Slashdot Mirror
Can Apple Penetrate the Corporation?
coondoggie sends us a NetworkWorld story on the prospects for Apple gaining market share in the corporation. A number of factors are helping to catch the eye of those responsible for upgrading desktops and servers, the article claims: "Apple's shift to the Intel architecture; the inclusion of infrastructure and interoperability hooks, such as directory services, in the Mac OS X Server; dual-boot capabilities; clustering and storage technology; third-party virtualization software; and comparison shopping, which is being fostered by migration costs and hardware overhauls associated with Microsoft's Vista." On this last point, one network admin is quoted: "The changes in Vista are significant enough that we think we can absorb the change going to Macs just as easily as going to Vista."
Right. I'll just run off an get my copy of Microsoft Office for Linux. Um. Hmm. Don't see one. There's one for OSX and everything but - hang on let me check again - no... That's strange.. Ah well, I'm sure there's a copy of Photoshop for Linux. Lessie - Windows, Mac....hmm. Darn. Well SURELY there's a copy of Flash Developer for Linux. Hmmmm....gosh.
.psd files with decent layer mapping?
Uh - unless we're talking about receptionists stringing together redundant database systems and large-scale host arrays, I think - nay - suspect, that an application - of any kind - might be in order. Then again I haven't checked, does GIMP handle
Yes, but the challenge isn't so much the hardware, but the availability of applications that are actually used in corporations. I've tried using my Mac as a work computer, and I just couldn't do it, even with Virtual PC on it (not every application likes being virtualized).
Ironically, as a corporate desktop, Linux is probably better supported than OS X.
It's been a surprisingly trouble free experience, even though the IT department are loath to become involved in an official capacity (though unofficially individuals are interested and have provided invaluable help). All the major applications are supported and with more of the departmental apps being web based and standards based (especially determined by accessibility requirements) looks to become easier over time.
With rumours of moving away from a common environment things could become easier still.
What problems we have encountered have been sorted by brief research on the net and we're currently establishing a business case to transition to Mac Pros in the near future for our business unit.
Quidquid latine dictum sit, altum viditur
You're missing some basic information here.
Apple does have an Enterprise sales division and they are quite different from the consumer division, you get dedicated Apple representatives for your account. Onsite service contracts are available for server systems. Apple has always had self-servicing programs for enterprises, although the investment in spares can be a bit high.
Another factor is your allegations that uncertainty over future products hampers enterprise planning. The switch to Intel changed this picture considerably. Apple's future products track rather closely to Intel's.
I think you're not exactly correct in your assertions.
While there may be some geographic limitations for the first, I would like to point out the following URL's for your further reading and enlightenment:
http://www.apple.com/support/products/premium.htm
http://www.apple.com/support/products/macosxserve
While they're not on par with some traditional enterprise companies (Sun) these meet the needs of many in the Fortune 500.
The sad thing is Yes they do.
Often they use many client server/database programs written in shudder VisualBasic.
Often the company completely depends on them.
For example in my office we depend on Goldmine, USP Shipping software and a number of small programs what we developed in house using Java. We chose Java to make it easy to move to Linux or the Mac but we still depend on a few Windows programs for our day to day operation.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
You have some points but Xserves still aren't as capable as modern solutions from Sun, HP, and hell, even Dell. Think SAN management, it's not impossible but its quite a bit more difficult on the Mac side of the fence. Maybe in a few more years they'll gear it up but monitoring and management have always been the weak side for Apple as they generally prefer to give the power to the user. This is great for home users but very bad for corporate users.
The support you mention is probably the biggest stumbling block for Apple at the current time however.
Maybe you have already tried this, but I would highly, highly recommend Parallels for running Windows apps if you have an Intel-based Mac. Now that they don't have to translate from x86 to PPC on the fly, virtualization on one of these new Macs is nearly as good as the real thing. Jump into fullscreen mode, and you won't notice the difference. And check out the "Coherence" feature in the latest release, which lets you have Windows windows (not stuttering there) next to Mac windows.
Uh, the new Intel-based Macs can run XP... with which they can support all those legacy applications much better than a new PC running Vista!
I don't have any concrete numbers, but I used to work at a company that used run a mixed Mac/PC shop. Story goes, a couple years before I started they transitioned to being nearly 100% Mac because the cost to develop & maintain in-house sofware was much higher on Win than OS X.
Having recently switched from being a ObjC/Cocoa developer at that company to being a VB.NET developer at the new job, I'm willing to believe it.
They don't allow for corporate volume discounts
Yes they do. Ask any Apple sales rep about it.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Never having worked in a "Microsoft Shop," i wonder what kind of support the actual OS vendor really supplies. I mean, sure, they've got to have a really good online knowledge base, but do Windows admins really spend much, if any, time on the phone with Microsoft? As far as I know, companies just hire consultants to give them support when inhouse staff can't handle it.. even when using Windows. Why wouldn't your clients rely on your for on-site support if they went with Microsoft? Who else would they call?
I think it is about features and options. Xserves and XRAIDs are great and easy to manage because they're relatively simple. But because they are simple, they lack at lot of flexability and options that enterprise users need. I mean, seriously, there is basically just ONE external RAID option for Apple servers. There's hundreds for PCs/Windows. If Apple products just happen to fit what you want to do, great, but Windows will continue to be the default platform of choice just because there is so much choice out there. And it isn't just Microsoft. We're talking Dell, HP, IBM, etc.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
"Can I easily integrate my Mac into an existing Active Directory setup yet?"
It takes about 2 minutes to join a Mac to an Active Directory domain. Users and admins authenticate against the domain properly as with a Windows box.
I believe you can do custom GPO style stuff for the Mac - but I think that's bit beyond "easy".
Sometimes my arms bend back.
LDAP isn't the problem, per se. It it is the way it is implemented. Apple needs to utilize the hierarchical structure and implement partitioning and add directory level permissions. For example, you often want to make localized admins that only have rights to particular parts of the tree and the users/servers/services therein. These are the kinds of things I miss from my Netware/NDS days. NDS was awesome.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Enterprise support is called that for a reason. Have you ever worked for a large corp that pays for enterprise support? I have worked as a programmer for 3 fortune 500 companies. I work closely with our admins and Enterprise support means something. We can give a call about a failed NIC and get it by the end of the day or latest next morning. We have people from Sun, HP, Microsoft, Netegrity, etc that actually come to our location. Not some "consultant" that claims to know stuff, but the actual people from the companies we are paying for support.
I personally think "Enterprise support" is a little over rated and very over priced. However, no CIO/CTO is going to go with some small-town solution. Their butt is on the line. They want the assurance that there is support there when needed. From my experience, that support is hardly used at big corps. Most of us IT guys get the job done one-way-or-the-other. However, our CIO will still always budget for the annual support contracts, regardless of how little we used them.
Look at Red Hat. They make most of their money from support, not selling Linux. Any Linux admin can handle the support needs of Red Hat. Yet the top managers still pay for Red Hat support, just for a "security blanket".
Apple doesn't even come close to having an Enterprise support system setup. I don't think they want to. Until they do, they will just be a niche market.
General, you are listening to a machine! Do the world a favor and don't act like one.
"The problem with Apple is that they do not consider the corporation to be a target audience."
Yeah, because everybody with an iPod cross-shops for XServe RAID systems.
News flash: The target audience for Apple's enterprise gear doesn't care about TV commercials.
Why yes, I AM a rocket scientist!
Oh? Apple has this already: http://docs.info.apple.com/article.html?artnum=30
I've used CryptoCard's gear. It works. Well. On a Mac.
If you want to do it manually, use Apple Remote Desktop http://www.apple.com/remotedesktop/
ARD 3 has support for something called a "Task Server", which lets you spin off installation or other jobs to a separate machine, which runs them as systems come online.
Look a little deeper in the future.
This is not accruate. I am an Apple Authorized Business Agent, and Apple Enterprise sales group absolutely can and does offer corporate dicounts. Check your facts. Call Apple, ask for entrprise sales, and talk turkey. Evidently, you'll be surprised.
Try http://rsug.itd.umich.edu/software/radmind/ WONDERFUL tool. And if you have money, go buy Apple Remote Desktop, even better.
Ok ... first of all ... most enterprise applications are web based, have been for a while now, as for the rest, you're misinformed ...
... available for Mac.
... work as of Tiger
... see Certificate Assistant added in Tiger
... it's UNIX underneath ... see NIS
... see Software Update Server
Office
Smart Cards
Certificates
Distributed policy management
Corporate distribution of packaged software
Granted, most of this is newish since it was only added in 10.4 (04/2005) but it's all there.
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
I have been working at maintaining OSX Server at the core of my organization for approximately two years now. A bit of background... we started with a Mini, now an XServe and a number of Powerbook/MBP client systems, not to mention the typical majority of Win32 clients, Linux fileservers, OpenBSD firewalls, and so on. Our requirements for laptop systems put us in the upper-levels of all of the brands, including the MBP systems. For an organization that requires little administrative overhead (engineering to overhead ratio) this works well, as users are familiar enough with the platforms to choose and support themselves intelligently. In nearly every analysis, the use and maintenance of Apple's products is on par and occasionally cheaper than the traditional PC options. This includes initial cost of hardware, retention of value and software licensing. They did well there. Now what really frustrates me is how they have failed in the sector..
1. Partial Server Administration applications
These cover approximately 60% of the functionality provided by the software. If you begin to alter the service's configurations manually (as any good admin should) the WGA or SA applications break. As an example, enable dynamic host updates in BIND's ocnfiguration. SA will fail to load the zone files.
2. Server Administration Applications are Apple-only
Not every admin carries around an OSX based laptop. How do you win over IT staff that have Win32 entrenched within their organization? Make it easier than MS's Server offerings. Opening up a VNC session to perform simple tasks is ridiculous when an app that does little more than format and display XML data is available to the MBP wielding admin.
3. VNC
Every copy of OSX is capable of hosting Remote Desktop. IIRC (I have not had the occasion to verify) the authentication and transport protos are more protected than VNC. If you buy Server, you should have the ability to use this to access the system.
4. OpenDirectory
Lack of simple management tools. The command-line tools are available, however the learning curve for maintaining OD is steep without a built-in management console. WGA is a good start, but the common LDAP browsers are better.. except that their interfaces blow chunks.
5. Support for Third-Party Authentication Services and Servers
Work with RSA to build a plug-in. Ship with a pre-configured RADIUS server.
6. User-level access to administration functions
Seriously.. If I have an OD running with 100 users, give them an easy method to change passwords without requiring an AD/Domain structure. SSH is great for the nerds (woot), but if I have to help Marketing install putty one more time..
At any rate, of _course_ you can hunt the net and grab solutions for some of these problems. Some are in the ports distro. If Apple wants to prove itself equal or better, it should provide good, consistent solutions to the most basic IT administration problems.
Must run. I am fashioning a mini airplane to place in the cool wind tunnels on the front of the XServe.
-ebo
All that can be done through Workgroup Manager. You can specify what applications users can run, what preferences panels they have access to. That much is there.
They just do. Tell a machine to authenticate to an OpenDirectory server (it can pick it up through DHCP) and network users can login and they get their desktop from the server. There's no trick to it.
Not sure you can do that through Workgroup Manager. Although it has never occured to me to try. But I imagine that would be one of the little features missing that I was talking about.
You coudl push such changes out through Apple Remote Desktop with a shell script/AppleScript in one batch. You can select all your machines and have the script run on all of them at once. That's one nice thing about OS X. You get teh full power of unix.
Or have your machines under Radmind http://rsug.itd.umich.edu/software/radmind/ management and push out new password file updates through that.
This is more an application issue than a management issue.
Well, it isn't all THAT bad. You can do most of the things you mentioned. But sometimes "most" isn't good enough. That's what I was saying. And to get that much, you'd have to run the Macs on their own directory or get ALL Macs. There is some AD integration, but then you lose the stuff that Workgroup Manager can do.
Fortunately, where I work, the Mac users don't generally have to share a lot data with the PC users so they can be on different servers.
Oh come on. "Got them working?" How do you NOT get Apple stuff working? Say what you want about Apple, but their stuff generally Just Works(tm). It may not be as featureful as Active Directory or whatever, but there is certainly no trick to getting OpenDirectory and Workgroup Manager "working."
Wow. I thought *I* had doubts about Mac in the enterprise.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
So you already have LCDs for everybody.
Buy $999 iMacs ($1074 with 1Gb) and give everyone dual displays...
or buy $1199 iMacs with the following specs and give everyone dual displays:
17" 1440 x 900 pixels ATI Radeon X1600 graphics 128MB of GDDR3 SDRAM Mini-DVI video out with support for DVI, VGA, S-video, and composite video output. Support for external display with digital resolution up to 1920 x 1200, analog resolution up to 2048 x 1536
2.0 GHz Intel Core 2 Duo
1GB memory
160GB hard drive1
8x DL SuperDrive (DVD+R DL/DVD±RW/CD-RW)
That is prety close to what you are asking for.
5. Ship with a pre-configured RADIUS server.
IIRC, Leopard Server will offer RADIUS. I can't wait, because then I can centrally manage access to the AirPort Base Stations at a few clients.
6. If I have an OD running with 100 users, give them an easy method to change passwords without requiring an AD/Domain structure.
Huh? What's so hard about doing "Change password..." from 'System Preferences' -> 'Accounts'? That works without being an admin-level user, I just tested it on my setup at home with an OD account.
None of it is technically impossible on OS X but its not included and the tools are scattered.
You're a little out of date. Read all about it here and here.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
You're only examining up-front costs, you're not considering these HUGE costs for Windows networks:
- Lost productivity of users, due to them dealing with Windows issues, or security issues.
- Lost productivity of technical staff, due to them dealing with Windows issues, security issues, black tuesday patching cycles, etc.
- More security risks using Windows, not only due to the typical issues, but also due to the much, much higher number of zero-day exploits out for Windows, and the difficulty in running a Windows machine in a locked down mode while allowing users to remain productive.
Further, you are wrong on several points.
1. There ARE corporate/business plans offered by Apple. Start with http://www.apple.com/macatwork/ Apple is also busy increasing the size of their "enterprise" division for just such issues.
2. There is managed control over OS X, you just are not familiar with OS X Server. Start with http://www.apple.com/server/macosx/
3. You may not have a problem with Windows security issues (though I find it EXTREMELY hard to believe), but most businesses that run Windows do. Even if its of the "we're constantly patching our machines" kind of trouble.
The only point I agree with you on is vendor lock-in, although there IS a benefit to vendor lock-in, in that the vendor (Apple) can more efficiently deal with hardware and software issues you have, precisely due to their tight control over everything. Aside from that point, I think Apple will eventually license Mac OS to other vendors, such as Dell. True, they are a hardware company now, but they also used to be a computer company, and THAT changed, didn't it? Software margins are high, ask Microsoft. Apple benefits from people using Mac OS now much more than they do from people buying Mac hardware, since once you start using Mac OS, you want MORE of the same -- itunes media, ipod, apple tv, iphone, the entire sphere. But I digress...
Yes, there is vendor lock-in now. At our business, this hasn't affected us yet.
Ironically, the word ironically is often used incorrectly.
Five seconds with Google would have spared you this lashing.
Mac OS X System Architecture
Architecture of Mac OS X
UNIX family tree
Please do try to keep up.
If you mod me down, I shall become more powerful than you could possibly imagine.
I have done some work in sound studios and post facilities. The tech support setups are a little different, and the users are much more aware. So, if you want perspective from the creative side of things, here you go. Here are stats for some facilities I have worked with:
Recording studio: 7 Macs(MOTU, ProTools), 2 Win98(no internet, dedicated, running sampling software only).
Time: 1 person (me) 10-15 hours a week to cover all computer maintenance, upgrades, hardware installs (including audio interfaces and drive arrays), etc.
University facility: 5 Macs(ProTools LE/HD)
Time: 1 full time studio manager, spends about 10%-20% of his time in front of a computer.
Post production division of a large production facility: 16 WinXP(Avid Media Composer, Nitris), 5-7 Macs(Final Cut, Shake), 2 SGI(Smoke), 1 Windows server(Avid Unity).
Time: 1 person full-time doing server admin and all more difficult procedures, and 30-60 hrs/week from the production assistant pool doing routine maintenance/file management, upgrades/updates etc. The XP boxen running Avid Media Composer (Adrenaline) took 75%-80% of the time. Also, they had onsite vendor support for probably 50-75 hours a year.
Smaller/online only post facility: 8 Macs(Avid Media Composer, Final Cut), 3 WinXP(Nitris, ??), 2 SGI(Da Vinci, Smoke)
Time: 1 full time person who manages ALL tech/engineering/IT. Estimates 25% is spent on the computers, the rest is spent dealing with ingest operations, audio/video equipment issues and whatever happens in that back room with 5 racks, a shitload of audio/video switches, 20 tape decks, tens of terabytes of fibre channel storage and related stuffs.
Sig (appended to the end of comments you post, 120 chars)
I had 3 OS X Servers, with upgrade licenses for OS X server, running several desktops. It doesn't just work because debugging is a bitch. If things don't work, Apple's support options are a joke. Microsoft's knowledge base is huge, Apple's non-existant. AFP548.com does not a network make.
One time I had a massive problem with my system, called Apple for support. The Enterprise Support group was closed for a meeting. They left for the entire afternoon, no support for me. I had to send my employees home for the day.
The mail systems are just non-standard location wise to make the online resources for the open source projects not quite useful, and Apple provides almost no utilities for debugging things. The resources aren't quite there.
The hardware is getting there (Mini is an AWESOME general desktop, small in size with nothing to mess with), Xserve is cool, and Xraid means not needing massive RAID arrays in the box. The software is getting there as well, each rev of OS X Server is using more OSS solutions that have been made Enterprise ready by companies like Redhat, and their software is maturing Workgroup Manager gets much better each revision. But the support options just aren't there.
Yes, I agree dual booting into windows is annoying. But a company could migrate their hardware to shiny new mac's now, leaving those users who must run some legacy app with a windows install until they can make the switch too. Perhaps migrating to a terminal services style delivery of these applications. If your long term goal is to switch all your desktops to OSX, there are a bunch of options to allow a gradual phase over, now that apple use Intel chips. Pick one that suits your environment, and compare the cost to upgrading to vista.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Mac OS X Server
If you mod me down, I shall become more powerful than you could possibly imagine.
For all of MAD's suckyness (Microsoft Active Directory - I still use this acronym; it was coined by Novell in about 1997, as kind of a joke against Microsoft) - MAD delivers functionality that OS X can't even dream of.
Yes, it's sometimes very slow, sometimes a pain in the ass to troubleshoot, and yes - you'll frequently run into issues that make the Microsoft Support Rep blow his brains out. But the bottom line is: when it works, it delivers functionality that simply can not be done on a Mac.
Example:
You can send your admin-monkey to the server, with a few manual procedure steps, to navigate through the (admittedly TERRIBLE) GUI, and check a checkbox that will disable the ability of all Users (not Administrators, and maybe even excluding the folks you put in the "IT Support" group) from using a DOS command shell.
This configuration change will go out on the network with the next reboot. And poof! 500 nosy, troublesome Users are now a bit less able to shoot themselves in the foot, or work mischief on your systems. That's just one example, but there are literally THOUSANDS of these kinds of settings, minor tweaks, etc.
Other examples: disable the IE address bar. (and prevent Trojans from hooking it). Disable the Tools menu so users can't mung with the security settings in IE. Disable control panels. Enforce a password-protected screen saver across the enterprise. Take the File-Open menu away from MS Excel. Whatever. I assure you, as draconian and capricious as these sound - some of them are ABSOLUTELY NECESSARY to operate computers in a secure environment.
And ONLY MAD does this. (to be fair, you had this limited functionality in NT 4.0 too).
There are probably ways to hack these kinds of configurations together in Mac OS X. But the effort required to "roll your own" system to manage client configuration on this scale, with this ease of use, would be on a pretty much unimaginable level.
I am an unashamed Mac fanboy. The bane of my life is when I have to go into work, and fix broken Domain Policies or MAD server. I have 4 Macs at home, and I try to manage them somewhat like an enterprise - and I'm telling you - the tools just are not there. There *is* a usable infrastructure, but you'd need to pump tens of thousands of man-hours from a very skilled scripting guru to pull off the equivalent thing on a Mac. I long for the day that Steve Jobs gets up on that stage and announces that Apple is actually serious about getting into the Enterprise, and will develop tools for a REAL OS X Server. (instead of just offering the Workstation OS, plus a couple of tools, and a hefty price-tag, and calling it "Server") - I am pining for the day that I can hear my customer say: "tear out all this Windows crap and give me a Mac network".
These are my friends, See how they glisten. See this one shine, how he smiles in the light.