Page 1
We’re Building Up To Something…
MacTech 2017 Charles Edge
Page 2
Let’s talk about 2010…
Page 3
Everything I loved about this community
Page 5
November
November 5
Page 6
November
November 5
Page 8
Everything changed…
Page 9
4 other things happened in 2010
Page 12
The Mac App Store
Page 14
If I leave you with one thing…
Page 15
Think Transactional
Page 16
IT as an assembly line
Page 17
There’s procurement
Page 21
Release management
Page 25
Accessing shared services
Page 26
It starts with hiring a junior tech…
Page 27
Why do we need to be transactional?
Page 28
Otherwise we can’t keep up
Page 29
Otherwise we can’t keep up
Page 30
Schools used to need their SE to come by and
give them guidance
Page 31
And hire professional services
Page 32
Very human-centric
Page 33
Good for our egos
Page 35
The move to MDM simplifies deployments
Page 36
The move to DEP reduces imaging
requirements
Page 37
The move to DEP reduces imaging
requirements
Page 38
The move to DEP reduces imaging
requirements
Page 39
VPP makes software distribution easier
Page 40
As do .ipa-based app deployments
Page 41
Allows for more vendors
Page 42
A higher level of security
Page 43
Less configuration required
Page 44
What isn’t scalable?
Page 45
The Full Stack Mac Admin
Page 46
What is a full stack developer?
Page 51
Troubleshoot printer drivers
Page 54
Works on Line of Business Apps
Page 55
Common in startups
Page 56
Unique in SMB and Apple infrastructure
Page 57
Historically most admins were Full Stack
Page 58
Because there weren’t enough of us
Page 59
And it took so long to become an expert
Page 60
And deployments weren’t big enough
Page 61
Now, they all pretty much work at Facebook
Page 62
Now, they all pretty much work at Facebook
Page 63
The good old days!
Page 64
The days of the Cylander of Destiny
Page 65
The days of the Cylander of Destiny
Page 66
And many an admin still manages…
Page 69
Less and less with agents
Page 70
The old way of complicated deployments
is disappearing
Page 71
Apple is discouraging directory services
Page 72
While MCX still works it’s not really tested
Page 73
User accepted kernel extensions
Page 74
And arrays of allowed kexts via MDM
Page 75
User accepted MDM enrollments
Page 76
Sandbox, SIP, and Entitlements
Page 77
Increasingly separating resources
Page 79
Imagine a day when you need to grant access to
Contacts from Maps
Page 80
Centralizing business resources into online
services
Page 81
Dropbox, Box, Salesforce, now device
management
Page 82
Think of all the companies Apple could
buy
Page 84
And macOS Server…
Page 85
What else isn’t scalable?
Page 86
Not providing direct referrals as much in retail
Page 89
The third parties
Page 91
Device Management• Addigy
• AirWatch
• Altiris
• Apple Profile Manager
• BigFix
• Chef
• ConnectWise
• FileWave
• Fleetsmith
• IBM MaaS360
• Ivanti
• Jamf Now
• Jamf Pro (formerly Casper Suite)
• KACE
• Kaseya
• Labtech
• LanRev
• Lightspeed
• Meraki Systems Manager
• microMDM
• Microsoft InTune & SCCM
• Manage Engine
• Mobile Guardian
• MobileIron
• Mosyle
• Munki
• Puppet
• SimpleMDM
• Solarwinds MSP
• Sophos
• Tabpilot
• Zuludesk
Page 92
Backup tools• Archiware
• Acronis
• Backblaze
• Carbon Copy Cloner
• Crashplan
• Datto
• Druva
Page 93
Collaboration and File Sharing
• Atlassian
• Box
• Dropbox
• Egnyte
• G Suite
• Kerio Connect
• macOS Server
• Netatalk
• Office 365
• Promise
• Synology
Page 94
Directory Services and Authentication Solutions
• Apple Enterprise Connect
• AdmitMac
• Centrify
• Duo Mobile
• JumpCloud
• LDAP
• Microsoft Active Directory
• NoLo
• NoMAD
• NoMAD Pro
• Okta
• OneLogin
Page 95
Imaging and Configuration Solutions
• Apple Configurator
• Deep Freeze
• DeployStudio
• FileWave Lightning
• Ground Control
• Imagr
Page 96
Service Desk Tools• Freshdesk
• Salesforce Cases
• ServiceNow
• Webhelpdesk
• Zendesk
Page 97
Service Desk Tools• Freshdesk
• Salesforce Cases
• ServiceNow
• Webhelpdesk
• Zendesk
Page 98
Automation Tools• AutoCasperNBI
• AutoDMG
• AutoNBI
• Autopkg
• Dockutil
• Homebrew
• Jamjar
• JSSImporter
• Precache
• Outset
• Sal
Page 99
Security and Antivirus• Avast
• Avira
• BitDefender
• CarbonBlack and Bit9
• Crypt
• Digital Guardian
• Kaspersky
• Malware Bytes
• McAfee
• Sophos
• Symantec
• Trend Micro
• Wandera
Page 100
Security and Antivirus• Avast
• Avira
• BitDefender
• CarbonBlack and Bit9
• Crypt
• Digital Guardian
• Kaspersky
• Malware Bytes
• McAfee
• Sophos
• Symantec
• Trend Micro
• Wandera
Page 101
Virtualization and Emulation
• Citrix
• Parallels
• Remote Desktop
• VMware
Page 102
Remote Management• Apple Remote Desktop
• Bomgar
• LogMeIn
• GoToMyPC
• TeamViewer
• VNC
Page 103
Log Collection and Analysis• Elastic Search
• RobotCloud
• Splunk
• Tableau
• Watchman Monitoring
• Zentral
Page 104
CRM and PoS
• Daylite
• Lightspeed
Page 105
Printing
• Papercut
• Printopia
Page 106
Digital Signage and Kiosks
• Carousel Digital Signage
• Kiosk Pro
• Risevision
Page 107
Misc• ADEPT
• DEPNotify
• InfineaIQ
• ITGlue
• Reposado
• Sassafras Keyserver
• SplashBuddy
Page 108
Why did I go through those?
Page 109
One person can’t know them all
Page 110
So we have to get more transactional to ease the
learning curve
Page 111
Easier learning curve means more secure out
of the box
Page 112
A higher level of security means less configuration
required
Page 113
Can we screw up iOS more than macOS?
Page 114
So what are we gearing up for?
Page 115
The iOSification of the Mac
Page 116
Do you complain when prompted to allow access
to resources on an iPhone?
Page 117
What’s required for “Supervision”?
Page 118
Agents without access to *everything*
Page 119
Agents without access to *everything*
Page 121
User Approved Kernel Extension Loading
Page 123
Containers in APFS
Page 124
Containers in APFS
Page 126
Exchanging data between apps via REST
Page 127
Exchanging data between apps via REST
Page 128
I knew this Android developer…
Page 129
Rewriting how IT is done
Page 130
An explosion of Mac devices
Page 131
And Apple just makes the devices
Page 132
Otherwise they can’t grow fast enough
Page 133
It’s an incredible opportunity for us
Page 134
But we have to be cool with change
Page 135
New admins can learn how to use an MDM
faster than script stuff
Page 136
New admins can learn how to use an MDM
faster than script stuff
Page 137
The less options we have the more transactional managing devices is
Page 138
Less Infosec paperwork
Page 139
Less Infosec paperwork
Page 140
Less time with legal
Page 141
But companies need device “Supervision”
Page 142
Supervision separates the organization owned devices
from personal devices
Page 143
Allows for more control by MDM
Page 144
Scale.
Without violating privacy.
Page 145
It’s not as fun for some
Page 146
The hacker mentality isn’t dead
Page 147
The hacker mentality isn’t dead
Page 148
You’ll still be able to “jailbreak”
Page 149
Until you deploy 150,000 devices to a customer…
Page 150
That’s actually possible now.
Page 151
And in the future, it will be even easier.
Page 152
So many options mean fragmentation
Page 153
Are you a Mac Admin?
Page 159
We’ve stayed together as a community
Page 162
Let’s stay that way
Page 163
If you write tools
Page 165
If you don’t, there are other ways to contribute
Page 170
Think about the roadmap
Page 172
Build tools capable of scaling
Page 173
That follow Apple’s trends
Page 174
Maybe even still hack together temporary
solutions
Page 175
Because Apple will still have gaps
Page 176
Because Apple will still have gaps
Page 177
Remember that assembly line
Page 178
And lets keep things cohesive in the
community
Page 179
I love hanging out with all of you!