User profile for user: Pierre Froelicher1
Pierre Froelicher1 Author
User level: Level 2
178 points

MacOs Server MDM vs Business.apple.com

Hi,

so... I have 5.3 Server running on a macMini 2010 Server modell with SSD drives. All works well but I am slowly decomissioning the functionality of this server. The websites (3) went to Amazon S3, the Filemaker server went to a EC2 instance with Amazon t3-medium. Now I see that my little MDM with Profile Manager can go to business.apple.com too.

Has anyone a feature comparison or hint of how to progress. We have a 10 Person shop, 2 ipads, 5 macs, 4 iphones....

I mean.. is it worth keeping a server in-house.. or will business.apple resolve all MDM similar tasks..

I see that only Open Directory and File Sharing might stay on this machine.. for which it is capable still for some years to come.




yours

Pierre

Mac mini Server (Mid 2010), OS X Server

Posted on Nov 26, 2018 2:30 PM

Reply
Question marked as Top-ranking reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Posted on Nov 27, 2018 2:18 AM

As far as I can see business.apple.com is not an MDM service, it is merely a new improved portal for managing an organisations DEP and VPP accounts. You would in business.apple.com point it to a real MDM system. For example mine is pointed to our JAMF MDM system.


So, no it is not a replacement for Profile Manager.


There are (many) cloud hosted MDM solutions available including JAMF but nearly all are charged for based on the number of devices - including JAMF. There used to be a free limited number of devices version of (Cisco) Meraki Systems Manager, sadly this is no longer available. I did find one that was free for 25 devices but it like Profile Manager would still require you to run your own server. See - Desktop Management Software | Desktop Administration Software | Unified Endpoint Management (UEM) Software

View in context

Similar questions

9 replies
Question marked as Top-ranking reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Nov 27, 2018 2:18 AM in response to Pierre Froelicher1

As far as I can see business.apple.com is not an MDM service, it is merely a new improved portal for managing an organisations DEP and VPP accounts. You would in business.apple.com point it to a real MDM system. For example mine is pointed to our JAMF MDM system.


So, no it is not a replacement for Profile Manager.


There are (many) cloud hosted MDM solutions available including JAMF but nearly all are charged for based on the number of devices - including JAMF. There used to be a free limited number of devices version of (Cisco) Meraki Systems Manager, sadly this is no longer available. I did find one that was free for 25 devices but it like Profile Manager would still require you to run your own server. See - Desktop Management Software | Desktop Administration Software | Unified Endpoint Management (UEM) Software

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Nov 27, 2018 9:35 AM in response to Pierre Froelicher1

Have a look at this Apple article - Prepare for changes to macOS Server 5.7.1 - Apple Support


It details what features get removed from newer versions of Server.app


It might be worth upgrading to High Sierra and the matching Server.app but maybe not Mojave. It depends if you will need any of the now missing features.


OpenDirectory and Profile Manager still exist but for example the DNS server does not.

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Nov 28, 2018 8:12 AM in response to Pierre Froelicher1

Most of the handful of remaining services in Server.app do need a working DNS setup i.e. OpenDirectory and Profile Manager. In theory this could be an external ISP hosted DNS but this would require you to have (some) official public IP addresses that you can allocate to your server(s).


It is more typical therefore to also have an internal DNS server, this is also known as a 'split horizon' DNS configuration where both an internal and external DNS process a host name. That is internally myprofilemanager.domain.com and externally myprofilemanager.domain.com are resolvable although internally it points to your private internal IP address and externally it points to your routers public IP address which then forwards the traffic to the internal address via NAT.


So yes having an internal DNS server is quite important.


Note: OpenDirectory also need reverse DNS on your internal DNS server, this is where say 192.16.1.2 can be looked up to find the matching server name.


If you use the same domain for other public servers then using an internal DNS server in a split horizon setup becomes more complex, options here are to use a different domain for the MDM i.e. Profile Manager server or a sub-domain.

Reply
User profile for user: Pierre Froelicher1
Pierre Froelicher1 Author
User level: Level 2
178 points

Nov 28, 2018 8:12 AM in response to John Lockwood

Thanks for you explicit resposte.

Do you think it difficult to install BIND?

Do you think it difficult to install FreeRadius..

These are the two services that I would need to replace. Radius being a luxury.. I could do with WP2... .


I am right now reinstalling my macminiserver 2010 with Sierra 10.12.. but somehow dream of upgrading to Mojave.. just to give me some headache.. haha


I understand Route53, the AWS DNS service and use it since some month.

There is no way there that if somebody hits on our myserver.domain.com.br IP, to fall here on our Cablemodem and then being directed to our internal 10.0.xxx.xx address of the server (without an internal DNS service) ? All done with the outside Route53 Service? Some kind of Split/Joint Horizon...hehe.. ?

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Nov 28, 2018 8:26 AM in response to Pierre Froelicher1

To install (most of) the open source alternatives you either need to install the XCode command line tools so you can compile the source code or you need to install one of the Mac package management tools.


  • MacPorts
  • HomeBrew
  • Fink


HomeBrew is probably the leading one but I have not used them myself.


These package management tools then automate downloading, building and installing a huge list of existing open source projects and I am sure cover the ones you would want. For BIND see this - DNS Enabler for Mojave it's not free but might be the easiest option for a modest sum.

Reply
User profile for user: Pierre Froelicher1
Pierre Froelicher1 Author
User level: Level 2
178 points

Nov 29, 2018 6:27 AM in response to John Lockwood

I reinstalled macOS 10.12 from scratch, Server 5.3 and that is how everything will stay for another couple of years.

I use RAID, and that was deprecated in 10.13 High Sierra.

I am sure that I can get another 2-5 years out of this setup by which I will have migrated all, Filesharing, Directory Service and MDM to some cloud provider.

I am in Brasil. So for us to make an inscription into business.apple.com has just recently been available.

Once I have an inscription I will point it to Profile Server on our "new" server.. Hope that will work...

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

MacOs Server MDM vs Business.apple.com

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up