Cisco shows how to manage 35,000 Macs

The iPhone and iPad have given the Mac new life in business -- but how to handle them puzzles many IT admins

About six years ago, Cisco Systems' IT department was looking for ways to block Macs from the corporate network because the company had standardized on certain Windows PCs and didn't want "alien" devices in the mix. But a year later, Cisco began making a U-turn and allowed employees to use Macs as long as users supported themselves. Today, Cisco has fully embraced Macs and has 35,000 in use. The company lets employees choose whether to use OS X or Windows, and IT actively manages and supports Macs as an equal citizen to Windows. (Gartner says most companies will make this mental shift in 2015.)

Cisco's story offers lessons for other companies trying to respond to user demand for Macs while maintaining the security and manageability they had put in place for Windows. I often hear questions from IT admins at conferences about how to do so. It turns out that many things have changed for the better in OS X itself, as well as in the broader context of computing. I interviewed Brett Belding, Cisco's senior manager for IT mobility services, to see exactly what Cisco has learned that you should know, too.

[ Learn from other post-PC adoption leaders: Intel shows a better way for BYOD. • Lessons from managing 12,500 iPads at SAP. | Subscribe to InfoWorld's Consumerization of IT newsletter today. ]

When Cisco began exploring how to block Macs from its network, it also explored why users were so insistent on using Macs instead of the standard PC -- and what harm allowing them would actually cause. "It turned out those people were the least expensive users for IT because they supported themselves. That led us to figure out how to say yes. We started self-support and early adopters," said Belding. Basically, if a Mac didn't cause problems or work for IT, it was accepted for certain users.

But this was no embrace, just a tolerance. The embrace began a year or so with iOS, then transferred to the Mac. "The iPhone catalyzed it. Apple became important with the iPhone and iPad." Today, the attitiude is "I shouldn't care what devices users select."

Macs have become more IT-friendly
On the technology side, several factors have made it straightforward, if not always easy, to manage Macs in a large business. The biggest change involves the adoption of policy-based management APIs in OS X Lion, which have further been enhanced in each OS X version. Apple essentially adopted the mobile device management APIs from iOS in OS X Lion, so IT could manage permissions and access as well as verify that key requirements have been met, such as encryption being enabled.

At first, the policies in OS X were a subset of what iOS offered. IT basically had to manage Macs separately from iPhones and iPads, even if from the same console, but Apple has been converging the two policy sets, with OS X Mountain Lion adding encryption management and, according to Apple, with the forthcoming OS X Mavericks achieving near-parity with the forthcoming iOS 7's management APIs. Because Apple users quickly update to current OS versions, the bulk of Macs in place can be managed using the current APIs. In addition, MDM (mobile device management) vendors have been extending their tools to explicitly manage Macs, not just devices, giving IT a common console.

Although there aren't as many management tools for such activities as backup on OS X as there are for Windows, Belding says Cisco found a tool that did the backup job Cisco's legal team required, even though it's not as easy to use as the Windows backup tools in place. But meeting legal needs "was all that mattered."

The truth is that backup matters much less than in the past because most corporate data now resides on servers and is fed to PCs, Macs, mobile devices, and so on as needed -- the recent shift to mobile devices essentially made all user devices backups of the master server data, a big change from when individual PCs contained much of the master documents in a company. (Computers still have some master data, which is why Cisco continues to provide backup for them.)

Equally important to Cisco was its reliance on Web apps. Although major products like Microsoft Office have Mac versions, much specialized software is Windows-only, requiring a PC or a Windows virtualization environment to be installed on the Mac -- a move that lessens the user experience that Mac users seek when choosing OS X. Fortunately for Cisco, it uses a lot of Web apps, which means it wasn't as tied to a single platform for apps as many companies are. "Legacy apps do tend to be the big issues, and those are getting upgraded over time."

However, Cisco still had Windows ties even in its Web apps, as many were written explicitly for Microsoft Internet Explorer 6 and its ActiveX language for client-server app interaction. Microsoft never brought ActiveX to the Mac, and it had dropped IE for the Mac previously. That was one reason for IT's aversion to the Mac years ago, and why later it told Mac users to run IE in a virtual desktop, forcing the use of a hybrid OS X-Windows environment. That didn't please Mac users. "A common UI imposed over a chosen device breaks the whole reason people get what they wanted in the first place."

1 2 Page 1
Page 1 of 2