Apple has released a new white paper for CIOs, IT leaders, and IT professionals. This one targets FileVault 2, which was introduced in Lion and remains present as a high security feature in Mountain Lion. The 42 page document joins a growing collection of white papers and guides available from Apple that detail the mechanisms and best practices for integrating Macs into Windows-centric enterprise environments.
The new guide, Best Practices for Deploying FileVault 2, is available from Apple’s Training and Certification site (along with the other IT white papers and guides from Apple). It is centered around describing ways that IT professionals can implement FileVault 2. It details three different models that Apple recommends.
- A self-service approach in which a Mac user enables and FileVault 2 with little or no IT involvement
- A “Cafe” strategy in which IT helps users implement FileVault 2 by providing them with a “menu” of options and services for setup, daily use, and recovery operations
- A centralized setup in which IT determines the FileVault 2 security strategy, sets it up for users, and handles recover operations when needed
The guide also provides some useful background on concepts that Apple used when designing FileVault 2. There’s also some very detailed background information about the FileVault 2’s architecture in one of the three appendices. Another appendix provides a detailed description of what happens on a FileVault-enabled Mac between the time the user presses the power button and the desktop appears.
One caveat is that the white paper was written for Lion, which means Mountain Lion’s fdesetup command line tool isn’t covered in the document. Nonetheless, it’s a really interesting read and something very useful for power users and IT professionals working in high security industries.