TweetFollow Us on Twitter

NetBooting And You

Volume Number: 15 (1999)
Issue Number: 6
Column Tag: ExplainIt

NetBooting and You

by Kenneth Stattenfield

Or, how I learned to stop worrying and love the server

Welcome

Imagine you manage a room of computers in your local junior high school that gets used by different classes of students during each day, sometimes just for word processing or web surfing, and other times for student programming work. After school, games get played on the machines and teachers type up tests and notes. You, as manager, have several problems, and many of them involve somehow making sure that every computer in the lab has the correct software installed, that the folks in front of each computer have access to this software, and that the students can't read the teacher's or other student's documents.

Mac OS X Server, with its NetBoot feature, hopes to make your life a bit easier. It allows you to install software on one computer, once, and have it available on any computer in the room. It allows you to require students and faculty to log in to computers before using them, and gives different users and groups of users access to different applications. Some users might only be allowed to run the applications their teacher has approved; others might be allowed to run anything installed. Since it provides a robust, centralized file server where everyone stores documents, users can sit down in front of any computer and get to their information. And, since it doesn't allow users of the computers to make any permanent changes to the software on any particular computer, there's no risk that a budding prankster in third period will manage to corrupt the installed software so that you have to rush to fix it by fourth period, because a simple restart will restore the computer to the setup you originally created.

NetBoot should also appeal to other users. Businesses seeking to reduce support costs, cyber café's that want to set up a group of computers which can not be corrupted, or developers seeking a quick way to rapidly test applications in a clean environment. This article will give you a background for Mac OS X Server, describe how NetBooting works from a user and a technical perspective. It will also point out some things that you should be aware of as a developer if you want to be NetBoot friendly and point out some developer opportunities that involve NetBoot.

Background

NetBoot is a feature of Mac OS X Server, and is actually a synergy of several of the server features of Mac OS X together with some support in the Open Firmware of recent Macintosh computers and some new additions to Mac OS 8.x system software.

Mac OS X Server also provides web services via an Apache web server, file transfer services via ftp, and a WebObjects 4.0 environment including a 50-transaction-per-minute license and Software Development Kit. Also included is a prerelease of the QuickTime Streaming Server for sending many video and audio streams of data to multiple computers. A full description of Mac OS X Server can be found at <http://www.apple.com/macosx/server/>.

A User's View

When a user sits down in front of a NetBoot computer, the first thing they will notice is that it looks and boots pretty much like every Macintosh. Starting up several computers from a NetBoot server is about as fast as starting up from the local hard disk. Users are asked to login with a username and password, and then find themselves in one of three environments - the standard Finder environment, a "restricted" Finder environment where many commands (such as deleting files) are disabled, or a simplified "Panels" environment. In the "Panels" environment, an administrator has defined exactly what applications are available to a user, and the user sees a series of icon buttons, which they can use to start each allowed application.


Figure 1. Users are required to log in with a name and password before they are allowed to access a NetBooted computer.

When a user logs in, the Macintosh Manager software copies down any saved Preferences and certain other files from the NetBoot server onto the computer, sets up the appearance and desktop for the user, selects the correct printer for this user, and performs other initialization to personalize the computer. When the user logs out by choosing "Quit and Log Out" from the bottom of the File menu in the Finder, or by shutting the machine down, any changed preferences are copied back up to the server, and the computer is returned to a common state.


Figure 2. Users get a progress bar as the system copies down their unique preferences and sets up the computer with their individual settings.

Once in the Finder, the user will see two 'disks' on their desktop with interesting icons - the "Network HD" and the "Applications HD". The "Network HD" is the boot drive and contains a Mac OS 8.5 System Folder and whatever else the administrator has chosen to put there. The Applications HD is read only, and contains the applications which ship with Mac OS 8.5 (Internet Explorer, Outlook Express, etc) and whatever the administrator has put there as well.

Users will notice that if they copy files onto the startup drive, or download files from the internet onto the internal drive, that none of the changes they have made to the startup drive are present after they have restarted the computer. This is especially apparent with extensions, control panels, etc, since they must restart the computer in order to use these items.

Administrators have a significant amount of control over the setup of the computers. Individual users can not install extensions or control panels, nor can they disable the ones that are already installed. Privileges can be set on a per-user or per-group basis, and each user can belong to one or more groups. Users can have print quotas, and might be restricted to certain printers. The also may have file space quotas on the server. A particular user or group might only be allowed to run certain applications. On computers which have CD or floppy drives, their use can be restricted so that only approved CDs are used, or to disallow floppy use entirely. Administrators can also remove, with an extension, the local hard disks from the user desktops.

The risks of viruses are lessened in a NetBoot environment, because end users do not have persistent write access to the boot disk nor to the applications disk. Even if a user manages to infect a particular computer with a conventional virus (like MBDF , upon restarting that computer will throw away every change made by the user (including the complete set of infected applications) and go back to the uninfected setup originally created by the administrator. However, document-based viruses, like Microsoft Word macro viruses, or applications which the users place in their space on the fileserver, will still exist so NetBoot does not entirely eliminate the problems with computer viruses.

Administrators install software by using a utility called the "NetBoot Desktop Administrator" application. When run by an administrator on a NetBoot client, this application places that particular computer into a 'persistent mode', and all future changes made on that computer are preserved across reboots. The administrator can install software, remove software, rearrange or delete files, etc. When happy with the new setup, the administrator runs this application again and commits the changes made so that all users will see them the next time their computers reboot.

The Technical View

A NetBooted computer implements these features in several ways. Only recent Macintosh models iMacs and later) are capable of NetBooting, because the lowest level of support necessary to NetBoot is only implemented in the Open Firmware for these machines at this time. In these machines, at startup the code in Open Firmware will look at where they are suppose to startup from, notice that it is a NetBoot server, and will begin the process by sending out a special Ethernet BootP packet asking if a NetBoot server is available. If there is a server in the same subnet, it will reply to the client with an IP address the client can use as well as information about what disks will appear on the client once it boots. After getting an IP address, a client will download a copy of the Mac OS ROM file from the server and then mount the Network HD and Applications HD disks from the server.


Figure 3. A revised Startup Disk control panel allows users to select a NetBoot server as the startup device.

From the point of view of the Mac OS, the boot and applications disks are using a normal, block oriented disk driver named "LANDisk", which uses an Appleshare File Protocol over IP (AFP/IP) connection to the NetBoot server to get and put data onto the 'disk'. However, this AFP/IP session is distinct from any 'normal' Appleshare session that may be opened on the computer.

At the lowest level, the system is using a special version of the Ethernet hardware driver which can allows the driver for the network disks and Open Transport to share a single IP number. Incoming packets are distinguished based on the protocol and port number. Packets destined for the AFP session for the .LANDisk driver are not visible from Open Transport. The AFP session that is used by the .LANDisk driver is not accessible from within the Mac OS proper.

On the server, the "Application HD" and "Network HD" are stored as uncompressed, read only DiskCopy disk images. A client opens a read-only connection to each of these over the AFP/IP session, and the block driver translates read requests for a given block into a read from a given offset in the appropriate file. The non-persistence of the startup disk is accomplished almost entirely by the client. When a client starts up, if a particular volume is suppose to be non-persistent, then the server gives the client two files for that volume - one is the DiskCopy image, which is opened read only, and the second is an empty, writeable file. The client will write any changes to the disk into this second file. It will read a block from the first file unless the block being read has already been written to, in which case it reads from the second file. This second file essentially becomes a shadow and contains only the changes from the first file. The contents of this second file are discarded whenever the client reboots, so the changes made disappear.

The system also patches a number of traps to force users to log in and log out, and to prevent users from tampering with the system folder in an attempt to circumvent the security of the system.

Compatibility Issues

Hopefully, we at Apple did enough work to maintain compatibility that most Macintosh software should work correctly in the NetBoot environment. However, no system update or change is ever free of changes that can affect the existing base of applications, and this one is no different. In testing the NetBoot environment, we found that most applications worked correctly, although some had minor problems. Applications which attempted to write back to their own data forks failed when placed on the read-only Applications drive, but also would have problems running from a locked fileserver prior to the release of the NetBoot server. We found a few applications which attempted to write back to their own files only on first launch as part of a user personalization or serial number entry process, in which case they would fail.

One of the implications of a NetBoot environment is that the 'local' hard drive is not the primary data storage for a user, since users may move around from computer to computer but want their data always accessible. While the current setup with user files stored on a fileserver volume works ok, it is not necessarily the most appropriate solution. For example, in a NetBoot computer lab it is probably better to set everyone up with email accounts on a IMAP server and have them read their mail with an IMAP client instead of setting everyone up with POP3 accounts. The IMAP architecture has users keep their email on a central server instead of downloading it into a number of private but still server based POP3 databases. You may find that this mentality causes you to rethink how the applications you produce are designed and used.

Things to Think About

There are still some things that you, as a developer, need to be aware of. If you store preferences outside the Preferences folder, then these likely will not be saved and restored for each user as they log in and out. If your preference files are excessively large, then users may complain that your software is causing excessive log in and out times.

If your applications use the local hard drive to cache data, then make sure that the user can control where this cache is created - otherwise, NetBoot users will find that their applications perform poorly as they rebuild this cache each time they use your application.

NetBooting opens new opportunities for developers and value-added resellers. Early on, many of the users of NetBoot setups will be schools or computer lab set-ups. Over time this should increase and may encompass business users, especially in environments where centralized control and workflow management is important. So, a pre-press environment may decide to use a NetBoot server for many of the users in order to insure that every user has exactly the same set of fonts and applications, with the correct versions, running at all times. For example, if schools use the NetBoot architecture, that they may also want to buy good web filtering software (perhaps server based, combined with a good web proxy, since bandwidth is still rather limited in schools).

NetBoot also shifts the focus for where data is stored from local files onto fileservers and onto other kinds of servers. A calendar application which stores all of its data in files in the system folder is not as useful in a NetBoot environment as one which can store data in a file on the fileserver.

It is possible a single user will be logged onto more than one computer at a time. The current NetBoot environment doesn't handle this situation very gracefully, but does allow it to happen. If a user logs onto two computers, and does something that changes a particular file in the Preferences folder on both computers, there is not concept of merging these changes - the files with the later modification file dates will be kept and the earlier ones will be discarded.

For the terminally curious, you can tell if your system is NetBooted with Gestalt().

Boolean IsSystemNetBooted ()
{ long value;
		if ( (Gestalt(gestaltSplitOSAttr, & value ) == noErr) &&
				( value & ( 1 <<
					gestaltSplitOSBootDriveIsNetworkVolume) ) )
		return true;

		return false;
}

There is presently no easy way to tell if the system is booted persistently or non-persistently. Eventually, there will be a gestalt selector with this information.

Documentation and Licensing Issues

You may also want to make changes in the documentation for your products, to indicate whether you have tested them in a NetBoot environment and to detail any oddities during the install or configuration.

Licensing of products for use in the NetBoot environment requires some thought, since the 'same' application is installed once into the master image but then gets used on a number of computers. You might consider selling a license for a single NetBoot server, allowing all clients of the server to use the software, or you may want to recommend a product like KeyServer (from Sassafras Software, <http://www.sassafras.com/>) that can monitor and restrict use to only those number of copies which have been purchased. Licensing is especially important in a regimented environment like a school computer lab, where most users will probably be expected to use the same software simultaneously.

Similarly, applications which require serial numbers and insure that only one copy of the application is running with a given serial number have a serious problem if they write the serial number back into the application's data files, since each computer booted from a NetBoot server will use exactly the same set of applications. To this end, Apple has recommended for some time that applications do not write back to themselves. With the advent of NetBooted computers, it's useful to also add that applications with serial numbers should write their serial numbers to their Preference files. This way, a user who has purchased an application will enter it's serial number when they use the application the first time, and the serial number will move around with them as they log in and out from each computer.

Future Directions

On the client side, Apple expects to eliminate the necessity of copying preference and other files back and forth as users log in and out. In order to do this, we will change FindFolder() so that it returns a vRefNum and dirID which point to a folder on a server when you call FindFolder ( kOnSystemDisk, kPreferencesFolderType, ... ). Your code must use both the vRefNum and dirID returned by FindFolder in all cases. Do not assume that the vRefNum for special folders, including those in the system folder, is -1.

Future versions of the Mac OS may include more security, both to prevent one user from accessing the files and folders of another user, as well as protecting some parts of the system (like the System Folder) from being accessed by users who do not have the authority to make changes to the computer.

Many users have also requested that NetBoot client computers use DHCP instead of BootP to acquire their IP address, and this is something which Apple is looking into doing in a future version. Additional authentication, and opening up the authentication that is provided, is also being considered.

On the server side, any move to DHCP would have to be mirrored with DHCP support and the user interface changes to configure DHCP. It is also desired to produce a solution that can run with IP only, eliminating the need to use AppleTalk in a NetBoot setup. Also, future versions of Mac OS X server should support gigabit Ethernet and more networking connectivity.

Wrapping Up

NetBooting is a new capability for Macintosh computers. At the moment, it will appeal most to administrators and to lab-type computer settings, but over time, as more Macintosh computers are capable of being booted from the Network and as fast, ubiquitous networks begin to appear, the ability for users to get to their data in a seamless way no matter where they happen to be will become very important. Your applications probably already work in a NetBoot environment, but with a little work you may be able to give your users a fabulous experience.


Keith Stattenfield toils within the castle walls of Apple Computer in Cupertino, California, fixing bugs and misfeatures in each Mac OS 8.x release. His exploits can be observed in real time at <http://www.stattenfield.org/keithcam/>

 
AAPL
$102.29
Apple Inc.
+1.40
MSFT
$44.80
Microsoft Corpora
-0.21
GOOG
$573.85
Google Inc.
-4.01

MacTech Search:
Community Search:

Software Updates via MacUpdate

Cocktail 7.6 - General maintenance and o...
Cocktail is a general purpose utility for OS X that lets you clean, repair and optimize your Mac. It is a powerful digital toolset that helps hundreds of thousands of Mac users around the world get... Read more
LaunchBar 6.1 - Powerful file/URL/email...
LaunchBar is an award-winning productivity utility that offers an amazingly intuitive and efficient way to search and access any kind of information stored on your computer or on the Web. It provides... Read more
Maya 2015 - Professional 3D modeling and...
Maya is an award-winning software and powerful, integrated 3D modeling, animation, visual effects, and rendering solution. Because Maya is based on an open architecture, all your work can be scripted... Read more
BBEdit 10.5.12 - Powerful text and HTML...
BBEdit is the leading professional HTML and text editor for the Mac. Specifically crafted in response to the needs of Web authors and software developers, this award-winning product provides a... Read more
Microsoft Office 2011 14.4.4 - Popular p...
Microsoft Office 2011 helps you create professional documents and presentations. And since Office for Mac 2011 is compatible with Office for Windows, you can work on documents with virtually anyone... Read more
TextWrangler 4.5.10 - Free general purpo...
TextWrangler is the powerful general purpose text editor, and Unix and server administrator's tool. Oh, and also, like the best things in life, it's free. TextWrangler is the "little brother" to... Read more
BitTorrent Sync 1.4.72 - Sync files secu...
BitTorrent Sync allows you to sync unlimited files between your own devices, or share a folder with friends and family to automatically sync anything. File transfers are encrypted. Your information... Read more
Cyberduck 4.5.2 - FTP and SFTP browser....
Cyberduck is a robust FTP/FTP-TLS/SFTP browser for the Mac whose lack of visual clutter and cleverly intuitive features make it easy to use. Support for external editors and system technologies such... Read more
Tinderbox 6.0.3 - Store and organize you...
Tinderbox is a personal content management assistant. It stores your notes, ideas, and plans. It can help you organize and understand them. And Tinderbox helps you share ideas through Web journals... Read more
Adobe Photoshop CC 2014 15.1.0 - Profess...
Photoshop CC 2014 is available as part of Adobe Creative Cloud for as little as $19.99/month (or $9.99/month if you're a previous Photoshop customer). Photoshop CS6 is still available for purchase (... Read more

Latest Forum Discussions

See All

Spooklands Review
Spooklands Review By Jennifer Allen on August 27th, 2014 Our Rating: :: ONE-TOUCH SHOOTERUniversal App - Designed for iPhone and iPad One-touch simultaneously controls your direction and your weapon in this unique arena shooter.   | Read more »
Heroes of Order & Chaos Add Twitch I...
Heroes of Order & Chaos Add Twitch Integration, New Heroes, and More Posted by Ellis Spice on August 27th, 2014 [ permalink ] | Read more »
Appointment With F.E.A.R Review
Appointment With F.E.A.R Review By Jennifer Allen on August 27th, 2014 Our Rating: :: CAMP DELIGHTUniversal App - Designed for iPhone and iPad Ever wanted to be a superhero? Appointment With F.E.A.R is a fine way to live that dream... | Read more »
Ultra Drift Review
Ultra Drift Review By Rob Thomas on August 27th, 2014 Our Rating: :: ULTRA DULLUniversal App - Designed for iPhone and iPad Ultra Drift is fine in concept, but the execution runs head-first into the wall. And so will you. Over and... | Read more »
Star Walk 2 is Like Stargazing with Neil...
Star Walk 2 is Like Stargazing with Neil DeGrasse Tyson in Your Pocket Posted by Jessica Fisher on August 27th, 2014 [ permalink ] | Read more »
Watch the World Go By Really Fast with I...
Watch the World Go By Really Fast with Instagram’s New Hyperlapse Posted by Jessica Fisher on August 27th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
The Walking Dead Pinball (Games)
The Walking Dead Pinball 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: Zen Studios, Telltale Games, and Skybound Entertainment partner to create all-new table based on the 'Game of the... | Read more »
Ninja Smasher! (Games)
Ninja Smasher! 1.00 Device: iOS Universal Category: Games Price: $1.99, Version: 1.00 (iTunes) Description: Series total 300,000DL and Previous game "Ninja Striker!" got 1st in Japan!Q-Cumber Factory’s "Ninja" series’s recent game... | Read more »
WhatWatt Review
WhatWatt Review By Jennifer Allen on August 27th, 2014 Our Rating: :: UNTAPPED POTENTIALiPhone App - Designed for the iPhone, compatible with the iPad Want to know how much your devices are costing you to run? WhatWatt goes some... | Read more »
Appointment With F.E.A.R. (Games)
Appointment With F.E.A.R. 1.02 Device: iOS Universal Category: Games Price: $2.99, Version: 1.02 (iTunes) Description: Travel back to the 1980s as a superpowered defender of justice in this all-new edition of Steve Jackson's... | Read more »

Price Scanner via MacPrices.net

The iPad’s Real Competitive Challenger (Not S...
It’s been my contention for some time that the iPad is suffering from something of an identity crisis, and I suspect that may be a factor in slackening sales this year. Apple can’t seem to decide... Read more
13-inch 2.6GHz/256GB Retina MacBook Pro on sa...
B&H Photo has the 13″ 2.6GHz/256GB Retina MacBook Pro on sale for $1379 including free shipping plus NY sales tax only. Their price is $120 off MSRP. Read more
Life Inventory iOS Apps – Learn to Know Thyse...
James Hollender’s Life Inventory apps s are now on sale with 20% off thru Labor Day, 09/01/2014. This is a great opportunity to get started on that Moral Inventory you’ve been putting off doing for... Read more
Pocket Watch, LLC. Reveals Cloud Server For P...
Beaumont, Texas based Pocket Watch, LLC. has announced the availability of its new ActivePrint Cloud Server Powered by Raspberry Pi. With this small standalone box almost any USB printer or available... Read more
902it Simplifies Area Code Changes For Nova S...
The east coast Canadian provinces of Nova Scotia and Prince Edward Island are phasing in 10 digit telephone dialing, to be fully in place by November, in order to accommodate a second area code to... Read more
Boomerang iPad Stand Mounts Your iPad Anywher...
Boomerang, a Mountable Stand with Multiple Viewing Angles, is now available for iPad Air. Boomerang combines several functions that aim to expand your iPad’s potential in one, elegant product. The... Read more
Retina MacBook Pros available starting at $10...
The Apple Store has Apple Certified Refurbished 13″ and 15″ MacBook Pros available starting at $929. Apple’s one-year warranty is standard, and shipping is free: - 13″ 2.5GHz MacBook Pros (4GB RAM/... Read more
Apple 27-inch Thunderbolt Display (refurbishe...
The Apple Store has Apple Certified Refurbished 27″ Thunderbolt Displays available for $799 including free shipping. That’s $200 off the cost of new models. Read more
Apple offers free $25 iTunes gift card with p...
The Apple Store is offering a free $25 iTunes Gift Card with the purchase of a $99 Apple TV for a limited time. Shipping is free. Read more
Apple’s 2014 Back to School promotion: $100 g...
 Apple’s 2014 Back to School promotion includes a free $100 App Store Gift Card with the purchase of any new Mac (Mac mini excluded), or a $50 Gift Card with the purchase of an iPad or iPhone,... Read more

Jobs Board

*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
*Apple* Solutions Consultant (ASC) - Apple (...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
Project Manager / Business Analyst, WW *Appl...
…a senior project manager / business analyst to work within our Worldwide Apple Fulfillment Operations and the Business Process Re-engineering team. This role will work Read more
Position Opening at *Apple* - Apple (United...
…customers purchase our products, you're the one who helps them get more out of their new Apple technology. Your day in the Apple Store is filled with a range of Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.