COMPUTING

An Apple for the systems administrator

Contrary to popular belief, Macs do have enterprise support tools and can coexist in a Windows world

So you're a systems administrator and one of your organization’s employees wants to use an Apple Macintosh computer. Or maybe the office or program manager wants to switch a group of employees en masse to Macs. Procurement issues aside, you might wonder what sort of enterprise support tools are available to make such a deployment possible.

Although Apple might not have the market share that Microsoft Windows enjoys, the good news is that Apple and other vendors offer a range of applications to help manage Macs, said Eric Zelenka, senior worldwide product manager at Apple.

"Is there enough enterprise management software [for Macs]? No, there is never enough," said Laura DiDio, principal at analysis firm Information Technology Intelligence Corp. “Are there some? Yes.”

The first product you might want to consider is Apple Mac OS X Server, which can act as a console for managing all the Apple computers on your network. It has a number of features that can streamline routine management tasks.

One such feature is Software Update Server. Like other operating systems, OS X is updated frequently to fix bugs and install new features. Instead of having users download those updates or having systems administrators go from desk to desk with a DVD to install them, Software Update Server allows you to update all the Macs on your network from the server. You can choose which updates to load and which machines should get them. That approach also cuts the amount of bandwidth used for updates because each patch is downloaded once to the server rather than being downloaded by every Mac on your network.

In addition, Mac OS X Server has two programs that allow managers to configure, designate and deploy a base operating system and associated applications for all the Macs on the network, Zelenka said.

NetInstall can download and install a fully configured OS X image on any network Mac, while NetBoot allows administrators to use Macs in a way similar to the thin-client approach. The administrator configures the OS, and when the user turns on his or her machine, it boots the OS from the server.

"There is no OS that is stored on your hard drive," Zelenka said. In addition, all the user's files can be kept on another network server. He added that labs, high-performance computing environments and secure government installations use the NetBoot approach.

Once the Macs are up and running, administrators will need some tools to keep them humming. Apple Remote Desktop can be a Swiss army knife for administrators in that regard. It can inventory all the Macs on a network and report on memory size and component use. It can download software to a large number of machines and be used to take control of a client's machine for remote diagnostics and repair. Administrators can also use the software to execute routine scripts that automatically perform actions across all the machines on a network.

Furthermore, some vendors of enterprise management software offer versions of their products for Mac networks. Take a look at applications from Symantec, JAMF Software and LANDesk, to name a few.

Another essential tool is Apple's Workgroup Manager. Think of it as Active Directory for an Apple network. It allows administrators to set permissions for everyone on the network by specifying which users and groups of users can access which folders and programs.

"Say you had a bank of machines that you wanted to prevent people from burning CDs on," Zelenka said. “You can [specify] that these machines won't burn CDs and DVDs.”

The underlying technology for setting permissions for Macs is Open Directory, which is available on OS X Server. Open Directory uses the Kerberos network authentication protocols and the Lightweight Directory Access Protocol. Because both are open standards, administrators can also use third-party tools to set permissions for Macs.

Mixed environments

For better or worse, nearly all government agencies run Microsoft Windows as the primary desktop operating system. Many use Microsoft Exchange for e-mail and calendar tasks and Active Directory for authentication duties.

Administrators who have been around for a while might remember past headaches caused by integrating Macs into a Microsoft Windows environment. However, before they reach for the aspirin, they should take a look at what Apple has done to establish a peaceful coexistence with the software offerings from Redmond, Wash.

For example, instead of setting up a separate instance of Open Directory, OS X clients have the option of using Active Directory as the authenticating agent. So when the user logs on, the Microsoft Exchange server grants the necessary permissions.

"You point your client or your server at Active Directory, and your OS will call Active Directory whenever its needs to view a user-group lookup or any sort of authentication," Zelenka said. "Your Mac will adhere to whatever the security policies were that were set by Active Directory."

Smart cards, such as Common Access Cards, and other authentication technologies can also work in that environment, Zelenka said. Apple offers a guide for setting up Macs for federal smart card use, and Centrify offers some additional tools as well.

File sharing has also gotten easier in recent years. OS X and OS X Server now include the Server Message Block client and server software, which allows authorized Mac users to browse files on Microsoft Windows computers. It also allows Microsoft Windows users to do the same on Mac computers.

Even if your organization uses Microsoft Exchange for e-mail, Mac users can easily send and receive e-mail messages. Because Exchange supports the Internet Message Access Protocol, Mac uses IMAP to download and send messages, either through Apple's Mail client, the e-mail client in Microsoft's version of the Office suite for Macs or any other e-mail client that supports the protocol.

Although Macs might not have the same range of administrative support tools that Windows does, they have enough to streamline most routine tasks. Plus, many of the products feature the ease of use that typifies Apple products.

"We've made managing Macs in your environment like using iTunes, where everything is driven by buttons and an intuitive, friendly interface," Zelenka said.

inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Fri, Jan 30, 2009 Neil

MacAdministrator (www.hi-resolution.com ) can provide administration services to school or university lab environments. It provides a much greater level of control than any Windows system I have used.

Fri, Jan 30, 2009 lrd

Dude- We're on the virtual collapse of the economy and probably the government (Iceland's gov't fell a couple of days ago ) and you're promoting Macs to gov't IT managers??? Remember some CEO that couldn't run a company needs the $1600 that could be spent on a Mac as part of his $18 billion bonus.

Fri, Jan 30, 2009 Blad_Rnr Ohio

This article was good but pretty light on information. All of the tools you described come with Mac OS X server, except Apple Remote Desktop ($299). As a Mac admin for over 60 Macs and three Xserves, I can tell you ARD has nothing like it on the Windows side that works as well and as cheaply. Great tool in a Mac environment. Microsoft also makes a free utility called Remote Desktop Connection that allows remote access to any Windows computer, and vice versa from a Windows PC to a Mac. Great tool also. Also, Macs are UNIX-based so they don't have nearly the malware, spyware and viruses that Windows PC can get. I don't even run AV software on my Macs. That saves us a lot of money and worry. And the UNIX tool that are built-in make DOS look like child's play. The bottom line is that Apple is in a much better position for Enterprise computing than they ever have been. I would not hesitate to add Macs to any computing environment.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group