No longer relegated to the fringe, Macs are fast becoming integral to today's business organization. As a result, IT can no longer rely on one or two dedicated "Mac guys" to maintain its Mac fleet. Instead, Mac management has become an issue that any CIO or systems administrator may be faced with on any given day.
Along the way, the tools and techniques of managing Macs have changed as well. Pushed beyond their traditional business niches, Macs can no longer be managed independent of other processes and infrastructure. They must be integrated with your existing directory service. They require an efficient, scalable deployment model that hooks into asset management. They require secure, auditable patch management and a device and user management solution that secures each Mac's core OS components and apps.
[ For an overview of mostly free tools for managing your Mac fleet, see "22 essential Mac tools for IT admins." | See InfoWorld's slideshow tour of Mac OS X Lion's top 20 features and test your Apple smarts with our Apple IQ test: Round 2. | Keep up with key Apple technologies with the Technology: Apple newsletter. ]
In other words, Macs take the same requirements that apply to every Windows PC in your organization, as well as to a growing number of mobile devices. This Mac management guide will help you extend your existing support strategies to Mac workstations, and provide tips and techniques for embracing Macs as they become more prevalent in your business environment.
Active Directory: The hub of modern Mac management
Integration with Active Directory is the foundation for Mac management in the modern enterprise, as the OUs (organization units) in Active Directory can be used as the backbone for nearly any enterprise task, from enabling access to resources to setting group policies to pushing out updates and monitoring workstations. Through Active Directory, Macs gain access to the wide range of Windows Server tools and third-party solutions that key off Active Directory to determine which objects to affect with a given task.
In Mac-only environments, Apple's own directory service, Open Directory, plays this role. But with Active Directory entrenched in today's enterprise, extending Active Directory to be the central directory service for your Mac fleet is your best bet. Fortunately, Apple and third-party developers have enabled Active Directory to perform many of the same functions for Macs that it does for Windows clients, whether directly or indirectly.
Apple's OS X directory service support is built around LDAP and includes a plug-in architecture. The company provides a small set of plug-ins that enable support for Open Directory, Active Directory, and generic LDAP services. The big advantage for enterprises, however, is that this approach allows third parties to create additional plug-ins that offer greater capabilities than what Apple includes with each OS X release.
Apple's Active Directory plug-in has steadily updated since it was introduced five OS X generations ago, with the most notable improvement in OS X Lion being support for DFS browsing. That said, Apple's Active Directory support has its limitations, as it is primarily aimed at providing authentication and, on its own, offers almost no client management capabilities.