[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Enterprise Apple environment

Posted on 2014-01-09
4
Medium Priority
?
434 Views
Last Modified: 2014-01-09
Hi
I have been tasked with starting a project to deliver an apple based infrastructure to a group of around 45-50 users. Hardware including desktops,laptops and ipads. What i am looking for is how to tie them all together get them integrated with Active directory how to deploy updates and software to them etc...

any advice or links would be great

cheers
0
Comment
Question by:davidm27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 25

Assisted Solution

by:Zephyr ICT
Zephyr ICT earned 400 total points
ID: 39767893
Hi,

Regarding updates, software, policies etc ... I'd suggest using the MAC OS X server version to manage all your Apple devices.

The server guides: http://www.apple.com/osx/server/resources/documentation.html

Using Configuration profiles: http://training.apple.com/pdf/wp_osx_configuration_profiles_ml.pdf

Some other interesting info: http://www.training.apple.com/pdf/wp_self_support.pdf

As for Active Directory, you can connect your Apple environment to Active Directory, it can be a challenge, you can find more info here: http://training.apple.com/pdf/wp_integrating_active_directory_ml.pdf

The files aren't always up to date but should get you started ...
0
 
LVL 41

Accepted Solution

by:
Eoin OSullivan earned 1600 total points
ID: 39768291
OSX 10.9  Server edition is a simple upgrade purchased for $20 on the Apple App Store once you have the standard OSX install on any device.
https://itunes.apple.com/us/app/os-x-server/id714547929?mt=12

There are lots of postings here on EE about integrating Macs with OSX Server into larger Windows AD environments.

If you're deploying lots of identical iPads and Mac Laptops .. you might want to look at something like a deployment tool
http://www.deploystudio.com/Home.html

For deploying apps to an already setup network of running devices
http://www.stardeploy.com/StarDeploy/Home.html
https://code.google.com/p/munki/
http://s.sudre.free.fr/Software/Iceberg.html

Integrating OSX and Windows is a bit of a headache and if you're under pressure or time constraints and have a budget .. I've seen a lot of IT admins use Centrify to manage the whole thing smoothly but bear in mind that OSX has fairly good AD integration included .. it just needs a fair bit of knowledge and tweaking
http://www.centrify.com/directcontrol/overview.asp
or the basic version here
http://www.centrify.com/express/free-active-directory-tools-for-linux-mac.asp

Finally .. there are a range of tools included from Apple to deploy and manage iOS devices and manage OSX devices
http://www.apple.com/remotedesktop/ for OSX laptops and desktops
http://www.apple.com/iphone/business/it/management.html for iOS devices
0
 

Author Closing Comment

by:davidm27
ID: 39768353
great guys Thanks
0
 
LVL 30

Expert Comment

by:serialband
ID: 39768370
OSX server mainly allows you to have Open Directory with some user account profiles.  If you use OD, then you'll have to maintain accounts that are separate from AD.  With only 45-50 systems, you can also just enable Remote Login in Sharing and use ssh to install software and run softwareupdates and other scripts.

Although I've taken a look, I never got around to using Deploystudio or any other tools manage OSX.  I took the unix command line route and had plenty of success.  Well, it hasn't hindered me enough to push me into looking at other solutions.  I've even used Apple Remote Desktop for a little bit at one place I've been at, but went back to command line tools because I found them quicker to do for the vast majority of things.

To Join a Mac to Active Directory, you only have to open System Preferences, Select Users& Groups,   Click on Login, Options.  Click on Join for the Network Account Server and enter the AD server.  It will prompt you for an account and password that allows you to join the domain.

You should learn some basic bash scripting and the following commands that are unique to OSX to get you most of the way.
softwareupdate
installer
ditto
hdiutil
defaults

softwareupdate is the command line version of Apple Update used to patch OSX.  Until recently, the GUI required a reboot of your system after patching, even with patches that didn't really require a reboot.  The command line version allowed you to patch without forcing a reboot until you're ready.  You could also patch just the updates that didn't need a reboot and not reboot your system.

installer is used to install software packages in the .mpkg or .pkg formats.

ditto command for zipping and unzipping files or copying directories from one location to another.  Although it's not necessary now, ditto keeps the resource fork information which was needed on older binaries.  I still use it out of habit.  You could probably use plain old cp -r or rsync to copy them now that they've deprecated the resource forks.  This is equivalent to robocopy.exe with an extra feature to zip files.  Unix/linux people still use rsync and tar, but those utilities lost the resource fork information. The newer rsync may support resource forks now, but that's after they deprecated the use of resource forks in new packages.

hdiutil is used to mount and unmount dmg files so that you can run installer on the packages in them.

defaults manages the system and user profile settings.  This is equivalent to managing the registry on windows with the reg command in Powershell or the DOS Prompt.

OSX App packages come in 2 forms, either packages where you need to run installer or you just copy them from the dmg file to /Applications/.  This will get 95%-99% of the packages.  There are a few things like Adobe products that will only install from the GUI unless you sign up for the redistribution license to get their repackaging utility.  It's a pain to have to repackage them just to install them.

You can also manually configure user accounts with dscl, if you aren't using Open Directory.  There are a lot of unix command line utilities available to do just about everything.  You could also use Apple Remote Desktop, if you need to manage it via the GUI, but scripting command line tools is so much easier, and saves time, when you have a lot of systems.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the struggles that Macs encounter in Windows-dominated workplace environments – and what Mac users can do to improve their network connectivity and remain productive.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question