transparent local software update server for mac like WSUS

This is a way to transparently set up a server to cache software updates on your local network. This doesn\’t require any modifications (defaults write...) on clients — it just works. And I didn\’t find any other similar solution on the internet; not even here! It does require Mac OS X Server, however. Here\’s how we did it:

  1. Build a Mac OS X Server and call it yoursus. We used a headless Mac mini to do the job.
  2. You must use external DNS servers on this server (so it won\’t check itself for updates).
  3. Add a record for your server on your internal DNS, so yoursus.yourdomain.com resolves to your SUS\’s IP.
  4. Start Software Update Server (SUS). It may take some time to cache all updates — our /usr/share/swupd/html/ folder now has almost 9GB of files in it!
  5. Start Web Service, and add following redirect (Server Admin » Web » Sites » default » Edit » Aliases » URL Aliases and Redirects » Add » Redirect):
    • Pattern: /content/catalogs/index-1.sucatalog
    • Path: http://yoursus.yourdomain.com:8088/index.sucatalog
  6. Add a zone in your internal DNS, called swscan.apple.com, and point the whole subdomain to the IP of your SUS.
  7. Flush your DNS cache on the clients: lookupd -flushcache

Now test your setup. Using Safari, following this link to Apple\’s catalog on your SUS should show Apple\’s real catalog (ApplePostURL should start with swquery.apple.com), while the same on other computers in your network should resolve and be forwarded to your SUS, http://yoursus.yourdomain.com:8088/index.sucatalog (ApplePostURL will start with yoursus.yourdomain.com:8088 this time).

Now just run Software Update on the clients, and enjoy the speed of downloads!

The only downside of this setup is the mini complaining in system.log that it has no reverse DNS entry for itself. To be honest, I didn\’t have much time to think how to set it up without extra hardware; I just happened to have a spare mini for this purpose. Maybe there\’s a way to have the DNS and SUS running on one server, perhaps via two IP addresses and tweaking of config files. I also didn\’t test it much with Panther clients; it possibly needs different redirects for that. Comments welcomed. Happy updating!

Warning: I emphasized using internal DNS so you won\’t propagate Apple\’s own zone to the outside world. I warned you and don\’t bear any responsibility for your bringing Apple\’s update servers down! I can\’t provide you with more details, as our DNS runs on Windows.

more here