Jamf Nation Community

jafuller · ‎08-16-2010

With the ability to recon iPhones, will this same functionality work with iPads?

"Fix your eyes forward on what you can do, not back on what you cannot change." - Tom Clancy

Report Inappropriate Content · ‎08-16-2010

Yes, it seems to be working fine. I ran the Recon tool for iPhone on my iPads, and the info pops right up in the JSS.
-- John DeTroye Email: johnd at apple.com
Sr. Consulting Engineer Systems Management Specialist
Edu IT resources - http://www.apple.com/education/resources/information-technology.html

jafuller · ‎08-17-2010

Is it possible to inventory these devices and configure them "over the air"? It appears this is a high-touch configuration of these devices.

James Fuller | Technology Application Services | V: 206.318.7153

Report Inappropriate Content · ‎08-17-2010

We are working on just this. I have setup a configuration file using Apple iPhone config utility, then hosted on a web server, and also uploaded it to our JSS. Once the client downloads the Recon Mobile app then it can be setup to talk to the JSS, and under the config section I see the config file I uploaded to the JSS. We have had two issues so far. 1. The iPad name can not contain an ‘s. Example toms ipad = OK, tom’s ipad =Not OK. The ‘ will not let the device register with recon mobile. 2. If you upload an iPhone config file, and plan to use it, The config file made with the iPhone config utility can not be exported as signed. It errors out. Bugs have been filed with Jamf for these. What we do is we make sure the name of the device has no ‘s in it, and the config file was exported again as unsigned, mind you we are only testing at this point and will wait for the fix before we deploy the config files full scalle.

Sean

tlarkin · ‎12-01-2010

So apparently we just got 300 iPads....and I am being asked to look at how we can manage them.

What is everyone doing, please feel free to give any and all advice and suggestions.

Thanks,

Tom

golbiga · ‎12-01-2010

There will be the MDM (Mobile Device Management) integrated with Casper 8.0.

Eyoung · ‎12-01-2010

Apple's iPhone configuration works with any iOS device. It is available through the developer site. Hopefully fill the gap until JAMF saves the day.

tlarkin · ‎12-01-2010

OK I am downloading it now anyone upgrade yet? Will I have to push out a whole new copy of self service again????

Thanks,

Tom

Janowski · ‎12-01-2010

a part of our business is playing "red light, green light" with iPads and other mobile devices right now as well. I half expect to walk in one day and be in a similar position >.<
Without assuming any prior knowledge, I'd start by talking about the iPhone Configuration Utility. This is a free tool you can download from Apple. It lets you create profiles for iPhones and iPads. You can enforce certain things like screen locks, enter VPN info up front, etc. I believe you can tell it to always enforce this profile as well (so users can't decide they don't want a screen lock and disable it).

There are 3 ways to deploy these profiles. You can email them to an exisiting mail setup on the device and install from there. You can post it on a webpage, navigate to the page and install from there, or you can deploy via iTunes, I believe. If you enable the iphone logging in your JSS, doing it through iTunes on a managed machine could be sweet, cuz while you apply the profile you can recon the machine and get an entry of the ipad in your JSS.

There is also a Recon mobile app that works well, in my experience :)

That only takes you so far though. Profiles are pretty light weight, imo. We keep hearing about "better enterprise support" for these things, but I haven't seen anything come through from Apple.

For heavy duty management, you might wanna look at software like MobileIron down the road... or as i just read from the first response to this thread, sounds like Casper 8 could be an option too.

Hope that helps!

ben janowski
Senior Macintosh Support Technician
Kohl's Mac Support Team
262.703.1396 | benjamin.janowski at kohls.com

tlarkin · ‎12-01-2010

Yeah these are purchased and apparently here in someone's office. I just got asked about 20 minutes ago to start prepping them and they haven't even dropped one off to me yet to play with it to see what I can do.

I want to upgrade to 8.0 but I am weary about it. Will I have to push out a brand new copy of Self Service to every client? That is, well, a bit dis concerning as I think it will probably make self service not work for a week while the clients get updated. Then I will need three days to recompile all the images with the new version.

Anyone want to give me their experience while upgrading to version 8?

golbiga · ‎12-01-2010

As far as I know 8 isn't out yet. It's only been officially announced.

For now you could use the iphone config util. We use it here for a few iPads in the clinical areas.

Thanks
Allen

ernstcs · ‎12-01-2010

Didn’t know 8 was officially released yet…perhaps I didn't get that memo yet.

If you upgrade to version 8 you would need to upgrade all your apps to fall in-line…so you'd need to update Self Service.

This is truly a terrible idea, but you could run a separate JSS on version 8 just to deal with MDM if you wanted.

Craig E

tlarkin · ‎12-01-2010

Jamf releases their software in waves so their support staff won't get hammered all at once. I think they will make a statement soon on the new version so just be patient guys.

tlarkin · ‎12-01-2010

Craig you know how I love terrible ideas :)

Report Inappropriate Content · ‎12-01-2010

I received an e-mail this morning with the link to download 8

Download the Casper Suite here

-- Experts claim that 72% of all statistics are made up on the spot.
-- Lance L. Lennon
District Technology Director
Eagle Grove Community School District
515-448-4749

ernstcs · ‎12-01-2010

I'm sure support didn't really want you to do that. As mentioned they do send the messages in waves so support doesn't get overwhelmed with issues.

I'd STRONGLY recommend people who haven't gotten that message wait until you do.

Craig E

RobertHammen · ‎12-01-2010

On Dec 1, 2010, at 10:45 AM, Benjamin.Janowski at Kohls.com wrote: a part of our business is playing "red light, green light" with iPads and other mobile devices right now as well. I half expect to walk in one day and be in a similar position >.< Without assuming any prior knowledge, I'd start by talking about the iPhone Configuration Utility. This is a free tool you can download from Apple. It lets you create profiles for iPhones and iPads. You can enforce certain things like screen locks, enter VPN info up front, etc. I believe you can tell it to always enforce this profile as well (so users can't decide they don't want a screen lock and disable it).

Since Casper 8 and almost all of the other MDM packages out there can be used to deploy configuration profiles, it's a GREAT idea to download and play with iPCU. Get your profiles built, manually deploy them to devices and test, then tweak your profiles (even if you read the manual, no one gets it 100% right on the first build). You can do this before Casper 8 drops and then upgrade to it/use it as time allows.

For heavy duty management, you might wanna look at software like MobileIron down the road... or as i just read from the first response to this thread, sounds like Casper 8 could be an option too.

I haven't spent hours studying product comparison tables, but from what I could see there didn't look to be much that the other guys did that Casper 8 couldn't do, except support for non-iOS devices.

Somewhere Ryan Faas did a comparison article - this is one of his for Australian MacWorld but it wasn't the one I saw elsewhere:

http://www.macworld.com.au/help/managing-and-securing-ios-4-devices-at-work-14691/

--Robert

Report Inappropriate Content · ‎12-02-2010

I've got about 300 (about a 30/70 mix of iTouch and iPads) iOS devices in the field right now and a another 100 iPads coming soon by the end of the year.

Here's what I can say:

Consider your wireless infrastructure in advance.

Ours is a closed network, AP's utilize a combination of MAC whitelist and WPA2. In order for me to even get these on the network, I have to generate a .csv of MAC addresses. This has gotten a bit easier now that ICU (iPhone Configuration Utility) can query the wireless MAC again; but I'm pretty much sold on using a spare router with DD-WRT to generate my lists (ICU provides no export of reports).

Understand that ICU and iTunes as deployment tools are lacking when it comes to robust, mass deployment tools. iTunes, by nature, is a 1:1 app; but it's essential for first time run, managing backups, handling carts, etc... Likewise, ICU is necessary for initial deployment of profiles in most situations. Either way, neither of these apps allow you to manage multiple devices at once (read: upgrading firmware with iTunes will only update and sync a single iThing at a time.).

ICU, additionally, only allows for a deployment of a configuration at a time.

Keep track of what machine you deploy from and backup to.

iTunes really doesn't understand that it's a deployment tool and wants to own the devices it syncs with.

Do not juggle iTunes and ICU use on the same machine for deployments.

It's an experience in frustration with new devices as ICU and iTunes swap and shuffle and rename and bicker.

If you're not deploying inhouse developed apps, ICU isn't going to help you with app deployment.

'nuff said.

Backups via iTunes are great, but they don't cover firmware upgrades.

You're not going to create a "golden" backup of 4.2.1 first and then push it to 60 3.2.2 iPads. Each of those must be updated manually via iTunes.

First run is a major pain.

Out of the box and connecting to iTunes for the first time as a mandatory step blows, especially if you really want to stick a profile on first.

I've found a couple of links that relate to deployment and I should probably put my own together... but I just haven't had the time. If you're curious, I can dig up a really good guide about deployment though.

Finally:

Do consider an enterprise development license, do consider recommending a Mac Mini or lower end iMac to handle individual carts if they are going to be in multiple locations, do not expect great results in the cart solutions that are out there at the moment (especially for the iPad) and do some research before you start buying multi-port USB hubs.

Good luck.

t
--
Thom Burrell

Report Inappropriate Content · ‎12-02-2010

Thom,

This was a wonderful summary of management of iOS devices. If you have more
resources, please post them. I have been looking at the Volume Purchase
Program developements and articles on http://www.iear.org/ and
http://learninginhand.com/blog/app-store-volume-purchase-program-explained.html and http://iear.wikispaces.com/Volume+Purchase+Program If Apple moves all
the content (not just a subset of apps) the the Volume Purchase Program, I
think it will get better. However, we still have the challenge of the
content being tied to a single iTunes store account. I suspect that could
bit us down the road. ...

We've been exploring it and finding that it is hard to manage a "personal"
device as a shared device. Limitations like the Sync and Update only via
iTunes make it a tedious task for our media staff.

On the advice of designating a single Mac to a cart of mobile devices, I
agree. The Macs can support far more connected devices via USB than a
windows machine. I'm told it has to do with the way USB drivers are created
for the different platforms.

-Nathaniel Lindley
Edina Public Schools, MN

CasperSally · ‎12-02-2010

I had a conference call with apple, and they made a point to tell me that you can sync more than one iTouch at once via USB, but not the iPads (yet).

I haven't tried it, but fwiw

Report Inappropriate Content · ‎12-02-2010

Sync yes, but I don't think you can update the OS on more than one device at
a time. iOS 3 > 4.2 for example. Haven't tried it yet though.

tlarkin · ‎12-02-2010

The thing I do not like about the iPads from an IT sys admin
perspective is that they have to physically be hooked up to a laptop and
then they have to be tied to an iTunes account. My users have a hard
enough time using self service, which is just clicking icons, so I
cannot imagine some of them using iTunes to manage their iPads.

Of course these were purchased with out any planning, which is
something that happens often here. So now I am looking at all the
options. Looks like they are being deployed in carts, with one cart
each having a master laptop to sync multiple iPads to.

talkingmoose · ‎12-02-2010

Not sure if you've seen the demo or read the release notes yet but one of
On 12/2/10 10:56 AM, "Thomas Larkin" <tlarki at kckps.org> wrote:
the nice things about managing iOS devices with Casper is that you can
push apps (even internally developed apps) or remove them across a
wireless network or Internet connection. No syncing required. The demo
that Zach gave a couple of weeks ago at the National User Group was pretty
impressive.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

tlarkin · ‎12-02-2010

Anyone got any links to these demos?

ernstcs · ‎12-02-2010

Good luck with that. Are you planning on having multiple user accounts on those master laptops? You can only authorize 5 iTunes accounts per computer I believe. According to the rules you must purchase a copy for each individual user and their device, but if that user has multiple devices the one copy is good on any of them. You'd need a unique iTunes account for each purchased instance…

iPad is NOT ideal in a large deployment (enterprise) unless you are giving it up to the user to manage on their own, and the main hangup truly is iTunes and iTunes accounts. Right now we actually have a unique generic email alias per ipad we use to register iTunes accounts that point to the real users email so they can get any gifted Apps messages and redeem apps, and if that person leaves and someone new gets the device we just repoint the alias and don't lose anything.

The Volume Purchasing Program for dealing with large app purchases helps somewhat to eliminate TAXation issues for EDU in the AppStore, but it's not everything. VPP is not available for Corporate at this time. The JSS is great for distributing large amounts of Apps, too in version 8. You don't need to be tethered. Although I know I have hit some applications that would not allow me to install them unless I was tethered. Naturally you need to tether for any iOS updates, and the JSS can't help you there.

I would love to know how some of the larger higher eds are dealing with this where they are giving them to each student or are replacing their bookstore hard copies with iPads. My guess is they are leaving it up to the students to do what they please with the device, it's theirs to do whatever with which makes the iTunes issue go away. But in situations like corporations or K-12 where the company may want to retain ownership of the device, how is it being dealt with.

Unless I am totally missing something here…

As for the recordings or demos, I know that Zach is doing the tour of the country right now with the regional user group meetings and they may be waiting until after that to post anything…that I and I know how much post editing can take.

Craig E

Report Inappropriate Content · ‎12-02-2010

My chime on the VPP:
As far as I know today, only a subset of apps are available to EDU in VPP. However, if the app is not in VPP, you can email developer and ask them to
add it. I'm told it is only a checkbox to allow your app to be sold though
VPP. The developer can choose to discount at quantity or not. That being
said, the one app that we've tried to purchase that wasn't in the VPP, has
not been added. I've emailed back and forth with the developer and he has
tried, but without success to get it added. Not sure where the hold up
is.....

Another important note is that at this time, music, eBooks, videos,
audiobooks and non-VPP apps are still in the iTunes Music store that
requires the iTunes account and credit card or redeem code or gift card. Currently our business office is not thrilled about gift cards.

Eric --the generic email alias for the iTunes account is a great idea. Did
you create one email account per iPad or one to be shared by devices?

-Nathaniel

HCSTech · ‎12-02-2010

Sorry if I am late to the conversation..
But you don't need a credit card to have an iTunes Account.
Here is the article.
http://support.apple.com/kb/ht2534

Craig Cohen
HCS Technology Group

John_Wetter · ‎12-02-2010

We’ve been doing quite a bit of work with iPads since shortly after they were released. We currently have about 70 or so out with iPod Touch devices as well. We first set up a district account and ‘gifted’ apps to our student account we have on all iPads. Now, we are using the VPP to purchase apps and send to the iPads. The only ones we have people actually syncing info to iTunes are for a few of the administrators that have gone that route instead of carrying laptops everywhere.

We’re in the process of getting everything rolling for Casper 8 in our live environment having been testing it in sandbox for some time now. The web clip self service works very well and and think staff here have responded well. We’re not doing anything with iTunes now after the iPad is initially activated and rolled out.

Now it’s getting the CA all set up and getting Push notifications enabled and an Enterprise account rolling...

John

--
John Wetter
Technical Services Manager
Educational Technology, Media & Information Services
Hopkins Public Schools
952-988-5373

ernstcs · ‎12-02-2010

I assume you mean me, Nathaniel? =)

It is currently on alias per device, which as that grows is NOT ideal…

And correct to add to the other Craig's point, these accounts are created using the process that has NO credit card associated with them. This process is a bit lame since you have to go and try to purchase a FREE app first to click what is apparently NOT the same Create Account button in iTunes. That's a nifty Applism…

I was not aware of the VPP limitation if the App wasn't setup for it, so thanks for that. We still have our old process in place which is my main management account gifting apps to the generic accounts and then I deal centrally with claiming our TAX back from Apple.

Craig E

talkingmoose · ‎12-02-2010

Anyone got any links to these demos?
On 12/2/10 11:17 AM, "Thomas Larkin" <tlarki at kckps.org<mailto:tlarki at kckps.org>> wrote:

Casper User Group. JAMF may have plans to post something. Not sure.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

Report Inappropriate Content · ‎12-02-2010

Sorry, my iOS related folder is a real mishmash of stuff. Most of it deprecated.

Here's the gem that I wish I would have been around when deployed my first cart...

http://wiki.canby.k12.or.us/groups/ipodusergroup/

Managing a large scale deployment is covered here:

http://wiki.canby.k12.or.us/groups/ipodusergroup/wiki/98ee1/Managing_a_Major_Deployment.html

Good and useful stuff.

thom

tlarkin · ‎12-03-2010

So for any of you out there using APN, what is your set up with your PKI/certificates, APN licenses, and such. Our in-house developers wrote some web based assessment testing software which I assume they want to port over the iPads. Plus the state of KS released their software for iOS as well (or at least it is being developed).

I need to write up a bit of a survey of what we need to give it to the people in charge of getting the iPads out. No matter what I will be the one doing the back end support of them, but I don't make any decisions with money - however I will need to be able to outline the costs.

Thanks,

Tom

Jamf Nation Community

iPad Management