TweetFollow Us on Twitter

NetBooting And You

Volume Number: 15 (1999)
Issue Number: 6
Column Tag: ExplainIt

NetBooting and You

by Kenneth Stattenfield

Or, how I learned to stop worrying and love the server

Welcome

Imagine you manage a room of computers in your local junior high school that gets used by different classes of students during each day, sometimes just for word processing or web surfing, and other times for student programming work. After school, games get played on the machines and teachers type up tests and notes. You, as manager, have several problems, and many of them involve somehow making sure that every computer in the lab has the correct software installed, that the folks in front of each computer have access to this software, and that the students can't read the teacher's or other student's documents.

Mac OS X Server, with its NetBoot feature, hopes to make your life a bit easier. It allows you to install software on one computer, once, and have it available on any computer in the room. It allows you to require students and faculty to log in to computers before using them, and gives different users and groups of users access to different applications. Some users might only be allowed to run the applications their teacher has approved; others might be allowed to run anything installed. Since it provides a robust, centralized file server where everyone stores documents, users can sit down in front of any computer and get to their information. And, since it doesn't allow users of the computers to make any permanent changes to the software on any particular computer, there's no risk that a budding prankster in third period will manage to corrupt the installed software so that you have to rush to fix it by fourth period, because a simple restart will restore the computer to the setup you originally created.

NetBoot should also appeal to other users. Businesses seeking to reduce support costs, cyber café's that want to set up a group of computers which can not be corrupted, or developers seeking a quick way to rapidly test applications in a clean environment. This article will give you a background for Mac OS X Server, describe how NetBooting works from a user and a technical perspective. It will also point out some things that you should be aware of as a developer if you want to be NetBoot friendly and point out some developer opportunities that involve NetBoot.

Background

NetBoot is a feature of Mac OS X Server, and is actually a synergy of several of the server features of Mac OS X together with some support in the Open Firmware of recent Macintosh computers and some new additions to Mac OS 8.x system software.

Mac OS X Server also provides web services via an Apache web server, file transfer services via ftp, and a WebObjects 4.0 environment including a 50-transaction-per-minute license and Software Development Kit. Also included is a prerelease of the QuickTime Streaming Server for sending many video and audio streams of data to multiple computers. A full description of Mac OS X Server can be found at <http://www.apple.com/macosx/server/>.

A User's View

When a user sits down in front of a NetBoot computer, the first thing they will notice is that it looks and boots pretty much like every Macintosh. Starting up several computers from a NetBoot server is about as fast as starting up from the local hard disk. Users are asked to login with a username and password, and then find themselves in one of three environments - the standard Finder environment, a "restricted" Finder environment where many commands (such as deleting files) are disabled, or a simplified "Panels" environment. In the "Panels" environment, an administrator has defined exactly what applications are available to a user, and the user sees a series of icon buttons, which they can use to start each allowed application.


Figure 1. Users are required to log in with a name and password before they are allowed to access a NetBooted computer.

When a user logs in, the Macintosh Manager software copies down any saved Preferences and certain other files from the NetBoot server onto the computer, sets up the appearance and desktop for the user, selects the correct printer for this user, and performs other initialization to personalize the computer. When the user logs out by choosing "Quit and Log Out" from the bottom of the File menu in the Finder, or by shutting the machine down, any changed preferences are copied back up to the server, and the computer is returned to a common state.


Figure 2. Users get a progress bar as the system copies down their unique preferences and sets up the computer with their individual settings.

Once in the Finder, the user will see two 'disks' on their desktop with interesting icons - the "Network HD" and the "Applications HD". The "Network HD" is the boot drive and contains a Mac OS 8.5 System Folder and whatever else the administrator has chosen to put there. The Applications HD is read only, and contains the applications which ship with Mac OS 8.5 (Internet Explorer, Outlook Express, etc) and whatever the administrator has put there as well.

Users will notice that if they copy files onto the startup drive, or download files from the internet onto the internal drive, that none of the changes they have made to the startup drive are present after they have restarted the computer. This is especially apparent with extensions, control panels, etc, since they must restart the computer in order to use these items.

Administrators have a significant amount of control over the setup of the computers. Individual users can not install extensions or control panels, nor can they disable the ones that are already installed. Privileges can be set on a per-user or per-group basis, and each user can belong to one or more groups. Users can have print quotas, and might be restricted to certain printers. The also may have file space quotas on the server. A particular user or group might only be allowed to run certain applications. On computers which have CD or floppy drives, their use can be restricted so that only approved CDs are used, or to disallow floppy use entirely. Administrators can also remove, with an extension, the local hard disks from the user desktops.

The risks of viruses are lessened in a NetBoot environment, because end users do not have persistent write access to the boot disk nor to the applications disk. Even if a user manages to infect a particular computer with a conventional virus (like MBDF , upon restarting that computer will throw away every change made by the user (including the complete set of infected applications) and go back to the uninfected setup originally created by the administrator. However, document-based viruses, like Microsoft Word macro viruses, or applications which the users place in their space on the fileserver, will still exist so NetBoot does not entirely eliminate the problems with computer viruses.

Administrators install software by using a utility called the "NetBoot Desktop Administrator" application. When run by an administrator on a NetBoot client, this application places that particular computer into a 'persistent mode', and all future changes made on that computer are preserved across reboots. The administrator can install software, remove software, rearrange or delete files, etc. When happy with the new setup, the administrator runs this application again and commits the changes made so that all users will see them the next time their computers reboot.

The Technical View

A NetBooted computer implements these features in several ways. Only recent Macintosh models iMacs and later) are capable of NetBooting, because the lowest level of support necessary to NetBoot is only implemented in the Open Firmware for these machines at this time. In these machines, at startup the code in Open Firmware will look at where they are suppose to startup from, notice that it is a NetBoot server, and will begin the process by sending out a special Ethernet BootP packet asking if a NetBoot server is available. If there is a server in the same subnet, it will reply to the client with an IP address the client can use as well as information about what disks will appear on the client once it boots. After getting an IP address, a client will download a copy of the Mac OS ROM file from the server and then mount the Network HD and Applications HD disks from the server.


Figure 3. A revised Startup Disk control panel allows users to select a NetBoot server as the startup device.

From the point of view of the Mac OS, the boot and applications disks are using a normal, block oriented disk driver named "LANDisk", which uses an Appleshare File Protocol over IP (AFP/IP) connection to the NetBoot server to get and put data onto the 'disk'. However, this AFP/IP session is distinct from any 'normal' Appleshare session that may be opened on the computer.

At the lowest level, the system is using a special version of the Ethernet hardware driver which can allows the driver for the network disks and Open Transport to share a single IP number. Incoming packets are distinguished based on the protocol and port number. Packets destined for the AFP session for the .LANDisk driver are not visible from Open Transport. The AFP session that is used by the .LANDisk driver is not accessible from within the Mac OS proper.

On the server, the "Application HD" and "Network HD" are stored as uncompressed, read only DiskCopy disk images. A client opens a read-only connection to each of these over the AFP/IP session, and the block driver translates read requests for a given block into a read from a given offset in the appropriate file. The non-persistence of the startup disk is accomplished almost entirely by the client. When a client starts up, if a particular volume is suppose to be non-persistent, then the server gives the client two files for that volume - one is the DiskCopy image, which is opened read only, and the second is an empty, writeable file. The client will write any changes to the disk into this second file. It will read a block from the first file unless the block being read has already been written to, in which case it reads from the second file. This second file essentially becomes a shadow and contains only the changes from the first file. The contents of this second file are discarded whenever the client reboots, so the changes made disappear.

The system also patches a number of traps to force users to log in and log out, and to prevent users from tampering with the system folder in an attempt to circumvent the security of the system.

Compatibility Issues

Hopefully, we at Apple did enough work to maintain compatibility that most Macintosh software should work correctly in the NetBoot environment. However, no system update or change is ever free of changes that can affect the existing base of applications, and this one is no different. In testing the NetBoot environment, we found that most applications worked correctly, although some had minor problems. Applications which attempted to write back to their own data forks failed when placed on the read-only Applications drive, but also would have problems running from a locked fileserver prior to the release of the NetBoot server. We found a few applications which attempted to write back to their own files only on first launch as part of a user personalization or serial number entry process, in which case they would fail.

One of the implications of a NetBoot environment is that the 'local' hard drive is not the primary data storage for a user, since users may move around from computer to computer but want their data always accessible. While the current setup with user files stored on a fileserver volume works ok, it is not necessarily the most appropriate solution. For example, in a NetBoot computer lab it is probably better to set everyone up with email accounts on a IMAP server and have them read their mail with an IMAP client instead of setting everyone up with POP3 accounts. The IMAP architecture has users keep their email on a central server instead of downloading it into a number of private but still server based POP3 databases. You may find that this mentality causes you to rethink how the applications you produce are designed and used.

Things to Think About

There are still some things that you, as a developer, need to be aware of. If you store preferences outside the Preferences folder, then these likely will not be saved and restored for each user as they log in and out. If your preference files are excessively large, then users may complain that your software is causing excessive log in and out times.

If your applications use the local hard drive to cache data, then make sure that the user can control where this cache is created - otherwise, NetBoot users will find that their applications perform poorly as they rebuild this cache each time they use your application.

NetBooting opens new opportunities for developers and value-added resellers. Early on, many of the users of NetBoot setups will be schools or computer lab set-ups. Over time this should increase and may encompass business users, especially in environments where centralized control and workflow management is important. So, a pre-press environment may decide to use a NetBoot server for many of the users in order to insure that every user has exactly the same set of fonts and applications, with the correct versions, running at all times. For example, if schools use the NetBoot architecture, that they may also want to buy good web filtering software (perhaps server based, combined with a good web proxy, since bandwidth is still rather limited in schools).

NetBoot also shifts the focus for where data is stored from local files onto fileservers and onto other kinds of servers. A calendar application which stores all of its data in files in the system folder is not as useful in a NetBoot environment as one which can store data in a file on the fileserver.

It is possible a single user will be logged onto more than one computer at a time. The current NetBoot environment doesn't handle this situation very gracefully, but does allow it to happen. If a user logs onto two computers, and does something that changes a particular file in the Preferences folder on both computers, there is not concept of merging these changes - the files with the later modification file dates will be kept and the earlier ones will be discarded.

For the terminally curious, you can tell if your system is NetBooted with Gestalt().

Boolean IsSystemNetBooted ()
{ long value;
		if ( (Gestalt(gestaltSplitOSAttr, & value ) == noErr) &&
				( value & ( 1 <<
					gestaltSplitOSBootDriveIsNetworkVolume) ) )
		return true;

		return false;
}

There is presently no easy way to tell if the system is booted persistently or non-persistently. Eventually, there will be a gestalt selector with this information.

Documentation and Licensing Issues

You may also want to make changes in the documentation for your products, to indicate whether you have tested them in a NetBoot environment and to detail any oddities during the install or configuration.

Licensing of products for use in the NetBoot environment requires some thought, since the 'same' application is installed once into the master image but then gets used on a number of computers. You might consider selling a license for a single NetBoot server, allowing all clients of the server to use the software, or you may want to recommend a product like KeyServer (from Sassafras Software, <http://www.sassafras.com/>) that can monitor and restrict use to only those number of copies which have been purchased. Licensing is especially important in a regimented environment like a school computer lab, where most users will probably be expected to use the same software simultaneously.

Similarly, applications which require serial numbers and insure that only one copy of the application is running with a given serial number have a serious problem if they write the serial number back into the application's data files, since each computer booted from a NetBoot server will use exactly the same set of applications. To this end, Apple has recommended for some time that applications do not write back to themselves. With the advent of NetBooted computers, it's useful to also add that applications with serial numbers should write their serial numbers to their Preference files. This way, a user who has purchased an application will enter it's serial number when they use the application the first time, and the serial number will move around with them as they log in and out from each computer.

Future Directions

On the client side, Apple expects to eliminate the necessity of copying preference and other files back and forth as users log in and out. In order to do this, we will change FindFolder() so that it returns a vRefNum and dirID which point to a folder on a server when you call FindFolder ( kOnSystemDisk, kPreferencesFolderType, ... ). Your code must use both the vRefNum and dirID returned by FindFolder in all cases. Do not assume that the vRefNum for special folders, including those in the system folder, is -1.

Future versions of the Mac OS may include more security, both to prevent one user from accessing the files and folders of another user, as well as protecting some parts of the system (like the System Folder) from being accessed by users who do not have the authority to make changes to the computer.

Many users have also requested that NetBoot client computers use DHCP instead of BootP to acquire their IP address, and this is something which Apple is looking into doing in a future version. Additional authentication, and opening up the authentication that is provided, is also being considered.

On the server side, any move to DHCP would have to be mirrored with DHCP support and the user interface changes to configure DHCP. It is also desired to produce a solution that can run with IP only, eliminating the need to use AppleTalk in a NetBoot setup. Also, future versions of Mac OS X server should support gigabit Ethernet and more networking connectivity.

Wrapping Up

NetBooting is a new capability for Macintosh computers. At the moment, it will appeal most to administrators and to lab-type computer settings, but over time, as more Macintosh computers are capable of being booted from the Network and as fast, ubiquitous networks begin to appear, the ability for users to get to their data in a seamless way no matter where they happen to be will become very important. Your applications probably already work in a NetBoot environment, but with a little work you may be able to give your users a fabulous experience.


Keith Stattenfield toils within the castle walls of Apple Computer in Cupertino, California, fixing bugs and misfeatures in each Mac OS 8.x release. His exploits can be observed in real time at <http://www.stattenfield.org/keithcam/>

 
AAPL
$119.00
Apple Inc.
+1.40
MSFT
$47.75
Microsoft Corpora
+0.28
GOOG
$540.37
Google Inc.
-0.71

MacTech Search:
Community Search:

Software Updates via MacUpdate

HoudahSpot 3.9.6 - Advanced file search...
HoudahSpot is a powerful file search tool built upon MacOS X Spotlight. Spotlight unleashed Create detailed queries to locate the exact file you need Narrow down searches. Zero in on files Save... Read more
RapidWeaver 6.0.3 - Create template-base...
RapidWeaver is a next-generation Web design application to help you easily create professional-looking Web sites in minutes. No knowledge of complex code is required, RapidWeaver will take care of... Read more
iPhoto Library Manager 4.1.10 - Manage m...
iPhoto Library Manager lets you organize your photos into multiple iPhoto libraries. Separate your high school and college photos from your latest summer vacation pictures. Or keep some photo... Read more
iExplorer 3.5.1.9 - View and transfer al...
iExplorer is an iPhone browser for Mac lets you view the files on your iOS device. By using a drag and drop interface, you can quickly copy files and folders between your Mac and your iPhone or... Read more
MacUpdate Desktop 6.0.3 - Discover and i...
MacUpdate Desktop 6 brings seamless 1-click installs and version updates to your Mac. With a free MacUpdate account and MacUpdate Desktop 6, Mac users can now install almost any Mac app on macupdate.... Read more
SteerMouse 4.2.2 - Powerful third-party...
SteerMouse is an advanced driver for USB and Bluetooth mice. It also supports Apple Mighty Mouse very well. SteerMouse can assign various functions to buttons that Apple's software does not allow,... Read more
iMazing 1.1 - Complete iOS device manage...
iMazing (was DiskAid) is the ultimate iOS device manager with capabilities far beyond what iTunes offers. With iMazing and your iOS device (iPhone, iPad, or iPod), you can: Copy music to and from... Read more
PopChar X 7.0 - Floating window shows av...
PopChar X helps you get the most out of your font collection. With its crystal-clear interface, PopChar X provides a frustration-free way to access any font's special characters. Expanded... Read more
Carbon Copy Cloner 4.0.3 - Easy-to-use b...
Carbon Copy Cloner backups are better than ordinary backups. Suppose the unthinkable happens while you're under deadline to finish a project: your Mac is unresponsive and all you hear is an ominous,... Read more
ForeverSave 2.1.3 - Universal auto-save...
ForeverSave auto-saves all documents you're working on while simultaneously doing backup versioning in the background. Lost data can be quickly restored at any time. Losing data, caused by... Read more

Latest Forum Discussions

See All

Make Way for Fat Chicken, from the Maker...
Make Way for Fat Chicken, from the Makers of Scrap Squad Posted by Jessica Fisher on November 26th, 2014 [ permalink ] Relevant Games has announced they will be releasing their reverse tower defense game, | Read more »
Tripnary Review
Tripnary Review By Jennifer Allen on November 26th, 2014 Our Rating: :: TRAVEL BUCKET LISTiPhone App - Designed for the iPhone, compatible with the iPad Want to create a travel bucket list? Tripnary is a fun way to do exactly that... | Read more »
Ossian Studios’ RPG, The Shadow Sun, is...
Ossian Studios’ RPG, The Shadow Sun, is Now Available for $4.99 Posted by Jessica Fisher on November 26th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Mmmm, Tasty – Having the Angry Birds for...
The very first Angry Birds debuted on iOS back in 2009. When you sit back and tally up the number of Angry Birds games out there and the impact they’ve had on pop culture as a whole, you just need to ask yourself: “How would the birds taste... | Read more »
Rescue Quest Review
Rescue Quest Review By Jennifer Allen on November 26th, 2014 Our Rating: :: PATH BASED MATCH-3Universal App - Designed for iPhone and iPad Guide a wizard to safety by matching gems. Rescue Quest might not be an entirely original... | Read more »
You Can Play the Final Chapter of Lone W...
You Can Play the Final Chapter of Lone Wolf: Dawn Over V’taag Right Now Posted by Jessica Fisher on November 26th, 2014 [ permalink ] Universal App - Designed for iPhone and iPad | Read more »
Swords of Anima (Games)
Swords of Anima 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: A new tactical turn-based RPG experience. Command the Savior Rex Squad in an epic journey of courage and deception. Can you... | Read more »
Audio Defence: Zombie Arena
Audio Defence: Zombie Arena By Lee Hamlet on November 26th, 2014 Our Rating: :: DRAGS ITS FEETUniversal App - Designed for iPhone and iPad From the makers of Papa Sangre comes a defense game that forces players to listen carefully... | Read more »
Tales from the Borderland​s Will be Comi...
Tales from the Borderland​s Will be Coming to iOS by the End of the Year Posted by Jessica Fisher on November 26th, 2014 [ permalink ] Telltale Games has announced | Read more »
Sunburn! Review
Sunburn! Review By Campbell Bird on November 26th, 2014 Our Rating: :: DON'T DIE ALONEUniversal App - Designed for iPhone and iPad Platform through the depths of space to make sure your entire crew dies together in this satisfying... | Read more »

Price Scanner via MacPrices.net

2014 1.4GHz Mac mini on sale for $449, save $...
 B&H Photo has the new 1.4GHz Mac mini on sale for $449.99 including free shipping plus NY tax only. Their price is $50 off MSRP, and it’s the lowest price available for this new model. Adorama... Read more
Early Black Friday pricing on 27-inch 5K iMac...
 B&H Photo continues to offer Black Friday sale prices on the 27″ 3.5GHz 5K iMac, in stock today and on sale for $2299 including free shipping plus NY sales tax only. Their price is $200 off MSRP... Read more
Early Black Friday sale prices on iPad Air 2,...
 MacMall is discounting iPad Air 2s by up to $75 off MSRP as part of their Black Friday sale. Shipping is free: - 16GB iPad Air WiFi: $459 $40 off - 64GB iPad Air WiFi: $559 $40 off - 128GB iPad Air... Read more
Early Black Friday MacBook Air sale prices, $...
 MacMall has posted early Black Friday MacBook Air sale prices. Save $101 on all models for a limited time: - 11″ 1.4GHz/128GB MacBook Air: $798 - 11″ 1.4GHz/256GB MacBook Air: $998 - 13″ 1.4GHz/... Read more
Why iPhone 6 Tablet/Laptop Cannibalization Is...
247wallst.com blogger Douglas A. McIntyre noted last week that according to research posted on the Applovin blog site the iPhone 6 is outselling the iPhone 6 Plus by a wide margin . Hardly a surprise... Read more
Worldwide Tablet Growth Expected to Slow to 7...
The global tablet market is expected to record massive deceleration in 2014 with year-over-year growth slowing to 7.2%, down from 52.5% in 2013, according to a new forecast from International Data... Read more
Touchscreen Glove Company Announces New Produ...
Surrey, United Kingdom based TouchAbility specializes in design and manufacture of a wide variety of products compatible with touchscreen devices including smartphones, tablets and computers. Their... Read more
OtterBox Alpha Glass Screen Protectors for iP...
To complement the bigger, sharper displays on the latest Apple devices, OtterBox has introduced Alpha Glass screen protectors to the iPhone 6 and iPhone 6 Plus. The fortified glass screen protectors... Read more
Early Black Friday Mac Pro sale, 6-Core 3.5GH...
 B&H Photo has the 6-Core 3.5GHz Mac Pro on sale today for $3499 including free shipping plus NY sales tax. Their price is $500 off MSRP, and it’s the lowest price available for this model from... Read more
Early Black Friday sale price: 15-inch 2.2GHz...
 B&H Photo has the 2014 15″ 2.2GHz Retina MacBook Pro on sale today for $1699.99. Shipping is free, and B&H charges NY sales tax only. Their price is $300 off MSRP, equalling Best Buy’s price... Read more

Jobs Board

*Apple* Solutions Consultant (ASC) - Apple (...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
*Apple* Solutions Consultant (ASC) - Apple (...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
*Apple* Solutions Consultant (ASC) - Apple (...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.