This is my first JNUC, and it's a fantastic conference thus far. Everyone is friendly and knowledgable, though for the majority of sessions, and interactions I feel like the only person here who isn't working in Education (I know this is not the case, but it does FEEL that way).
I spent 5 of my working years in higher education with a fleet of 300 or so. For the past 6 years I've been working in a corporate environment (Post Production, Broadcast, Publicly Traded, etc). My fleet here is around 60 systems (not including anything mobile, that's a different beast).
Having worked in both I can say that there is plenty of overlap where we share commonality, however there are a lot of areas unique to the corporate world. People mean well, but I've heard lot of: "60 computers, that's it? how cute" as if a fleet of 10,000 makes you a better admin.
I don't intend to create an "Us and Them" mentality, but it would be nice to network and talk to other Mac/Casper Admins who work outside of education. Even if it's not here at JNUC 2014, post below with a brief introduction.
My name is Roy, I work currently work for Crown Media Family Networks (Hallmark Channels). I also freelance on the side with a focus in Post Production. Our typical client is fibre attached (Xsan) to a StorNext SAN integrated into a Media Asset Manager with HSM/DLM.
Sorry if this sounded like venting, I love all of you guys.
Alright three of us so far! Part of me wanted to target this further (ie other post/broadcast facilities) but I figured I was already pushing my luck.
Devs can be the toughest to wrangle, I think that highlights a key difference here and edu. Students might not like a policy but I don't imagine there is much they can say or do about it. But the "power users" of our world "require" exemptions.
I worked in the K12 Edu sector for almost 13 years, during which I shepherded two 5500 seat deployments of teacher one-to-one MacBooks, several deployments of 1000+ seat MacBook mobile labs, as well as 2000ish iPads. In total I managed around 10,000 Macs in ~134 schools (Boston Public School District). We used Apple LDAP for the first 5500 seat deployment, and moved to Casper for the second and subsequent mobile lab rollouts. While I no longer work in the public sector (completely by choice - the right choice IMHO) I really understand the challenges which large deployments pose, especially ones where our staff users were all local admins. It has been nice to speak with several K12 folks, though the similar challenges which we spoke about really validated my decision to move to the private sector.
I now work for Sapient Corporation, which is a global Advertising and Technology Services firm based in Boston. I am managing a 3000+ seat deployment which is spread out over the globe. While I now manage far fewer machines, the needs for my current deployment far outstrip my prior environment. We have quite a lot of developers and creatives, who are quite a bit more demanding than teachers when it comes to use of their Macs. I really love being in a more supportive environment where there is a formal change management process as well as the expectation for testing even the most minor things early and often.
I'll be wandering about JNUC today in a bright blue/black check button-down and nutmeg colored pants with a brown fedoraish hat on. I'd love to meet more people who work in the corporate sector!
There are plenty more than 3 of us here, believe me π
I'd be happy to meet up and talk 'shop' a little on management challenges in large enterprise.
FWIW, all our users (Windows and Mac) have local admin rights, and by extension, root (sudo) privileges. It can definitely be a challenge, but its a company policy and quite frankly is necessary for the majority of the workforce as it tends to be a lot of software developers, engineers and the like. So we don't have any real choice. Fortunately, the large majority of clients are good network and company citizens and do not try to bypass any management. There are always a few who continuously try to buck the system however.
That said, we're in frequent discussions on what we lock down and what we open up. Some things are locked and some are not, and we often look at and reassess these controls to best meet the needs of the user base but also maintain security. Those two things are often at odds with other, but they don't always have to be.
I'm currently up on 8 outside the classrooms just doing a little 'work' after the lunch break before the 1:30 seasons start.
I'm also in the private sector - working for Sears/Kmart in the burbs of Chicago, about 1200 macs strong (not counting iDevices) here vs 75k+ PC's.
Most of my challenges stem from the Macs being looked at as a second class citizen, despite their higher uptime and lower repair %'s. The company now targeting them as 'too expensive' and putting shackles on anybody who tries to buy them now. Despite the adversities, I love what I do and take my work very seriously and personally (as I'm sure many of you do), and proud to be the 'buck stops here' guy.
I do corporate stuff for Many companies, I work for HP Enterprise services, so we take care of computers in entertainment, medical, security, manufacturing etc. I have completely locked down Macs that we upgrade once a year for the Artsy people, and other accounts with full admin rights and lock out a few things, connect to AD etc. So flexibility and re-use are huge for my team. Would be happy to talk, I have not found a 1330 session that has piqued my interest. So I will be hanging out for a while. Maybe make my way up to 8.
Hey! I'm Sean (Not at the JNUC). I work for an Advertising Agency in Manhattan. I manage machines here and in our west coast branch in LA. We're at around 650 macs total managed by Casper (450 or so in LA, 180 or so in NY). Also help manage machines in our Editorial department which are attached by fiber to a SAN (Quantum and DOTHill storage). We also have an old XSAN that's slowly dying.
Like others - our users have admin right (for both Mac and PC) but in general, it's not a huge problem. We also have to adhear to SOX Compliance which is its own set of challenges (encryption, screensaver lock, etc).
I started in K-12 designing our school system's transition to OS X back in the 10.2 days and Open Directory and Work Manager. I worked in K-12 for about 12 years transitioning to the private sector about 9 years ago working in the media and entertainment sector. There have been plenty of overlaps for me and I used what I learned in very direct systems management of our education system to better manage our corporate Macs that were not very managed for a very long time.
Well, count me as another broadcast engineer. π I work for CNN in Atlanta, where I managed our department' JSS for several years u too recently, when we combined Mac support with the Post Production unit. Our team manages approx. 400 workstations, most for video and graphics production. Bit of a different world from our .edu brethren, huh?
Unfortunately, no JNUC for me this year. Maybe 2015...
Private sector, 9000+ Macs, large developer community (almost everyone has admin rights). We're simultaneously focused on strong security (PCI compliance, etc) and "enabling" our users, which means letting them do whatever they want and never saying no (we can't get away with blocking Yosemite, for example). Sometimes I just want to pull my hair out.
I am the primary Mac admin for John Deere. Our current device count is ~250, but this number is growing rapidly as more development positions are being created. I've been doing Mac administration for a year and a half now, but prior to that I was packaging and scripting Windows application installations for deployment via SCCM, along with performing high-level troubleshooting for the enterprise.
Hah! @alexjdale I feel your pain. Although, I did block Yosemite for my users (my department is like "Macs? Whatever" so I 100% self-manage the policies in the framework) with a small whitelist of users in a "Yosemite Testers" static group. I emailed my users about a month back to let them know to wait for Yosemite, and that if they wanted to help me test it out when it was released to reply to me. I've got 10 machines (out of about 150) on Yosemite and plan to lift the software restriction when I get back from the JNUC. So I get to say no, but nicely.
My method of "saying no" is to stick to the phrase: "Application dictates design" If there is no pressing reason for an update (be Yosemite, or Chrome) then we do not update. I am a reasonable man though and if someone is asking with good reason backing their request it is put into the test environment.
We have a lot of in house apps that feed multiple ecosystems that rely on each other, often updating one thing breaks something else. For this reason we stick to a test environment, and have a change management system in place. The process seems bulky (and it is) when compared to Self Service, but unless there's a zero-day exploit/security patch we tend to handle updates on a monthly basis.
Hi, I'm Mac Scott, currently living and working in the SF Bay Area. Got my start in IT working with various IDG magazines (Macworld, Industry Standard) Moved to a small, privately owned, 95% Mac merchandising company, Signatures Network 13 years ago (hence the 'signetmac' moniker) And we were bought by Live Nation Entertainment in 2007. Being a small Mac fish, swallowed by a large PC fish, I became the only Mac specialist in the global org, until we hired Christopher Collins about 3 years ago. He posts here too, and I can't say enough good things about him.
We now have ~1100 Macs and 5 Mac specialists globally. Seems like the majority of new orders these days are for Macs to replace old PC's.
Hey all, I'm Christopher Collins, and I have worked with @signetmac][/url][/url at Live Nation as part of the global Mac team for the last 3 years π At my particular office in Indiana they make radio, television, and print adverts for concert tours so we are almost entirely Mac but in Indiana as in most states we also have multiple Ticketmaster and Live Nation offices as well as multiple venues. I spent 9 years doing professional services with 6 of those putting in Xsan and content management servers into TV stations and post production houses (I believe the final count was almost 130 Xsans installed before I moved on to Live Nation when flying almost every week for 9 years got a little old).
If jamfnation shows me anything it is that IT admins in our particular platform niche are definitely not alone. Especially it seems when it comes to dealing with our developers in our organizations π
I am also not in education. I work for an online broker out of Omaha and currently manage ~250 Macs. We don't provide anyone admin rights out of the box unless they have an approved exception. Even then, we split Admin apart from Sudo so they would need another exception if they want Sudo as well. While I am not 100% in agreement with this policy, it is what it is and do my best to adapt. It certainly is a struggle to keep our developers happy but thanks to the jamfnation community we have been able to put some processes and tools in place to help keep everyone's sanity. (Admins and end users)
This was my first JNUC and while the majority of the people I spoke to were in education, there were several others just like myself that were not in education.
Hi All, Mike Montes from Chicago here, looking forward to great discussions as I am a total JAMF Noob.
I don't even know where to start. Been doing Mac since 85. My experience covers Marketing, Law, Trading, Manufacturing, Chemicals, Pharmaceuticals, Food Service, Print, Agency and now Insurance. The majority of my career spent in print and agency. I currently work for HCSC more commonly known as Blue Cross Blue Shield.
Besides doing just about everything Mac, I also support large numbers of iOS devices.
I look after about 250 Macs in a Cancer Research Centre in Melbourne, AU - I spend a fair bit of time trying to keep InfoSec happy, and convince them that it can work in our environment. We have affiliations with University of Melbourne, and we have PhD/Postdoc students working with us, but we're non-edu.
All my previous experience is basically working for private enterprise, but had next to no exposure to Macs.
Worked in EDU for 2 years, but that was before my JAMF experience. Managed ~2500 Macs in a classified environment with Casper and then moved on to finance where I set up infrastructure to manage ~500 Macs across the globe before Apple came knocking. Now I help my Enterprise customers be successful integrating Apple into their infrastructures. One of my customers just did a 10,000 iPhone rollout to replace their Blackberries.
If you need help with scale, let me know.
Hello. I started in higher-ed computer retail in college back in the early 90's. Ah, selling Mac's during the dark days... what joy.
I've been working at CNN in Atlanta for 14 years. My team of four support our 600+ portable news gathering units (Mac Book Pros, cameras, BGAN (portable satellite terminals)). We handle everything from hardware repairs, transmission software, to email and mice.
November will see our on-site jump start for our own JSS. Until now we've piggybacked on another department's JSS or have been doing everything without a JSS. Because of our broadcast needs we have to be extra careful what apps are running that could interrupt a 256-512kbps satellite connection (no 15 minute check-in for us!). We have been using a custom script that would run when it was deemed safe to upload information to us.
I'm very excited to get to use Casper full-time!
@Potter and @Aaron I'm not the only one here in healthcare. I work for a large hospital network in South Florida. We're mostly Windows here with 130+ Macs but iPads are growing quickly. I would love to get in touch with you both to talk a bit about how you're handling HIPAA / PHI issues on your iPads.