Q: Software Update Service: Push updates to clients
Hi all,
I have just configured OS X 5.0 for the first time, so it is still all fairly new to me. Is it possible to push out OS updates from Server to enrolled clients? I've been reading about differences between caching server and software update service and since one can't run both at the same time and believe that update service is more practical if one only plans to deliver updates to OS X clients. My understanding is that users have to request update from the app store, but is there any way to push out updates to the clients instead? Even a command would be helpful, hence I can remotely run terminal commands on any client, but really I'm open to any suggestions.
Many thanks,
E.
OS X El Capitan (10.11.4), Server X 5
Posted on Apr 5, 2016 8:50 AM
Welcome to the forums.
So there are two ways to look at this. You can "push" updates to clients or you can tell the clients to "pull" updates. Let's look at a few options.
If you go the "push" mentality, you need to visit Apple's website and download the individual installers or use a master machine to pull updates from the App Store. Then, you can use tools ranging from Apple Remote Desktop to JAMF to deliver these updates to the client devices. This can exert an ultimate level of control as only you, the gatekeeper, determine when devices are updated. However, many updates require reboots so you need to be selective in your timing as you don't want to pull the carpet out from under a user. Also, pushing the updates still require local execution of the installer. If you don't have a command admin account on all the devices, you will not be able to authorize the installation.
Now, you can also "pull" updates. Effectively, this is what is done when running software update manually. Ah, but there are options as you have found. You can just pull everything from Apple but if you have a slow Internet connection and a lot of devices, you can cripple yourself. You can deploy Software Update Server, but then you get everything from Apple from the last 8 years, 90% of which you don't want. Oh, and Software Update server means you need to customize each device with the custom update path. If you are deploying portables, that means they must be on your LAN to get updates as the override supports one URL. The final method is through Caching Server. Caching Server requires no client side customization and only caches what you request. The first device to request will require a download from Apple but all subsequent devices will pull from your caching server. Very efficient.
So, you decide to allow a client "pull" and realize that Caching Server is likely the easiest way to do this. Ah, but you still don't want to visit every machine. You can use the softwareupdate command line tool to run a software check across the entire fleet (man softwareupdate for details). For example, say you have 10 machines and you have Apple Remote Desktop. You can send a Unix command to all 10 machines such as: softwareupdate -i -a
That command will tell each machine to install (-i) all (-a) available updates. You can also target specific updates so if you need to be selective (Apple released iTunes and an OS update on the same day and you only want to push iTunes until you validate the OS update for example). softwareupdate -i NameOfiTunesUpdate.pkg.
Reid
Apple Consultants Network
Author - "El Capitan Server – Foundation Services"
Author - "El Capitan Server – Control & Collaboration"
Author - "El Capitan Server – Advanced Services"
:: Exclusively available in Apple's iBooks Store
Posted on Apr 6, 2016 2:41 AM