Information Technologies • 54:52
Hear from members of Apple's engineering and consulting teams talk about how to configure Apple Remote Desktop to manage large scale deployments of Macs. Learn about real-world tips and techniques for successful implementations of Apple Remote Desktop as a desktop management solution for your organization.
Speakers: Mark Whittemore, Steve Hayman, Doug Richardson
Unlisted on Apple Developer site
Transcript
This transcript has potential transcription errors. We are working on an improved version.
My name is Mark Whitmore. I'm the Engineering Manager for Apple Remote Desktop. And this is session is on extending Apple Remote Desktop for large scale deployments. This is what we're going to go over today. I know some of you are probably actually new to Apple Remote Desktop so I'm going to talk a little bit about where we are right now with the Remote Desktop 3.1 update. Some of the things that we've got coming for Leopard.
And also we've got a lot of feedback from folks about things that they would like to see extended in Remote Desktop especially for large scale deployment. So we've got several things that we've tried to do to extend the product. Just as it is today to help meet some of those needs. So let's talk about 3.1.
So that came out in November of 2006, last yea r. And some of the things that we added are a Bonjour scanner to make it a little bit easier to find machines on local network, make it a little more reliable. Lights out management support for those Xserves that you could now power on remotely.
Restart notifications after package install so you're clients out there won't be surprised when they're machine restarts after you do your install. Yeah, that's, that's good. And also some more Smart List comparators so you can not only do a match to see when a criteria does match in order to create a smart list but also when something doesn't match.
So 3.2, we're working on this just like we do with every OS release. We match a compatibility update for Remote Desktop. This is going to be a free update that's going to ship the same time as Leopard. And just like we did with Tiger where we put the version 1 of the client in the OS, we're going to put version 3 - version 3 is going to come with Leopard automatically.
And one of the things that we're adding to one of the additions to the client is going to be an adaptive quality, screen sharing codec and this is primarily for low band width connections so that you get much better response when you're just moving windows and things. It'll be, the image will be low resolution as you're moving things, but you'll get immediate response. And then as soon as you stop moving things, it, the image fills in and sharpens and looks nice. So this is all going to be available in October 2007 when we release Leopard.
Oh, also I should mention the, the screen sharing technology is also going to be in a separate screen sharing app that's going to ship with Leopard and you can fire this up either by looking on the sidebar under the shared section in the finder. You'll see the, where the machines listed there.
You can select one and they'll be for all the machines that have the screen sharing service turned on, you can select and just do a screen sharing, so to set basic functionality remote desk top that a lot of people like and that can be built in Leopard. And also the iChat screen sharing feature, that's also Remote Desktop under the hood.
Okay, so again for those of you who are new to Remote Desktop, I just want to go over the terminology just a little bit so you're, so you understand where I'm at when I'm talking about various things. First thing is the clients. These are the machines that you've got out there that you're managing. Then the administrator console, this is the machine that you're going to run remote desktop dot app on. And add all your clients to computer lists in there and perform actions on them.
And the test server, the source of some confusion for some folks is a separate, it's basically the same software that runs on the client, but it serves as a process to take some of the task execution of the shoulders of the remote, of the remote desktop dot app running on the administrator console. And the client that it works with right now is install package.
So you can delegate the install package task to the task server machine which is another license copy of Remote Desktop. But you don't need to have the admin running on it, you don't have to have it on the computer list. You just run the admin once, set up a serial number, indicate this machine is going to be remote task server, and then point your administrator console in the preferences to use this other machine.
And now you can use that when you want to do a delegated package install. And the administrator console can then go offline and the other advantages of that, the clients can be offline when you set up this task. So whenever they come online, they'll connect in, check in with the task server and see if there is a package they need to install.
The other thing that a remote task server does is that when clients build report caches, they upload it to that task server. So if it's on all the time, you have a much higher chance of getting those report caches collected so that later on when you run the administrator console, you could run your reports against it and you'll have all your report data there. The other thing it's good for too is for tracking machines whose IP addresses change.
So if you have a lot of clients on DHCP and they're moving around a lot, every time they get on the network, they report to the task server and tell it what its new address is. So when the administrator console launches, it checks in with the task server and says, oh, okay, all these machines changed their IP addresses, here are the new IP addresses.
If you ever get machines that aren't online anymore, you gotta scan for them again or their IP address go to 0 0 0, then if you use a task server, you've a much less likely chance of that ever happening. Because that's going to keep track of where your clients are moving to.
Okay, here's how everything ties together. The administrator console can send commands directly to the client. It also receives status back from the client and task progress back from the client. it also communicates with the task server when its going to delegate a task to it or if its running report, it communicates with the task server and gets the report results and then clients communicate with the task server when they're building their report caches and sending them up to the task server. Or if the task server is going to do install packages against the clients.
Okay, so when I talk about all the features of remote desktop, I like to break it down to be six different areas of software distribution, asset management, remote administration, remote assistance, automation and set up. And we're going to go through each one of these things and talk about a way in which we've extended this for a larger scale deployment. So we're going to start off with software distribution.
And the first thing I want to do is just briefly go over what some of the aspects of software distribution are in remote desktop. First you have package install from installing end packages on the machines. Then you have file copy for copying files and folders out to any location on the hard disk. We also have some preset locations like a user's desktop folder or fonts folder.
You can delete files, you can run reports like file search reports or spotlight search report and select the files in there and perform a delete. And auto install, that's the feature that I talked about where you can delegate a package install to a task server machine. And when they wrote this in 3.1, we made some significant performance enhancement for file copies. Its actually 11 times faster then previous, then version 2.
So Doug is going to do a brief demo here of, of just how you use the task server of a delegated installer right now. He's going to have one machine that's offline, its sleeping right now and one machine that's online. He's going to perform the package install against it.
It will complete on the first machine. When he wakes up the second one, it'll contact the task server in a few moments and, and the package installer will initiate on that one.
So you can see my machine called Downing is offline and Abby is online. I'm going to do an install. Select a package that's on my desktop. It's a QuickTime security update.
( Period of silence )
I'm going to use the task server on this computer. When I run the install, you'll see that on Abby it starts up right away and on Downing, its not doing anything because its offline. So what I'm going to do is wake up Downing that's sleeping right now, you can see it over there.
The screen is off.
( Period of silence )
( Period of silence )
( Period of silence )
( Whistling )
( Laughter )
( Period of silence )
Is it awake?
- No.
( Laughter )
- Oh you know what? I might have actually shut it down instead of.
- Oh.
( Laughter )
( Applause )
Did you start it up? Yeah, I think I shut it down. I mean to do sleep, you know. So I might want to point out that there's two options. You got a shut down and you got a sleep.
( Laughter )
- Oh yeah.
- Is there power on too?
- Oh, there is goes. I'd also like to point out, there's a power on, could be helpful at this point.
( Period of silence )
( Period of silence )
( Laughter )
- There we go.
- Okay there we go. So its.
( Applause )
Thank you.
- Something similar happened to me last time I demoed this too last year. Like okay, great. So if we can go back to the presenter machine here, go back to the slides.
( Period of silence )
Thank you. So this is, this is basically the scenario that we just had right here. You have your administrator machine, in this case, in this particular example, the administrator machine is using its own local task server, not a remote one. And it delegates those packages to that and it installs it on the clients.
But let's say you have a lot of, a lot of machines or a lot of geographic locations and you want to have multiple task servers. You want to be able to distribute the installation of those packages to all those other task servers because it's inefficient use of your bandwidth so you don't have a very fat pipe to of your other locations.
Here's an example of what it is we want to, this is what we actually want to achieve. We want to have one top level administrator who's going to be able to delegate copy that package out to these other administrators in these other locations like London, Tokyo, and our example here. And those machines take care of installing the packages onto the client. So you don't have to do this package install from the top level administrator to all those other clients directly.
And I'm going to use the term delegation servers in this example here instead of task servers and what I'm talking about in this case is actually another machine that is running a copy of remote desktop dot app because as you'll see in a minute, how we're going to do this is actually going to require the actual admin running on each of those delegation servers.
( Period of silence ) Okay. So how do we do this? We're going to use Automator to get those packages from the top level administrator to each of the delegation servers which are just other machines that have a copy of the remote desktop running on it. So lets quickly go over this script here as to how we're going to get those packages distributed to those other machines.
So first we've got just a little UNIX shell script that when we, this is going to be a drag and drop Automator action. So you can just drag a package onto this Automator action and it'll go ahead and install it out to those other machines. So the first thing we do is we take that package name and we stuff it inside of a temp file.
And we echo the name of that package to our next ARD copy items action. This is going to take that package and it's going to use your local copy remote desktop at the top level machine and perform this Automator action to copy that package out to our delegation servers. And in this case, what we have is a list called delegation servers.
And that's where our other, that's the list containing the name of the machines that we want to copy the package out to.
( Period of silence )
Okay, step three then is we actually need to copy that little temp file itself out to all those other machines so that they can read it in later with an AppleScript and figure out which package it is they're supposed to install.
( Period of silence )
And so then the next item, okay so the next item is, is to actually copy that temp file out. So that's the next copy items action. So now we've got the package in this little temp file that contains the name of the package on all of, on all of our delegation servers.
( Period of silence )
Okay, second to last step is the AppleScript that's going to tell each of these machines to perform the delegated package install using their own local task servers. So that's going to get each of those sub delegation servers performing package install. And lastly, we just clean up those temp files.
( Period of silence )
So that's fine for getting the packages down and getting the install started. But what we really want is to get all that task progress. Because right now, those package installers are occurring on those delegation servers and that's who can see the task progress. Not the top level machine.
So the question is how do we deal with this? And to do that we wrote and application which we're going to introduce today and make available through the remote desktop website shortly. We're going to actually make not just the application, but also the source code available too, so you'll be able to take this, tweak to however you want, customize it, probably do some other interesting things that we haven't thought of or didn't have time to do today. So the application is called Remote Desktop Assistant and in the case of the package install, we also have a process called task monitor agent. So let's just take a look at the interface for this.
So this Remote Desktop Assistant is going to display an entry for each of those delegation servers. And it's going to display the tasks that are running under each of those. So in this case we've got a distributed package install and it gives you the data point ramp. It also gives you a little icon to indicate success or failure.
And if you select that task you get on the bottom table, the list of the machines that were part of that task as well as their status. So this is, this is a task status that's coming from a different remote desktop administrator that's being shuttled back up to your machine or to some other machine.
( Period of silence )
So this is an overview of how all the communication works. So we have the task monitor agent process that you install and run. We're going to document all these stuff so you know exactly how to get this stuff installed. And we're going to, Doug's also going to kinda demo this too so you can see how this goes. We have the task monitor agent that gets installed on each of the delegation machines.
And as the, as the package is getting installed and the cache project is going up there, that process monitors for changes in the preference list, the P list files for remote desktop dot app and also for the task server that's running on it. It pulls that out and sends that up to the top level administrator. And the Remote Desktop Assistant which is running up there is also monitoring for changes that are coming from those other machines.
( Period of silence )
So here's how we get things started. We want to transfer everything securely, so we're going to set up an SSH connection between each of our delegation servers and our top level administrator. In this case we're probably at San Francisco.
And we have a little register admin application that goes ahead and sets up this SSH P pair so that you can have an automatic SSH connection between all these machines.
( Period of silence )
So I'm going to hand it over to Doug again and he's going to go do a demonstration of how all this stuff works.
Right. So the first thing I'm going to show you is how to configure the registration app to tell your delegation server that it needs to talk back to your top level server which in this case is this little laptop I'm running on. So you can see I have a list called delegation servers, and, which is important because the Automator workflow references this list name. And you can change that in Automator workflow whenever you want. So I'm going to copy a, the registration app.
( Period of silence )
( Period of silence )
Have it open when it copies. I'm going to take control of this and now what I'm going to do is enter the information to point back to my top level admin which like I said is my laptop. So the host name is San Francisco.
( Period of silence )
Registered. Now I'm going to, I've already configured my other delegation servers, so I bore you with that. And now what I'm going to do is drag that same QuickTime package onto the workflow drop box. And, oh shoot, I was supposed to start this up first.
( Period of silence )
There we go. So now you can see the task progress on each one of those servers. So it's idle on this one. It's idle on this one. And in a moment you'll start to see it install.
( Period of silence )
Mac minis are a little bit slow. So that one is done. Let's see if this one is finished. And that one is finished. That's it.
( Applause )
Okay, let's go back to the slides.
( Period of silence )
Okay so there you saw an example of how we're able to distribute that package out to those other machines and each of those took care of installing it and set that progress and we're able to monitor it using the remote desktop assistant. So lets move on to asset management. With asset management, we have with Remote Desktop the ability to run reports, which I talked about earlier. Those reports get stored in an SQL database which you can access remotely or locally.
We also have a remote Spotlight search. You can search across any number of machines, you know using the Spotlight interface which you're familiar with. We've got hardware reports and user history reports, application reports. And you can do all this stuff if you built up the cache and get it uploaded or if your clients build up the cache and they upload it to your task servers, you can do all this while the machines are offline as well.
( Period of silence )
- So this is regular reporting. I'm going to select my delegation servers and just run a quick report on them. There you go.
- Okay. So very simple, just select a bunch of machines, run your report, get the results. So I'm going to go back to the slides for a moment.
( Period of silence )
So again, just like the case of installing the package, each of these machines is kind of in their own little silo. They, the administrator only works against one task server and all the clients, you know any reporting they want to do is only going to come from that one task server. Let's say you've got lots of task servers out there and lots of clients sending their report results up to those task servers. And what you would rather have is something like this.
Where you've got one top level task server, bunch of other sub task servers where clients are sending their report caches up to. And you want to take that report data and bring it up to one top level administrator and have that administrator be able to run reports against there against all those clients. You can imagine in a school district situation where they might have something like this where each school has a task server that's getting report results and then you a top level administrator office which is going to pull all those from each of those task servers.
So here's, here's how we do this. on, in the case where you want to actually just sort of pull the, the report data from each of your sub, your other task servers, we have a PHP script that's going to run and using the post SQL command its going to connect over the network to each of the other machines and pull out the report data and merge that into the top level task servers database.
Now that would be fine but lets say your top level administrator isn't going to have all those other clients in it, or you know each of the schools is taking machines away and they're adding new machines and, you know it'd be too much of a burden to expect the top level administrator to keep their list in sync with all the other changes going on in all the other locations. So we've got another script that's going to run and look at the database and create computer entries in your remote desktop computer database for any new machines that got added as a result of running these reports.
So if we run a report and there's five new machines at another elementary school, we run this script, a computer entry is going to be added to that top level remote desktop app. And you know the very least get reporting access to those. You won't have credentials, but you'll be able to run reports against it. So Doug's going to do a demo, showing us how that works.
- Alright, so here's my, those delegation servers. Those are going to be my report caches also. And this one is using PHP script so it doesn't look quite as nice, but these are also available, will be available. So the first script I'm going to run is called aggregate. And what that's going to do is grab all the caches from my delegation servers and bring them up to the task server running on my laptop right here.
- And there's, you have configuration file right?
- Yeah, there's a configuration file that defines all the servers to connect to. It's called config dot PHP. So you can see it's processed my three task servers, Tokyo, London and LA. And but I still don't have the computers in my all computer list.
So what I need to do is run another scripts called add computers. And now if you have a remote task server, I need to point out one thing. The aggregate script runs on the remote task server, but the add computer script runs on the machine that you're running the admin client from. So I'm doing both on the same machine. When I run add computers, I get an error right there that tells me I need to quite Apple Remote Desktop. Because I'm going to modify the computer database. So I'm going to close that, run add computers again.
Now when I restart Apple Remote Desktop, my all computers list has a bunch of entries. And you'll notice, I don't have user names and passwords for all of them, but I can access their report data. So I'm going to click on those, run reports.
( Period of silence )
( Applause )
Alright, thanks.
( Applause )
Okay, let's go back to the slides.
( Period of silence )
Okay, remote administration. So here we have the send use command which is a very, very popular command. Remote desktop lets you execute just about any kind of UNIX script against a bunch of machines at once and get the results back from that script.
Setting start up disk lets you set all your machines up to a net install server or net boot server. Then there's various power management features like sleep, wake, restart, power on if you have the Xserve, locking and unlocking screens. As well as being able to log out users and open files on, or open files and applications.
So without a doubt, the killer application of Apple Remote Desktop is this send UNIX command button. Who's with me on that? ( Applause ) Alright. I thank the engineering team for putting that in.
( Laughter )
So those of us who come from a command line background find this very exciting. You can take a list of computers like this and execute UNIX commands on them and capture the result. This has been in ARD for a while. I just want to show you a couple of simple examples. I've picked a list of computers.
And we'll run an extremely boring command, date. I'm just typing in the command name here and you, if you haven't seen this, you have the option of running the command as the user who is logged in or you can even say that user root if you want. That will run the command as root, even if nobody is logged in. Very handy feature.
So we'll run the exciting command, date and all the output of the date command comes back into this little window here.
( Cheering )
Oh, stop.
( Laughter )
Now there, there are more interesting commands than that. I wrote a little command a while ago called big honking text.
- All right.
- Yeah.
( Applause ) >> And big honking text will do a variety of things. One of the things it can do is to take the output of another command like this. So this is a command, its not, you can get, well we're going to make this available to you. This is already installed in these computers, so I'm going to run the date command and pipe it into big honking text and see what happens. I'm watching all the machines over here. They're all putting the date up on their screen.
I find this to be incredibly useful and not only that, incredibly annoying. Because if there's work going on in the labs, I can do, I can do this sort of thing. Big honking text also has a dash H option which with do an authentic Canada goose honk.
( Goose honk )
( Laughter )
Very handy. So.
- (Unclear)
- That's the Canadian thing, man, it's the Canada Goose. So there's a lot you can do with that, but.
- We can go back to the slides for a moment.
- But there are a couple of limitations. That sort of requires that all the machines be actually online right now. Send UNIX command sends the UNIX command that you want to execute to all nine of the computers. It does not use the task server.
So our first though is well what, what can we do to work around that. The task servers as you just saw works great with packages. You can install a package on a computer that happens to be asleep or even off. And once your colleagues figure out how to turn the computer back on, the package will be installed correctly.
Well what if we took a package that didn't actually have any files in it but it has a post installation script? That's a feature of packages. They contain files which you see here. And they contain, they contain an optional script called post flight. And the post flight script will run after a package is installed.
There's other, there's other scripts you can put in the package, a post install and a post upgrade. The advantage of post flight is it runs every time, even if you've installed the package 17 times in a row. So what would happen if we make, were to make a package that didn't actually have any files in it but had one of these post, post flight scripts.
We could use the task server and this as a way to execute UNIX commands on a whole bunch of machines, even those that are down. And there's a lot of sophisticated system admin things you might want to do only to find out that one or two of the machines in your lab were down.
Now you can package up those commands in a package like this. I'm going to show you one little idea here. If you can go back to the demo machine here for a sec please. ( Period of silence ) I'm also nothing if not a big Automator fan. And I have a little workflow I want to show you here. Create a payload free package.
This is a simple combination of existing Automator actions that starts out by making an empty folder, make temp, might not even know about that one. Makes an empty folder. And then it passes that folder to the existing create package action which is something that comes with Automator. That makes a package out of the previous files and folders of which there are none in this case.
And that passes the path of the package to the next action. So this next action is a little bit of shell script that takes the package from the previous action and adds one of these post flight scripts to it. I wrote a little template post flight scripts. So this sticks a post flight script in the package. And then at the very end, it actually opens the package, that line there, in your text editor so you can change something on it.
So if we actually run this here, it's going to ask me to create package. I'll call this PFP5 and you have all these options here that you don't need to set. But it's a nice feature of Automator in that it will, if you like, display one of these actions live when the workflow runs. We'll hit continue. That's actually building the package here. It's opening up this post flight script that it added for me.
It's jumping up and down, I'll make it go away in a second. And I get to type my exciting command here. How about SC util dash dash get computer name. We'll type that into big honking text dash h dash. You can all think of much more exciting scripts than this one I'm sure. Maybe you want to make a folder or remove something or change the permissions on a file.
If I save that, that's now saved this package on my desktop with that script right there in it. Yeah I put that in alright, so yeah. So we've now got a package that we can install on a bunch of machines. Now you know I have found, I'm just a field guy, but I have found in preparing this session with these fine ARD engineering team that they are able to implement my secret wishes without, just by the pure power of thought.
It's incredible. We were practicing this yesterday and I said, I said to Mark, wouldn't it be cool if you could, you know having selected a list of computer, just drag a package on them. That would be a great feature you should add in the next release. And Mark said, you know did it occur to you to actually try that? And he.
( Laughter )
And he thought hard for a second and I dragged it and I dropped it and it takes a moment here, but that will open up the package install action.
I have my emergency back up joke I may have to go into here for a second here. ( Applause ) So, yeah, I was telling you before that there's a Canadian and an Iranian went to a German restaurant.
( Laughter )
And the Canadian guy says to the Iranian guy, What are you having? And the Iranian, oh its back, sorry.
( Laughter )
so this is when I'll take that package and actually install it and run it on all of those computers and hopefully it will display all of their, display the host names. We'll watch all of them here. There they go and they all honked. And because that's a package, I won't do it here, but that would work with the task server as well.
It would wait if machines were off until they came back and then execute those commands. I think you might find this a very handy addition to your bag of tricks. We're packaging this Automator, workflow and big honking text up and it will all be on the remote desktop site as, as Mark said earlier.
So could we.
( Applause )
Could we go back to the slides for a moment? Oh it's you, that's right. We have about one slide for you to do right now, don't we. Timed this perfectly. This is brilliant. Watch this. Watch how smooth this is.
We've got observe and control, very popular feature, remote observe which you saw Steve kind of demo there, also being about to share your screen now is very good in the educational scenario. Guest access if you, so if someone doesn't want you to just be able to control their screen, you can request access to control their screen. We've got text messaging, there's a widget also that you can have for just sort of quick viewing a machine.
With drag and drop file copy in the control window as well as being able to send the contents of the clipboard back and forth. And also curtain mode. If you need to control a machine but you don't want someone whose passing by to see what's going on on that machine or be able to use the keyboard and interfere in what it is you're trying to do, that'll just bring a lock up on that screen so you can go about your business and get things done.
- All right, here's the exciting demo, can we have the demo machine please here. The exciting demo of control screen. Well, you pick a computer and you go control. Okay?
( Applause )
( Laughter )
- Ta da!
- Well right, who cares? But if I could go back to the slides for a moment, I'll tell you why we care about that. The way that control works is it talks to a specific TCP port on the remote computer. Port, who knows? Who can tell me the port? 5900, that's right.
Now, that does not work in a lot of situations. I like to help my father out from time to time. My father is a great guy, retired civil engineer. Dad and I often have a discussion about the different between a file and a folder. This is where we are right now. Actually Dad, Dad actually has a good point.
He, in his business, the thing that you put into a filing cabinet with pieces of paper in it, each of those is called a file, right? You put those in a filing cabinet. And yet we come over here and we call them folders. I don't know if we can fix this here right now, but I'm thinking about my Dad right at the moment, so. I'd like to help Dad with his computer. Here's the problem.
Dad's got some router that he bought who knows where, configured who knows how It happens to work. How he got it going, I don't know. And I would like to control his computer from time to time to help Dad. This is me over here, Dad over there. And the first problem is Dad is 10 dot 0 dot 0 dot 2. In the TCP world, that is an unroutable address.
It's a network address translation, is a great feature, but it means you can't get directly to that address from the outside. So if I were to naively try to observe the computer at 10 dot 0 dot 0 dot 2, those packets really have no where to go, they're unroutable.
The classic solution to this is to try to figure out Dad's, the address of Dad's mystery router. I don't know if I could get Dad to tell me that piece of information or the brand of the router or the location of the router, where he bought the router.
I'm not sure I can get any of this information out of my Dad. And even if I could, trying to observe port 5900 on that router is not going to work because it's not the router itself is not running the Apple Remote Desktop client. Now the standard solution to this is to figure out port forwarding on the route. We've all done this for our parents. This is the parental control feature of MAC OS X.
( Applause )
So if you could, if you could some how talk Dad through configuring his mystery router to forward port 5900 from the router to his computer, I would be very impressed. But then you could observe port 5900 on Dad's mystery router and if of course you would be talking to Dad's computer. I bet you a lot of people have done this right? This is a fairly common thing.
Honestly though, I think that all though this would work, the chance of talking someone through this on the phone is fairly slim. And eventually, you just get to the point and say all right, I'm coming over. I will be there in a couple hours, just hang on. But what if you could do this? Let's assume you know what you are doing.
( Laughter )
I have a little trouble with that, but. And let's supposed you have SSH turned on on your computer, on your computer. You have inbound remote log in turned on. And let's suppose you have their public IP address or you have your own mystery router configured to port 22 back here on the machine.
A lot of us have that right? We want to be able to do a SSH back to our home computers. If, and this is a big if, if you could do a clever port forwarding thing, you can take advantage of a little known feature of ARD in that you can observe not just an IP address but a combination of an IP address and a port.
If you add local host on your computer, to the computer list in ARD. You can actually edit where it says 127 dot 0 dot 0 dot 1 and tack on a port number at the end. Let's just say for the sake of argument you're going to set it up so that ARD will have port 5800 of your local computer on its computer list. If you could get you do to do this.
( Laughter )
I'm going to set up an account for Dad up on my computer. I'm going to tell him the password. There are a lot of ifs here. This does not require me to know anything about the password. Oh this, sorry. This is the IP configuration on Dad's computer, we're starting on Dad's computer and we're using features of SSH where it can tunnel ports.
It can take a port on one computer and encrypt it via SSH and attach it to a port on another computer. With a command like this, you can set up a pipeline between the ARD port on Dad's computer through the mystery router and the inter web to port 5800 on your computer. 5800 is just a number that we made up and then if you said observe 5800 on your local computer, it will be tunneled through net properly.
You have to stare at the SSH command for a long time before you figure out whether you've got it in the right order or not, but there's a little syntax for saying a port here or a port there, hook them together, all encrypted nicely over the SSH protocol.
I think I am going to have a hard time talking Dad though locating terminal application let alone typing SSH. But it would work. I'm going to suggest if you want to try this, you might wrap a little script around it. Dad trust me, click on this. Let's assume that the problem is not that his mail is not working.
But in, maybe we send Dad a script. Dad, if you were to click on this, here's a little AppleScript that would tell the terminal program to run that SSH command in a window. Its using do script, which is a verb you can send to terminal in AppleScript. Note that this is different from do shell script.
Do script tells terminal to go and run something in a window. Do shell script does things in the background. But we want this to hang around, so we say do script like that. That would pop up a terminal window and Dad can fill in some passwords and it might work. There's still a lot you would have to set up to get this to actually work. You would have to have ARD configured. We would have to configure the SSH.
I want to to point out scripting solves all problems in the world and the programs which are scriptable are inherently better than programs than are not scriptable.
( Applause )
And that you could, you could write a script, and when say you, I don't mean me. You could write a script that would solve this. Actually when I say you, I mean Nathan Fischer. If you look on the archives of the Remote Desktop mailing list from last month, Nathan has put together a nice package of scripts that automate this all for you.
If you go to lists dot apple dot com, even if you're not on the remote desktop. But you should probably should be. Who's on the remote desktop list? Nathan Fischer are you in the audience? Oh that's too bad. I had a big prize here for him. That's a shame.
But Nathan's written a lovely package that you can configure with the IP address and it gives you a thing to tell your Dad and run and hooks up the ports and everything. I'd encourage him to go find, I did not want to give out his address here today, but go find that posting on the list and drop him a note. Take a look at his script or feel free to write your own. There are plenty of other variations of this sort of thing lurking around. Alright, I'm going to toss it back to Mark.
Okay, thank you.
( Applause )
Okay, second to last feature area is automation for remote desktop. And here we have a some what rich AppleScript dictionary for being able to various tasks. You've seen Steve use some of that stuff. You seen Doug use some of that stuff. Automator actions as well, task templates, so that you can preconfigure a set of arguments for a task and save that, so when you select a set of machines you can apply that task template to that set of machines and get your argument set up real very quickly It's very especially useful for a send UNIX and also for certain package installations and file copies where you've got a specific set of locations where you want things to go. Last thing is scheduling itself.
Remote desktop allows you to schedule most of the commands. And we've seen lots of Automator demos already. And we're going to see one more and then. ( Laughter ) >> We have the demo machine over here.
I don't know how many of you have ever used this, so just bear with me if I give you a brief example of the basics. One, one, could do this sort of thing. Let me just create a folder on my desktop, drop here and I could build a little workflow in Automator that says get the selected finder items and then use one of the existing remote desktop actions. Copy items to computer list and I could say I want to copy to my WWDC list.
And then after the copy is complete, we would like to open the items. And if you were to save this, it would just be a workflow that anyone could run. A nice feature of Automator is you can save things as plug ins. I can save I want to save this as let's say a folder actions plug in. Copy and open.
And if you save something like that as what did I save that? I didn't mean to do that. Pardon me, there are several different ways. I meant to save it as a finder, did I save that as a finder or folder action figure? I meant to do this, okay, open seriously.
( Laughter )
This is a finder plug in now which means you can take things in the finder and you can control click on them and you get this Automator menu down here that includes these workflows that you saved to the Automator.
How many people didn't know that? That's kind of neat, huh? You can give for instance are they K12 people here? You can give a teacher in a simpler scheme a folder where they could drag and drop something and it would go to all the student's computers and automatically open.
They could even drag and drop the URL out of Safari and drop it in there and suddenly every student's computer would open the same page they're looking at. This is pretty powerful and I think honestly under used technique. But those are. I'm not going to do it because it is just going to make all the machine honk again. I'm getting a little tired of that.
( Laughter )
But that's one. Here's another one though. I wrote this one. This one that was kinda missing from the kit. Install packages on computers.
So this is the same general idea of copying things over except it will optionally install things if you like, via the task server so I can save this same workflow and say I want to copy to that, that list. I want to run this from the task server. I'll save this again. Wow, holy mackerel.
( Period of silence )
Install package via task server. And another feature of this is that if you like and you click this option thing here, there's a secret box, show action when run that many Automator actions have. Good idea to check that. Because if you, if you're finished with this workflow now, and I've saved it as install package via task server. I can do the same kind of thing. I can click on something, Automator, install package via task server.
And I think I forgot to do what I said, whoa! There it goes. But I think I forgot to do what I was talking about. Just a minute. Show action when run, yeah. Let's try that again. Sorry. Did I not save? That'd be just like me not to save. Install, darn it. One more time here.
Show action when run. Automator installed, I tend to build up a lot of these because I never get them right in the first try. This little piece of the UI will pop up, so you got that little mini application where people can choose what action they want to do whether they want to do it via the task server and so on. And Automator will take over and go install it. I'd like to point out that this one actually remembers the selected computers that you chose in the workflow, which I think a couple of the others maybe don't. We're going to, we're going to work on that.
So I think you'll find all these things a great way to extend the capabilities of Automator to, to make your life a little bit simpler by building workflows for these common things. And in a lot of cases, given the number of users.
( Period of silence )
- Back to you now.
- All right, should I actually install it? You want to hear one more honk, here we go.
( Laughter )
We've only got 31 minutes left1, we don't have time to do that. (Unclear) All right, can we have the slides? Hurry, hurry the slides, hurry.
( Applause )
Okay, so the following area I want to talk about is set up of the remote desktop. And I guess have to tie something together here. And labels so you can select machines and apply different labels to them and you can create smart lists based on those labels as well.
You can create smart lists based on a variety of criteria. You can create user defined list views. So this is, you can add various criteria to your list. You have a, you're looking at a computer list, you got a set of standard columns that are in there, but you can also customize that as well and add other criteria that aren't in there originally.
You can create groups to help organize your sidebar area. To put various save tasks in there or schemes that you create. There's also task history windows that you can view, things that have gone on before. There's a user mode for remote desktop so you can run remote desktop in an unprivileged account and you can reduce the set of commands that they're allowed to access, that the user is allowed to access.
There's scanners for finding machines as I mentioned before, we added a bon jour scanner to 3 point 1 update. You've got directory based authentication so you set a, a key on the client machines and then they'll point, then they can use whatever directory server the client is bound to and you can authenticate that way. And then task lists as well.
( Period of silence )
So Doug's going to do a quick demo of just basically creating a list and adding machines to it. A very common task in remote desktop.
- Alright, so here's my scanner with all my machines in it.
- I think we're actually on the wrong demo machine. If we could switch to the second demo machine.
- Did I just flip this?
- Okay. Great.
( Period of silence )
Right, so I think that I want to control Steve's computer and mess it up before he has a demo. So I'm going to add that to my all computers list. Oh I don't know its name, never mind.
( Period of silence )
- You probably want to create a list.
- So here's the computers I want. I can make a list called my list. And you can see there they are. That's it.
- Okay.
- Great.
- So.
( Laughter )
( Background noise )
So this is fine, you create your list, but let's say again you've got a large organization and you've got a lot of people who are all managing the same set of machines. And you're each going through the effort of creating these lists and adding machines to them and someone, maybe whose a little bit more on top of it, someone else is keeping that list up to date a little bit better.
And currently the way that you would you know share this information if someone were to share it from a remote desktop is to use the export list command and you've have to email the results of that to someone else or you put it up on a file server and that person would take it down. And then import that list.
But the problem is that there's no credentials. So its fine if you're using directory based, you can select all those machines, do a multi get info, add in your directory based authentication. But if you're, if you're using local accounts, it's a little bit more of a hassle. Plus if you didn't necessarily want to share that user name and password with someone else, you'd rather that credential information just gets shared over that so they have access but they don't necessarily have the user name and password.
So how are we going to solve this? we're going to use the same application that we saw earlier for the task progress, the remote desktop assistant, and its got a second tab if any of you didn't notice that before for sharing lists. And now what you can do is from, you could run this application on each of your other administrator machines, and you can configure it to use a machine which we're just going to call a list sharing machine. It doesn't have to be running remote desktop software.
It can just be a machine that you've got set up in a closet some where that's always on that you want to use for this purpose. And what you're going to do is select, run this application, you know set up an SSH connection to your, so you're going to register it to your list sharing machine. Then you're going to select the list that you want to share. And then you publish those lists.
And then conversely, you're also going to see all the lists that were published by other administrators and you can select those and sync them to your remote desktop app so the next time you write it, you're going to have a fresh copy of those lists and the clients and most importantly the credentials for those clients.
So let's take a brief look at how we get this thing set up. So on each of our machines running remote desktop dot app, we're going to run this little, um, we're going to run the app and within it I believe there's the registration aspect of it, right, for getting it connected up to the, to list server. So if you're, in this example you see that we type in the list server address on each of these machines and that gets it registered.
And then each of these admins selects which lists it is that they want to share and then they publish those. So Doug is going to do a demo of how we do list sharing.
Right. Alright, I'm going to switch back over to the remote desktop assistant. First thing you have to do is configure the list repository which I've already done, just like Mark showed.
( Period of silence )
Gathers the shared list and then when I flip over to the list sharing tab, I already published some lists from my Tokyo and London machines. And if I go through here, I can see the different computers down below that are in those lists. So before I do that though, I'm going to publish my lists.
So I have this one called delegation servers. I publish it and at that point it would be available to either London, Tokyo or anybody else who's participating in my sharing. So I'm going to switch back over to remote desktop real quickly. And just to look at my all computers list, I got three computers that I have configured right now. I have one with delegation servers, one with my list. I'm going to go back to remote desktop and I think human resources is the one I want. So there's two unpronounceable names down there.
And I'm going to sync up on that. Right, it's going to tell me remote desktop is running, just like the aggregator demo earlier. It can't be running at the same time when it does the sync. So I'm going to turn off remote desktop. Sync again. Now I want to go back to remote desktop. I have the human resources list that has those two computers in it that you noticed didn't appear before in my all computers list. And I have the credentials, I can observe them and do whatever I need to.
( Applause )
( Period of silence )
Doug and another member of our team, Brian worked very hard on those applications, so I just want to say thanks a lot of that hard work and they put all that together, very, very quickly.
( Applause )
So just in closing, we've got the remote desktop 3 point 2 updates coming out when Leopard comes out. And also the client itself is going to be, is going to come with Leopard. So we've shown you how remote desktop can be extended to provide some of the functionality that you've requested. We've gotten a lot of feedback and we're keeping all this stuff in mind. And what you've seen today is, is a clear indication of the things that we're aware of and that you know we're going to focus on in the future.
As I said, also, these applications, all the scripts, everything you've seen today, we're going to make available, hopefully very soon. You're going to be able to find it linking from this URL. We don't know exactly where it's going to live, but they'll be up there. All the source code will be there and we just kinda showed you a brief bit of what you can do in terms of extending the product.
When you take a look at the source code, you're probably going to be able to figure out some other interesting stuff you can do. And we're also going to be in the IT lab this afternoon at 330 and we're going to be able answer more questions and maybe even be able to demo some of this stuff a little bit more.
Wait, you know.
- Sorry, go back to Steve.
- Don't we usually do some completely pointless and stupid script in this session?
( Applause )
- That makes like all the drive or the open and doing the wave or the marching band comes out on the iMax or something.
- Yeah.
- Do we have time? Do we have time.
( Laughter )
- I, you know.
( Period of silence )
I'm from Canada. I'm from Ontario in fact. I'm from southern Ontario. And southern Ontario is home to the world's greatest classical Shakespeare Company, the Stratford Shakespearean festival.
( Applause )
And, well we have a few actors in the crowd here. The, and they put on a, every year they put on all your Shakespeare classics. They put on your Macbeth, they put on your Hamlet, they put on your Cats and your Oklahoma and all the other good Shakespearean numbers.
And. ( Laughter ) I used to get dragged to those things when I was a kid, you know. You're in grade seven and you're studying you know the King Lear or something. So you go to the play and watch the guy getting his eyes gauged out and try to follow along in your little book. But computers are kinda cool. I came across this website that actually has the complete works of Shakespeare, but marked up in XML.
And here, for instance, here's, here's Macbeth in XML. And you can see it's all broken out into parts and speeches and so on. I think he wrote it this way. I'm not sure.
( Laughter )
So when I, when I see something like that and I realize I got a rack of computers of here, and I, they're scriptable. What if we had a little script that lets you pick a play off the list, and I'm going to, oop, sound, sound on this machine please.
( Laughter )
What if you could pick a, pick a play off the list and then have AppleScript look at all the parts and assign to different computers.
( Laughter )
- The Apple remote desktop playhouse presents, the Tragedy of Macbeth, Act 1, Scene 1, a desert place, thunder and lighting, enter three witches.
- Here they come, the witches.
- When shall we three meet again in thunder? (Unclear) >> That will be that.
- Zarvox, zarvox is third witch, the two and the four are performance. Through says first witch. Vicki is the second witch. Zarvox is the third witch.
- Come gray mocking.
( Laughter )
- (Unclear)
( Applause )
- Oh, wait, hang on. Scene two, wait, wait.
- Enter Duncan, Malcolm.
- Here comes some more guys.
- Lennox.
- I had to watch this in grade 10. You should too.
- Meeting a bleed Sergeant. ( Laughter ) >> Oh Agnes is Duncan. She's great.
- He can report and seen that by his.
- All right, all right, enough already.
- You know, I think we, we something for the music department last year, I wanted to do something for the English department this year. So.
- All right.
( Applause )