TweetFollow Us on Twitter

NetBooting And You

Volume Number: 15 (1999)
Issue Number: 6
Column Tag: ExplainIt

NetBooting and You

by Kenneth Stattenfield

Or, how I learned to stop worrying and love the server

Welcome

Imagine you manage a room of computers in your local junior high school that gets used by different classes of students during each day, sometimes just for word processing or web surfing, and other times for student programming work. After school, games get played on the machines and teachers type up tests and notes. You, as manager, have several problems, and many of them involve somehow making sure that every computer in the lab has the correct software installed, that the folks in front of each computer have access to this software, and that the students can't read the teacher's or other student's documents.

Mac OS X Server, with its NetBoot feature, hopes to make your life a bit easier. It allows you to install software on one computer, once, and have it available on any computer in the room. It allows you to require students and faculty to log in to computers before using them, and gives different users and groups of users access to different applications. Some users might only be allowed to run the applications their teacher has approved; others might be allowed to run anything installed. Since it provides a robust, centralized file server where everyone stores documents, users can sit down in front of any computer and get to their information. And, since it doesn't allow users of the computers to make any permanent changes to the software on any particular computer, there's no risk that a budding prankster in third period will manage to corrupt the installed software so that you have to rush to fix it by fourth period, because a simple restart will restore the computer to the setup you originally created.

NetBoot should also appeal to other users. Businesses seeking to reduce support costs, cyber café's that want to set up a group of computers which can not be corrupted, or developers seeking a quick way to rapidly test applications in a clean environment. This article will give you a background for Mac OS X Server, describe how NetBooting works from a user and a technical perspective. It will also point out some things that you should be aware of as a developer if you want to be NetBoot friendly and point out some developer opportunities that involve NetBoot.

Background

NetBoot is a feature of Mac OS X Server, and is actually a synergy of several of the server features of Mac OS X together with some support in the Open Firmware of recent Macintosh computers and some new additions to Mac OS 8.x system software.

Mac OS X Server also provides web services via an Apache web server, file transfer services via ftp, and a WebObjects 4.0 environment including a 50-transaction-per-minute license and Software Development Kit. Also included is a prerelease of the QuickTime Streaming Server for sending many video and audio streams of data to multiple computers. A full description of Mac OS X Server can be found at <http://www.apple.com/macosx/server/>.

A User's View

When a user sits down in front of a NetBoot computer, the first thing they will notice is that it looks and boots pretty much like every Macintosh. Starting up several computers from a NetBoot server is about as fast as starting up from the local hard disk. Users are asked to login with a username and password, and then find themselves in one of three environments - the standard Finder environment, a "restricted" Finder environment where many commands (such as deleting files) are disabled, or a simplified "Panels" environment. In the "Panels" environment, an administrator has defined exactly what applications are available to a user, and the user sees a series of icon buttons, which they can use to start each allowed application.


Figure 1. Users are required to log in with a name and password before they are allowed to access a NetBooted computer.

When a user logs in, the Macintosh Manager software copies down any saved Preferences and certain other files from the NetBoot server onto the computer, sets up the appearance and desktop for the user, selects the correct printer for this user, and performs other initialization to personalize the computer. When the user logs out by choosing "Quit and Log Out" from the bottom of the File menu in the Finder, or by shutting the machine down, any changed preferences are copied back up to the server, and the computer is returned to a common state.


Figure 2. Users get a progress bar as the system copies down their unique preferences and sets up the computer with their individual settings.

Once in the Finder, the user will see two 'disks' on their desktop with interesting icons - the "Network HD" and the "Applications HD". The "Network HD" is the boot drive and contains a Mac OS 8.5 System Folder and whatever else the administrator has chosen to put there. The Applications HD is read only, and contains the applications which ship with Mac OS 8.5 (Internet Explorer, Outlook Express, etc) and whatever the administrator has put there as well.

Users will notice that if they copy files onto the startup drive, or download files from the internet onto the internal drive, that none of the changes they have made to the startup drive are present after they have restarted the computer. This is especially apparent with extensions, control panels, etc, since they must restart the computer in order to use these items.

Administrators have a significant amount of control over the setup of the computers. Individual users can not install extensions or control panels, nor can they disable the ones that are already installed. Privileges can be set on a per-user or per-group basis, and each user can belong to one or more groups. Users can have print quotas, and might be restricted to certain printers. The also may have file space quotas on the server. A particular user or group might only be allowed to run certain applications. On computers which have CD or floppy drives, their use can be restricted so that only approved CDs are used, or to disallow floppy use entirely. Administrators can also remove, with an extension, the local hard disks from the user desktops.

The risks of viruses are lessened in a NetBoot environment, because end users do not have persistent write access to the boot disk nor to the applications disk. Even if a user manages to infect a particular computer with a conventional virus (like MBDF , upon restarting that computer will throw away every change made by the user (including the complete set of infected applications) and go back to the uninfected setup originally created by the administrator. However, document-based viruses, like Microsoft Word macro viruses, or applications which the users place in their space on the fileserver, will still exist so NetBoot does not entirely eliminate the problems with computer viruses.

Administrators install software by using a utility called the "NetBoot Desktop Administrator" application. When run by an administrator on a NetBoot client, this application places that particular computer into a 'persistent mode', and all future changes made on that computer are preserved across reboots. The administrator can install software, remove software, rearrange or delete files, etc. When happy with the new setup, the administrator runs this application again and commits the changes made so that all users will see them the next time their computers reboot.

The Technical View

A NetBooted computer implements these features in several ways. Only recent Macintosh models iMacs and later) are capable of NetBooting, because the lowest level of support necessary to NetBoot is only implemented in the Open Firmware for these machines at this time. In these machines, at startup the code in Open Firmware will look at where they are suppose to startup from, notice that it is a NetBoot server, and will begin the process by sending out a special Ethernet BootP packet asking if a NetBoot server is available. If there is a server in the same subnet, it will reply to the client with an IP address the client can use as well as information about what disks will appear on the client once it boots. After getting an IP address, a client will download a copy of the Mac OS ROM file from the server and then mount the Network HD and Applications HD disks from the server.


Figure 3. A revised Startup Disk control panel allows users to select a NetBoot server as the startup device.

From the point of view of the Mac OS, the boot and applications disks are using a normal, block oriented disk driver named "LANDisk", which uses an Appleshare File Protocol over IP (AFP/IP) connection to the NetBoot server to get and put data onto the 'disk'. However, this AFP/IP session is distinct from any 'normal' Appleshare session that may be opened on the computer.

At the lowest level, the system is using a special version of the Ethernet hardware driver which can allows the driver for the network disks and Open Transport to share a single IP number. Incoming packets are distinguished based on the protocol and port number. Packets destined for the AFP session for the .LANDisk driver are not visible from Open Transport. The AFP session that is used by the .LANDisk driver is not accessible from within the Mac OS proper.

On the server, the "Application HD" and "Network HD" are stored as uncompressed, read only DiskCopy disk images. A client opens a read-only connection to each of these over the AFP/IP session, and the block driver translates read requests for a given block into a read from a given offset in the appropriate file. The non-persistence of the startup disk is accomplished almost entirely by the client. When a client starts up, if a particular volume is suppose to be non-persistent, then the server gives the client two files for that volume - one is the DiskCopy image, which is opened read only, and the second is an empty, writeable file. The client will write any changes to the disk into this second file. It will read a block from the first file unless the block being read has already been written to, in which case it reads from the second file. This second file essentially becomes a shadow and contains only the changes from the first file. The contents of this second file are discarded whenever the client reboots, so the changes made disappear.

The system also patches a number of traps to force users to log in and log out, and to prevent users from tampering with the system folder in an attempt to circumvent the security of the system.

Compatibility Issues

Hopefully, we at Apple did enough work to maintain compatibility that most Macintosh software should work correctly in the NetBoot environment. However, no system update or change is ever free of changes that can affect the existing base of applications, and this one is no different. In testing the NetBoot environment, we found that most applications worked correctly, although some had minor problems. Applications which attempted to write back to their own data forks failed when placed on the read-only Applications drive, but also would have problems running from a locked fileserver prior to the release of the NetBoot server. We found a few applications which attempted to write back to their own files only on first launch as part of a user personalization or serial number entry process, in which case they would fail.

One of the implications of a NetBoot environment is that the 'local' hard drive is not the primary data storage for a user, since users may move around from computer to computer but want their data always accessible. While the current setup with user files stored on a fileserver volume works ok, it is not necessarily the most appropriate solution. For example, in a NetBoot computer lab it is probably better to set everyone up with email accounts on a IMAP server and have them read their mail with an IMAP client instead of setting everyone up with POP3 accounts. The IMAP architecture has users keep their email on a central server instead of downloading it into a number of private but still server based POP3 databases. You may find that this mentality causes you to rethink how the applications you produce are designed and used.

Things to Think About

There are still some things that you, as a developer, need to be aware of. If you store preferences outside the Preferences folder, then these likely will not be saved and restored for each user as they log in and out. If your preference files are excessively large, then users may complain that your software is causing excessive log in and out times.

If your applications use the local hard drive to cache data, then make sure that the user can control where this cache is created - otherwise, NetBoot users will find that their applications perform poorly as they rebuild this cache each time they use your application.

NetBooting opens new opportunities for developers and value-added resellers. Early on, many of the users of NetBoot setups will be schools or computer lab set-ups. Over time this should increase and may encompass business users, especially in environments where centralized control and workflow management is important. So, a pre-press environment may decide to use a NetBoot server for many of the users in order to insure that every user has exactly the same set of fonts and applications, with the correct versions, running at all times. For example, if schools use the NetBoot architecture, that they may also want to buy good web filtering software (perhaps server based, combined with a good web proxy, since bandwidth is still rather limited in schools).

NetBoot also shifts the focus for where data is stored from local files onto fileservers and onto other kinds of servers. A calendar application which stores all of its data in files in the system folder is not as useful in a NetBoot environment as one which can store data in a file on the fileserver.

It is possible a single user will be logged onto more than one computer at a time. The current NetBoot environment doesn't handle this situation very gracefully, but does allow it to happen. If a user logs onto two computers, and does something that changes a particular file in the Preferences folder on both computers, there is not concept of merging these changes - the files with the later modification file dates will be kept and the earlier ones will be discarded.

For the terminally curious, you can tell if your system is NetBooted with Gestalt().

Boolean IsSystemNetBooted ()
{ long value;
		if ( (Gestalt(gestaltSplitOSAttr, & value ) == noErr) &&
				( value & ( 1 <<
					gestaltSplitOSBootDriveIsNetworkVolume) ) )
		return true;

		return false;
}

There is presently no easy way to tell if the system is booted persistently or non-persistently. Eventually, there will be a gestalt selector with this information.

Documentation and Licensing Issues

You may also want to make changes in the documentation for your products, to indicate whether you have tested them in a NetBoot environment and to detail any oddities during the install or configuration.

Licensing of products for use in the NetBoot environment requires some thought, since the 'same' application is installed once into the master image but then gets used on a number of computers. You might consider selling a license for a single NetBoot server, allowing all clients of the server to use the software, or you may want to recommend a product like KeyServer (from Sassafras Software, <http://www.sassafras.com/>) that can monitor and restrict use to only those number of copies which have been purchased. Licensing is especially important in a regimented environment like a school computer lab, where most users will probably be expected to use the same software simultaneously.

Similarly, applications which require serial numbers and insure that only one copy of the application is running with a given serial number have a serious problem if they write the serial number back into the application's data files, since each computer booted from a NetBoot server will use exactly the same set of applications. To this end, Apple has recommended for some time that applications do not write back to themselves. With the advent of NetBooted computers, it's useful to also add that applications with serial numbers should write their serial numbers to their Preference files. This way, a user who has purchased an application will enter it's serial number when they use the application the first time, and the serial number will move around with them as they log in and out from each computer.

Future Directions

On the client side, Apple expects to eliminate the necessity of copying preference and other files back and forth as users log in and out. In order to do this, we will change FindFolder() so that it returns a vRefNum and dirID which point to a folder on a server when you call FindFolder ( kOnSystemDisk, kPreferencesFolderType, ... ). Your code must use both the vRefNum and dirID returned by FindFolder in all cases. Do not assume that the vRefNum for special folders, including those in the system folder, is -1.

Future versions of the Mac OS may include more security, both to prevent one user from accessing the files and folders of another user, as well as protecting some parts of the system (like the System Folder) from being accessed by users who do not have the authority to make changes to the computer.

Many users have also requested that NetBoot client computers use DHCP instead of BootP to acquire their IP address, and this is something which Apple is looking into doing in a future version. Additional authentication, and opening up the authentication that is provided, is also being considered.

On the server side, any move to DHCP would have to be mirrored with DHCP support and the user interface changes to configure DHCP. It is also desired to produce a solution that can run with IP only, eliminating the need to use AppleTalk in a NetBoot setup. Also, future versions of Mac OS X server should support gigabit Ethernet and more networking connectivity.

Wrapping Up

NetBooting is a new capability for Macintosh computers. At the moment, it will appeal most to administrators and to lab-type computer settings, but over time, as more Macintosh computers are capable of being booted from the Network and as fast, ubiquitous networks begin to appear, the ability for users to get to their data in a seamless way no matter where they happen to be will become very important. Your applications probably already work in a NetBoot environment, but with a little work you may be able to give your users a fabulous experience.


Keith Stattenfield toils within the castle walls of Apple Computer in Cupertino, California, fixing bugs and misfeatures in each Mac OS 8.x release. His exploits can be observed in real time at <http://www.stattenfield.org/keithcam/>

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Camping With Grandpa (Education)
Camping With Grandpa 1.0 Device: iOS Universal Category: Education Price: $2.99, Version: 1.0 (iTunes) Description: | Read more »
Black Hole Joyrider (Games)
Black Hole Joyrider 1.0 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0 (iTunes) Description: Guide your spacecraft through the gravity well of a powerful black hole using only your retro-thrusters and dwindling fuel... | Read more »
My Koi (Games)
My Koi 1.0 Device: iOS iPhone Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: My Koi is a beautiful and relaxing fish pond app. Customise and name each fish. Feed them daily. Watch them grow. Collect new fish.... | Read more »
Never Gone (Games)
Never Gone 1.0.2 Device: iOS Universal Category: Games Price: $2.99, Version: 1.0.2 (iTunes) Description: ###IMPPORTANT### Never Gone's HD art resources require devices with more than 1GB RAM, so please note that iPhone 4/4s, iPad 2/... | Read more »
INKS. (Games)
INKS. 1.0 Device: iOS Universal Category: Games Price: $1.99, Version: 1.0 (iTunes) Description: From the makers of BAFTA-winning Lumino City comes INKS. INKS updates pinball for a new generation. It combines the joy of pinball with... | Read more »
How to maximise your profits in Bakery B...
Running a bakery can be an expensive venture. You’ll need to continuously upgrade your oven, your kitchen supplies, and even your ingredients to keep customers happy. Most of these renovations in Bakery Blitz cost a pretty penny, but we have a few... | Read more »
How to manage your time in Bakery Blitz
It can be tricky, especially when you risk burning your kitchen to the ground if you forget a cake in the oven, so make sure to use these time management tricks to keep your bakery running smoothly. Don’t collect the money right away [Read more] | Read more »
Model 15 (Music)
Model 15 1.0 Device: iOS iPhone Category: Music Price: $29.99, Version: 1.0 (iTunes) Description: The Moog Model 15 App is the first Moog modular synthesizer and synthesis educational tool created exclusively for iPad, iPhone and... | Read more »
How to deal with wind in Angry Birds Act...
Angry Birds Action! is a physics-based puzzler in which you're tasked with dragging and launching birds around an obstacle-littered field to achieve a set objective. It's simple enough at first, but when wind gets introduced things can get pretty... | Read more »
How to get three stars in every level of...
Angry Birds Action! is, essentially, a pinball-style take on the pull-and-fling action of the original games. When you first boot it up, you'll likely be wondering exactly what it is you have to do to get a good score. Well, never fear as 148Apps... | Read more »

Price Scanner via MacPrices.net

12-inch 128GB iPad Pros on sale for up to $10...
B&H Photo has 12″ 128GB WiFi iPad Pros on sale for up to $100 off MSRP, each including free shipping. B&H charges sales tax in NY only: - 12″ Space Gray 128GB WiFi iPad Pro: $899 $50 off MSRP... Read more
Global Tablet Sales Slump Continues, iPad’s F...
Another miserable showing for the global slate tablet category in calendar Q1/16, with global tablet shipments falling another 1ten percent to 46.5 million units during the according to Strategy... Read more
Revel Systems to Showcase iPad POS Platform w...
Revel Systems, specialists in iPad Point of Sale management solution for brick-and-mortar retail, food businesses and more, today announced that it will showcase its innovative iPad Point of Sale... Read more
13-inch 2.5GHz MacBook Pro on sale for $999,...
B&H Photo has the 13″ 2.5GHz MacBook Pro on sale for $999 including free shipping plus NY sales tax only. Their price is $100 off MSRP. Read more
Apple refurbished 2015 iMacs available for up...
Apple now has a full line of Certified Refurbished 2015 21″ & 27″ iMacs available for up to $350 off MSRP. Apple’s one-year warranty is standard, and shipping is free. The following models are... Read more
Indian Smartphone Market Grows Annually by 12...
India’s smartphone market grew by 12 percent year-over-year, with 24.4 million units shipping in Q1 2016. The top five vendors stayed the same, with Samsung in the lead, followed by Micromax, Intex... Read more
Get Notifications When Your Friend’s Phone Ba...
Calgary, Canada based Stonelight Pictures has announced the release of Battery Share 1.0.1, its new utility for iOS 9 supported devices. The company notes that people are spending more time on their... Read more
11-inch 1.6GHz/128GB MacBook Air on sale for...
Amazon has the current-generation 11″ 1.6GHz/128GB MacBook Air (sku MJVM2LL/A) on sale for $749.99 for a limited time. Their price is $150 off MSRP, and it’s the lowest price available for this model... Read more
Price drops on clearance 2015 13-inch MacBook...
B&H Photo has dropped prices on clearance 2015 13″ MacBook Airs by up to $250. Shipping is free, and B&H charges NY sales tax only: - 13″ 1.6GHz/4GB/128GB MacBook Air (MJVE2LL/A): $799, $200... Read more
Mac minis on sale for up to $100 off MSRP
B&H Photo has Mac minis on sale for up to $100 off MSRP including free shipping plus NY sales tax only: - 1.4GHz Mac mini: $449 $50 off MSRP - 2.6GHz Mac mini: $649 $50 off MSRP - 2.8GHz Mac mini... Read more

Jobs Board

*Apple* Retail - Multiple Positions (US) - A...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
Restaurant Manager (Neighborhood Captain) - A...
…in every aspect of daily operation. WHY YOU'LL LIKE IT: You'll be the Big Apple . You'll solve problems. You'll get to show your ability to handle the stress and Read more
Automotive Sales Consultant - Apple Ford Linc...
…you. The best candidates are smart, technologically savvy and are customer focused. Apple Ford Lincoln Apple Valley is different, because: $30,000 annual salary Read more
Restaurant Manager (Neighborhood Captain) - A...
…in every aspect of daily operation. WHY YOU'LL LIKE IT: You'll be the Big Apple . You'll solve problems. You'll get to show your ability to handle the stress and Read more
Simply Mac *Apple* Specialist- Service Repa...
Simply Mac is the largest premier retailer of Apple products in the nation. In order to support our growing customer base, we are currently looking for a driven Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.