# Installing Collector on macOS {% stepper %} {% step %} Double-click the provided disk image file to mount it into your filesystem and see its contents. {% endstep %} {% step %} Double-click the package file `Nexthink_Collector_.pkg` and the installer will start with the introduction. {% endstep %} {% step %} Click **Continue** to proceed with the installation. {% endstep %} {% step %} In the step **Personalization**, configure first the settings of the **Nexthink Appliance** to which Collector will connect:
| Name or IP address | The FQDN of your Nexthink instance. | | ------------------ | ------------------------------------------------------------------------- | | Data over TCP | Tick the option to send data over a TCP channel. | | TCP port | Port number to set to 443. | | UDP port | This feature must not be selected when using the Nexthink cloud platform. | | {% endstep %} | | {% step %} Configure the Collector proxy settings: * Tick **Automatic proxy** for Collector to take its configuration from a proxy auto-configuration (PAC) file. In **PAC address**, type in the URL of the file that determines the proxy to use. * Tick **Manual proxy** for Collector to use the following proxy settings: | Address | Type in the FQDN of the proxy. | | ------------- | ----------------------------------------------------- | | Port | Type in the port number where the proxy is listening. | | {% endstep %} | | {% step %} In a second step, configure the other settings of Collector:
| Customer Key | Copy and paste the contents of the file that holds the Customer Key. | | ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Root CA | Leave this field empty. | | Collector tag (optional) | Type in an integer number (0—2147483647) that identifies a group of Collectors. The tag is useful for defining the entities to build up hierarchies. | | Collector string tag (optional) | Type in a label (max 2048 characters) that identifies a group of Collectors. The string tag is useful for defining the entities to build up hierarchies. | | Assignment service (optional) | Select it if you activated the rule-based assignment (classic). | | Nexthink Engage (optional) | Select it activate the features that let you send campaigns to employees. | | Execution policy of scripts included in remote actions (optional) |

Select the behavior:

| | {% endstep %} | | {% step %} **Certificate fingerprints**: If `Pinned` or `Pinned or Nexthink` was selected in the previous step:\ Define an *allow list* of script signature thumbprints (separated by a single `,` without spaces surrounding it.) The script signature thumbprint must match the signature's **leaf certificate** thumbprint. Refer to [Certificate pinning](/platform/user-guide/remote-actions/getting-started-with-remote-actions/creating-remote-actions/writing-scripts-for-remote-actions-on-mac.md#option-2-relying-on-certificate-pinning) for more information. {% endstep %} {% step %} Click **Continue** to proceed. {% endstep %} {% step %} In the step **Destination select**, the installer program shows the local paths in the system where it is going to install the different components of Collector. Keep the default paths and click **Continue**. {% endstep %} {% step %} The **Installation Type** step informs you about some details of the installation process, including the amount of disk space that the program is going to use. Click **Install** to begin with the installation. {% endstep %} {% step %} The installer shows the progress of the installation, and it finishes with a summary message. If the installation was successful, click **Close** the installer. {% endstep %} {% step %} **Change the directory to the path of the csi application. For example, run the following command when version 22.6.2.10 of Collector is used** ```bash cd /Volumes/Nexthink_Collector_22.6.2.10\ OSX\ 10.15\ -\ 12/csi.app/Contents/MacOS/ ``` {% endstep %} {% step %} **Run command `sudo ./csi` and use the following arguments**
ArgumentRequiredDescription
addressmandatoryFQDN of your Nexthink instance.
portmandatoryThis feature must not be selected when using the Nexthink cloud platform.
tcp_portmandatoryPort number to set to 443.
rootcamandatoryNot required.
keymandatoryThe path to the Customer Key file
engageoptionalWhether to enable the campaigns or not.
Default value: disable
data_over_tcpoptionalWhether to enable the sending of all data over the TCP channel.
Default value: enable
use_assignmentoptionalWhether to enable the rule-based assignment (classic).
Default value: disable
ra_execution_policyoptional

Whether to enable the remote actions or not with the possible options below.

  • disabled (default)
    Collector runs no remote action on the device.
  • unrestricted
    Collector runs any remote action on the device, regardless of the digital signature of the associated script.
  • signed_trusted
    Collector runs on the device only remote actions with a shell script signed by an identified developer.
  • signed_trusted_or_nexthink
    Collector runs on the device only remote actions with a shell script signed either by Nexthink or an identified developer.
  • signed_pinned
    Collector runs on the device only remote actions with a shell script signed with a signature, whose leaf certificate thumbprint is allowed via the cert_fingerprints argument.
    Refer to Certificate pinning for more information.
  • signed_pinned_or_nexthink
    Collector runs on the device only remote actions with a shell script signed either by Nexthink or signed with a signature, whose leaf certificate thumbprint is allowed via the cert_fingerprints argument.
    Refer to Certificate pinning for more information.
tagoptionalInteger number (0—2147483647) to identify an individual or batch installation of Collectors.
string_tagoptionalLabel (maximum of 2048 characters) to identify an individual or batch installation of Collectors.
proxy_pac_addressoptionalProvide the URL of a PAC address for automatic configuration of proxy settings.
proxy_addressoptionalProvide the FQDN of a proxy for manual configuration of proxy settings.
proxy_portoptionalProvide the port number where a proxy is listening for connections for manual configuration of proxy settings.
{% endstep %} {% step %} Download the macOS Collector DMG file directly from the product on the [Collector management](/platform/user-guide/administration/system-configuration/collector-management.md) dashboard under **Administration > Collector management > Downloads**. {% endstep %} {% step %} Extract the following files into a folder: * `csi.app` * `Customer Key.txt` {% endstep %} {% step %} Open the folder containing the files in Jamf Composer to create a new package. {% endstep %} {% step %} Set the permissions on the files as follows: | File | Owner: root | Group: wheel | Everyone | | ------------------ | ------------- | ------------- | ------------- | | `csi.app` | read, execute | read, execute | Read, execute | | `Customer Key.txt` | read | read | — | | {% endstep %} | | | | {% step %} Add a meaningful name for the package. {% endstep %} {% step %} Add a new postinstall shell script to the package and ensure the following: * The `BASE_PATH` points to the folder that contains the installation files. * The path and filename in `KEYFILE` points to the `Customer Key.txt` file. {% endstep %} {% step %} Set the installer arguments and the clean-up section. {% endstep %} {% step %} Build and save the package as a PKG file. {% endstep %} {% step %} In Jamf Pro, go to **Settings > Computer management > Packages**. {% endstep %} {% step %} On the **General** tab, create a new package and assign to it the installation package file. {% endstep %} {% step %} On the **Options** tab, set the **Priority** to 2 to ensure the package will be deployed as soon as possible. {% endstep %} {% step %} Save the package. {% endstep %} {% endstepper %} The following sections explain the Collector installation and deployment methods in detail. See the [Installing Collector](/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector.md) documentation to learn how to decide on the installation and deployment method applicable to your infrastructure. ## Before you begin Nexthink distributes Collector for macOS as a disk image DMG file with the following content: * A predefined installation package file for installing Collector from a graphical user interface. * The `csi.app` application for installing Collector from the command line interface. * A reporter shell application that gathers system information for troubleshooting purposes. * An uninstaller application to remove Collector when it is no longer needed. After the installation, as a sanity check, optionally [verify the status of the TCP connection between Collector and the Nexthink cloud platform](/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/managing-collector-agents/querying-the-collector-tcp-connection-status.md). Collector runs in user mode and does not ask the user for permissions to install any kernel extension. Running in user mode avoids having to reboot the devices after updates or uninstallation. ### Prerequisites Ensure you have the following before the installation: * The Nexthink Collector `Nexthink_Collector_.dmg` intallation package file. * The customer key in the `Customer Key.txt` file, which you receive in your welcome email from Nexthink. * Access to the full storage device (Full Disk Access enabled). * The fully qualified domain name (FQDN) of your Nexthink instance. * TCP port number for the connection; default: 443. * Optionally, a third-party automated deployment tool. This documentation covers Jamf and Intune. * Download the macOS Collector DMG file directly from the product on the [Collector management](/platform/user-guide/administration/system-configuration/collector-management.md) dashboard under **Administration > Collector management > Downloads**. ### Installation package file To obtain the predefined installation package file: {% stepper %} {% step %} Click the downloaded file `Nexthink_Collector-.dmg` file. {% endstep %} {% step %} Extract the `Nexthink_Collector-.pkg` package. {% endstep %} {% endstepper %} ## Installation procedure overview On a high level, the procedure includes the following steps: ```mermaid %%{ init : { "theme" : "default", "flowchart" : { "curve" : "linear" }}}%% flowchart LR n2(Obtain
Collector) --> n3(Configure
permissions) --> n4{Choose installation
path} --> n5(Install manually) -. When applicable .-> n6(Deploy in Jamf) n4 --> n7(Deploy in Intune) ``` ## Choosing the installation path Use one of the following paths to deploy Collector: * **Manual installation** for a small pilot or unmanaged macOS devices when: * You are running a proof of value * You manage only a few macOS devices * You do not use a UEM solution for these devices * **Jamf deployment** if your macOS devices are managed in Jamf and when: * Your macOS devices are already managed in Jamf * You want Jamf to push both permissions and package deployment * **Intune deployment** if your macOS devices are managed in Intune and when: * Your macOS devices are already enrolled in Intune * You want Intune to push policies and run the Collector install script {% hint style="info" %} You only need one enterprise deployment tool: Either Jamf or Intune. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/installing-collector-on-macos.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.