The macOS content cache service's default configurations aren't one-size-fits-all. Learn how to use Apple's advanced configurations to adapt to any enterprise network.
Apple's content cache server was transitioned to macOS as a desktop feature way back in 10.13.4. By doing so, the content cache service can now be made available on any Mac computer to facilitate caching of apps, updates, and iCloud data for networks of all shapes and sizes.
And while the service does a remarkable job of positioning itself to the best location on the network to optimize content delivery, on networks with greater security in place, such as those of the larger enterprises, Apple has included additional management options that may be configured to get the most out of your cache servers when multiple ones are implemented.
Among the features that are configurable to find the setup that works best for your environment, network admins will be able to utilize a round-robin clustering model, IP range designations to allow or limit certain networks from accessing certain cache servers, or even the ability to specify parent and peer cache servers. This will allow the cache services to communicate directly with one another in order to obtain cached content that may be available on one device and not another, or simply to request it though a parent device so as to limit the number of externally accessible devices on the network.
SEE: How to choose between Windows, macOS, and Linux (free PDF) (TechRepublic)
Requirements to facilitating these advanced features
Before moving forward, there are a few requirements that must be met in order to facilitate these advanced features. Some of these features will only be useful if multiple cache servers or networks on multiple IP ranges are in use.
- Mac computer running 10.13.4 (or later)
- Content Cache Service enabled
- Switched network
- Internet access (optional for LAN devices, but required for upstream devices communicating directly with Apple's Update Servers)
- Admin credentials
How to enable parent selection
- Log on to the Mac with an admin level account and go to System Preferences | Sharing.
- Click on Content Caching to highlight it. Press and hold the Option key, and the Options button will change to Advanced Options. Click it to bring up additional settings.
- Click on the Parents tab and select the + sign to add the IP address of any parent devices that will be queried by cache servers on the network to either obtain previously cached content from them or to request upstream data on behalf of the network.
- Under Parent Policy, select the type of policy you wish to implement for the parent servers. Depending on your environment's needs, one type of policy will be more beneficial than others. Below is a list of descriptors for each type:
- First-available: Always uses the first parent in the list each time, then goes in sequence if the previous is unavailable. This means that depending on availability, the same device may or may not be used. This may be useful when selecting primary, secondary, etc.
- URL-path-hash: Includes a hash of the URL path so that specified URLs always use the same parent.
- Random: An available parent is chosen at random.
- Round-robin: All parents are rotated in order as a form of load balancing.
- Sticky-available: Always uses the first device on the parent list exclusively and continues to use it until it is no longer available before moving on to the next, and so on.
5. Click OK to save settings, then restart the content service.
How to configure client settings for cache access
1. From the Advanced Options section, click on the Clients tab. Select the drop-down menu next to Cache content for to select which devices the cache will service:
- Devices using the same public IP address: Clients under the same public IP address.
- Devices using the same local networks: Clients on the same network segment as the cache.
- Devices using custom local networks: Clients on separate network segments as the cache.
- Devices using custom local networks with fallback: Combines the second and third selections.
While many environments will do well to go with choice one or two, some with advanced configurations will require additional setup.
2. Next to My Local Networks, select the drop-down menu to choose the option that describes your network setup:
- Use one public IP address: Used for networks with one default public-facing IP address that is discoverable automatically.
- Use custom public IP addresses: Used when multiple public IP addresses are set or if additional DNS settings are required.
3. If necessary, click the + sign to add individual IP addresses or ranges beginning with the start and ending IPs. The devices in these ranges will be granted access to the cached content on this server only. This is useful when implementing multiple devices to ensure that the load gets balanced between floors or buildings and remote sites.
4. Once configured correctly, click the OK button to save changes. It is recommended to restart the caching services when changes are made to the scope of delivery.
Note: The DNS Configuration button is only made available when the "use custom public IP addresses" option is used. By clicking this button, the server will generate a DNS TXT record that should be used to update the DNS server(s) for your organization to allow clients to find the content cache server on your network.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- macOS Mojave: A guide for IT leaders (TechRepublic Premium)
- The death of macOS Server (ZDNet)
- Why the Mac you know has no future (ZDNet)
- The best password managers of 2019 (CNET)
- Apple: More must-read coverage (TechRepublic on Flipboard)