Slashdot Mirror
Can Apple Penetrate the Corporation?
coondoggie sends us a NetworkWorld story on the prospects for Apple gaining market share in the corporation. A number of factors are helping to catch the eye of those responsible for upgrading desktops and servers, the article claims: "Apple's shift to the Intel architecture; the inclusion of infrastructure and interoperability hooks, such as directory services, in the Mac OS X Server; dual-boot capabilities; clustering and storage technology; third-party virtualization software; and comparison shopping, which is being fostered by migration costs and hardware overhauls associated with Microsoft's Vista." On this last point, one network admin is quoted: "The changes in Vista are significant enough that we think we can absorb the change going to Macs just as easily as going to Vista."
Yes, but the challenge isn't so much the hardware, but the availability of applications that are actually used in corporations. I've tried using my Mac as a work computer, and I just couldn't do it, even with Virtual PC on it (not every application likes being virtualized).
Ironically, as a corporate desktop, Linux is probably better supported than OS X.
It's been a surprisingly trouble free experience, even though the IT department are loath to become involved in an official capacity (though unofficially individuals are interested and have provided invaluable help). All the major applications are supported and with more of the departmental apps being web based and standards based (especially determined by accessibility requirements) looks to become easier over time.
With rumours of moving away from a common environment things could become easier still.
What problems we have encountered have been sorted by brief research on the net and we're currently establishing a business case to transition to Mac Pros in the near future for our business unit.
Quidquid latine dictum sit, altum viditur
You're missing some basic information here.
Apple does have an Enterprise sales division and they are quite different from the consumer division, you get dedicated Apple representatives for your account. Onsite service contracts are available for server systems. Apple has always had self-servicing programs for enterprises, although the investment in spares can be a bit high.
Another factor is your allegations that uncertainty over future products hampers enterprise planning. The switch to Intel changed this picture considerably. Apple's future products track rather closely to Intel's.
The sad thing is Yes they do.
Often they use many client server/database programs written in shudder VisualBasic.
Often the company completely depends on them.
For example in my office we depend on Goldmine, USP Shipping software and a number of small programs what we developed in house using Java. We chose Java to make it easy to move to Linux or the Mac but we still depend on a few Windows programs for our day to day operation.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
You have some points but Xserves still aren't as capable as modern solutions from Sun, HP, and hell, even Dell. Think SAN management, it's not impossible but its quite a bit more difficult on the Mac side of the fence. Maybe in a few more years they'll gear it up but monitoring and management have always been the weak side for Apple as they generally prefer to give the power to the user. This is great for home users but very bad for corporate users.
The support you mention is probably the biggest stumbling block for Apple at the current time however.
Maybe you have already tried this, but I would highly, highly recommend Parallels for running Windows apps if you have an Intel-based Mac. Now that they don't have to translate from x86 to PPC on the fly, virtualization on one of these new Macs is nearly as good as the real thing. Jump into fullscreen mode, and you won't notice the difference. And check out the "Coherence" feature in the latest release, which lets you have Windows windows (not stuttering there) next to Mac windows.
I don't have any concrete numbers, but I used to work at a company that used run a mixed Mac/PC shop. Story goes, a couple years before I started they transitioned to being nearly 100% Mac because the cost to develop & maintain in-house sofware was much higher on Win than OS X.
Having recently switched from being a ObjC/Cocoa developer at that company to being a VB.NET developer at the new job, I'm willing to believe it.
They don't allow for corporate volume discounts
Yes they do. Ask any Apple sales rep about it.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Never having worked in a "Microsoft Shop," i wonder what kind of support the actual OS vendor really supplies. I mean, sure, they've got to have a really good online knowledge base, but do Windows admins really spend much, if any, time on the phone with Microsoft? As far as I know, companies just hire consultants to give them support when inhouse staff can't handle it.. even when using Windows. Why wouldn't your clients rely on your for on-site support if they went with Microsoft? Who else would they call?
I think it is about features and options. Xserves and XRAIDs are great and easy to manage because they're relatively simple. But because they are simple, they lack at lot of flexability and options that enterprise users need. I mean, seriously, there is basically just ONE external RAID option for Apple servers. There's hundreds for PCs/Windows. If Apple products just happen to fit what you want to do, great, but Windows will continue to be the default platform of choice just because there is so much choice out there. And it isn't just Microsoft. We're talking Dell, HP, IBM, etc.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
"Can I easily integrate my Mac into an existing Active Directory setup yet?"
It takes about 2 minutes to join a Mac to an Active Directory domain. Users and admins authenticate against the domain properly as with a Windows box.
I believe you can do custom GPO style stuff for the Mac - but I think that's bit beyond "easy".
Sometimes my arms bend back.
LDAP isn't the problem, per se. It it is the way it is implemented. Apple needs to utilize the hierarchical structure and implement partitioning and add directory level permissions. For example, you often want to make localized admins that only have rights to particular parts of the tree and the users/servers/services therein. These are the kinds of things I miss from my Netware/NDS days. NDS was awesome.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Enterprise support is called that for a reason. Have you ever worked for a large corp that pays for enterprise support? I have worked as a programmer for 3 fortune 500 companies. I work closely with our admins and Enterprise support means something. We can give a call about a failed NIC and get it by the end of the day or latest next morning. We have people from Sun, HP, Microsoft, Netegrity, etc that actually come to our location. Not some "consultant" that claims to know stuff, but the actual people from the companies we are paying for support.
I personally think "Enterprise support" is a little over rated and very over priced. However, no CIO/CTO is going to go with some small-town solution. Their butt is on the line. They want the assurance that there is support there when needed. From my experience, that support is hardly used at big corps. Most of us IT guys get the job done one-way-or-the-other. However, our CIO will still always budget for the annual support contracts, regardless of how little we used them.
Look at Red Hat. They make most of their money from support, not selling Linux. Any Linux admin can handle the support needs of Red Hat. Yet the top managers still pay for Red Hat support, just for a "security blanket".
Apple doesn't even come close to having an Enterprise support system setup. I don't think they want to. Until they do, they will just be a niche market.
General, you are listening to a machine! Do the world a favor and don't act like one.
"The problem with Apple is that they do not consider the corporation to be a target audience."
Yeah, because everybody with an iPod cross-shops for XServe RAID systems.
News flash: The target audience for Apple's enterprise gear doesn't care about TV commercials.
Why yes, I AM a rocket scientist!
Oh? Apple has this already: http://docs.info.apple.com/article.html?artnum=30
I've used CryptoCard's gear. It works. Well. On a Mac.
If you want to do it manually, use Apple Remote Desktop http://www.apple.com/remotedesktop/
ARD 3 has support for something called a "Task Server", which lets you spin off installation or other jobs to a separate machine, which runs them as systems come online.
Look a little deeper in the future.
This is not accruate. I am an Apple Authorized Business Agent, and Apple Enterprise sales group absolutely can and does offer corporate dicounts. Check your facts. Call Apple, ask for entrprise sales, and talk turkey. Evidently, you'll be surprised.
Try http://rsug.itd.umich.edu/software/radmind/ WONDERFUL tool. And if you have money, go buy Apple Remote Desktop, even better.
Ok ... first of all ... most enterprise applications are web based, have been for a while now, as for the rest, you're misinformed ...
... available for Mac.
... work as of Tiger
... see Certificate Assistant added in Tiger
... it's UNIX underneath ... see NIS
... see Software Update Server
Office
Smart Cards
Certificates
Distributed policy management
Corporate distribution of packaged software
Granted, most of this is newish since it was only added in 10.4 (04/2005) but it's all there.
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
All that can be done through Workgroup Manager. You can specify what applications users can run, what preferences panels they have access to. That much is there.
They just do. Tell a machine to authenticate to an OpenDirectory server (it can pick it up through DHCP) and network users can login and they get their desktop from the server. There's no trick to it.
Not sure you can do that through Workgroup Manager. Although it has never occured to me to try. But I imagine that would be one of the little features missing that I was talking about.
You coudl push such changes out through Apple Remote Desktop with a shell script/AppleScript in one batch. You can select all your machines and have the script run on all of them at once. That's one nice thing about OS X. You get teh full power of unix.
Or have your machines under Radmind http://rsug.itd.umich.edu/software/radmind/ management and push out new password file updates through that.
This is more an application issue than a management issue.
Well, it isn't all THAT bad. You can do most of the things you mentioned. But sometimes "most" isn't good enough. That's what I was saying. And to get that much, you'd have to run the Macs on their own directory or get ALL Macs. There is some AD integration, but then you lose the stuff that Workgroup Manager can do.
Fortunately, where I work, the Mac users don't generally have to share a lot data with the PC users so they can be on different servers.
Oh come on. "Got them working?" How do you NOT get Apple stuff working? Say what you want about Apple, but their stuff generally Just Works(tm). It may not be as featureful as Active Directory or whatever, but there is certainly no trick to getting OpenDirectory and Workgroup Manager "working."
Wow. I thought *I* had doubts about Mac in the enterprise.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
So you already have LCDs for everybody.
Buy $999 iMacs ($1074 with 1Gb) and give everyone dual displays...
or buy $1199 iMacs with the following specs and give everyone dual displays:
17" 1440 x 900 pixels ATI Radeon X1600 graphics 128MB of GDDR3 SDRAM Mini-DVI video out with support for DVI, VGA, S-video, and composite video output. Support for external display with digital resolution up to 1920 x 1200, analog resolution up to 2048 x 1536
2.0 GHz Intel Core 2 Duo
1GB memory
160GB hard drive1
8x DL SuperDrive (DVD+R DL/DVD±RW/CD-RW)
That is prety close to what you are asking for.
None of it is technically impossible on OS X but its not included and the tools are scattered.
You're a little out of date. Read all about it here and here.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
You're only examining up-front costs, you're not considering these HUGE costs for Windows networks:
- Lost productivity of users, due to them dealing with Windows issues, or security issues.
- Lost productivity of technical staff, due to them dealing with Windows issues, security issues, black tuesday patching cycles, etc.
- More security risks using Windows, not only due to the typical issues, but also due to the much, much higher number of zero-day exploits out for Windows, and the difficulty in running a Windows machine in a locked down mode while allowing users to remain productive.
Further, you are wrong on several points.
1. There ARE corporate/business plans offered by Apple. Start with http://www.apple.com/macatwork/ Apple is also busy increasing the size of their "enterprise" division for just such issues.
2. There is managed control over OS X, you just are not familiar with OS X Server. Start with http://www.apple.com/server/macosx/
3. You may not have a problem with Windows security issues (though I find it EXTREMELY hard to believe), but most businesses that run Windows do. Even if its of the "we're constantly patching our machines" kind of trouble.
The only point I agree with you on is vendor lock-in, although there IS a benefit to vendor lock-in, in that the vendor (Apple) can more efficiently deal with hardware and software issues you have, precisely due to their tight control over everything. Aside from that point, I think Apple will eventually license Mac OS to other vendors, such as Dell. True, they are a hardware company now, but they also used to be a computer company, and THAT changed, didn't it? Software margins are high, ask Microsoft. Apple benefits from people using Mac OS now much more than they do from people buying Mac hardware, since once you start using Mac OS, you want MORE of the same -- itunes media, ipod, apple tv, iphone, the entire sphere. But I digress...
Yes, there is vendor lock-in now. At our business, this hasn't affected us yet.
Ironically, the word ironically is often used incorrectly.
Five seconds with Google would have spared you this lashing.
Mac OS X System Architecture
Architecture of Mac OS X
UNIX family tree
Please do try to keep up.
If you mod me down, I shall become more powerful than you could possibly imagine.
I have done some work in sound studios and post facilities. The tech support setups are a little different, and the users are much more aware. So, if you want perspective from the creative side of things, here you go. Here are stats for some facilities I have worked with:
Recording studio: 7 Macs(MOTU, ProTools), 2 Win98(no internet, dedicated, running sampling software only).
Time: 1 person (me) 10-15 hours a week to cover all computer maintenance, upgrades, hardware installs (including audio interfaces and drive arrays), etc.
University facility: 5 Macs(ProTools LE/HD)
Time: 1 full time studio manager, spends about 10%-20% of his time in front of a computer.
Post production division of a large production facility: 16 WinXP(Avid Media Composer, Nitris), 5-7 Macs(Final Cut, Shake), 2 SGI(Smoke), 1 Windows server(Avid Unity).
Time: 1 person full-time doing server admin and all more difficult procedures, and 30-60 hrs/week from the production assistant pool doing routine maintenance/file management, upgrades/updates etc. The XP boxen running Avid Media Composer (Adrenaline) took 75%-80% of the time. Also, they had onsite vendor support for probably 50-75 hours a year.
Smaller/online only post facility: 8 Macs(Avid Media Composer, Final Cut), 3 WinXP(Nitris, ??), 2 SGI(Da Vinci, Smoke)
Time: 1 full time person who manages ALL tech/engineering/IT. Estimates 25% is spent on the computers, the rest is spent dealing with ingest operations, audio/video equipment issues and whatever happens in that back room with 5 racks, a shitload of audio/video switches, 20 tape decks, tens of terabytes of fibre channel storage and related stuffs.
Sig (appended to the end of comments you post, 120 chars)
I had 3 OS X Servers, with upgrade licenses for OS X server, running several desktops. It doesn't just work because debugging is a bitch. If things don't work, Apple's support options are a joke. Microsoft's knowledge base is huge, Apple's non-existant. AFP548.com does not a network make.
One time I had a massive problem with my system, called Apple for support. The Enterprise Support group was closed for a meeting. They left for the entire afternoon, no support for me. I had to send my employees home for the day.
The mail systems are just non-standard location wise to make the online resources for the open source projects not quite useful, and Apple provides almost no utilities for debugging things. The resources aren't quite there.
The hardware is getting there (Mini is an AWESOME general desktop, small in size with nothing to mess with), Xserve is cool, and Xraid means not needing massive RAID arrays in the box. The software is getting there as well, each rev of OS X Server is using more OSS solutions that have been made Enterprise ready by companies like Redhat, and their software is maturing Workgroup Manager gets much better each revision. But the support options just aren't there.
Yes, I agree dual booting into windows is annoying. But a company could migrate their hardware to shiny new mac's now, leaving those users who must run some legacy app with a windows install until they can make the switch too. Perhaps migrating to a terminal services style delivery of these applications. If your long term goal is to switch all your desktops to OSX, there are a bunch of options to allow a gradual phase over, now that apple use Intel chips. Pick one that suits your environment, and compare the cost to upgrading to vista.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Mac OS X Server
If you mod me down, I shall become more powerful than you could possibly imagine.
For all of MAD's suckyness (Microsoft Active Directory - I still use this acronym; it was coined by Novell in about 1997, as kind of a joke against Microsoft) - MAD delivers functionality that OS X can't even dream of.
Yes, it's sometimes very slow, sometimes a pain in the ass to troubleshoot, and yes - you'll frequently run into issues that make the Microsoft Support Rep blow his brains out. But the bottom line is: when it works, it delivers functionality that simply can not be done on a Mac.
Example:
You can send your admin-monkey to the server, with a few manual procedure steps, to navigate through the (admittedly TERRIBLE) GUI, and check a checkbox that will disable the ability of all Users (not Administrators, and maybe even excluding the folks you put in the "IT Support" group) from using a DOS command shell.
This configuration change will go out on the network with the next reboot. And poof! 500 nosy, troublesome Users are now a bit less able to shoot themselves in the foot, or work mischief on your systems. That's just one example, but there are literally THOUSANDS of these kinds of settings, minor tweaks, etc.
Other examples: disable the IE address bar. (and prevent Trojans from hooking it). Disable the Tools menu so users can't mung with the security settings in IE. Disable control panels. Enforce a password-protected screen saver across the enterprise. Take the File-Open menu away from MS Excel. Whatever. I assure you, as draconian and capricious as these sound - some of them are ABSOLUTELY NECESSARY to operate computers in a secure environment.
And ONLY MAD does this. (to be fair, you had this limited functionality in NT 4.0 too).
There are probably ways to hack these kinds of configurations together in Mac OS X. But the effort required to "roll your own" system to manage client configuration on this scale, with this ease of use, would be on a pretty much unimaginable level.
I am an unashamed Mac fanboy. The bane of my life is when I have to go into work, and fix broken Domain Policies or MAD server. I have 4 Macs at home, and I try to manage them somewhat like an enterprise - and I'm telling you - the tools just are not there. There *is* a usable infrastructure, but you'd need to pump tens of thousands of man-hours from a very skilled scripting guru to pull off the equivalent thing on a Mac. I long for the day that Steve Jobs gets up on that stage and announces that Apple is actually serious about getting into the Enterprise, and will develop tools for a REAL OS X Server. (instead of just offering the Workstation OS, plus a couple of tools, and a hefty price-tag, and calling it "Server") - I am pining for the day that I can hear my customer say: "tear out all this Windows crap and give me a Mac network".
These are my friends, See how they glisten. See this one shine, how he smiles in the light.