One interesting moment during last year’s WWDC keynote was when Steve Jobs said that Apple was moving beyond the digital hub strategy it had embraced for years. He talked about how our computers are no longer the hub of our digital life and said that Apple was demoting the Macs and PCs and making them just another device like an iPhone or iPad.
That message set the stage for iCloud and for cord-free iOS devices that don’t need a Mac or PC for activation, backup, or sync.
There was also a much subtler message, however, that no one really picked up on at that time. In making the Mac just another device, Apple was likely laying the groundwork to change how companies and schools manage Macs – essentially treating them as just another device and bringing the mobile device management (MDM) paradigm introduced in iOS 4 to OS X and Mac management.
Ever since the release of OS X, Apple has shipped a robust set of Mac management capabilities. Those capabilities key off of a hefty bit of enterprise infrastructure called directory services – databases that store all the information about a company’s users, groups, and computers. Directory services like Microsoft’s Active Directory and Apple’s Open Directory are incredibly versatile and powerful – they allow IT departments to secure and manage almost every aspect of the Mac or Windows user experience.
Directory services are powerful, but they can also be resource intensive to setup, manage, and troubleshoot. Integrating Macs into Active Directory environments can be challenging because Apple and Microsoft format data differently in their directory services. The databases are functionally very similar and contain similar data, but that data is labeled and formatted differently. As a result, fully integrating Apple’s Mac management capabilities can be challenging in Windows environments and involve extending Active Directory to include Mac-specific data (no easy task), having two directories (Active Directory and Open Directory) running side by side, or investing in a third-party management tool like Centrify’s DirectControl for Mac and Thursby’s ADMit Mac.
When it comes to mobile devices, directory services aren’t the primary management solution. In fact, they’re really not designed to manage mobile devices (iOS, Android, or any other platform), which has given rise to the mobile management industry and dozens of products that can look up and read enough information from directory services so that IT staff can use existing user information and group membership to plan mobile device and mobile application management strategies. IT staffers can even create a mobile management environment that relies on its own records and bypasses directory services completely.
At its core, iOS management functions by bundling management and security settings into XML files known as configuration profiles. Those profiles are loaded onto managed iOS devices by a mobile management tool. Mobile management tools associate profiles with users, groups, and specific devices and will load the appropriate mix of profiles to a managed iPhone or iPad.
The effect is much more lightweight than managing Mac or PC environments using directory services. In fact, the process is so lightweight that profiles can be created in Apple’s iPhone configuration Utility and then be installed manually, sent to users via email, or deployed using a truly lightweight solution like Apple Configurator.
In many ways, iOS management is easier in an Active Directory environment than Mac management. Apple took an initial stab at bring iOS-style management to the Mac with Lion and Lion Server. Lion Server’s Profile Manager let’s users create and deploy configuration profiles for both iOS and Mac users, though its Mac management options are extremely basic and don’t even feature some core needs like user data.
Mountain Lion and Mountain Lion Server will be primed to change that according to Mountain Lion Server developer preview release notes that were posted on a blog at tajoka.com in March. In the list of features, the description for Profile Manager 2 shows that Apple is planning to expand Mac management using configuration profiles.
All ramped up. With its overhauled engine Profile Manager now handles thousands of computers and devices on a single server. To simplify account setup Profile Manager 2 introduces support for Identity payloads, allowing administrators to define some or all user configurations for Mac, Calendar, Contacts, VPN and messages.
The problem areas in that release note also references new Profile Manager capabilities.
- Installation of the “Trust Profile” form Profile Manager requires creating the following directory first: sudo mkdir – /Library/Security
- Identification payload is currently not working for Messages accounts in this seed.
- Installing a Desktop Configuration Profile with a managed printer may hang the system during user login.
That seems to be in line with Apple repositioning OS X Server as a lightweight solution for small business and as an easy add-on to companies that need Mac to manage Macs and iOS devices but don’t want to expend the time or money to create a custom solution or purchase a more robust and full featured client management system. This probably doesn’t mean that Open Directory and traditional Mac management optons are on the chopping block at this point, but it does provide a simpler Mac management option for many companies. Of course, Mountain Lion Server could be a transitionary release designed to nudge Mac sysadmins away from Open Directory – something we really won’t know until Mountain Lion ships this summer.
The moves does raise an intriguing possibility. If Apple is expanding its mobile management framework to include the Mac, Mac management could be added to a range of existing MDM solutions fairly easily – an attractive prospect for companies that have invested in iOS and mobile management solutions but are hesitant to move forward with Mac deployments. Positioning the Mac as just another Apple device to be managed like an iPhone or iPad could be a boon to Apple, particularly if Macs become a common part of the BYOD trend.