RSS

Mac OS X 10.6 Snow Leopard Feature: Software Update Server

By Wayne Dixon Sun, Sep 27, 2009 @ 10:43 AM

One of the coolest features within Mac OS X Server is the ability to set up that server as a software update server. In other words, instead of having each client within a network go to Apple’s software update servers and download each of the updates individually, an administrator has the ability to download all of the updates once and then distribute them accordingly.

One of the positives of this feature is that the administrator can control what software updates are seen on their Mac clients. So when an update comes along, like Mac OS X 10.6.2 update, the administrator can thoroughly test the update to verify that it does not break anything before deploying the update.

In addition to downloading just a single copy, Mac OS X 10.6 Snow Leopard Server can serve up updates for Mac OS 10.4, 10.5 and 10.6 client and server.

There are two ways of providing updates to the client; Managed and unmanaged. If you’re only going to use unmanaged clients, for instance, and you’re running a Mac repair shop,  have a lot of Macs coming in and out of your shop and you want to store the updates locally, you will have to run an internal DNS Server. I do not recommend trying this since it can break many things. However if you’re willing to try it, the basics are located at serverfault.com.

The easier way, although it requires a bit more setup, is to use Open Directory to manage the software update URL. Open Directory is the Apple equivalent of using a Microsoft Active Directory / Group Policy setup. I’ll go into setting up Open Directory in another article. Assuming you have Open directory set up as well as Software Update Service running, here are the steps needed to manage software updates for all managed Mac clients:

  1. Join the client computer to Open Directory.
  2. Edit Computer Preferences to point to your own internal software update server.

Join the Client computer to Open Directory.

Depending on which client there is a different way of joining an Open Directory. For Mac OS X 10.4 and 10.5 you have to use the ‘Directory Utility’. This application is in the ‘Utilities’ folder.

Once you open this it is quite simple to join the Open Directory. You click on the ‘Plus’ button and you will be presented with this dialog box:

3958698177 c10117256a o Mac OS X 10.6 Snow Leopard Feature: Software Update Server

Enter in the Server name or IP address and click on ‘OK’. This process can take a few minutes to completely register. You will also have to enter in the administrator password along the way. But once it’s done the client should be connected to the Open Directory.

For Mac OS X 10.6 clients the process is a bit different. The administrator has to go to ‘System Preferences’, then click on ‘Accounts’, and then click on the ‘Login Options’ to reveal this dialog box.

Click on ‘Edit’. And you will be presented with this dialog box.

3958698065 71273955b8 o Mac OS X 10.6 Snow Leopard Feature: Software Update Server

Then the process is the same as 10.4 and 10.5. Enter in the IP address, or server name, or active directory domain and click on OK. The admin will need to put in the password to authenticate and the process will take a few minutes. But once it’s done, the client is registered with Open Directory.

Edit Computer Preferences to point to your own internal software update server.

This part is possibly a bit more labor intensive depending on how many clients you have. Here are the steps for updating the software update options for the computer.

  1. Open Workgroup Manager.
  2. Log in to workgroup manager.
  3. Authenticate as the directory administrator by clicking on the lock on the right hand side.
  4. Click on the ‘Computers’ tab bar item. See below.

    5. 3958698107 c84cd87e2f o Mac OS X 10.6 Snow Leopard Feature: Software Update Server

  5. Click on the computer you wish to manage.
  6. Click on ‘Preferences’.
  7. Click on ‘Software Update’.
  8. Where it says ‘Manage’, click on ‘Always’.
  9. Enter in the correct software update url. There are three different urls, one for 10.4 Clients, one for 10.5 Clients, and one for 10.6 clients. They follow these patterns.
    10.4 Clients: http://yoursoftwareupdateserver.domain.com:8088/index.sucatalog
    10.5 Clients: http://yoursoftwareupdateserver.domain.com:8088/index-leopard.merged-1.sucatalog
    10.6 Clients: http://yoursoftwareupdateserver.domain.com:8088/index-leopard-snowleopard.merged-1.sucatalog
  10. Click on the ‘Apply Now’ button.
  11. Reboot the client machine.
  12. Test software update by going to the Apple Menu -> Software update. In the Title Bar you should see ‘Software update (yoursoftwareupdateserver.domain.com)’. If you do, software updates are now using your local software update server.

And that’s it, the client should now be getting the updates from the local software update server.

There are some things to keep in mind when setting up a Software Update server. The first is that the updates can take up quite a bit of space. This is definitely the case if you support 10.4 and 10.5 clients in addition to 10.6 clients. Given that the updates go all the way back to April 2005, this can be quite a bit of space. The second thing to keep in mind is that the administrator has full control over the updates so if you want something pushed right away due to instability or security updates this is a great feature. The third thing to be cognizant of is the fact that by hosting your own software update server you reduce your bandwidth costs. This method is also great if you have an internal network that is faster than your internet pipe.

  • mcg

    afp548.com – excellent source of server news and reviews.

    Software Update Server has been around for a while (the unmanaged feature is new though).

    • http://www.waynesworkshop.com Wayne Dixon

      Yes, it has been around for a while, yet many people may not realize exactly how useful it can be. Particularly those who might not know how to set it up for their clients. Additionally, this is particularly useful for a company or institution that has limited bandwidth, particularly within other countries around the world.

      The other reason for writing it is because I was having an issue with getting 10.6.1 updates without changing their software update URLs. And I thought it might help others with the same issue.

      Thanks for the comment.

  • eric

    Hello of FRANCE,

    How can i do, with server 10.5, and desktop mac 10.6 ?

    thanks

    • http://www.waynedixon.com Wayne Dixon

      Unfortunately you are unable to manage a 10.6 Client with a 10.5 Server. There may be some hacks to make it work, but none of them are sanctioned by Apple.

      • http://www.namibian.com.na Stephan A. Niemann

        hi, it’s not really true … there is a way to do 10.6 updates with a 10.5 software update server!

        i’m gonna setup a howto if interested …

        ;-)

        stephan

        • http://www.jabolko.org Klemen

          @Stephan A. Niemann:

          Hi, Stephan,
          if you wolud be so kind and notify me about this solution, please?
          I have same problem, 10.6 clients and 10.5 server.
          Thx in advance.

          Regards,
          Klemen
          Jabolko.org team

  • http://www.tenplus.com Elton Hardy

    Can you have a Mac OS 10.6.x software update server point to another software update server that is not apple based?

  • Trejkaz

    “Test software update by going to the Apple Menu -> Software update. In the Title Bar you should see ‘Software update (yoursoftwareupdateserver.domain.com)’. If you do, software updates are now using your local software update server.”

    And what if you don’t see this text?

    I followed the same instructions on two different computers, and after rebooting them, neither of them have the server name in the title bar when checking for updates, and netstat confirms it’s contacting the Apple server still. I checked and yes, the settings for them to join the directory server are still in place even after the reboot. The settings in Workgroup Manager on the server still have the value overridden but obviously it isn’t propagating to the client even if they join the directory server.

    Giving up on directory server I disabled it on both computers, and then set the default directly, both for a normal admin user and for the root user. This wasn’t enough to make the setting stick either.

    I’m convinced that sites (not just this one but also the serverfault page it’s linking to) have something subtly wrong. I copied the text directly so a typo could easily have been copied over, resulting in me putting in something that didn’t work. I looked at the strings I was entering, though, and couldn’t see anything suspicious.