Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

new to mdm management

Hi,

I have recently taken on two School's IT management and they have a number of Apple devices. THey currently do very little in terms of managing these devices and this poses a big risk to data loss. More importantly, they can not do anything with lost or stolen devices.


I'm aware of a number of MDM platforms on the market, I have in fact had experience with Good and Mobileiron but I'm wanting to do something cheaply if possible.


I know Profile manager can do what I have mentioned above and much more, but I don't yet have an Apple computer to do this. Can someone explain what device is best to use (iMac/Macbook) Does the device need to be on all the time with the same network address?


I was planning to run this from home and manage both schools devices, just using seperate profiles for each school.


Any advice at the moment would be much appreciated.


Many thanks

Posted on Apr 16, 2015 3:11 AM

Reply
3 replies

Apr 16, 2015 4:31 AM in response to Collabor8-IT

" . . . what device is best to use . . .?"


Does not matter as any mac will do. IMO the answer to your second question rules out a laptop as it would be a poor use of an expensive portable device more suited for a different purpose. Most people in your situation tend to go for a MacMini. It's cheaper than the other two and has a very small form factor. Ideally buy two and set them up in a redundant configuration.


"Does the device need to be on all the time with the same network address?"


As you know Apple's MDM is called Profile Manager. You get Profile Manager with OS X Server. OS X Server is an App and not an OS. That said it should still be treated as a Server with all that that means. A Server should have a fixed location within a network it resides in. It should be accessible by the devices you're trying to manage which implies a fixed IP address and always on availability. Beyond the fixed IP address nothing will work well (if at all) without a properly defined hostname and a DNS server that can resolve that name properly. This can't be emphasised enough and is crucial. Get that part right at the beginning and everything else will 'just work.' Your school's IT Management should have already done this anyway although depending on their understanding of what DNS is it may prove a potential stumbling block?


You can access the PM web-based management portal from anywhere you like. However this will mean configuring whatever firewall the school is using. For example allowing VPN access from whatever computer you're using at your home - Mac or PC. Does not matter which as it is via a web browser and any web browser will do - or configuring the school's external domain to do the same.


You should also look beyond PM. PM won't back-up the devices for you. If iOS devices are involved you should consider using a combination of iTunes and/or iCloud and/or Apple Configurator to back-up any locally stored data. I would steer clear of this and use something like WebDAV Navigator or Foldr instead.


For OS X devices network logins would be the way to go. Student data would be stored on a drive attached to your Server. This data would in turn be backed up by whatever backup solution the school is using. Does not matter whether the network is based Microsoft's Active Directory or Apple's Open Directory. I would also consider using DeployStudio, Munki and Apple Remote Desktop for a more rounded management/deployment approach that go far beyond what is available in PM alone.


It can be simple and straightforward and in practice it is as long as you know what you're doing and where the potential gotchas are. You may benefit from an experienced consultant coming in and advising/assisting you in the initial setup? It makes sense as using Apple devices in an enterprise network can be painful if the initial 'get-off-the-ground' phase is handled poorly.


My 2p.

Apr 16, 2015 4:54 AM in response to Collabor8-IT

Solid advice from Antonio as always. I will toss out two other options: Casper Suite and Bushel. Both are from JAMF. Bushel is $2 a month per device and you get an MDM plus DEP and VPP integration plus there is no on-prem requirements (cloud hosted only). You get no package management, imaging, scripting, etc. For more complete management, go JAMF. Pricing for schools is very attractive. Generally there are on-prem requirements but the Casper Suite is supported on OS X, Windows Server, and many Linux flavors. Generally an existing device can be found to host the server.


How many devices are you talking about? Do the devices leave the building? Is this a one to one or shared computing environment? Where is the data stored? These and many more are questions that you need to explore.


For full disclosure, I (we) are a JAMF partner so I might be partial. However, I find their approach and tools to be without compare. Endless possibilities and a rabid dedication to the platform.


Reid

Apple Consultants Network

Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

Aug 31, 2015 4:36 PM in response to Collabor8-IT

I would also recommend considering SimpleMDM.com as a cloud-hosted MDM solution. A good percentage of our user base is made up of the educational sector, both public and private. SimpleMDM is straightforward to use and still provides powerful configuration and management options.


Compared to Good and MobileIron, you'll find that our pricing is much more straightforward and affordable. We allow up time five devices for free, so you can try it out and feel comfortable with it before taking the plunge.


Taylor

SimpleMDM.com

new to mdm management

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.