Profile Manager - Replication?

Chris,

Profile Manager does not currently support replication or distribution in any meaningful sense. There are solutions from other MDM vendors that do have these features, but they'll cost you about $20 per device instead of per server.

Hi,

Did you ever get any further with this? I admin 180-odd macs on two sites (a college), but with a new site coming on stream, I have done some peliminary tests and found, like you, the local performance to be excellent, but on a site 40 miles away, it's a 15 minuet wait before users can log in.

I suggested an kind of manual replication - two masters, but with identical settings - but my Windows Group Policy mad boss doesn't want this, He wants replicas, depsite my telling hime that while it works, it's not exactly friendly to end users. His argument is 'well they will have to wait'.

I am not happy with that, and wondered if you ever found a more practical solution to something that should, in theory, be a simple(ish)problem!

Many thanks,

Phil

Apple don't provide fail-over or clustering capabilities (in general) and sadly also don't provide a solution for multiple Profile Manager servers. Apart from this being consistent with Apple's disinterest in providing enterprise level solutions themselves, it might be they are deliberately leaving this opportunity open to third-parties.

Realistically you need to pay-up and buy an enterprise level solution of which there are many to chose from. Casper Suite from JAMF is a Mac specific product which can run on Mac, Linux or I believe Windows servers and is probably the only one other than Profile Manager that can run on Mac servers should you desire. Other than that as mentioned there are plenty to chose from and they typically also have the benefit of supporting non-Apple devices as well i.e. Androids.

See http://www.tomsitpro.com/articles/mdm-vendor-comparison,2-681.html

and http://www.enterpriseios.com/wiki/Comparison_MDM_Providers

Note: Not all MDM solutions support Mac clients, even those that do e.g. Meraki might not support all features for Macs, e.g. remote wiping or locking of Macs.

Just in case it might be worth checking your Profile Manager setup is 'properly' configured. By this I mean that the full required set of network ports are open to the Profile Manager server. Your local Macs will presumably be talking locally to the server and therefore are unlikely to have any problem but depending on how your WAN, DNS and Firewall setup is configured your remote sites might be having problems. Remember also that the APNS (Apple Push Notification Service) ports cannot be proxied or reverse proxied. See OS X Server: Ports used by Profile Manager - Apple Support

This free tool http://twocanoes.com/products/mac/push-diagnostics might be helpful for testing your Profile Manager server is able properly to do push notifications.

Thank you for a very useful and concise reply, bringing clarity to a few things that I suspected, but now know for sure.

Apple has been ignoring the enterprise for a while, since Tiger Server, the quality of the software they make and provide has gone downhill somewhat!

A paid for solution is no doubt best, but the problem for me (and those that hold purse strings) is the fact that it's paid-for.

At least now I have some ammunition to take to the table about how to best move forward with this project.

Many thanks again.

AppleGrapple wrote:

Thank you for a very useful and concise reply, bringing clarity to a few things that I suspected, but now know for sure.

Apple has been ignoring the enterprise for a while, since Tiger Server, the quality of the software they make and provide has gone downhill somewhat!

A paid for solution is no doubt best, but the problem for me (and those that hold purse strings) is the fact that it's paid-for.

At least now I have some ammunition to take to the table about how to best move forward with this project.

Many thanks again.

Some may have trial versions, and Meraki has both a free and paid for offering.