Big Apple revolution: How to manage Macs in the enterprise

Feature

Big Apple revolution: How to manage Macs in the enterprise

Apple’s products were once niche devices. Now, following a consumer-led initiative, they are widely used across the enterprise.

Not long ago, the idea of managing Apple machines in the enterprise would have been met with confusion and an answer along the lines of  "we don’t worry about a couple of desktops used in marketing".

43214_Apple-Mac.jpg

Apple devices, desktops in particular, have been viewed as expensive, limited in application choices and best suited to more creative roles – design, photography, video editing and so on.

They have often been seen as ahead of the market for ease of use (hence the old joke, what do Apple users call Windows 98? Mac 89), but real computer users want a machine you can upgrade, customise and install drivers on, don’t they? Not any more.

Not any more

A mid-sized utilities company recently revealed in an internal survey that, when asked what sort of computer they would like, more than two-thirds chose a Mac. Add this to the consumerisation of mobile IT and the bring your own device (BYOD) trend, and suddenly there are more Apple devices in the organisation than ever before.

Tools to manage Macs

  • Software deployment: Symantec Client Management Suite, DeployStudio, JAMF Software Casper Suite.
  • Virtual desktop infrastructure (VDI): from VMware View, Citrix DesktopPlayer, AWW Workspaces desktop as a service.

This only adds to the existing challenge faced by most IT departments of controlling a mass of PC desktops and laptops that are likely to have multiple versions of Windows, despite the recent discontinuing of updates for Windows XP. There will be plenty of other mobile devices and operating systems adding to the confusion but, here at least, tools are starting to appear that support different mobile platforms.

Desktops, tablets, smartphones

Apple has two primary operating systems: OS X and iOS. Upgrade costs for the former are low compared to a traditional PC – in fact, the latest Yosemite operating system will be free to Apple customers. OS X is also Unix-based, which leads to a solid operating system platform for running and managing systems.

The operating system for iPads and iPhones, iOS, shares many basic frameworks with OS X, but has adaptations, for example, in the user interface so it is better suited to touch interaction. There are also restrictions and limitations that prevent it from being fully compatible with Unix. Originally designed and optimised for consumers, there are challenges for enterprise deployment and management.

Deploy or BYOD

Moving from a few Macs to a widespread corporate deployment is a big jump. The basic OS X setup process, using the Migration Assistant to transfer settings from another system, is straightforward, but unfeasible when working on several computers. Mass deployments usually require a corporate standard image to be used and installed on all hardware.

While the Apple enterprise management ecosystem is nowhere near as broad as that of PCs, there are some decent tools worth exploring. First, Apple includes some rudimentary image-management capabilities through NetInstall in its Server app for OS X server (superseding the earlier Server Admin Tools), along with other tools for managing users, sharing, backups and so on.

There are also free tools, such as DeployStudio, that will fill some gaps, and more complete packages, such as JAMF Software’s comprehensive Casper Suite, which integrates well with Apple’s own tools, and Symantec’s Client Management Suite (although this requires Windows on the server side).

Managing the mobile side of products throws up many more options. This is because mobile device management (MDM) suppliers have had to support at least iOS and Android as their first platforms, followed by Windows Mobile and, perhaps, BlackBerry. Improvements to iOS have given it better integration with third-party MDM systems, not only for enrolment and deployment, but for managing apps. Enrolment can be fully automated via the Apple device enrolment programme for corporate-owned devices. And those who have chosen a BYOD approach can allow users access to a self-service enrolment with opt-in and opt-out options.

Managing software

Mac software can be bought through the App Store, delivered automatically and cached through the Apple server platform (for both OS X and iOS devices), and controls can be applied to automate updates in the background or delay restarts until suitable times. As the App Store is now part of Apple’s volume purchase programme, there are significant commercial benefits for enterprise software licensing. These apply to BYOD, as well as traditional corporate device deployments.

Not everyone is impressed with Apple’s enterprise support. Indeed, Facebook and Google developed their own management approach to Macs. For Google, this includes building on the use of open-source tools, such as Munki for software installation and Puppet for configuration management. It also added its own work with CanHazImage for managing system images, and Cauliflower Vest to automate OS X’s FileVault2. Google also used Crankd to respond to system or network events. Facebook, meanwhile, has pushed into security with an intrusion-detection framework called Project Midas (Mac Intrusion Detection Analysis System), working with Etsy.

Further commercial software-management tool options are available in addition to the capabilities from JAMF and Symantec mentioned above, including other management suites such as FileWave and LANDesk.

Integrating with the enterprise

For individual Macs, there are virtual machines, such as Parallels and VMware’s Fusion, and virtual desktop infrastructure (VDI) systems, from VMware View or Citrix’s DesktopPlayer, which deliver centrally controlled and managed Windows desktops on a Mac. Taking this a stage further, into the cloud, Amazon’s WorkSpaces, a desktop as a service (DaaS), also delivers a managed virtual desktop to most devices

Mac software can be bought through the App Store, delivered automatically and cached through the Apple server platform

Most enterprises, however, have existing models to structure user access to IT systems through groups, user name and password, and very often Microsoft’s Active Directory. Configuring and setting up user accounts, logins and groups can be accomplished for Mac users through preconfiguration, but in different ways to those employed in Windows environments, because the server side tools differ. OS X server tools have some of the necessary functionality, but can be supplemented further with tools such as Centrify’s User Suite Mac Edition and Thursby Software’s ADmitMac, which extends basic Mac capabilities to turn a Mac into a full Active Directory client.

Mobile devices replacing desktops and laptops bring further physical problems although these are not unique to Apple. There are of course security concerns but the loss or theft of the device can be mitigated by good insurance. A choose your own or bring your own device policy, where employees take more care of devices they have a stake in, could also alleviate these concerns. But there still needs to be suitable management of data, applications and mobile devices to protect the digital assets.

Finally, individuals might have their own chargers and devices, but when the model moves to widespread enterprise deployment, further assistance may be of benefit. A quick glance on the Apple store indicates a range of third-party “rack, stack, sync and charge” products from suppliers, such as Bretford, LocknCharge and XtremeMac, which may go some way in aiding automation.

In a few short years, Apple has moved from a specialist minority device provider, popular in certain creative applications, through a consumer-led initiative, into general-purpose enterprise use. Organisations now have to build up the expertise and tools to help manage this fleet, and suppliers, including Apple itself, are starting to recognise the challenges and address the opportunity.

Rob Bamforth is analyst at Quocirca


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in July 2014

 

COMMENTS powered by Disqus  //  Commenting policy