# Installing Collector on macOS The following sections explain the Collector installation and deployment methods in detail. See the [](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector "mention") documentation to learn how to decide on the installation and deployment method applicable to your infrastructure. ## Overview Nexthink distributes Collector for macOS as a disk image DMG file with the following content: * A predefined installation package file for installing Collector from a graphical user interface. * The `csi.app` application for installing Collector from the command line interface. * A reporter shell application that gathers system information for troubleshooting purposes. * An uninstaller application to remove Collector when it is no longer needed. After the installation, as a sanity check, optionally [verify the status of the TCP connection between Collector and the Nexthink cloud platform](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/managing-collector-agents/querying-the-collector-tcp-connection-status). Collector runs in user mode and does not ask the user for permissions to install any kernel extension. Running in user mode avoids having to reboot the devices after updates or uninstallation. ## Before you begin Ensure you have the following before the installation: * The Nexthink Collector `Nexthink_Collector_.dmg` disk image file. * The Customer Key. * Access to the full storage device (Full Disk Access enabled). * The fully qualified domain name (FQDN) of your Nexthink instance. * TCP port number for the connection; default: 443. * Optionally, a third-party automated deployment tool. ### Installation package file To obtain the predefined installation package file: {% stepper %} {% step %} Download the macOS Collector DMG file directly from the product on the [Collector management](https://docs.nexthink.com/platform/user-guide/administration/system-configuration/collector-management) dashboard under **Administration > Collector management > Downloads**. {% endstep %} {% step %} Click the downloaded file `Nexthink_Collector-.dmg` file. {% endstep %} {% step %} Extract the `Nexthink_Collector-.pkg` package. {% endstep %} {% endstepper %} ### **Full disk access permission** Nexthink Collector relies on the Apple Endpoint Security framework and follows Apple’s privacy guidelines. For this reason, the `nxtsvc` macOS app requires full disk access. Administrators can manually enable it using the System Preferences application utility or use the mobile device management (MDM) capabilities to configure and update settings remotely. Nexthink provides sample files you can use to create the configuration files you need for both `nxtsvc.app` and `nxtcod.app`. Refer to the [Installing Collector profile in Jamf for macOS](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/macos-collector-references/installing-collector-profile-in-jamf-for-macos) documentation for more information. ### **Additional configuration** Refer to the [Configuring Collector level anonymization](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/configuring-collector-level-anonymization) for more information about additional Collector configuration for data anonymization and privacy. ## Collector installation method Choose the applicable installation method depending on the scale of your infrastructure. ### Installing Collector for a small-scale setup Refer to the following sections: * [#installingcollectoronmacos-wizardinstallation](#installingcollectoronmacos-wizardinstallation "mention") * [#installingcollectoronmacos-command-lineinstallation](#installingcollectoronmacos-command-lineinstallation "mention") ### **Installing Collector for a** medium to **large-scale setup** Refer to the [#installingcollectoronmacos-enterprisedeployment](#installingcollectoronmacos-enterprisedeployment "mention") section. ## Manual installation To install Collector on macOS using the Wizard installation: {% stepper %} {% step %} Double-click the provided disk image file to mount it into your filesystem and see its contents. {% endstep %} {% step %} Double-click the package file `Nexthink_Collector_.pkg` and the installer will start with the introduction. {% endstep %} {% step %} Click **Continue** to proceed with the installation. {% endstep %} {% step %} In the step **Personalization**, configure first the settings of the **Nexthink Appliance** to which Collector will connect:
| Name or IP address | The FQDN of your Nexthink instance. | | ------------------ | ------------------------------------------------------------------------- | | Data over TCP | Tick the option to send data over a TCP channel. | | TCP port | Port number to set to 443. | | UDP port | This feature must not be selected when using the Nexthink cloud platform. | | {% endstep %} | | {% step %} Configure the Collector proxy settings: * Tick **Automatic proxy** for Collector to take its configuration from a proxy auto-configuration (PAC) file. In **PAC address**, type in the URL of the file that determines the proxy to use. * Tick **Manual proxy** for Collector to use the following proxy settings: | Address | Type in the FQDN of the proxy. | | ------------- | ----------------------------------------------------- | | Port | Type in the port number where the proxy is listening. | | {% endstep %} | | {% step %} In a second step, configure the other settings of Collector:
| Customer Key | Copy and paste the contents of the file that holds the Customer Key. | | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Root CA | Leave this field empty. | | Collector tag (optional) | Type in an integer number (0—2147483647) that identifies a group of Collectors. The tag is useful for defining the entities to build up hierarchies. | | Collector string tag (optional) | Type in a label (max 2048 characters) that identifies a group of Collectors. The string tag is useful for defining the entities to build up hierarchies. | | Assignment service (optional) | Select it if you activated the rule-based assignment (classic). | | Nexthink Engage (optional) | Select it activate the features that let you send campaigns to employees. | | Execution policy of scripts included in remote actions (optional) |

Select the behavior:

  • Disabled (default): Collector runs no remote action on the device.
  • Unrestricted: Collector runs any remote action on the device, regardless of the digital signature of its script.
  • Trusted publisher: Collector runs on the device only those remote actions with a shell script that is signed by an identified developer.
  • Trusted publisher or Nexthink: Collector runs on the device only those remote actions with a shell script that is signed either by Nexthink or by an identified developer.
  • Pinned: Collector runs on the device only remote actions with a shell script signed with a signature, whose leaf certificate thumbprint is allowed via the cert\_fingerprints argument.
    Refer to Certificate pinning for more information.
  • Pinned or Nexthink: Collector runs on the device only remote actions with a shell script signed either by Nexthink or signed with a signature, whose leaf certificate thumbprint is allowed via the cert\_fingerprints argument.
    Refer to Certificate pinning for more information.
| | {% endstep %} | | {% step %} **Certificate fingerprints**: If `Pinned` or `Pinned or Nexthink` was selected in the previous step:\ Define an *allow list* of script signature thumbprints (separated by a single `,` without spaces surrounding it.) The script signature thumbprint must match the signature's **leaf certificate** thumbprint. Refer to [Certificate pinning](https://docs.nexthink.com/platform/user-guide/remote-actions/managing-remote-actions/writing-scripts-for-remote-actions-on-mac#option-2-relying-on-certificate-pinning) for more information. {% endstep %} {% step %} Click **Continue** to proceed. {% endstep %} {% step %} In the step **Destination select**, the installer program shows the local paths in the system where it is going to install the different components of Collector. Keep the default paths and click **Continue**. {% endstep %} {% step %} The **Installation Type** step informs you about some details of the installation process, including the amount of disk space that the program is going to use. Click **Install** to begin with the installation. {% endstep %} {% step %} The installer shows the progress of the installation, and it finishes with a summary message. If the installation was successful, click **Close** the installer. {% endstep %} {% endstepper %} ## Command-line installation The command-line installation lets you install Collector even when you have access to a computer only through the macOS shell. Using the command-line installation, you can install Collector either locally or remotely through an SSH connection. Execute the `csi.app` application provided with the disk image. To mount the disk image into the file system: {% stepper %} {% step %} **After downloading the image file from Product Downloads, pick one of the following options** **If you are installing Collector on a remote computer:** 1. Copy the image file to the remote computer: ```bash scp Nexthink_Collector_.dmg @
: ``` 2. Log in to the remote computer: ```bash ssh @
``` **If you are installing Collector on the local computer**, change the directory to the one where you downloaded the image file. {% endstep %} {% step %} **Mount the image file** Run the following command: ```bash hdiutil mount Nexthink_Collector_.dmg ``` {% endstep %} {% endstepper %} Once the image file has been mounted into the filesystem of the target Mac computer, install Collector from the command line: {% stepper %} {% step %} **Change the directory to the path of the csi application. For example, run the following command when version 22.6.2.10 of Collector is used** ```bash cd /Volumes/Nexthink_Collector_22.6.2.10\ OSX\ 10.15\ -\ 12/csi.app/Contents/MacOS/ ``` {% endstep %} {% step %} **Run command `sudo ./csi` and use the following arguments**
ArgumentRequiredDescription
addressmandatoryFQDN of your Nexthink instance.
portmandatoryThis feature must not be selected when using the Nexthink cloud platform.
tcp_portmandatoryPort number to set to 443.
rootcamandatoryNot required.
keymandatoryThe path to the Customer Key file
engageoptionalWhether to enable the campaigns or not.
Default value: disable
data_over_tcpoptionalWhether to enable the sending of all data over the TCP channel.
Default value: enable
use_assignmentoptionalWhether to enable the rule-based assignment (classic).
Default value: disable
ra_execution_policyoptional

Whether to enable the remote actions or not with the possible options below.

  • disabled (default)
    Collector runs no remote action on the device.
  • unrestricted
    Collector runs any remote action on the device, regardless of the digital signature of the associated script.
  • signed_trusted
    Collector runs on the device only remote actions with a shell script signed by an identified developer.
  • signed_trusted_or_nexthink
    Collector runs on the device only remote actions with a shell script signed either by Nexthink or an identified developer.
  • signed_pinned
    Collector runs on the device only remote actions with a shell script signed with a signature, whose leaf certificate thumbprint is allowed via the cert_fingerprints argument.
    Refer to Certificate pinning for more information.
  • signed_pinned_or_nexthink
    Collector runs on the device only remote actions with a shell script signed either by Nexthink or signed with a signature, whose leaf certificate thumbprint is allowed via the cert_fingerprints argument.
    Refer to Certificate pinning for more information.
tagoptionalInteger number (0—2147483647) to identify an individual or batch installation of Collectors.
string_tagoptionalLabel (maximum of 2048 characters) to identify an individual or batch installation of Collectors.
proxy_pac_addressoptionalProvide the URL of a PAC address for automatic configuration of proxy settings.
proxy_addressoptionalProvide the FQDN of a proxy for manual configuration of proxy settings.
proxy_portoptionalProvide the port number where a proxy is listening for connections for manual configuration of proxy settings.
{% endstep %} {% endstepper %} #### Example ```bash sudo ./csi -address -tcp_port -key -engage enable -proxy_pac_address -proxy_address -proxy_port -tag 1000 -string_tag Preproduction ``` ## Enterprise deployment Collector supports installations in an enterprise environment based on the Mobile Device Management (MDM) solution. ### Creating a custom package file for deployment To create a custom package file for large-scale deployment: {% stepper %} {% step %} Download the macOS Collector DMG file directly from the product on the [Collector management](https://docs.nexthink.com/platform/user-guide/administration/system-configuration/collector-management) dashboard under **Administration > Collector management > Downloads**. {% endstep %} {% step %} Extract the following files into a folder: * `csi.app` * `Customer Key.txt` {% endstep %} {% step %} Open the folder containing the files in Jamf Composer to create a new package. {% endstep %} {% step %} Set the permissions on the files as follows: | File | Owner: root | Group: wheel | Everyone | | ------------------ | ------------- | ------------- | ------------- | | `csi.app` | read, execute | read, execute | Read, execute | | `Customer Key.txt` | read | read | — | | {% endstep %} | | | | {% step %} Add a meaningful name for the package. {% endstep %} {% step %} Add a new postinstall shell script to the package and ensure the following: * The `BASE_PATH` points to the folder that contains the installation files. * The path and filename in `KEYFILE` points to the `Customer Key.txt` file. {% endstep %} {% step %} Set the installer arguments and the clean-up section. {% endstep %} {% step %} Build and save the package as a PKG file. {% endstep %} {% step %} In Jamf Pro, go to **Settings > Computer management > Packages**. {% endstep %} {% step %} On the **General** tab, create a new package and assign to it the installation package file. {% endstep %} {% step %} On the **Options** tab, set the **Priority** to 2 to ensure the package will be deployed as soon as possible. {% endstep %} {% step %} Save the package. {% endstep %} {% endstepper %} ### Jamf deployment See the official [Jamf documentation](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Package_Deployment.html) to learn how to deploy packages with Jamf. Refer to the [Installing Collector profile in Jamf for macOS](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/macos-collector-references/installing-collector-profile-in-jamf-for-macos) documentation for more information on Collector profiles in Jamf. {% hint style="info" %} Create multiple Collector profiles with different configurations for different device groups. {% endhint %} ## Uninstalling Collector To uninstall Collector, execute the uninstaller script that is provided with the `.dmg` file. Assuming that you have mounted the image file into the filesystem of the computer with Collector installed, type the following command in a macOS shell: ```bash sudo /Volumes/Nexthink_Collector_22.6.2.10\ OSX\ 10.15\ -\ 12/uninstaller ``` The instruction above uninstalls Collector using version 22.6.2.10 of the uninstaller. RELATED TASKS * [Mac Collector proxy support](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/macos-collector-references/mac-collector-proxy-support) * [Installing Collector profile in Jamf for macOS](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/macos-collector-references/installing-collector-profile-in-jamf-for-macos) * [Engage notifications on macOS (classic)](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/macos-collector-references/engage-notifications-on-macos-classic) * [Deploying Collector on macOS using Intune](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/macos-collector-references/deploying-collector-on-macos-using-intune)