Will OS X Lion roar in the enterprise?

Despite changes to Apple's new OS, deployments need not be problematic

1 2 3 4 5 Page 3
Page 3 of 5

Smart card support is now deprecated

Apple has always been big on supporting functions needed by government agencies such as the U.S. Department of Defense in OS X. The use of smart cards as a two-factor form of authentication is particularly big in these sectors, and OS X has supported the technology for more than a decade.

Lion still allows this technology to be used, but deprecates its support. It seems clear that enterprises requiring smart cards will need to rely on third-party companies like Thursby and Centrify (both of which offer support in their AD-related products).

Third-party accounts now standard

One of the areas where Apple has practically picked up an iOS screen and plopped it wholesale into Lion is in the Mail, Contacts & Calendars pane in System Preferences. This makes it easy for users to configure third-party accounts available from a range of providers including Apple (MobileMe/iCloud), Google, Yahoo and AOL, as well as Exchange, IMAP/POP, CalDAV, CardDAL, and LDAP accounts.

Mail accounts pref pane

The Mail, Contacts & Calendars pane in System Preferences makes it easy for users to configure third-party accounts. (See full visual tour.)

As users configure each account, they can add support for the email, contacts, calendar and chat features offered by each provider. Lion automatically configures the accounts in the appropriate client applications.

While it doesn't introduce capabilities that weren't already available in earlier versions of OS X, it does offer one-stop shopping for the services -- some of which organizations might prefer users avoid for security issues. Software , the best option is to disallow access to this preference pane using client management or disallow access to the associated applications.

Apple ratchets up security

Apple has always had some under-the-hood security features in OS X. Technologies such as file quarantine and code signing in Leopard and Snow Leopard allowed the operating system to warn users about apps downloaded from the Internet and verify that the apps hadn't been modified in the background. Apple has beefed up security in Lion with built-in malware detection, true application sandboxing and address space layout randomization.

Beyond those advances, Lion introduces File Vault 2, an extension to the existing file encryption capabilities of earlier releases. Past OS X versions allowed users to encrypt the contents of their home folders using FileVault, which stored user home directories as encrypted disk images.

File Vault 2 adds whole-disk encryption for boot and non-boot volumes, and has a lot of potential for securing mobile Macs. It relies on standard AES 128- or 256-bit encryption. Alone, that isn't particularly impressive, but when tied with Apple's new Profile Manager or Apple's forthcoming iCloud service, it becomes possible to remotely wipe the encryption key from a lost or stolen Mac with a single push notification. That effectively prevents someone from decrypting data stored on the device. It's particularly useful given the bring-your-own-device policies companies are increasingly adopting.

File Vault 2 pref pane

File Vault 2 adds whole-disk encryption for boot and non-boot volumes. (See full visual tour.)

A new client management option

Client management has always been a component of OS X. Apple's existing Managed Preferences architecture (often abbreviated as MCX) allows administrators to use OS X Server, Active Directory with Apple-specific schema extensions, or third-party tools to restrict access to virtually any application, command or system component. It's also been used to pre-configure any portion of the OS X user interface or settings for any application that follows Apple's development guidelines.

While Apple continues to support all the existing OS X client management options in Lion, the company has introduced a new feature in Lion Server known as Profile Manager. Profile Manager is an extension of the iPhone Configuration Utility and iOS configuration profiles from past OS X releases and is a complete iOS-specific mobile device management tool. (It comes at a fraction of the cost of broader options on the market.)

1 2 3 4 5 Page 3
Page 3 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon