Yesterday I installed Mac OS X 10.6 on my work computer to become familiar with the new operating system.  Unlike other Mac OS X IT instructors, I haven’t had access to the seeds for 10.6, so I couldn’t beta-test the OS.  But, the wait has definitely been worth it. 

1. The first thing I noticed is the install:  No longer do you have to select the Printer drivers you want to include because it will detect the printers you are using and install only those drivers!  This saves a ton of space on the computer, and part of the reason why the install is so small.  You also have optional installs for Rosetta. 
2. The next thing I noticed is automatic software installs on demand.  For instance, I needed to install Adobe Photoshop CS2, which runs in Rosetta, because it’s a PowerPC app.  While running the Installer, Mac OS X 10.6 realized that Rosetta was necessary for the app to run, and as such installed Rosetta for me then and there.  Brilliant! 
3. In Stacks, you can now navigate through folders within your Stacks folder, so you don’t need to open into Finder if you don’t want to.  This is far more useful than using Finder all the time, keeping the search all within one flow. 
4. Exchange Support:  The first and best thing is exchange support!  Finally!  I don’t have to feel like an outcast at the University of Utah because everyone else is using Outlook and the best I could come up with is Entourage (which is embarrassing, to say the least).  Now iCal and Address Book both support Exchange.  When you set up your Exchange email (you don’t even need to set up any of the server information if there is automatic configuration available), it will give you the option to configure your iCal and Address Book as well.  And that’s it, that’s all you need to do.

   If you want to add your delegations, you do so through the Preferences.  Click on iCal, then Preferences, and then Accounts.  Select your Exchange calendar account, and click on the Delegations pane.  To add an account you are delegated to, click on the + and start typing in the name of the person you are a delegate of.  It will add the user info, as well as the permissions you have been given. 

   To add delegates to your calendar, click on the Edit button, and then the + sign to add a new delegate.  You can set their access (from read only, read and create, read and write, or no access) for both your Calendar and your Tasks.  Click OK, and you are all set!  They can now manage or view your calendar. 

There are a couple of other minor things I like, but that will be it for now.  So far, it’s definitely worth the $29.00 price for an upgrade, as long as you have an Intel Mac on which to install the OS. 

This week I have been teaching the Advanced Systems Administration class for Mac OS X 10.5, and we talked about security and secure access.  As usual, I mentioned the security necessity for SSH authentication when accessing the server through the Command Line remotely, and how to set up public and private keys for authentication.  

But there is an inherent flaw with the public and private key:  if someone manages to gain access to your computer and copy your private key, they have a non-authenticated method of accessing your system.  Also, if someone leaves the company and shouldn’t have access to the server anymore, you need to remove their public key manually instead of just removing access through your Directory.

So you have the following problem:  You need a login method that will allow you to SSH into the boxes you need access to without a password, but have some type of Directory-based key system that is secure, temporary, and key-based.  Enter Kerberos.  

Kerberized SSH is not at all anything new, and I found a lot of Linux instructions on how to get it set up with Kerberos.  But I was hard-pressed to find a Mac OS X v10.5 Server instruction, and as such decided to write my own.  Hopefully this will be o some use for someone out there. 

Now, this assumes that you have Kerberos running, and the Mac OS X Server is either an Open Directory Master, Open Directory Replica, or Connected to a Directory System and kerberized.  The server itself will need to provide authentication through Kerberos for this to work.  You also need to make some minor changes to your .ssh directory in your Home Folder, and have your client bound to the directory.

What we are going to do is install the Kerberos module for PAM authentication on the Mac OS X Server, configure the sshd PAM authentication rules for Kerberos, and then on the client side enable GSSAPI authentication.  It’s as simple as that.  ^_^

1. Download the pam_krb5 library from SourceForge.  This is the PAM authentication library necessary for Kerberos 5 to work in a PAM enabled service.  
2. Extract and Compile:  I extracted the file in my Downloads directory and then compiled it right there.  Be sure you have Xcode installed, because you will need gcc.  I compiled it on a local machine and then copied the library to my server.  
   Once you run ./configure and get it to pass, just run make.  The library will be placed in the .lib directory (which is hidden).  You can then copy the pam_krb5.so file to the necessary spot or to a jump drive to drop on your server.  
3. Place the pam_krb5.so module into the /usr/lib/pam/ directory on the server.  SSH gets its authentication information through PAM, so having the library here is crucial. 
4. Edit the /etc/pam.d/sshd configuration file to look like the following:
   #sshd: auth account password session
   auth    required    pam_nologin.so
   auth    optional    pam_afpmount.so
   auth    sufficient    pam_securityserver.so
   auth    sufficient    pam_krb5.so
   auth    sufficient    pam_unix.so
   auth    required    pam_deny.so
   account    required    pam_securityserer.so
   password    required    pam_deny.so
   session    required    pam_launchd.so
   session    sufficient    pam_krb5.so
   session    optional    pam_afpmount.so
5. On your Mac OS X computer, create (if you don’t have one already) a config file in your ~/.ssh/ directory with the following command: 
   GSSAPIAuthentication yes

And that’s it!  You can now log into any kerberized server using SSH, not need a password, or even build a public-private key structure.

For the past couple of weeks I have been working on and off on a project to deploy Final Cut Pro in a fresh install for our Macintosh lab.  Previous to this the process was to image the machines and then install Final Cut Pro through a script.  Then on each machine I would need to enter in a site license for the software.  This took a lot of time, usually two days for a sizable class of 8 or so.  And, it didn’t give me a huge margin of error either.  

At first I wanted to do something with NetBoot, because it makes it so easy.  Just set the NetInstall image as the default image on the server, and then deploy by booting the system off the NetInstall image.  it’s really easy to set up, really easy for anyone to deploy.  Unfortunately, it doesn’t handle large images very well.  And when I say large images, I mean large images over 38 GB.  I had often wondered why, until I took the Mac OS X Deployment class, and found out that NetBoot uses a unicast method of installing, which is very inefficient.  It actually surprised me that was the case.  

The only other option that was even remotely feasible would be to use a multicast ASR server.  Every Macintosh (either server or client install) supports the server aspect of this project, so it’s very easy to deploy.  The only drawback:  It requires understanding of the command line.  Here is the process I took in order to get Final Cut Pro installed. 

Problems:  

1. Fresh Install of Mac OS X 10.5 with all necessary updates
2. Fresh installation of Final Cut Pro, Motion, Color, and Compressor (these are the Pro classes we offer here in Edtech).  
3. Practice files for the class.
4. License key already included. 
5. An administrator and a student account setup and ready to go.

I began the project by going through the Modular system image creation process.  In this process, you use a sparse image to install your OS and software, place your necessary files, and manipulate any configuration needed for the final deployment.  This is ideal for initial OS setups and system images.  So I installed the OS from a disk image of the install DVD with the following command: 

sudo installer -pkg /Volumes/Mac\ OS\ X\ Install\ DVD/System/Installation/Packages/OSInstall.pkg -target /Volumes/MacintoshHD/ -verbose

Now, I could have added a reference to an XML file that would have removed all unnecessary installations (like printer drivers), but the default install was good enough for the project and hand.  In this case, the MacintoshHD drive is actually an external FireWire drive.  I could also have done this on a machine in Target Disk Mode, but I thought this would  be sufficient, and it saved a lot of time, actually.  

Once completed, I installed the updates.  To find out what I needed, I actually booted up a machine with this default install and ran Software Update, which gave me the names of the packages.  I then downloaded the disk images, moved them to my machine, mounted the images, and installed with a command like this: 

sudo installer -pkg /Volumes/Mac\ OS\ X\ Update\ Combined/MacOSXUpdCombo10.5.6.pkg -target /Volumes/MacintoshHD/ -verbose

I kept the verbose switch on just so that I could see when it was done and judge when I needed the next update.  When I got to the Quicktime update, I ran into a problem:  You can’t update Quicktime to 7.6 on an non-booted system disk.  That through a wrench into the whole “modular image” process.  Not to worry though, it didn’t set back my image creation.  

Once I finished with all the updates that I needed, I then booted off of the FireWire drive and created my users in the directory.  I began with the admin account, which I used to install the remaining updates and Final Cut Pro and Motion Content from their respective disk images.  The installation let me enter in my site license for Final Cut Studio, and saved me a lot of time on each machine.  I than ran updates for The Pro Apps, which took only a couple more updates to finish.  Once done, I created my Student account with the standard login, and rebooted back into my regular computer. 

Note:  Do not try Final Cut Pro at this stage!  It will create the scratch disk with your UUID, which will make it unusable for any other machine after imaged! I found this out the hard way.

So now I have a system that is completely imaged, has the users created and ready to go, and has not launched Final Cut Pro quite yet.  Now I need to create my disk image that I’m going to use for my restore.  This is really easily done in Disk Utility, particularly if you have the image on a FireWire drive.  

Open Disk Utility, and then select the disk volume you created.  Do NOT select the physical drive!  That would result in a larger image than you need, taking up your entire drive.  Want to learn why?  Take the Mac OS X Deployment class.  ^_^  

Once the disk is selected, click on the New Image button at the top.  It will then let you name it (this is just the name of the new image, not the name of the disk), and ask you which type of image you would like.  I named the file ClonedImage.dmg.  The image needs to be Read Only, and Not Encrypted.  If you choose, you can make the image compressed, though it does take a little away from the performance.  I kept it as uncompressed for simplicity’s sake.  Then settle in, this can take a while.  For a 38+ GB image, this can take almost up to an hour (time varies on the machine you use, RAM size, processor speed, etc.).

Once it’s done, click on Disk Utility’s Images menu, and then select Scan Image for Restore.  This can take some more time, though not as much as creating the disk image.  So settle in, have a good book to read or clean out your email.  

Once done, it’s ready for deployment.  Some may suggest that you fix your permissions on the disk before you get to this point.  I’ve not needed to so far, but it is a good practice to adopt.  This would be a case of do as I say, not as I do.  ^_^ 

Now copy your new image to the “Server”.  It can be Mac OS X Server, or a Mac OS X computer.  Either will support the ASR command.  I chose to use a Mac OS X Server that also had NetInstall images for the Macintosh 10.5 Leopard Install DVD.  You will know why in a minute.  I copied the file to the root directory ( / ) for convenience.

Once copied over, boot up the new machine and log in as an Administrator.  Open your Terminal, and create a config.plist file somewhere on the system.  The config.plist file should have at least the following parameters: 

defaults write /Volumes/Backup/Apple/Images/config “Data Rate” -int 6000000
defaults write /Volumes/Backup/Apple/Images/config “Multicast Address” 244.0.0.10 

I put it in the root directory as well for convenience, though you can place it anywhere you can remember it.  Then enter this command: 

sudo asr -server /config.plist -source /ClonedImage.dmg

Press enter, and you should get a notification that your ASR server is ready to begin multicasting.  Once done, you now just need to get to your computers you wish to restore and run the restore image there.  

In this case, I find it simpler to boot off of the Install DVD image.  By making a NetInstall image, it’s easy to do and doesn’t require multiple disks (and the disks don’t walk away unexpectedly).  It also guarantees that your restore system is on the same subnet as your Server, and will have an assigned DHCP address.  Once booted off of the Install DVD, select your language and then click the continue error.  It will ask you if you want to run the install, instead click on the Tools menu, and then select Terminal. 

Now you should only have the Terminal window open.  Here, type the following command to start the restore, assuming your ASR Server has an IP address of 10.1.0.1: 

asr restore -source asr://10.1.0.1 -target /Volumes/Macintosh\ HD/ -erase

This command will search for an ASR server at that IP address, and then erase the target drive and restore from that image.  Then let it go!  For my image it took about 5 hours to complete, but just about all the machines completed the restore at almost the same time.  So I could have completed one install or 22 at the same time from the same server, and saw little difference in the time it takes to make the image.  

Now, this is the process I used.  It worked great, and our Compressor class (the guinea pig class for this image) ran just fine.  But what if you don’t have the time, or the confidence to run the command line tools?  You can do roughly the same thing with NetRestore, which is currently no longer in development, or Deploy Studio.  Both of these tools can do the same thing I do here, but have a nice GUI interface and management is simpler.  

So you may ask why I chose to do it the hard way?  Because I love the command line, and I want to be sure I have the process down pat.  After all, unless you understand the process behind the scenes of a GUI tool, what do you do when the GUI tool doesn’t work or has an error?  Where can you troubleshoot the problem?

A while a go a friend asked me if I would help him set up his office with an Open Directory system, and integrate everything through his Xserve.  It sounded like a simple enough task, as I have done this numerous times in the classroom and for our lab at work.  Boy was I wrong. 

The setup took several hours longer than I would have expected.  He already had the infrastructure, so it should have been simple to set up the server and bind all the clients to the new Directory and establish Kerberos authentication.  The problem ended up being the need to run virtual machines, each of which tried to run remotely on the server instead of locally on the machine (because they were saved in the network home folder).  So, I moved all the virtual machines to the local machines, which fixed that issue.  

Next, preferences within the home folders would get lost all the time.  That it turned out was because the network home folders were taking up too much space, so I moved everyone’s iTunes libraries to the local machine to free up space.  I also had trouble with some internal networking running really slow on occasion (I suspect it’s a problem with the switch, but he can’t replace it), so in order to deal with the flaky network and network home folders, I created mobile accounts on every machine.  If the network goes down, they can authenticate locally and still get what work can be done in an unplugged world.  

Finally, the mail issue.  His office was using Zimbra mail, which was a neat setup, but his version couldn’t be Kerberized.  That, and he wanted to migrate to Apple’s Mail and Calendar server.  So, I set up the mail server, and set up a script utilizing imapsync to transfer the mail from one server to another.  Why?  Because I couldn’t find any documentation on how to move one Postfix database to another while making sure the content was safe and secure.  Anyway, after many attempts (I don’t mind pointing out at this point that imapsync is perhaps one of the most poorly documented open source project I’ve seen), success was made.  Now all I needed to do was redirect the DNS from the router to the new server, and everything should be hunky-dory, right?

The router was using an OpenBSD OS that was extremely limiting.  It took for ever to get the blasted thing to migrate to the right IP’s, and then it didn’t support alias addressing in the DNS.  There’s probably a way to hack the DNS file manually, but I ran into another problem that was really bugging me:  Starting the Mail service in Server Admin didn’t actually start Postfix.  That’s right, it was running all the features of mail without the actual SMTP client to manage it.  

This blew my mind.  A quick search and help from a friend that was Linux savvy indicated that this is a rare bug that happens, and all you have to do is run Postfix manually.  Seems simple enough, but then you need to set it up to start when the system starts.  Again, not too difficult, and easy to set up by adding it to the rc.local file (you can also write a launchd .plist file to handle it, but that’s more complicated than the rc.local step, and I wanted to get this done as soon as possible).

So now Postfix was working, but no one could send or receive mail.  Huge problem, since that’s the point of the mail service.  So, again with the help of my friend, we managed to edit both the main.cf and the master.cf to the right specifications, all of which managed to get Mail working.  

Now, I would like to point out that never in my time as an Instructor have I seen these services fail this badly and completely.  Part of the problem was the strain on his internal network and some bad ports in his router.  Part of the problem was random issues that should never have existed, and yet do because life is never perfect.  And finally, because I have been touting Apple as such as simple solution for a UNIX-based network, it just had to be a problem. 

Has anyone else out there had a similar problem where they have gone into a job with the knowledge that your solution would work, regardless of the platform, and seen it go horribly wrong?  I’m just grateful my friend who asked this of me was so understanding and patient.

Next week we are running a Final Cut Pro 5-day class to prepare students for the Final Cut Pro exam and get more familiar with the software.  It’s great, except the software is huge and doesn’t load into a monolithic system image very well.  As such, I had to find a way to deploy the software in a timely manner without a lot of work or overhead.  

I started first with a modular NetInstall image.  The idea was that I would include the software packages in the install image, it would create the image, and I could install it without worrying about configuration.  Boy was I being hopeful!  At first it would not recognize the software, and then it finally accepted the mounted disk images as I dragged them into the Automator Action.  I thought all was well, until I tested the image.  

It installed the OS just fine, but didn’t include the Final Cut Pro packages.  Well, I thought, I would just need to create a base install, and then deploy the software through a package.  Seemed easy enough, at least..

Mac OS X 10.5 has a great feature with PackageMaker (available with the XCode Tools Development package) that is called a Snapshot Package.  Basically, you can install software on your Macintosh Computer while this is running, and PackageMaker can tell the difference between the original state of the machine and the new improved state.  You can then create a package that would install all the changes across the board, and you would be all set.  

I started by using PackageMaker on the MacBook Pro that I would be using for the class.  I then started the process on the MacBook Pro, installed Final Cut Pro and the Motion Content, and waited.  Once done, I stopped the snapshot, reviewed the changes, and tried to make the package.  PackageMaker crashed on me every time.  I tried three different MacBook Pros, each with the same result.  

At that point, I started to get frustrated.  I tried the same process on my office Mac Pro, and it worked!  I was able to make the snapshot image, and create the package.  I then transferred it to a MacBook Pro computer and started the package.  It ran, told me it was successful, and I was sitting on cloud nine!  Until I tried to run Final Cut Pro, that is.  It would crash every time I tried to run it.  It could have been a permissions issue, but by this time I was running out of time.  I have a busy week with a surprise class and some instructor interviews to conduct, and I needed to come up with a solution quickly.  

So, I tried installing the software on a MacBook Pro from disk images using the installer command from the Command Line.  It worked, installed a bit more than we usually do, but otherwise was successful.  Well, if this would work, surely I could create a script that would mount the images, install the packages, unmount the images, and delete the images to free up space.  It was worth a try. 

The script was easy to write, and is below: 

#!/usr/bin/env bash

# This script should install Final Cut Pro and Motion from disk images.
# The script will need to be run as root, which the package should do
# automatically.
# First it will mount the images, and then it will run the Installer
# scripts for Final Cut Pro, and then Motion.

# The Images are assumed to be in /Users/Shared

hdiutil mount /Users/Shared/Final\ Cut\ Studio.cdr
hdiutil mount /Users/Shared/Motion\ Content.cdr

# Now the Installation will be run.

installer -pkg /Volumes/Final\ Cut\ Studio/Installer/FinalCutStudio.mpkg -target /
installer -pkg /Volumes/Motion\ Content/Installer/MotionContent.mpkg -target /

# Once finished, the script needs to unmount the images.

umount Volumes/Final\ Cut\ Studio
umount Volumes/Motion\ Content

# Now no longer needed, the disk images can be deleted.

rm -rf /Users/Shared/*.cdr

The Script worked on my inital testing, as long as it was run in sudo (installer needs to be run as root).  So I took it a step further and set it up as a package.  I opened PackageMaker again, added both the disk images to it and set the install location to the /Users/Shared directory.  I then added the script to the last package (in this case Motion) as a postinstall script, so that it would run after the Motion image was copied.  I created the images without any errors, and tried the deployment:  Success!  It installed just fine, and everything worked in Final Cut Pro that was expected to work.  

So, I then figured that if this worked, surely it would work if I added it to a NetInstall image, right?  So I created a new NetInstall image workflow that would add this image to the NetInstall.  I then tested it out, and it still didn’t install the package.  So, I copied the package to the server, shared it out, sent the package to each machine, and installed it manually from there.  In the end, I got the deployment working, and the total deployment (not counting the time taken to try and create images and such) took about half the amount of time it would have if I installed everything with the CD’s.  It could have taken even less time if I had Apple Remote Desktop installed and used it to deploy the image.  

So, that was my experience.  I’m going to look at the NetInstall workflow to see if I missed something in how I placed the Automator Action for the package install.  Until then, I still have a very viable deployment solution that takes less time than I would have expected.  ^_^

I’m back from the Chicagoland area, and It’s good to be back home.  The trip home was mostly without incident, with both planes actually arriving on time (or earlier).  The trip was pleasant, and I made some really great friends with other instructors and developers out there within the ranks of the Apple Certified Instructor network.  

So, what about the training?  

Directory Services:  The Directory Services class was phenomenal.  It focused on connecting to various directory systems out there (both Active Directory and OpenLDAP), using the built in GUI tools, third party tools, and using the command line utility.  

We spent a lot of time demoting and promoting our servers to Open Directory Masters, while connecting to another directory system and making an Open Directory Replica.  

I learned a lot of new things at the training, mostly on how to replicate and create backup Directory systems for failover.  I’ll start covering each chapter in more detail as time permits, but needless to say it was a very useful class.  

Overall the flow was well designed.  The material was a little lacking in that some work in the workbook was not available or mentioned in the reference guide.  But other than that, it was well done.  The cognitive load was well managed with the timing of the class, and the constructivist method was well represented in this material.  Arek Dreyer, who wrote the reference guide, did a great job with the work.  I hope he works on the material again with the new 10.6 materials for which Apple Training is already planning.  

Advanced System Administration:  I want to preface this review by mentioning how this class was originally conceived.  When 10.5 came out, Apple Training looked at the existing certification and noticed that an Apple Certified Systems Administrator could go the whole certification process without once taking anything more than Server Essentials.  

Apple wanted to make the certification more meaningful, and so decided that knowing how to set up the environment was more important than knowing how to manage an Xsan or Podcast Producer.  And, quite honestly, they were right.  A Systems Administrator needed to focus on the core system that allows for Xsan and Podcast Producer to work well with the rest of the system, and not just the peripheral systems.  

So, basically, anything that didn’t fit into Deployment (system imaging and image maintenance) and Directory Services needed to be dumped into this class.  As such, the class is 5 days long and still too short for the material.  It’s also a fairly new class, as it is the only class that was not recreated from Tiger classes.

So, what do I think of it?  It definitely shows the signs of a kitchen sink class.  If you don’t have experience in the Command Line and didn’t take any of the other classes, you would be totally lost on this one.  It is completely designed to be a capstone course, and allow the student to design their own solution while completing the class.  

But there are problems:  If you don’t focus on the on-going narration (which the instructor had better be creating along the way for the sanity of the learners), then you can easily get lost in the details.  There is a lot of focus on current UNIX solutions, potential issues, tools that are still in development, and proprietary command line tools that Apple has created to manage their utilities.  All this is thrown at the student in four pillars:  Planning and Implementation, Networking, Administration (monitoring, security, and automation), and Troubleshooting.  

The narration is thus:  You have just been hired as the new PretendCo Systems Administrator, and the company is on the cusp of huge growth.  You find out that the company, up to now, has been running on one server, set up as a Standard configuration system for convenience.  You now have to do some real management to scale up the system you put in place in order to cope with the new growth expectations.  

For me, it’s going to be a challenge to teach this in a For-Credit schedule, if just because the course narration will be really difficult to keep in the student’s mind.  When I offer this class, I’ll be spending a lot of time focusing on the instructor notes, so that I can keep that narration flowing.  I may need to build the narration into some online exercises as well.  

So, overall, Directory Services was a hit, and a blast to teach.  Advanced System Administration was great, but I was honestly only able to keep up because of what I had already known having both taken all the previous Apple classes, and my experience with Linux.  I’m thinking that I may make the Linux Fundamentals a prerequisite for taking this class.  That way I can know that my students have had time to whet their experience on a UNIX environment in the command line.

This week I finish up with my T3′s for Apple with Advanced Server Administration.  This class is focused primarily on running the ADDIE process (Analyze, Design, Develop, Implement, and Evaluate) throughout the IT  infrastructure of a company, and build it up using both the GUI and Command Line tools.  Because it is assumed that you have been learning the GUI tools up to this point (this is the capstone course), it primarily focuses on the command line tools available to the Mac.  

I’m not sure when we will offer the class at the U, as much depends on other training offerings and any additional infrastructure we would need, but I already have a lot of people interested in this class.  Most of them are Linux administrators who are going to be supporting the Apple platform, and want to do so with SSH (just as they would with Linux).  I already have a list of people who would love to take that class.  

Anyway, it all hinges on whether or not I’m judged “good enough” to train.  Partly judged by my peers, partly judged by the Master Trainer, my fate rests in their hands.  At this point, however, I’m less concerned.  I’m rather more concerned with how my family is doing back home.  I’m literally counting the days until I fly out.  But I will miss the Chicago area.  

Anyway, more details on the classes I attended during this trip sometime next week.  I’ll give a teaser for the classes, and give you my opinion of the materials and flow of the class.  

As promised, here is my review for the Mac OS X Deployment 10.5 T3 that I attended this last week.  

First, the location.  Of course I’m biased, but I have always loved Chicago, and as such enjoyed the trip Villa Park and Oakbrook Terrace.  The hotel was nice, and the location of the training facility was fairly easy to get to.  The only problem:  no sidewalks.  It makes it difficult to walk when you don’t have sidewalks, and there isn’t enough room to walk on the street (without getting hit).  Other than that, the location was nothing to complain about. 

The materials:  There are quite a lot of material for this class, and I was a little concerned that it would be impossible to fit it all into a 2 day training.  Luckily, that was the thought of the course developers as well, and as such the training was extended to 3 days.  That fits in perfectly with my training schedule I have planned for the University, so I didn’t complain. 

The Subject Matter:  There was still a lot that I wanted to cover but couldn’t in the class, mostly those focusing around the command line.  But then, there is a separate class for that, which I will be attending in two weeks.  ^_^  But those important topics, such as deploying through the command line, and imaging through the command line, were covered in depth.  Also planning, scaling, and third party utilities for managing a deployment option was well covered.  

One really nice thing I liked about the class was a mandate for the student to immediately apply what they have learned to a real world situation.  They do this through a Deployment planning sheet, which the trainer should have printed out for each student.  We didn’t have it, but it was made available to us in PDF form, and there is a link that comes with the learning materials to PeachPit’s website for the same PDF.  Once the form is filled out, the last chapter talks about real world solutions in many large companies, school districts, and training centers, and gives the student time to go through their document to see what they find useful, and what they don’t need, in their deployment of OS X.  

The Requirements:  It is essential the student have a command of both the Mac OS X GUI and have command line experience before starting this course.  Basically, students would need to have completed at least the Server Essentials course, and be able to manage a UNIX command line experience.  Why?  Because at the beginning of the course you are just expected to set up your computers with little assistance from the book.  At this point, it is expected that the student knows already how to set up a brand new install of Mac OS X. 

The command line experience would be more along the lines of familiar with syntax of commands.  Most, if not all, of the commands used are Mac OS X Utilities and not your typical UNIX commands, yet the syntax is the same and therefore the student needs to be familiar with that syntax.  There may be some situations when troubleshooting is necessary, and as such the student will need to know how to get to the man pages.  

Something else that would be important before taking this class is having troubleshooting knowledge, and an understanding of what you are being prepared to learn.  This way if something doesn’t quite work they way it’s written in the book, you can step outside of the given examples and find alternatives.  That’s part of learning, something that many students I have had in the past didn’t quite understand.  It requires reading/studying ahead of time, asking questions, and being attentive.  

The Pace:  Unlike both Support and Server Essentials where we pend a lot of time trying to catch the class up after some really long first setup exercises, this class is paced just right for the materials.  We as a training class (of 10 trainers) finished with plenty of time on the last day to cover some topics more in depth, and that was with us doing the majority of the optional exercises.  So with a typical class at this level, the pacing will be such that students will have some time to play with some configuration, or perhaps have a long lunch as a thank you for coming to the class.  

Overall, it is the best designed Apple training course I have attended so far.  The materials are well designed, the pace is just right (low to medium cognitive load), and the course talks well to adult students (through Constructivist methods).  This is a class that may not run often here in Utah, but will most likely be a well attended class when it does.  It is by far my most favorite class to date.  ^_^  

Also, I’d like to say thanks to everyone that attended, because they gave me some very welcomed constructive criticism, and the Master Trainer was a great host.  If only the Cubs could have won all three games I was there, rather than just one of the two.  Oh well, there is always next time.  

The speed of the new Mac OS release has me thinking.  It’s really soon since Leopard was released, and Exchange support really isn’t enough to warrant it.  Then I keep coming back to the reasons Apple said they are releasing it:  Security, Efficiency, and Power Consumption.  This is really low-level stuff, down to the kernel. 

When Mac OS X was first released, the OS was built around the Mach kernel.  To date, there are only two OSes that I am aware of that have successfully used the Mach kernel:  Mac OS X and the NeXT OS.  THis shouldn’t be surprising, since Steve Jobs owned NeXT, and just brought it over to Apple when he came back.  

But the Mach kernel is very limiting, meaning that there is a lot of overhead to make it work across platforms.  While it can work fine on various architectures, the Mach kernel has to be developed specifically for that platform before it will work.  As such, there is an inherent flaw in using this core in an OS that is poised to do so many things.  

Another problem with the Mach kernel is virtualization.  Now, I’m not talking about virtualization in a desktop sense, but rather a server sense.  While it is possible to use the current OS in a virtual machine (both Parallels and VMWare are doing something just like that), it’s very difficult to get it to work in Compatibility Mode, because the kernel needs to be modified heavily.  Since Compatibility mode is more efficient than HVM, it should be a goal of Apple.

But then I read this article regarding the possibility of using Xen as a replacement for the Mach kernel, as tested and run by Moshe Bar.  All of a sudden, my heart skipped a beat.  Xen!  Running natively on the Mac as a Bare-bones OS, virtualizing the Mac OS!  I started looking back at the evidence:  no PPC support, which means Intel only.  The Core 2 Duo and Atom chips all have Intel VT technology, so it should be no problem.  With Xen at the core, they can still keep Darwin open source, which is a huge plus.  And, you no longer need to boot up to Windows to use it:  Just run it through Xen.  It would work almost like fast user switching, but fast OS switching.  

And, virtualization no longer becomes a problem, either for desktop or server level.  The OS can still be targeted specifically for Mac Hardware (though I think that will no longer be an issue as there is a law against requiring software to run on specific hardware), and could even be easily migrated to other hardware platforms, should Apple so choose.  

Okay, once the euphoria of the possibility of Xen being the platform for OS X 10.6 Snow Leopard, the nagging started to hit me.  Could there be reasons why Apple wouldn’t go with Xen?

1. The new “Grand Central” multi-core optimization project.  It *could* be Xen, but why rename it?  Perhaps because it isn’t Xen at all.  Of course it still could be, just modified to fix the Mac even more. 
2. XenSource was purchased by Citrix not long ago, and the question of it’s Open Source status is still hanging.  There could be some collaboration here, but Apple likes to have control of everything from start to finish.  It now becomes very unlikely.