Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Create a transparent local software update server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create a transparent local software update server
Authored by: mojosan on Oct 10, '07 08:51:32AM

Setting up a local software update server for Macs is a great idea and well worth it. I have a slightly different (and I think simpler) method, though YMMV.

You still need a machine with Mac OS X Server (sorry) setup on a static ip address with the Software Update Server turned on (part of Mac OS X Server). Ideally you have your own DNS server so that you can map a DNS name to the IP address of this machine (for convenience).

The next step is to download "Software Update Client Configuration" from or This is a little program you run on each client machine which allows you to either temporarily (which is what we use) or permanently change the address of the software update server that the client gets its updates from (note... you have to press the "Save" button once you've entered in your temporary server address or this doesn't work) and then click the "Open Software Update" button. We use "temporarily" so that when our users our at home they can run software updates directly with Apple's servers (which is fine with us). You may choose to manage this differently.

Software update then runs normally but downloads updates available on the local server instead of Apple's server.

The advantages of this are 1) speed (it's a beautiful thing watching these updates download over 100Mb or Gigabit ethernet) 2) saves bandwidth on your WAN as you only have to download the updates once from Apple to your SU Server and 3) it only installs the updates that you have made available on your updates server.

We've been using this for about a year and it works beautifully, fabulously, flawlessly. Great solution.

[ Reply to This | # ]
Create a transparent local software update server
Authored by: TvE on Oct 10, '07 10:46:21AM

I like the original idea a lot better - try your model in an organization with thousand of clients…

[ Reply to This | # ]
Create a transparent local software update server
Authored by: zpjet on Oct 12, '07 02:06:13AM

I appreciate all your comments, although I must say only few people understand my solution so I will emphasise what matters this time again:

This doesn't require any modifications on clients.

Most of the solutions suggested were already described in many places, for example here at macosxhints: 10.4: Manually add a Tiger Software Update Server

I agree that using e.g. defaults write CatalogURL "" is more simple. But let me think about some case studies:

  1. If i had the server at home and a few macs, I would use defaults (or a freeware) - even on laptops, because the client seems to fall back to Apple's servers when it can't find local SUS.
  2. Without a server, the suggested Squid proxy solution seems to be fine, although I would save hassle if I had just three home macs.
  3. In a company with twenty macs, I would also use defaults, perhaps wrapped into an AppleScript and sent around in a mail, or using Remote Admin and its feature Send UNIX command as current user.
  4. Yes, the right way to do it is with Open Directory. And yes, if you have 3000 clients, you gotta have it.
  5. But we're a service centre where most of the client computers belong to customers, so we don't want to modify their and want to save our traffic. That's why we invested into the server software and one mini to do the job. If you are an internet cafe or have a lot of guests in general, you might profit, too. I can see in the log it does about ten updates a day, most of them worth ~300MB - the updates are downloaded from local SUS in cca one minute.

Yes, this is actually a DNS hack, but what I like is that the setup is very simple. Just the server, one Redirect and one zone on internal DNS. When I'm not that busy, I will try to find a solution without spare server, as DNS can listen on more IP addresses.

[ Reply to This | # ]
Brilliant!... 10.6 Server update:
Authored by: paullyjay on Oct 29, '09 10:59:23AM

OK, I have this up and running on 10.6.1 server now...

Follow all the steps from the top post... (Great post BTW)
then also add 2 more redirects:

pattern: /content/catalogs/others/index-leopard.merged-1.sucatalog

pattern: /content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog

Then instead of using: lookupd -flushcache

use: dscacheutil -flushcache on the client

Now try running software update on the client computer...

[ Reply to This | # ]
Brilliant!... 10.6 Server update:
Authored by: _Tom on Sep 20, '10 03:21:26PM

Truly a great hack, thanks for that. Thought I would add that I have it up and running on Server 10.5.8, and it's happily serving updates to clients using 10.4, 10.5 and 10.6 (haven't tested older ones).

I wanted to share some troubleshooting I did regarding the message:

<Error>: Unable to download upstream catalog index (was looking for

I was getting this after I had the SUS up and running. I'm not entirely sure what causes it but it's not related to the DNS hack (I was careful to configure my services stepwise). There are several posts at relating to it with no real solution.

As it happens, in order to get Leopard server to serve Snow Leopard clients, I had to modify mirror-config-1.plist and put it on my local drive anyway. Although I reflected this change in swupd.plist, I couldn't get SUS to load the file from the local path (same error as above -- not sure if it was a permissions problem). Obviously the URL doesn't resolve from the server since it's using my ISP's DNS, so my solution was to just chuck mirror-config-1.plist on an external website and update swupd.plist so it looks there. Since doing that I haven't had a problem.

Thought I'd share in case anyone else ran into this.

Once again many thanks for the brilliant tip. I love it. We have many computers, most of which aren't administrated by me, and limited bandwidth, so doing this transparently was exactly what I needed.



[ Reply to This | # ]
Brilliant!... 10.6 Server update:
Authored by: _Tom on Sep 23, '11 09:26:04PM
Alright, I now also have 10.5.8 Server sending out updates to Lion clients!


to mirror-config-1.plist

Left it for 24 hours to download updates and propagate the catalogs, then redirected




Thanks again to the original poster for the great tip!

[ Reply to This | # ]