Information Technologies • 1:10:10
While Mac OS X contains many similarities to other operating systems, some of the features that make it great are either new or different from UNIX, Linux, and Windows. Discover how the expertise you already have managing other operating systems translates to Mac OS X, and learn what you need to know to take full advantage of the differences in Mac OS X.
Speaker: Brian Loose
Unlisted on Apple Developer site
Transcript
This transcript has potential transcription errors. We are working on an improved version.
Good evening. This presentation is Getting Started With Mac OS X Administration. My name is Brian Loose, and I'm a senior systems engineer with Apple in enterprise sales. And with me today is Jason Deraleau. He is a certified systems engineer, certified systems administrator, I'm sorry, as well as an MCSE, and a Unix CME. And he'll be doing the demos for the presentation today.
So the first thing I should do is preface this by saying we're not showing Leopard today, this is all going to be done with Tiger, and Tiger applications. And the reason for that is that Tiger is what is shipping now, it's also what is being deployed in most places.
And we feel that any serious administrator is not gonna be deploying Leopard, even within the October timeframe when we're looking at release. So you're definitely looking at a good period of time down the road before you're gonna see Leopard. So everything is Tiger, and we'll take questions on Tiger as well at the end.
So really the goal of today is to give you an overview of Mac administration. Most of you are probably new to the platform, and what we'll try to do is give you some, the basic concepts and the terminology that we use on the platform, and to show you some of the tools and utilities, give you demos of those, and finally use that to build on the knowledge that you have of other platforms, typically Windows and Unix, and see how those, that knowledge applies to the Mac. A couple of things that we need to cover, but we won't really go into any depth on these. And the first one is hardware. Now a lot of you know that starting in 2006, Apple transitioned the entire platform to the Intel processor.
So one of those benefits of that is that we use a lot of PC components in our computers now. And it gives us a lot of flexibility, and a lot of choices in components. But there are a couple of things that we do a little bit better on our platform. We switched to the EFI standard from Intel for our firmware, and the traditional PC vendors are still using BIOS.
Now the good thing about EFI is it allows us to do a lot of really interesting stuff. One of those, a few of those things include really great boot options at the time when you start up your computer. In fact, with Apple's remote control that's bundled with our machines, you can in fact use that remote control at boot time to select which operating system you'd like to start up. So a little known fact.
But a couple of really interesting things have come out of that ability to use EFI. And that's to have that great boot options, but also we've got something called universal applications. So you build one application, you can run that in Power PC, so the older platform, and you can also run it on Intel, the newer platform machines. So one double clickable app, you're going to see more about that during the week, and a lot of developers have already been building those applications.
Now secondly is Boot Camp. And Boot Camp is, gives you the ability to boot the Mac completely in a Windows environment, to allow you to run all those Windows applications that you may have a little utility to use here or there, but you don't, you're not going to use them on an everyday basis. Now another thing that we're not really going to spend a lot of time on though, is the command line interface. Now Mac OS X has a beautiful interface, in fact we just saw some great updates today to that.
But underneath you've got a great Unix heritage. And if you were to look down inside the command line of a Mac OS X machine, you'd see a lot of the types of commands, command line, I'm sorry, command line tools in a lot of the file structure that you'd see in a free BSD installation.
Now you're not going to see everything that you'd see in a free BSD installation, there are a few things missing that just don't need to be there for the platform. And, but you'll also find some additional tools. And usually those are command line tools that you're able to use specifically for the Mac platform.
In a lot of cases those are also tools that are either a GUI, have a GUI equivalent, but are also very powerful command line tools on their own. Next is networking. So the Mac has a very robust TCP IP stack, okay. It bundles in IP, IP v six right now, and we've got some great additions like a built in firewall, and also VPN support that works with most of the firewalls out there.
Now your network's not always going to work perfect, and if that's the case, we've got some great diagnostics tools built in as well. We'll go into demoing that application for you. As well as you always have the Unix commands at your beck and call, such as ping, trace route, and things like that. And finally, the Mac makes use of DHCP, NAT, and DNS, all the standard TCP IP utilities, so the Mac is very standard, it'll work well on your network.
So let's take a look at some of those tools and utilities that we're going to use to admin the Mac. The first is System Profiler. This is a great application that was really going to look into your system, give you a great overview of all the hardware, all the specs on that hardware. It'll look into your system.
It will see if you've got any kernel extensions that are loaded, including Apple and third party kernel extensions, great for debugging things. And it also contains a lot of information about some of the log files as well, you can get a quick look at some of those log files.
The next is activity monitor. If you're familiar with the Linux or Unix platforms, this is really a combination of TOP and the PS commands. So very good information, real time information about applications and the resources that you're using, the amount of memory that they're using, network and discI/O. And if you really need to get into an application, you can double click on it, get in there, and actually sample it, and see where the application is spending time, in case you've got a little issue with an application.
Next is the Console application. This is a very, very simple application. All it does is give you a very simple interface into all various log files that Mac OS X generates. And because it is Unix underneath, there are a lot of log files that can be generated, so a lot of information can be found in these log files. And Console is a very quick and easy way to list all those different log files and be able to look through the very quickly. We'll get a really nice demo of some of the capabilities of that in a second.
And finally, well next we've got System Preferences. Now system preferences, it's very similar to control panels on Windows. And really that's where you would modify things such as date and time, modify the background picture, similar to wallpaper on Windows. But what's really neat about this application is that we built into it a way to query information.
So if you're not sure, you know you want to be in system preferences, but you're not really sure where you change DNS information. You could just go ahead and query and type DNS, and it would go ahead and highlight the particular system preference that you would need to go into to modify that.
Now it's great that it works with Macintosh terminology, but it also works with Windows terminology as well. So if you're coming over from that side, and you happen to know well I know this is what I call it on the, when I work with it on Windows, you can go ahead and type in that search term, and most likely it'll go ahead and find that information for you.
Next is Disk Utility. Disk Utility is what we use to format disks, we can partition disks, we can use it to create disk images, either AES one twenty eight encrypted, or regular disk images. And it also features a security erase command. If you ever need to send a computer out to be serviced or anything like that, you can do a nice security erase on that disk.
Now Network Utility is that application I mentioned that allows, in one application about ten different tools to query the network, do pings on the network, trace route. You go ahead and really do diagnostics on that network. It's really a one stop shop for all those network tools. Now Directory Utility is probably one that you're, most people are not familiar with.
And that's a tool that allows you on both the client and the server to specify how your computer is connected to a directory system. So whether it is Apple's Open Directory, utilizing LDAP, or active directory as a plug-in, you would use a Directory Utility to configure how you were tied into your directory system.
Now the next two are server, mainly server applications. And we've got Server Admin and Workgroup Manager. Now Server Admin is the application that is installed by default on server, and is also on the server admin tools that you'd install on a client so that you could admin the server. And this application primarily is for investigating and starting, stopping, and configuring the actual server processes. So something like the web server, or the file server. That's how you configure it, start it, stop it, and get all of your configuration information about how it was performing.
Now it's really meant to be used as a network application, so your server's probably going to be sitting back in a closet somewhere, not always. But it's meant to be used as a remote application. But it works fine if you launch it on the local machine there. And really, it's very similar to the services control panel applet, or maybe web min on the Linux, that you might use to configure a machine.
And now Workgroup manager is the second application, it's kind of the twin to server admin. But this is what deals with actual creating of users, groups, and creating share points on that server. So while the other one is more on the services side, this is more on the actual directory, creating the directory, users, and groups.
And lastly, Apple Remote Desktop. Now this is a tool that while it's not bundled with the system, this is a tool that just about every Macintosh admin I know uses. And really it allows you to have view or control access on all the Macs on your network, it allows you to distribute files to all those files on the network, whether it's one computer at a time, or whether you want to broadcast the file to all the computers on your network. And it also allows you to collect asset reports.
So you may want to decide, well I know we need some RAM upgrades for the next OS upgrade, and a lot of the machines are five twelve or, megabyte of RAM. You'd very easily do a query on the information that that application collects, and show all the machines that have a deficient amount of RAM for the next operating system upgrade. It's also a great way to install packages, software that needs to be deployed that's in the dot pkg, or the package format. You can go ahead and send that out over the network, and it will automatically install on the machines on the other end.
Okay, so now we're going to call Jason up. And Jason is going to give us a demo of what a typical Mac admin's dock might look like, show us each one of those applications very briefly, and perform a task or two with that, just to show you kind of how those work. So if we can go to the demo A please.
Thank you Brian. All right, so I have in front of me a Macintosh client. I just want to point out that this is Mac OS X client, it's not server. So I'm using an admin machine, I'm going to use all the tools remotely as we go through. Now some tools certainly operate on the local machine, and those are the ones I'm going to start out with here.
So as we mentioned, System Profiler, you'll find this in the utility, utilities folder. This is going to give you all the different types of information that Brian was mentioning earlier. You can find out some information about your hardware, for example, if you wanted to take a look at a particular drive, you can find out what this particular DVD burner is capable of burning. You find information on network configuration settings, you can find information about those extensions, which are like device drivers on Windows, information on developer libraries, a lot of great information in here that you can use all in one place, eventually.
It's looking a little slow there. As far as some other things you can do with your applications in here, the next one we're going to take a look at is activity monitor And when you first open up activity monitor, you'll notice at the top it's only going to show your own processes. So usually when you come in here, first thing you want to do is put this on all processes hierarchically, and that'll show you just about everything running on the machine.
It'll tell you how much CPU time it's using, how much memory is being used, what particular user is running the process. And you can even go in then as Brian was mentioning, you can inspect it further using this inspection panel, or even quit the process right from here.
Additionally, along the bottom here we have some abilities to take a look at different sections of system information specifically. So if we wanted to take a look at like overall CPU usage, like in this machine we can see we have four cores, or system memory, disk usage, same kind of stuff you might find in task manager on a Windows machine, or like TOP or PS on a Unix box.
As far as some other things you can do that are kind of neat with activity monitor, you can come down here, and there's an option here for dock icon, and now you can have your CPU usage down in the dock icon, and it'll give you a nice indicator right there. Or by the same token, if you wanted to have some other information in there, you can come through and tweak the settings. There's a lot of nice little stuff you can do with it. Next thing we're going to take a look at is the Console utility.
And when you come in here, you'll notice along the left hand side we have all the different logs that the system's using to record information. So when we're looking at the log files, we can go through, we can see okay, this is the system log, this is the type of operations that are begin performed. And the neat little thing here is you can click this mark button, and what that does is put that time stamp right on the bottom.
So then as you perform other tasks on the machine, you'll see them occur in the log, and then you can mark it again. So if you're using this as a troubleshooting tool, you can kind of mark before you do something, mark it after, and then try to determine what problem might be occurring by using the information in between.
As far as system preferences go, you'll find this off the Apple menu right here, or in the applications folder. And using system preferences, it's again, organized pretty much very similarly to the Windows control panel. So you'll have different aspects, different little applets to come in here and configure.
And as Brian was mentioning before, you can kind of type in your Windows terminology, and you can find the information using that particular tool. So in this particular case, you know, desktop picture is what we call our background on a Mac, on Windows you usually call it a wallpaper. So if I type in wallpaper in the box, I get desktop.
As far as disk utility goes, this is the tool you're going to use to manage different disks on the machine. And you'll notice that on this particular machine we can see all these different drives installed inside this particular machine. Also you'll see beneath them they have the different volumes on it, so different partitions.
This also has some nice diagnostic utilities built right into it. For example, you can come in here, verify disk permissions, verify the disk's integrity, ability to support software RAID, you can make images of a particular volume and then restore it to another volume, so you can clone volumes. It's a lot of nice little stuff in here.
Another one in particular, you have the option to do secure erase options. So if you needed to zero out a hard drive, or wipe it with, wipe the data before you put it up on eBay or something, you can come in here and make sure that information's eradicated.
Next tool we'll take a look at is network utility. And as far as network utility goes, again, this is like a one stop shopping for all the different network configuration information you need. On this particular case here, I can take a look at it and say okay, I have information on different network interfaces, I can tell if it's active, what the negotiation rate is. I can come in here and net stat, and I can display the routing table, or get information from a ping or trace route.
And another great thing about this is that these all are again, command line utilities. So if we come in here and do a net stat command, I'll get the same kind of results I'm going to see on the net stat command over here. So again, you know, network utility's a great tool to go into and make use of if you need to troubleshoot a network conductivity issue, and you can pretty much get everything you need in one spot.
Now as far as directory access goes, this is where again, you're going to configure how your system's accessing different directory systems. And the big thing the directory access is it's based on a plug in architecture. So as you look through this different setting on the service tabs, you'll see different plug ins for different types of directory systems, active directory, net info, LDAP, which is going to be for Open Directory.
And then each of these individual plug ins has different configuration information depending on the type of plug in it is. So values that are particular to that particular service. Another thing to keep an eye on here is this authentication tab. And this is the order that your machine uses when it queries the system for accounts.
So for those of you who are used to working on Windows machines, your login window's going to have three boxes, a username, a password, and then a domain, or a realm at the bottom. Mac OS X only has username and password. The way it determines which particular domain you're logging into is based on this search path.
Notice it always searches the local node first, which means it always checks the local machine before it checks your network. Now there are some tools we're going to take a look at are again, the server based tools. And in this particular case I'm popping open server admin here.
And server admin is a great way to find out all the different information on your particular server. You can come in here and take a look at login information again, another way to access the logs, because Console's only going to give you your local logs. You can get some information on basic system status, like percent disk space used, or quota information. You can even get these nice little graphs of CPU usage.
The neat thing about this one is you can drag it off, and then you get a nice little tiff file, and you can paste it on a web page, or put it on your expense report or something, I got some new hardware. Ability to access software update right from the server, and then also some information as far as configuring your settings, time, service ACLs, lot of great stuff in here.
Along a similar token to this particular tear out with the CPU usage, you'll notice in a lot of the different plug ins and server admin there's a little proxy icon down here in the lower right hand corner. If you drag that out, that has the configuration information for this particular panel.
So in this case I'm getting server config, that's my service ACL information. If I come down here to look at the AFP service, if I drag this out, that's the configuration for my AFP service. So it's an easy way to backup all your different settings. And not only that, you can drag it back in and restore them.
As far as each of these individual services goes along the left, you'll notice we have a plethora of different services available. Most of the services when you go into it will have an overview tab that will tell you what the service is doing at that time. And then they'll also have some tabs beyond that that will vary depending on the service. So some of them will have log information, some of them will have a graph, others may not. It really depends on the nature of the service.
The principal too you'll see though are going to be that overview, and then the settings. And the settings is where you're actually going to configure the service itself. So these are again going to be different depending on the service. In this case for AFP I have some AFP settings I can put in here. If I take a look at DNS, I can come in and see that I have different zone files, or DHCP I can come in and see my subnet information.
So it's a way to not only see the status of your services by an easy icon, you know, green is running, but also that you can configure the services and work with them from one place. Starting and stopping a service? Just click the button, and it's stopped. Really easy to use.
One thing to point out also with this is that when you're working with server admin, it can support multiple machines on this. So if you had more than one server, you can put them all in a list along the left hand side, and you can actually have all the different services beneath it, and manage multiple services from one application. Again, this is why we encourage the use of remote tools.
Last tool we're going to take a look at is workgroup manager. And the way I think about workgroup manager is I look at server admin as the tool used to configure the server itself, what the services are doing. I'll use workgroup manager to configure what the server is sharing out. This is where it have you set your different account information, you know, configure your users, groups, computer accounts.
You can come in here and set up different share points on the server, so if you need to share out different services, you know, I want to share my users folder, I can come in here, click sharing, and then here are my different share points. I have the ability to work out a per protocol basis, network mounting, all the stuff you would need to work with on a share point.
By the same token, they have the ability to manage preference information, which is something Brian's going to touch on a little more later. But through this you can come in here and manage the way your systems are, and users are, and even groups are affected with different parameters in the OS.
So again, these are the tools you'll see principally in the dock along the bottom here that you'd use as a system administrator. They're all designed for, the server admin and workgroup manager are designed for remote administration of servers over a network. As far as these other tools go, like system profiler, activity monitor, Console, those are all going to be local to your particular machine.
So as you're working with these tools, just kind of be aware that when you're doing remote administration, make sure you're working with the right machine. And that's just kind of a look inside the Mac admin's doc. Brian.
Okay, next we're going to talk about, you know, some of the basic terminology and technologies that are common to virtually every operating system, so Windows, Linux, and Mac. And we're going to look at how each one of them does things, and we'll kind of point out some of the similarities, some of the differences. And the first one that we're going to look at is the, how the disks in the file systems work on each platform.
Okay, so if we look at the disk, generally all platforms have the capability of partitioning a disk into you know, multiple partitions for it to be used for different things. And all platforms do that a little bit differently, they use them differently. But after it's partitioned, those partitions are usually turned into a volume, and a file system is installed on them.
Mac supports a number of different file systems, but we'll talk about what we support, and how we compare to some of the other operating systems. So really the file system hierarchy is going to depend then on what file system has been installed on that partition. And really all the platforms support all the standard things like CD, DVD, file system access.
So let's look at how Microsoft does things first. And generally you're going to use the disk management MMC, and you're going to configure a disk for the Windows machine, and generally you're going to have one disk, one disk and one partition, and one boot system. And it's either going to be, on Windows XP it's going to be FAT 32 or NTFS, and now on Vista I believe it's NTFS only. But if you're looking for you know, additional file systems, you're pretty much out of luck, you're going to have to go with system third parties, and probably purchase those.
Now in Unix things are quite a bit different. Generally a disk is partitioned as part of the install process, depending on the distribution and the version that you're using. But you're probably going to, you're probably going to have three partitions, probably one for the system, one for the user data, and probably also one for virtual memory, that's pretty typical setup.
And you've really got, in Unix you've got your choice of file system types. So you know, it seems like every few months there's a new one out there that's trying to get some attention, and maybe has a very specific type of function that it's very good at. But in general, UFS and EXT three, you know, pretty standard formats.
And in the Unix it's pretty straight forward from a command line how you would create those. Once you're familiar with it, creating them from the command line's pretty easy. And then the GY tool that you would use is probably going to differ, really depending on the Unix or Linux distribution you're using.
Now on the Mac, you've got really one, the same situation, one boot partition, and that's also used for the virtual memory, it's also used for the user areas most likely. And the Mac uses HFS plus. Now HFS plus is, it's a little bit different, it's a little bit newer than some of the older file systems, and we'll talk about some of the things specific to HFS, and some of the peculiar things that we deal with on, from the Mac side.
Now we do support UFS, NTFS in read only, and FAT 32 in a read write mode. So if you have maybe a, one of those disks from an older machine and you want to pop it into a Mac, you can do that. If you've got maybe a firewire drive with that format, you can go ahead and hook that firewire drive up, and chances are it's going to pop up right on the desktop, and you're going to be able to use it to at least read the files off of it, if not be able to use it read write mode. And we use the disk utility application, which Jason mentioned, for that.
Now this is one of those things that's a little bit peculiar to the Mac, and that's something called file forks. Now the Macintosh has a concept of a resource fork in the file system. And the resource fork is really a way to store meta data, or data about data.
Now some file formats, like MP3s, or maybe the pictures that you shoot on your camera, MP3s got ID3information tags, a photo is going to have EXIF information about that, information about when that picture was taken, maybe the exposure information. And a lot of times that information is stored right in the file.
Well a lot of vendors use a separate resource fork to store that information instead of putting it right in the file. So on the Mac you have this concept of the data portion of your file, and then the resource portion of that file. But in the Mac all you see is a single file.
And what happens is when you move that file to what we call a foreign file system, that's when you, the Macintosh has to take some maneuvers to get that file into a format that can be properly be stored on that external file system. And generally that means using the Apple double file format.
Now Apple, what Apple double will do is it'll take the resource and fork and the data fork, and it will actually create two files on that file system. And that's commonly why you'll see the dot underscore file, possibly when you're looking at a file server that serves Mac and PCs. And you might see those dot underscore files. Why are those there? Well those are resource forks that the Mac has copied onto that server.
Now when the Mac copies that file, because that file system didn't, doesn't have support for resource forks. But when the Mac sees those, and it copies those files back, it's going to take that dot underscore file, recombine it with the original file when it brings it back onto the Mac file system, so it again appears as one single file.
Okay, now let's look at the file system presentation on the Mac, Linux, I'm sorry, on Windows, Linux, and Mac as well. Now the file system in Windows generally your drives are mapped to a drive letter, and traditionally C is your first hard drive volume, then D, E, F, and you've got some network drives that are attached to those letters. And the Windows Explorer is used to navigate that. And every once in a while some people will use command line for some limited tools.
On Linux and Unix and the Mac, things are quite a bit different. You know, on Linux everything is mounted at the root, or a slash a lot of people call that. And on Linux the extra file systems that you may have on those disks, or external disks that you might plug in, those are mounted at some point in the file system. And generally it's up to you where you want to mount those into the file system.
Now it really depends on the distribution you're using, but it, you may have some specific file explorer type of application to use to navigate that. But the real strength in Linux and Unix is the ability to access those files, sort them, move them, using the command line tools, using scripting languages, things like that. Very, very strong point on that.
Now on the Mac, each additional disk or file system is going to appear as an icon and a disk in your, in the Finder, which is what we use to browse the file system. That's great, cause it gives you a very easy way to navigate the file system from a GUI perspective.
But we also have that great heritage of Unix as well. So we need to get down into the command line and really get into those files, and so some things programmatically or in, using scripting, we were also able to do that as well. So we really have the best of both worlds on the Mac.
Now we're going to take a look at file system domains, and the concept of bringing some structure to the typical file hierarchy that you'll see. Now what this does is it really organizes the file system by scope. And what I mean by that is part of, you'll see the four domains there, a user domain, a computer domain, the system domain, and a network domain.
Now the user domain really consists of the user's disk, the user's directory, and a lot of times a file, I'm sorry, application preferences are stored in there. It's also where the, the typical location for a user's home directory and all the data files are going to be stored. And that directory is owned by that user using the permission structure.
So the other users can't get in there and get into the files unless access is given to them. Now the next domain up is the computer domain. And things can be stored in the computer domain that are really read only for all of the users on the computer.
So that may be resources such as fonts, or screen saver, or any types of files that you distribute out of the computer that all the users of that computer would need. And once again, that would have the ability for, the permissions would be set on that for all users to be able to access that directory.
Now third is the system directory, which mainly is reserved for operating system, and operating system update files that would be put into that system file. It's really an area that you don't want to change, you don't want to delete files out of there, you don't want to just generally add things. And in most cases it is very, very well protected from a typical user, and they won't be able to put in anything unless they've got some type of an admin access to the machine.
So it's really for Apple provided software. Now the fourth is really interesting, and that's a network domain. In the network you're able to have a network mount, or what's called an auto mount, so every time the computer logs in, the mount is put into the system, and resources can be stored there that are also available to all users of the system. But what's nice is that you're able to change those on the back end in one place, but every user has access to those, and it could be anything, fonts, system resources of any type.
Okay. Another thing that's very unique to the Mac, and that's bundles. Now a lot of you, if you've used the Mac even just basically, you've seen applications. And a lot of times they can appear as directories if you look at them in the command line, but when you see them in the Finder, or when you navigate them they appear as a single file and you can't really get into them. Well that's what a bundle is. It has a specific bundle bit set on that folder, and so it presents that directory or that folder as a single icon that can be double clicked or dragged somewhere.
And now what's inside that bundle is really another entire folder structure. So in the case of an application, you may have system resources, code resources, there may be a folder structure inside that contains all the graphics that are used in that application. So it's a very convenient way, and a very unique way in the Mac platform to take all of those resources and put them into a single icon that can be moved or distributed in a very easy way. And we'll talk about that in another slide, but one of the things we also do is if you've ever used Keynote, obviously you've seen Keynote presentations, because we're doing those all today. But a Keynote file really is also a bundle.
So a document can also be a bundle. It's really a directory that has all the Keynote data that needs to present the Keynote presentation, but then any movies or graphics that are applied to that slideshow, those can be stored right inside that file bundle. And it's not just a garbled mess of binary bits inside there that you'd find in a typical file.
What you'd see if you looked inside that bundle is that you'd see the actual dot TIFF files, the dot PNG files. So very easy to pull those resources out if you need to, or add a resource back in, if you had to rescue a file for some reason.
Okay. Next we're going to talk about directory services. And directory services over the last really five years, you know, some people more than that, people have been using directory services as a really nice way to make their networks and their machines, all the machines on their networks much more efficient, and a much better way to manage their systems. So it's no different on Mac OS X, but we'll take a look at how each of the specific platforms once again handles those directory services.
So they're great at consolidating account information, because I can handle all of that on the back end, I have one place where I can modify user accounts, things like that. And it's great because I only have also one place to back up those user accounts, rather than having individual user accounts stored on every single computer, that if I wanted to add one I'd have to visit every computer, or figure out some way to add that account on every computer remotely.
It's also great because you can have just, well some people would have just a single source place to do that, but in most directory systems you've got the concept of backups, or in the Mac OS X replicas, so that you can not only have backups, live backups of that data running, but also it provides load balancing as well. So when you've got a lot of authentications to be performed, and those can be pretty CPU taxing, that handles that as well. And you'll find that most people are doing this around the LDAP standard.
So how does Microsoft do it? Well, you're probably pretty used to active directory, it's pretty hard to go somewhere and not hear about active directory. But it's really based around the concepts of, and really is based on LDAP, and some modified Kerberos thrown in for the authentication pieces. And it's primarily administered by the active directory users and computers application. And they use a little bit of a custom scheme to do their own things that are, that apply specifically to the Windows platform.
So, Unix is a little bit different because you've got the concept of probably a lot more directory systems out there that you tie into, in fact some people may even write their own directory systems if something doesn't fit their need. That's just how handy you know, Unix admins and Unix people are. But typically a lot of those are based on LDAP as well.
But what's difficult about that platform is that you may have a system administrator leave, and they may have the only knowledge about how that directory system works. And typically every one of them is going to work completely differently, they're going to have different applications, and different tools and commands that they're going to use to administer that particular directly system.
Okay, so let's take a little bit, a look at how that's done on the Mac. Some things are very similar, but you'll see that some things are very different. Our solution is based on Open LDAP. So open source implementation of an LDAP server, and we call it Open Directory.
Now that term Open Directory applies to both the client, as well as a lot of the concepts on the server. But the one thing that's nice about Open Directory is that it's a very convenient, and very consistent way to handle directory services, whether it is on the client or the server.
So Open Directory is also a term that we use to talk about whether the, how the, what state the server is in, or what type of a server it is. And on the Mac we call that an Open Directory master, and that's where it would be hosting the entire LDAP directory, as well as all the authentication information.
Now being bound to an Open Directory server is how we describe the client. So using that directory access utility, you would go in and bind the client to the server, and you have the concept then of Open Directory from the server, and Open Directory on the client. And as Jason mentioned, it's an entire plug in architecture, so if somebody wants to write a plug in for our Open Directory architecture, they can do that, and that can tie into another completely different directory system, such as Novell or some of the other ones out on the market if they needed to.
So to sum up on the directory service tools, server admin and workgroup manager we've shown you, and directory utility we showed you as well, it's a plug in based architecture. And then what we haven't mentioned are some of the command line tools, and that is a DSCL, or directory services command line, and also lookup D. If you're doing any serious directory services work on the Mac, you're probably going to run into those tools, and there are actually a couple more that we won't get into. But that's probably what you're going to use.
Okay, the next concept is client management. And just like directory services, client management has a lot of people to do, to be much more efficient with their client administration. And it's a great way to define who is able to do what, and you find those IT policies that you're going to push out to the systems around the network.
So for the ability to define what capabilities an application has, where a user is going to store certain data, enforcing those IT policies, maybe determining whether somebody has the ability to burn a CD on that computer or not. And generally those are, while they can be set locally, generally those are going to be pushed out in mass numbers from a directory service which we just mentioned.
So let's take a quick look at how Windows does this. Generally all of those preferences and settings and controls are stored in the beloved registry, and a lot of us know that the registry, it's a very great, it's a great concept. If something happens to that registry, you've got problems, okay? So it's kind of all the eggs are in that one basket.
Let's take a look at Unix. Now Unix is really a mess, because you've got application and system configuration files that are strewn all over the operating system, and unless you're an expert, which many people are, and they know where every single one of those files lives and exactly how to edit that particular flavor of config file, you've also got problems in there because it's very, it can be very difficult. So what you've really got on the Unix platform is what you used to have on Windows with all the ini files, and all that mess. So you know what a pain that can be.
So how do we do it on the Mac? Well long time ago when, oh geez, it's what six years now, seems so long. When Mac OS X was being formed, you know, we, the engineers, Apple engineers had the ability to look at what everybody else had done in the Unix world and Windows, and they had the ability to see how not to do it, and to see well, maybe we should try to do some things like this.
And so they had the ability to say well we should really use some structured configuration files, we should store them in various central locations, very easy to find, most of the files all go in this one spot, and they made them all be the same format, which is a P list, what we call a P list format, which is really just XML formatted data. So it's very human readable, it's very easy to edit those files, hand edit those if you need to.
So it solves a lot of those issues from the other platforms that we saw. Additionally, a lot of these property lists, or configuration files can be pushed out from our client management tools, or what we call managed client. A lot of you have heard of this as MCX.
So we're going to bring Jason back up, and Jason is going to give us a quick demo on, and show us a little bit about P lists, how you can edit those, and how easy they are to work with. So over to demo A please.
And the first thing I'm going to do is open up a P list file so we can take a look at it. I'm going to go into my user folder, into my library, whoa, sorry about that, technical difficulty. Into my library folder, and then within this folder I have my preferences folder, where the majority of preferences are going to be collected for my particular account.
In the list here you'll notice most of these are formatted with a name like com or org or net, depending on what particular domain it is, the company, and then the particular application. So the docs preferences are com dot Apple dot doc dot P list, or in the case of something like Safari it would be com dot Apple dot Safari dot P list. So let's go ahead and open up Safari here first. And one of the big things we were talking about with Safari today is that we have this new feature of draggable tabs.
But in Safari the tabs are actually disabled by default. So the first thing I'm going to come in here is go to preferences, hit my tabs and then go ahead and enable tab browsing. We'll close the window, and now let's take a look at what that did in the back end.
Here's that com dot Apple dot Safari P list, I'm going to go ahead and double click that. And that's going to open up in an application called Property List Editor. Now Property List Editor is not installed by default on Mac OS X, it's part of the X code tools.
So this is an optional install, it's on the same install media, but you'll have to go through an extra step to install Property List Editor on your machine. Even if you're not a programmer, I highly recommend installing the developer tools on your machine, because there's just a lot of great tools in here beyond not only Property List Editor, but Package Maker and some other tools that you'll use as an administrator.
So as I take a look through here, you'll notice that this information's structured kind of like, similar to the Windows registry. You'll, we have a root, we have different values, they have types like a Boolean or a string. And right here we can see that tab browsing value where I say okay, tab browsing is enabled, and as we saw in preferences a moment ago, it is enabled.
But if I were to change this value to a null and then save it, I can come back in here now and notice that tabs are no longer enabled. So really what this is showing is that the correlation between these settings and the way that actually the system stores it is through that P list file.
Now one of the nice things we were talking about is that P list files are structured data, so we give you some tools to work with the stuff, not only Property List Editor, but also some command line tools. And one of the neat things about the command line tools is that you can go in and you can sometimes set hidden parameters that aren't normally available in the application.
So if I switch back over here to Safari just for a moment, you'll notice in my menus across the top I have file, edit, view, history, kind of your typical choice, with my last option being help. I'm going to go ahead and close Safari for just a moment, and I'm going to issue a command here using defaults. And defaults is a command used to set these different values.
So in this case I'm going to say defaults, and then I'm going to use write, which is the action. And then remember we're going to use com dot Safari dot, I'm sorry, com dot Apple at Safari to modify that particular set of settings. In this case I'm going to use a hidden feature called include debug menu.
And then I'm going to set it to yes. I hit enter here, and I'm going to come back to my P list file, let me just close this and reopen it so we'll see the change. Now if I look in the menu, I see this new option include debug to menu is set to yes.
So now if I open up Safari, you'll notice now that after the Help menu I have a new choice of a Debug menu, and using this Debug menu I have some additional options that aren't normally available in Safari. So using the defaults command, I can go in and set some different values that may not normally be presented in the graphical interface through the preferences panel.
Another great tool for working on the command line with a P list files is there's a tool called PL util. And what PL util will do is it will allow you to verify the integrity of these property lists. It kind of does a check sum, an integrity check of it just to make sure it has the right values and it's structured properly.
So if I run PL util, and I take a look at that com dot Apple dot Safari file in my preferences folder here, I notice that it reports back after I run PL util on it that it is okay. So I know that this property list is properly formatted for the system. Now just to kind of give you an idea of what it'll look if I put some junk data on here.
Okay, so I just put some extra junk data on the end there, and now I'm going to run PL util again on that particular file, and you'll notice it reports back that the information's not structured properly. So what I can do at this point is I know I have a corrupt file preference, in order to reset this value back to its default, I can drag the P list file into the trash, and then reopen Safari, and it'll reset back to the application defaults.
So if you ever have an application that seems to freeze when you first open it, you can kind of drag that P list file out of the way, and that'll reset the application back to its original settings so you can be sure you have a pristine environment when you first open it, and you don't have something cluttering it.
So again, these are just some of the different tools you have available to you in working with P list files on the command line, and in the graphical user environment. And property lists are a great thing to learn how to use and work with on Mac OS X. Brian.
The next thing we're going to talk about is software deployment. And there are a lot of tools on all the platforms to do this. Once again, a very similar concept regardless of the platform, but there are a couple of different ways that we can do it on each platform, and we've got some real advantages on the Mac for doing that, so let's take a look at that.
So really software deployment is getting the bits in the software and the files on the machine that you need to be there so that the user can get some work done. And you can use some tools to do some bare metal installs right on the machine to get that machine up from a blank state. But then you also typically need some tools to keep that machine updated as you go through the year, you got system updates.
So on Windows, most of those, most of the install files are, come as dot msi files, and you've got a number of ways to distribute those and install them over the network. And you've got even some third party tools, like VISE on the Mac and Windows. And from a network, or even a floppy disk and CD standpoint, you've got tools such as Symantec's Ghost which has always been very popular, and now you've got on the higher end some things like Altiris, and some automated ways to push down software.
But a lot of people use software maintenance capabilities, the remote installation server and the Windows software update server. On Unix, most of the software distribution is, it's done in a custom way. They either write their own scripts, or they may purchase a piece of software that also can install Unix files over the network. But a lot of it is typically done by admins that say oh well I can do this. I can whip some scripts together, and I know how to move files around the network.
In other cases they may just do network mounts for this. But you've, sometimes you've got to get that system up from bare metal, and then you've got the ongoing maintenance, which a lot of people use read mind and custom shell scripts to do. Okay, so not very consistent, very easy methods to do that.
On a Mac you've got a number of ways to distribute software. We'll talk about these in depth. We've got drag and drop which is really the easiest, and you've got NetBoot, and we'll talk a little bit more about that in depth, NetBoot and net install. You've got the command line tools which really is, can be considered part of that disk utility we showed you. And that's a tool called ASR, or Apple Software Restore.
Mac OS X server has a software update server built into it, so if you wanted to use that as a proxy to mirror Apple software updates, and then test those updates, and then choose to make them public for the machines on your network, you can go ahead and do that, and then you don't have a thousand or ten thousand machines going out to the Internet to get software updates, they're all hitting your central point, your central server, and they're getting only approved software updates which you've allowed to be distributed to them.
And then lastly, Apple Remote Desktop, which we've mentioned a couple of times. You can also push out system updates that way, and have them installed over the network. So we'll get a, take a little bit more of a look at some of these methods. A drag and drop is really one of the easiest methods. And for, when you've got users in an environment you know, very typically like at Apple, very educated users that you know, Apple pretty much says you're responsible for your machine, and we trust you with software, and if you need to install some software you can.
You can distribute, and a lot of people do over the Internet, software stored on a disk image. And you simply double click that disk image after it's downloaded, and it's a single file on there. And remember we talked about that single file, it's probably a bundle, and you take that and you drag it into your applications folder, and it's installed. Okay, you don't have sixty five thousand files that are strewn across the operating system, everything's enclosed in that file.
So drag and drop for a lot of people can be the easiest way to distribute software, as long as you've got users that are somewhat capable of doing that sort of thing. Another way that we'll look at now, well let's go back there. One of the things that, from an administrative standpoint is that it doesn't leave any tracks or any history that the person has dragged that into their applications folder. So that could be one downside.
Now probably the next typical way is that you'll see people distribute dot pkg files, or a packet, what we call package files. And when you double click on that file, it's going to launch the Mac OS X installer. And that installer is going to look at that package, and you'll use that to go ahead and install that package.
And typically a package is used when you've got a little bit more complex installation, you need, you do need some files to go in some places that are spread out across the system. But what's really nice about this package file is that in addition to that payload that you deployed, you can also have pre and post install scripts.
So the process can be, if you're creating your own package files, you can create a system that has a payload, or you can choose not to even deploy a payload, and just deploy an installer file that does some action, such as maybe move some things, delete certain files, add some certain files in hidden places. So it's very flexible from that standpoint.
And after that's deployed, it does leave a record in your slash library slash receipts folder. So you do have a programmatic way that you can go in and look in that folder and see if a specific package has been installed. So some nice benefits of that over the drag and drop. And then you've also got third party installers. There are some installers specifically that people have written for Java applications that will install a Java app on any platform, regardless.
You've got VISE on the platform. And from a Linux or a Unix standpoint, if you've got some applications, some very, your favorite source applications, you can install Think, and through the command line you can very easy, easily browse and select that open source software to either install the binary on your machine, or download all of the source code, have it compiled and installed all in a couple of keystrokes.
Okay, so you've got the concept now of, we'll talk about bare metal deployments and software updates. So in a bare metal deployment, you're really putting software on the computer from scratch, something that has nothing there. And because we support a number of different boot methods, you could, to get that software on you could boot from a fireware hard disk, you could boot over the network, which is typically the most common, you could boot from a DVD and run that installer.
Okay, so the most popular methods obviously for a large scale deployment are network, because the machine can sit where it is, and it can be invoked, that NetBoot can be invoked at the user end, or programmatically your, you can tell your machines over the network to boot off of a NetBoot server.
Okay, so let's take a little bit of a look at, now at the entire boot process. And in Mac it's, in some ways it's similar, again, a lot of ways it's different. The first thing that happens when you turn that on is you get the power on self test. And if that passes, and most times it does, it moves on to the firmware.
And the firmware is going to look now for a boot loader, or valid boot loaders, and the boot loader is then going to bring up enough of the kernel that the system is now running, it's got enough services running where the computer can start to function. And then what happens on the Mac is that a process called Launch D takes over.
And Launch D really is a replacement for all those Unix RC script files that can start up processes, and bring up all the processes that you need to have running on your system. So what Launch D does is it looks at all of the different services that your system has installed on them, and the way that they're keyed is that they have priorities, and they all have requirements.
So instead of hand editing in RC script file to determine what order something should load in, when people develop, in the system when they develop the system processes, inside of that process there's a P list that tells it well, I'm a directory services service, and I require networking services to be available before I can start up.
So Launch D analyzes all of the services that you have, it prioritizes which one needs to be launched first, and generates an entire order that they need to be launched in. Remember I said all of them have you know, some dependencies on other things that have to be loaded first.
So Launch D handles all of that automatically, and that will bring up all the services that your Mac needs in the right order automatically, and it's very, very slick and well done. So once that happens, you've got a Mac that's booted up, and you start to see the little bar comes across, welcome to Mac, and you can log in.
Now let's talk a little bit more about NetBoot. NetBoot has a, we'll talk a little bit about the process of NetBooting a machine. The first thing that you would need to do is build a NetBoot image. So that process involves taking a system that generally has a system already installed, the way that you've customized it and you like it to run, and you would use a system image utility to create a disk image of that system.
Now you could also take a software restore disk that we ship with the computer, or you could have an entire, complete up and running system that you could turn into, you could start that system up with a firewire drive, and you could image that entire system. So there are a number of ways you could create this net install, or a NetBoot image.
So you take that image, put it on the Mac OS ten server that has the NetBoot server running, and you'd start the machine up, and typically you're holding down the N key, and that tells the computer to start up in NetBoot mode. And it really probes out in the network, and it asks for a DHCP address.
Well it's going to get a DHCP address from somewhere, typically you've got a DHCP server out there. But the NetBoot server is also going to augment that DHCP information with a NetBoot response. And that NetBoot response is going to tell it hey, I'm a NetBoot server, and I have some NetBoot images located at this location, this IP address, and this path.
So once the machine says oh well, I want to NetBoot, I have my IP address, and it goes ahead and it starts to take that information, and it says okay, I know where that file is. It loads the NetBoot image, and it starts to boot the image located on that NetBoot server.
Now at that point the system can boot and run across the network. It doesn't need any local disk to pull any resources from. However, it is very helpful, it can use that hard disk as a scratch location, rather than running that, running scratch information back to, over the network.
So it can work either way. But at that point you're completely running over the network. Now net install is a variant of NetBoot, and net install would basically use NetBoot just to get the system up and running, but then net install would take over and you could use the net install capabilities to then, after the machine was booted, install a complete operating system, or even just a few packages on that system.
And then finally, net restore is a very popular third party application that a lot of people are using. It has a lot of customizability into it, so you can do, and you can specify a lot of post install operations that happen, such as giving your machine a name based on its Mac address, things like that. A very, very popular application.
So we talked about NetBoot and net install being the way that you would put information or the software onto a machine from bare metal, basically from nothing. But software update server is how you would keep that updated over time. So software update server is a service in Mac OS X server, and as we mentioned, it will proxy all those updates.
Now like I said, you can determine when those updates get allowed to be sent out to your users, or have, you know, allow users to be able to install those, and all that is configured through server admin, which Jason demoed. Now the way that you configure that is in managed preferences in workgroup manager, you would configure all of your machines to use a specific software update server at a specific address. So that's how you would push that information out.
Now Apple updates are really the only thing you can push out through that software update server. It doesn't, it doesn't, it isn't able to also just distribute third party software updates in that way. So at this point we'll tell you a little bit more about how Apple does updates. Some of you may be familiar with it. But in general, every so often Apple has software updates many times a year. And a lot of times those are full dot release updates, so from ten dot four dot three to ten dot four dot four, things like that.
So those are called delta updates, and those install files that are, have only changed from the last release to the current release, and they're very, typically very small And then what we have are called combo updaters as well, and that will take you from, let's say if the current operating system is ten four four, that combo updater would take you from a 10.4.0 all the way to 10.4.4. So it has all the accumulated updates, and those are combo updaters. Okay, so that's how we handle software updates. And in addition to those, we also have security updates, and every once in a while you'll see a QuickTime update as well.
Now lastly, Apple Remote Desktop also has the ability to be able to push out those updates if you choose not to do it with the system, software update server. So literally on your network, you could monitor a hundred machines, three hundred, five hundred machines. You simply could select those machines in a list, tell the specific update package that you wanted to be installed on all these machines, it would get sent out over the network, and it would be a, the installer would run locally on the machines, and that package would be deployed and installed. And if needed, the operating system would tell the user please restart the machine now if it needs to be.
There are also capabilities within remote desktop to have remote desktop server running, so that if you're in a mobile environment, or you have machines that are constantly on and off the network, when that machine comes back on the network, the software update server, or I'm sorry, the Apple Remote Desktop server would notice that it didn't have the update installed, and it would then go ahead and send it when that machine came onto the network. So at this point we're going to have another quick demo by Jason.
All right. So for this next demo I'm just going to show you some of the features of Apple Remote Desktop. Again, Apple Remote Desktop is an additional utility beyond Mac OS X or Mac OS X server. So it's an additional purchase. But I highly recommend it for just about any environment that you're supporting multiple Macs.
When you first open up remote desktop you'll notice along the left hand side we have some information here as far as computers that are on, in particular my client, a scanner, that task server that Brian was mentioning earlier, as well as some active tasks and a task history.
On this particular case I'm coming over with a scanner and I'm just going to scan my local network, and look here, I see my server. Well to add the server to my machine, I'm just going to drag it over here, and it's going to prompt me for my credentials on that server.
I type in my credentials, and now it's going to add it to my all computers list, and now I can see that right there in this particular list, I have a new remote desktop client to manage. Now one important thing to point out here is when you first add a client to the machine, you'll notice that sometimes it'll tell you it has an old version.
This is because the version of remote desktop that ships on OS X, the client portion of the application is based on like two point oh or two point two, it's based on an older version of ARD. Since there's a newer version of the management application out there, you're going to have to upgrade client software on that particular machine before it's going to be able to be managed properly with a new ARD 3.
What we're seeing right now is it's copying the remote desktop package file, and it's going to push it over to my main server, and then it's going to actually install this particular bundle on, package file on that machine. And it'll just take a minute here, and we'll kind of let that go in the background. Something else I just want to show you with remote desktop is that while you have it running, a lot of great fields you can come in here and get some more information from.
You have a report menu, you can kind of collect different information about the machine as far as maybe how much RAM is in it, how much, what USB devices might be plugged in, get some information about its current status. A nice thing about this is you can even do file searching. So if you wanted to look on multiple machines for a particular file, you can just hit that and have it go.
Let's come back over here. Looks like my update's complete, so let's do a quick little report on this. I'll pull back some information on my server, it's going to report to me the memory that's installed inside it. So I can see here that I have the main server, I'm going to click get report. And it's going out to the server right now, and it's collecting that information for me. Or maybe not.
It should. As far as this goes beyond this, there's some other nice things you can do with remote desktop. One of the biggest features of it is the ability to control and remotely observe machines. So if you're in like a help desk scenario or something like that, you can use this when someone calls in to remotely connect to their machine, and walk through them on the phone with what they're doing. As I pointed out earlier, a lot of these tools have been running from my remote administration machine, so we're going to go ahead and take a look at that server, and we'll see this other demo machine I have next to me here.
And that right there is the contents of my server machine. So I can resize this window a little bit, give myself some more room to work with. And on that particular machine I'm now managing that server remotely. It's based around the VNC client, VNC protocol, which is an open source protocol out there you can use. There's clients for it for Linux, for Windows, and there's also servers for it for Linux and Windows.
Which means that using a remote desktop management application on your Mac, you can connect to a Windows machine or a Linux box running VNC, and take control of it and observe it. These other features won't work because there's something conditional to Apples rolled into it, but that basic aspect of being able to look at another machine and seeing what it's doing is still available to you.
As far as some other things we can do in here, just to quick show you a couple here. We can send the remote Unix commands to the machines. So if I wanted to do a PS command on a particular machine, I can type that up here, click send, and that'll run that PS command and report back to me its information.
I can copy files and install packages. So if I need to deploy any particular software over to it, I can come over here, say I want to copy a file onto my server, let's see. I'll go to my documents folder here, I have this admin guide file. I'm going to go ahead and add that to my list of items to copy, and I'm going to put it on my current user's desktop. So I hit copy here, that pushes the file over, and now if I come back over here, we can see that admin guide file is now on the desktop on my server.
So a lot of great things you can do with remote desktop. As Brian said, there's like a task schedule functionality of it where you can have it run tasks if you're away from the office or you're using a laptop scenario. Information to collect system reports, monitoring. It's a really comprehensive tool that does a lot of different tasks that is just invaluable in a Mac environment. Brian.
So really to sum up. You know, all the platforms, they all generally need the same kind of TLC, and they all need the same types of upkeep and administration done to them. But you know, a lot of those tools are different from one platform to another. A lot of them share a lot of similarities, and a lot of them are different in some ways.
But as I think you found that we've shown you that a, from Windows to Linux to Mac, there's really a lot that you can take from some of the other platforms that you've administered over the periods of time, use that expertise and take that to the Mac, and use that on some of our tools. So we hope that we've shown you a good sampling of some of the administration tools, and given you kind of some of the ideas that you can use in some of the sessions later in the week.
I think there's a Best Practices for Mac OS X Administration. So you can really kind of look through that guide and say well where do I want to focus my time, and what do I want to focus on, okay. So I hope you enjoyed the presentation, and we've got some time left, about five minutes left for slide, for questions.