If you use iPhones in your business, you probably see a spike in network activity whenever a new version of Apple’s mobile operating system ships. This is a problem when trying to get critical work done. Here are some ideas that may help reduce the load on your internal systems while still enabling your workers to get what they need.
In the background
Does anybody else remember when iOS upgrades almost broke the internet? Back in 2014, people installing iOS 8 caused internet bandwidth to spike in the U.S. and U.K.
You may recall that iOS 8 was a hefty upgrade, weighing in at over 2GB.
Most enterprise networks are used to managing spikes in traffic in this way, but given the iOS upgrades tend to ship in the U.S. morning, international users need to take steps to ensure high-priority traffic — particularly backups — don’t see data quality hammered as network access is constrained — even as iOS 12 ships. What can enterprises do to help prevent this?
Use Apple Configurator
Some enterprises may already be using Apple Configurator to manage their devices. You install this on a Mac and can then use the software to manage several different tasks on iOS devices, including iOS system upgrades.
The advantage of this system is that you can upgrade multiple devices so long as they are all simultaneously connected to your Mac via USB. The more devices you wish to update, the more USB hubs you’ll use.
Launch Configurator and then connect devices using USB, and you will eventually see an image appear for each device in the application. Option-click the image of any device(s) you want to update, and begin the process. Apple Configurator is also an excellent solution to manage iOS updates in families, as it means you don’t have to upgrade each device one at a time.
Here are Apple’s help pages for Configurator.
Use third-party MDM software
There are numerous Mobile Device Management (MDM) systems that may help shoulder the strain of mission-critical software upgrades. Jamf, for example, offers multiple products at multiple tiers that should make it much easier to download any important software and security patches once and make them available to users all across the company.
While this may push your wireless networks to the max, it will at least leave your internet bandwidth unconstrained by multiple users all attempting to download the same code.
Jamf confirmed that it will offer zero-day support to iOS 12 when it ships.
MDM software also has the advantage of enabling IT admin staff to stagger software updates across a company’s fleet of registered devices, delaying these by up to 90 days if necessary.
Use a Mac
Smaller enterprises using Macs as part of their setup may want to make use of a little-known Mac feature that allows you to set your computer up as a local server for any critical software downloads, including iOS upgrades. It’s a feature called content caching, and while it can be an effective way to manage the process, there are a few challenges and it does require some technical skill. It was made available as a standard macOS feature in High Sierra in 2017.
The idea is that once you enable Content Caching on your Mac, it will keep a copy of all the content that local networked devices download. That means the update is installed once and then propagated to other clients on your network, reducing overall bandwidth costs because the requested software comes from the content cache rather than being downloaded again.
It’s not that simple, of course. Different iPhone models request slightly different system update installers, so you may find that you will need to download multiple copies of the software for all the different devices deployed across your company.
You do need to have a certain level of technical skill to use this feature, and it may not be the best alternative. Apple has a highly detailed tech note explaining the feature here. Network admins can also use Terminal to configure more advanced caching settings.
Share the file manually
You can also share the IPSW file (the iOS download) with multiple devices, so long as they are all on the same model (if everyone has an iPhone X, this will work; if they don’t, it won’t). This method uses iTunes and works on both Macs and Windows devices. Here’s a good article describing the process.
Just say no
Some enterprises may feel it’s better to block the update process in order to protect their systems from the initial spike. If that’s the case, then they should set their firewall to block the following packages (according to Cisco):
- mesu.apple.com — Apple's Mobile Asset Software Update service: an XML file that lets devices know an update is available for them.
- appldnld.apple.com — (Optional) Apple's iOS and software repository: Blocking this may not be the best move, as it blocks all downloads.
The advantage of a temporary block is that demand for the software patches is likely to reduce 24 hours after the software ships as employees find other ways to install the software.
Slowing upgrades down
Network admins can also take steps to slow the upgrade process down over their networks. The advantage of this approach is that employees still get to upgrade their devices, but not at the expense of high-priority network traffic. This usually comes to setting a bandwidth limit to clients accessing appldnld.apple.com.
Are you aware of other ways in which enterprise users can manage software installations for Apple devices? Please let me know, and I can update this story.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and get involved with the conversation as we pursue the spirit of the New Model Apple?
Got a story? Please drop me a line via Twitter and let me know. I'd like it if you chose to follow me on Twitter so I can let you know about new articles I publish and reports I find.