Jamf Nation Community

tlarkin · ‎01-21-2011

So...this is not quite Casper related but I would be using Casper to deploy it, so slightly relevant. So here is the cliff note's version of what is going on:

Scenario: Cerner is coming in and doing some sort of web based lab/training with students. Their web front end runs only in Active X, and we run all Macs. So, at first they brought their own laptops in. Now they wanted to purchase VM software and let me deploy virtual machines on the Macbooks to run IE. I said no to that, for a plethora of reasons. So, now we are looking at Wine Bottler which is the IE4Linux port to OS X.

Here is my view on this...

Any sort of Windows app that runs via WINE (or an offshoot) has to install that bottle on your Mac, which takes up a lot of space and is basically a barebones Windows OS with a registry. Meaning users can drop windows apps inside the bottle and run them. I have zero methods of managing windows apps from OD/MCX or even Casper.

So, there is a good possibility I will be forced to do this. Suggestions?

Thanks,

Tom

rockpapergoat · ‎01-21-2011

what's the timeframe here?

do you have any windows servers hanging around?

citrix or remote desktop/terminal services are your best bet here. you really, really don't want to have to manage additional windows installs on your clients for access to one app during a finite amount of training.

explain to whomever holds the purse that this request will effectively double the OSes you're currently managing, and you're not equipped to do so.

also, talk with some local businesses or consultants to see if you can get help to configure temporary citrix or terminal server services just for this purpose; possibly a "rent a server" type arrangement. your budget may be $0, but you'll spend far more for all the cleanup and management associated with deploying some workaround to accommodate this training.

talkingmoose · ‎01-21-2011

We don't run WINE or CrossOver Mac but the purpose of them is to let you
On 1/21/11 11:12 AM, "Thomas Larkin" <tlarki at kckps.org> wrote:
run Windows applications WITHOUT Windows. You won't be installing a
Windows OS and then the application. You'll just be installing the
application.

--missing content--

run fairly well. Not sure about ActiveX applications, though. This is a
supported WINE solution.

Any reason for selecting a Windows-based training company for an all-Mac
shop? My gut tells me to continue making them bring in laptops.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

bentoms · ‎01-21-2011

Around 4 years ago I used to use crossover with ie6 to run Siebel service desk as it required active & it worked well.

Regards,
Ben Toms
IT Support Analyst GREY Group
The Johnson Building, 77 Hatton Garden, London, EC1N 8JS
T: +44 (0) 20-3037-3819 | Main: +44 (0) 20 3037 3000 | IT Helpdesk: +44 (0) 20 3037 3883

--missing content--

run fairly well. Not sure about ActiveX applications, though. This is a
supported WINE solution.

Any reason for selecting a Windows-based training company for an all-Mac
shop? My gut tells me to continue making them bring in laptops.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

tlarkin · ‎01-21-2011

Getting it to work is not my concern as much as trying to manage it.

--missing content--

run fairly well. Not sure about ActiveX applications, though. This is a
supported WINE solution.

Any reason for selecting a Windows-based training company for an all-Mac
shop? My gut tells me to continue making them bring in laptops.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

jarednichols · ‎01-21-2011

I'm guessing this is a classic case where there were no requirements
gathering done. One of which would have been "training model fits in our
existing managed structure" (e.g. It's a platform agnostic version of
web-based training.)

j
-- Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Report Inappropriate Content · ‎01-21-2011

Here's a somewhat out-of-the-box suggestion:

I don't know what your exact requirements and budget will allow, but one alternative is a thin-client solution. We have some similar scenarios where users need to run one or two Windows-based applications like IE or Outlook. A full-blown VM takes up excess space, requires additional management, and presents unnecessary security risks. Running a bottle-based solution removes the OS portion, but you still have to manage the bottle software and the individual application(s) installed on the individual systems. One of the architects on my team set up a proof-of-concept that went over really well. We tested a couple of different products and I think something like Citrix would fit your situation. You can run the client end with a browser plugin. Give your users access to IE only and keep it in a sandbox — if they do somehow manage to break it, they still can't do any lasting damage. If you can get Cerner to be responsible for owning the server side, then you'd just be responsible for distributing the browser plugin. That's easy to do via Casper.

-Charlie

-------------------------------------
Charlie Smith
Desktop Engineer
Information Services Department (ISD)
MIT Lincoln Laboratory
244 Wood St. Lexington, MA 02420
Phone: 781.981.0854
E-mail: charlie.smith at ll.mit.edu
-------------------------------------

ernstcs · ‎01-21-2011

How many people at one time are we talking here?

tlarkin · ‎01-21-2011

Our budget is $0.00 USD

This is a situation where an outside company ( http://www.cerner.com/ )
is coming in to a science class and giving students a lab (via a grant)
where they can do lab work over a web front end to Cerner's server back
end for educational purposes. This was never planned, we applied for
the grant to get this and somehow someone got it.

I can make it work that is no issue. I have made all these thousands
of Macs run Windows apps and dual boot Windows at one time or another. What I hate is that bottle that the API uses to fool apps they are in
Windows. Which allows students to download tons of video games and run
them with in the bottle. When you give a teenager a laptop and they
have physical access to it 24/7 it is not a matter of how or if, but a
matter of when they figure out how to do something. They have endless
time all day every day after school and on the weekends (and during
school in some cases) to try to hack away at the machines.

I don't have money for Citrix. In the past I have used shell scripts
with the find command that exclude the known good windows apps I want to
run (and their location) and delete any other exe file that is detected
in a home directory. The problem is, that is tricky because some of
them figured out something was happening so they started renaming their
apps, to approved app names.

Now Cerner is actually migrating their current web front end toolset to
something that is more open and web 2.0 and ditching the Active X, but
that is down the road. This just puts me in a situation where I am
between a rock and a hard place because I will get yelled at for not
getting it done, and if I get it done I will get yelled at for kids
abusing their laptops and loading games on them. So, it is pretty much
a lose:lose istuation for me, but if there were someway to lock down the
bottle where nothing can get dropped into it....and it not lose any
functionality of IE that would be awesome.

Thanks,

Tom

dkucmierz · ‎01-21-2011

Could you use a self healing poilcy for the app configuration with casper?

--

David Kucmierz
Mesquite ISD Technical Services
972.882.5506

fsjjeff · ‎01-21-2011

We looked at WINE for an IE / Java solution that is mandated by our Provincial Government, and I found it unfortunately did not work for us. What we've ended up doing, and what has worked fairly well so far, is implement a 2X Application server. It's similar to Citrix but cheaper. Lets me deploy a small client app, and manage access to published apps on the server via AD user. Loving it so far, and in most cases it's faster than running the apps on a VM.

It isn't free however, which makes things a challenge. The little bit of time I spent trying to get WINE to do what I wanted had me frustrated and ready for a more supportable solution, even if it did cost a few bucks. The bonus - it's already been used to support a small handful of other applications to help migrate our last few Windows holdouts to Mac.

Jeff

Report Inappropriate Content · ‎01-21-2011

One nice thing about the Citrix solution is that you're not the one paying for it, if you can convince Cerner to host it. Have you already told whoever's doing the yelling that it's possible to run this on the Macs? If not, all you have to do is tell them there's no way to do it, and require Cerner to continue to bring in their own laptops. If they question you, further explain that there is no way to prevent the students from compromising the Macs if they are allowed to run any EXE on them, short of buying a Windows server.

milesleacy · ‎01-21-2011

Hey Tom,

If the bottle solution works for you, my question is... How big is the
bottle? If it's small enough you could periodically delete and redeploy
the bottle, assuming the Cerner system is all hosted elsewhere and the
bottle really just provides a web front end with no data the students need
to download and have persistent within the bottle.

Self healing is a good idea, but may be tricky as the items that will
trigger self healing must have been deleted or changed in order to trigger
a self healing event. If the student merely downloads stuff without
changing the items that were originally deployed, that may not trigger the
event.

I hope this is helpful.

--
Miles Leacy
Technical Training Manager
Mobile +1 347 277 7321

miles at jamfsoftware.com
....................................................................
JAMF Software
1011 Washington Ave. S
Suite 350
Minneapolis, MN 55415
....................................................................
Office: (612) 605-6625
Facsimile: (612) 332-9054
....................................................................
US Support: (612) 216-1296
UK Support +44.(0)20.3002.3907
AU Support +61.(0)2.8014.7469
....................................................................
http://www.jamfsoftware.com <http://www.jamfsoftware.com/>

Jamf Nation Community

running IE on the Macs [ sort of off topic ]