John Gruber posted an excellent article last week about the state of eliminating the need for a PC from the use of an iOS device, and is an excellent read. He builds upon Chad Olson’s three key iOS-iTunes dependancies with a fourth, so that we end up with:
- getting your stuff onto your new iPad (Chad Olson)
- updating iOS (Chad Olson)
- backing up and restoring your iPad (Chad Olson)
- device activation (John Gruber)
So I’ve had this thought for some time now, and have shared it with a few people here and there. Before I start getting deep into speculation, I want to lay down some facts:
- Oct 2010 – Apple outsources Enterprise sales and support to Unisys.
- Nov 2010 – Apple announces the discontinuation of the XServe. At the same time, they release a laughable white paper, referring to the Mac Pro and Mac Mini Server as reasonable replacements. The Mac enterprise community is shocked, not so much at the discontinuation of the XServe, but at the options left behind.
- February 2011 – Apple releases Light Peak (rebranded as ThunderBolt) enabled Macbook Pros. ThunderBolt represents a huge increase in external interface bandwidth for consumer-level equipment, allowing them over three times the bandwidth of the fastest interface- eSATA.
- April 2011 – Promise announces SANLink ThunderBolt to Fiber Channel interface, with assistance from Apple in the design.
Macs in the data center.
Many Mac Administrators have begun to believe that Apple is just giving up in the enterprise market, relegating the server space to Windows and Linux machines running on VMWare virtualization clusters of IBM/Dell/HP blade servers.
My thought is the opposite. Apple can make a compelling case to replace the blade servers from other manufacturers with Apple kit.
Evolve has administrator access to the majority of its clients. Naturally, there is a great responsibility to not allow this trust to be used inappropriately- by Evolve, or others. As such, I have created a series of policies that govern how administrator access to client systems is handled.
Evolve’s administrator access password policy is this:
- All passwords are auto-generated and unique to the client.
- All passwords are stored in a client-specific keychain file.
- All passwords are strong, according to the Mac OS X password generator.
- Any Evolve accounts on a client’s machine must have an equivalent account for internal client use.
- Evolve account passwords are not shared with the client.
- Any shared-password account, such as airport admin passwords, is marked as such in the keychain.
This policy is in place to protect both Evolve and the client. It performs several goals:
- No cross contamination of passwords between clients, which reduces the likelihood of any potential security breach traveling between clientele.
- Log entries on client systems for system activities mentioning Evolve are always performed by Evolve, provided the account has not been breached itself. Because the user account is not shared with the client, it also allows for detection during a security breach. This is especially imperative with accounts that allow Evolve to VPN into their networks.
- Clients have the ability to lock out the Evolve account at any time. This is useful, if they decide to terminate the relationship without administrator functionality being lost.
I like deploying small business networks in a manner consistent with enterprise networks. Sometimes people don’t understand why I install imaging systems on a five computer network. The reason is efficiency. It makes more sense to manage these five (or ten, or 25) individual computers as one computer image, rather than individually. This allows me to better manage my time with your business, keeping your costs down.
For instance, a recent client was replacing part of their aging network with new iMacs. The time that it took to setup the image system, create the image, and install it on three computers was equal to the time that it took to use Apple Remote Desktop to configure two of the non-imaged machines that they did not want imaged. The additional benefit is that if there are problems with one of the iMacs, it is trivial to bring it back to a default state for their business, rather than a factory fresh computer that needs additional work to become productive.
I like to use DeployStudio for system images. It doesn’t add anything to the bottom line in terms of cost, and it has a well supported and vibrant community of administrators that utilize it.