This is a guest post for Computer Weekly Open Source Insider written by Tom Bridge in his capacity as principal product manager at JumpCloud – a company known for its identity, access and device management capabilities.
MacOS Ventura launched on the 24th of October to succeed MacOS Monterey and it brought along functionality for enterprise IT that included Rapid Security Responses (RSR) designed to help to improve security by patching flaws without a reboot – we also saw Passkeys, to make it easier to manage user identities.
It’s safe to say that a lot of sysadmins may be looking forward to having Ventura in place.
Bridge breaks down the reality of what’s happening at the coalface and looks at the open source implications now surfacing in this sector of the market – and so he writes as follows…
What’s important to realise is, alongside this big operating system update (that comes around once a year), admins will have to manage roll out projects for application installs and patches for other applications. Making this work when you have tens, hundreds or thousands of users to support can be challenging if you don’t have the right skills, tools and approaches available to you.
However, there are some great open source projects that can make this much easier.
Packaging & managing updates
For admins, rolling out software updates will involve multiple tasks from downloading the software itself through to fixing the install process. Some software will need help around the installation process, while you might also need to add specific configurations or scripting to install on machines that you manage.
Autopkg – https://github.com/autopkg/autopkg – makes it easier to take care of all the steps that are typically required to package software and make it ready for roll out to users.
What Autopkg does is automate these steps so that you can repeat them. Rather than having to carry these tasks out manually, they can be automated to make things easier using what Autopkg calls ‘recipes’ which cover all the steps required. The open source community around Autopkg has put together recipes, which you may be able to use or fork for your own purposes.
Once you have put these recipes together and got your application updates into the state that you require, you will then have to load those packages into a software management tool for the actual distribution. You should therefore know about Munki – https://www.munki.org/munki/. This package manager is in use all over the world in businesses large and small because there’s no better software management solution out there.
Munki was developed at Walt Disney Animation Studios and then released as open source. Using Munki, you can set up a webserver to provide a repository of packages and associated metadata so you can deliver updates and installs to users. It supports Apple software and Adobe as well, so if you want to put together a ‘one stop shop’ for software updates you can do so.
Let me remind you
Alongside all the work that admins have to do on managing updates, there is another consideration to take into account – and that is control, because macOS puts the user firmly in control of operating system updates.
For application updates, admins can force updates to those applications, but a user-managed process will normally work better. For example, an application that does not go through a safe closure process will potentially lead to lost work and angry users. Co-workers can delay updates over and over again to take place on their terms, which can mean ‘never.’
Nudge nudge, update update
This led to the next project to know about as an IT admin, which is Nudge – https://github.com/macadmins/nudge.
Nudge makes it easy to put together security and update reminders for staff that can then be distributed to employees and get them to carry out updates. By ‘nudging’ users like this, admins can ensure that updates get made quickly and any potential security issues are patched faster. Nudge was put together to help get things over the line without antagonising your co-workers, while also making life easier for admins.
Taken together, Autopkg, Munki and Nudge can help you make the update process easier and more effective. If you want to improve your Mac management skills, then these projects should be on your list. Alternatively, you can use services that bring these open source tools together into a complete approach for package management. Whatever you choose, you can rely on open source to make managing software on Mac easier for your users.
These tools don’t make themselves.
They rely on the contributors and project managers that work hard to create them, keep them up to date and release them for free as open source for us all to benefit. So let’s thank people like people like Greg Neagle, Erik Gomez, Tim Sutton, Nick McSpadden, Elliot Jordan, Bart Reardon and all the other volunteers who’ve added code to these projects over the years for their work and for their generosity to the Mac admin community!