local MCX, OD MCX, Casper MCX

tlarkin
Honored Contributor

Hey everyone,

So, some debate is coming up on what we are going to do at my work, and I am looking for the list's input. We got 5500 Macbook Airs coming in that will ship with 10.6. Not sure if we have the budget to upgrade all our 10.5.8 servers to 10.6. 10.7 server is cheap $49 a pop, so that is an option. We use Casper and that is an option, but what I want to know is what you all use and what are the pros/cons of it.

Here are my thoughts:

10.5.x server: -has bugs never fixed until 10.6 -cannot manage SUS for 10.6 clients -lose some functionality with 10.6 clients

Casper for MCX: -only applied at log in (not really what I want to do) -harder to differentiate policy between groups (we have 4 main groups of management) and how we have inventory set up some users aren't always in the same smart groups so I would have to rethink my set up

10.6 server: -best option, will cost us the most to upgrade, we will be at 10.7 in 1 year -not cost effective since it will have a 1 year life span

10.7 server: -not tested -too much changed -10.6 clients probably won't support new profile system -really cheap upgrade cost

My final option is to build my own. Do local MCX exports and use Casper and some scripts to apply local management at log in or via policy and set it forever. This, while possible isn't my first choice either because then I own the whole set up, which means I support it by myself and if I leave no one else is gonna know what I did.

Thoughts, suggestions, etc?

Thanks,

Tom

9 REPLIES 9

RobertHammen
Valued Contributor II
On Jun 22, 2011, at 1:38 PM, Ness, Todd wrote: I think lion server is 49 on top of the 29 for the regular license, to 78 total, and I would be if you read carefully, that you need to upgrade to snow leopard before upgrading to lion, from a legal perspective not technically.

For server, I would not necessarily agree with that assessment. For client, definitely.

you will likely have to have lion server to host internal lion updates, those are the only things I can think of that you missed.

I would... damn, NDA (see devforums.apple.com threads if you're an ADC Mac Developer member).

Bear in mind it will take JAMF some time, although probably not a huge amount, to update Casper for Lion. Not sure of your timeframe, Tom.

If you have 10.5 clients and are contemplating going to Lion, I'd get the upgrade licenses to SL now. There's no guarantee that any formal path will be available once Lion ships.

--Robert

jarednichols
Honored Contributor

JAMF has said they will support Lion within 5 business days of release.

j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

nessts
Valued Contributor II

I think lion server is 49 on top of the 29 for the regular license, to 78 total, and I would be if you read carefully, that you need to upgrade to snow leopard before upgrading to lion, from a legal perspective not technically.
you will likely have to have lion server to host internal lion updates,
those are the only things I can think of that you missed.

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

jarednichols
Honored Contributor

To knock out the server side issues, I'd look at moving your JSS off of OS X. Reposado has gotten some great development and is capable of replacing SUS. Heck, you could stay on your 10.5 server and instead of using SUS use Reposado instead. That may be a good bandaid for now.
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

tlarkin
Honored Contributor

There will most likely be options to upgrade from 10.5 to 10.7 I assume. Nothing has been published on licensing costs from Apple on 10.7 yet except for the single upgrade from the app store, which you actually download a 4gig image file. There will be bulk license deals but everything is pure speculation as of yet. My Apple SE is going to meet with us tomorrow morning to go over options.

My preference is to upgrade to 10.6 server, and use it with some scripting and Casper to push it out to enforce local account MCX and use OD to do MCX for all the PHDs

tlarkin
Honored Contributor

We run portable home directories with home folder sync though. I am looking at a Linux NIS solution to replace OD for authentication, kerberos, and looking at doing NFS home folders with kerberos and then doing a mobile account to sync data. However, I haven't even started testing that solution yet so that is a super no go.

Casper MCX gets applied at log in, and since we also do home folder sync I don't want Casper to manage MCX. I don't want my users having long log in times and long log out times.

So I really want OD to manage preferences at this point in time because the server will cache the MCX to the client local and it won't have to be applied at every log in.

Reposado looks nice and I will probably look at it in some point in time, but I use server side technologies other than just for software update. We do distributed home folders among our 40 servers, file sharing, group/user/computer policy, and authentication to them.

tlarkin
Honored Contributor

I agree Robert totally, however it is like $6k in licensing to upgrade our severs (got the quote from our apple sales rep) and not sure exactly how our budget looks. I am kept in the dark about budget too until a decision is made.

If we don't upgrade to 10.6 server I think I will write my own solution, create mcx files for each group in OD and use scripts to import them to smart groups as computer policy that way is isn't applied at every log in. Long log in times was a huge complaint about 10.5 so I have to keep that down to keep my users happy.

Then just use the 10.5 servers for file sharing and authentication. Then use Casper for everything else.

Thanks for the input guys.

-Tom

tlarkin
Honored Contributor

Yes, they have assured me they will fully support 10.7 with in the first week of it's release. However, Jamf cannot fix bugs Apple releases with 10.7 :-)

nessts
Valued Contributor II

I have been told that Casper will be ready within 5 days of release. I am in the seed pool, I just have no formal knowledge of either, but I am pretty sure I did see that if you want Lion server you have pay the $29 upgrade+ $49 server fee. whether you could go from 10.5-10.7 in one 80 step is beyond my knowledge, been on 10.6 so its irrelevant to me, just throwing some things out to be checked…

--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services