Changes in OS X 5.0 that will impact the enterprise

Jesus Vigo reviews some of the higher profile changes made to Apple's OS X Server in the recent 5.0.4 release and how they'll impact SMB and enterprise users.

Changes to OS X Server 5.0
Image: Jesus Vigo

It seems like only yesterday that we discussed the change log for OS X Server 4.1 (Yosemite) and how it addressed certain issues and fixes. And yet, here we are, only a week out from the imminent release of 10.11--"El Capitan"--that Apple has gifted us with Server 5.0.

The latest version, 5.0.4, made available through the Mac App Store, has been released prior to El Capitan as a free upgrade to anyone who purchased the previous version 4.0 (regularly $19.99). But why would Apple release the Server app prior to the OS that it runs on, since it wouldn't be compatible? Read on to find the answer to this question and to look into some of the new features that come with this version of OS X Server.

1. OS X independence

Beginning with version 5.0, OS X Server is OS-independent, meaning that it will run on either 10.10 (Yosemite) or the as-of-yet unreleased 10.11 (El Capitan). This marks a departure from past servers in which Apple required and OS X to match versions, otherwise the would be automatically disabled by OS X until updated or uninstalled.

2. Advanced diagnostics for web services

Since version 4.0, a services check was included to determine availability of services managed from the server. With 5.0, this reachability check has been expanded somewhat to include details about the internet accessibility of the services available. While not a major overhaul, and certainly not exhaustive by any means, the added details are welcome and may assist in troubleshooting connectivity issues between local servers and outside clients.

3. iCloud data caching

Apple's caching service has been quite the boon for many SMB and even larger enterprise networks, as the service is a typical Apple product--so "it just works." Setup the server, enable the caching service, optionally adjust the limits of storage usage, and that's it. The caching device handles the rest with no input necessary.

This has now been extended to iCloud data, such as what's stored in users' iCloud drives. By default, this setting comes enabled and will work much like the rest of caching does: to store commonly accessed updates, files, apps--any kind of user data, really--that is checked first when a user makes a request from his/her device instead of going online to retrieve the files each time. This will save on both bandwidth and time.

4. Updated Profile Manager payloads

New OSes mean new features. And new features mean new ways for sysadmins to lock down their users even further. This is sometimes a necessity to protect users from themselves.

Given the new payloads, which represent a host of settings that are available for both iOS 9 and OS X "El Capitan," sysadmins have their work cut out for them. I won't go into the exact settings that have been added, since that is beyond the scope of this article, but suffice it to say that there are literally hundreds of payload configurations available to choose from when deciding how strictly (or loosely) to secure endpoints.

5. VPP app deployment changes

The biggest change in VPP deployment, and one that every Mac admin I know of is happy that Apple (finally) implemented, is applying VPP deployed apps directly to the devices themselves and not individual Apple IDs as they've been done in the past.

For anyone who has to manage app deployment of iOS-based devices on a large scale--such as school districts, health, and business with mobile workforces--this is a daunting challenge, due to the necessity to manage each user's Apple ID in addition to the device itself.

Yet this is all a distant memory, as VPP apps may be linked directly to iOS devices and are easily transferred from one device to another, living independently from any Apple ID used on the managed device.

6. iOS 9 upgrades for DEP devices

This is another one of those changes that won't impact many admins, but the ones that do rely on DEP will find their workload slightly decreased when updating devices to iOS 9.

This time around, iOS devices will have a featured update path to iOS 9--only when said device(s) are managed through Apple's DEP service. Instead of allowing end users to simply get around to updating to the latest version of iOS your organization supports, DEP-enabled devices will offer a direct upgrade path to iOS 9, managed directly by the sysadmin remotely and without the need to recollect each device or run it through Apple Configurator for provisioning.

7. OS X account management for DEP devices

Another "work smarter, not harder" fix for DEP-enabled OS X devices is the account management features built in for DEP users only. Among the changes is the ability to pre-configure a hidden administrator account that will be invisible to end users but still allow sysadmins to work their magic, as needed. Additionally, skipping account creation from the setup menu on new out-of-the-box deployments is possible, as is a setting that allows the creation of standard accounts in lieu of the default admin account, which is typically created when a user completes the setup process.

What other changes are you looking forward to seeing in OS X 5.0? Let us know in the discussion thread below.

Also see