My friend Tom Bridge wrote a great post after dealing with his weekend gone when a non-technical person did the wrong thing with a client’s hardware.. I can’t elaborate anymore on what he says, so please read…
John Gruber posted an excellent article last week about the state of eliminating the need for a PC from the use of an iOS device, and is an excellent read. He builds upon Chad Olson’s three key iOS-iTunes dependancies with a fourth, so that we end up with:
- getting your stuff onto your new iPad (Chad Olson)
- updating iOS (Chad Olson)
- backing up and restoring your iPad (Chad Olson)
- device activation (John Gruber)
So I’ve had this thought for some time now, and have shared it with a few people here and there. Before I start getting deep into speculation, I want to lay down some facts:
- Oct 2010 – Apple outsources Enterprise sales and support to Unisys.
- Nov 2010 – Apple announces the discontinuation of the XServe. At the same time, they release a laughable white paper, referring to the Mac Pro and Mac Mini Server as reasonable replacements. The Mac enterprise community is shocked, not so much at the discontinuation of the XServe, but at the options left behind.
- February 2011 – Apple releases Light Peak (rebranded as ThunderBolt) enabled Macbook Pros. ThunderBolt represents a huge increase in external interface bandwidth for consumer-level equipment, allowing them over three times the bandwidth of the fastest interface- eSATA.
- April 2011 – Promise announces SANLink ThunderBolt to Fiber Channel interface, with assistance from Apple in the design.
Macs in the data center.
Many Mac Administrators have begun to believe that Apple is just giving up in the enterprise market, relegating the server space to Windows and Linux machines running on VMWare virtualization clusters of IBM/Dell/HP blade servers.
My thought is the opposite. Apple can make a compelling case to replace the blade servers from other manufacturers with Apple kit.
Evolve has administrator access to the majority of its clients. Naturally, there is a great responsibility to not allow this trust to be used inappropriately- by Evolve, or others. As such, I have created a series of policies that govern how administrator access to client systems is handled.
Evolve’s administrator access password policy is this:
- All passwords are auto-generated and unique to the client.
- All passwords are stored in a client-specific keychain file.
- All passwords are strong, according to the Mac OS X password generator.
- Any Evolve accounts on a client’s machine must have an equivalent account for internal client use.
- Evolve account passwords are not shared with the client.
- Any shared-password account, such as airport admin passwords, is marked as such in the keychain.
This policy is in place to protect both Evolve and the client. It performs several goals:
- No cross contamination of passwords between clients, which reduces the likelihood of any potential security breach traveling between clientele.
- Log entries on client systems for system activities mentioning Evolve are always performed by Evolve, provided the account has not been breached itself. Because the user account is not shared with the client, it also allows for detection during a security breach. This is especially imperative with accounts that allow Evolve to VPN into their networks.
- Clients have the ability to lock out the Evolve account at any time. This is useful, if they decide to terminate the relationship without administrator functionality being lost.
I like deploying small business networks in a manner consistent with enterprise networks. Sometimes people don’t understand why I install imaging systems on a five computer network. The reason is efficiency. It makes more sense to manage these five (or ten, or 25) individual computers as one computer image, rather than individually. This allows me to better manage my time with your business, keeping your costs down.
For instance, a recent client was replacing part of their aging network with new iMacs. The time that it took to setup the image system, create the image, and install it on three computers was equal to the time that it took to use Apple Remote Desktop to configure two of the non-imaged machines that they did not want imaged. The additional benefit is that if there are problems with one of the iMacs, it is trivial to bring it back to a default state for their business, rather than a factory fresh computer that needs additional work to become productive.
I like to use DeployStudio for system images. It doesn’t add anything to the bottom line in terms of cost, and it has a well supported and vibrant community of administrators that utilize it.
I’ve always held the opinion that Macintoshes are worse off when running antivirus, as the threat is very low and the drawback is high as your computer runs shower and is often less stable. I still don’t suggest doing so. However, I want you to be aware of a threat that has come out today for the Mac:
In particular, it appears to be running under the certificate for “PhotoAlbum”, an example of which appears as an image in this email. If you receive this certificate, please press the cancel button (as you should for any untrusted certificate other than the ones that I’ve setup for your office.)
If you have pressed continue at this dialog, please contact me immediately.
I will be monitoring this situation, and will recommend other changes as they are necessary. If you feel that your organization needs antivirus, I will be happy to work with you on acquiring and installing it onto your Macs. I expect the particular security holes used in this trojan horse to be patched relatively quickly.
Please feel free to distribute this within your office as you feel is necessary, and contact me directly if you have any questions.
I’m working with a new client right now that has had hard drive failure. This is never a good thing, but this particular client was silent when I asked where their backups were. My only thought:
Silence is never a good thing when asked about backups. An immediate “here are our backups” is better. The best answer is “here are our backups, and they were spot checked last Friday.”
The cost of not having this third statement is expensive. My time and the cost of a hard drive recovery service such as DriveSavers can end up costing thousands of dollars, and there isn’t any guarantee that you’ll recover your data at all (although DriveSavers does not charge for failed attempts.)
You could be spending time and money with the only thing to look forward to is spending more time and money manually rebuilding the lost data.
Mac OS X 10.6’s Time Machine is a great start for backups. Plug in an external hard drive, click one button, and it does it for you.
Can you afford not to?
The hard drives are off to DriveSavers, which means that the price tag for recovery just got quite a bit higher. Assuming that the data is recoverable.
Photo courtesy of kelsey_lovefusionphoto
Last night on Talking Mac, I started a new how-to segment. While I am looking for suggestions, I also intend to put them on both talkingmac.com and dmevolve.com. Enjoy!
Mike Wagner of White Rabbit Group has an excellent post titled Don’t “keep it simple, Stupid”! which talks about how nothing in business starts out simple, so the old adage should be “Make it simple, expert” rather than the old adage “keep it simple, stupid.” The key quote is this:
The real expertise businesses and organizations need comes from those professionals who know how to “make simple” what is already way too complicated. Reward that! Insist on that!
Computers are all about taking complexity and making it simple. Rooms of humans computing the books of a company (the origin of the term “computer”) are now replaced with a single application running along with several other, equally complex applications. Rows and rows of secretaries have been eliminated. Human productivity is up because each user can do more in an hour than our ancestors could do in a week.
Making tasks simpler
Mac OS X allows us to make simple tasks out of long repetitive ones through the use of Automator, Applescript, and UNIX shell scripts. My favorite recent example is a process I came up with when I was updating all of the avatar pictures of myself on the web. I had just taken part in a photo shoot, and had a DVD full of beautiful, giant TIFF files.
Files that websites like WordPress.com, Facebook, and Twitter reject because they want 300k JPEG files.
The process was about eight or nine steps to do manually, which also required me to think about the best way to deal with the files each time. I didn’t really need all of the photos shrunken, so I was doing them in batches of one and two on an as-need basis. I then realized that I was performing the same actions over and over again.
I then opened Automator, and a few workflow commands later I had a service that automatically converted any photo that I select into a 300k JPEG. The beauty of doing this in Snow Leopard is that I can now right-click on a file and convert it.
Getting back to Mike’s point, I took a complex (in numbers of steps and time, not in the difficulty of each step) task and made it simple. There is a staggering amount of complexity sitting in the background, but the end user doesn’t see it.
They just right click and have a file they need.