Apple and the enterprise: A complicated relationship

It's been one step forward, two steps back over the past 15 years for Apple and enterprise customers

1 2 3 4 Page 4
Page 4 of 4

Mountain Lion Server streamlined management further by removing Server Admin completely and building any functionality left in the Lion Server version of Server Admin into a more robust version of the Server app. Mountain Lion Server still supports Open Directory as an enterprise identity server -- it is a required service option when hosting some services like Profile Manager. The overall message, however, is clear: OS X Server is no longer destined for the enterprise data center.

Apple's light-handed approach to enterprise integration

With Lion and Mountain Lion, Apple began to bring iOS technologies and features to the Mac. There are a number of very visible examples of this cross pollination: full screen apps, integration with Apple's push notification service and Notification Center, multi-touch gestures, the Mac App Store, deep integration with Twitter and Facebook, and Game Center. A far less visible change was support for iOS-style configuration profiles, which Apple introduced in Lion alongside Profile Manager, a basic mobile device management service included with Lion and Mountain Lion Server.

Although Lion supported configuration profiles, their capabilities weren't as robust as in iOS and they didn't offer much in the way of enterprise identity or user account management. What they did offer was the ability to manage a range of settings and restrictions for individual Macs. They could be used to streamline the setup of multiple Macs using the new Profile Manager service, a third-party product, or by simply installing them manually. That last process is simple: opening the profile on a target Mac installs it and adds a System Preferences icon for managing it.

In Mountain Lion, the capabilities of configuration profiles expanded significantly. They gained the ability to manage virtually every facet of OS X or installed applications. The new abilities matched all of the options available through Open Directory and support for enterprise identities and user accounts, but in a much more lightweight fashion.

The complete move to configuration profiles, which consist of XML data, gave systems administrators the option for managing the OS X user experience without needing any complex relationship to an enterprise directory service. In effect, it separated Mac management from identity management and authentication. Just configure a basic connection to Active Directory using Apple's AD plug-in to support authentication of Active Directory users and then deploy configuration profiles as a separate step and you're done.

Apple extended the Profile Manager service in Mountain Lion Server to support this new management model. The result was an easy-to-use GUI for creating configuration profiles and using them to manage enrolled Macs.

Apple made one more significant change in its shift to configuration profiles as a Mac management solution: it added the the MDM framework introduced in iOS 4. That made it possible for every mobile management vendor that supports iOS management to also support Macs in the same way. As a result, IT pros can now manage Macs using the same tools they use for mobile devices and they can manage a user's enterprise identity with standard Active Directory tools.

Looking forward

Over the past 15 years, Apple has worked, and at times struggled, to figure out the best way to integrate its products into enterprise environments. Perhaps the biggest stumbling block has been how to approach a user's enterprise identity -- how to authenticate users and deliver single sign-on; offer enterprise-grade Mac and iOS management solutions; and deliver a system that avoids placing a burden on enterprise IT. The current model is a good one, but there are improvements needed for both iOS and OS X. Soon, I'll offer a look at how Apple is further integrating enterprise identity support in both iOS 7 and OS X Mavericks and why it will appeal to enterprise and Apple IT professionals.

Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to Faas is also the author of iPhone for Work (Apress, 2009). You can find out more about him at and follow him on Twitter (@ryanfaas).

Copyright © 2013 IDG Communications, Inc.

1 2 3 4 Page 4
Page 4 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon