1. The SIMS Partnership
Transforming health care delivery
The SIMS Partnership
Transforming health care delivery
The SIMS Partnership
Transforming health care delivery
MAC Evaluation
Proof of Concept – Standards Review
Presenter: Kevin Tsai
Date: March 27, 2013
2. The SIMS Partnership
Transforming health care delivery
2
Agenda
• Summary/Background
• Critical Objectives
• Timelines/Milestones
• Findings/Testing Matrix
• Recommendations/Conclusions
• Questions
3. The SIMS Partnership
Transforming health care delivery
3
Summary/Background
– SIMS investigated developing standardized processes and methods for
integrating Mac computers securely into our network infrastructure
while establishing the capability to properly service a Mac population.
SIMS was looking to make the Mac an alternative platform for end
users with the intention of ensuring Mac is fully compliant with UHN’s
technology/security/privacy standards.
– The Proof of Concept focused on a single security profile with the goal
of proving security, integration, standardized security configurations
(i.e. Encryption/Antivirus/VPN), supportability, and a repeatable
provisioning process.
– This POC project involved no more than 5 users from the technology
support groups.
4. The SIMS Partnership
Transforming health care delivery
4
Critical Objectives
The UHN end user should be able to use their Proof of Concept Mac to.
•Use the corporate wireless network
•Meet the documented UHN Enterprise Security Policies & Standards
•Use UHN VPN
•Use Entourage or Outlook 2011 for Mac to connect to UHN’s Microsoft Exchange servers
•Use Winmagic to encrypt Mac laptop hard drive and prevent unencrypted USB storage
•Use McAfee Antivirus software including ePO agent for remote management and application
administration
•Use Citrix applications
6. The SIMS Partnership
Transforming health care delivery
6
Finding(s)/Testing Matrix
TestingResult
Comments
Description Tested By
UHN VPN Kevin Tsai Y Cisco Client is not required
Connecting to UHN Email using MAPI Client Kevin Tsai Y Authenticating required when launching Outlook (expected outcome for a non-domain device)
Connecting to UHN Wireless (corporate) Kevin Tsai Y No issues found
Antivirus Software (McAfee for MAC) Kevin Tsai Y The McAfee for MAC has to be purchased if needed
Standard Office Application (Office for MAC 2011) Kevin Tsai Y No issues found
Lync (Lync for MAC) Kevin Tsai Y No issues found
Standard UHN Encryption Software (WinMagic) Daniel Chen N
Tested two Macs with SecureDoc 5.3 and it appears the hard drives are fully encrypted with
SecureDoc 5.3, however the mandatory encryption policy that applies to UHN managed
Windows clients cannot be applied to these two test Macs. One of the observed issues is that
WinMagic encryption software tends to be behind the Mac OS update release. Recently
WinMagic released SecureDoc 6.1 that offers the full disk encryption that uses the built-in
FileVault 2 in Mac OS.
Standard MAC native disk encryption (filevault 2) Daniel Chen N
Encrypted the internal drive without any issues. Other issues are it does not encrypt the
removable media (USB) and the data is not recoverable if user lost the password/key. (JAMF
has the ability to insert the corporate key for this particular scenario so the data is still
recoverable if the BYOD Mac has enrolled under JAMF)
Citrix Kevin Tsai Y Citrix Recevier was tested with the ability to launch standard UHN Citrix Applications.
MAC Management/Inventory Suite (JAMF-SCCM like) Kevin/Daniel/Mario/Greg M
JAMF (Mac management/reporting/inventory tool) that is not included in the BYOD project
charter initially but we feel that it offers great value/assurance that we will need a tool to
inventory or even to manage the BYOD Mac devices if needed. Further $ ($6K - JumpStart
with the fully functional POC server) required from UHN management’s approval if we want to
investigate the product in a deeper level as we have already done the initial POC for the
duration of one month. Sunnybrook is currently using the same product to manage their
BYOD Mac devices with great success
MAC POC Testing Matrix
7. The SIMS Partnership
Transforming health care delivery
7
Recommendations/Conclusions
Conclusions
•MAC does not meet the requirements of our standard corporate security
policy and government regulations (Winmagic policy remote push & USB
data encryption)
•There are financial implications and a separate management infrastructure
will be needed if we want to manage MAC. (Estimated $20K CapEx for JAMF
Infrastructure, $140/yr/per devices for JAMF, $12K OpEx/yr/per server; antivirus/office & other CALs are extra)
Recommendation
•MAC should be managed as BYO guideline/corporate IT policy and will be
tested during future BYO proof of concepts (e.g. Mobile Data and
Application Platform)