Skip to main content
Skip table of contents

Installing the Collector on macOS

Overview

Nexthink distributes the Collector for macOS as a disk image (.dmg) file with the following contents:

  • A package (.pkg) file for installing the Collector from a graphical user interface.

  • The application csi.app for installing the Collector from the command line interface.

  • A reporter shell application that gathers system information in the case that you find any issue when running the Collector on macOS.

  • An uninstaller application to remove the Collector when it is no longer needed.

After the installation, as a sanity check, optionally verify the status of the TCP connection between the Collector and the Engine.

Starting from V6.17, the Mac Collector runs in user mode and it does not need to ask the user for explicit permissions to install any kernel extension. The fact of running in user mode comes with the added benefit of making unnecessary to reboot your macOS devices after updating or uninstalling the Collector.

Applies to the macOS platform

Prerequisites

You need:

  • One or more macOS devices where to install the Collector.

  • The Nexthink Collector disk image (Nexthink_Collector_<version>.dmg file).

  • The Customer Key and Root Certificate of the primary Appliance. These are essential to enable the complementary TCP connection of the Collector with the Engine. Read this article if you need to install the Collector as part of a POC, before having installed the definitive primary Appliance.

  • Optional: A third-party automated deployment tool.

Find the Nexthink Collector image file in the Product Downloads page of Nexthink:

  1. Open your favorite web browser.

  2. Navigate to the official Nexthink documentation web site: doc.nexthink.com.

  3. Click Product download in the top right corner of the main documentation page, above the search tool.

  4. In the Nexthink Help Center, click the Product Downloads section.

  5. Sign in with your customer credentials.

  6. Click the first entry of the Latest V6 releases list.

  7. Optional: Click the link to the release notes of the Mac Collector to learn about the new features and bug fixes.

  8. Under Download links, find the Collector section.

  9. Click to download the Collector package for Mac.

  10. Optional: Verify your download with the provided SHA-256 hash.

  11. Click the downloaded file Nexthink_Collector-<version>.dmg file.

  12. Find the package file (Nexthink_Collector-<version>.pkg) and the csi app inside the image file.

Download the Customer Key and default Root Certificate from the primary Appliance:

  1. Log in to the Web Console of the primary Appliance as admin.

  2. Select the Appliance tab at the top of the Web Console.

  3. Click Collector management in the left-hand side menu.

  4. Click the buttons DOWNLOAD CUSTOMER KEY and DOWNLOAD DEFAULT ROOT CERTIFICATE to download, respectively, the text files holding the Customer Key and the default Root Certificate of the primary Appliance (the latter is required only if you did not replace the certificate for the TCP communication channel of the Appliances with the Collector).

You need to know:

  • The DNS name or IP address of the Engine (as specified as External DNS name of the Engine in the Web Console).

  • TCP port number for the connection of the Collector with the Appliances (default 443).

  • Optional: UDP port number where the Engine is listening for the Collector (default 999, but prefer TCP-only).

Graphical installation

To install the Collector on macOS using the graphical interface:

  1. Double-click the provided disk image file to mount it into your filesystem and see its contents.

  2. Double-click the package file Nexthink_Collector_<version>.pkg and the installer starts with the introduction.

  3. Click Continue to proceed with the installation.

  4. In the step Personalization, configure first the settings of the Nexthink Appliance to which the Collector will connect:

    • Name or IP address: Type in the DNS name or IP address of the Appliance (the Portal, if rule-based collector assignment is turned on; the Engine, otherwise). Respectively, this setting must match either the External DNS name of the Portal or the External DNS name of the Engine.

    • Optional (recommended) Data over TCP: Tick to send all Collector data through the TCP channel. Ticked by default.

    • TCP port: Type in the port number on which the Appliance listens for TCP connections from the Collector. Default is 443. A custom TCP port must be in the non-privileged range (port number above 1024).

    • UDP port: Type in the port number on which the Appliance listens for UDP connections from the Collector. Only enabled if Data over TCP is not checked.

  5. Still on Personalization, configure the proxy settings of the Collector:

    • Tick Automatic proxy for the Collector to take its configuration from a proxy auto-configuration (PAC) file.

      1. In PAC address, type in the URL of the file that determines the proxy to use.

    • Tick Manual proxy for the Collector to use the following proxy settings:

      1. Address: Type in the FQDN or IP address of the proxy.

      2. Port: Type in the port number where the proxy is listening for connections.

  6. In a second step, configure the other settings of the Collector:

    • Customer Key: Copy and paste the contents of the the file that holds the Customer Key of the primary Appliance.

    • Root CA: Copy and paste the contents of the file that holds the default Root Certificate of the primary Appliance. If you leave this field empty, the Collector assumes that you replaced the server certificates in the Engine and falls back to using the Keychain Access for verifying the certificates presented by the Appliance. You must replace the certificates to communicate via the default TCP port 443.

    • Optional Collector tag: Type in an integer number (0 to 2147483647) that identifies a group of Collectors. The Collector tag is visible in the Finder and is useful for defining the entities to build up hierarchies.

    • Optional Collector string tag: Type in a label (max 2048 characters) that identifies a group of Collectors. The Collector string tag is visible in the Finder and is useful for defining the entities to build up hierarchies.

    • Optional: Tick Assignment service if you activated the rule-based assignment of Collectors.

    • Optional: Tick Nexthink Engage to activate the features that let you engage with the end user via campaigns (requires the purchase of the Nexthink Engage product).

    • Optional: Select the execution policy of scripts included in remote actions:

      • Disabled (default): the Collector runs no remote action on the device.

      • Unrestricted: the Collector runs any remote action on the device, regardless of the digital signature of its script.

      • Trusted publisher: the Collector runs on the device only those remote actions with a Bash script that is signed by a Mac identified developer.

      • Trusted publisher or Nexthink: the Collector runs on the device only those remote actions with a Bash script that is signed either by Nexthink or by a Mac identified developer.

  7. Click Continue to proceed.

  8. In the step Destination select, the installer program shows the local paths in the system where it is going to install the different components of the Collector. Keep the default paths and click Continue.

  9. The Installation Type step informs you about some details of the installation process, including the amount of space that the program is going to occupy on disk. Click Install to begin with the actual installation.

  10. The installer shows the progress of the installation and it finishes with a summary message. If the installation was successful, click Close to terminate the procedure.

Security
Network configuration

Command line installation

The command line installation lets you install the Collector even when you have access to a computer only through the shell of macOS. Using the command line installation, you can thus install the Collector either locally or remotely through an ssh connection.

Execute the csi application provided with the disk image. To mount the disk image into the file system:

  1. After downloading the image file from Product Downloads, pick one of the following options:

    • If you are installing the Collector in a remote computer:

      1. Copy the image file to the remote computer:

scp Nexthink_Collector_<version>.dmg <username>@<address>:

  1. Log in to the remote computer:ssh <username>@<address>

    • If you are installing the Collector in the local computer:

      1. Change the directory to the one where you downloaded the image file.

  2. Mount the image file:

hdiutil mount Nexthink_Collector_<version>.dmg

Once with the image file mounted into the filesystem of the target Mac computer, install the Collector from the command line:

  1. Change the directory to the path of the csi application:

cd /Volumes/Nexthink_Collector_<version>/csi.app/Contents/MacOS

  1. Type in the following command and provide, as arguments:

    • address: the FQDN or IP address of the Appliance.

    • port: the port number of the UDP channel in the Appliance.

    • tcp_port: the port number of the TCP channel in the Appliance.

    • rootca: the path to the Root Certificate.

    • key: the path to the Customer Key file

    • (Optional) engage: whether to enable the Engage campaigns or not (default is disable).

    • (Optional) data_over_tcp: whether to enable the sending of all data over the TCP channel (default is enable).

    • (Optional) use_assignment: whether to enable automatic collector assignment (default is disable).

    • (Optional) ra_execution_policy: whether to enable the Act remote actions or not with the following options:

disabled (default)

The Collector runs no remote action on the device.

unrestricted

The Collector runs any remote action on the device, regardless of the digital signature of its script.

signed_trusted

The Collector runs on the device only those remote actions with a Bash script that is signed by a Mac identified developer.

signed_trusted_or_nexthink

The Collector runs on the device only those remote actions with a Bash script that is signed either by Nexthink or by a Mac identified developer.

  1. (Optional) proxy_pac_address: provide the URL of a PAC address for automatic configuration of proxy settings.

    • (Optional) proxy_address: provide the FQDN or IP address of a proxy for manual configuration of proxy settings.

    • (Optional) proxy_port: provide the port number where a proxy is listening for connections for manual configuration of proxy settings.

    • (Optional) tag: integer number (0 to 2147483647) to identify an individual or batch installation of Collectors.

    • (Optional) string_tag: label (max 2048 characters) to identify an individual or batch installation of Collectors.

  2. For instance:

    sudo ./csi -address <appliance_address>
    -port <appliance_udp_port> -tcp_port <appliance_tcp_port>
    -rootca <root_certificate_file> -key <customer_key_file>
    -engage enable -data_over_tcp disable
    -proxy_pac_address <pac_URL>
    -proxy_address <proxy_FQDN_or_IP> -proxy_port <port_number>
    -use_assignment enable -tag 1000 -string_tag Preproduction

Enterprise deployment

The Collector supports its installation in an enterprise environment being based on either:

  • Imaging

  • Mobile Device Management (MDM)

Choose the method that better suits your needs depending on your deployment workflow.

Uninstalling the Collector

To uninstall the Collector, execute the uninstaller script that is provided with the image file. Assuming that you have mounted the image file into the filesystem of the computer where the Collector is installed:

  1. From the shell, type in the following command:

sudo /Volumes/Nexthink_Collector_6.x.x/uninstaller

The operations described in this article should only be performed by a Nexthink Engineer or a Nexthink Certified Partner.

If you need help or assistance, please contact your Nexthink Certified Partner.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.