Apple Forcing IT Shops To 'Adapt Or Die'

alphadogg writes "Many IT departments are struggling with Apple's 'take it or leave it' attitude, based on discussions last week at MacIT, which is Macworld|iWorld's companion conference for IT professionals. Much of the questioning following technical presentations wasn't about Apple technology or products. It was about the complexities and confusions of trying to sort out for the enterprise Apple's practices. Those practices include the use of Apple IDs and iTunes accounts, which are designed for individual Mac or iPad or iPhone users, and programs like Apple's Volume Purchase Program, which, according to Apple 'makes it simple to find, buy, and distribute the apps your business needs' and to buy custom, third-party B2B apps."

Re:Apple forcing IT shops to buy elsewhere

[mjwx]

Apple is still a niche player. IT shops can easily buy elsewhere, and bring in policies that lock out employee-owned devices. How is this a good business model for Apple?

Apple is not a player in business and enterprise period and it's far too easy to buy elsewhere.

Apple products get met with one word from my department, unsupported.

When a user complains about not being able to use their Macbook because it cant log into half the systems we use the problem is theirs because the platform is unsupported. Having done mac support before, I'll quit before having to touch another mac. Mac solutions came in three types, 50% of the time it cant be done, 40% of the time it's a hack, 10% the feature was there but so poorly implemented it's still a pain to use let alone administer. Support was a pain, it took those "geniuses" at Apple a week to fix a blown PSU in an Imac, they didn't do collect and return let alone the on site next business day support I got from Dell, Lenovo, IBM and Toshiba. Worse yet are the users, when a virus makes it onto the network, most of the time it came from a Mac user forwarding Adobe_CS3_Crack.exe to someone.

So I have a very long list of reasons why Apple products are on the unsupported list.

Re:Why Apple is good

[LordLimecat]

Let me share my experience with OSX and "how great" it is.

Last summer, as part of some volunteer work I was doing, I was tasked with locking down about 100 user laptops. About 60-70 were Windows based, 1 was Linux, the rest were Apple.

The tasks were to set up full disk encryption (or as close as possible with the host OS), some kind of email encryption, set up the mail client, set up a Cisco (or equivalent) vpn client, and make sure the computers were generally up to snuff (updates and whatnot).

The Windows machines took maybe 3-4 hours each, if that. I spent the better part of a day and hashed together a program that automated 90% of the work, including the installation of many of the programs (through AutoIT scripting), which made most of the process hands-off. There were about a bazillion options for automation, forcing updates, scripted certificate installation, etc. We could have used a WSUS server, if we had desired (though we did not). The various OSes (XP, Vista 32/64, 7 32/64) basically worked the same; though there were some "if {os}=" clauses that had to be used, it was mostly for picking the proper executable (32bit Cisco vpn vs 64 bit).

The Linux machine was of course a PITA, since we did not know ahead of time we would be dealing with it.

Then there were the OSX computers. They were a gigantic PITA. How? Let me list the ways:

1. VPN support was completely inconsistent. There were no options for 10.4; 10.5 had no built in client, but could use Cisco VPN; 10.6 had a built in client and could use the Cisco client; and 10.7 had built in client but could NOT use the cisco client (due to awful 32-bit compatibility). Great, that really simplifies support and training.
2. There is (was) no support for full disk encryption. Truecrypt simply cannot handle that on OSX, and I am not aware of a native solution; we had to use an encrypted container and do a bunch of work to symlink profiles into that container.
3. The new 10.7 introduced "launch on startup" preferences, which means that most of the 10.7 machines we worked on were dog slow-- generally worse or on par with the XP and Vista machines.
4. Importing Certificates gave us issues for some reason. I believe its because of the spotty implementation of whatever the commands were-- I believe some of the commands worked on 10.6, fewer on 10.5, and basically none on 10.4.
5. And generally, most of the things we wanted to do simply couldnt be automated from command line-- system preferences and whatnot. I know there is a command to alter them ("defaults" i think) but there were several things that we had to lock down which it simply couldnt handle, or which required you to know an arcane and completely undocumented path to a preference file. On windows of course, you can google "registry entry for X" and have a well documented article on MSDN and support.microsoft.com

And there were various other quirks which branded OSX in my mind as "decent, with a decent CLI, but vastly overrated"; but the big issues were that the system really wasnt designed to be administered quickly in batches, and the documentation was very often less than stellar. For all the flak Windows gets for its registry, at least every bit of it is documented, and you can find articles out the wazoo about how to automate X on windows.

People talking about the new wave of OSX boxes on corporate networks are either bad admins, way more clever at this kind of thing than I am, or ignorant reporters. It might be a different story if there were a capability (on both the Windows Server, and the OSX client side) to launch logon scripts, and if those scripts could install printers and map network paths; call me when that happens.

Re:Apple forcing IT shops to buy elsewhere

[DrgnDancer]

Um... so define "regulated". Until five months ago I worked for a Federal Government Contractor, held a security clearance, and did work day to day on classified machines. My workplace was piloting the use of iPhones for e-mail and corporate access when I left. Of course you couldn't put classified information on them, but you couldn't put classified information laptops either, so that's not saying much. There's all kinds of rules for what you can and can't do regarding classified, but for unclassified uses, iPhones are likely as common as Blackberries and laptops there now.

My brother works for a hospital. Out side of the government, probably the most regulated industry in the country. He has a work issued iPad. Again, it's not allowed to contain patient information but neither are any other phones or portable devices that leave the hospital. I currently work for an international security company. We use iPhones for e-mail and corporate messaging.

Indeed, the only "regulated" industry that I can't claim at least some insider knowledge of is finance, so maybe that the one you're thinking of... Otherwise "regulated industry" is caving to user desire to use iDevices and Android in the workplace.