The SIMS PartnershipTransforming health care deliveryThe SIMS PartnershipTransforming health care deliveryThe SIMS PartnershipTransforming health care deliveryMAC EvaluationProof of Concept – Standards ReviewPresenter: Kevin TsaiDate: March 27, 2013
The SIMS PartnershipTransforming health care delivery2Agenda• Summary/Background• Critical Objectives• Timelines/Milestones• Findings/Testing Matrix• Recommendations/Conclusions• Questions
The SIMS PartnershipTransforming health care delivery3Summary/Background– SIMS investigated developing standardized processes and methods forintegrating Mac computers securely into our network infrastructurewhile establishing the capability to properly service a Mac population.SIMS was looking to make the Mac an alternative platform for endusers with the intention of ensuring Mac is fully compliant with UHN’stechnology/security/privacy standards.– The Proof of Concept focused on a single security profile with the goalof proving security, integration, standardized security configurations(i.e. Encryption/Antivirus/VPN), supportability, and a repeatableprovisioning process.– This POC project involved no more than 5 users from the technologysupport groups.
The SIMS PartnershipTransforming health care delivery4Critical ObjectivesThe UHN end user should be able to use their Proof of Concept Mac to.•Use the corporate wireless network•Meet the documented UHN Enterprise Security Policies & Standards•Use UHN VPN•Use Entourage or Outlook 2011 for Mac to connect to UHN’s Microsoft Exchange servers•Use Winmagic to encrypt Mac laptop hard drive and prevent unencrypted USB storage•Use McAfee Antivirus software including ePO agent for remote management and applicationadministration•Use Citrix applications
The SIMS PartnershipTransforming health care delivery5Timelines/Milestones
The SIMS PartnershipTransforming health care delivery6Finding(s)/Testing MatrixTestingResultCommentsDescription Tested ByUHN VPN Kevin Tsai Y Cisco Client is not requiredConnecting to UHN Email using MAPI Client Kevin Tsai Y Authenticating required when launching Outlook (expected outcome for a non-domain device)Connecting to UHN Wireless (corporate) Kevin Tsai Y No issues foundAntivirus Software (McAfee for MAC) Kevin Tsai Y The McAfee for MAC has to be purchased if neededStandard Office Application (Office for MAC 2011) Kevin Tsai Y No issues foundLync (Lync for MAC) Kevin Tsai Y No issues foundStandard UHN Encryption Software (WinMagic) Daniel Chen NTested two Macs with SecureDoc 5.3 and it appears the hard drives are fully encrypted withSecureDoc 5.3, however the mandatory encryption policy that applies to UHN managedWindows clients cannot be applied to these two test Macs. One of the observed issues is thatWinMagic encryption software tends to be behind the Mac OS update release. RecentlyWinMagic released SecureDoc 6.1 that offers the full disk encryption that uses the built-inFileVault 2 in Mac OS.Standard MAC native disk encryption (filevault 2) Daniel Chen NEncrypted the internal drive without any issues. Other issues are it does not encrypt theremovable media (USB) and the data is not recoverable if user lost the password/key. (JAMFhas the ability to insert the corporate key for this particular scenario so the data is stillrecoverable if the BYOD Mac has enrolled under JAMF)Citrix Kevin Tsai Y Citrix Recevier was tested with the ability to launch standard UHN Citrix Applications.MAC Management/Inventory Suite (JAMF-SCCM like) Kevin/Daniel/Mario/Greg MJAMF (Mac management/reporting/inventory tool) that is not included in the BYOD projectcharter initially but we feel that it offers great value/assurance that we will need a tool toinventory or even to manage the BYOD Mac devices if needed. Further $ ($6K - JumpStartwith the fully functional POC server) required from UHN management’s approval if we want toinvestigate the product in a deeper level as we have already done the initial POC for theduration of one month. Sunnybrook is currently using the same product to manage theirBYOD Mac devices with great successMAC POC Testing Matrix
The SIMS PartnershipTransforming health care delivery7Recommendations/ConclusionsConclusions•MAC does not meet the requirements of our standard corporate securitypolicy and government regulations (Winmagic policy remote push & USBdata encryption)•There are financial implications and a separate management infrastructurewill be needed if we want to manage MAC. (Estimated $20K CapEx for JAMFInfrastructure, $140/yr/per devices for JAMF, $12K OpEx/yr/per server; antivirus/office & other CALs are extra)Recommendation•MAC should be managed as BYO guideline/corporate IT policy and will betested during future BYO proof of concepts (e.g. Mobile Data andApplication Platform)
The SIMS PartnershipTransforming health care delivery8Questions?