Adjustments will be needed to manage the Macs piling up in your business

As discussed in the first part of this series, Macs are everywhere. Despite their presence in businesses large and small, managing Macs in the enterprise still is not easy.

A few years ago I gave Apple in the enterprise a look, and sadly, things haven't changed too much since then.

Managing Macs in an organisation is really not that different from managing Windows or even mobile devices (except that mobile devices don't typically let you image the operating system the way PCs do). The same basic tools are required – but many of the ones use by sysadmins to beat Windows into shape don't play quite so nice with Apple's OS X.

The diehard Apple fanperson will point out that, technically, you can probably manage an entire fleet of Apple PCs with the tools Apple provides. For most things, that's true. The problem is that they aren't particularly stable, easy to use or in any way cross-platform.

The largest Mac shops in the world seem to agree with this. Google has more than 46,000 of the things in service, and despite having Apple's ear when it comes to getting new features developed has had to go it alone and develop its own tools.

Similarly, while there are many free tools to solve the primary problems of systems administration, I struggle with them at deployments of 50 units. I would be truly afraid of using them at 250 units, and the thought of using them for 1,000 units starts a panic attack.

There are commercial offerings that can help at scale, but they are often too costly for the smallest shops. So it really isn't any different from PCs: it is all about balancing the time saved by the tool against the price, and the time saved per unit will vary with the size and the complexity of the demands placed upon the tool in question.

Image management

Let's take a look at a sample "free" (donationware) tool for imaging Macs: DeployStudio. It can push out full operating system images (both OS X and Windows), as well as do advanced reconfiguration for OS X during deployment.

DeployStudio is even scriptable, so you can automate it. It is absolutely great for taking care of five to 10 Macs. It falls apart when trying to image 25-plus, however, as you then start to need features that it just doesn't have.

Image library, versioning, single source, multiple build (via departmental or user configurations), original system data backup before image plus reinjection and so on.

Sure, you can handle all of that manually, but the whole point of endpoint management software is to free IT people from this sort of tedium so they can spend their time advancing the business's interests, not keeping the lights on.

Similarly, Apple Software Restore ships as part of OS X and can (sort of) be used as a free imaging tool. It is really bare bones, however, so you might want the full NetBoot/NetInstall/NetRestore that ships as part of OS X Server's advanced admin tools package. In many ways, I find both of these even more difficult to work with day to day than DeployStudio, so I don't think that is much help to any but the smallest shops.

If all I am doing is pushing out images, I find that I keep turning back to my old Windows companions, Clonezilla or Ghost. Clonezilla because it's free and straightforward; Ghost because the old school DOS version always works. Both of these lack the ability to do advanced reconfiguration for OS X but if I am just taking a working image of a system, I find they are the easiest to work with.

A step up from DeployStudio is a variety of "endpoint management" suites. There are a number of decent multi-platform tools that can handle both your Windows and your OS X endpoints and perform more than just imaging. If you are getting serious about Apple in the enterprise, this is where you start.

Out on its own is JAMF Software’s Casper Suite. As will become apparent throughout this article, I think that from a purely manage your Macs standpoint, JAMF is probably the best. For every category and every problem I have faced, it has the best solution to Mac issues.

But JAMF can only image Apple products – it can do some discovery and reporting cross platform – so you get into one of those messy real-world situations where the best tool for a particular job means having a dedicated tool for that job.

JAMF recognises this, so it can plug in to System Center, Altiris and the like, but I do wish that the big multiplatform boys were good enough out of the box not to need the assist.

Update sprawl

Software updates are a right pain. Before we get into the installation and management of applications, I think this issue needs addressing. Whether you use OS X or Windows, even standard operating system updates are a problem: 100 computers all hitting up the vendor's update server at the same time can easily bring a small-business internet connection to its knees.

In the Windows world, we have WSUS: a central server downloads all the updates and all the clients in the building get their updates from it. It can be simple and easy to work with (when installed as just WSUS) or it can be a horrific multi-tentacled nightmarish horror (when used as part of System Center.)

The Apple world is not much different. The quick way of solving this problem is to use OS X Server. You can set up a local mirror of Apple's update server there, and set up all your OS X clients to update from it. This is not as easy as WSUS + Windows + GPOs, but it isn’t miserably difficult either.

Unfortunately, like WSUS, Apple Software Update doesn't allow you to manage third-party software or its updates. So it is really only one piece of the whole puzzle, not the whole picture. You will still need proper management tools to handle updates.