Mac OS X 10.6 Snow Leopard Feature: Software Update Server

One of the coolest features within Mac OS X Server is the ability to set up that server as a software update server. In other words, instead of having each client within a network go to Apple’s software update servers and download each of the updates individually, an administrator has the ability to download all of the updates once and then distribute them accordingly.

One of the positives of this feature is that the administrator can control what software updates are seen on their Mac clients. So when an update comes along, like Mac OS X 10.6.2 update, the administrator can thoroughly test the update to verify that it does not break anything before deploying the update.

In addition to downloading just a single copy, Mac OS X 10.6 Snow Leopard Server can serve up updates for Mac OS 10.4, 10.5 and 10.6 client and server.

There are two ways of providing updates to the client; Managed and unmanaged. If you’re only going to use unmanaged clients, for instance, and you’re running a Mac repair shop,  have a lot of Macs coming in and out of your shop and you want to store the updates locally, you will have to run an internal DNS Server. I do not recommend trying this since it can break many things. However if you’re willing to try it, the basics are located at serverfault.com.

The easier way, although it requires a bit more setup, is to use Open Directory to manage the software update URL. Open Directory is the Apple equivalent of using a Microsoft Active Directory / Group Policy setup. I’ll go into setting up Open Directory in another article. Assuming you have Open directory set up as well as Software Update Service running, here are the steps needed to manage software updates for all managed Mac clients:

  1. Join the client computer to Open Directory.
  2. Edit Computer Preferences to point to your own internal software update server.

Join the Client computer to Open Directory.

Depending on which client there is a different way of joining an Open Directory. For Mac OS X 10.4 and 10.5 you have to use the ‘Directory Utility’. This application is in the ‘Utilities’ folder.

Once you open this it is quite simple to join the Open Directory. You click on the ‘Plus’ button and you will be presented with this dialog box:

Enter in the Server name or IP address and click on ‘OK’. This process can take a few minutes to completely register. You will also have to enter in the administrator password along the way. But once it’s done the client should be connected to the Open Directory.

For Mac OS X 10.6 clients the process is a bit different. The administrator has to go to ‘System Preferences’, then click on ‘Accounts’, and then click on the ‘Login Options’ to reveal this dialog box.

Click on ‘Edit’. And you will be presented with this dialog box.

Then the process is the same as 10.4 and 10.5. Enter in the IP address, or server name, or active directory domain and click on OK. The admin will need to put in the password to authenticate and the process will take a few minutes. But once it’s done, the client is registered with Open Directory.

Edit Computer Preferences to point to your own internal software update server.

This part is possibly a bit more labor intensive depending on how many clients you have. Here are the steps for updating the software update options for the computer.

  1. Open Workgroup Manager.
  2. Log in to workgroup manager.
  3. Authenticate as the directory administrator by clicking on the lock on the right hand side.
  4. Click on the ‘Computers’ tab bar item. See below.
  5. Click on the computer you wish to manage.
  6. Click on ‘Preferences’.
  7. Click on ‘Software Update’.
  8. Where it says ‘Manage’, click on ‘Always’.
  9. Enter in the correct software update url. There are three different urls, one for 10.4 Clients, one for 10.5 Clients, and one for 10.6 clients. They follow these patterns.
    10.4 Clients: http://yoursoftwareupdateserver.domain.com:8088/index.sucatalog
    10.5 Clients: http://yoursoftwareupdateserver.domain.com:8088/index-leopard.merged-1.sucatalog
    10.6 Clients: http://yoursoftwareupdateserver.domain.com:8088/index-leopard-snowleopard.merged-1.sucatalog
  10. Click on the ‘Apply Now’ button.
  11. Reboot the client machine.
  12. Test software update by going to the Apple Menu -> Software update. In the Title Bar you should see ‘Software update (yoursoftwareupdateserver.domain.com)’. If you do, software updates are now using your local software update server.

And that’s it, the client should now be getting the updates from the local software update server.

There are some things to keep in mind when setting up a Software Update server. The first is that the updates can take up quite a bit of space. This is definitely the case if you support 10.4 and 10.5 clients in addition to 10.6 clients. Given that the updates go all the way back to April 2005, this can be quite a bit of space. The second thing to keep in mind is that the administrator has full control over the updates so if you want something pushed right away due to instability or security updates this is a great feature. The third thing to be cognizant of is the fact that by hosting your own software update server you reduce your bandwidth costs. This method is also great if you have an internal network that is faster than your internet pipe.

I'm into everything technology related, particularly anything Apple related. I enjoy programming and tend to lean towards server-based technologies over client-based. You can contact me on twitter, via e-mail, or follow me on friendfeed.