apple –managed with microsoft -...
TRANSCRIPT
![Page 1: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/1.jpg)
Apple –Managed with Microsoft
Anders Meinert, [email protected] Sebastian Bredsdorff, [email protected]
![Page 2: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/2.jpg)
• Leading Nordic and Baltic supplier of IT infrastructure and solution integration
• 6.500 employees • 3.700 consultants • 7.500 technology certifications • 82 locations in Denmark, Norway, Sweden, Finland,
Lithuania, Latvia and Estonia
Atea
![Page 3: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/3.jpg)
• What is SCCM 2012 SP1? • Why is SCCM 2012 SP1 relevant for Atea? • Atea case story • SCCM 2012 Feature set for Mac
• Enrollment – DEMO • Application deployment – DEMO • Compliance and configuration – DEMO • Hardware and software inventory - DEMO • Atea Enterprise App portal - DEMO • Atea Package factory for Mac.
• Q & A
Session Objectives
![Page 4: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/4.jpg)
• Systems management product by Microsoft. • Existed since 1994 (SMS) • SCCM 2007 managed +100.000.000 client world wide.
• Current Release is SCCM 2012 SP1 • Capable of managing: all flavors of Windows, iOS, Symbian, Unix, Linux and
Mac OS X.
What is System Center 2012 Configuration Manager ?
![Page 5: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/5.jpg)
• Popular and wide spread in the Enterprise segment
• Atea has hundreds of customers using SCCM today
• Many customers have un-managed Mac´s • Atea has +200 consultants working with SCCM with customers
Why is SCCM 2012 relevant for Atea?
![Page 6: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/6.jpg)
Mission statement:
“The goals of the service design of Mac 4 Enterprise is to provide a highly
available and user friendly service for the users at Atea. These services will
enable Atea employees to work as efficient, productive and compliant on a Mac
with OS X in an enterprise environment as on any Windows PC equivalent”
The Mac 4 Enterprise project
![Page 7: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/7.jpg)
• Approx. 1500 Mac´s in Atea global – unmanaged • Atea´s platform strategy: We support Microsoft & Apple – Windows & OS X • Flexible benefits. Employees can choose their own device (company/employee
Liability)
Current scenario
![Page 8: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/8.jpg)
• Support the concept of ‘Flexible work style’ • Key values
• Self service • Universal connectivity • Secure compliance to company security policy and legal requirements
– Retaining Apple user experience and Apple consumer faced services
• Focus on costs • Reuse existing management infrastructure (SCCM) • Leverage existing service and support functions, Client Ops dept., Software Packaging dept.,
Service desk…
Target scenario
![Page 9: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/9.jpg)
• Supported features: – Secure OTA enrollment (BYOD) – Active Directory & Network Discovery – Hardware & Software Inventory – Settings Management – Application Deployment – Audit & Reporting
SCCM 2012 R2 Mac Features
![Page 10: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/10.jpg)
Mac4Ent technical overview
![Page 11: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/11.jpg)
SCCM roles – Enrollment Proxy Point /HTTPS – Enrollment Point – Management Point w/ HTTPS – Distribution Point w/ HTTPSI
Infrastructure services – Microsoft Certificate Authority (Pub. CRL) – Active Directory
Infrastructure and SCCM roles
![Page 12: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/12.jpg)
Primary Site
User Discovery
Web site
Enrollment Point
Enrollment Proxy Point
Microsoft CA
Management Point
Distribution Point
Domain
username &
password
Domain username
& password
User Cert
request
User Cert request
Get Policy
Dow
nload and install client
Grant enrollment rights to user collec>on
Mac Enrollment Architecture
![Page 13: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/13.jpg)
Mac Client Enrollment Util with SCCM 2012 SP1
Distribute client & tools package to Mac • Package available on the Microsoft Download Center • No built-in ‘push’ install for the ConfigMgr Mac client
Install client using Ccmsetup.pkg
Enroll client using CMEnroll • Supply user domain credentials • CMEnroll requests and installs user certificate • Client contacts Management Point for policy
Configuration Manager applet appears in System Preferences
![Page 14: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/14.jpg)
From Microsoft Technet : Sudo ./CCMEnroll – server servername.somedomain –u ‘domain\username’ –p ‘Password’ -ignorecertificatechainvalidation
Mac Client Enrollment Util with SCCM 2012 SP1
![Page 15: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/15.jpg)
Atea Enrollment App
• Why our own App?
• Features: • User friendly • Join • Leave • SOTI (secure over the internet) • Active Directory authentication • Support for SCCM 2012SP1 and R2
![Page 16: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/16.jpg)
Microsoft Enrollment App SCCM R2
• Features:
• Join • SOTI (secure over the internet) • Active Directory authentication • Only support for SCCM 2012 R2
![Page 17: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/17.jpg)
Demo – Mac4Ent Enrollment
![Page 18: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/18.jpg)
Mac Compliance & Settings Management
• Based on Desired Configuration Management (DCM) • Evaluate a setting – and opt. remediate the setting • No default functionality – no checkboxes • Based on Preferences and Script • Preferences only support system domain • User preferences - not supported.
![Page 19: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/19.jpg)
Mac Compliance & Settings Management
Primary Site
Web server
Enrollment Service Point
Enrollment Web Proxy
Microsoft CA
Management Point
Distribution Point
Assign Baseline
Get policy Baseline Assess
Compliance Generate
remedia>on commands
Report compliance
![Page 20: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/20.jpg)
DEMO - Compliance & Settings Management
![Page 21: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/21.jpg)
Demo – Baseline
![Page 22: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/22.jpg)
• Application model – Wrap Mac installer types using CMAppUtil
• Supports .app, .pkg, .mpkg, and .dmg formats • Interrogates Mac installer to gather detection method and application metadata • Cretaes a compressed archive with the .cmmac ext. containing the package and
detection xml.
Mac Software Distribution
![Page 23: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/23.jpg)
Mac Software Distribution Architecture
Primary Site
Management Point
Distribution Point New
Applica>on
Get policy MSI CMMac
Deploy Applica>on
Report install status
Install App
![Page 24: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/24.jpg)
Demo – Install App
![Page 25: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/25.jpg)
Demo – Install App
![Page 26: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/26.jpg)
Mac Inventory Overview – Reported via Hardware Inventory, including installed apps
Objects Processor Process Services Computer System Installed Software USB Device Disk Drive Computer System Product Portable Battery Disk Partition USB Controller Printer Network Adapter CDROM Drive Physical Memory Operating System Desktop Monitor Video Controller
![Page 27: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/27.jpg)
DEMO – Hardware Inventory
![Page 28: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/28.jpg)
• A part of Atea Global Services • Self-service portal • Requester/Approval workflow • Supports any device/platform • Native integration til ConfigMgr
Read more: • http://services.atea.com/services_uk/products.aspx
Acellerator - Software Catalog
![Page 29: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/29.jpg)
DEMO – Acellerator – Software Catalog
![Page 30: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/30.jpg)
Package factory
![Page 31: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/31.jpg)
Atea Global Services Get more info on Atea Global Services website
• http://services.atea.com/services_uk/solutions.aspx • http://services.atea.com/services_uk/products.aspx
![Page 32: Apple –Managed with Microsoft - MacSysAdmindocs.macsysadmin.se/2013/pdf/Mac4Ent-MacSysAdmin180913.pdf · – Retaining Apple user experience and Apple consumer faced services •](https://reader030.vdocuments.site/reader030/viewer/2022041012/5ebfa0f52be41a73f6576793/html5/thumbnails/32.jpg)
Q&A
The End!