Apple's design philosophies rely heavily on aesthetics and function. The ease of use forms part of the function equation, because Apple wishes to empower its users with the tools to build anything their minds can imagine.
This also trickles to the management service Profile Manager in OS X Server. Profile Manager allows for network wide (or even worldwide) configuration of Apple devices — OS X and iOS — over a network connection. When integrated within a Mac environment, it can provide a host of configuration, app deployment, and system lockdown settings to harden existing or new devices.
Since Profile Manager offers so much, this article will just cover the steps needed to implement the service.
First, here are the requirements for setting up Profile Manager in OS X Server:
- Apple Computer running OS X Server (1.0+)
- Broadband internet connection (Ethernet or Wi-Fi, but Ethernet is highly recommended)
- Self-signed SSL certificate (optional, but necessary if planning to sign configuration profiles)
- 3rd-party SSL certificate (optional, but necessary if planning to use Profile Manager as MDM over the WAN)
Now, let's take a look at how to setup Profile Manager in OS X Server:
- Launch Server.app and select the server you wish to manage.
- Login with administrative credentials.
- Click on Profile Manager from the Server pane (Figure A).
- Move the slider from the OFF position to ON. The service has several dependencies, so it may take a few minutes.
- Once the service is available, it will provide a URL to access the web-based console. Note: If Profile Manager will be used over the WAN, stop configuring PM further and change the host name to a Fully Qualified Domain Name (FQDN) and modify any DNS records needed to ensure the server is accessible from the internet (Figure B).
- After verifying the host name is correct, click the Configure... button under Settings, next to Device Management (Figure C).
- Follow the prompts in the wizard to read the current server settings, and click Next to proceed to the following screen (Figure D).
- Enter the requested information in the text fields under the Organization Information screen, clicking Next to continue (Figure E).
- On the Configure an SSL Certificate screen, select the self-signed certificate that was created when OS X Server was first setup. This certificate will encrypt communications between the server and the devices on your local network. However, if planning to use PM as an MDM server, a 3rd-party SSL certificate is required, and that certificate must be selected instead, before clicking Next to proceed (Figure F).
- Click the Finish button to complete saving the changes (Figure G).
- Once you've returned to the PM pane, check the box beside Sign configuration profiles if you wish to encrypt the trust profiles (Figure H).
- If checked, you'll be prompted to select either the self-signed certificate or a 3rd-party SSL certificate. Select the proper SSL certificate, and then click OK (Figure I).
- That's it! Profile Manager has now been correctly setup. Double-check that Device Management, under Settings, is set to Enabled. Also, click on the arrow next to Open Profile Manager to verify that the URL to PM is resolving correctly (Figure J).
It can be said that Apple's Profile Manager is similar to Microsoft's Group Policy in that they both implement lockdown settings and application deployment in a networked environment. Apple's offering — while not as robust as Microsoft's — is no slouch, and when it's configured with a 3rd-party SSL certificate and as a web server, it can be leveraged to support users, groups, and devices all around the world over an internet connection.
While it doesn't have all the bells and whistles that some 3rd-party applications offer, one cannot argue that Profile Manager — which comes in at a fraction of the cost of other licensing models, yet offers at least 70% of the performance — makes OS X Server a much more attractive offering among the various desktop management suites.
Do you use Profile Manager or another application(s) to configure your Apple devices? Let us know in the discussion thread below.
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.