Apple Macs are ready for the enterprise. Unsurprisingly, they can already be found in organisations of all sizes. The five sigma announcement by CERN of the Higgs boson bordered on an Apple advertisement. IBM has more than 10,000 Macbooks deployed. My own SME clients have heterogeneous networks, some are even Mac only. With so …
"A lot of legacy software is still Windows-only, and there remain today developers who don't make their software cross-platform"
The fact that something isn't Windows-only doesn't make it 'legacy', it probably means that there was no sensible business case for making Mac or Linux versions.
Trevor did not say that software being cross-platform "makes" it legacy. He did not suggest any correlation between the two further than the fact that there is a considerable volume of software that happens to be old (legacy) that also happens to be Windows-only.
The fact that the two domains overlap on a Venn diagram does not necessarily imply that there is a link of causation.
It's like saying that there are a large number of cats who like milk, therefore if you like milk you MUST be a cat - this is a fallacy.
I have a feeling you said exactly the opposite of what you meant (due to your ill-advised use of a double negative), but even the inverse of your statement makes no sense.
The age of and the number of platforms supported by any software are largely independent attributes.
For organisations who have moved from Windows to Mac, yes, Windows-only *is* legacy, regardless of the business case that the vendor may or may not have made.
The only reason why *I* still have Windows in my environment (in a VM) is because of my media indexing and accountancy software packages, for which, as you so beautifully point out, there was no viable business case for specific Mac versions (and the accountancy vendor has made that very clear by saying that they will not create a UK-specific version until there is a market for it, and there won't be a cross-migration path from the Windows version to Mac). That does not mean it's legacy, but for me effectively it is.
But legacy does not necessarily mean it is a bad thing. The Windows VM has come in handy several times recently. But the word legacy means "something handed on by a predecessor". The predecessor in this case is Windows. :-)
I can't much comment on the rest, but I will say that re: Time Machine, it's great until for no obvious reason the bloody thing starts dicking around. I've had people using Lion and Mountain Lion find their systems crash hard due to Time Machine, with no obvious fix in sight (with Apple Support's responses being of the helpful "Have you done a PRAM reset? Have you reinstalled? Have you tried another drive? Because despite Time-Machine-related OS updates it's not possible that it could be our side that's b0rked" variety).
The fact that software distribution to OS X is easier with KACE than with native OS X utilities is pretty bad.
But the big, BIG one for enterprise support that you've glossed over is hardware support. If you buy Apple portables, the best support you'll get on the hardware is collect-and-return with a 1-week turnaround (if you're lucky and you fall within the catchment area) or you can waste someone's time taking it to the Apple Store. Only their much-maligned desktops get on-site service.
The above, for me, are the problems. Some of my users want them, but I make damn sure they understand these issues before I let them buy one, and when they have an (increasingly likely) hardware issue the shine starts to wear off of their iShinies....
I think it's pretty good for individual files, but I've had a bad time using it to image a replaced (identical) machine from a Time Machine backup. It took many hours before crashing, and it was far easier to reconfigure the machine by hand, and then sync documents back down from Unison (as I used then; now from my owncloud repository).
As a tool for backing up / restoring an entire system, my experience has been that it is unreliable.
To be fair, KACE makes software distribution really easy on Windows and Linux, too. I loved the KACE I got to use in my last job.
Oh, don't get me wrong - what I was getting at is more that software distribution to OS X via KACE is easier as far as I can tell than any native Apple setup, which is a bit of a fail on Apple's part. I kind of dread the notion of working without a KACE setup now, and we've only had ours for a year or so.
I'll admit, I'm biased because I was already spending a bit of time putting together self-extracting silent installation packages for the Windows stuff we use in my department (which you need to do for KACE to be useful on Windows) and that's not necessarily straightforward, but the OS X equivalent for silent installs is at least as tedious as on Windows and apparently less usefully documented.
There are third-party Apple resellers who offer a pretty good support service. An iMac that went titsup in our office was fixed by calling the reseller who sent an engineer around within a couple of hours and fixed it on-site.
Personally I'd prefer to deal with a reseller. A bit more personal. Given that there's no Apple discounts available (re-firb & academic stores aside), there's no reasons for not using them in a business context.
Support agreement with Apple?
I'd have thought that the "harder to fix" nature of the more modern Macs made them more challenging in a corporate environment? With my work Dell machine, when the hard drive dies, it's trivial to pop it out and put in another — if the SSD on my Air were to die, I'm not sure there would be a huge amount I could do without Apple's assistance? Having a stack of spare machines may be a workaround, to give time to get the borked machine to Apple, but keeping a stack of hard drives on hand seems easier and cheaper?
(Purely a guess on my part, based on being a Windows user at work, and a Linux/Mac/BSD user at home.)
RDP client is free from MS
"straight up RDP will do; Microsoft offers a client with its Office suite"
Actually it's a free download - no MS purchase reqd.
Linking RDP clients with Office was a bit nonsensical.
Re: RDP client is free from MS
And it's a bit cack. Irritating that you can't pass over the winkey to the host. Having said that, I use it all the time as I've found it the best of the bunch; CoRD just doesn't hack it.
Macs and fileshares.
If you NAS/fileshare system allows it, enable AFP protocol in addition to CIFS. In my experience, file transfers over Gigabit are about 2~3x faster on AFP than CIFS (Samba).
Re: Macs and fileshares.
One catch with that: most third-party AFP servers are very slow when it comes to indexing files. If you have a large tree of (mostly) static content you're fine, but if you have - like we do - several thousand test case results generated each night, browsing these via AFP on any third-party hardware running Netatalk (which in practice is everything - ReadyNAS, Synology, anything Linux based) is impossible: think minutes to run your first "ls -l". As best as I can tell this is due to AFP requiring every file to have a unique CNID.
If you're in this situation I'd regretfully suggest NFS.
Another top tip, Apples have Bonjour (aka Zerconf) network baked in and this is fantastically useful for managing more than a few machines. Why it's not been embraced wholesale by every SME administrator I don't know, it's lightweight and no need to run local DNS - just "ssh myhostname.local", or advertise your LAN URLs to have them automatically picked up by Safari. Avahi is the LInux package for this.
Re: Macs and fileshares.
Actually, SMB2 is pretty fast - I get about 100MB/s transfer rate on 1 Gb Ethernet (using Windows 7 and Windows 2008 R2). The original SMB protocol is slower - true. Also one should ensure jumbo frames are enabed to take advantage of gigabit networks, especially for large file transfers.
Anyway the "CIFS" name is no longer used by MS. The official protocol name is "SMB". Samba is an SMB implementation for *nix provided by the - ehm - Samba team. Samba supports SMB2 from version 3.6 onwards. Apple droppped Samba due to its new GPLv3 license, and I do not know if the new protocol implementation supports SMB2 already - and how well.
Re: Macs and fileshares.
I wouldn't recommend AFP, I'm sure some corrupt files were caused by using it over Gigabit . (I did read a forum post by someone who'd said they contacted Apple support and it was known issue that AFP can fuck up over Gigabit as the bits are too fast for the NIC or something. Sounds a bit crazy I know so not sure what to make of that, but I do avoid AFP now).
Re: Macs and fileshares.
SMB2 is still slow on OSX 10.8.2.
WIn7 read large iso >60MB/s read, OSX 10.8.2 35MB/s. Writes are ~10MB/s OSX, >60MB/s W7.
Between W2008R2x64 10 Disk raid 6 array to Mac Mini with SSD.
I would try Apple in a call center, hot desk environment if...
if... Apple server created its own active directory style environment and group policy which supported centralised roaming profiles which could work side by side a Microsoft Domain. But until then its a flat out no for me...
It's very clever to switch from a single OS vendor to a single OS+hardware vendor... LOL!
Sure, when you're on Windows you rely on a single OS vendor, and of course is clever to move to a single OS AND hardware vendor (moreover, one that doesn't offer any real server hardware). You'll be forced to buy from Apple only - and that means they can fix the price.
Moreover is very clever to run Windows on a Mac, of course it's cheaper to buy a Mac, Parallel, a Windows license... and try to make it work together. Frankly, if you need a Mac and its software buy a Mac. If you don't, don't spend more money and time trying to get it anyway because of your ego and fashion...
Re: It's very clever to switch from a single OS vendor to a single OS+hardware vendor... LOL!
I'm one of the most stingy and unfashionable people I know and I resisted switching to Mac/OS X for the longest time, but as someone who does a lot of development work with LAMP and Linux servers, OS X is simply a much better OS for doing the kind of work I do.
I've been using a PC as a HTPC because it was cheap, but using Windows for this is so infuriating that I will soon be switching to a Mac Mini. I'm just sick of the task bar becoming visible randomly and not being able to make it go away when it's supposed to be hidden (since I'M WATCHING TV) and I can't set the refresh rate of the graphics card to 24Hz even though it's a mainstream Nvidia card with the latest blessed drivers, so I get annoying judder when I watch DVDs. The computer also frequently wakes up for seemingly no reason to apparently do nothing. Personally I can't wait to be all-Mac and it has absolutely nothing to do with ego or fashion.
Personal client cert authentication to WLAN is not secure - apparently
We have quite a lot of Mac users, and a corporate WLAN which requires the client to have a personal certificate installed in order to authenticate on the WLAN.
We require Mac users to store their certificate in a USB dongle, because - so I'm told - it's too easy to export the certificate from a Mac to anywhere else, and this is not the case for Windows.
I'm only repeating what I've been told; I don't do PC, Windows or Mac support. I'm a network engineer.
Most users hate the dongle, and it's one of the reasons why they don't like to use our corporate WLAN.
If anyone has any useful comments on this matter, I'd be interested in hearing them.
Anonymous because I'm posting this from work.
Re: Anon posting at work
Be careful. The public post is anon but work can find you.
If you log in to your Reg account and visit the 'my posts' page, your anon posts are included. If your work uses connection sniffing or page logging then they can associate your anon posts with your account.
In my last job I couldn't visit that page for about a year.
Linux/Mac - both the same; not enterprise-ready ... but getting there.
In a previous job, almost everyone used Linux. As one of the few people happy with Windows, I ended up becoming the printing bitch, as none of the Linux desktops could connect to our printers.
In this job, we're given a choice between Windows and Mac, and I'm still the printing bitch. We're encouraged not to choose Macs - partly because of the cost, but also because they're currently a nightmare to support / integrate.
Things are getting better - to start with, the Macs couldn't even connect to our wireless network. I'm hoping it's just a transitional thing - choice is a good thing, as long as those choosing are fully informed...
Re: Linux/Mac - both the same; not enterprise-ready ... but getting there.
Both Linux and OSX are used at Google, they don't allow Windows machines at all now.
Google seem to be doing okay.
Re: Linux/Mac - both the same; not enterprise-ready ... but getting there.
I thought Google were supposed to be exclusively using Chrome OS? Or did that one not quite work out?
I just dont get it
Who belongs to this demographic of people of wanting to bring their own very expensive Mac hardware into a corporate environment ?
I have worked in SMEs on and of for 15 years, I now work for a very large corporate structure and never have I heard anyone asking to bring in or use their own material. All of my companies have always supplied everything that is necassary for the employees.
Please enlighten us as to who all of the people are!
Everytime I hear a BYOD arguement I try to imagine who or what is behind the "sales pitch".......
Re: I just dont get it
Me, from time to time — I have not been able to get (yet, perhaps, but I've been waiting for a few months now) video editing software on my work machine, and so just bring in my Mac when I need to do it. I'd prefer that I could do it on my work machine, but it's not a big deal for me to use my own machine — I'm certainly not expecting any technical support for it, nor am I connecting it to the network.
Quite a lot of people in the office are using tablets of various guises (although, frankly, most are iPads) too, which are not corporate issue — I've used mine as a handy library of reference documents since I got one, and it's great to be able to have the legislation and cases, guidance documents and the like to which I refer quite regularly available in a small and searchable form.
What can't be done on any opther machine that can be done on macs? Now't!
So why pander to those who "want a more familar environment"? Any one using a mac has used a windows based PC.
So the only reason left is that they think that they are "cooler". They are not! simple as that.
Tell the plebs to shut it and get on with the work! Done.
Some people really are a HUGE wa*ker!
What can't be done on any opther machine that can be done on macs? Now't!
How about open up a decent Unix command line without having to install cygwin?
Welcome to another episode of bad analogy theatre.
And anyone who has eaten a steak has eaten at McDonalds, so shut up and eat trash.
Just because you have dome something before does not make it the best choice.
While I much prefer supporting a very limited image set (for every different type of machine you add to your network, you add to your costs), "pandering" to that "more familiar environment" is exactly why there are so many offices with entrenched MS systems - that and good marketing on MS's part. It makes sense to use what people already know and are comfortable with to get your organization's work done as it saves real money on training incoming proles. The larger the corporation, the less it makes sense to allow individuality in system builds - at least from the perspective of system management. In other words, a single unique machine takes pretty much the same amount of effort to manage as a thousand identically configured machines, so it's best not to allow the rogue devices.
If the masses use Macs, then it makes some business sense for large corporations to use all Macs for work. Smaller businesses, though, would be just as well off having a hodge-podge, especially if users are going to end up supporting their own machines. Think of it as a mobile home office that happens to end up at the real office.
Again, I would not want to support it, but I can see some reason for it to be going on.
...open up a decent Unix command line without having to install cygwin?
I don't think Time Machine counts as a backup technology worthy of enterprise, particularly as it's usually on a NAS disk which is next to your machine, therefore at just as much risk of theft/fire as the machine itself.
I tend to be of the opinion that if you need to backup a workstation in an enterprise, you're doing it wrong. Enterprise builds should be automatically deployed form a image or automated build script. Obviously this isn't available to small companies, but if you've got client/server infrastructure, you need server based backup. Also, if you need to backup, you need to offsite those backups. There are many serious and less serious backup technologies which will allow client/server backup of a Mac, I'm personally not aware of any Mac specific client/server backup packages, but most major backup contenders also support Mac these days.
Time Machine Caveats
I agree with the above about relying on Time Machine for anything more than simple file based backups for the home user. As Trevor mentioned use Carbon Copy Cloner for more sophisticated and robust imaging/copying. Fantastic piece of software by Mike Bombich, lost count of the number of machines I have imaged/backed up ( and indeed restored ) using it. Never had the slightest problem with it.
hmm not yet
GPOs are not just there to add functionality. Locking down a system is just as important. All these OSX features are fine but to mass roll out 3 rooms of 50 PCs would be a nightmare with MACS. They simply cannot be bolted down as easy as getting a windows PC on the domain and putting it in an OU. That PC will now have IE configured to use the correct proxy for the correct users logging into that PC. Printer redirection will occur according to the OU, mapped drives, shared software, control panel editable options etc
I suppose the network I look after is only small (just shy of 1500 PCs 4000 users) but adding MACS to the system just wouldnt happen. FOG is a fantatsic deployment tool BTW I imagine there is a MAC equivalent.
Re: hmm not yet
Most of that I could easily sort out with something like Kickstart or a private Debian repository and some scripts. Once you have an environment that is script and CLI friendly, it becomes pretty easy to automate things and doing 50 of something is no harder than doing 1 of something.
"cannot be bolted down"?
If MacOS is half as Unixy as fanboys like to claim, then it not being boltable is rather absurd.
People have been managing large Unix networks since before Microsoft products had any sort of networking.
One problem with Time Machine over iSCSI is the iSCSI initiator is not native to OSX. If you have to reinstall your Mac and reload from your TM backup, you are offered the option of doing the restore from the install media, but it won't work if you have your TM volume available over iSCSI. Only direct attach or AFS works AFAIK. Not sure about CIFS
I'm surprised no-one's mentioned OSX Server and Apple Remote Desktop as ways of controlling/ locking down Macs.
I would imagine that's because Apple Remote Desktop is an arseache, as far as I can tell, and what benefits you get from mastering it are limited and therefore not really worth it (when you can instead go and get something like eg KACE which supports similar functionality across multiple OSs).
OS X Server
Because OS X server was shit and is now discontinued.
I know this has been mentioned already but it really is worth mentioning again that this article misses out on one of the biggest problems with Mac in the enterprise; hardware support (or lack thereof).
I oversee a 100% Windows and Linux environment. 100% with the exception of one director, that is.
Not long ago the Macbook Pro of said director suffered an unknown logic board failure. The quickest solution was to fail over to a spare Macbook Air we had around and without going into the details lets just say the whole transition from Pro to Air, waiting for two weeks for Apple to mend the Pro, and then going from the Air back to the Pro was nothing short of a major pain in the arse... and a complete waste of time.
With our Windows and Linux systems however we have varying levels of ON-SITE hardware support (ranging from 24/7 4-Hour response times for upper management to Five-Days-a-Week Office Hour 4-Hour response times for everyone else, at minimum). Even without said support in place most trivial problems are a breeze to fix with a small cache of spare parts lying around.
Furthermore, for emergencies where even a 4-Hour response time is deemed too slow, non-drive related failures are as easy as pulling out the drive from a dead system, putting it into a functional spare, and updating TPM. Most staff however are comfortable with doing something which doesn't involve their computer during the 4-Hour downtime and with our experience thus far spare parts are always delivered via DHL Express within 30-60 minutes of me putting the phone down (and our vendor lets our own in-house staff do the fixing, though an engineer can also come down for trickier replacement procedures more typical with notebooks).
So... until Apple can come up with similar hardware support; thanks, but no thanks.
Don't believe that it will be painless!
Dealing with Macs is a total mess, no matter what you try to use.
I'm afraid I have to administer them inside an educational environment, which is the absolute worst for them, (yes, we have ADmitMac, no, it isn't that impressive) because kids are rotating their use of the machines. You can't redirect the profile the network, because they often deal with giant files over wireless.
So you're left with a horrible mess, and barely working logon scripts, and sometimes, for laughs, the Macs just don't get policies applied to them by Open Directory (have a Mac Mini server). Oh, and once you're past all that, the Mac server crashes now and then for no apparent reason.
I would avoid them like the plague if at all possible.
Beer, because that's what you need after trying to get smooth AD integration going with Macs.
Lets list the ways in which this is a bad idea
1) Cost of hardware. Macs cost significantly more than a PC
Ican buy a Dell for £300. It's nothing special but it will do everything %90 of office workers need to do. Macs cost significantly more. And lets not even talk about support.
2) Cost of support. Supporting multiple OSs, PC types, etc is more expensive
How many people out there have experience running Macs against a windows domain? Go on, raise your hands. Thought so. Finding people who can do this in a credible way that doesn't expose the network to security issues is going to be expensive. Windows support people are plentiful and cheap.
3) Cost of IT time to make business software run on Macs
I've read lots of "ways to get windows software to run" on a mac. All of these require effort, setup and support. There's a massive added cost here in getting people to a position where they can do their job - as well as wasting ITs time helping people getting software to work on incompatible platforms.
Apple has a long history of leaving security holes to linger in their OS before patching them. Their recent issues with the Java runtime was a case in point.
Companies are there to make money. IT is there to help them do this. Giving people equipment that doesn't allow them to do their job and costs significantly more to run and support is idiotic. I completely accept that there are places for Macs in certain roles: graphics design, some creative functions, etc, but if someone says they want to use a Mac to use Word, surf and run the accounting app then they need to be shown the door (as do the idiots pandering to them).