of the IT folks out there, this would be a great way to test locally on your machine, your laptop, sitting in a hotel room. I just installed this new software I got at this developer conference. Can it be managed? Test it locally before blasting the plist out to everybody else.
And basically, we're hoping that we're giving everybody the ultimate control and granularity of preference manifests for this release. Anything set via CFPreferences can pretty much be managed. And as you've seen, you can make it as easy or as difficult as you want it to be, especially via preference manifests.
For some plists, there might be plists that have hundreds of keys, hundreds of strings. But say, for example, you are only going to manage a few of those. You can set a preference manifest. With just descriptions and values for those three. And leave everything else if it's too confusing or maybe gray them out. So there you go. Thanks, Mark.
I had no idea I was so fond of menu extras. So that's our Managed Desktop demo there. What you can see there is, again, the concept, tools. What are you guys going to do with this? We've given you a lot of tools to be able to do a lot of different things with Preferences and the Preference Manifest. There is something here that you want to do-- and this is more for our developer community out here as well-- is there's things that we'd like you to do to actually support managed applications.
The first one is out of the gate is using CFPreferences. This is all the game's off if you're not using CFPreferences. Fortunately, a lot of people already use that. We would like to avoid by host preferences. That's something-- Those are hard to manage. So better support is obeying force preferences. What you didn't see in Mark's demo is this a force or always pref is something that you're basically saying to your user, I don't even want you to touch this. I know better.
But there's a -- you need to have a commitment from the application to say, Listen, oh, this key is managed and I don't want them to change this. So like you saw in the doc there, it was actually disabled. That's something that the application actually needs to do. And best support is -- or good support is including a manifest.
Make it easy for the administrators to manage your applications. It's not up on the website yet, but what we're going to do is we're going to be publishing a managed desktop white paper for developers to make it really easy for people out there to actually make their applications manageable.
So system administration is all the time. You're doing it all the time, 24/7. What we hope we've done with a lot of the applications and the technology we've shown you and you'll be seeing eventually in Tiger and Tiger servers, really help you building reliable, reproducible infrastructure. We want to make sure that you guys are actually doing this work from managing one to many machines.
And like I said, what I hope we've done is we've provided you a lot of tools and not just applications. So with that, I'd like to say that you already have these tools. They're sitting in your goody bag right now. You've got ARD in your bag right now. You can use it, try it out. We'd love to hear about it.
And soon you're going to have the final version of Tiger and Tiger server. These are the things you need to manage 24/7. And I'd like to thank Mark and everyone else. Thank you for your time. And we're going to bring some people up here to answer any questions you have about all the technology we're doing. Thank you very much.