Posted on 12-14-2014 03:06 AM
I manage a predominately Mac environment using network Home Directories in a one to many school environment. Running Mavericks Servers and Mavericks clients (happy to upgrade to Yosemite if there are clear advantages). I have to integrate our school with our Education Area's Active Directory database for authentication. Will manage client profiles and preferences on site using Casper.
What is the prevailing wisdom on the best way forward?
1. Bind Mac servers and clients directly to Active Directory service
Or
2. Set up a 'Magic Triangle' where Mac servers are bound to AD and clients are bound to both OD and AD?
Any views or advice about the advantage and disadvantages of either method greatly appreciated.
Steve
Posted on 12-14-2014 08:03 AM
No need to include OD if you're planning to use Casper for management.
The Magic Triangle approach uses one directory service for Mac authentication and another directory service for Mac management only because the first (Active Directory) usually doesn't offer management capabilities. In your case, Casper is effectively the third angle of your Magic Triangle.
I suggest binding your OS X servers to Active Directory but that's only for authentication purposes and unrelated to any management.
Posted on 12-14-2014 01:09 PM
As the Moose has said, OD seems pretty much unneccesary these days. Bind directly to AD for access and authentication and pretty much everything else is taken care of by Casper.
Posted on 12-14-2014 02:19 PM
Thanks Guys. your advice is much appreciated.
Posted on 12-15-2014 10:32 AM
Apple doesn't even talk about the magic triangle anymore and they discourage it. They're all about MDM now.
Posted on 12-16-2014 04:28 AM
at my last role we used the Magic Triangle, but in my current role we deploy MCX & Profiles via the JSS only.
The nice thing about using the JSS for these is that it affords you greater flexibility as you can scope via Smart Groups.
Posted on 12-16-2014 07:44 AM
+1 on no OD. No reason for it anymore. I haven't touched an OD in years now, Casper handles everything as far as client management goes. MDM for the win!
Posted on 12-16-2014 08:22 AM
Same from me, golden triangles, cylinders of destiny (no I'm not making that one up!) Workgroup Manager and managed preferences were really 10.6 and earlier. Config profiles, handled perfectly well with Casper, are Apple's preferred way these days.