The saying that something is only as strong as its weakest link lends itself to many different circumstances. In fact, it
can be applied to modern day computing with respect to system and application
updates across various platforms.

Specifically, this article focuses on
two services that address patch remediation in similar ways but
implement it distinctly — and each has its own caveats. One offers a simplified
“set it and forget it” method that can be used for wired and mobile
devices alike, and the other offers a more targeted approach that’s aimed
toward IT administrators and allows for a degree of control as to what’s
available for download. Let’s take a closer look at these two options.

I.  Caching
service

Here are the requirements for using the Caching service:

  • Mac computer running OS X Server 10.7+
  • Minimum 25 GB available hard drive space to store
    updates
  • Wired ethernet connection (preferred)
  • Broadband connection to download updates

Follow these steps to enable Caching:

  1. Open
    Server.app and authenticate using admin-level credentials when prompted to do
    so
  2. Select Caching from the Services pane (Figure A), and then click the Edit… button next to Volume to select the hard drive that the software packages will be saved to
    Figure A
     
  3. Click Use Selected Volume to write the changes (Figure B)
    Figure B
     
  4. Use
    the slide to adjust the cache size or the maximum amount of hard drive space
    allotted to host the downloaded content (Figure C)
    Figure C
     
  5. Turn
    the service to ON

That’s it! With the Caching service enabled and configured, any
updates or purchases from the App Store will be cached for future use on the
local server. Subsequent download requests for content that has already been
cached will first look to the cache server for a copy of the application/update.
If found, it will download it directly from the local server, containing
traffic to the LAN; If the desired content has not been cached yet, it will
download it from the Internet as it normally does, and a copy will be
stored by the caching service.

II.  Software
Update service

Here are the requirements for using the Software Update service:

  • Mac computer running OS X Server 10.7+
  • DNS registration
  • Wired ethernet connection (required)
  • Broadband connection to download updates
  • Proxy servers are not supported (recommended by Apple
    that they’re disabled)
  • Open necessary server addresses and ports to access
    update repositories 

Follow these steps to enable the Software Update service:

  1. Open
    Server.app and authenticate using admin-level credentials when prompted to do
    so
  2. Select Software Update from the Services pane (Figure D)
    Figure D
     
  3. Click
    on the Automatic or Manual radio button to determine whether
    you wish for the service to download all updates automatically or if you wish
    to enable fine-grained tuning to allow only specific updates to become
    available to end-users (you may wish to consult any IT policies the
    organization may have in place to be in compliance)
  4. Turn ON the Software Update service, and click the Updates tab (Figure E)
    Figure E
     
  5. Click the cogwheel button and select Check for Updates… from the
    drop-down menu (Figure F)
    Figure F
     
  6. Depending
    on your Internet connection, it may take some time to correlate a list from Apple’s
    update servers and present a listing of the updates available for
    authorization. The updates can be downloaded and enabled individually or
    selected at random by holding down the command key. (Figures G and H)
    Figure G
     
    Figure H
     
  7. Once
    the selection(s) have been made, the service will download the update
    and store it on the local server for updating in the future by devices on the
    LAN.*

*Note:
Software Update services is only half of the equation. In order for devices to
detect and download updates from your local server, they must be configured to
do so. This will redirect requests from Apple’s update servers to your own,
locally hosted OS X server. Luckily, this can be accomplished rather painlessly
using either Profile Manager (which is part of OS X Server), manually via the
Terminal, or using some form of management console, such as Apple Remote
Desktop. Please refer to Apple’s KB article for the specific steps and
commands necessary to reconfigure your devices to communicate with locally
hosted Software Update services. 

Caching or Software Update services? Pros vs. cons

  • Caching
    stores both software updates and App Store purchases; Software Update stores
    only updates.
  • No
    additional configuration is required to use the Caching service, which is great
    for mobile devices like iPhones/iPads; Computers using Software Update must
    be configured to connect to the local server manually before downloading
    updates can proceed.
  • Caching
    is based on device requests for data. If a client does not request the latest
    version of iTunes, for example, it will not be cached automatically; Software
    Update downloads all updates from Apple’s servers and stores them for later use
    automatically (default).
  • Software
    Update allows IT departments more control over what’s allowed to be installed/updated
    by pre-authorizing updates for end users; Caching does not allow such control
    and will store any update or app an end user downloads — whether they’re allowed
    by IT or not.

As each organization does business a little differently, the needs of its end users differ as well. Good thing for us all,
Apple has provided multiple approaches to tackling updates. Unfortunately,
Caching and Software Updates cannot be used together. Both services can
be setup and configured for use, but Caching will not read the updates
stored by Software Update and vice-versa. So, take precaution if deciding to
utilize both, because the updates may be downloaded and stored several
times over, eating up precious storage capacity.

Both services are flexible enough to co-exist, and they provide
strengths to the other’s shortcomings, which will benefit end-users and IT personnel. Furthermore, with the growth of BYOD
and the proliferation of Apple tablets and smartphones, Caching may very well
be a great way to provide updates to end-user mobile devices
without being intrusive. Software Updates, on the other hand, can be used on company desktops
and laptops to ensure they always have exactly the updates necessary to keep
mission-critical devices productive. Ultimately, both services will minimize on the
bandwidth utilization, so resources shouldn’t be too tapped out — and everyone
wins.