back to article Sysadmin running a Mac fleet? IBM has just thrown you a lifeline

IBM wants to save Apple sysadmins from wearing out too much shoe leather visiting user desks so it's published its Mac@IBM system provisioning code at GitHub under the GNU Public Licence 3.0. Back in 2015, IBM trumpeted itself as a case study when it deployed 50,000 Apple devices in the first year of the Mac@IBM programme, and …

  1. David Austin

    3551 devices per administrator

    That's an interesting number to have: I'd love to see how that compares to the *nix and Windows "Devices per administrator", both at IBM, and across different companies and sectors.

    1. Anonymous Coward
      Anonymous Coward

      Re: 3551 devices per administrator

      > 3551 devices per administrator

      That's just IBM's way of doing things.

      Co-incidentally, it's also the # of upper level managers for each Employee Who actually does Work (EWW!).

  2. Anonymous Coward
    Anonymous Coward

    We've thrown it on GitHub...

    ... because we're about to fire the main developers. They're nearly 40.

    Dumping this on GitHub is even cheaper than offshoring to India/China/Philippines.

  3. GruntyMcPugh Silver badge

    "with the chance to enable disk encryption"

    Er,... say what?

    When I was Blue, and we had Windows PCs, whole disk encryption was mandatory. When we had to adopt Linux PCs, whole disk encryption was mandatory.

    So, is the story here that Macs are only being issued to 'non-Privileged users'? Even then, some will have access to sensitive information, bids, proposals, financial data etc. That stuff should be encrypted.

    1. Anonymous Coward
      Anonymous Coward

      Re: "with the chance to enable disk encryption"

      Don't panic. As with Linux, whole disk crypto is built in and can be enabled without having to resort to reformatting or the installation of external software - and people don't even have to interrupt their work to wait for the conversion to take place.

      I agree with you that it ought to be a default, though. In the case of Macbooks there is an extra reason for it: it makes theft pretty pointless other than as a denial of service exercise. Caveat: it requires the device to be fully shut down, though. As with most crypto file systems, "suspend" leaves the file system accessible.

      1. Fuzz

        Re: "with the chance to enable disk encryption"

        "As with Linux, whole disk crypto is built in and can be enabled without having to resort to reformatting or the installation of external software - and people don't even have to interrupt their work to wait for the conversion to take place."

        As with Windows too, Bitlocker has been doing this since Vista. However unlike with Windows, on a Mac it is impossible to connect to a wifi network at the logon screen when you have encryption enabled. So forget logging into a directory account on a macbook with full disk encryption enabled.

        1. doublelayer

          Re: "with the chance to enable disk encryption"

          I think that just means that security policies, including disk encryption, can be turned on automatically when the machine reboots after setup. Otherwise, you would have to do another thing to set it up either manually or with another reboot.

          1. GruntyMcPugh Silver badge

            Re: "with the chance to enable disk encryption"

            @doublelayer: "including disk encryption, can be turned on automatically"

            Let's go with your interpretation,,,, I read it like the users could choose, and that wouldn't be ideal.

  4. HaakonKL

    Imagine that. IBM out to fix Apple and make it more streamlined and user friendly. I am more and more certain that the world stopped existing sometime after CERN started to mess with things mere mortals should steer well clear of, and we've been living in purgatory ever since.

    Nothing makes sense anymore.

    1. Antonius_Prime
      Angel

      RE: Imagine that.

      I'm more and more convinced it was Bowie holding the universe together.

      1. DonnieD
        Alien

        Re: RE: Imagine that.

        He still is, only took a different form factor ;)

    2. katrinab Silver badge

      Remember that IBM's computer-making division is now Lenovo, and that IBM used to be known mainly as a computer manufacturer, so the current incarnation isn't really the same company.

      1. DougS Silver badge

        Today's IBM is just back to their roots before they started selling PCs, since they still sell mainframes and minis.

        1. Mark 110 Silver badge

          Wasn't their roots selliing typewriters. Mainframes came a while after iirc.

          1. Orv Silver badge

            I think their biggest pre-mainframe business was selling punch card tabulators, and the cards to go with them. A lot of people don't know this now, but many of the traditional uses for punch cards didn't involve programmable computers at all.

          2. jelabarre59 Silver badge

            Wasn't their roots selliing typewriters. Mainframes came a while after iirc.

            "Business" machines. And interestingly enough, "business" wasn't limited to office equipment in the early days. Back when the Somers NY site was still in use, I did some periodic work there. The cafeteria had on display some of their early equipment, and it was really strange to see a deli meat slicer with an "International Business Machines" logo on it.

  5. andy 103
    Alien

    "makes setting up macOS with Jamf Pro more intuitive for users and easier for IT."

    I don't have any experience with Jamf Pro but if IBM can improve on anything in the sphere of usability it must be a fucking mess to begin with.

    I also can't understand what's in this (as in putting it on GitHub) for IBM, a company that doesn't really understand the phrase "something for nothing". I guess it could be a pat on the back and to make them seem cooperative with companies they've had long rivalry with. Or, they can't be arsed to maintain it anymore and are hoping the community will give them...something for nothing.

    1. Anonymous Coward
      Anonymous Coward

      if IBM can improve on anything in the sphere of usability it must be a fucking mess to begin with.

      Ah, a man with experience. It shows :).

  6. James 51 Silver badge

    The idea is to let users self-provisionpay for their own equipment as far as possible

    1. stephanh Silver badge

      I took actually a look at the GitHub repo, it seems the most pointless "open sourcing" ever.

      First of all, you need the $$$ Jamf Pro to do anything with it. Then the build instructions start thus:

      "Make sure your build targets all have proper signing certificates assigned in the Build Settings/General tab."

      Ok, so *what build tool* would that be, IBM? Code repo has no obvious clues like an Xcode build file.

      1. This post has been deleted by its author

      2. stephanh Silver badge

        xcode

        Correction, there is an .xcodeproj file in "enrollment" subdir.

        So at least we can build it.

  7. steviebuk Silver badge

    So...

    ...this is where all IBMs money has gone. With Apple fighting the Right To Repair bill in the US (lets hope they lose) how does IBM go about fixing their Apple kit that is out of warranty?

    As according to Apple you're not allow their schematics and you're not allowed to buy branded spare parts from anyone. And you're not allowed to send your screen to China and have it reglassed because when it gets to the border, they'll confiscate it claiming it's a knock off as it has an Apple logo on it.

    https://gizmodo.com/right-to-repair-advocate-has-iphone-screens-seized-by-b-1825973376

    1. ColonelClaw

      Re: So...

      Aparently the move to Mac has saved them money. In Slashdot's coverage of this story they quote an IBM person thusly: "IBM is saving a minimum of $265 (up to $535 depending on model) per Mac compared to a PC, over a 4-year lifespan. While the upfront workstation investment is lower for PCs, the residual value for Mac is higher The program's success has improved IBM's ability to attract and retain top talent -- a key advantage in today's competitive market."

      Link here: https://news.slashdot.org/story/18/10/23/2052227/ibm-open-sources-macibm-code

      If that's true, then that strikes me as one of the more interesting details of this story.

      1. Anonymous Coward
        Anonymous Coward

        Re: So...

        Well, I was lucky enough to score a Mac before Corporate switched to Dell. To date, I have refused two upgrade cycles (and hope to retire before it dies).

      2. GruntyMcPugh Silver badge

        Re: So...

        @ColonelClaw

        I guess we'll see in a couple of years when IBM start selling refurbed Macs, whether the residual value numbers stack up. I'd have written off a PC as valueless after four years, but some residual value in a Mac, and resale will mean disk wiping, and refurbishment, .... we'll see if that process is economically viable on such a scale, ~34k laptops a year. Unless IBM are going to offer them to staff at EOL, and get each staff member to wipe their own?

        1. Orv Silver badge

          Re: So...

          One difference is with a Mac, the cost of the OS is included. This means a company surplusing some Macs can resell a working system, unlike with Windows where they have to remove all volume-licensed software. Working machines probably sell for a fair bit more than ones with no OS.

        2. Justin Clift

          Re: So...

          > ... but some residual value in a Mac, and resale will mean disk wiping, and refurbishment, ...

          It'll be interesting to see if the "glued in" approach to disks means the whole Mac mac will need shredding for data security.

          If the storage really can't be practically replaced, anyone using Mac's in (at least) reasonably secure environments isn't going to find much resale value in them.

      3. Anonymous Coward
        Anonymous Coward

        Re: So...

        Aparently the move to Mac has saved them money. In Slashdot's coverage of this story they quote an IBM person thusly: "IBM is saving a minimum of $265 (up to $535 depending on model) per Mac compared to a PC, over a 4-year lifespan. While the upfront workstation investment is lower for PCs, the residual value for Mac is higher The program's success has improved IBM's ability to attract and retain top talent -- a key advantage in today's competitive market."

        What matters for us is more the vast amount of time not wasted on waiting for machines to update and restart, and the general speedup due to better application usability. To preserve usability, we generally avoid anything made by MS (which is again a cost saver), but that gain could potentially be neutralised by IBM's involvement :). Add to that that software is generally cheaper and doesn't come with built-in licence management failure risk and it was a no-brainer.

    2. Gene Cash Silver badge

      Re: So...

      > you're not allowed to send your screen to China and have it reglassed because when it gets to the border, they'll confiscate it claiming it's a knock off as it has an Apple logo on it.

      Not just screens, but batteries as well:

      https://appleinsider.com/articles/18/10/19/apple-repair-policy-critic-vows-to-fight-counterfeit-battery-seizure-by-us-customs

      1. DougS Silver badge

        Re: So...

        Just because there's an Apple logo on something doesn't mean it isn't counterfeit. In fact if it is its the worst kind of counterfeit, because it will be sold at a higher price as a "genuine part" when it is nothing of the sort.

        Surely the burning Note 7 issues should have told everyone all they need to know about the importance of batteries that meet the proper specs.

  8. Anonymous Coward
    Anonymous Coward

    IBM has just thrown you a lifeline

    That sentence definitely uses English words, but the content makes no sense whatsoever.

    1. Waseem Alkurdi

      Re: IBM has just thrown you a lifeline

      Also known as a sophistry (a sentence that makes perfect grammatical sense but has no meaning).

  9. JLV Silver badge
    Black Helicopters

    Isn't Apple's lacklustre support for enterprise fleet management a welcome relief for MS at this time? I remember, among other things, big holes in macOS' LDAP configuration security.

    Anything that gets Apple more credible for big businesses should be a big worry @ Redmond. And, if it were to gain traction, it would be a big new market for Apple, all at MS's expense. It's also a small step writing and managing non-GUI Posix code for macOS and and Linux. And IBM announced some biz apps for iPads a while back too.

    Windows 8 and 10 have eroded goodwill. Consumers mock it. MS can't afford complacency wrt corporate customers if credible desktop competitors arrive.

    1. DougS Silver badge

      Apple doesn't really care about enterprise customers - at least they don't deliberately target them as customers. IBM wants to expand their services, and providing service that allows companies to use Apple products is a niche no one else is filling. Anyone can do that for Windows PCs since Microsoft provides all the tools.

      IBM is trying to encourage Apple adoption by making some of their tools public which will be good enough for small companies, but they will keep some of it to themselves so they are the go to for any large organizations that want to take the plunge.

    2. GruntyMcPugh Silver badge

      @JLV Apple could have worked on integrating their OS into Active Directory, to slip into the corporate fleet, it would be nice if we had .admx files for it so we could admin the 0.4% of the devices in our AD that run MacOS. Maybe if we could apply policy, we'd let peeps buy more Macs,....

  10. JLV Silver badge

    >Apple doesn't really care about enterprise customers - at least they don't deliberately target them

    Agreed. However Apple has a 1$T market cap to look after. Unless it wants to be “tacky” and “old-economy” and issue dividends, it has to keep finding new markets.

    Making cars is an expected move, and it would take off pressure, because of the scale. But it’s not easy.

    Except for that, they’ve stuck their fingers in about all the usual suspects wrt to consumer gadgets.

    This gradual disaffection w Windows is opening up a massive opportunity for whoever manages to take advantage of it.

    Extrapolating the future from the past is not necessarily wrong but is hardly foolproof.

    1. DougS Silver badge

      Why provide the enterprise support themselves when IBM is willing to do it? Its a perfect symbiotic relationship, Apple sells the hardware IBM could never hope to design, and IBM provides the decades of enterprise IT support experience that Apple could never hope to match.

      Selling hardware is a relatively high margin business. Selling enterprise support is a low margin business, and you don't get to be a trillion dollar company by entering new low margin markets.

      1. stephanh Silver badge

        Apple itself doesn't seem very interested in macos and Macs lately. As a result their market share has also slipped. It's iOS where the money is.

        Mac enthousiasts pray for some relief on the 30 October event. I suppose this would be a good time to snatch some market share from Windows, if they can show something compelling.

        1. DougS Silver badge

          There's a good chance the Macs they announce will be the last of their kind with x86 CPUs. The long awaited Mac Pro next year may be the last x86 Mac ever shipped. The A12 is on par with all but the fastest x86 CPUs, and the A13 or A14 (let alone one purpose designed for laptops/desktops) could seamlessly slot into Macs.

          Fat binaries, dynamic translation would take care of all the OS X side issues, the only worry would be Windows. Microsoft kinda/sorta supports ARM64 Windows again, which includes x86->ARM translation, but who knows how long that will continue?

          1. JaimieV

            The A12 is not "on a par with all but the fastest X86 CPUs". It's slightly faster than some i3 chips. What it does is compute far more efficiently in both power and cycles, with the A12 benchmarking pretty evenly against an i3-7350 - which is a 130W TDP package and can boost all the way up to 4.2GHz.

            Check out the positions on the Geekbench graph at https://weborus.com/apple-a12-bionic-intel-processors/

            Pretty much all i5/i7/i9 chips are faster than that, with the top end being about five times faster than the A12. And beyond that, there are no A-series equivalents to an 18 core Xeon W in ECC support, RAM quantity, number of PCIe lanes - there's more to being a Xeon than cores. The iMac Pro and future Mac Pro won't be ARM.

            Yet.

            All that said, the A12 kicks the crap out of the Intel Core m3 CPU powering the low end 12" MacBook. Look for A-series chips there next. I'll be only mildly surprised if they pull an A-series Mac out next week.

            1. DougS Silver badge

              Check out the Anandtech review which includes SPEC2006 results, which is a far more respected benchmark than Geekbench. Its comparable to a midrange i5/i7 - probably beats the CPUs in everything that Apple will replace on the 30th.

    2. Anonymous Coward
      Anonymous Coward

      Agreed. However Apple has a 1$T market cap to look after. Unless it wants to be “tacky” and “old-economy” and issue dividends, it has to keep finding new markets.

      Making cars is an expected move, and it would take off pressure, because of the scale. But it’s not easy.

      Maybe that's why IBM is pushing the whole Apple/Mac in the Enterprise thing. They're making themselves look like a good acquisition target for Apple. I expect Apple could buy IBM for pocket change even now, the only question being why would they WANT to?

      1. TVU Silver badge

        "Maybe that's why IBM is pushing the whole Apple/Mac in the Enterprise thing. They're making themselves look like a good acquisition target for Apple. I expect Apple could buy IBM for pocket change even now, the only question being why would they WANT to?"

        It's a great pity that Apple itself appears to have completely abandoned the whole Apple/Mac Enterprise thing so it is now left to third party solutions, such as those from Jamf Pro, IBM, etc. to manage Apple devices in the enterprise sector.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019