Tag Archives: Enterprise

Articles and Books iPhone Mac Security Mass Deployment

Review of My iOS in the Enterprise Book

There is a nice review of my iOS in the Enterprise book up on MacDirectory. It is available at:

http://www.macdirectory.com/component/option,com_reviews/task,viewDetail/review_id,504

Overall the review was good. I understand not liking the font choice for the book. Luckily this type of thing isn’t something we authors have a choice about, so I take it as an overall good review!

Articles and Books Business certifications Consulting iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

MacTech Bootcamps Coming To A City Near You!

I’ve been watching the MacTech Conference and then Boot Camps for some time. After hearing of the resounding success of the Conference last summer I was then stoked to hear that the January Boot Camp went extremely well. A MacTech Boot Camp is a regional, single-track seminar designed specifically for consultants and techs. MacTech Conference is a multi-day conference for IT professionals with a focus on enterprise and development whereas the Boot Camps are for consultants and techs focused on home users and small to medium sized businesses. Both are going really well.

Krypted.com is now a media sponsor of MacTech Boot Camps! This means I get discounts to offer my readers! There is a Dallas Boot Camp coming up on April 27th and a Boston Boot Camp on May 18th. You can get a discount ($200 off) by signing up at http://www.mactech.com/bootcamp/special-reg_krypted. There is also one is Los Angeles on July 27th and one in Chicago on August 31st to round out the summer. You can get early bird pricing and a discount for those ($200 off) at http://www.mactech.com/bootcamp/special-reg_krypted.

There’s a lot of information covered in the Boot Camps, with each city hosting about 9 sessions of 45 minutes each. For a list of topics, see http://www.mactech.com/bootcamp/topics. The 2011 curriculum includes:

  • Building Your Brand: Marketing and Business Concerns
  • An Experts Guide to Working with Clients
  • Best practices: Hardware, Software and Network Deployment
  • Troubleshooting Hardware, Software and Network Problems
  • Integrating Mobility into Small Business
  • Windows Concerns in a Mac Office
  • Scripting, Storage and Protecting Oneself: Backing up, Archiving and Restoring Data
  • How to Make Remote Consulting Work for You
  • You Can’t Know Everything: Getting the Support You Need

Certification testing is also available the day before the Boot Camps start through third party testing centers. This lets you get a lot of education out of the way at once (and at a discount) so you can focus on other stuff for the rest of the summer! For more on certification options: http://www.mactech.com/bootcamp/certification.

And let’s not forget that the second MacTech conference is going back to the Los Angeles area, from November 2nd through 4th at the Universal Sheraton! 3 days, meals included lots of very technical, enterprise oriented fun will be had by all!

iPhone

iPhone Life Article

An excerpt-turned-article of mine just appeared in iPhone Life Magazine. IT’s called The Inevitability of the iPhone in the Enterprise:

http://www.iphonelife.com/issues/2011March-April/InevitabilityIPhoneEnterprise

Hope you enjoy!

Articles and Books

Law Firms and iPads

Josh Barrett, of tabletlegal.com posted a mini-review of my latest book, the Enterprise iPhone and iPad Administrator’s Guide. It’s an interesting look at iPads making their way into law firms despite the often reluctant IT admins who have to support them. Big thanks to Josh for a favorable review!

Mac OS X Mac OS X Server Mac Security Mass Deployment

The Mac OS X App Store & Managed Environments

The Mac OS X App Store was released earlier this month as a part of the Mac OS X 10.6.6 update. The App Store, with over 1,000 applications (including a couple of server tools), allowing people to download and install applications on Mac OS X computers without needing to understand how to click through the screens of a standard package installer, drag applications from disk images into the /Applications folder or basically how to do practically anything except for click and provide a valid credit card number. As with the App Store that debuted with the iPhone, the App Store for Mac OS X is clearly aimed at residential customers, but being that these computers are used in enterprises around the world, the impact to managed environments cannot be discounted. I decided to do plenty of testing and reading before I wrote this up, so hopefully you’ll find it helpful, if not very timely.

The first and probably most important aspect of the App Store to most who are charged with managing large numbers of Mac OS X computers is that only administrative users can install software from the App Store. This little fact makes the App Store itself a non-issue for most enterprises, who do not make typical users administrative users. Because only administrative accounts can download and install applications, there is little risk created from leaving the App Store on client computers.

Applications installed from the App Store can only be deployed into the /Applications directory. These applications are owned by System, with read-only access given to the wheel group and everyone else. No ACLs are used, so while a single user purchases the software any user on the system can open it. If you copy the software to another computer then you will be prompted to authorize it using the same Apple ID that was used to purchase it.

When an administrative user purchases an application, they are not prompted for a system password, only an App Store password, which uses the same Apple ID used for the iTunes Store and the iOS App Store. Application updates are handled using the familiar Updates screen borrowed from the iOS App Store, which includes the nifty Update All option.

As far as controlling the user’s experience with the App Store, there are a few options. Administrators can remove the App Store application bundle (which can be replaced any time) from /Applications. Administrators can also black list the application using managed preferences/parental controls. A Dock item is added by default and can be removed as well. Removing both the Dock item and the Application bundle will then remove the App Store menu item from the Apple menu. You can also block the hosts at apple.com, which includes itunes.apple.com, ax.itunes.apple.com, ax.init.itunes.apple.com, albert.apple.com, metrics.sky.com and possibly gs.apple.com. These will communicate over ports 80 and 443, according to the operation being used. There is also a launch daemon at /System/Library/LaunchAgents/com.apple.storeagent.plist that should be unloaded and likely removed if you’re going to outright disable the App Store. However, the only real way I would personally disable is using a managed preference.

There is also a property list file for the App Store that can be used to manage the application in Workgroup Manager in ~/Library/Preferences/com.apple.storeagent.plist. However, there isn’t much that can be done here at this time.

Because applications are tied to users, when a user moves computers you will want to backup and restore the applications for the user. To do so, here’s the captain obvious article for ya’: http://support.apple.com/kb/HT4482.

The App Store is not a replacement for a good patch management system. Software distribution cannot be managed centrally using the App Store and Software Update Server in Mac OS X Server does not currently cache applications from the App Store. Trying to think of a way to shoehorn the App Store into a software distribution system such as JAMF’s Casper Suite, Absolute Manage or FileWave is just asking for a world of pain, so let’s pretend that we never brought it up. If your organization isn’t able to license one of the aforementioned products, check out Star Deploy from http://www.stardeploy.com/StarDeploy/Home.html or munki from http://code.google.com/p/munki. Finally, I think that Apple’s done a great job with the App Store for a version 1 release. I think that my wife loves it and that over time if Apple chooses to do more with it then great; otherwise, all of the options we’ve been using, from the installer command on, are still at our disposal.

Articles and Books iPhone

iPhone and iPad Admin Guide Now Shipping

The Enterprise iPhone and iPad Administrator’s Guide is now shipping (and rapidly moving up in Amazon’s rankings)! There have also been a couple of sightings in Border’s.

Apress also sent out a press release and an email blast regarding the book in the past week. So, feel free to buy it using the link below! :)

iPhone

Good iPhone, Enterprise Ready

The only thing I can think of that I would change about the iPhone is to have the ability to add a layer of full disk encryption. In lieu of that, Good, the makers of GoodLink, have reinvented themselves as the iPhone in the Enterprise front runner in my book. They did this by duplicating much of the functionality of the native iPhone applications, but did so in a manner that stores its data in an encrypted disk image. Communications to the iPhone from the Good servers are also encrypted with similar fervor. And if you have Domino instead of Exchange then you have equal functionality, great for a number of environments!

So what does Good get you? Well, much of what you get without Good. You have email, synchronized mail, push notification (although the push from Good actually works with mail, calendars and contacts). You also get calendars and contacts. But you had that before; now it’s just sitting on an encrypted disk image and can easily be wiped; or in the event that the device cannot be accessed over the air, it will be sitting on an AES-192 encrypted disk image.

What else does Good get you? A centralized management dashboard (that is web based), more granular policies and reporting. The tunnel, as we mentioned, is encrypted, but it also requires no incoming ports, attractive for many environments with concerns about ActiveSync security, etc.

Overall, I’ve only had a few hours at using Good for Enterprise, and I already feel like an old pro at it. It’s simpler than Blackberry Enterprise to manage, but also lacks some of the extensibility. It’s more expensive than just leveraging ActiveSync, but then also lacks some of the security concerns that many have there. A great product to check out, but make sure that your end users will be OK using the Good client as it is a little different from the native clients built into the iPhone!

iPhone Mac Security

RSA Makes a Case for iPhone in the Enterprise

Tired of carrying around that RSA SecurID token thingie from 1994, all beige and chewed on routinely by kids and dogs alike? RSA now has an iPhone app for that. Using the SecurID token you can have the exact same functionality using the iPhone that you would otherwise have to use a keychain dongle for. If you’re like me and have been trying to reduce the items you carry on your person for a long time this is a fantastic new option. And in a way, RSA is just helping to make a case for using an iPhone in highly secured Enterprise environments (not that they’re not helping to make the same case with their Blackberry version of a SecurID application).


The application is free, but you’re organization will have likely already purchased a seed that costs much more than an iPhone app that they charge for would have made them… Tokens will need some conversion and then users will need to click on a link to install them (I’ll cover that later if I can find the time) but once you have it setup then it will be a bit easier to deploy. I’d like to find a way to insert it into a provisioning profile but again I’ll just need a bit more time to figure that out. Look for further posts at a later date.

Mac OS X Mac OS X Server

Mac Enterprise Backup Whitepaper

The basic steps to use BRU, Tivoli, Atempo, Bakbone and PresSTORE are all covered in the latest edition of Michael Dhaliwal’s Enterprise Backup Whitepaper, available on his personal site.

Articles and Books

IDG Article on Macs in the Enterprise

Here’s an article with a quote I gave to Robert Mitchell, reprinted at MacWorld.com:

http://www.macworld.com/article/131502/2008/01/.html