Tag Archives: rules

iPhone

SimpleMDM Now With Apps

SimpleMDM has updated their Mobile Device Management solution (my original writeup is here) to now include the ability to manage apps. The apps functionality really comes in two flavors. The first is the ability to load up an app. This is handled handed by clicking on Settings in the right hand navigation bar and then at the Settings pop-over, clicking on Apps. Here, you can load up an internal, enterprise app or an App Store app.

Once you’ve loaded an app you can deploy it to devices by clicking on a group and then using the contextual menu to “Assign Apps.” Simple, as the name implies.

The second aspect of SimpleMDM is to white and blacklist apps. Doing so is done by clicking on the contextual menu and then clicking on Rules. Here, you can Allow or Disallow any app that has been loaded into the app catalog.

 

Mac OS X Mac OS X Server Mac Security Mass Deployment

Upgrading to Mountain Lion Server

Now that we’ve looked at what you get and what you don’t get in Mountain Lion Server, let’s take a little while to look at what the upgrade path itself looks like. Before we start, let’s just say that upgrading to Mountain Lion Server is probably one of the fastest, easiest and most boring upgrades you’ll ever get to do. And I say this more to the credit of the engineers that made the process so simple. Apparently there are bonuses to your Server just being an app. There is a catch, some of the services are gone. Another catch, you’re gonna’ need to have a system that meets the following specs:

  • Capable of booting a 64-bit kernel, means a 64-bit Intel Core 2 Duo or better
  • The graphics just keep getting better, so you’ll need an Advanced GPU chipset
  • The more memory the better, although 2GB is the bare minimum
  • The more CPU the better, although 8GB of space is required
  • An Internet connection, or a cached Install Mac OS X Mountain Lion, Server app and Server package – much easier to just have a connection to the Internet…
  • You should plan on using an Apple ID, although if you don’t supply it at install time, the server can still run
  • The source computer needs 10.6.8 or 10.7.x

Apple’s official specs are here, outlining the models that Mountain Lion can run on. If Mountain Lion can run, OS X Server can run on it. Next, make a clone of your computer. I use Carbon Copy Cloner, like most sane people, but YMMV with other tools that you may be in love with. Once your clone is done, I personally like to do both an archive and an export of user accounts from Workgroup Manager as a final safety net. You should also have a book. Preferably one of mine, although given that the merging of two such boring topics can create a black hole of boringness (which is similar to turning a bag of holding inside out, btw), you might choose to bring something a bit livelier than either of the two, like some Dostoyevsky or the Chem 111 textbook I used in college.

Next, let’s go to the App Store. Search for Mountain Lion or OS X and then click the Install button for the Mountain Lion app. The button will then say Downloading, as follows:

Buy OS X Mountain Lion from the App Store

Buy OS X Mountain Lion from the App Store

Once downloaded, make sure your users won’t chase after you with pitchforks for being down for a couple of hours and then run the installer, following the defaults until the download begins and the system reboots. The installation will take a little while. From the time you start the download to the time that the files are unpacked and replaced on the system can be about an hour or two. This is a good time to grab that book, a bag of Doritos and a Dr. Pepper. Once the Doritos are gone, wash your hands and check the progress of the installation. Read some more. Once that’s done, check the progress again. If you think about a second bag of Doritos, stop – it’s not worth it… A second Dr. Pepper is fine though, I hear it helps you write articles about upgrading to Mountain Lion Server in a way that makes optimal sense.

Once the system reboots again, you should be ready to open Server app. Except for the fact that it isn’t there, which is obvious by the fact that it’s got a big annoying white circle over it in the Dock. Remove the Server app (and Workgroup Manager or Server Admin if they’re in there) and then it’s time to install Server itself.

Go back to the App Store and search for & buy Mountain Lion Server (or install these from Purchases if you’ve already purchased them). Once installed, Server appears in the Dock. Use the following command to verify that the IP address and hostname match:

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/changeip -checkhostname

Provided that the name of the server checks out clean, click on the Server app in the Dock to be guided through the installation process.

Set Up Your Server Screen When Installing Mountain Lion Server

Set Up Your Server Screen When Installing Mountain Lion Server

At the Setup Your Server screen, click on Continue.

Agree to the Mountain Lion Server Licensing Agreement

Agree to the Mountain Lion Server Licensing Agreement

Agree to the licensing terms (assuming you do agree) by clicking on the Agree button.

Provide Administrative Credentials When Installing Mountain Lion Server

Provide Administrative Credentials When Installing Mountain Lion Server

Provide the administrative username and password to give Server and services permission upon installation and then click on the Allow button.

Configure The AppleID for Push Notifications

Configure The AppleID for Push Notifications

At the Apple Push Notifications screen, provide the Apple ID and password for a valid Apple ID and then click on the Continue button.

Congrats, You're A SysAdmin!

Congrats, You’re A SysAdmin!

After a time, you should see a Congratulations screen. Click on Finish and the Server app should automatically open (or the process fails but Server opens anyway, just without some of the stuff working out of the gate).

At this point, you should see the services that were running prior to the upgrade running. Check the logs to verify that there’s nothing out of the ordinary. If you were running a firewall then the rules will be migrated and continue running. To disable if you’re going to move your rules to pf, then use the following command to disable the rules and reboot:

sudo mv /etc/ipfilter /etc/ipfilter.OLD

You don’t need to disable these immediately, although a lack of control over them might cause you to want to… Next, install Workgroup Manager, available at http://support.apple.com/kb/DL1567. You’ve now got a functional server, provided that the entire process went smoothly. In my experience so far (there hasn’t been a ton of this at this point), the service migration is far smoother than from within the Lion Server point releases (e.g. 10.7.2 to 10.7.3, etc). Profile Manager, for example, worked like a charm on upgrade, as did Calendar and Contacts services, which had been a bit persnickety at times previously.

Now, you can get back to that book and instead of a 3rd Dr. Pepper, switch to Jägermeister!

Mac OS X Mac Security

Mac OS X Server 10.5: Using NATd to turn the Server into a Router

There are certain aspects of Mac OS X Server that it just isn’t that great at.  One of them is acting as a router.  It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server.  So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point…  ;)

You can use the /etc/net/natd.plist.  The key you’ll want to edit is the redirect_port, one per port or a range of all in one key…  Basically the array would look something like this assuming you were trying to forward afp traffic to 192.168.0.2 from a WAN IP of 4.2.2.2:

<key>redirect_port</key>

<array>

    <dict>

    <key>proto</key>

        <string>TCP</string>

    <key>targetIP</key>

        <string>192.168.0.2</string>

    <key>TargetPortRange</key>

        <string>548</string>

    <key>aliasIP</key>

        <string>4.2.2.2</string>

    <key>aliasPortRange</key>

        <string>548</string>

    </dict>

</array>

 

You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing.  Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.