Software Update is a service likely best suited for environments with at least five Mac OS X computers who are looking to centrally manage the software patches from Apple. These updates are cached on the Mac OS X Server and then deployed as needed to client systems that subscribe to the Software Update service installed on the server. This reduces the amount of bandwidth required on the server and allows administrators to release software in batches, thus keeping support costs at a minimum (assuming of course that most support incidents derive from change introduced in the environment).
The initial installation of Lion Server’s Software Update service is one of the easier services to set up and manage. Begin by opening Server Admin and clicking on the name of the server you wish to install the Software Update service from the SERVERS list. Then click on the Settings button in the toolbar and click on the Services tab. Here, check the box for Software Update and click on the Save button.
Once the Service is listed under the name of the server in the SERVERS sidebar, click on Software Update there. No options need to be enabled in order for the Lion to be able to cache updates. However, given that it doesn’t automatically cache any of the updates, some of these options on this screen can be useful. These include:
- Limit user bandwidth to
Throttles bandwidth on the server for software updates, useful with slightly larger environments
- Store Updates in
Specifies a directory to put software updates into (can type the path or use the Choose button to browse to the directory)
- Provide updates using port
Specifies the port number (the 8088 portion of the section Managed Preferences)
- Copy updates from Apple
If enabled, automatically caches updates (with an option for new versus all) to the server but does not enable them for client access
- Automatically enable copied updates
If enabled, automatically enables all of the updates copied locally in the previous option
- Delete outdated software updates
Removes old versions when a newer patch for that software title is available, conserving space
If you just want to mirror what Apple does with its software update and you don’t want to control any options, check the box for Copy All updates from Apple and Automatically enable copied updates, leaving the other options the same.
Once configured as appropriate for your environment, click on the Save button. Then wait. The server will be a bit unstable while it’s calculating what goes where and caching all these patches. I usually let them sit overnight. By the time I come back the next morning, I can start managing individual updates if I so desire.
Managing each update can be tedious. The Software Update service is designed in such a way to make the process as streamlined as it can be. But Software Update management is not an easy topic. Picking which updates to release is tricky. Most will be simple and should be run following a cooling off period. Environments with few software titles and simple environments frequently have no cooling off period. Larger environments maintain cooling off periods between two weeks and years. Choose the one that works the best with your organization’s security and patch management policy, if you have one.
The technical aspects of choosing the updates to enable is by far the easiest part of managing patches for OS X clients. From within Server Admin, click on the Software Update service in the SERVERS list. From here, click on Server Updates button in the Server Admin toolbar and you will see a list of all available software updates, as in Figure 8-13. Check the box for each to enable them.
Once enabled, running the Software Update application on each client will net them installing the updates enabled.
Mac OS X clients can be configured through the Software Update Managed Preference. But the clients can also be configured using the command line on each client system, if you do not wish to use Managed Preferences for other options. To configure the clients, use the defaults command, along with the write verb, to /Library/Preferences/com.apple.SoftwareUpdate. The CatalogURL key is where the Software Update application takes its queue for software updates, which is then followed by the actual name or IP address of the server, port number and index.sucatalog, as follows:
defaults write /Library/Preferences/com.apple.SoftwareUpdate
CatalogURL http://su.domain_name.com:8088/index.sucatalogAs mentioned previously, you can also use the options available in Workgroup Manager, to push out a managed preference or Profile Manager to push out a profile with the managed settings in the profile.