Apple and the enterprise: A complicated relationship

It's been one step forward, two steps back over the past 15 years for Apple and enterprise customers

1 2 3 4 Page 2
Page 2 of 4

Open Directory was technically a collection of directory and identity technologies that included NetInfo support, with a connection for legacy NetInfo server as well as for storing local accounts and records as well as an LDAP-based replacement for NetInfo's proprietary data store. In practice, Open Directory became synonymous with Apple's LDAP implementation; as that was integrated with Kerberos, it represented a replacement for NetInfo. In addition to being based on open standards, the Open Directory architecture included support for directory server replication. Even so, it remained a master/slave replication environment that was more like Windows NT's use of a primary server and one or more backup servers than Active Directory.

The scalability advances, which continued to improve in later OS X and OS X Server releases, were only part of the advantage Apple gained by deprecating and eventually discontinuing NetInfo. The other was a move to open standards, including LDAP and Kerberos, the technologies at the foundation of Active Directory. As a result, Apple was able to offer Active Directory integration on Macs running Panther and later releases.

Out of the box the integration was pretty limited. Apple's Active Directory plug-in for Open Directory only mapped three attributes for user account records (username, password, and home directory), but Apple offered three ways to deepen that integration: extend the Active Directory schema to include the new records and attributes used by Open Directory, map the Apple-defined records and attributes to existing but unused Active Directory counterparts, or use what was called the magic triangle. That involved Macs that were joined to the Active Directory domain for enterprise identity and user authentication and to an Open Directory domain for Mac client management.

Apple also allowed third-party companies to produce their own Open Directory plug-ins to support additional directory types like Novell's eDirectory or provide new capabilities when using Active Directory. Centrify, an enterprise identity management developer, was one of the first companies to offer more powerful Active Directory integration. Its Direct Control for Mac, which is still on the market, allows Active Directory admins to manage Macs using group policies stored in Active Directory without modifying the schema. Group Policy options are available for virtually every Mac client and user management option available from Apple.

Leopard changes everything

2007 was a big year for Apple. It introduced the iPhone that summer and it OS X Leopard that fall. Leopard was among the most feature-packed OS X releases to come out of Apple and boasted more than 300 features and improvements. The most notable enterprise identity change in Leopard was that Apple finally phased out NetInfo, which was until then still used for storing local user accounts on Macs.

Leopard Server, on the other hand, included key features that would eventually determine Apple's current place in the enterprise. The first was a new option for joining Macs and Mac servers to an Active Directory domain. To streamline Mac integration with Active Directory, Apple created a new type of Open Directory mechanism known as augmented records. It essentially simplified the magic triangle approach. A user's Active Directory data still managed his or her enterprise identity and authentication, but Leopard Server could automatically include just the Apple-specified records needed for OS X Server services or client management. Everything else was passed to Active Directory.

This streamlined approach was part of a new form of OS X Server setup and administration. For small organizations or Mac-centric workgroups at a large company, Apple introduced simplified management by way of a new tool called Server Preferences. It allowed users with limited technical skills to set up and manage a server running a subset of the most commonly used business services: file and printer sharing, email and chat, websites and wikis, backup and VPN access.

This approach showed that Apple was willing to work with existing enterprise technologies. Specifically, it showed that Apple was happy to leave enterprise identity in the hands of Active Directory. And it marked one of the first instances of Apple marketing an enterprise product, in this case, Leopard Server, directly to users rather than to IT shops. That approach has been viewed as fueling the success of iOS devices -- and the BYOD trend -- in business.

Though it wasn't obvious at the time, Apple was also the beginning to refocus OS X Server as a small business solution rather than an enterprise server OS.

The iPhone before it was enterprise-ready

While Leopard Server was quietly changing Apple's approach to the enterprise, the original iPhone -- clearly not an enterprise product -- was released. A year later, in 2008, Apple began to give the iPhone some enterprise chops. In addition to launching the iPhone 3G and the App Store, which would revolutionize smartphone software development across the board, Apple included two important capabilities in what was then called iPhone OS 2. The first was support for Exchange Active Sync. This allowed access to key Exchange features, including push notifications; the enforcement of a handful of security policies through Exchange; and the ability to remotely wipe lost or stolen iPhones.

1 2 3 4 Page 2
Page 2 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon