Erik Eckel gives an overview of the updated Profile Manager, a management console that allows enterprise administrators to assign user profiles, control settings, and configure a number of Macs and mobile devices.
Apple's Mac OS X Lion Server introduced the Profile Manager, and OS X Mountain Lion Server updated the feature with Profile Manager 2. The utility enables enterprise administrators to specify a variety of settings and configurations for Mac computers and mobile Apple devices.
Profile Manager capabilities
Administrators can leverage the Profile Manager to perform the following tasks by assigning profiles to users, user groups, devices and device groups:
- Standardize and secure user interfaces
- Specify mobile device settings
- Secure specific resources
- Customize user settings
- Set security policies
- Distribute updated configurations
Profile Manager components
The Profile Manager management utility consists of three components:
- The Profile Manager web-based console
- A user-accessible self-service web-portal
- Mobile Device Management Server
The Profile Manager is the administrative web-based console, accessible from any browser that can connect to a Mac server with the Profile Manager service enabled. Administrators can use the console to create and distribute XML-based configuration profiles they build and maintain.
Users, meanwhile, access the Web-based self-service portal to enroll devices and receive new or updated profile information. Users can also leverage the user portal to remotely lock or wipe lost devices.
Administrators can also enable the Mobile Device Management (MDM) Server. With mobile device management services enabled, administrators can remotely deploy and update new configuration profiles for enrolled iOS mobile devices.
Profile Manager dependencies
Before an administrator implements Profile Manager within his or her enterprise, several elements must be in place. First, the OS X Server must be configured as an Open Directory Master. Second, an SSL certificate must be installed, preferably from a third-party certificate authority to enable increased security over a self-signed certificate and the ability to enroll iOS devices. Third, a valid Apple ID must be provided to obtain an Apple Push Notification Service certificate.
Configuring an actual OS X Mountain Lion Server's Profile Manager is beyond the scope of this article. However, more information is available from several sources, including Apple and 318 engineer Charles Edge's Krypted.com site.
Profile Manager benefits
Administrators deploying multiple Macs, and iOS devices, within medium-sized organizations and enterprise businesses save time, ensure consistency and better secure resources leveraging the Profile Manager's centralized administration and policy-deployment and enforcement capabilities. Further, delegating responsibilities to users for some of the enrollment, maintenance and security obligations for the organization's mobile devices helps reduce task burdens placed on information technology staff and speeds policy administration and security efforts within larger organizations.