What are some "Gotchas" with Macs in the Enterprise?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by MisterSensitive, Aug 27, 2015.

  1. MisterSensitive macrumors regular

    Joined:
    Mar 22, 2012
    #1
    So, I'm the head of a School District IT shop. All students from grade 3 through 12 have a district issued Windows laptop. We're evaluating a move to Mackbook Airs (as well as other platforms, like Chromebooks) for students and teachers, while retaining Windows machines for administrative functions.

    I'm at the early stages of scoping out cost areas for the transition. So far, I'm looking at:

    • Device Management - Filewave looks like a great solution, albeit expensive
    • Tons of Peripheral adapters - dongle management?
    • Retraining - Users and Support Staff
    • Costs of new software
    • Extra wireless capacity for richer media demands
    • File shares for centralized storage
    • Backup management
    • Antivirus
    • Office software
    • Rights management
    • Excel/Word/PPT macros
    • Virtualization for Win-only critical apps
    • Remote control systems for support

    I'm sure there are many more areas of costs that I'm overlooking. Please advise
     
  2. robpow macrumors regular

    robpow

    Joined:
    Feb 10, 2007
    #2
    I have a little experience of managing multiple Macs on our network but what I would say is try and stay as close to the Apple ecosystem as possible and don't try and force everything you have in Windows to work with OS X.

    So for backup, use Time Machine. Pick a well-known NAS vendor for central storage. Fully expect that all hardware accessories won't be supported. Perhaps set up one Citrix or Hyper-V server for Windows apps instead of loading Parallels/Fusion on all Macs. Choose printers that are natively or at least well supported on OS X. Etc, you get the gist...

    Matt
     
  3. MisterSensitive thread starter macrumors regular

    Joined:
    Mar 22, 2012
    #3
    Thanks, Matt!

    We'll potentially be supporting as many as 7,000 devices (80% OSX, 20% iOS), but we'll still need to support 1,000+ windows devices. Support efficiencies will be critical as we will have about a dozen staff to support it all (currently supporting 8,000 Windows devices and somehow managing it).

    We currently have a Hitachi SAN, so Central Storage should be covered. Our schools are connected via 100M to 1G dedicated fiber, with a 500M Internet pipe. Switching Wifi from an unknown, bankrupt vendor to Cisco Meraki.

    I feel like our base infrastructure is pretty good. I just want to make sure I am capturing all the costs of such a significant transition. I like what I am reading about Filewave, as it seems to play well in a mixed environment, while providing really great management tools for both OSX and iOS devices.

    Oh, and we have a VDI environment that we can expand to provide access to the occassional Windows-only tools.
     
  4. robpow macrumors regular

    robpow

    Joined:
    Feb 10, 2007
    #4
    Sounds like a great project to get stuck in with! I hear good things about Jamf Casper but haven't used it myself.

    Matt
     
  5. hobowankenobi macrumors regular

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #5

    Commercial Tool:

    JAMF Casper suite - Best MDM, but Apple only (Mac and iOS). Fabulous.

    Best free/low cost options:

    Meraki MDM - (used to have a free version, and a paid premium version). All platforms, web based, amazingly good.
    DeployStudio - Great for imaging Macs (and Win boxes), and automated configuration of new machines. Worth the time to dig in and get it running.
    OS X Server - Good MDM via Profile Manager, but Apple only (Mac and iOS).
    Apple Configurator - Great, simple config tool that is stand alone; new version coming with lots of improvements and feature additions
    Apple Remote Desktop (ARD) - Good remote access, reporting, and ability to do lots of remote updates, serivice, and the sky is the limit if you get comfortable with Unix CLI.
    Munki - Software/installer update service. Amazing, but a bit of setup.
    JAMF Composer - Great, easy to use tool to build installers/packages....that you can push out via something like ARD.


    I use most of the above in higher ed. at little to no cost. Would go Casper Suite if there was budget for MDM.

    ----

    another tool that may have promise in and AD world:

    http://www.parallels.com/products/mac-management/

    ----

    Old PCs? Don't chuck em. Turn em into great lab machines by installing Ubermix.
     
  6. aristobrat, Aug 27, 2015
    Last edited: Aug 27, 2015

    aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #6
    If you haven't already, sign up for the Mac Enterprise mailing list. Gives a ton of insight in what others are doing, especially in the education field.

    http://www.macenterprise.org/mailing-list

    One thing I recently ran into was how to distribute apps that are only available through the Mac App Store. Currently, our Macs are pretty plain-Jane and only use Microsoft Office, Adobe Creative Cloud, and a few other apps that are distributed via "normal" methods (DVD, download, etc). Those are fairly easy to distribute with traditional tools. When it comes to apps only available for the Mac App Store (like the latest version of Microsoft Remote Desktop), the "Apple ID required to download" makes things more tricky.
     
  7. hobowankenobi macrumors regular

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #7
    Forgot to add.....you should check out this Apple Dev video to see where Apple is going with device manager. Covers Server and Configurator. Big improvements right around the corner.
     
  8. hobowankenobi macrumors regular

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #8
    Check out the vid I linked to....to see how we will be able to soon license to device, not user. No Apple ID required. Will be a huge improvement.
     
  9. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #9

    I currently manage over 5000 iOS (95%) / OSX (4%) / Windows Devices (1%) and have been doing it for over 8 years.

    Device Management:
    I currently use Meraki ( it handles everything I can throw at it )

    Retraining:
    Yep, going to need it. I recommend appointing at least one person as that for their primary job. Have them read up / watch up on Windows to Mac training: Lynda.com has some pretty easy to digest stuff, although there are tons of resources.

    Costs of new Software:
    Fortunately Apple provides most of what you need for free. I'd recommend getting something like AirServer so that your teachers can go mobile and mirror their iPads to the Macs wirelessly, through which can send a signal to a plugged in projector... or better hook up AppleTVs directly to the projector and wireless stream from the Mac and iPad to the AppleTV without the need for WiFi setup ( you can directly stream from Macs and iPads to AppleTVs even if WiFi is down or unavailable - such as portables, large gyms, ect ).

    File Shares:
    Build a WebDav server with a MacMini ( you'll want at one as a caching server anyways to significantly increase App and Update speeds, while lowering overall outside the network traffic ).
    Check into OwnCloud and build your own local cloud ( like dropbox, except inside your network ) - Free for no support, pay some money for some help.

    AntiVirus:
    No, just no.

    Office Software:
    Already mentioned, available for free with your new MBA and available for free for anyone in the world with a free AppleID and internet access via iCloud.com

    Virtualization:
    Yep, currently running Windows 10 ( for IE11 testing in a virtual machine ) along with Kali for diagnostics. Both loaded up through VirtualBox ( also free ).

    Remote Control:
    Apple Remote Desktop, also Meraki can screenshare Windows devices.

    Yes, there are tons more areas!
    Setting up app migration / purchase process via MDM for public fund asset reclamation and accountability ( Meraki in spades here ).
    CK12 (and others) for free and amazing digital textbooks ( could save tons of money, that could be used to purchase 1:1 assets ), iTunes University for nearly a million courses to use and create curriculum.
     
  10. hobowankenobi macrumors regular

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #10
    For updates, Apple Server works nice as mentioned. If you have lots of locations, and want to re-task some enterprise servers instead of buying new Macs as dedicated servers, consider JAMF SUS Server. Free, slick, Linux (runs on nearly any box) build that is simple and robust. In my experience, it is better than Apple's own....at least few versions back.

    Have not run the current SUS/cacheing server so I can't say.


    Ready made Mac ownCloud installer here. Click to install.
     
  11. hobowankenobi macrumors regular

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #11
    Virtual Box is good for full, local Win VM. Free is hard to argue with. But, then you have to manage/secure every VM, which could be whack-a-mole if you have very many machines to chase. Don't have the need to manage Win VMs, but if I did, I would look at the free XenServer.

    You have your own VDI already, so perhaps you can run Xen Desktop or Moka5. There are others too.
     
  12. MisterSensitive thread starter macrumors regular

    Joined:
    Mar 22, 2012
    #12
    Wow, this is all great stuff! Thanks, guys!

    We've been looking at Caspar, but are leaning to Filewave, given it's cross-platform capabilities. With a support ration of one tech to every 500 or so devices, it be hooves us to invest in the right management syste. Filewave ain't cheap, but neither are lesser solutions if the are less efficient.

    Thanks, aristobrat (love the moniker) for the tips on the enterprise listserv.
     
  13. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #13
    I highly recommend a Munki, AutoPKG(r), MunkiReport-PHP, and MunkiAdmin setup. With those four things you can mange, audit, and update your whole fleet of Macs easily. There is some setup to get it all working nicely and securely, but once it's up, it's very, very nice. Jamf Casper is nice, but can get pricey. The four pieces of software I listed above can do nearly everything Casper can do, but for free. The only pay off is you have to configure and setup most of it. A good starting point for it is munki-in-a-box. That does most of the starting configuration for you. Also look into the PSU MacAdmins conference sessions. They cover lots of really good ways to admin Macs in enterprise and education environments.
     
  14. chrfr, Aug 27, 2015
    Last edited: Aug 27, 2015

    chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #14
    I too use DeployStudio/Munki/AutoPkg/Munkireport (but not MunkiAdmin) to manage a fleet of around 125 Macs. The system works great but only works with OS X clients. Casper for educational environments is very low priced, though you do have to pay for a QuickStart training from a consultant.
    I'll also echo Aristobrat's suggestion to look at the MacEnterprise list. There's also an active IRC channel and Slack community, but the MacRumors forums don't get much in the way of enterprise traffic.
    I'm also not totally convinced that Mac portables are a better option than Chromebooks for a 1:1 deployment in K-12 education, or at least for elementary students. There's a lot of overhead in what you're considering, both financial and in time/labor that may be difficult to recapture with the transition to a mostly Mac environment and you'd still need to continue to support a Windows environment, after all is said and done. The dramatically lower price of Chromebooks, which also have a robust management environment, from what I understand, would likely tip the scales in that direction.
     
  15. BrianBaughn macrumors 601

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
  16. hobowankenobi macrumors regular

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #16
    I think it was mentioned, but be sure you are getting Ed pricing from the vendors. Last time I checked (a few years back), Caper Ed pricing was pretty low per device. Likely the case for FileWave and others.
     
  17. hobowankenobi macrumors regular

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #17
    I use Munki + Munki admin + Munki reports. Very good, and worth the setup.

    Since you are starting from scratch, you might check out MacPatch too, which looks like a possible alternative, that may be easier to get up and running quickly.
     
  18. blacka4 macrumors 6502

    Joined:
    Sep 28, 2009
    Location:
    Pittsburgh
    #18
    not that I want to talk you out of Apple products, but our district just switched from macbooks to chromebooks. this reasoning was 2 fold, one was the chrome books are more secure and can't install software, and plus they are cheaper to replace when (not if) one is broken by a student.
     
  19. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #19
    I'm jealous. That ratio should put you in a B+ A- shop, easy. I'm running with two, including myself and handle a bit over 5000 devices ( adding about 100 / week ), and we run a B shop.
     

    Attached Files:

  20. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #20
    Just throwing in my bit. We've tried Chromebooks and are not impressed. We currently have over 500 ( closer to 750 ) chromebooks that have been in testing for a couple of years. They are probably the last we will purchase. We are currently looking at HP Stream 13 loaded with Ubuntu for 1:1. At $199 each we can literally just throw them away if they are damaged or broken. HP also offered something like 7% overage for free to handle quick swap outs. We have not moved past the testing / integration / durability phase yet ( <20 deployed ), but it's hard to say no so something that costs less than some textbooks.
    Review:
    http://www.pcmag.com/article2/0,2817,2472573,00.asp
     
  21. MisterSensitive thread starter macrumors regular

    Joined:
    Mar 22, 2012
    #21
    I should add that my shop is responsible for everything in 13 schools with a blinking light and wires. Further, the infrastructure investments have been historically foolish, so we're holding together a lot of equipment that is ancient, inappropriate for our environment and/or poorly implemented without regard to sustainability.

    If it were just desktop support, we would be in fine shape.
     
  22. MisterSensitive thread starter macrumors regular

    Joined:
    Mar 22, 2012
    #22
    What did you find were the downsides of Chromebooks? Hardware reliability? Performance?
     
  23. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #23
    Downsides:
    • Cost more than HP Stream 13
    • Requires internet access for most services ( yes, there is an offline mode ) so doesn't work for some of our students that do not have internet access at home
    • VERY limited apps / expansion capabilities. We did look at writing our own SPA software and host it locally to fulfill our needs, but have not had the human power to do it.
    • Remote management impossible ( requires a tech to put hands on to trouble shoot anything )
    • Self reporting almost completely lacking.
    The Chromebooks are better than we expected in durability, battery life and performance. They are Haswell after all, and can be rooted to run Minecraft / Ubuntu at 60fps.
     
  24. DJLC macrumors 6502a

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #24
    I'm also the head of IT at a school. But we're probably much smaller than you -- 540 kids in grades K-8.

    We had MacBooks 1:1 for 6-8 for about 6 years. This year we refreshed the program and switched to iPad for grades 4-8. All staff members also got new MacBook Airs.

    I would agree -- stay close to Apple ecosystem, but don't throw the baby out with the bathwater either. We still use Active Directory / Windows Server for authentication, file sharing, and as a print server. We have an Xserve running Yosemite Server set up in a "Magic Triangle." I use Profile Manager to manage settings for both Macs and iOS. It IS a bit more limited than some other options on the iOS side, but on the Mac side it can do pretty much whatever you want.

    For software management I'll second the recommendation on Munki. Our Apple rep seemed to indicate it was difficult to set up, but frankly I found it to be insanely easy.

    This combo is much cheaper than Filewave, et al., although I can see where a larger district might opt for a more scalable all-in-one solution like that.

    As for device choices, we went to iPad for a few reasons... They retain more value, are more functional, and are more durable than Chromebooks. They retain all the functionality our teachers were used to with MacBook, albeit in a slightly different and significantly cheaper package. Our only real problem with them is that Profile Manager won't let you block specific apps; you can only block by age rating. And for some reason Facebook and FB Messenger are rated 4+, so obviously that's been a bit of an issue. For students getting caught we've been disabling the App Store completely; but this hit another limitation of Profile Manager: inability to push apps to devices. Apple says this will be fixed with iOS 9 / El Capitan. Meanwhile we're kind of stuck. We use zScaler for filtering (implemented with a PAC file off-campus), but it seems unable to block communications from the FB apps. But I digress.
     
  25. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #25
    Very soon you can turn off the app store on the device and still push apps. Right now we use district managed accounts for the iPads. This lets us control which apps go to which devices. At the end of the year 'refreshing' the iPads just takes a couple of keystrokes. Removing a manually added app is hands-on pain; removing 30k manually added apps is impossible. 30k is a very small, number when we first started we had students putting over 1000 apps on their devices in 4 months. Refreshing the iPads was a nightmare. It is not nice for little johnny to get ZombieSlayer5 with 'BOOM' headshot action.
     

Share This Page