Getting Caching Server working on LGfL

Caching Server is a cool part of OS X Server: once you turn it on, it basically becomes a local cache of the App Store (Mac and iOS), keeping a copy of downloaded apps on your local network. This results in faster app downloads, as they’re coming from within your network, and less use of your broadband connection. Which is nice.

Unfortunately I’ve never been able to get it to work as my school is part of London Grid for Learning (LGfL). LGfL is a broadband consortium, which allows schools to buy broadband at much cheaper rates because the LGfL trust has built a lovely big network (with the help of Virgin Media Business) just for schools in London. With an eye to safeguarding children, this network is built to be very safe and secure. The upshot of this is that our little Mac server is buried deep within the network behind many firewalls and switches and routers and so on. Which has meant that Caching Server hasn’t worked, as it needs to sit pretty close to the open Internet.

Until Yosemite that is.

We recently had our server updated to OS X 10.10, and with that comes some improvements to Caching Server. One of these is the ability to set the public IP addresses/ranges that will use the Caching service, thus making it all work.

Here’s how:

Open the Server app and click on ‘Caching’. Turn it on.
Click on ‘edit’ next to where it says ‘Permissions’.
On the drop-down menu next to ‘Serve clients with public addresses’, choose ‘on other networks’.
Click the plus in the box below and add the public IP address of the server. You can find this out by clicking the server name under ‘Server’ in the sidebar.
Enter in the public IP address for all LGfL-connected, which is 5.150.101.173. Apparently!
You then need to set some client configuration on your DNS server. Our DNS is on a Windows server, so I click ‘Client Configuration’, choose ‘Windows’ as the DNS type and then copy the command. I then open up the Windows server, type ‘CMD’ into the search box to open the command line, then copy the command.

And that seems to do the trick! Lovely.

Casper Suite

We’ve just had Casper Suite installed at my school. Part of the installation process is a three-day ‘Jump Start‘ where a highly experienced trainer (in our case, two, as we had someone shadowing) guides you through installing the software and the processes involved in setting up and running it.

So why Casper suite? Over the years, we’ve ended up using a range of different systems and technologies to manage the Macs and iPads in school. The Macs have been managed with an OSX Server running Workgroup Manager, plus a few scripts written by our Apple Reseller and the use of Munki for managing software installs and updates. With iOS, we’ve used Meraki, making use of the VPP programme and managed distribution, as well as Apple Configurator for class sets of iPads.

This has worked pretty well, but I knew we needed to move away from Workgroup Manager. Since 10.7 Lion, Apple has pushed the use of Configuration Profiles instead of Managed Preferences. Technology-wise, it isn’t a straight swap, as there are things you can do with MCX that you can’t do with profiles, and vice versa. But with 10.10, Workgroup Manager no longer even exists (even though the 10.9 version still works!), so I knew we had to do something. Casper suite was well spoken of, properly supported OSX as well as iOS, and seemed to have some cool features.

The main drawback of Casper Suite is the cost: as an educational customer, you only pay for support per device, which works out pretty cheap. But you have to pay for the three days of ‘Jump Start’ before you begin, which is not cheap! However, I calculated that it works out about the cost of a case per device, which isn’t so bad. An iPad without a case is pretty hobbled, and I’m sure Casper will add a depth and richness to our deployment.

The Jump Start went pretty well, and we managed to get everything working by the end of the three days. I did finish the three days feeling overwhelmed with everything there is to do (sorting out all the configuration of the Macs then imaging them all, plus redoing all the iPads), but I think it will come together over the next half term.

Here are some of the highlights so far:

Casper Focus: allows a teacher lock all the iPads in a class to a particular app or webpage
Self service: dishing up apps, books and in fact most things to users
Deployment Enrollment Programme (DEP): iPads get automatically enrolled to Casper and tied to a certain user out of the box
Composer: a powerful way to package up Mac apps, including the ability to fill the user template and existing users’ preferences
JSS: the fact it runs as a web service, meaning that Macs don’t have to be bound to an OSX server any more
JAMF Nation: a community of helpful geeks who are there to help find solutions to problem

I’m not sure it’s the right solution for small primary schools, or places without an onsite Mac geek, but I think it’s going to work really well for us.

Yosemite won’t boot

Since upgrading our Macs to OS X 10.10 Yosemite, we’ve had an issue where Macs won’t boot up properly. They start up and show the grey loading bar, but it gets to 50% and then gets stuck there. Some hacks and tricks would sometimes help (like resetting the PRAM and repairing the disk and permissions), but not always. I hoped that 10.10.2 would fix things, but alas it has not.

It turns out that the problem was to do to with having the Mac bound to an Active Directory. Thankfully, I found a solution on the JAMF support pages from the contributor Chris Hotte. He suggests editing the rc.server file as follows:

Boot into single user mode
Type ‘mount -uw /’
Type ‘/usr/bin/nano /etc/rc.server’ to edit the file
Type in the following code.

#!/bin/sh
/bin/echo BootCacheKludge Beta 1.0 – Chris Hotte 2015 – No rights/blame reserved.
/usr/sbin/BootCacheControl jettison

Hope that helps someone! You can find the original post here.
You can read the post here. Hope that helps someone!

GarageBand Pricing

I love this time of year. Not only does the latest release of iOS mean that I have an oodle of iPads to get updated (which takes varying degrees of time depending on how much free space is required to install the update), but a month after the mega IPHONE announcement, Apple calmly release a slew of other updates for the Mac and iLife/iWork. Yay. Last year’s came with quite a few headaches (such as the way iWork didn’t play nicely at all with SMB shares) but hopefully they won’t repeat this year. I’ve already tried saving a file over SMB with newest iWork, and it seems to work fine. The ‘proper’ file format they have finally created I’m sure is to thank for that.

Last year, GarageBand threw in a bit of a curveball by being free but requiring an in-app purchase to unlock all of the functionality. This is a system admin’s worst nightmare, as there is no decent way to do this upgrade on a whole school’s worth of iPads and apps.

Thankfully, it seems that this year Apple have rescinded on the in-app upgrade option and have slapped a price on instead. For new devices, you get the app free and on existing apps you get a free upgrade.

A few questions though:

What happens with Apple Configurator? Do we have to have app codes to install the app? Or even just to sync existing iPads with Configurator?
If we now need app codes, can we still apply for free ones on iPads bought in the last year?
What about codes for Macs?

I hope to make some investigations this week to find out more…