Your SlideShare is downloading. ×
The Benefits of a Managed Macintosh Environment in the Enterprise
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

The Benefits of a Managed Macintosh Environment in the Enterprise


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. The Benefits of a Managed Macintosh Environment in the Enterprise with the Casper Suite from JAMF Software Revision Date: 8/20/08
  • 2. JAMF Software White Paper This page intentionally left blank
  • 3. Legal Information in this document including URL and other Internet Web site references is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of JAMF Software. JAMF Software may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from JAMF Software, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2007 JAMF Software LLC. All rights reserved. JAMF Software, Composer, and Recon are trademarks of JAMF Software LLC in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. JAMF Software White Paper
  • 4. JAMF Software White Paper This page intentionally left blank
  • 5. Table of Contents Summary of Benefits 1 IT Challenges 2 Business Challenges 3 Client Management Solutions for IT Managers 4 Lowered Costs 5 Client Management in the Macintosh Environment 6 Return on Investment of the Casper Suite: A Case Study 7 The Casper Suite – An Overview 11 Recon and The Recon Suite 15 Composer 17 Casper Admin 19 Casper 20 JAMF Software Server – JSS 23 CasperVNC 25 Training and Support 26 Purchasing 28 Casper Suite Summary Back Cover JAMF Software White Paper
  • 6. Summary of Benefits While Apple computers in the enterprise have long been unmanaged, many organizations are beginning to recognize the need to bring their Macs into a managed state. Faced with larger populations of Macs and greater pressure from end users, organization management, and auditors, IT managers are faced with the challenge of finding a client management solution for the Macintosh platform. End users are now demanding a more pro-active, invisible approach to support for their Macs to increase their uptime and improve their overall experience. IT management is charged with making sure that the investment the organization has made into Apple hardware is maximized by seamless support. Every machine should work every day. Using client management software enables IT to provide remote, automated, pro- active support that improves the end user experience and minimizes down time. Organizations are now making the same demands of Mac IT managers as they do of those managing computers on other platforms, including accountability, planning, and security. No longer are the Macs living on the fringes of the organization. Client management software for the Macintosh platform can bring first class support to Macs while reducing liability for the organization by providing an inventory of hardware and software, managing user privileges, and increasing security. Remote, automated support also significantly reduces the organization’s cost for support by increasing efficiency dramatically. The Casper Suite is the one suite of client management software developed exclusively for the Macintosh platform. As such, it offers a native solution that provides great breadth and depth of functionality for IT managers including inventory, package building, image management, remote imaging, remote updates, management and a powerful framework for automated support. In the following pages, the challenges of IT and modern organizations are explored in more detail, followed by how the Casper Suite addresses these challenges. 1 JAMF Software White Paper
  • 7. IT Challenges The Enterprise IT department is responsible for managing end user computers from the loading dock to the recycler. Along the way, the machines go through several phases of management: new machine deployment, software updates, new software distribution, and issue resolution. All the while, user and company data must be protected and secure, the company must know the status of all hardware and software, and the end user must experience minimal disruption. Like any piece of business infrastructure, IT hardware, software and staff exist solely to support and enable the core business of the organization. The business of a school is education, not technology. The business of an ad agency is innovative ideas, not technology. IT is at its best when it is invisible to the end user. This goal drives IT professionals to seek solutions to client management challenges that enable them to support the end user with minimal inconvenience and loss of production to the company’s business. .................................... .................................... .................................... .................................... New machine deployment Software Updating New Software Distribution Issue Resolution .................................... .................................... .................................... .................................... create image download .pkg convert updaters convert installers update software installers to .pkg to .pkg observe/control apply image distribute .pkg hardware repair distribute .pkg to computer to computer d i tracking and assignment configure settings & printers modify settings user request .............................. automated re-image run utilities move user data Protect user data notification .............................. backup user data In order to ensure that the IT department is managing every phase of the machine life cycle, it is helpful to break down each phase into tasks that a typical IT department performs. One way or another, this work is getting done, whether by hand, scripts, software, or, most often, a combination of approaches. JAMF Software White Paper 2
  • 8. Business Challenges The business of an IT department and of technological assets presents distinct challenges to managers and technologists. The manager is not concerned with the details of how to push a package to a client machine. Instead, the manager is responsible for bringing projects in on time and under budget, maintaining legal compliance for software licensing, ensuring the backup and security of company data, budgeting for new hardware and software purchases, and staffing the IT department to provide ‘invisible’ support. Does image meet client needs? Have we tested updates? How many copies do we need? .................................. .................................. Compliance Purchasing .................................. .................................. Do we have Who has which rights? enough licenses? v .................................. Business Continuity Are we under warranty? .................................. How do we ensure What are our What software does not comply with our standards? backup? notification criteria? To make sound business decisions, IT managers and company financial officers rely on sound data from the technologists in the field. If the tech staff is using a variety of ad hoc solutions to manage client machines, retrieving this data may be a project all by itself. This approach may leave the business at risk when software audits or purchasing decisions inevitably come around. 3 JAMF Software White Paper
  • 9. Client Management Solutions for IT Managers Moving a large number of machines into a managed client environment is an undertaking that results in several positive outcomes for IT management. The overall goal is better IT service and support for lower costs. However, defining “better IT service and support” and “lower costs” is the subject of endless study and debate. Most managers agree upon a few aspects of these ideals. Better IT service and support means focusing staff on minimizing machine downtime and maximizing productivity. A managed client environment achieves this goal through automation and remote control, allowing staff to move from a reactive to a pro- active approach. Automation of repetitive tasks frees up the IT staff for planning, implementation, projects, and time with end users. Remote control of client machines allows system administrators to quickly resolve most problems without a trip to the desktop. The option of quickly reimaging machines, while preserving user data, returns machines to a known good state in less time than most problem diagnosis. Better IT service and support means managing software licenses efficiently and accurately. Managers are all too familiar with questions of compliance in the modern business, with regulations like Sarbanes-Oxley requiring detailed, accurate reporting of software licenses. Setting an organizational standard for software and versions so that users can share files, or simply purchasing new licenses, can turn into a spreadsheet challenge if the environment is not managed. Technologists are diverted from support and repurposed to gather information about existing assets. Automated, detailed inventory reporting in the managed environment keeps IT resources tasked to organization business, reduces liability, prevents overspending, and maintains software versions across the organization. See the “JAMF Software Study of Sarbanes-Oxley Compliance and the Casper Suite” for more information. “ Making Macs “ first class citizens in the enterprise. JAMF Software White Paper 4
  • 10. More Support, Existing Staff From a cost center to a corporate resource. Lowered costs Evaluating the cost savings associated with the managed client environment can be tricky because of the traditional separation of the various aspects of IT: Hardware, software, and staff are all major cost centers and organizational budgets may be separated along these lines. Client management software affects cost savings in all three aspects of IT, as well as providing peace of mind regarding data backups, legal compliance, and security issues. Cost savings for staffing Client management solutions are incomplete without the ability to provide support from a remote location. The amount of time saved by remote resolution drastically increases the number of end user incidents that can be resolved by a single technician in one day. Automation of tasks such as inventory, new machine deployment, software updates, new software distribution, and incident notification allow the IT department to support a greater number of machines with fewer staff. See the “MDC Partners Casper Suite ROI Study” for more information. Cost savings for software and hardware Hardware and software purchases represent a significant investment for any organization. Complete and accurate inventories can be used to plan purchases and allocation of software licenses. The efficient allocation of organization resources prevents overspending to ensure license compliance or duplication of spending because company assets are lost or untracked. 5 JAMF Software White Paper
  • 11. Client Management in the Macintosh Environment For years, conventional wisdom has kept Macintosh computers out of the large scale enterprise environment except for a few creative industries. However, according to Computerworld magazine, Apple is making inroads into larger organizations and Macintosh machines are becoming more common in the enterprise. This trend may be attributed to security concerns with Windows PCs, the popularity of Apple’s consumer products, and the advent of the Intel chip in Macs (Seth Weintraub, “Why Apple’s ‘consumer’ Macs are enterprise-worthy”, March 9, 2007). Both enterprises switching to the Macintosh platform and organizations that have been using Macs for a long time are now looking at client management solutions. Sarbanes-Oxley compliance and manufacturers’ audits drive some organizations toward client management. Tight budgets and the need for greater operational efficiencies drive others, while others look to expand user bases without expanding the IT staff. Client management solutions available for the Macintosh platform may be cross platform hybrids or utilities that address only a part of the client life cycle. Only one product, the Casper Suite from JAMF Software™, provides a comprehensive client management solution that is developed exclusively for the Macintosh enterprise. Using a native Macintosh solution such as the Casper Suite allows IT to use a tool that has been developed for Apple hardware and the Macintosh Operating System (OS). This means that there are no issues of compatibility with Apple machines and no need for non-Macintosh hardware or servers. Technically, it also means that the Casper Suite treads lightly on client machines: No agents or applications are installed on the client machine. Even so, the Casper Suite is a powerful toolset, providing great breadth and depth of management functionality. The Casper Suite is designed by engineers who work with Macintosh hardware and software. JAMF Software™ developers value the intuitive ease and beauty of Apple products and work to translate those values into the Casper Suite. Managing Macs with the Casper Suite combines all the benefits of a powerful client management tool with an elegant user experience. JAMF Software White Paper 6
  • 12. Return on Investment of the Casper Suite: A Case Study 7
  • 13. JAMF Software - Casper Suite Return on Investment Analysis Introduction: MDC Partners is a portfolio of best-in-class marketing extremely time and labor intensive process. Without the communications companies whose strategic and use of tools to automate the process, an administrator innovative solutions lead the marketing industry, attract would typically have to go to every workstation or laptop the finest talent, and achieve outstanding results for and manually configure the devices. More experienced clients. administrators can write scripts to install the printers, but the execution of the script would require manual We are a publicly traded company with compliance intervention by the end users. With the use of the Casper requirements driven by Sarbanes-Oxley and our clients. Suite, we can now deploy the devices to user computers, Because of the computing platform widely used in our without visiting the machines, from a central server in industry, many organizations have difficulties executing the organization, thus allowing lower level system controls systematically that enforce their IT and administrators to distribute and install printers on corporate policies. hundreds of workstations in approximately 15 minutes. Additionally, the Casper Suite allows for the creation of The Casper Suite of products has allowed us to define user groups that allow administrators to even further and efficiently implement controls through a centrally increase their efficiency by only deploying resources such managed set of tools. The tool set has allowed us to as printers to the workstations that require them. focus our efforts on growing the organization through effective use of IT and not requiring our resources to Remote deployment of applications to the user spend their time on maintenance. community greatly reduces the need for support individuals to visit each desktop when upgrading or Currently several of our partner firms are using the installing new applications. Additionally, the deployment Casper Suite and many more are in various stages of can be defined to user groups which help to manage the evaluating, acquiring and deploying the tools. inventory of licenses distributed. The Casper Suite allows us to create packages that can be distributed systematically for any application from any vendor. Cost Savings: Automation tools are widely used so administrators can The Casper Suite brings enterprise level management focus their efforts on tasks that benefit the organization tools to the Apple platform. For a long time Windows far more than the utilitarian functions that often administrators have been able to define and enforce consume their time. Return on investment for policies on users machines from a central location. The administrative and management tools is a function of Casper Suite brings many of these types of features to efficiency and time savings directly driven by labor cost. the Apple platform. The ability to automatically discover, The more efficiently people work, the more productive remove and report on applications installed by end users they are, therefore less people are required to support is critical to any organization. These applications, fonts the organization. etc… pose a serious security risk to organizations as well as a financial liability. The time for tasks, such as provisioning a computer, is significantly reduced by the ability to create a standard There is a significant amount of savings when using the image by class of user and push out that image to new Casper Suite to create and enforce security policies. machines or to devices that need to be re-deployed. The Significant savings are seen when end users are prevented process of configuring a machine manually used to be from performing actions that would increase the need approximately 4 hours per machine. Utilizing the Casper for support. Functions like application blacklisting, Suite, the same process is now performed in about 15 automated software updates, and automated e-mail minutes. notifications ensure users workstations are current with patches and fixes as well as ensuring they do not change Printers are constantly changing across the organizations. configurations or install unauthorized software that can They are replaced due to age, wear and tear, and pose a threat to the machine and the other workstations upgraded for better print quality and performance. The on the network. process of provisioning printers on the network is an 8
  • 14. 9 JAMF Software - Casper Suite Return on Investment Analysis Based on surveys performed across our partner firms currently using the Casper Suite the following represents time savings for typical tasks performed by IT support personnel. (In Hours) Per Machine Per Machine Year 2 forward Before Casper After Casper Time Savings Dollar Savings Annual Savings Annual Savings Hours to deploy new MAC 4.0 0.5 3.5 $87.50 $87.50 $0.00 Hours to roll out patch and/or printer maintenance 0.5 0.1 0.4 $10.00 $100.00 $120.00 Hours performing preventative maintenance per month 1.0 0.3 0.8 $18.75 $225.00 $225.00 Estimated savings due to security policy enforcement 0.5 0.1 0.4 $10.00 $120.00 $120.00 Hours to inventory IT assets and related SW 0.5 0.1 0.4 $10.00 $120.00 $120.00 Total Savings $136.25 $652.50 $585.00 Cost/machine year 1 * $118.00 $18.00 Return in efficiency - dollars per machine $534.50 $567.00 Cost savings for organization based on 50 machines $26,725.00 $28,350.00 *Note: Cost/machine depends on the number of machines managed with the Casper Suite.
  • 15. This page intentionally left blank JAMF Software White Paper 10
  • 16. The Casper Client Management Suite - Overview An overview of the Casper Suite The Casper Suite offers one set of tools to address all aspects of Macintosh client management including inventory, package building, configuration, image management, image deployment, remote updates, and scheduled maintenance. Since all these applications are fully integrated, there is no need to import or export data or to force diverse tools to work together. Because the architecture all flows through one central database, dynamic inventory information can be used in scheduled maintenance and packages are used for both imaging and updates, promoting efficiency and consistency. The simple user interface ensures that the Casper Suite is not reliant upon one devoted system administrator. The workload can be balanced, with privileges based upon the user’s role in the organization. 11 JAMF Software White Paper
  • 17. Managing the Macintosh Life Cycle with the Casper Suite Inventory and asset management with Recon: An organization’s hardware and software purchases represent a significant investment. Complete, accurate, and timely inventories are usually used to ensure compliance and facilitate planning. However, when the state school board or parent company requires a full software and hardware audit, those system administrators with Recon running inventory can rest easy. Departments with an unmanaged system may look forward to adding staff and putting other projects on hold to meet audit requirements. IT managers can run Recon on a customized schedule using the suite’s advanced reporting frameworks to create branded reports that are ready for review by management or auditors. Several standard templates are included in the suite that meet common requirements and customized reports can be created. Package building with Composer: When software is purchased from manufacturers it usually needs to be configured or customized to meet the requirements of the end users. Rather than doing this customization after installation as a post-fix, the use of packages and Casper Admin allows changes to be made prior to distribution so that the software arrives configured and ready for usage. This saves valuable engineering time as well as network bandwidth. Approved packages on the JSS: The JSS serves as the central repository for all the packages available across the organization, regardless of department or location. While file servers may be set up for load balancing, the JSS is the sole source for approved packages. That means that only software and updates that are approved by IT management are available to the client machines. This is an easy way to manage software versions, fonts, and utilities: If it’s not on the JSS, it can’t be installed with Casper. It’s that simple. Computer imaging with Casper and Casper Admin: When computers need to be deployed, the challenge is how to get standard applications and end user configurations on machines in the least amount of time, while maintaining consistency and accuracy. Casper’s modular approach to imaging makes configuring multiple images a breeze by building each configuration on a base image. The utilization of single OS or application packages used with multiple configurations means that identical components make up all the end user configurations. The system administrator puts the configurations together in Casper Admin, setting up parent and children images, and then pushes them out to the client machines. JAMF Software White Paper 12
  • 18. Managing the Macintosh Life Cycle with the Casper Suite With the pre-staging feature in the Casper Suite, IT can actually associate an image with a machine before it is even out of the box. When the end user plugs in the machine, it can be booted and configured by holding down one key on the keyboard. The machine goes direct from the loading dock to the end user’s desk with no layovers in IT. Configuration and settings management with Casper and Casper Admin: The ability to modify end user environments from a central location allows IT to respond to varying demands as rapidly as they arise. Configuration and settings management differs from remote deployment in that it modifies the existing user environment rather than adding or removing components. Settings include printers, security, and other user configurable options. Computer updates with Casper and Casper Admin: With the Casper Suite, machine imaging and updating are done with the same tool, ensuring consistency between new machines and those previously deployed. Since changes made to a parent configuration are inherited by all its children, updates are made once in a parent configuration and all associated child configurations are ready to go. The suite also uses a policy-based approach to tasks that means that recurring rules can be enforced automatically without the intervention of IT staff. Distribution of any file type also allows companies to easily release new documents, such as HR forms, to their employees in addition to software and settings. Remote utilities can be run during off- hours to have a minimum impact on business, while keeping machines well serviced. With the self-healing feature, the Casper Suite checks for packages that have been broken or removed, then repairs or reinstalls the packages automatically. Automated, scheduled repair and maintenance is invisible support that reduces interruptions and incidents for the end user, while giving time back to IT staff. 13 JAMF Software White Paper
  • 19. Managing the Macintosh Life Cycle with the Casper Suite Policy enforcement with Casper: End users are often unaware of the implications of their actions when they install unlicensed software, download copyrighted materials, and use unlicensed fonts. This opens up potentially crippling liabilities for companies, schools, and other organizations. To prevent this, organizations write policies that govern computer and internet usage. However they often lack the tools to track and enforce compliance – until now. IT can create custom policies in Casper, reflecting the organization’s culture and governance, that kill, remove, or notify management when restricted material surfaces on client machines. This flexible, custom control puts management back in the driver’s seat. Remote deployment with Casper: Updating software, releasing new printers and documents, and applying security updates on all network computers is a time consuming task that needs to be done multiple times per year. Remote deployment solutions reduce the time this takes by automating the distribution. Deployment is scheduled on your timetable, based on your triggers. Schools can reconfigure labs overnight on the weekends or remote users can get updates after returning to a certain building. If you can write a business rule for your deployments, you can write a policy in the Casper Suite that meets your particular needs. Remote control with CasperVNC: CasperVNC allows technicians to control client machines remotely to provide issue resolution to machines in the next room or miles away. Remote control saves the organization time, staff, and budget by minimizing end user down time, IT travel time and expenses, and allowing each technician to resolve more incidents every day. CasperVNC is secure because it is encrypted and centrally authenticated. JAMF Software White Paper 14
  • 20. RECON AND THE RECON SUITE Recon is a client application that completes its inventory in 45 seconds. No more clipboards. No more hand cramps. This application gathers an accurate inventory of all network devices and computers, including Mac OS 9, Mac OS X, and Windows machines. Every application, font, plug-in, peripheral, and device on the network is documented and communicated to the JAMF Software Server (JSS). It also logs MAC addresses, serial numbers, purchasing information, and allows IT to associate employees with computers by entering a small amount of personal data. In a larger environment, Active Directory or Open Directory can be used to help associate personal information with computers. If the organization is struggling with unauthorized software, Recon will find it in any directory on the computer. Recon uses no computer or network resources until it delivers information to the JSS based on the schedule created by the IT department. After delivering its information, Recon sits dormant until the next execution time, sparing the CPU from background processors and the network unnecessary traffic. This robust inventory capability delivers both the big picture and the granular detail needed to inform IT and business decisions. As the piece that lays the groundwork for a managed environment, Recon is an integral part of the Casper Suite. 15 JAMF Software White Paper
  • 21. RECON AND THE RECON SUITE The Recon Suite is also available as an independent application for The ReCoN SuITe: organizations grappling with inventory and asset management challenges. an independent, cross The Recon Suite includes Recon and the JSS and is an effective platform inventory introduction to the world of client management, solving immediate solution for your entire problems while providing a framework for additional functionalities of life network cycle management in the future. The Recon Suite works cross platform, reporting on both Macintosh and Windows machines and building a Casper uses a MySQL database, comprehensive database of all these assets. just one of the many industry standards in the Casper Suite. Custom scripts can be run against the database at any point for easy export to third party systems or in-house applications. Inventory covers Mac OS 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows NT4, 2000/2003 Professional, XP, and Vista. Machines running any other OS, such as Solaris or RedHat, can be added to the database manually for asset tracking purposes. Inventory scans of both hardware and software can be automated. Recon uses SSH to perform remote scans of hardware and software. If Features in 5.0 SSH is not enabled on the client machines, Composer will create a deployable ‘QuickAdd’ New reporting framework and built-in PDF reports package for you that will run an inventory scan and that can enable SSH. License management and reporting Network discovery and self-updating based on subnet (Mac OS only) The Recon Suite is broadly scalable, working across 10 to Greater scalability 100,000 client workstations. Requirements The Recon Suite has built in Mac OS: 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows: NT4, 2000/2003 reporting that can be exported to a number of PDF reports, csv, Professional, XP, Vista tab delimited, XML or custom HTML files that can include your company logo. JAMF Software White Paper 16
  • 22. COMPOSER Composer is the package creation utility in the Casper Suite. Composer allows you to point-and-click your way through the package creation process in four simple steps. Composer allows you to create both .PKG and .DMG style packages. Step 1: The Before Snapshot Composer takes a before snapshot of a computer’s existing directory structure. Step 2: Install, Configure, and Take the After Snapshot After you install and configure new software and remove the updaters, Composer will scan the directory structure and find all changes and modifications. These changes are automatically bundled up for you. 17 JAMF Software White Paper
  • 23. COMPOSER PACkAge BuILdINg Step 3: Validate Composer uses a snapshot Before a package is final, system for packaging. This Composer allows you to validate makes it easy to build a package without needing to the contents. Using Composer’s know the exact location or built in interface or the Finder, names of files that are installed. you can view all modified Whether your installer is a .pkg, directories to ensure that all .mpkg, .dmg, or VISE, Composer can capture them all. proper files are in place and to confirm that any upgrade or temporary files are not in the Packages can be saved in either package. the .dmg or .pkg format. When a package is saved to the .dmg format, user preferences can be pushed to the user templates Step 4: Package Type and any existing users on the client machine After verification, Composer will create a deployable package for you. Composer also comes with a feature called Convert Many packages can be built automatically if a certain Package that anticipates your set of software is detected. need to make changes to This reduces time spent on existing packages. Rollout of a the packaging process and final package can be controlled improves the accuracy of your packages. and scheduled across your entire network or through location- specific servers using Casper Admin and Casper. No command Composer can be used as a line or fixing permissions is troubleshooting tool. Do you required. need to know which files are affected by a certain preference change? Composer can capture any changes made in the Mac OS X interface and create a In addition to being a robust application within the Casper Suite, package based on the changes. Composer is available as a stand alone utility. See also a Composer demonstration at Requirements Mac OS: 10.2, 10.3, 10.4, 10.5 JAMF Software White Paper 18
  • 24. CASPER ADMIN Casper Admin simplifies building and updating standard configurations for you. Using the software packages created by Composer, Casper IMAge MANAgeMeNT Admin associates them with workgroups. The configurations are then The modular based approach deployed using Casper. to images in the Casper Suite means that software titles can Casper Admin is modular, allowing you to use one package for multiple be packaged once and used groups. It also creates a user standard for software and eliminates the in multiple configurations, eliminating repetitive work. It need to install and configure common packages multiple times. This also means that images can be increases the usability of a package by allowing it to be associated easily maintained by swapping with as many workgroups as necessary without having to recreate the out packages as needed package. Casper Admin can assign different packages to different through an easy drag and drop interface. groups so that customized installs can be implemented based on differing job functions, shifts, or usage needs. The parent-child relationship Because of this modular approach, it’s easy to update images in Casper between configurations Admin. For example, if an update is released to a piece of software, you in Casper Admin makes can edit the original package using Composer and drop the updated it easy to manage similar package into Casper Admin. Using Casper, you can quickly deploy this images by putting all the common packages in the update to remote computers that have the older version installed. At the base configuration. The smart same time, any new computers that are imaged also get the latest version configurations made from the of the software because the package is assigned to the workgroup. base configuration inherit all its packages. Additionally, when changes are made to the base, Casper Admin reduces the amount of time and labor needed to support its children are automatically end users with disparate software needs and provides a more consistent updated. and easier environment to manage. There is no need to maintain Requirements separated images for different hardware or OS types. Every Mac OS: 10.2, 10.3, 10.4, 10.5 package in Casper Admin has built in logic that can identify the machine processor and install the correct software. This same logic can also be used for software titles that require a specific version of Mac OSX or have other dependencies. After a machine is imaged using Casper, the JSS can remember which configuration was used, including any custom changes made to the configuration. That way, the next time the machine is imaged, the Casper Suite remembers the exact configuration, removing the need for long memories or image management spreadsheets. 19 JAMF Software White Paper
  • 25. CASPER Casper is the component that is used to image, update, and maintain existing Macintosh computers or set up new ones. Casper’s functionality means consistency between computers, whenever and wherever they’re deployed. Local or remote imaging is easy and packages can be pulled from local Mac OS X, Linux, Solaris, and/or Windows servers. You can schedule this activity across your network in the middle of the night, over the weekend, at login, or whatever works for your organization. Using Casper, you can reload a computer from scratch, remove unauthorized IMAgINg applications, perform preventative maintenance, and more. Casper can install OS upgrades. Using before and after scripts upon imaging, Casper can forklift user data to a separate location, image the OS partition, and restore any previous user data. This strategy makes the upgrade to the latest OS version a breeze for administrators while minimizing disruption to your users’ workflow. Casper’s imaging can be fully automated and eliminates the need for post-fixes, providing the ability to image client machines in remote locations without human intervention. Using a hidden partition, Casper allows imaging without a network connection so that mobile users can easily refresh a machine while out in the field. Local Imaging Network Startup devices can be used to individually image machines and is an effective imaging strategy. Casper can also cost-effectively deliver consistent first-images to all machines using a locally attached FireWire drive. Casper also gives you the flexibility to do more with your installs. Casper comes with options for installing configurations, such as erasing the disk, installing software, naming the computer, creating local user accounts, binding to Active Directory, specifying network settings, adding printers, and rebooting. Since all of these unique settings are established prior to imaging, there is very little post-fix work to be done. JAMF Software White Paper 20
  • 26. CASPER Remote updating ReMoTe dePLoyMeNT The most efficient way to update a deployed machine is to use Casper. Casper can both push and pull. Casper can push packages immediately or initiate a client side pull from Whether you are performing a file share that has the computer’s required packages. The forced pull remote administration or sitting requires dramatically lower network usage than the standard push to end directly at the client machine, software can be installed to users’ machines. The file shares that Casper uses as a package source meet your users’ needs. can be housed on Mac OS X, Linux, Solaris, and/or Windows computers. Since the only requirement for a package source is the support of AFP or SMB, an organization can have as many shares as needed to support Casper can remove older multiple floors or locations. versions of software. To uninstall software, simply create a package in Composer and Beyond standard package pushing and uninstalling, Casper has the Casper will know which files to ability to manage virtually every aspect of client computers. You can uninstall. manage the mapped printers, local accounts, Active Directory bindings, add or remove items from users’ docks, and run software updates from locally hosted SWU servers. Casper will restart downloading after interruption using the self- healing feature. Using Casper’s policy framework, clients will continue to run tasks until all tasks in a policy have been completed. Casper can work across subnets, whether clients are located in he next room or across the country. Using file servers at remote locations, clients in the remote location will look first to local file servers to minimize communication over the WAN. If the local file server becomes overloaded, the clients will automatically fall over to a secondary filer server. Pre-Staged Imaging With the pre-staging feature, IT can actually associate a configuration with a machine before it is even out of the box. When the machine is plugged in, it can be booted and configured by pressing one button. The machine goes direct from the loading dock to the end user’s desk with no layovers in IT. 21 JAMF Software White Paper
  • 27. CASPER Remote utilities Supporting machines that are frequently imaged and updated becomes easier because troubleshooting utilities can be run remotely. These actions can be run manually or on an automated schedule: • Update inventory • Fix permissions • Change administrator password • Search for any file • Search for any file type • Delete any file • Kill any active process running in memory • Run any UNIX command as Root • Flush caches Features in 5.0 Self-healing packages Pre-stage imaging for mass deployments Network discovery and self-updating based on subnet Greater scalability Requirements Mac OS: 10.2, 10.3, 10.4, 10.5 JAMF Software White Paper 22
  • 28. JAMF SOFTWARE SERVER – JSS The JSS is the web-enabled database that accepts and organizes all of the information from the other components of the Casper Suite. Unlike many utilities used in client management, the Casper Suite revolves around this centralized server. One common repository allows you to track all necessary information, monitor usage, and perform administrative tasks and support functions across multiple locations. The JSS Web Server Because the JSS is a web server running on your intranet, it allows users on Macintosh, Solaris, Linux and Windows platforms to access its functionality. Communication with the JSS is secure using industry standard SSL encryption. The JSS allows you to remotely track: • End user information • Purchasing, warranty, and vendor information • Hardware details • Software versions and base installs • Asset tags with bar code support 23 JAMF Software White Paper
  • 29. JAMF SOFTWARE SERVER – JSS Performing Administrative Tasks PoLICy eNFoRCeMeNT The convenience of the JSS makes administrative tasks easier. you can: The JSS will retry for machines that are off of the network. • Create users. This allows you to assign different levels of control to The JSS keeps a log of tasks different users in your IT department. that have run on a group of machines and those that have • Create departments. Set up functional workgroups within your not run an assigned set of work. organization. If the client is not on the network when a policy runs, the task will • Create buildings. Create logical names for your sites. be attempted the next time it is on the network. • Manage peripherals. Add, delete, and modify peripherals supported within your organization. The Casper Suite will replace software that the end user • Manage file servers. Add additional locations in order to pull deletes. Using the self-healing packages. feature, the Suite can compare a list of software that is currently • Manage LDAP servers. Add, delete, and edit LDAP servers to get user installed against a list of known and group information. software the machine should have and automatically restore it • Bind your Active Directory information with the JSS. to a known good state. Create policies. Policies allow you to perform all of the remote The Casper Suite can install management tasks that Casper can perform automatically. This allows files for later activation. When you to manage all of your client computers from any web browser. pushing packages using Casper, you have the option to store the packages to a cached location on the client to be installed later. Multiple Locations, one JSS The information passed between client machines and the JSS are The Casper Suite distributes the server load across multiple small XML transactions that enable data to be passed quickly over servers. great distances. The Casper Suite also takes advantage of file shares to pass its packages to client machines. This division of labor means The Casper Suite does not environments can have their configurations stored in one place while files require programming or scripting. All functions of are distributed from share points on local subnets. the Casper Suite can be managed using a combination of the web interface and GUI Features in 5.0 client applications. Casper’s entire policy engine can be managed through the web Greater scalability interface, thus allowing easy management from any New improved look and feel of the JSS machine that has a web browser, including Internet Explorer, Safari, or Firefox. Policies can be cached Requirements offline. Routine tasks such as flushing cashes, fixing Mac OS: 10.3 or 10.4, 10.5 Server Also; Windows: NT4, 2000, XP, 2003 permissions, or installing cached software packages Server, Red Hat, SUSE, Solaris can be run without a network connection. JAMF Software White Paper 24
  • 30. CASPERVNC Assisting end users is more convenient through the use of CasperVNC. This tool allows you to observe and control a managed desktop using your keyboard and mouse. This works well for certain kinds of training, providing immediate assistance to end users, and troubleshooting. The down time associated with having to get to a user’s office is gone. If you have traveling staff or users, they no longer have to wait until they get back to the office to receive support. As travel costs increase and efficiency becomes more important, CasperVNC can lower expenses CASPeR VNC SeCuRITy immediately. CasperVNC tunnels connections through SSH. The VNC server CasperVNC is also a secure way to accomplish remote control of is launched on demand when client machines because there is not an agent listening for an inbound trying to control or observe a connection. Administrators with the proper credentials must initiate the remote client. This minimizes the possibility of a security threat session, which then starts VNC through SSH. When the problem is solved through the VNC port on client and the administrator is finished, quitting the VNC session kills the machines. application on the client side and the entire transaction is logged in the database. Now you know who controlled which machine at what time and Every connection and all remote from which IP address. control, including VNC, are logged centrally in a database. Security, documentation, and accountability are built in to the CasperVNC. Every connection is centrally authenticated to the JSS or directory service. See the JAMF Software Security Presentation at media/video.php Requirements Mac OS: 10.2, 10.3, 10.4, 10.5 25 JAMF Software White Paper
  • 31. TRAINING AND SUPPORT JAMF Software’s commitment to staff development Acquiring software is only half the challenge: Implementation is where real change happens. JAMF Software and its integration partners deliver initial installations, training, and certification, as well as other professional development services, to ensure that you get the most out of your investment. If you don’t have time to do it yourself, we also deliver specific projects, including inventory, imaging, and package building, using the Casper Suite toolset. JAMF Software is about solutions, as well as writing code. JumpStart This onsite visit introduces the Casper Suite to your environment and gets it up and running correctly. Working with your IT staff, Certified Casper Administrators from JAMF Software or our approved integrators will install your JSS, inventory a subset of your computers, and create packages. The JumpStart lasts three to five days and may also include other tasks that solve your immediate problems, depending on your organizational needs. At the end of the JumpStart Program, you will better understand how to resolve the business challenges facing your network by using the tools within the Casper Suite. CCA – Certified Casper Administrator The CCA course is intended for individuals who have existing Casper Suite installations that they want to improve. This 4-day course is a hands-on series of exercises where system administrators increase their proficiency through problem resolution using the Casper Suite. This is a great opportunity to strengthen current skills, connect with the JAMF peer community, and get the most out of the Casper Suite. Imaging. Package Building. Inventory. We can do it for you. Ask us about our project delivery programs. JAMF Software White Paper 26
  • 32. TRAINING AND SUPPORT Annual Support Agreements (ASA) The ASA entitles users to new versions or product updates, and includes phone and email technical support. We encourage customers to contact us for assistance and support. Our goal is to provide a high level of customer service, with a four-hour response time to support requests whenever possible. The ASA also includes product documentation, including a librarian indexed, searchable pdf, and access to the product List Serve and related mailing list archives. Support Mailing Lists Current administrators share ideas and thoughts regarding their installations using the JAMF Software Support Mailing Lists. Occasionally, problems that are encountered at one institution have been resolved by another and answers are shared through this peer network. There is no charge to join the list, and there are no requirements that you be a customer or prospective customer before being granted access. 27 JAMF Software White Paper
  • 33. PURCHASING JAMF Software provides several ways for organizations to step into a managed client environment. From a stand-alone packaging utility to the full Casper Suite, organizations can address the challenges they have today with the appropriate applications. JAMF Software is focused on solving the problems of customers. The versatile framework of the Casper Suite allows an organization to use our toolset creatively to create custom policies and solutions. The JAMF Software development cycle is responsive to client feature requests, and we have tried to provide applications that speak to your needs, projects, and requirements. Composer If you just need a better package building utility, Composer fits the bill. Easy, flexible, and fast, Composer allows you to build packages that make imaging and updating more efficient than ever before. The Recon Suite If you are facing a Macintosh or cross platform audit, or want to build and maintain a centralized hardware and software database, the Recon Suite is a good fit. Some organizations need to do a detailed, accurate inventory before they can even start thinking about overall client management. Because IT assets come in all shapes and sizes, Recon works cross platform, compiling a complete inventory of your Windows and Macintosh machines, software, and peripherals. The Recon Suite is the first step toward a no-surprises environment. When you are ready, you can always step up to the full Casper Suite. The Casper Suite Our most robust collection of software, the Casper Suite is for those organizations that are ready for an integrated client management system, where inventory talks to updates, packages talk to imaging, and updates talk to imaging. Once an organization installs and runs the client network with this approach, they rarely go back. Automated life cycle management is simply the most efficient, accurate, and complete method of taking care of a large number of machines. Casper Suite is the only complete client management solution developed exclusively for the Macintosh platform. Inventory. Image. Update. Maintain. JAMF Software White Paper 28
  • 34. COST STRUCTURE Pricing for the Casper Suite and the Recon Suite is calculated per client machine. The per seat price includes the installation of one JSS, with as many file share (child) servers as the organization requires. discounts Discounts on the per seat price are applied for volume purchases. Annual Support Agreement (ASA) The cost of either suite from JAMF Software also includes the ASA, which is calculated at 18% of the purchase price. Annual maintenance is mandatory and entitles the customer to all product updates for a year, plus free email and phone support from JAMF Product Specialists. Annual maintenance is due every year on the anniversary of the date of purchase. Every year, the customer runs a count of it is managed client machines and trues up the seat count for the upcoming year. Serving education JAMF Software is a proud supporter of K-12 and higher education. JAMF Software knows that educators must manage large organizations on tight budgets. Though moving these large client bases to a managed environment will save significant budget all by itself, the initial purchase price can be difficult for some schools. With that in mind, JAMF Software provides purchase discounts to these organizations to enable them to realize the savings and benefits of moving to a managed environment. Higher education receives a 30% discount off the commercial per seat price. The ASA is calculated at 18% of the actual purchase price. K-12 educators participate in JAMF Software’s ‘straight to maintenance’ program. This means that the per seat purchase price is discounted 100% and the school system is responsible only for the ASA, calculated at 18% of the commercial purchase price. K-12 technical departments can manage their networks with a predictable, annual budget item. Where school systems are implementing or managing one-to-one programs, this can mean the difference between adding staff or performing better support with existing staff. Please contact JAMF Software for details about pricing for your organization! 29 JAMF Software White Paper
  • 35. This page intentionally left blank JAMF Software White Paper 30
  • 36. Casper Suite Summary Component Function Requirements Local and remote installation of software; remote utilities Mac OS X Organizes software packages and scripts Mac OS X Allows for the remote viewing and control of managed Mac OS X desktop computers Package creation utility Mac OS X: 10.2, 10.3, 10.4, 10.5 Centralized hub through which all other applications Mac OS X or 10.4 Server interact; hosted web database Windows NT4, 2000, XP, Server 2003 Red Hat, SUSE, Solaris Gathers inventory and asset information that is sent back Mac OS: 8.6, 9, Mac OS X to the JSS Windows NT4, 2000/2003 Professional Contact Information JAMF Software Minneapolis (612) 605-6625 1011 Washington Ave. S New York (646) 416-6923 Suite 350 Los Angeles (213) 291-8863 Minneapolis, MN 55415 London 020 7993 8364 Support (612) 216-1296 Support UK 020 3002 3907 Revision Date: 8/20/08