Table: Symantec Management Agent for Mac installation prerequisites
Any of the following operating systems:
Mac OS X 10.6.x (Universal binary), 10.7.x (Universal binary), 10.8.x (Universal binary), 10.9 (Universal library)
Mac OS X Server 10.6.x (Universal binary), 10.7.x (Universal binary), 10.8.x (Universal binary)
Universal binary means that the operating system can run on either a PowerPC or an Intel computer.
Starting from Mac OS X 10.9, Mac OS X Server is replaced with an app available through Appstore.
Hard disk space
60-MB minimum for temporary installation files and 60 MB for resident installed files.
Symantec requires administrator account credentials to connect to the client Mac computer. After you connect to the Mac as a local administrator, you can either push or pull the agent. You push the agent automatically from Symantec Management Console or pull the agent manually, from the Mac Terminal.
In CMS 7.1 and earlier, explicit root privileges were required for installing the agent. If you have upgraded to CM 7.1 SP1 or later you gain root privileges in the background when you do a push installation using the administrator account credentials. If you do a pull installation, you connect to the Mac computer as an administrator and at the Mac Terminal run the sudo ./aex-bootstrap-macosx command. The sudo command gives you the administrator privileges on the Mac computer and you can install the Symantec Management Agent.
When you perform a remote installation of the agent from Symantec Management Console, you install the agent using a local administrator account. This account is required for all installation methods, including push and pull.
Only a push installation from Symantec Management Console requires that you enable remote login through Secure Shell (SSH) on the destination Mac client computer. You enable SSH in System Preferences in the Sharing window. To enable SSH, enable Remote Login.
If you plan to perform a push installation, you must also configure third-party firewalls to allow an SSH connection from Symantec Management Console to the Mac client. Use the credentials that are provided in the Installation Settings dialog box for the computer or computers that you select to receive the push installation from the console. The path in Symantec Management Console is Actions > Agents/Plug-ins > Push Symantec Management Agent > Install Symantec Management Agent for UNIX, Linux and Mac > Rollout Agent for UNIX, Linux, and Mac to Computers.
The Secure Shell (SSH) gives you access from Symantec Management Console (specifically, Notification Server) to remote Mac client computers. Without SSH enabled, you cannot install the agent. With SSH enabled, you can perform bulk installations of the agent from Notification Server to multiple Mac clients.
To allow an incoming SSH connection, ensure that an SSH server is running on the Mac client computer and that the firewall is configured.
If you install through a manual process or a pull installation, you do not need to enable SSH. For a pull installation, you download aex-bootstrap-macosx. This self-extracting script triggers the agent installation. To use this script, you use the sudo prefix from the Mac Terminal. The Mac Terminal is synonymous with the Windows command line.
Notification Server communicates through port 80 by default through an outbound connection. The agent communicates through Notification Server through port 80 (HTTP, for browsing) or port 443 (HTTPs, secure). The agent communicates with Notification Server over HTTP or HTTPs; therefore, you must configure the firewall to allow whichever type of connection you choose to allow.
Symantec does not recommend using the option to use only the Notification Server computer IP address. This option requires reconfiguration of the Notification Server computer codebase and snapshot settings.
For details, see HOWTO3674 in the Symantec Knowledge Base.
Push-installation requirements are met
If you plan to install the agent through a push, you must remove or disable the customized prompts and the login scripts that include interactive prompts.
Remember that you must also configure third-party firewalls to allow an SSH connection from Symantec Management Console to the Mac client. Use the credentials that are provided in the Installation Settings window when you perform a push from the console.
Customized prompts can cause a push installation to fail. Customized prompts are those that are multi-lined, contain colors, contain more than 200 characters, or have been customized in any other way.
Login scripts that users run cannot include interactive prompts, because the Symantec installation scripts cannot detect or respond to those interactive login scripts on Mac client computers.
You do not need to discover Mac computers on your network with Network Discovery before you push the agent to those computers.