TweetFollow Us on Twitter

JAMF Software's Casper Suite for Imaging

Volume Number: 25
Issue Number: 08
Column Tag: Systems Administration

JAMF Software's Casper Suite for Imaging

Client Image Deployment and Maintenance - Part 2

by Criss Myers

In Part 1 we looked at the setup and configuration of the server side section of the Casper Suite. In Part 2 we will create the content that is to be deployed as well as setting up various configurations for deployment. We also need to add the clients to the servers database so that we can then manage them. After that we look at how we will deploy the image and allow our users to install software themselves.

Composer 7

Now that the Server side is set up, you need to create the deployment content. This is created with the new Composer 7. Since the idea is to create a package based deployment, you can create a small OS base image and then create packages for all the additional content. You could use the same DMG already created from the install disk or create a custom OS image. I prefer to create my own with a few modifications.

Next, using Composer, create additional packages for all the software you wish to install and also any scripts you will use either before or after imaging. If you need some help with this, Jamf JAMF have created a Resources pack of scripts available on their website:

http://www.jamfsoftware.com/jamf_nation/resourcekit.php

Recon

Now that we have the server setup and the deployment content ready, we need to add the computers to the JAMF Software Server (JSS). Each client will have a separate entry in the JSS with a unique JSS ID. There are a few methods for doing achieving this.

If the computer is already on the network then you can use the JAMF Recon tool. This will add the client to the JSS and install the Casper client tools on the client.

Each one of the JAMF Software tools connects to the JSS upon launch and requires you to login. Access to the JSS with these tools is controlled by the Accounts privileges settings you setup earlier in the JSS web interface.

Recon can be used in a few different ways.

1. You can launch Recon on the local box and add just that single machine to the JSS. You can then add additional details about the client such as bar codes, purchasing information, details on peripherals connected to this computer, as well as user information and location. If the computer already exists in the JSS, then the next time you launch Recon on the client, it will gather the existing record that you can then edit further

2. You can add a single remote computer, if you know the DNS or IP of a computer you can add this to the JSS. However you must have SSH enabled on the remote computer. Enter the SSH account details into Recon allow with any other details.


Fig. 1. Casper Recon application

3. If the computer is already on the network and has SSH enabled for an account, then you can Recon all your existing computers. The Network Scanner allows you to scan the network range and add all those computers to the JSS. This however will not add any of the advanced details, so you will need to edit that later in the JSS web browser.


Fig. 2. Casper Recon's Network Scanner.

4. If you do not have SSH enabled on a client, or you wish to add the client with a different SSH account that has not already been setup, then you can create a custom installer package. If you also have Apple Remote Desktop then you can install and run this package remotely. This will create a local SSH account, enable SSH with secure SSH and also hide the local account. Once the PKG is created you can then deploy it via ARD.


Fig. 3. Casper Recon, creating a QuickAdd.pkg to deploy via Apple Remote Desktop.

If the clients are not already on the network, or are either new machines or future purchases, then you can setup some PreStage Imaging. PreStaging allows you to automate the creation of new entries in the JSS when a client attempts to connect. Under the Management tab and then PreStage Imaging of the JSS web browser you can create a new PreStage.

Casper Admin

The next step is deciding what content gets deployed to whom. The advantage of a package-based distribution is that you can create separate configurations for different clients, but still use the same source content. The Casper Admin tool is used to manage the main Distribution Point, which is then replicated to all other distributions points.

Launch Casper Admin and connect to your JSS., Iit will then mount the Distribution point as "CasperShare" on to the desktop using the credentials defined in: JSS – Management – Distribution Points – File sharing – Read / Write Username. You will then get a blank Casper Admin Window. On the left of this window is the list of Configurations and File Servers, in the middle is the Categories and then the content.

The next step is to upload the content. Drag the DMG's, PKG's and script files on to the Casper Admin window and they will be uploaded and placed into the correct folders on the share. They will however appear in bBlue as they are not in any category. From the tTool bar, create nNew cCategories. These will help you to structure your content. Useful , create categories could besuch as Adobe, Apple, Printers, Scanners, Drivers, Update etc. As you use Casper more you will probably create even more categories. Drag the packages into the relevant categories. Double click on a package to edit its details. In the popup window you can get a Summary of the package, creation date, format, JSS ID etc, the Info tab allows you to change the display name and category it belongs to. In the Options pane you can set the package priority, this defines the order in which packages are installed from 1-20 with the lower number being installed first.

The OS needs to be set to 1, as it is the first to be installed and also will then be installed by a block level copy which is much faster and accurate.


Fig. 4. Casper Admin, Package information window, select a priority from 1-20.

Once you have all the packages uploaded and categorisedcategorized you can start making configurations. In the tool bar click new config, give the config a name and description. Choose from Standard or Smart configuration, a standard configuration is a new blank configuration and is best used for core configurations that will be central to all or most configurations. In this configuration you can then put the base OS, base applications and scripts. Click "Ensure that Computers imaged with this Configuration are managed" and enter the SSH account on the client. You can then choose an AD Binding to auto bind to after imaging.


Fig. 5. Casper Admin, Standard Configuration creation window.

A smart configuration is then based on an already created standard configuration, which you will then use to add specific applications.


Fig. 6. Casper Admin, Smart Configuration based on the "Base Core System" standard configuration.

You can then drag the relevant packages in to the configurations on the left within Casper Admin. When you view a smart configuration it will also display the packages within the Standard Configuration on which it is based. Click Hide Parent to hide these when viewing.

In order to add a printer for deployment, firstly you need to add them to the machine you are running Casper Admin on, then click the Add printer button, you will now be given a list of printers to add.

Adding a script is also easy, add them in the same way you would add a package then double click them in Casper Admin and choose from the priority that the script will run, i.e. before imaging, after imaging or at reboot. At reboot means the script will be added to the JAMF First Run script that is run once the client is imaged and has booted locally. The First Run script will contain, all of the "At Reboot" scripts, the AD auto binding, any Printers and any Adobe installs, as defined in the chosen configuration. (see Fig. 7) We now have everything installed and setup ready for deployment.


Fig. 7. Casper Admin, on the left the various different configurations, on the right the different categories and in the middle the deployment content, DMGs, PKGs, scripts and printers.

Casper Imaging

Casper Imaging is the application used to connect to the JSS and deploy the relevant configuration to the client. Casper Imaging can be run from any booted drive so does not have to be run from within a NetBoot image. If you want to image a drive locally, then you can run Casper Imaging locally, login to the JSS, choose the drive and configuration you require, then deploy that image from the Distribution point on the network.

However the advantage to the Casper Suite lies in the automating of the whole imaging process so that there is very little user input. This means that when Casper Imaging is run, it logs into the JSS, checks the client to see if it is in the database and then gathers the configuration for deployment. The client then mounts the Distribution Point, runs any "before" scripts, copies the Base OS as a block level copy, then installs all the remaining packages and any "after" scripts. The client reboots, runs the First Run script and is ready to login.

In order for Casper Imaging to do this it needs what is called Autorun data, each record in the JSS has an autorun entry. If the computer is already in the JSS this can be edited? in the Inventory Pane. Once a client is added? via Rrecon then the autorun can be manually edited. This only needs to happen once however and any new packages that are installed via maintenance can be automatically added to the client's autorun. The PreStage iImaging can also define the autorun details so that new machines can be imaged with little user input, all they need to do is point the client to boot from the network.

Casper Remote

The client is now imaged and ready for use, however, what if an update is released or a new piece of software is required? The idea of a package-based system is that you could install packages as required. With Casper there are a few ways to deploy updates and extra packages. One method is to use Casper Remote. This only works for computers that are currently turned on or will become active within a short time. Casper Remote is used on a computer to connect to other clients via SSH and then instruct them to connect to the Distribution Point and pull the required software / printer or script down, or run various advanced settings. This is a time when dividing you computers into buildings or/ departments and you packages into categories is advantageous. When you launch Casper Remote you need to login to the JSS, you will then get your list of computers and also your content. Select a client and then a package to install and click go. If you select more than 1 computer you will see on the right side of the window the computers that were successful, those that fail and those that could not be contacted. A log will also be submitted which can be accessed later under the Logs – Casper Remote Logs section of the JSS web interface. When installing packages with this method you can tick the "Update Autorun" box to enable the installation of that package the next time that client is imaged


Fig. 8. Casper Remote.

You can also use Casper Remote to add edit or delete local accounts, set the EFI password, reset the SSH account or bind to AD settings. Also set the client to reboot from the netboot server or run advanced settings such as run Recon, flush caches, verify the startup disk or run a Unix command etc.

If the client is offline then this method will not work, but one of the great features of the Casper Suite is the use of a policy. Using a policy enables you to create automated actions that can help you to maintain your clients. There is not much that cannot be done with a policy. In later articles we will investigate many of the ways to use policies in combination with other aspects of Casper. To make use of a policy, Casper uses what are called "triggers", these are task-based schedules. The default trigger is "15mins", this means that every 15 minutes the client makes an SSH connection to the JSS and checks to see if any policies with this trigger relate to that client. If so then the client executes that policy. If you chose to use startup scripts and login hooks, then policies with these triggers will be checked respectively. You can make your own task schedules under Management – Scheduled Tasks in the JSS web browser.

Casper VNC

If you need to control or monitor a client remotely then you can use Casper VNC, which can be access via the tool bar buttons in Casper Admin. Select the client from the list and either Control or Observe the client. Casper Remote will SSH to client and start the VNC server, then when you're finished it will stop the VNC server.

Casper Mobile

If you have an iPhone or iPod touch, you can use the Casper tools via Casper Mobile.

Self Service

The final thing to look at is the users themselves. Casper is a great suite for managing and imaging client Macs and enables an administrator to reduce the amount of client side input from technicians, etc, during imaging and maintenance. However what if the user needs to have an input?

New in Casper Suite 6 is an application called Self Service, this allows administrators to assign policies that users can execute without any privileges needed. Self Service is a web-based tool so you can include html and web links in the item descriptions. You can create a self service policy the same way you make a normal policy but enable it as a self service item and then fill in the self service section.


Fig. 9. the Self Service section of a policy created in the JSS web browser.

The client side tool Self Service then accesses these. You can either assign access based on a user login or choose anonymous login, where the Self Service items are restricted per machine. If you choose to "Feature This Policy on the Main Page" then it will appear on the top strip. You can also add icons for each item. This allows you to empower your staff or clients to install items themselves and execute scripts, without having to give them administration rights.


Fig. 10. Self Service application, the top strip has the feature items with custom icons.

Conclusion

As an all round Mac management suite the JAMF software is hard to beat. This article covers only the basics that can be done with Casper and in future articles we will look at using Casper to deploy Microsoft Windows to your Mac clients as well as some advanced methods to help you to automate the management and maintenance of your client machines.


Criss Myers is a Business Support Analyst (Mac Services), for Learning and Information Services, at the University of Central Lancashire, Preston, United Kingdom. He has been a Systems Server Administrator from the very first version of OS X Server. He Works with Macs as well as Linux, Unix and Windows and specializes in Image deployment and maintenance as well as client management.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Apple Remote Desktop 3.9 - Remotely cont...
Apple Remote Desktop is the best way to manage the Mac computers on your network. Distribute software, provide real-time online help to end users, create detailed software and hardware reports, and... Read more
SoftRAID 5.5.6 - High-quality RAID manag...
SoftRAID allows you to create and manage disk arrays to increase performance and reliability. SoftRAID allows the user to create and manage RAID 4 and 5 volumes, RAID 1+0, and RAID 1 (Mirror) and... Read more
Apple Final Cut Pro X 10.3.2 - Professio...
Apple Final Cut Pro X is a professional video editing solution.Completely redesigned from the ground up, Final Cut Pro adds extraordinary speed, quality, and flexibility to every part of the post-... Read more
Logic Pro X 10.3.1 - Music creation and...
Logic Pro X is the most advanced version of Logic ever. Sophisticated new tools for professional songwriting, editing, and mixing are built around a modern interface that's designed to get creative... Read more
Paragraphs 1.1.4 - Writing tool just for...
Paragraphs is an app just for writers. It was built for one thing and one thing only: writing. It gives you everything you need to create brilliant prose and does away with the rest. Features... Read more
VueScan 9.5.70 - Scanner software with a...
VueScan is a scanning program that works with most high-quality flatbed and film scanners to produce scans that have excellent color fidelity and color balance. VueScan is easy to use, and has... Read more
TextSoap 8.3.2 - Automate tedious text d...
TextSoap can automatically remove unwanted characters, fix up messed up carriage returns, and do pretty much anything else that we can think of to text. Save time and effort. Be more productive. Stop... Read more
ForkLift 3.0 - Powerful file manager: FT...
ForkLift is a powerful file manager and ferociously fast FTP client clothed in a clean and versatile UI that offers the combination of absolute simplicity and raw power expected from a well-executed... Read more
Amazon Chime 4.0.5528 - Amazon-based com...
Amazon Chime is a communications service that transforms online meetings with a secure, easy-to-use application that you can trust. Amazon Chime works seamlessly across your devices so that you can... Read more
Sparkle 2.1.0 - $79.99
Sparkle will change your mind if you thought building websites wasn't for you. Sparkle is the intuitive site builder that lets you create sites for your online portfolio, team or band pages, or... Read more

Blasty Bubs is a colorful Pinball and Br...
QuickByte Games has another arcade treat in the works -- this time it's a mishmash of brick breaking and Pinball mechanics. It's called Blasty Bubs, and it's a top down brickbreaker that has you slinging balls around a board. [Read more] | Read more »
Corsola and Heracross are the new region...
Generation 2 finally launched in Pokémon GO, unleashing a brand new batch of Pokémon into the wild. Even before the update went live people were speculating on how to catch elusive Pokémon like the legendary "dogs", Unknown, and whether or not... | Read more »
The Warlock of Firetop Mountain (Games)
The Warlock of Firetop Mountain 1.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0 (iTunes) Description: An epic adventure through a mysterious mountain filled with monsters, magic and mayhem! “...it looks downright... | Read more »
Fantasy MMORPG MU Origin’s receives a hu...
Developer Webzen are looking to take their highly popular fantasy battler MU Origin to the next level this month, with its most ambitious overhaul yet. The latest update introduces the long sought after Server Arena, new treasure dungeons, and much... | Read more »
RPG Djinn Caster (Games)
RPG Djinn Caster 1.0.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0.0 (iTunes) Description: SPECIAL PRICE 38% OFF(USD 7.99 -> USD 4.99)!!!A Fantasy Action RPG of far foreign lands! Summon the Djinns and rise to... | Read more »
Alto's Odyssey gets its first trail...
There's finally video evidence of Alto's Odyssey, the follow up to the 2015 App Store hit, Alto's Adventure. It looks just as soothing and atmospheric as Alto's last outing, but this time players will be journeying to the desert. Whereas Alto's... | Read more »
Last week on Pocket Gamer
What’s going on in the wider world of portable gaming? Each week we ask that question of our sister website Pocket Gamer. The PG team covers iOS gaming, just like 148Apps, but it also strays into the world of Android games and handheld consoles... | Read more »
Pokémon GO Generation 2 evolution guide
At long last, Niantic Labs finally unleashed the Generation 2 Pokémon into the wild. Pokémon GO trainers are scrambling to grab up this new set of 80 Pokémon. There are some special new tricks required to catch all of these new beasties, though.... | Read more »
The best new games we played this week
It feels as though the New Year got off to a creaking start as far as mobile games go, but that's changed over the past few weeks. The last few days alone have seen the debut of a number of wonderful games, so we thought we'd take the time to... | Read more »
Recruit more scallywags and discover new...
Get ready to show off your sea legs all over again in Oceans & Empires’ new grand update, which aims to make the act of rising to the role of seven seas ruler even more fresh and appealing, thanks to a richness of new content on both iOS and... | Read more »

Price Scanner via MacPrices.net

Apple restocks refurbished 2015 and 2016 13-i...
Apple has Certified Refurbished 2015 and 2016 13″ MacBook Airs available starting at $759. An Apple one-year warranty is included with each MacBook, and shipping is free: - 2016 13″ 1.6GHz/8GB/128GB... Read more
13-inch 2.5GHz MacBook Pro (Apple refurbished...
Apple has Certified Refurbished 13″ 2.5GHz MacBook Pros (MD101LL/A) available for $829, or $270 off original MSRP. Apple’s one-year warranty is standard, and shipping is free: - 13″ 2.5GHz MacBook... Read more
QuickerTek Announces 5TB Apple AC AirPort Tim...
QuickerTek Inc. has announced their new 5TB hard drive upgrade for Apple’s AC AirPort Time Capsule. By customer request, this upgrade also features six external antennas and offers the highest... Read more
Apple Certified Refurbished iMacs available f...
Apple has Certified Refurbished 2015 21″ & 27″ iMacs available for up to $350 off MSRP. Apple’s one-year warranty is standard, and shipping is free. The following models are available: - 21″ 3.... Read more
Apple offering Certified Refurbished Series 1...
Apple is now offering Certified Refurbished Series 1 and Series 2 Apple Watches for 14-16% off MSRP, starting at $229. An Apple one-year warranty is included with each watch. Shipping is free: Series... Read more
1.4GHz Mac mini on sale for $449, save $50
B&H Photo has the 1.4GHz Mac mini on sale for $50 off MSRP including free shipping plus NY sales tax only: - 1.4GHz Mac mini: $449 $50 off MSRP Read more
12-inch Retina MacBooks on sale for $200-$250...
Newegg has the 12″ 1.2GHz Space Gray Retina MacBook (sku MLH82LL/A) on sale for $1349.99 including free shipping. Their price is $250 off MSRP, and it’s the lowest price available for this model.... Read more
13-inch 2.0GHz Space Gray MacBook Pro on sale...
Adorama has the non-Touch Bar 13″ 2.0GHz Space Gray MacBook Pro in stock today for $100 off MSRP. Shipping is free, and Adorama charges NY & NJ sales tax only: - 13″ 2.0GHz MacBook Pro Space Gray... Read more
13-inch Touch Bar MacBook Pros on sale for $1...
B&H Photo has select 2016 Apple 13″ Touch Bar MacBook Pros in stock today and up to $100 off MSRP. Shipping is free, and B&H charges NY sales tax only: - 13″ 2.9GHz/512GB Touch Bar MacBook... Read more
KSI-1802R SX Disinfect-able Keyboard With Wav...
KSI has unveiled a new, innovative medical keyboard, the KSI-1802R SX, at HIMSS 2017, running February 19-22 in Orlando, Florida. KSI-1802R SX is the only keyboard that combines dual factor... Read more

Jobs Board

*Apple* Retail - Multiple Positions - Apple,...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
Manager *Apple* Systems Administration - Pu...
Req ID 3315BR Position Title Manager, Apple Systems Administration Job Description The Manager of Apple Systems Administration oversees the administration and Read more
*Apple* Retail - Multiple Positions - Apple,...
Job Description: Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, Read more
Manager *Apple* Systems Administration - Pu...
Req ID 3315BR Position Title Manager, Apple Systems Administration Job Description The Manager of Apple Systems Administration oversees the administration and Read more
*Apple* Technician - nfrastructure (United S...
Let’s Work Together Apple Technician This position is based in Portland, ME Life at nfrastructure At nfrastructure, we understand that our success results from our Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.