JAMF Software White Paper This page intentionally left blank
Table of Contents
Summary of Benefits 1
IT Challenges 2
Business Challenges 3
Client Management Solutions for IT Managers 4
Lowered Costs 5
Client Management in the Macintosh Environment 6
Return on Investment of the Casper Suite: A Case Study 7
The Casper Suite – An Overview 11
Recon and The Recon Suite 15
Casper Admin 19
JAMF Software Server – JSS 23
Training and Support 26
Casper Suite Summary Back Cover
JAMF Software White Paper
Summary of Benefits
While Apple computers in the enterprise have long been unmanaged,
many organizations are beginning to recognize the need to bring their
Macs into a managed state. Faced with larger populations of Macs and
greater pressure from end users, organization management, and auditors,
IT managers are faced with the challenge of finding a client management
solution for the Macintosh platform.
End users are now demanding a more pro-active, invisible approach
to support for their Macs to increase their uptime and improve their
overall experience. IT management is charged with making sure that the
investment the organization has made into Apple hardware is maximized
by seamless support. Every machine should work every day. Using client
management software enables IT to provide remote, automated, pro-
active support that improves the end user experience and minimizes
Organizations are now making the same demands of Mac IT managers
as they do of those managing computers on other platforms, including
accountability, planning, and security. No longer are the Macs living
on the fringes of the organization. Client management software for the
Macintosh platform can bring first class support to Macs while reducing
liability for the organization by providing an inventory of hardware and
software, managing user privileges, and increasing security. Remote,
automated support also significantly reduces the organization’s cost for
support by increasing efficiency dramatically.
The Casper Suite is the one suite of client management software
developed exclusively for the Macintosh platform. As such, it offers a
native solution that provides great breadth and depth of functionality for
IT managers including inventory, package building, image management,
remote imaging, remote updates, management and a powerful framework
for automated support.
In the following pages, the challenges of IT and modern organizations
are explored in more detail, followed by how the Casper Suite addresses
1 JAMF Software White Paper
The Enterprise IT department is responsible for managing end user
computers from the loading dock to the recycler. Along the way, the
machines go through several phases of management: new machine
deployment, software updates, new software distribution, and issue
resolution. All the while, user and company data must be protected and
secure, the company must know the status of all hardware and software,
and the end user must experience minimal disruption.
Like any piece of business infrastructure, IT hardware, software and staff
exist solely to support and enable the core business of the organization.
The business of a school is education, not technology. The business of
an ad agency is innovative ideas, not technology. IT is at its best when
it is invisible to the end user. This goal drives IT professionals to seek
solutions to client management challenges that enable them to support
the end user with minimal inconvenience and loss of production to the
.................................... .................................... .................................... ....................................
New machine deployment Software Updating New Software Distribution Issue Resolution
.................................... .................................... .................................... ....................................
create image download .pkg convert updaters convert installers update software
installers to .pkg to .pkg
apply image distribute .pkg hardware repair
distribute .pkg to computer
configure settings & printers modify settings
.............................. automated re-image run utilities
move user data
Protect user data notification
backup user data
In order to ensure that the IT department is managing every phase of the
machine life cycle, it is helpful to break down each phase into tasks that
a typical IT department performs. One way or another, this work is getting
done, whether by hand, scripts, software, or, most often, a combination of
JAMF Software White Paper 2
The business of an IT department and of technological assets presents
distinct challenges to managers and technologists. The manager is not
concerned with the details of how to push a package to a client machine.
Instead, the manager is responsible for bringing projects in on time
and under budget, maintaining legal compliance for software licensing,
ensuring the backup and security of company data, budgeting for new
hardware and software purchases, and staffing the IT department to
provide ‘invisible’ support.
Does image meet client needs? Have we tested updates? How many copies do we need?
Do we have
Who has which rights?
Business Continuity Are we under warranty?
How do we ensure What are our
What software does not comply with our standards?
backup? notiﬁcation criteria?
To make sound business decisions, IT managers and company financial
officers rely on sound data from the technologists in the field. If the tech
staff is using a variety of ad hoc solutions to manage client machines,
retrieving this data may be a project all by itself. This approach may
leave the business at risk when software audits or purchasing decisions
inevitably come around.
3 JAMF Software White Paper
Client Management Solutions for IT Managers
Moving a large number of machines into a managed client environment
is an undertaking that results in several positive outcomes for IT
management. The overall goal is better IT service and support for lower
costs. However, defining “better IT service and support” and “lower costs”
is the subject of endless study and debate. Most managers agree upon a
few aspects of these ideals.
Better IT service and support means focusing staff on minimizing
machine downtime and maximizing productivity.
A managed client environment achieves this goal through automation
and remote control, allowing staff to move from a reactive to a pro-
active approach. Automation of repetitive tasks frees up the IT staff for
planning, implementation, projects, and time with end users. Remote
control of client machines allows system administrators to quickly resolve
most problems without a trip to the desktop. The option of quickly
reimaging machines, while preserving user data, returns machines to a
known good state in less time than most problem diagnosis.
Better IT service and support means managing software licenses
efficiently and accurately.
Managers are all too familiar with questions of compliance in the modern
business, with regulations like Sarbanes-Oxley requiring detailed,
accurate reporting of software licenses. Setting an organizational
standard for software and versions so that users can share files, or simply
purchasing new licenses, can turn into a spreadsheet challenge if the
environment is not managed. Technologists are diverted from support
and repurposed to gather information about existing assets. Automated,
detailed inventory reporting in the managed environment keeps IT
resources tasked to organization business, reduces liability, prevents
overspending, and maintains software versions across the organization.
See the “JAMF Software Study of Sarbanes-Oxley Compliance and the
Casper Suite” for more information.
“ Making Macs
first class citizens in the enterprise.
JAMF Software White Paper 4
From a cost center to a corporate resource.
Evaluating the cost savings associated with the managed client
environment can be tricky because of the traditional separation of the
various aspects of IT: Hardware, software, and staff are all major cost
centers and organizational budgets may be separated along these lines.
Client management software affects cost savings in all three aspects
of IT, as well as providing peace of mind regarding data backups, legal
compliance, and security issues.
Cost savings for staffing
Client management solutions are incomplete without the ability to provide
support from a remote location. The amount of time saved by remote
resolution drastically increases the number of end user incidents that can
be resolved by a single technician in one day. Automation of tasks such
as inventory, new machine deployment, software updates, new software
distribution, and incident notification allow the IT department to support
a greater number of machines with fewer staff. See the “MDC Partners
Casper Suite ROI Study” for more information.
Cost savings for software and hardware
Hardware and software purchases represent a significant investment for
any organization. Complete and accurate inventories can be used to plan
purchases and allocation of software licenses. The efficient allocation
of organization resources prevents overspending to ensure license
compliance or duplication of spending because company assets are lost
5 JAMF Software White Paper
Client Management in the Macintosh Environment
For years, conventional wisdom has kept Macintosh computers out of the
large scale enterprise environment except for a few creative industries.
However, according to Computerworld magazine, Apple is making inroads
into larger organizations and Macintosh machines are becoming more
common in the enterprise. This trend may be attributed to security
concerns with Windows PCs, the popularity of Apple’s consumer products,
and the advent of the Intel chip in Macs (Seth Weintraub, “Why Apple’s
‘consumer’ Macs are enterprise-worthy” Computerworld.com, March 9,
Both enterprises switching to the Macintosh platform and organizations
that have been using Macs for a long time are now looking at client
management solutions. Sarbanes-Oxley compliance and manufacturers’
audits drive some organizations toward client management. Tight budgets
and the need for greater operational efficiencies drive others, while
others look to expand user bases without expanding the IT staff. Client
management solutions available for the Macintosh platform may be cross
platform hybrids or utilities that address only a part of the client life cycle.
Only one product, the Casper Suite from JAMF Software™, provides a
comprehensive client management solution that is developed exclusively
for the Macintosh enterprise.
Using a native Macintosh solution such as the Casper Suite allows IT
to use a tool that has been developed for Apple hardware and the
Macintosh Operating System (OS). This means that there are no issues
of compatibility with Apple machines and no need for non-Macintosh
hardware or servers. Technically, it also means that the Casper Suite
treads lightly on client machines: No agents or applications are installed
on the client machine.
Even so, the Casper Suite is a powerful toolset, providing great breadth
and depth of management functionality. The Casper Suite is designed
by engineers who work with Macintosh hardware and software. JAMF
Software™ developers value the intuitive ease and beauty of Apple
products and work to translate those values into the Casper Suite.
Managing Macs with the Casper Suite combines all the benefits of a
powerful client management tool with an elegant user experience.
JAMF Software White Paper 6
Return on Investment of the
Casper Suite: A Case Study
JAMF Software - Casper Suite
Return on Investment Analysis
MDC Partners is a portfolio of best-in-class marketing extremely time and labor intensive process. Without the
communications companies whose strategic and use of tools to automate the process, an administrator
innovative solutions lead the marketing industry, attract would typically have to go to every workstation or laptop
the finest talent, and achieve outstanding results for and manually configure the devices. More experienced
clients. administrators can write scripts to install the printers, but
the execution of the script would require manual
We are a publicly traded company with compliance intervention by the end users. With the use of the Casper
requirements driven by Sarbanes-Oxley and our clients. Suite, we can now deploy the devices to user computers,
Because of the computing platform widely used in our without visiting the machines, from a central server in
industry, many organizations have difficulties executing the organization, thus allowing lower level system
controls systematically that enforce their IT and administrators to distribute and install printers on
corporate policies. hundreds of workstations in approximately 15 minutes.
Additionally, the Casper Suite allows for the creation of
The Casper Suite of products has allowed us to define user groups that allow administrators to even further
and efficiently implement controls through a centrally increase their efficiency by only deploying resources such
managed set of tools. The tool set has allowed us to as printers to the workstations that require them.
focus our efforts on growing the organization through
effective use of IT and not requiring our resources to Remote deployment of applications to the user
spend their time on maintenance. community greatly reduces the need for support
individuals to visit each desktop when upgrading or
Currently several of our partner firms are using the installing new applications. Additionally, the deployment
Casper Suite and many more are in various stages of can be defined to user groups which help to manage the
evaluating, acquiring and deploying the tools. inventory of licenses distributed. The Casper Suite
allows us to create packages that can be distributed
systematically for any application from any vendor.
Automation tools are widely used so administrators can The Casper Suite brings enterprise level management
focus their efforts on tasks that benefit the organization tools to the Apple platform. For a long time Windows
far more than the utilitarian functions that often administrators have been able to define and enforce
consume their time. Return on investment for policies on users machines from a central location. The
administrative and management tools is a function of Casper Suite brings many of these types of features to
efficiency and time savings directly driven by labor cost. the Apple platform. The ability to automatically discover,
The more efficiently people work, the more productive remove and report on applications installed by end users
they are, therefore less people are required to support is critical to any organization. These applications, fonts
the organization. etc… pose a serious security risk to organizations as well
as a financial liability.
The time for tasks, such as provisioning a computer, is
significantly reduced by the ability to create a standard There is a significant amount of savings when using the
image by class of user and push out that image to new Casper Suite to create and enforce security policies.
machines or to devices that need to be re-deployed. The Significant savings are seen when end users are prevented
process of configuring a machine manually used to be from performing actions that would increase the need
approximately 4 hours per machine. Utilizing the Casper for support. Functions like application blacklisting,
Suite, the same process is now performed in about 15 automated software updates, and automated e-mail
minutes. notifications ensure users workstations are current with
patches and fixes as well as ensuring they do not change
Printers are constantly changing across the organizations. configurations or install unauthorized software that can
They are replaced due to age, wear and tear, and pose a threat to the machine and the other workstations
upgraded for better print quality and performance. The on the network.
process of provisioning printers on the network is an 8
JAMF Software - Casper Suite
Return on Investment Analysis
Based on surveys performed across our partner firms currently using the Casper Suite the
following represents time savings for typical tasks performed by IT support personnel.
(In Hours) Per Machine Per Machine Year 2 forward
Before Casper After Casper Time Savings Dollar Savings Annual Savings Annual Savings
Hours to deploy new MAC 4.0 0.5 3.5 $87.50 $87.50 $0.00
Hours to roll out patch and/or printer maintenance 0.5 0.1 0.4 $10.00 $100.00 $120.00
Hours performing preventative maintenance per month 1.0 0.3 0.8 $18.75 $225.00 $225.00
Estimated savings due to security policy enforcement 0.5 0.1 0.4 $10.00 $120.00 $120.00
Hours to inventory IT assets and related SW 0.5 0.1 0.4 $10.00 $120.00 $120.00
Total Savings $136.25 $652.50 $585.00
Cost/machine year 1 * $118.00 $18.00
Return in efﬁciency - dollars per machine $534.50 $567.00
Cost savings for organization based on 50 machines $26,725.00 $28,350.00
*Note: Cost/machine depends on the number of machines managed with the Casper Suite.
This page intentionally left blank JAMF Software White Paper 10
The Casper Client Management Suite - Overview
An overview of the Casper Suite
The Casper Suite offers one set of tools to address all aspects of
Macintosh client management including inventory, package building,
configuration, image management, image deployment, remote updates,
and scheduled maintenance. Since all these applications are fully
integrated, there is no need to import or export data or to force diverse
tools to work together. Because the architecture all flows through
one central database, dynamic inventory information can be used in
scheduled maintenance and packages are used for both imaging and
updates, promoting efficiency and consistency. The simple user interface
ensures that the Casper Suite is not reliant upon one devoted system
administrator. The workload can be balanced, with privileges based upon
the user’s role in the organization.
11 JAMF Software White Paper
Managing the Macintosh Life Cycle with the Casper Suite
Inventory and asset management with Recon:
An organization’s hardware and software purchases represent a
significant investment. Complete, accurate, and timely inventories are
usually used to ensure compliance and facilitate planning. However,
when the state school board or parent company requires a full software
and hardware audit, those system administrators with Recon running
inventory can rest easy. Departments with an unmanaged system may
look forward to adding staff and putting other projects on hold to
meet audit requirements. IT managers can run Recon on a customized
schedule using the suite’s advanced reporting frameworks to create
branded reports that are ready for review by management or auditors.
Several standard templates are included in the suite that meet common
requirements and customized reports can be created.
Package building with Composer:
When software is purchased from manufacturers it usually needs to be
configured or customized to meet the requirements of the end users.
Rather than doing this customization after installation as a post-fix, the
use of packages and Casper Admin allows changes to be made prior to
distribution so that the software arrives configured and ready for usage.
This saves valuable engineering time as well as network bandwidth.
Approved packages on the JSS:
The JSS serves as the central repository for all the packages available
across the organization, regardless of department or location. While file
servers may be set up for load balancing, the JSS is the sole source for
approved packages. That means that only software and updates that are
approved by IT management are available to the client machines. This is
an easy way to manage software versions, fonts, and utilities: If it’s not on
the JSS, it can’t be installed with Casper. It’s that simple.
Computer imaging with Casper and Casper Admin:
When computers need to be deployed, the challenge is how to get
standard applications and end user configurations on machines in
the least amount of time, while maintaining consistency and accuracy.
Casper’s modular approach to imaging makes configuring multiple
images a breeze by building each configuration on a base image. The
utilization of single OS or application packages used with multiple
configurations means that identical components make up all the end user
configurations. The system administrator puts the configurations together
in Casper Admin, setting up parent and children images, and then pushes
them out to the client machines.
JAMF Software White Paper 12
Managing the Macintosh Life Cycle with the Casper Suite
With the pre-staging feature in the Casper Suite, IT can actually associate
an image with a machine before it is even out of the box. When the end
user plugs in the machine, it can be booted and configured by holding
down one key on the keyboard. The machine goes direct from the loading
dock to the end user’s desk with no layovers in IT.
Configuration and settings management with Casper
and Casper Admin:
The ability to modify end user environments from a central location
allows IT to respond to varying demands as rapidly as they arise.
Configuration and settings management differs from remote deployment
in that it modifies the existing user environment rather than adding or
removing components. Settings include printers, security, and other user
Computer updates with Casper and Casper Admin:
With the Casper Suite, machine imaging and updating are done with
the same tool, ensuring consistency between new machines and those
previously deployed. Since changes made to a parent configuration
are inherited by all its children, updates are made once in a parent
configuration and all associated child configurations are ready to go.
The suite also uses a policy-based approach to tasks that means that
recurring rules can be enforced automatically without the intervention
of IT staff. Distribution of any file type also allows companies to easily
release new documents, such as HR forms, to their employees in
addition to software and settings. Remote utilities can be run during off-
hours to have a minimum impact on business, while keeping machines
well serviced. With the self-healing feature, the Casper Suite checks
for packages that have been broken or removed, then repairs or
reinstalls the packages automatically. Automated, scheduled repair and
maintenance is invisible support that reduces interruptions and incidents
for the end user, while giving time back to IT staff.
13 JAMF Software White Paper
Managing the Macintosh Life Cycle with the Casper Suite
Policy enforcement with Casper:
End users are often unaware of the implications of their actions when
they install unlicensed software, download copyrighted materials, and
use unlicensed fonts. This opens up potentially crippling liabilities
for companies, schools, and other organizations. To prevent this,
organizations write policies that govern computer and internet usage.
However they often lack the tools to track and enforce compliance – until
now. IT can create custom policies in Casper, reflecting the organization’s
culture and governance, that kill, remove, or notify management when
restricted material surfaces on client machines. This flexible, custom
control puts management back in the driver’s seat.
Remote deployment with Casper:
Updating software, releasing new printers and documents, and applying
security updates on all network computers is a time consuming task that
needs to be done multiple times per year. Remote deployment solutions
reduce the time this takes by automating the distribution. Deployment
is scheduled on your timetable, based on your triggers. Schools can
reconfigure labs overnight on the weekends or remote users can get
updates after returning to a certain building. If you can write a business
rule for your deployments, you can write a policy in the Casper Suite that
meets your particular needs.
Remote control with CasperVNC:
CasperVNC allows technicians to control client machines remotely to
provide issue resolution to machines in the next room or miles away.
Remote control saves the organization time, staff, and budget by
minimizing end user down time, IT travel time and expenses, and allowing
each technician to resolve more incidents every day. CasperVNC is
secure because it is encrypted and centrally authenticated.
JAMF Software White Paper 14
RECON AND THE RECON SUITE
Recon is a client application that completes its inventory in 45 seconds.
No more clipboards. No more hand cramps. This application gathers an
accurate inventory of all network devices and computers, including Mac
OS 9, Mac OS X, and Windows machines. Every application, font, plug-in,
peripheral, and device on the network is documented and communicated
to the JAMF Software Server (JSS). It also logs MAC addresses, serial
numbers, purchasing information, and allows IT to associate employees
with computers by entering a small amount of personal data.
In a larger environment, Active Directory or Open Directory can be used
to help associate personal information with computers. If the organization
is struggling with unauthorized software, Recon will find it in any directory
on the computer. Recon uses no computer or network resources until it
delivers information to the JSS based on the schedule created by the IT
department. After delivering its information, Recon sits dormant until the
next execution time, sparing the CPU from background processors and
the network unnecessary traffic. This robust inventory capability delivers
both the big picture and the granular detail needed to inform IT and
business decisions. As the piece that lays the groundwork for a managed
environment, Recon is an integral part of the Casper Suite.
15 JAMF Software White Paper
RECON AND THE RECON SUITE
The Recon Suite is also available as an independent application for The ReCoN SuITe:
organizations grappling with inventory and asset management challenges. an independent, cross
The Recon Suite includes Recon and the JSS and is an effective platform inventory
introduction to the world of client management, solving immediate solution for your entire
problems while providing a framework for additional functionalities of life network
cycle management in the future. The Recon Suite works cross platform,
reporting on both Macintosh and Windows machines and building a Casper uses a MySQL database,
comprehensive database of all these assets. just one of the many industry
standards in the Casper Suite.
Custom scripts can be run
against the database at any
point for easy export to third
party systems or in-house
Inventory covers Mac OS 8.6, 9.x,
10.1, 10.2, 10.3, 10.4, 10.5, Windows
NT4, 2000/2003 Professional,
XP, and Vista. Machines running
any other OS, such as Solaris or
RedHat, can be added to the
database manually for asset
Inventory scans of both
hardware and software can
be automated. Recon uses
SSH to perform remote scans
of hardware and software. If
Features in 5.0 SSH is not enabled on the
client machines, Composer will
create a deployable ‘QuickAdd’
New reporting framework and built-in PDF reports package for you that will run
an inventory scan and that can
License management and reporting
Network discovery and self-updating based on subnet (Mac OS only)
The Recon Suite is broadly
scalable, working across 10 to
Greater scalability 100,000 client workstations.
The Recon Suite has built in
Mac OS: 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows: NT4, 2000/2003 reporting that can be exported
to a number of PDF reports, csv,
Professional, XP, Vista tab delimited, XML or custom
HTML files that can include your
JAMF Software White Paper 16
Composer is the package creation utility in the Casper Suite. Composer
allows you to point-and-click your way through the package creation
process in four simple steps. Composer allows you to create both .PKG
and .DMG style packages.
Step 1: The Before Snapshot
Composer takes a before
snapshot of a computer’s existing
Step 2: Install, Configure, and
Take the After Snapshot
After you install and configure
new software and remove the
updaters, Composer will scan
the directory structure and find
all changes and modifications.
These changes are automatically
bundled up for you.
17 JAMF Software White Paper
Step 3: Validate
Composer uses a snapshot
Before a package is final, system for packaging. This
Composer allows you to validate makes it easy to build a
package without needing to
the contents. Using Composer’s know the exact location or
built in interface or the Finder, names of files that are installed.
you can view all modified Whether your installer is a .pkg,
directories to ensure that all .mpkg, .dmg, or VISE, Composer
can capture them all.
proper files are in place and
to confirm that any upgrade or
temporary files are not in the Packages can be saved in either
package. the .dmg or .pkg format. When
a package is saved to the .dmg
format, user preferences can be
pushed to the user templates
Step 4: Package Type
and any existing users on the
After verification, Composer will
create a deployable package
for you. Composer also comes
with a feature called Convert Many packages can be built
automatically if a certain
Package that anticipates your set of software is detected.
need to make changes to This reduces time spent on
existing packages. Rollout of a the packaging process and
final package can be controlled improves the accuracy of your
and scheduled across your entire
network or through location-
specific servers using Casper
Admin and Casper. No command Composer can be used as a
line or fixing permissions is troubleshooting tool. Do you
required. need to know which files are
affected by a certain preference
change? Composer can capture
any changes made in the Mac
OS X interface and create a
In addition to being a robust application within the Casper Suite, package based on the changes.
Composer is available as a stand alone utility. See also a Composer
demonstration at www.jamfsoftware.com/media/video.php
Mac OS: 10.2, 10.3, 10.4, 10.5
JAMF Software White Paper 18
Casper Admin simplifies building and updating standard configurations
for you. Using the software packages created by Composer, Casper IMAge MANAgeMeNT
Admin associates them with workgroups. The configurations are then
The modular based approach
deployed using Casper.
to images in the Casper Suite
means that software titles can
Casper Admin is modular, allowing you to use one package for multiple be packaged once and used
groups. It also creates a user standard for software and eliminates the in multiple configurations,
eliminating repetitive work. It
need to install and configure common packages multiple times. This
also means that images can be
increases the usability of a package by allowing it to be associated easily maintained by swapping
with as many workgroups as necessary without having to recreate the out packages as needed
package. Casper Admin can assign different packages to different through an easy drag and drop
groups so that customized installs can be implemented based on
differing job functions, shifts, or usage needs.
The parent-child relationship
Because of this modular approach, it’s easy to update images in Casper between configurations
Admin. For example, if an update is released to a piece of software, you in Casper Admin makes
can edit the original package using Composer and drop the updated it easy to manage similar
package into Casper Admin. Using Casper, you can quickly deploy this images by putting all the
common packages in the
update to remote computers that have the older version installed. At the base configuration. The smart
same time, any new computers that are imaged also get the latest version configurations made from the
of the software because the package is assigned to the workgroup. base configuration inherit all its
packages. Additionally, when
changes are made to the base,
Casper Admin reduces the amount of time and labor needed to support its children are automatically
end users with disparate software needs and provides a more consistent updated.
and easier environment to manage.
There is no need to maintain
Requirements separated images for different
hardware or OS types. Every
Mac OS: 10.2, 10.3, 10.4, 10.5 package in Casper Admin has
built in logic that can identify
the machine processor and
install the correct software. This
same logic can also be used
for software titles that require a
specific version of Mac OSX or
have other dependencies.
After a machine is imaged
using Casper, the JSS can
remember which configuration
was used, including any
custom changes made to
the configuration. That way,
the next time the machine
is imaged, the Casper
Suite remembers the exact
configuration, removing the
need for long memories
or image management
19 JAMF Software White Paper
Casper is the component that is used to image, update, and maintain
existing Macintosh computers or set up new ones. Casper’s functionality
means consistency between computers, whenever and wherever they’re
deployed. Local or remote imaging is easy and packages can be pulled
from local Mac OS X, Linux, Solaris, and/or Windows servers. You can
schedule this activity across your network in the middle of the night, over
the weekend, at login, or whatever works for your organization. Using
Casper, you can reload a computer from scratch, remove unauthorized IMAgINg
applications, perform preventative maintenance, and more.
Casper can install OS upgrades.
Using before and after scripts
upon imaging, Casper can
forklift user data to a separate
location, image the OS partition,
and restore any previous user
data. This strategy makes the
upgrade to the latest OS version
a breeze for administrators while
minimizing disruption to your
Casper’s imaging can be fully
automated and eliminates the
need for post-fixes, providing the
ability to image client machines
in remote locations without
Using a hidden partition,
Casper allows imaging without
a network connection so that
mobile users can easily refresh
a machine while out in the field.
Network Startup devices can be used to individually image machines and
is an effective imaging strategy. Casper can also cost-effectively deliver
consistent first-images to all machines using a locally attached FireWire
drive. Casper also gives you the flexibility to do more with your installs.
Casper comes with options for installing configurations, such as erasing
the disk, installing software, naming the computer, creating local user
accounts, binding to Active Directory, specifying network settings, adding
printers, and rebooting. Since all of these unique settings are established
prior to imaging, there is very little post-fix work to be done.
JAMF Software White Paper 20
Remote updating ReMoTe dePLoyMeNT
The most efficient way to update a deployed machine is to use Casper. Casper can both push and pull.
Casper can push packages immediately or initiate a client side pull from Whether you are performing
a file share that has the computer’s required packages. The forced pull remote administration or sitting
requires dramatically lower network usage than the standard push to end directly at the client machine,
software can be installed to
users’ machines. The file shares that Casper uses as a package source meet your users’ needs.
can be housed on Mac OS X, Linux, Solaris, and/or Windows computers.
Since the only requirement for a package source is the support of AFP
or SMB, an organization can have as many shares as needed to support Casper can remove older
multiple floors or locations. versions of software. To uninstall
software, simply create a
package in Composer and
Beyond standard package pushing and uninstalling, Casper has the Casper will know which files to
ability to manage virtually every aspect of client computers. You can uninstall.
manage the mapped printers, local accounts, Active Directory bindings,
add or remove items from users’ docks, and run software updates from
locally hosted SWU servers.
Casper will restart downloading
after interruption using the self-
healing feature. Using Casper’s
policy framework, clients will
continue to run tasks until all
tasks in a policy have been
Casper can work across
subnets, whether clients are
located in he next room or
across the country. Using file
servers at remote locations,
clients in the remote location will
look first to local file servers to
minimize communication over
the WAN. If the local file server
becomes overloaded, the clients
will automatically fall over to a
secondary filer server.
With the pre-staging feature, IT can actually associate a configuration
with a machine before it is even out of the box. When the machine is
plugged in, it can be booted and configured by pressing one button.
The machine goes direct from the loading dock to the end user’s desk
with no layovers in IT.
21 JAMF Software White Paper
Supporting machines that are frequently imaged and updated becomes
easier because troubleshooting utilities can be run remotely.
These actions can be run manually or on an automated schedule:
• Update inventory
• Fix permissions
• Change administrator password
• Search for any file
• Search for any file type
• Delete any file
• Kill any active process running in memory
• Run any UNIX command as Root
• Flush caches
Features in 5.0
Pre-stage imaging for mass deployments
Network discovery and self-updating based on subnet
Mac OS: 10.2, 10.3, 10.4, 10.5
JAMF Software White Paper 22
JAMF SOFTWARE SERVER – JSS
The JSS is the web-enabled database that accepts and organizes all of
the information from the other components of the Casper Suite. Unlike
many utilities used in client management, the Casper Suite revolves
around this centralized server. One common repository allows you to track
all necessary information, monitor usage, and perform administrative
tasks and support functions across multiple locations.
The JSS Web Server
Because the JSS is a web server running on your intranet, it allows
users on Macintosh, Solaris, Linux and Windows platforms to access
its functionality. Communication with the JSS is secure using industry
standard SSL encryption.
The JSS allows you to remotely track:
• End user information
• Purchasing, warranty, and vendor information
• Hardware details
• Software versions and base installs
• Asset tags with bar code support
23 JAMF Software White Paper
JAMF SOFTWARE SERVER – JSS
Performing Administrative Tasks PoLICy eNFoRCeMeNT
The convenience of the JSS makes administrative tasks easier. you can: The JSS will retry for machines
that are off of the network.
• Create users. This allows you to assign different levels of control to The JSS keeps a log of tasks
different users in your IT department. that have run on a group of
machines and those that have
• Create departments. Set up functional workgroups within your not run an assigned set of work.
organization. If the client is not on the network
when a policy runs, the task will
• Create buildings. Create logical names for your sites. be attempted the next time it is
on the network.
• Manage peripherals. Add, delete, and modify peripherals supported
within your organization. The Casper Suite will replace
software that the end user
• Manage file servers. Add additional locations in order to pull deletes. Using the self-healing
packages. feature, the Suite can compare
a list of software that is currently
• Manage LDAP servers. Add, delete, and edit LDAP servers to get user installed against a list of known
and group information. software the machine should
have and automatically restore it
• Bind your Active Directory information with the JSS. to a known good state.
Create policies. Policies allow you to perform all of the remote
The Casper Suite can install
management tasks that Casper can perform automatically. This allows files for later activation. When
you to manage all of your client computers from any web browser. pushing packages using Casper,
you have the option to store the
packages to a cached location
on the client to be installed later.
Multiple Locations, one JSS
The information passed between client machines and the JSS are The Casper Suite distributes
the server load across multiple
small XML transactions that enable data to be passed quickly over servers.
great distances. The Casper Suite also takes advantage of file shares
to pass its packages to client machines. This division of labor means The Casper Suite does not
environments can have their configurations stored in one place while files require programming or
scripting. All functions of
are distributed from share points on local subnets. the Casper Suite can be
managed using a combination
of the web interface and GUI
Features in 5.0 client applications. Casper’s
entire policy engine can be
managed through the web
Greater scalability interface, thus allowing
easy management from any
New improved look and feel of the JSS machine that has a web
browser, including Internet
Explorer, Safari, or Firefox.
Policies can be cached
Requirements offline. Routine tasks such
as flushing cashes, fixing
Mac OS: 10.3 or 10.4, 10.5 Server Also; Windows: NT4, 2000, XP, 2003 permissions, or installing
cached software packages
Server, Red Hat, SUSE, Solaris can be run without a network
JAMF Software White Paper 24
Assisting end users is more convenient through the use of CasperVNC.
This tool allows you to observe and control a managed desktop using
your keyboard and mouse. This works well for certain kinds of training,
providing immediate assistance to end users, and troubleshooting. The
down time associated with having to get to a user’s office is gone. If
you have traveling staff or users, they no longer have to wait until they
get back to the office to receive support. As travel costs increase and
efficiency becomes more important, CasperVNC can lower expenses CASPeR VNC SeCuRITy
CasperVNC tunnels connections
through SSH. The VNC server
CasperVNC is also a secure way to accomplish remote control of is launched on demand when
client machines because there is not an agent listening for an inbound trying to control or observe a
connection. Administrators with the proper credentials must initiate the remote client. This minimizes the
possibility of a security threat
session, which then starts VNC through SSH. When the problem is solved through the VNC port on client
and the administrator is finished, quitting the VNC session kills the machines.
application on the client side and the entire transaction is logged in the
database. Now you know who controlled which machine at what time and
Every connection and all remote
from which IP address. control, including VNC, are
logged centrally in a database.
Security, documentation, and accountability
are built in to the CasperVNC. Every connection is centrally
authenticated to the JSS or
See the JAMF Software Security Presentation at www.jamfsoftware.com/
Mac OS: 10.2, 10.3, 10.4, 10.5
25 JAMF Software White Paper
TRAINING AND SUPPORT
JAMF Software’s commitment
to staff development
Acquiring software is only half the challenge: Implementation is where
real change happens. JAMF Software and its integration partners
deliver initial installations, training, and certification, as well as other
professional development services, to ensure that you get the most out
of your investment. If you don’t have time to do it yourself, we also deliver
specific projects, including inventory, imaging, and package building,
using the Casper Suite toolset. JAMF Software is about solutions, as well
as writing code.
This onsite visit introduces the Casper Suite to your environment and
gets it up and running correctly. Working with your IT staff, Certified
Casper Administrators from JAMF Software or our approved integrators
will install your JSS, inventory a subset of your computers, and create
packages. The JumpStart lasts three to five days and may also include
other tasks that solve your immediate problems, depending on your
At the end of the JumpStart Program, you will better understand how to
resolve the business challenges facing your network by using the tools
within the Casper Suite.
CCA – Certified Casper Administrator
The CCA course is intended for individuals who have existing Casper
Suite installations that they want to improve. This 4-day course is a
hands-on series of exercises where system administrators increase their
proficiency through problem resolution using the Casper Suite. This is a
great opportunity to strengthen current skills, connect with the JAMF peer
community, and get the most out of the Casper Suite.
Imaging. Package Building. Inventory.
We can do it for you.
Ask us about our project delivery programs.
JAMF Software White Paper 26
TRAINING AND SUPPORT
Annual Support Agreements (ASA)
The ASA entitles users to new versions or product updates, and includes
phone and email technical support. We encourage customers to contact
us for assistance and support. Our goal is to provide a high level of
customer service, with a four-hour response time to support requests
whenever possible. The ASA also includes product documentation,
including a librarian indexed, searchable pdf, and access to the product
List Serve and related mailing list archives.
Support Mailing Lists
Current administrators share ideas and thoughts regarding their
installations using the JAMF Software Support Mailing Lists. Occasionally,
problems that are encountered at one institution have been resolved
by another and answers are shared through this peer network. There is
no charge to join the list, and there are no requirements that you be a
customer or prospective customer before being granted access.
27 JAMF Software White Paper
JAMF Software provides several ways for organizations to step into a
managed client environment. From a stand-alone packaging utility to
the full Casper Suite, organizations can address the challenges they
have today with the appropriate applications. JAMF Software is focused
on solving the problems of customers. The versatile framework of the
Casper Suite allows an organization to use our toolset creatively to create
custom policies and solutions. The JAMF Software development cycle
is responsive to client feature requests, and we have tried to provide
applications that speak to your needs, projects, and requirements.
If you just need a better package building utility, Composer fits the bill.
Easy, flexible, and fast, Composer allows you to build packages that make
imaging and updating more efficient than ever before.
The Recon Suite
If you are facing a Macintosh or cross platform audit, or want to build
and maintain a centralized hardware and software database, the Recon
Suite is a good fit. Some organizations need to do a detailed, accurate
inventory before they can even start thinking about overall client
management. Because IT assets come in all shapes and sizes, Recon
works cross platform, compiling a complete inventory of your Windows
and Macintosh machines, software, and peripherals. The Recon Suite is
the first step toward a no-surprises environment. When you are ready, you
can always step up to the full Casper Suite.
The Casper Suite
Our most robust collection of software, the Casper Suite is for those
organizations that are ready for an integrated client management system,
where inventory talks to updates, packages talk to imaging, and updates
talk to imaging. Once an organization installs and runs the client network
with this approach, they rarely go back. Automated life cycle management
is simply the most efficient, accurate, and complete method of taking
care of a large number of machines. Casper Suite is the only complete
client management solution developed exclusively for the Macintosh
Inventory. Image. Update. Maintain.
JAMF Software White Paper 28
Pricing for the Casper Suite and the Recon Suite is calculated per client
machine. The per seat price includes the installation of one JSS, with as
many file share (child) servers as the organization requires.
Discounts on the per seat price are applied for volume purchases.
Annual Support Agreement (ASA)
The cost of either suite from JAMF Software also includes the ASA,
which is calculated at 18% of the purchase price. Annual maintenance
is mandatory and entitles the customer to all product updates for a
year, plus free email and phone support from JAMF Product Specialists.
Annual maintenance is due every year on the anniversary of the date of
purchase. Every year, the customer runs a count of it is managed client
machines and trues up the seat count for the upcoming year.
JAMF Software is a proud supporter of K-12 and higher education. JAMF
Software knows that educators must manage large organizations on
tight budgets. Though moving these large client bases to a managed
environment will save significant budget all by itself, the initial purchase
price can be difficult for some schools. With that in mind, JAMF Software
provides purchase discounts to these organizations to enable them to
realize the savings and benefits of moving to a managed environment.
Higher education receives a 30% discount off the commercial per seat
price. The ASA is calculated at 18% of the actual purchase price.
K-12 educators participate in JAMF Software’s ‘straight to maintenance’
program. This means that the per seat purchase price is discounted
100% and the school system is responsible only for the ASA, calculated
at 18% of the commercial purchase price. K-12 technical departments can
manage their networks with a predictable, annual budget item. Where
school systems are implementing or managing one-to-one programs,
this can mean the difference between adding staff or performing better
support with existing staff.
Please contact JAMF Software for details about pricing
for your organization!
29 JAMF Software White Paper
This page intentionally left blank JAMF Software White Paper 30
Casper Suite Summary
Component Function Requirements
Local and remote installation of software; remote utilities Mac OS X
Organizes software packages and scripts Mac OS X
Allows for the remote viewing and control of managed Mac OS X
Package creation utility Mac OS X: 10.2, 10.3,
Centralized hub through which all other applications Mac OS X or 10.4 Server
interact; hosted web database Windows NT4, 2000, XP,
Server 2003 Red Hat,
Gathers inventory and asset information that is sent back Mac OS: 8.6, 9, Mac OS X
to the JSS Windows NT4, 2000/2003
JAMF Software Minneapolis (612) 605-6625 www.jamfsoftware.com
1011 Washington Ave. S New York (646) 416-6923 firstname.lastname@example.org
Suite 350 Los Angeles (213) 291-8863 email@example.com
Minneapolis, MN 55415 London 020 7993 8364
Support (612) 216-1296
Support UK 020 3002 3907
Revision Date: 8/20/08