Slashdot Mirror

← Back to Stories (view on slashdot.org)

Large-Scale Mac Deployment?

Posted by kdawson on from the rolling-'em-out dept.

UncleRage writes "I've been asked to research and ultimately recommend a deployment procedure for Macs across a rather large network. I'm not a stranger to OS X; however, the last time I worked on deployment NetRestore was still king of the mountain. Considering the current options, what methodologies do admins adhere to? Given the current selection of tools available, what would you recommend when planning, prototyping, and rolling out a robust, modular deployment scenario? For the record, I'm not asking for a spoon-fed solution; I'm more interested in a discussion concerning the current tools and what may (or may not) have worked for you. There are a lot of options available for modular system deployment... what are your opinions?"

15 of 460 comments (clear)

  1. Large scale Apple managed LAN? by Anonymous Coward · · Score: 5, Insightful

    Is there even such a thing in this world? Folks like to disparage Windows, but it really is the only OS built for very large enterprises. Linux solutions don't really compare to Windows solutions - there, I said it...

    1. Re:Large scale Apple managed LAN? by norkakn · · Score: 5, Insightful

      radmind ftw

    2. Re:Large scale Apple managed LAN? by genner · · Score: 3, Insightful

      LDAP, thunderbird w/ lightning plugin (or openexchange, citadel or similar), XDMCP.. Updates? Your own local ubuntu/debian mirror w/ custom packages, etc. Lots of equivalents.

      ....and still no replacement for active directory.
      This is really the only practical reason why windows is still on top.

    3. Re:Large scale Apple managed LAN? by amirulbahr · · Score: 4, Insightful

      Active Directory

      You can't be serious on this one. LDAP + Kerberos can easily take on that role plus some.

      Exchange

      Email is easy enough to offer but shared address books and calendaring may give Exchange the edge. No harm in deploying Exchange on the back-end and using Evolution or Thunderbird or web based Exchange on the front-end.

      Terminal Services

      This is the most outrageous of your claims. Linux, Solaris, *BSD all come up trumps in this. You've got X11, NX, VNC, and the most advanced thin client solution at the moment, Sun Ray.

    4. Re:Large scale Apple managed LAN? by confused+one · · Score: 3, Insightful

      OS X is a certified Unix platform. Why is it hard to believe it's capable of being used as a large enterprise OS.

    5. Re:Large scale Apple managed LAN? by ilmdba · · Score: 4, Insightful

      please... X11, NX, VNC and Sun Ray all suck ass compared to RDP. i use them all on a daily basis, and RDP is far and away the best of them all. authentication, remote devices (USB, printing), sound, mapped drives, etc. etc. none of these other solutions even touch on any of those features. not to mention, the performance of RDP smokes all of those others completely out of the water.

    6. Re:Large scale Apple managed LAN? by Antique+Geekmeister · · Score: 3, Insightful

      No, there are many historical reasons Microsoft has its leadership position. It has, in fact, been convicted for many of them.

      Active Directory is useful: its management interfaces are very useful for modest size environments. Scaling it down to small shops that can't spare dedicated, expensively licensed servers or scaling it up to large environments that require subtler control and redundancy, however, is extremely painful. Its underlying technologies are all more manageable with a more intelligent database behind it and a superior auto-configuration setup. These components are:

      DNS
      DHCP
      Kerberos (authentication)
      LDAP (user account and machine resource management)

      That's basically it. And given its lack of sanity checking of its own configurations, the difficulty of scripting its operations, and its mishandling of the addition or re-configuration of new resources, I don't recommend it for large environments.

    7. Re:Large scale Apple managed LAN? by TrueKonrads · · Score: 3, Insightful

      Isn't this kind of the point? If You can spend 2 hours and have a domain deployment with all the features You need done by a average paid admin, why spend two weeks by a linux guru? IT on a basic level is not something that adds immense value so why spend a lot on it?
      P.S. I love hacking just as the next guy and linux on enteprise is my pet peevee.

      --
      Lone Gunmen crew.
    8. Re:Large scale Apple managed LAN? by Cyberax · · Score: 3, Insightful

      "Egh, Active Directory is just LDAP with Kerberos and some proprietary crap thrown on top to make in hard to interoperate with other OS's."

      Yep, and Linux is just a couple of C files, written by underpaid engineers in their spare time.

      ActiveDirectory is much more than 'just LDAP with Kerberos'. It has nice management tools and integrates with almost all Microsoft applications. And most important: it actually works just fine. And you can easily interoperate with AD because using simple LDAP.

      I've tried to make a replacement for AD in Linux network. Even after spending a week I was not completely successful. For example, I still have no idea how to make offline logins using cached credentials. Or how to integrate Kerberos authentication and IPSec.

  2. Re:Macs by Anonymous Coward · · Score: 4, Insightful

    Guess what? It would be you, not the Macs. I'd have fired you for wasting the time needed to tear a display apart instead of sending it to the manufacturer to be repaired.

  3. Re:Macs by Brian+Gordon · · Score: 3, Insightful

    Taking it apart yourself is worse than paying somebody else $400/hr to take it apart for you?

  4. Re:Have you looked at the features.. by molarmass192 · · Score: 3, Insightful

    Spoken like someone who's obviously never seen, much less used, OS X Server. OS X server is built around standards based enterprise tools like Apache, LDAP, CalDAV, and IMAP. You know, ISP grade stuff like this:
    http://www.apple.com/server/macosx/specs.html

    What standards is your Windows Server / gaming platform, based on?

    --

    Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
  5. Re:Have you looked at the features.. by GigsVT · · Score: 5, Insightful

    We have an OS X server.

    It really does suck.

    It's kind of like a crippled BSD server with weird management utilities and a lot of buggy modified utilities.

    You might as well just use a normal Linux server, since all the same daemons are available, and much easier to manage.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  6. Re:Have you looked at the features.. by raddan · · Score: 5, Insightful

    The only problem with Mac OS X Server (and this is speaking from 10.3-10.4 experience; maybe 10.6 server is better) is that if Apple's grand vision for your network doesn't fit your own vision, then Mac OS X Server is next to useless. The problem is that Apple has preconfigured a number of built-in services, and changing them causes major headaches.

    For instance, in 10.4, any change to the GUI would overwrite your /etc/smb.conf. What's worse is that Apple often runs old versions of this software. If, say, you want to go out and run the latest Samba, nothing is stopping you, but expect parts of Apple's system to break. Sure, I admit, lots of people go this route and have many workarounds for Apple's stuff, but for us, we figured: if we're going to do all this work to circumvent Apple's packaged stuff, why not just run Linux? So that's what we run on our backend now. We even run Netatalk, which has to be the simplest daemon I've ever configured-- it basically worked with PAM+winbind right out of the box, and so we're able to authenticate our AFP clients against AD, too.

    If you're a very small shop, and you want a simple drop-in fileserver, Mac OS X will probably work for you. If you want a simple Open Directory, and don't have an existing directory system, Mac OS X will probably work for you. But get any more complex than that and you might as well use something else.

  7. Re:Have you looked at the features.. by torkus · · Score: 4, Insightful

    Sorry but no.

    Based on your anecdotal example...bla bla bla. Buy you readily say you're buying sub-par equipment. So i'm not sure how you can compare "good" equipment. If i bought a $300 clearance PC and compared it to a $800 enterprise-class PC i'm sure i'd see more failures in the cheapy one.

    Moving on...to the smaller end of 'large' business - 2500 users and ~4000 computers in my enterprise. Similarly configured Macs cost us about twice what a PC does. Apple doesn't give on hardware unless you're buying them by the truck load and even then it's not nearly as much as other large suppliers.

    Go negotiate pricing with 7-figure yearly spending and Dell, HP, etc. will give a LOT more than Apple. Yes, Macs are pretty but we're talking about enterprise. Pretty takes a back seat.

    --
    You can get rich if you own a politician, but you have to be rich to buy one in the first place.