/build/static/layout/Breadcrumb_cap_w.png

K2000 3.6 Mac Imaging With RSA's - NetBoot with Multiple Subnets

Writing this blog half as a procedural reminder for myself, and half as a PSA to those who are wanting to take advantage of their K2000 to image Macs, and are dealing with a network topology of more than one subnet and/or office location they wish to image at.

I had tons of headaches trying to figure out how to utilize the K2000 in a way efficient enough to justify switching off of Deploy Studio for deployment, which has historically been an amazing (and free) product for us. The main hurdles in my environment are the lack of support for netbooting across subnets, not being able to capture images from RSA's, and difficulties creating netboot images. From what I understand, these pain points may find some relief in version 4 of the K2 - until then, this is how I am solving our problem.

1. Netbooting across subnets: 

  • Network staff set up IP helper addresses on all switches, hubs, and routers at the HQ location where our K2 resides. Still not able to netboot. The K2 shows up in the Startup Disks menu, but you cannot boot a machine into the KBE. It also does not show up when you Option+Boot. K2 logs show TFTP requests are received, and logs indicate the client is not accepting options. I know this to not be a client-side issue, though, because I do not have these issues with deploystudio, or if the machine is on the same subnet as the K2. Basically, we are not solving this problem. Networking staff set up a dedicated port in my work area on the same subnet as our K2000. I taped a cable and use that whenever I need to create a new netboot image, or upload an image to the K2000. I then set up an RSA extender on the subnet on the production area where IT does all the Mac imaging and maintenance. This appliance handles our local deployments. 

2. Not able to capture images from RSA's

  • This is a documented limitation of the Kace appliances (and a non-sensical one in my opinion). There is a user voice request for this to be changed, which has been responded to by Kace staff indicating there are changes to this in the upcoming v4 release. Got my fingers crossed here. In the mean time, I use the dedicated port mentioned in item 1 to capture images to my K2. Since I cannot capture to the RSA here, I use my dedicated port on the K2's vlan to do all capturing, and then force a sync from the kbox.

3. Creating a netboot image

  • KACE's official documentation on Mac deployments is laughably scant, considering how Mac numbers in the enterprise are growing, with no signs of stopping. In fact, KACE as a whole seem to be behind in terms of supporting Macs in the enterprise (hello, profile management?), but this is a separate discussion entirely. I've followed every article and PDF KACE has ever released on how to create a netboot image, but nothing works like it should. I found out that in order to create a netboot set with OS X 10.9 Mavericks, you have to do the following:
  1. Download OS X Mavericks from the Apple App Store
  2. Navigate to Library > Applications
  3. CTRL+Click on "Install OS X Mavericks" and select "Show Package Contents"
  4. Navigate to Contents > Shared Support, and double click "InstallESD.dmg". This will mount the OS X installer
  5. Open the K2000 Media Manager, and browse to the mounted .dmg as your source media. Enter the rest of the information appropriately, and create

If you don't do it like this, you will get errors from the media manager about how there is no software to install, or the path to the OSInstall.pkg could not be found, etc etc. Don't bother using DiskMaker or any of the other recommended suggestions around the web. They just add a layer of confusion.

 

Hopefully KACE can come up with some better designs for these solutions going forward, because it's honestly easier to set up DeployStudio with masters and replicas. At least they get nightly build updates.

Posted 10 years ago 6142 views

Comments

  • Thank you for your post. I too support a ton of macs. We use deploy studio for image deployment, work group manager to manage preferences on the Mac (it often does not work), and a combination of the k1 for managed installs as well as Apple Remote Desktop. We considered a k2 for Mac imaging but I heard it is not there yet.


    I too would really like kace to come up with a profile manager. Let me say it another way, I would pay money if kace had a good reliable profile manager for macs. Is there a user voice for this? - Jbr32 10 years ago
    • I submitted a post to the user voice not too long ago, and I believe I'm the only person who's voted on it so far

      http://kace.uservoice.com/forums/82699-k1000/suggestions/5237285-better-support-for-osx-profile-management - dgretch 10 years ago
      • also, if I can make another comment here, after having used the K2000 for mac deployments for a day....I would suggest you (or anyone) stick with DeployStudio for the immediate time being. Sometimes when I boot into the KBE, it wont accept my password, but sometimes it does. Sometimes I get errors about "Unapproved caller." Image upload takes 6x as long AT LEAST (with both K-Image and ASR). Opening a terminal window fails. The whole KBE is awfully slow. The computername is "k-The".

        What I'm trying to say is, this is definitely not a polished product. It feels like it's still in Alpha testing - dgretch 10 years ago
  • Hello. I would like to add to this discussion and ask a question. I recently came to work for a school that uses the K2000 for Mac Deployments. I used to work at Apple Retail where we actually used DeployStudio for imaging customer machines. It's been a challenge to learn the K2000 and I've had many, many issues getting it working properly. Admittedly, at Apple, I only used DeployStudio in the Genius Room, so it was a small single network. At my school, we have a big campus with for RSAs, multiple VLANs and subnets. I've been making an ernest effort to learn the K2000, since we spent a lot on it, and it seems to manage Windows deployments wonderfully, but I have to agree with the sentiments posted here regarding the deficiencies of Mac deployment. Though, based on my research, many of the issues that people have had are related to Mavericks deployment, (which is what my challenge is this summer, since most machines were still on 10.6.8 when I was hired!). The issues with "Unapproved caller" and missing icons, incomplete boot, rejecting password, these are all common issues. I had Kace support access our K2000 and make some adjustments that mostly helped when directly connected, but RSAs still don't function properly and many of the issues still exist (including the rejection of password, that's sooooo annoying!). Long story short, contact Kace support, put in a ticket and they can help with some of the issues you're having. That said, I really need a solution quickly and I think I may need to execute a temporary DeployStudio set up. However, I can't get netboot to work over our VLANs, can anyone give me suggestions on how to overcome this issue? - atoss 10 years ago
    • Check this KKE training video out: https://www.kace.com/support/training/kke/archive?id=D9067082-65BA-4E19-B6DD-A701DFB6441F

      That's got some info on how netbooting across subnets is SUPPOSED to work. Their strategies do not work in my environment, though.

      If you're looking at DeployStudio, consider using a master-replica setup for your different locations/VLANs maybe? - dgretch 10 years ago
This post is locked

Posted by:

dgretch Third Degree Blue Belt
Ninja since: 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login
Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ