This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Disclaimer
JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

Leverage Content Caching for MacOS Update with Patch mgmt policy

shawnsong
Rising Star III
Rising Star III

‎01-03-2023 03:12 AM - edited ‎01-03-2023 03:15 AM

Last time I shared a "local-network patching" strategy for Windows devices, guess what, the very similar concept can be done on MacOS (and iPadOS,iOS) too! 

Let's go straight into it, shall we? 

The Benefit

It has been brought more and more often typically not just for the large environments but also the slightly smaller ones - internet bandwidth is scarce and the update sizes are usually "big" (over 1GB+ ) for MacOS. Just imagine 20 ish Macs are downloading updates from the internet at the same time, while a few others are having video calls in the same office. 

Not fun at all 😂

Quoting from Apple's KB :

Content caching is a service in macOS that speeds up downloading of software distributed by Apple and data that users store in iCloud by saving content that local Apple devices have already downloaded. The saved content is stored in a content cache on a Mac, and is available for other devices to retrieve without going out over the internet.

OS / App updates are the part of the supported type of cache.

The service doesn't incur extra charges from Apple. 

The "How"

Considerations 

  • Design the topology with multiple "caching hosts" if your network env has separations, large or layered with proxies. You might wanted to read a bit more here.
  • Plan multiple "caching hosts" on non-production Macs - i.e. the IT folk's devices 😄, or a few spared Macs. 

Setting it up

  • Create a device group in JC for the elected caching hosts. 
  • Create a patch policy to make sure these hosts will be downloading the latest updates. Like this:

shawnsong_0-1672732436465.png

  • Bond this policy ONLY to the caching hosts device group you created. 
  • Create a cmd with the lines below to enable Content Caching - ideally set to "run manually":
    # flush out the cache if any to start clean
sudo AssetCacheManagerUtil flushCache
sudo AssetCacheManagerUtil flushPersonalCache
sudo AssetCacheManagerUtil flushSharedCache

# activate the content caching
sudo AssetCacheManagerUtil activate

# display the status
AssetCacheManagerUtil status​
  • Expect an outcome like this: 
    2023-01-03 14:59:48.582 AssetCacheManagerUtil[43292:1202646] Content caching flushed its cache.
2023-01-03 14:59:48.603 AssetCacheManagerUtil[43294:1202657] Content caching flushed its cache.
2023-01-03 14:59:48.623 AssetCacheManagerUtil[43296:1202664] Content caching flushed its cache.
2023-01-03 14:59:56.235 AssetCacheManagerUtil[43298:1202763] Content caching activated.
2023-01-03 14:59:56.235 AssetCacheManagerUtil[43298:1202763] Restart devices to take advantage of
 content caching immediately.
2023-01-03 14:59:56.244 AssetCacheManagerUtil[43302:1202767] Content caching status:
    Activated: true
    Active: true
    ActualCacheUsed: Zero KB
    CacheDetails: (none)
    CacheFree: 20 bytes
    CacheLimit: 20 bytes
    CacheStatus: OK
    CacheUsed: Zero KB
    Parents: (1)
        192.168.31.253:56421, guid <GUID>, version 244, healthy; su
pports personal caching: yes, and import: yes, shared caching: yes
    Peers: (none)
    PersonalCacheFree: 20 bytes
    PersonalCacheLimit: 20 bytes
    PersonalCacheUsed: Zero KB
    Port: 62839
    PrivateAddresses: (1)
        192.168.31.245
    PublicAddress: <public_IP>
    RegistrationStatus: 1
    RestrictedMedia: false
    ServerGUID: <GUID>
    StartupStatus: OK
    TetheratorStatus: 0
    TotalBytesAreSince: 2023-01-03 14:59:51
    TotalBytesDropped: Zero KB
    TotalBytesImported: Zero KB
    TotalBytesReturnedToChildren: Zero KB
    TotalBytesReturnedToClients: Zero KB
    TotalBytesReturnedToPeers: Zero KB
    TotalBytesStoredFromOrigin: Zero KB
    TotalBytesStoredFromParents: Zero KB
    TotalBytesStoredFromPeers: Zero KB​
  • Use a mobile configuration editor - in this case I have used iMazing Profile editor (Free), to create a content caching config. (You may find the full list of configurable settings here

 shawnsong_1-1672732818207.png

  • Here is an example mobile.config I used in this case 
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>AllowPersonalCaching</key>
                <false/>
                <key>CacheLimit</key>
                <integer>20</integer>
                <key>DatabaseUpdateInterval</key>
                <integer>3600</integer>
                <key>DownloadMinRate</key>
                <integer>1000</integer>
                <key>ListenRanges</key>
                <array>
                    <dict>
                        <key>first</key>
                        <string>192.168.31.10</string>
                        <key>last</key>
                        <string>192.168.31.254</string>
                        <key>type</key>
                        <string>IPv4</string>
                    </dict>
                </array>
                <key>Parents</key>
                <array>
                    <string>192.168.31.253</string>
                    <string>192.168.31.245</string>
                </array>
                <key>PayloadDisplayName</key>
                <string>Content Caching</string>
                <key>PayloadIdentifier</key>
                <string>com.apple.AssetCache.managed</string>
                <key>PayloadType</key>
                <string>com.apple.AssetCache.managed</string>
                <key>PayloadUUID</key>
                <string></string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PeerFilterRanges</key>
                <array>
                    <dict>
                        <key>first</key>
                        <string>192.168.31.10</string>
                        <key>last</key>
                        <string>192.168.31.254</string>
                        <key>type</key>
                        <string>IPv4</string>
                    </dict>
                </array>
                <key>PruneAssetsAge</key>
                <integer>90</integer>
                <key>PruneAssetsInterval</key>
                <integer>7</integer>
                <key>ReservedVolumeSpace</key>
                <integer>5</integer>
            </dict>
        </array>
        <key>PayloadDisplayName</key>
        <string>ContentCaching</string>
        <key>PayloadIdentifier</key>
        <string>com.jumpcloud.mdm.custom-policy</string>
        <key>PayloadOrganization</key>
        <string>demo JC</string>
        <key>PayloadRemovalDisallowed</key>
        <true/>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadUUID</key>
        <string></string>
        <key>PayloadVersion</key>
        <integer>1</integer>
    </dict>
</plist>​
  • Create a "MDM Custom Configuration Profile" policy for Mac, upload the mobile configuration file you just created, apply to the same device group.
  • After 1 min or 2, validate the Content Caching service on the device by go to:

    • macOS 13 or later: Choose Apple menu > System Settings > General > Sharing > Content Caching.

    • macOS 12.0.1 or earlier: Choose Apple menu > System Preferences > Sharing > Content Caching.

shawnsong_2-1672733179926.png

shawnsong_3-1672733271301.png

  • You can always run the line below to check the caching / peering status:
    sudo AssetCacheManagerUtil status​

That's it, happy content-caching!

 

 

0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.