Using OS X and Parallels in a Lab Environment

1
Using OS X and Parallels in a Lab Environment
Brynnen Owen owen_at_uiuc.edu Neil Thackeray
neilt_at_uiuc.edu Graduate School of Library and
Information Sciences.
2
WHATS ALL THIS

• This talk covers our transition from using a
  Windows-only lab tousing Macintosh OS X and
  Parallels with Windows and Linux for use in
  instructional labs at the Graduate School of
  Library and Information Sciences (take breath).

3
MOTIVATION

• Five year old computers need replacement

4
MOTIVATION

• Five year old computers need replacement
• Wanted most manageable solution, without losing
  flexibility.
• Have system as automated as possible.
• Give users what they need.
• Give users as much of what they want as possible.
• Follow all policies for UIUCnet.

5
MOTIVATION

• Five year old computers need replacement
• Wanted most manageable solution, without losing
  flexibility.
• Have system as automated as possible.
• Give users what they need.
• Give users as much of what they want as possible.
• Follow all policies for UIUCnet.
• These goals often oppose each other

6
FEATURE ISSUES

• Lab users want everything!

7
FEATURE ISSUES

• Lab users want everything!
• My class needs to run application XYZ, which is
  only available on Windows.

8
FEATURE ISSUES

• Lab users want everything!
• My class needs to run application XYZ, which is
  only available on Windows.
• I know you have emacs, jedit, wordpad, oxygen,
  textedit, vi, word, and StarWriter, but my
  students need to use ABC for editing.

9
FEATURE ISSUES

• Lab users want everything!
• My class needs to run application XYZ, which is
  only available on Windows.
• I know you have emacs, jedit, wordpad, oxygen,
  textedit, vi, word, and StarWriter, but my
  students need to use ABC for editing.
• All my bookmarks are in Opera, why do you only
  have Firefox?

10
FEATURE ISSUES

• Lab users want everything!
• Why can't you install this game that I bought and
  uninstalled at home?

11
FEATURE ISSUES

• Lab users want everything!
• Why can't you install this game that I bought and
  uninstalled at home?
• I only need this trial version for 2 days, can't
  you just install it and then uninstall it?

12
FEATURE ISSUES

• Lab users want everything!
• Why can't you install this game that I bought and
  uninstalled at home?
• I only need this trial version for 2 days, can't
  you just install it and then uninstall it?
• Why don't you use Windows?

13
FEATURE ISSUES

• Lab users want everything!
• Why can't you install this game that I bought and
  uninstalled at home?
• I only need this trial version for 2 days, can't
  you just install it and then uninstall it?
• Why don't you use Windows?
• Why don't you use Macintosh?

14
FEATURE ISSUES

• Lab users want everything!
• Why can't you install this game that I bought and
  uninstalled at home?
• I only need this trial version for 2 days, can't
  you just install it and then uninstall it?
• Why don't you use Windows?
• Why don't you use Macintosh?
• Why don't you use Linux?

15
POLICY ISSUES

• Policies require us to monitor what happens on
  UIUCnet.
• Ok, not spy on our users but be able to say who
  was logged in when.

16
POLICY ISSUES

• Policies require us to monitor what happens on
  UIUCnet.
• Ok, not spy on our users but be able to say who
  was logged in when.
• This requires authentication.

17
POLICY ISSUES

• Policies require us to monitor what happens on
  UIUCnet.
• Ok, not spy on our users but be able to say who
  was logged in when.
• This requires authentication.
• This can require users to only have non
  administrator access to a lab machine.

18
INSTALL ISSUES

• If a single computer takes 4 hours to set up, a
  lab of 50 computers takes over a month.

19
INSTALL ISSUES

• If a single computer takes 4 hours to set up, a
  lab of 50 computers takes over a month.
• Some automated form of install is necessary!

20
IMAGING SYSTEMS

• Imaging systems automate computer lab installs.

21
IMAGING SYSTEMS

• Imaging systems automate computer lab installs.
• Ghost occasionally has issues
• Ghost won't boot into virtual partition
• Ghost won't come out of virtual partition
• Machine names must be unique after imaging

22
IMAGING SYSTEMS

• Imaging systems automate computer lab installs.
• OS X has built-in imaging capabilities in
  hardware and software
• Seems more reliable
• Machine names must be unique after imaging,
  however OS X will create a unique name if needed.

23
CHOOSE

• Which imaging system works best for imaging?
• Which system(s) satisfies user needs?
• Which system(s) satisfies the most users wants?
• Which system(s) is consistent with policies?

24
IMAGING

• To increase the manageability of imaging, use
  Macintosh to image lab.

25
IMAGING

• To increase the manageability of imaging, use
  Macintosh to image lab.
• Some specialty library software requires
  Microsoft Windows.

26
IMAGING

• To increase the manageability of imaging, use
  Macintosh to image lab.
• Some specialty library software requires
  Microsoft Windows.
• Use Parallels to run Windows under OS X.

27
IMAGING

• To increase the manageability of imaging, use
  Macintosh to image lab.
• Some specialty library software requires
  Microsoft Windows.
• Use Parallels to run Windows under OS X.
• Back to imaging after discussing Parallels.

28
PARALLELS

• Parallels lets one computer run more than one
  operating system at the same time.

29
PARALLELS

• Parallels lets one computer run more than one
  operating system at the same time.
• Runs on Windows, OS X, and Linux

30
PARALLELS

• Parallels lets one computer run more than one
  operating system at the same time.
• Runs on Windows, OS X, and Linux
• Can run Windows or Linux as second OS
• May be able to run OS X in future?!?

31
PARALLELS II

• Parallels is not a processor emulator, but rather
  a virtual machine processor.

32
PARALLELS II

• Parallels is not a processor emulator, but rather
  a virtual machine processor.
• All OS code runs natively, except for device
  drivers.

33
PARALLELS II

• Parallels is not a processor emulator, but rather
  a virtual machine processor.
• All OS code runs natively, except for device
  drivers.
• Parallels device drivers redirect I/O calls
  through native OS
• The secondary OS uses a file from the main OS as
  a disk.

34
PARALLELS III

• Parallels has two networking models, a bridged
  ethernet model and localhost-only model.

35
PARALLELS III

• Parallels has two networking models, a bridged
  ethernet model and localhost-only model.
• The Bridged ethernet model requires a fake MAC
  address to simulate a second computer.
• Parallels virtual machines receive their own IP
  address and act as a completely separate machine
  on the network.

36
PARALLELS III

• Parallels has two networking models, a bridged
  ethernet model and localhost-only model.
• The localhost-only model allows the Parallels
  virtual machine to only speak to the base OS.
• For localhost-only modes, outsite network access
  is possible if the base OS supports NAT (more
  later).

37
BACK TO IMAGING

• To increase the manageability of imaging, use
  Macintosh to image lab.
• Some specialty library software requires
  Microsoft Windows.
• Use Parallels to run Windows under OS X.
• Copy a single file to an OS X machine, and you've
  reimaged Windows.

38
RENAMING

• This is probably the most complicated part of our
  system.

39
RENAMING

• This is probably the most complicated part of our
  system.
• Each MAC address must be unique on a network.
• Each NetBIOS name must be unique on a network.
• Each Appletalk name must be unique on a network.

40
RENAMING

• This is probably the most complicated part of our
  system.
• Create a database of Real MAC address to Fake MAC
  address mappings.
• Create a database of MAC address to computer name
  mappings.

41
RENAMING

• This is probably the most complicated part of our
  system.
• Create a database of Real MAC address to Fake MAC
  address mappings.
• Create a database of MAC address to computer name
  mappings.
• We used web and MySQL, but any file will do.

42
FAKE MAC ON OSX

• Use a script on OS X to look up the appropriate
  fake MAC address for Parallels given the host's
  real MAC address.

43
GETTING A MAC
REAL MAC 123456
Server has mappings 123123 -gt 545454 123456 -gt
987654
Server finds and sends 987654
FAKE MAC 987654
44
FAKE MAC ON OS X

• Use a script on OS X to look up the appropriate
  fake MAC address for Parallels given the host's
  real MAC address.
• The script uses cURL to get the fake MAC address
  given the hardwares MAC address.
• The script uses sed to insert the result of the
  DB query into the parallels config file (pvs
  file).
• cat proto.pvs sed -e s/_at_MAC_at_/MAC/g
• Done once each time Parallels is installed.

45
NAMING OS X

• Use a script on OS X to look up the appropriate
  name for OS X.

46
GETTING A NAME
OS X sends 123456
Server Has mapping 123456 -gt mac22 987654 -gt
Windows22 123123 -gt mac21
Server finds and sends mac22
OS X names itself mac22
47
NAMING OS X

• Use a script on OS X to look up the appropriate
  name for OS X.
• Use the OS X defaults command to edit the plist
  file containing the hostname.
• Can be done once each time the Macintosh is
  installed.

48
NAMING WINDOWS

• Use a custom-written service on the Windows image
  to look up the computer name from the Parallels
  fake MAC address.

49
GETTING A NAME
Parallels sends 987654
Server Has mapping 123456 -gt mac22 987654 -gt
Windows22 123123 -gt mac21
Server finds and sends Windows22
Windows under Parallels names itself Windows22
50
NAMING WINDOWS

• Use a custom-written service on the Windows image
  to look up the computer name from the Parallels
  fake MAC address.
• This service looks up the name associated with
  the current MAC address. If the name returned
  differs, it changes names and rejoins the domain.
• When Parallels starts Windows, the name changes
  automatically.

51
NAMING WINDOWS

• Force the Windows naming to take place.
• We have a Mac OS X user set up with Parallels as
  a default run item. We (remotely) set this user
  to auto-login, wait 5 minutes, reset, and were
  done!
• This is really not as complicated as it sounds!
  We can give code to others interested.

52
NAMING WINDOWS

• Once a Parallels Windows image has had its
  NetBIOS name set appropriately, the image can be
  backed up locally on the hard drive.
• The image can be refreshed by copying back,
  without the need for renaming.
• For hosed windows installs, a quick copy fixes
  things up.

53
MORE THAN IMAGING

• Imaging does not tell the whole story! Sometimes
  a push of an update is more efficient.

54
MINOR CHANGES

• Oftentimes, only a simple change is needed to the
  image.
• A small configuration change.
• A new utility install.
• Imaging is a bit heavy-handed for this task.

55
UPDATING

• When only minor changes to the image are
  required, pushing an update with OS X is pretty
  easy.

56
UPDATING

• When only minor changes to the image are
  required, pushing an update with OS X is pretty
  easy.
• Most software installs for OS X simply require
  copying files.

57
UPDATING

• When only minor changes to the image are
  required, pushing an update with OS X is pretty
  easy.
• Most software installs for OS X simply require
  copying files.
• OS X Developer tools includes a utility called
  PackageMaker to ease distribution of packages.

58
UPDATING

• PackageMaker packages can include preinstall
  scripts and postinstall scripts.
• Packages may be run by clicking on the result.
• Apple Remote Desktop can push these packages to
  multiple machines pretty reliably.

59
UPDATING

• Given that the Windows system is just a file, it
  is easy to update the Windows image just by
  copying a new disk image file.
• First, update the master Parallels image.
• Push the resulting image file with a simple copy.

60
UPDATING

• Vendor-supplied security patches usually do not
  need to be manually installed.
• Both OS X and Windows can automatically install
  security patches.

61
INFRASTRUCTURE

• Having a central infrastructure makes this all
  work!

62
INFRASTRUCTURE

• Having a central infrastructure makes this all
  work!
• DHCP with MAC address and name mappings.

63
INFRASTRUCTURE

• Having a central infrastructure makes this all
  work!
• DHCP with MAC address and name mappings.
• User data stored on central file servers so
  workstation hard drives may be wiped at will.

64
INFRASTRUCTURE

• Having a central infrastructure makes this all
  work!
• DHCP with MAC address and name mappings.
• User data stored on central file servers so
  workstation hard drives may be wiped at will.
• Centralized authentication takes user management
  out of the picture.

65
END RESULT

• We're working on finalizing our order for Mac
  Mini's right now.

66
END RESULT

• We're working on finalizing our order for Mac
  Mini's right now.
• Software uses native OS X versions when possible.

67
END RESULT

• We're working on finalizing our order for Mac
  Mini's right now.
• Software uses native OS X versions when possible.
• Windows runs with Parallels when OS X versions
  are unavailable.

68
END RESULT

• We're working on finalizing our order for Mac
  Mini's right now.
• Software uses native OS X versions when possible.
• Windows runs with Parallels when OS X versions
  are unavailable.
• Custom scripts can start correct Parallels
  versions with about 3 lines of code.

69
INTEGRATED

• While Parallels is running, it (can) take over
  USB devices and CDRom Drives.
• If enabled, all insert notifications for USB and
  CD go to the Parallels Window image.
• This can be nice while working in Windows, but
  confusing if Parallels is running but minimized.

70
LINUX JUST OK

• Most of the work with Parallels has been to get
  Windows running. While Linux works, it has
  poorer quality drivers than Windows, such as
  fewer screen resolutions.
• Linux does receive USB and CD insert
  notifications, just as Windows does.

71
BONUS LEVEL!

• The Windows system can be part of a domain login.
  Although we don't use AD, it should still work
  for authentication.

72
BONUS LEVEL!

• The Windows system can be part of a domain login.
  Although we don't use AD, it should still work
  for authentication.
• While performance is generally good with Windows
  under Parallels/OS X, I wouldn't try running Half
  Life or AutoCAD.

73
BONUS LEVEL!

• The Windows system can be part of a domain login.
  Although we don't use AD, it should still work
  for authentication.
• While performance is generally good with Windows
  under Parallels/OS X, I wouldn't try running Half
  Life or AutoCAD.
• Linux can be easily added as an image, giving one
  computer three operating systems!

74
SANDBOX

• Remember the Parallels mode with localhost and
  NAT?

75
SANDBOX

• Remember the Parallels mode with localhost and
  NAT?
• Create a Windows (or linux for that matter)
  image, leaving the administrator account open.

76
SANDBOX

• Remember the Parallels mode with localhost and
  NAT?
• Create a Windows (or linux for that matter)
  image, leaving the administrator account open.
• All logging/tracking of who did what is
  accomplished through the base OS!

77
SANDBOX

• Remember the Parallels mode with localhost and
  NAT?
• Create a Windows (or linux for that matter)
  image, leaving the administrator account open.
• All logging/tracking of who did what is
  accomplished through the base OS!
• No servers can be started, due to the NAT
  firewalling!

78
MORE SANDBOX

• Using group-accessible images allows instructors
  to have per-class or per-project Windows installs
  for student use.
• Course content can include how to install and
  configure various software packages, even though
  theyll only be available to the localhost.

79
CONCLUSION

• We started using OS X and Parallels to aid in
  imaging efforts and software maintenance in a lab
  environment.
• For free, we were able to get sandbox
  environments and access to more OSs than we
  could otherwise.
• We were able to watch the Windows flag and Tux
  jump up and down!