Slashdot Mirror
Large-Scale Mac Deployment?
UncleRage writes "I've been asked to research and ultimately recommend a deployment procedure for Macs across a rather large network. I'm not a stranger to OS X; however, the last time I worked on deployment NetRestore was still king of the mountain. Considering the current options, what methodologies do admins adhere to? Given the current selection of tools available, what would you recommend when planning, prototyping, and rolling out a robust, modular deployment scenario? For the record, I'm not asking for a spoon-fed solution; I'm more interested in a discussion concerning the current tools and what may (or may not) have worked for you. There are a lot of options available for modular system deployment... what are your opinions?"
I don't know anything about their deployment procedure, but here at Virginia Tech the Math Emporium has over 500 macs set up for student access. The courses I've had there have been boring, but the actual setup of the place is pretty neat.
And the masses cried out, "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0!"
First we build and test a good image on a machine for a couple of weeks.
Then we either use that image,if it was correct the first time, or build a new one from it if it required touching up.
We use Apple's free Disk Utility which comes free with all macs.
We then get about 10 - 15 firewire drives and copy that image on them. (You have to make sure the drives are bootable, you can actually deploy that same image onto the drive itself.)
Then we line up 10-15 machines and use again the Disk Utility to image them.
Depending on the size of the image, just about the time you have the next 10-15 unboxed and set up (very easy to do since they're all all-in-ones), the first batch is ready.
Works for us, but then again, our schedule is flexible and we can afford a couple of days of leisurely imaging.
Oh, yeah, and if you do have an image you can also work with Apple, they'll preload it on for you.
If you don't know what AltaVista is (was), get off my lawn.
I preemptively beg mods not to bury this comment. We all know that Linux is great on hackers' workstations and on servers and in computing clusters, but not so great as a desktop system for average users.
Well large managed networks is two miles away in the distance on the scale of things Linux is awesome at. Active Directory, Exchange, Terminal Services... Windows really does have a very impressive offering in this area, while Linux stays behind the scenes and rarely faces the user.
We all know that Linux is great on hackers' workstations and on servers and in computing clusters, but not so great as a desktop system for average users.
We do? Well, we're not really talking about Linux here, we're talking about Apple, which is a whole different ball game. But as to your Linux comments, people repeat these anecdotes so many times, they are taken as fact even though there is really not much to back them up. Recent Ubuntu and Red Hat offerings (and to a lessor extent SuSE and Mandriva) prove this tired anecdote to be essentially no longer true. Just because the Über Geeks use Debian, *BSD, or roll their own doesn't mean that's a true representation of the current state of consumer and enterprise desktop Linux.
If you want news from today, you have to come back tomorrow.
The hardware is more reliable than most OEMs unless you got burned by iMac G5s with bad caps, but that wasn't really Apple's fault. A lot of OEMs got hit by those damned caps.
You should have just mailed in the damn Cinema Display. Service providers (at least non-Apple owned providers) can't replace anything on them but the power brick these days. Just mail it in and let the repair depot monkeys figure it out. I would never want to replace an LCD backlight (which isn't exactly a user-accessible part on ANY display) if it could ever be helped.
Egh, Active Directory is just LDAP with Kerberos and some proprietary crap thrown on top to make in hard to interoperate with other OS's. The group policy tree is just a centralized registry management system. So, no you're wrong. It isn't as plug and play, but a LDAP setup with single sign on via kerberos and a puppet system to manage the config files (Linux does not use a registry) thrown together with a custom package repository (the SUS equivalent) and you're good to go.
However, where Microsoft wins out is that that isn't easy to roll out. MS has the marketing and the 5 clicks that lets a "manager / phb" install MS server and call themselves admins. The bottom 2/3rds of the Microsoft install base, at the server level, mostly don't know what they're doing and really don't understand the underlying tech of what AD is. Once you start rolling out large Fortune 500 style install bases you really do need to know your stuff and most admins at this level probably could do a Linux / UNIX / OS X setup of the same scale with a little work and reading. However, the end users / managers don't want this since they've been rather well indoctrinated by the MS marketing team.
Personally, I like to sum this up by stating that with MS it's very easy to turn the key and go from 0-40MPH, but to make it all the way to 60MPH it gets difficult and the hood of your car is welded shut. The Linux's and BSD's of the world make you learn how the engine works first, but once you've got it figured out you still make it to 60MPH before MS does.
2007 Shuttle PC, dead after one year (just out of warantee)
Custom PC tower, 5 years, finally fails to make it past post last week.
2006 Mac Mini - still rocking on.
Most of our corporate machines are towers or standard desktops, internals never upgraded since purchase. A fleet of 2009 minis would be fine for these, and iMacs for reception (or senior managers).
Savings: no AV software, easier deployment of apps and policies, dont require MS Active directory or client CALs to manage them - however, not knowing month to month what hardware is going to come available from Apple would suck. Windows apps could be easily delivered using citrix or teminal server for those that need it.
Ever tried to manage 100 notebooks and backup personal data? Howabout encryption software - finally available with bitlocker if you get Vista Pro or premium - but then system folders encrypted too, a pain to manage. I liek just the encrypted home folders - which can also be mounted from an OS X server - and replicated for laptops.
Also how about common accessories like power adapters for 100 laptops and a single OS image that will work for everything?
If you can break the MS monopoly then there are savings to be made up to a certain scale.
However I will admit managing more than 1000 of these puppies could be challenging and I havent seen much that would help except maybe Zenworks from Novell - but then eDirectory is not cheap, but again savings from requiring fewer people to manage everything and fewer servers required.
For a bulk deployment I'd also look at splitting home off from the boot drive, and have a spare boot image with minimum required apps on every Mac, and script an RSync to keep it fresh from a single image.
I have a DeployStudio installation that supports 1132 laptops, iMac's and G5's, with only one IT member (who, to be fair, outsources any really difficult questions to me). Maintaining that is easy as hell - if a user complains too much about a problem, he tells them to netboot - they can choose which building they are etc. or he will VNC for them. Either way, 1 person scales well with DeployStudio - me, I'm an Apple Certified Systems Administrator, with a strong focus on Deployment, and I will push DeployStudio every time.
Me failed English...
FreeBSD over Linux. If my comments seem odd, this may explain...
Novell solutions pwn Microsoft, sorry to say.
Actually, no they don't. Not by a longshot. The school district I attend (with over 100 schools) uses ZenWorks, NDS, GroupWise, etc. Yes, ZenWorks is extremely powerful, and Novell has good integration. Yes, you can do a lot of cool stuff with it. Novell also happens to make incredibly slow software. Our district can't afford new computers on a standard 5-year cycle (or chooses to blow their money on computers twice as expensive as they need to be yet still with crap specs, but I digress), so many of our machines are 8 yearold Celerons and P4's with 256 or at best 512 MB of RAM. With the blank/minimal XP image on them, they run pretty decently. Not super fast, but quite usable. As soon as the Novell components get added onto the systems, boot times go up astronomically. It often takes more than 60 seconds for the login prompt to appear after the user presses Ctrl+Alt+Del, whereas it happens immediately with the standard windows login. The ZenWorks application launcher also takes a very long time to start up, and the systems are generally far slower once they've bee Novell'd. Novell may have superior designs, but at least with Active Directory the computer actually works.
Sure, and by that measure Windows Server 2003 and Linux 2.4 experience is totally worthless, too.
Apple's stuff may have gotten more pleasant to use, but come on, there haven't been any earth-shaking changes going on from a sysadmin's perspective. Besides, 10.4 Server came out in April of 2005. That's 4 years ago. I think you'll still find it widely deployed in Apple environments.
Fine.
Not a native English speaker, and yet a regular Slashdot reader, an OT question: Why could this be considered funny?
Isn't this kind of the point? If You can spend 2 hours and have a domain deployment with all the features You need done by a average paid admin, why spend two weeks by a linux guru?
I think the previous poster was quite clear it adds a lot of flexibility going forward, especially for large scale deployments. And it's not like you have to personally hire an on staff Linux guru. There are dozens of IT services companies happy to set this up for you and even manage it if you don't want to hire an admin. You don't have to pay any license fees going forward and any modifications you want done to the actual system can be done by multiple contract companies you can make bid on it, instead of just MS, if they feel like it.
I happen to be working right now with a large organization that does have a nicely crafted LDAP setup with single sign-on, across the organization, portable preferences, calendaring, and pretty much everything you get from AD. I'm working with some commercial, some, custom, and some modified commercial tools and all of them work flawlessly with the system because the system is completely under the control of the organization. In my experience that never happens with AD, unless you limit your tools to the subset of commercial offerings that already do it.
IT on a basic level is not something that adds immense value so why spend a lot on it?
IT can have cascading and unpredictable costs going forward, especially when you lock yourself into a single vendor and make all your solutions going forward brittle. What new devices and services do you need to offer in 5 years? What about in 10? Will you need to pay to upgrade? Will there be cost effective devices and service that can't work with AD? Suppose this time next year Google Wave has proven itself to be vastly superior to traditional e-mail and messaging and individuals have begun adopting it left and right bypassing your e-mail and some of those users are people with more clout than IT has. It would be immensely useful to implement Wave servers in your organization for interaction with others and security reasons. Will it work with your AD smoothly or will you be forced to use a Web client for single sign on? Can you integrate the calendaring with Google Wave for online meetings? Are you going to be waiting for MS to think about implementing interoperability or do you have the ability to take bids from a dozen different firms to make it happen?
Apply the above scenario to every device and technology to come out and think about how flexible your solutions are.
By your own admission it *WAS* a hidden cost to Macs. Now that you *CAN* find them 3rd party, you're whining about the past.
Its still a hidden cost, its just less now.
Plus the whole selling argument Apple makes for getting a Mac is to avoid stupid technical hassles. This is a stupid technical hassle that wastes tons of time -- that's a cost too. I can't count how often Mac users have to go scurrying about because they forgot the adapter in their car or office or at home. Nor can I count how often I've huddled around some dimwits 13" or 15" screen to watch a presentation in a conference room with a projector sitting right next to it.
So you're convinced that hanging on to connectors created 10 or more years ago on laptops is a good engineering design call?
They are a good design call until more people than not don't NEED it.
Here's some light reading on the topic for ya.
I have nothing against displayport. I have nothing against the progress it represents. You seem to think I somehow dislike displayport or progress in general. That couldn't be further from the truth. All 3 monitors on my desk are hooked up via DVI. And my newest one supports both displayport and hdmi as well, so it should be forward compatible with my next video card too.
But it ALSO has a VGA port, which has proven useful on many occasions. And its good to have that legacy option, because despite the fact that its 'obsolete' its still MASSIVELY IN USE. And that's on a stationery device that never goes anywhere, where having an adapter or two isn't actually inconvenient, nor apt to be left behind or misplaced. Virtually all monitors and projectors you encounter right now take VGA and will have a VGA cable hanging off them ready to plug into your laptop... so yes that is the most sensible port to put on the laptop.
If they want to add displayport too, that's awesome.
Oh yeah, that article ends with three or four advertisements for places that sell cables... cheaper than Apple's.
Glad to see you are coming around to my original argument then. That Apple grossly overcharges for them.