When I last discussed DeployStudio, the focus was on creating workflows that are used by the server to manage systems in a variety of ways. From installing software or configuring a host of settings to installing OS X across the network—workflows are the lifeblood of DeployStudio.
Given DeployStudio's modular design, the aim of this article is to draw on the modularity of existing workflows by linking them to create a truly automated deployment process.
Prior to getting started, however, please review the requirements below:
- Apple computer running OS X Server (10.6.8+)
- DeployStudio installed and server service configured
- NetInstall service configured
- NetBoot image created using DeployStudio Assistant
- Switched network
- Static IP
- Broadband internet access
- Apple client computer running OS X (10.6.8+)
- Apple Remote Desktop or 3rd-party management suite (optional; required only for zero-touch deployments)
- DeployStudio computers database is pre-staged with serial numbers matching to the computer's hostname
With these requirements met, let's proceed toward automating a workflow type to perform a zero-touch (ZTI) or lite-touch (LTI) deployment.
- To begin building a ZTI or LTI automated workflow, create a new workflow and rename it. Then click the plus sign [+] next to Drop tasks here to open the task selector.
- The first task to add will be the restore task, which will actually install OS X based on a reference image created in AutoDMG or a pre-captured golden image for those working from a master computer. Populate the fields in the restore task, and select the desired image to deploy. Pay special attention to the Target volume, because selecting First disk available will partition the first hard drive found unless another volume is expressly stated. (Figure A).
- Next, add the Configure task to scan the computer's serial number and match it to the correct hostname in the DeployStudio database. This will rename the destination computer when the appropriate checkbox is checked. This task may also be used to optionally create local user accounts or enable/disable certain security functions. One entry I always check is to Enable ARD agent for remote management using Apple Remote Desktop (Figure B).
- The binding of Directory Services (if your organization has implemented Directory Servers) is the third task to add. Be mindful of the type of directory server in use, since there are separate tasks for Active Directory and Open Directory. In the case of Figure C, we'll be using the Active Directory binding task. Enter the required information to perform the bind, paying special attention to the Computers node field. For those out there without experience using Active Directory—Microsoft's directory server—binding Macs to a Microsoft network sometimes requires entering the distinguished name of the path to the object.
Note: While steps 2-4 are required to perform a ZTI/LTI deployment, steps 5-7 deal with installing software and configuring settings that may or may not fall in line with your particular needs.
- To install software packages, use the Package Install task. Applications must be in package format and must be copied directly to the packages directory located in the DeployStudio deployment share. Select apps from the drop-down menu, and continue to add Package install tasks until all the packages are accounted for (Figure D).
- If Profile Manager is used, the enrollment and trust profiles must first be copied to the ConfigurationProfiles directory in the Deploy Studio deployment share before they can be selected in the task (Figure E).
- The last step I like to include in the automation process is the Firmware Security task. While Apple has done a great job at integrating security into its computers, it is all for naught if unauthorized users can gain access by exploiting the lack of a firmware password. This task remedies that and then some by setting a firmware password that prevents access to booting external devices via the Startup Manager (Figure F).
- One tiny but very important detail to mention is that across each task you'll notice a checkbox in the lower left corner titled Automate. For each task to run in sequence—uninterrupted—the Automate box for each task in your workflow must be checked. Click the Save button once completed, and check the Publish box for your newly created workflow to be visible in the DeployStudio runtime console.
Take into consideration certain common sense scenarios prior to cobbling together your masterpiece workflows and unleashing them on a production network. While it may look good on paper so to speak, real-world scenarios introduce variables, which may alter the outcome—including unintended consequences.
Remember to test your workflows individually first, before trying out different mash-ups of settings, configurations, and deployments. Once they're vetted on their own merits, proceed with testing out the automated workflow—and always verify the results. Just because a particular setting works on its own doesn't always mean it will mesh well with others.
What are some of the various workflows you've chained together to make managing your Macs a breeze? Share your tips and best practices below.
- How to install and configure DeployStudio
- How to create DeployStudio-compatible NetBoot images
- How to capture images with DeployStudio
- How to deploy captured images with DeployStudio
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.