The beginning of a new year is the prefect time for sysadmins to think about how to simplify their work through standardization and automation. Read my reviews of the top five applications for standardizing, configuring, deploying, updating, and managing Macs — with a little remote management thrown in for good measure so you won't be totally cut-off from your systems in the event of an emergency or if you ever get to take a vacation.
AutoDMG is a tool that takes an OS X installer and creates a system-built image, which is then used to deploy Apple computers using any ASR-compatible third-party deployment suite.
Using an OS X installer downloaded from the Mac App Store, the install files are extracted to an image file. The output is a DMG file that contains all of the necessary files in a deployable file format, which is then used to install OS X on all your Macs.
The thin image format effectively installs a fresh version of OS X on each Mac that has the DMG file deployed to it vs. the deprecated thick imaging format that contains a pre-installed copy of OS X and any apps included with it, which may lead to system inconsistencies and/or loading of outdated software and OS builds.
How AutoDMG helps sysadmins
With an AutoDMG created DMG as the deployment foundation, each deployment of OS X will always be fresh and free from any of the issues associated with loading media that has been booted before.
Additionally, by keeping the OS install independent of any application installs or maintenance updates, the modular nature of this deployment process doesn't require IT to recreate a new image each time a critical software update is released.
Lastly, thin images (which AutoDMG specializes in) produces a vastly smaller file footprint than thick images so IT saves on storage space in storing these deployment files, as well as less bandwidth utilization when deployments are multicast over the network. The time saving benefits don't end there, since deployments complete in a fraction of the time and take much less time to update as new OS X builds are made available by Apple.
DeployStudio is a full deployment suite that is used to restore, configure, and back up small to large networks of Macs and servers.
Because it handles just about everything relating to deploying, configuring, backing up, and, most importantly, automating these processes from beginning to end, it'll even perform restoration and/or backups of Windows and Linux partitions, too.
How DeployStudio helps sysadmins
Deployment: Importing an AutoDMG system image to DeployStudio allows a sysadmin to deploy a clean, fresh version of OS X to each machine on the network via multicasting. While this is DeployStudio's bread and butter so to speak, the modular approach previously mentioned comes into play with DeployStudio as it offers enhanced support for OS X.
Configuration: As Macs are booted to the DeployStudio share, they are added to a database used locally by DeployStudio to identify the node and to allow for configuration of certain features, such as auto-naming computers, creation of user accounts and multiple-boot environments, such as Windows and Linux, for dual- and triple-boot needs.
Additional configuration support may be added modularly in the form of workflows. Workflows act as scripted events that occur post-installation (deployment), such as joining a directory service, creating backups of specific nodes, and installing packages.
By default, the processes occur manually; this means that, once a device connects to DeployStudio, IT must select the tasks necessary to complete the deployment process. Yet, there is another way with support for automation baked right in to every facet of DeployStudio, IT can essentially pre-configure each task and then chain them together to create a workflow. The automated workflow processes execute each task in sequence until they have completed successfully and finally rebooted the node to complete the installations and provide end users with the logon screen.
3: Apple Remote Desktop
- Application deployment is a big feature with the ability to push packages and APP files to client systems silently.
- The copy functionality allows for anything to be copied to/from the server/client.
- Remote administration in the form of a remote desktop window offers a near hands-on experience without ever leaving your keyboard.
- Robust reporting features can be used to glean data from any and all connected Macs — from software to hardware, nothing gets left out.
How Apple Remote Desktop helps sysadmins
From a help-desk perspective, many simple tasks may be performed from any node with Apple Remote Desktop installed and configured to connect to your Mac network. Configuration requires admin credentials, but once a device is added, the credential is encrypted and then stored in the console to allow users to focus on managing equipment. This means non-admin credentialed IT staff could assist with support requests.
Apple Remote Desktop has a strong remote management presence, which also allows it to flex its muscle with deep Terminal integration and the ability to execute UNIX commands remotely and even preconfigure your custom commands to manual or scheduled execution.
Also, when paired with OS X Server running Apple Remote Desktop, the server may become a Task Server that allows for scheduled and/or lengthy tasks to be offset to the server for processing and device monitoring.
Terminal is an application that provides text-based access to OS X via its UNIX underpinnings.
Similar to Command for Windows, Terminal allows for the execution of commands in order to perform a task or a set of tasks. It is a terminal emulator that eschews the graphical interface (GUI) in order to provide a stark, yet powerful minimalist interface for an admin to manage a device locally or remotely using a predefined set of terms, arguments, and flags to toggle settings, configure services, or perform just about any task in OS X.
How Terminal helps sysadmins
While the Terminal is often feared by many users (regardless of what platform OS is being used), it is the tool of choice by many administrators due to its simplicity and power. And sometimes, it may just be about the only way to execute a particular function.
How helpful the Terminal will (or will not) be rests solely on you. Yes, it can be tricky and particularly unforgiving, but the obstacles far outweigh its abilities to belt out seemingly complex tasks with just a few lines of text. Add to that the ability to chain together commands and save them as scripts for future use or add commenting lines so you can help out (or be helped out by) your peers, and the potential negatives shrink exponentially as your command line Kung-Fu grows stronger.
Security also plays an integral role, as being able to manage devices remotely from the Terminal comes in to play. Protocols to encrypt network traffic, such as SSH being used to securely tunnel to the shell of a remote desktop allows a fair bit of freedom by allowing the admin to be off-site yet still able to maintain the systems should the need arise.
5: OS X Server/Profile Manager
OS X Server and, more specifically, the Profile Manager service is an easy to use and easy to set up Mobile Device Management (MDM) server. The Profile Manager service can be broken down into several components:
- Self-service portal used by admins and users to register devices and administer certain functions, such as initiate a remote wipe in the event a device is lost.
- Trust and Enrollment profiles are used to link a device to the MDM server for the purposes of management settings, apps, and configurations. It ensures that the server is legitimate and securely manages the two-way communication between client and server.
- Administrative management console used only by admins to manage devices through the use of accounts, groups, and configuration profiles used to deliver a payload of preconfigured settings to OS X and iOS-enabled devices alike.
How OS X Server/Profile Manager helps sysadmins
By enrolling OS X and iOS devices into Profile Manager and sorting them into groups similar to how directory services may sort users into security groups, you'll be well on your way to providing a standardized, manageable, and scalable infrastructure for mobile and non-mobile Apple devices.
The next step is the bulk of where the ongoing work will occur. Creating configuration profiles that will be pushed out to your devices to manage settings and remotely install applications, especially if you have mobile devices that may not connect to an office regularly, the push notification service will work with the internet-facing MDM server to ensure that devices are kept up-to-date.
This is not an exhaustive list, though I think these five apps represent a nice cross-section of tools available to sysadmins for free or at a relatively low cost that allow for complete systems management from beginning to end. Here are honorable mentions that compliment this list.
- Automator automates common or redundant tasks. It may be used to output as script for future use.
- SSL: Not an app per se, but definitely a requirement if you wish to encrypt web traffic and maintain secure communications.
- Packages create Apple-compliant installer packages that can be used in deployment of applications, settings, or custom configurations.
- VPN Server: Along with SSL above, securing network traffic between sites or buildings or between company servers and remote employees is tantamount.
- How to fix five known issues affecting OS X El Capitan (TechRepublic)
- Pro tip: Manage Apple software updates remotely via the command line (TechRepublic)
- 5 steps to a clean and healthy Mac (TechRepublic)
- 8 ways Apple may delight business users in 2016 (TechRepublic)
- Apple OS X 10.11 (El Capitan): Performance and features fine-tuned, but few surprises (Tech Pro Research)
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.