In Part 1 of the Parallels Mac Management for SCCM series I installed the Parallels Configuration Manager Console Extension. I installed this on my site server ‘ConfigMgr’.
Part 2 focused on the installation of the Parallels Proxy which I installed on a remote server called ‘Parallels’ which I intend to use to install the Parallels roles.
Part 3 of the series concludes the ‘role’ installation, namely the NetBoot Server and OS X Software Update Service.
The Parallels NetBoot server is required for Mac Operating System Deployment. ‘NetBoot is a technology from Apple that enables Mac computers to boot from a network. You need to install this component if you plan to deploy OS X images to Mac computers. The component must be installed on a computer running Windows Server 2008 SP2 or later’ (see http://download.parallels.com/pmm/v4.5/ga/docs/en_US/Parallels-Mac-Management-for-SCCM-Administrators-Guide.pdf)
The OS X Software Update Service ‘allows you to manage Apple software updates
(patches) for OS X using the native SCCM functionality. The component must be installed on a erver where Windows Server Update Services (WSUS) is installed’ (see http://download.parallels.com/pmm/v4.5/ga/docs/en_US/Parallels-Mac-Management-for-SCCM-Administrators-Guide.pdf)
As with the installation of the proxy in Part 2, certain pre-requisites are required, one being the standard Distribution Point role that is added in the SCCM console as NetBoot requires PXE to be enabled.
Pre-Requisites
The following pre-requisites need to be installed on the server that will host the NetBoot server:
.Net Framework 3.5
SCCM Distribution Point
PXE Point enabled on DP
WDS installed
BITS 4 installed
The following pre-requisites need to be installed on the server that will host the OS X Software Update Service:
WSUS installed
User account running the OS X Software Update Service added to the WSUS Administrators group
Installation
Start the installation by installing .Net Framework 3.5, I had already installed this feature as part of the pre-reqs for the Parallels Proxy.
Next, install the pre-requisites required to install the Distribution Point role. The SCCM Current Branch Supported Configuration documentation states the following are needed:
Distribution point
Windows Server roles and features:
Remote Differential Compression
IIS configuration:
Application Development:
ISAPI Extensions
Security:
Windows Authentication
IIS 6 Management Compatibility:
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility
Once installed I then added in URL Authorization from the Web Server>Security section.
BITS was then added.
After the Roles and Features are added load up ‘Internet Information Services (IIS) Manager’ from Administrative Tools and navigate down the ”Default Web Site’. In the main pane double click ‘Authentication’ and then enable ‘Windows Authentication’
Back in the main pane double click ‘Authorization Rules’
Ensure ‘Allow Users’ is set
Next re-run ‘Add Roles and Features’ in Server Manager and add in WSUS
I’ve removed the WID selection and highlighted Database so I can use the SUSDB on the site server.
I have selected to store the WSUS downloads in C:\WSUS
At this stage I have pointed the WSUS configuration to use the site database on my site server.
Once the role is installed remember that the Post Installation tasks need to be run from Server Manager – note the exclamation mark. Click and run the tasks.
Now go to the site server and in the SCCM Console go to the Administration workspace>Site Configuration>Servers and Site System Roles, right click and choose ‘Create Site System Server.
Add in the server to the the site system and choose the Site code from the drop down.
No proxy is required at this stage
Select the Distribution Point role.
The DP will be HTTP in this instance
Assign the relevant drive letters for content location
This will not be a Pull DP.
On this screen, enable PXE, allow DP to responded to incoming PXE requests and enable unknown computer support. I haven’t selected ‘Require a password…’
Click Yes when warned about Port requirement – make a note if you need to open up firewall ports on the network.
Click through the wizard to completion.
Now it’s time to run the Parallels installation file and add in the components that are needed.
When prompted select the NetBoot Server and OS X Software Update Point. Click Next.
Click Install
Click Finish but ensure the checkbox to configure is selected.
First up is the configuration of the NetBoot Server. As mentioned previously I have not installed a SMS Provider locally on my Parallels server so I have to point back to the SMS Provider on my site server at this stage. Click Next.
Enter the details of the service account to run the NetBoot Server service. For the rights required for this account see the following KB article http://kb.parallels.com/uk/117937
Select a path to store the NetBoot images. The default is pmmimages. Click Next.
Click Next at the summary screen.
Click Finish when complete
Finally the configuration of the OS X Software Update service is required.
Select an account to run the service. The account you choose must have administrative right on the local server and must be a member of the WSUS Administrators group.
So add the account to that group.
then enter the details into the configuration wizard. Click Next.
A pre-requisite check will be performed. Address any issues and re-run if necessary. Click Next.
Click Finish at the summary screen.
You’ll be notified that your configuration has been applied.
You can re-run each configuration wizard, including the proxy config from Part 2 from the Parallels menu
MDM Server?
You may have noticed a MDM Server option when installing the Parallels Mac Management solution and that we un-ticked this previously.
The Parallels MDM Server enables you to deploy and enroll new Mac computers in SCCM using the Apple Device Enrollment Program. This component must be installed on a server located in DMZ. I will not be covering this role in this series.
Now that we have all our roles installed I’ll be taking a look, in Part 4, at how we can leverage ConfigMgr boundaries to manage Macs in the environment and get the Parallels Mac client installed on a device.