iOS Mgmt 4 the Generalist€¦ · • Husband, Father of 4. About my environment (CA)…. •...
35
iOS Management for the Generalist
Transcript of iOS Mgmt 4 the Generalist€¦ · • Husband, Father of 4. About my environment (CA)…. •...
iOS Managementfor the Generalist
About me….
• Involved in IT since 1988– Computer Lab Director @ O.C.C.
• Background in Network Administration, Operations Management, Internal Audit, and Information Security & Compliance
• Husband, Father of 4
About my environment (CA)….
• Private, faith-based, JrK-12 in Columbia, TN• 67 acre campus, 9 buildings• approx. 1000 students and 130 employees• satellite campus 15 miles north with 120 users. • 1st in the state of Tennessee to implement an iPad 1:1 program.• iPad 1:1 school for grades 6-12. • iPads centers/carts in JrK-5 (~2:1)• approx. 150 workstations (mostly Win)• approx. 100 laptops (all Mac) • …and a partridge in a pear tree…
About you
• Where are you from?
• What is your job?
• What are you hoping to learn today?
So….what IS a “generalist?”• Jack-of-all-Trades
• Soup-to-Nuts IT
• Projectors, Sound Systems, Wireless Access Points, Switches, Servers, Firewalls, Laptops, Workstations, PDU’s, Printers, Copiers, Phones, Cabling, etc., etc…..
Feeling underappreciated?
• Technology is like “The Janitor”• Technology is typically invisible
– Not noticed until something does not work right• Then….we are like the mop and a bucket
– “Cleanup on aisle 4!!!!”
There’s always more than one way to…
Why are we managing these devices?
….do we or don’t we trust our users?
The Basics:
- Ownership?• school/company owned?• personally owned? (BYOD)
- Purchasing• OEM: direct from Apple• After-market: on the open market
- Receiving & Initial Config• let the games begin!
The Basics (cont’d):
– MDM (Mobile Device Management)• Before IT can manage iOS devices, they must be configured
to work with MDM– Data Usage:
• WiFi or cellular?• if devices have cellular capabilities, consider apps that monitor
data usage & alert users when approaching limits.– iCloud:
• public storage cloud IT can not control. Food for thought…
VPP
Volume Purchase Program• Apple’s program allowing businesses & EDU institutions to
purchase apps in bulk and distribute them w/in their organizations
• Tax Exempt status recognized• Some developers allow for a 50% discount on purchases over
20 apps (same app)• Important point: once a VPP code is redeemed by an AppleID,
it belongs to that AppleID. The exception to this is using Managed Distribution.• I don’t recommend Managed Distribution – simply expense
the cost of the apps as a cost of doing business.
DEP
Device Enrollment Program• Apple’s program allowing businesses and EDU
institutions to more easily deploy and configure iOS and OS X devices.
• Allows the institution to “own” the device rather than it being tied to an individual user’s account….sort of.
AppleID for Students
- This is a STROKE OF GENIUS!• Ummm, sort of…see next 2 slides. :-\
- Bulk creation of AppleID’s.- I tie the “parent” account to a school-owned “+”
Gmail account.• E.g. – [email protected]
• [email protected] is an actual account.• The “+” creates an alias to the address.• http://gool.gl/BLr8q
- Automated creation of the accounts- Manual process of 1) parent/guardian info; and 2)
verification. S-T-U-P-I-D
Youget
oneo
fthese
peracc
ountcr
eated!
!!!
Youget
oneo
fthese
peracc
ountcr
eated!
!!!
Who handed out cans of stupid at Apple?!?!
ASM - Apple School Manager
This is supposed to fix the problems with the previous 3 items.
simple question: Does anyone at Apple have any clue about the school year and when it begins?
Configurator
- very handy tool- allows for installation of configuration profiles
prior to rolling them out to end-users- helps remedy some of the problems with devices
you did not purchase via D.E.P. by installing configuration profiles and allowing you to “supervise” them so you can take advantage of the advanced iOS restrictions (camera, iMessage, etc.)
What can I configure with these tools?So very VERY many things!
Be very careful with this one!
Configurator
- What is supervision?• Certain restrictions require “supervision”• See next for example from MDM
Configurator
• Database locations:• ~/Library/Containers + the following
• Apple also says to backup:• ~/Library/Keychains• /var/db/lockdown
MDM
- I use Meraki. I’ve previously used JAMF but have been pretty happy with Meraki.• Not married to it - mind can be changed.
- Ability to leverage DEP and VPP to maximize utilization.
Various tips
- iOS memory management:• swipe up to end & “cold reboot”
- Caching Server - GET IT. USE IT.• HUGE bandwidth savings.
- You can now restrict apps via MDM.• This has been needed since MDM’s inception.
- MDM - if you’re going to have more than just a few iOS devices, you REALLY need this.
- If you want to maximize control over those devices and do not purchase from Apple, Configurator will be required to supervise those devices.
- DHCP leases - if these devices will be moving between VLAN’s, you should set your DHCP leases to expire more frequently.
Meraki live discussion
You can now restrict (blacklist) apps!!!
Meraki live demo
Communicate, Communicate, Communicate!!!
- Talk to your users - people are skeptical of what they don’t understand - K.I.S.S. à keep communication simple - Speak English, not Geek
• While we’re on the subject – we are geeks, NOT nerds! • Geeks count bytes. Nerds count beans.
Questions?
OOO
Feedbacksurveylink:https://bit.ly/psumac2016-80
slidesavailableatsessionthesessionpage
[email protected]@gmail.com
Twitter/Slack=@Karkau
