the benefits of a managed macintosh environment in the enterprise · 2016. 8. 15. · the benefits...
TRANSCRIPT
The Benefits of a Managed Macintosh Environment in the Enterprisewith the Casper Suite from JAMF Software
Revision Date: 8/20/08
JAMF Software White Paper This page intentionally left blank
JAMF Software White Paper
Legal
Information in this document including URL and other Internet Web site references is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of JAMF Software.
JAMF Software may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from JAMF Software, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2007 JAMF Software LLC. All rights reserved.
JAMF Software, Composer, and Recon are trademarks of JAMF Software LLC in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
JAMF Software White Paper This page intentionally left blank
JAMF Software White Paper
Table of Contents
Summary of Benefits
IT Challenges
Business Challenges
Client Management Solutions for IT Managers
Lowered Costs
Client Management in the Macintosh Environment
Return on Investment of the Casper Suite: A Case Study
The Casper Suite – An Overview
Recon and The Recon Suite
Composer
Casper Admin
Casper
JAMF Software Server – JSS
CasperVNC
Training and Support
Purchasing
Casper Suite Summary
1
2
3
4
5
6
7
11
15
17
19
20
23
25
26
28
Back Cover
1 JAMF Software White Paper
Summary of Benefits
While Apple computers in the enterprise have long been unmanaged, many organizations are beginning to recognize the need to bring their Macs into a managed state. Faced with larger populations of Macs and greater pressure from end users, organization management, and auditors, IT managers are faced with the challenge of finding a client management solution for the Macintosh platform.
End users are now demanding a more pro-active, invisible approach to support for their Macs to increase their uptime and improve their overall experience. IT management is charged with making sure that the investment the organization has made into Apple hardware is maximized by seamless support. Every machine should work every day. Using client management software enables IT to provide remote, automated, pro-active support that improves the end user experience and minimizes down time.
Organizations are now making the same demands of Mac IT managers as they do of those managing computers on other platforms, including accountability, planning, and security. No longer are the Macs living on the fringes of the organization. Client management software for the Macintosh platform can bring first class support to Macs while reducing liability for the organization by providing an inventory of hardware and software, managing user privileges, and increasing security. Remote, automated support also significantly reduces the organization’s cost for support by increasing efficiency dramatically.
The Casper Suite is the one suite of client management software developed exclusively for the Macintosh platform. As such, it offers a native solution that provides great breadth and depth of functionality for IT managers including inventory, package building, image management, remote imaging, remote updates, management and a powerful framework for automated support.
In the following pages, the challenges of IT and modern organizations are explored in more detail, followed by how the Casper Suite addresses these challenges.
2JAMF Software White Paper
IT Challenges
The Enterprise IT department is responsible for managing end user computers from the loading dock to the recycler. Along the way, the machines go through several phases of management: new machine deployment, software updates, new software distribution, and issue resolution. All the while, user and company data must be protected and secure, the company must know the status of all hardware and software, and the end user must experience minimal disruption.
Like any piece of business infrastructure, IT hardware, software and staff exist solely to support and enable the core business of the organization. The business of a school is education, not technology. The business of an ad agency is innovative ideas, not technology. IT is at its best when it is invisible to the end user. This goal drives IT professionals to seek solutions to client management challenges that enable them to support the end user with minimal inconvenience and loss of production to the company’s business.
In order to ensure that the IT department is managing every phase of the machine life cycle, it is helpful to break down each phase into tasks that a typical IT department performs. One way or another, this work is getting done, whether by hand, scripts, software, or, most often, a combination of approaches.
....................................
....................................New Software Distribution
....................................
....................................Issue Resolution
..............................
..............................Protect user data
backup user data
....................................
....................................New machine deployment
create image
apply image
configure settings & printers
move user data
user request
automatednotification
d itrackingand
assignment
....................................
....................................Software Updating
convert updatersto .pkg
download .pkginstallers
distribute .pkgto computer
convert installersto .pkg
distribute .pkgto computer
observe/control
re-image
modify settings
run utilities
hardware repair
update software
3 JAMF Software White Paper
Business Challenges
The business of an IT department and of technological assets presents distinct challenges to managers and technologists. The manager is not concerned with the details of how to push a package to a client machine. Instead, the manager is responsible for bringing projects in on time and under budget, maintaining legal compliance for software licensing, ensuring the backup and security of company data, budgeting for new hardware and software purchases, and staffing the IT department to provide ‘invisible’ support.
To make sound business decisions, IT managers and company financial officers rely on sound data from the technologists in the field. If the tech staff is using a variety of ad hoc solutions to manage client machines, retrieving this data may be a project all by itself. This approach may leave the business at risk when software audits or purchasing decisions inevitably come around.
v
Have we tested updates?
How do we ensurebackup?
What are our notification criteria?
Are we under warranty?
Who has which rights?
How many copies do we need?Does image meet client needs?
Do we haveenough licenses?
What software does not comply with our standards?
..................................Business Continuity
..................................
..................................Compliance
..................................
..................................Purchasing
..................................
4JAMF Software White Paper
Client Management Solutions for IT Managers
Moving a large number of machines into a managed client environment is an undertaking that results in several positive outcomes for IT management. The overall goal is better IT service and support for lower costs. However, defining “better IT service and support” and “lower costs” is the subject of endless study and debate. Most managers agree upon a few aspects of these ideals.
Better IT service and support means focusing staff on minimizing machine downtime and maximizing productivity.
A managed client environment achieves this goal through automation and remote control, allowing staff to move from a reactive to a pro-active approach. Automation of repetitive tasks frees up the IT staff for planning, implementation, projects, and time with end users. Remote control of client machines allows system administrators to quickly resolve most problems without a trip to the desktop. The option of quickly reimaging machines, while preserving user data, returns machines to a known good state in less time than most problem diagnosis.
Better IT service and support means managing software licenses efficiently and accurately.
Managers are all too familiar with questions of compliance in the modern business, with regulations like Sarbanes-Oxley requiring detailed, accurate reporting of software licenses. Setting an organizational standard for software and versions so that users can share files, or simply purchasing new licenses, can turn into a spreadsheet challenge if the environment is not managed. Technologists are diverted from support and repurposed to gather information about existing assets. Automated, detailed inventory reporting in the managed environment keeps IT resources tasked to organization business, reduces liability, prevents overspending, and maintains software versions across the organization. See the “JAMF Software Study of Sarbanes-Oxley Compliance and the Casper Suite” for more information.
““Making Macsfirst class citizens in the enterprise.
5 JAMF Software White Paper
Lowered costs
Evaluating the cost savings associated with the managed client environment can be tricky because of the traditional separation of the various aspects of IT: Hardware, software, and staff are all major cost centers and organizational budgets may be separated along these lines. Client management software affects cost savings in all three aspects of IT, as well as providing peace of mind regarding data backups, legal compliance, and security issues.
Cost savings for staffing
Client management solutions are incomplete without the ability to provide support from a remote location. The amount of time saved by remote resolution drastically increases the number of end user incidents that can be resolved by a single technician in one day. Automation of tasks such as inventory, new machine deployment, software updates, new software distribution, and incident notification allow the IT department to support a greater number of machines with fewer staff. See the “MDC Partners Casper Suite ROI Study” for more information.
Cost savings for software and hardware
Hardware and software purchases represent a significant investment for any organization. Complete and accurate inventories can be used to plan purchases and allocation of software licenses. The efficient allocation of organization resources prevents overspending to ensure license compliance or duplication of spending because company assets are lost or untracked.
More Support,Existing Staff
From a cost center to a corporate resource.
6JAMF Software White Paper
For years, conventional wisdom has kept Macintosh computers out of the large scale enterprise environment except for a few creative industries. However, according to Computerworld magazine, Apple is making inroads into larger organizations and Macintosh machines are becoming more common in the enterprise. This trend may be attributed to security concerns with Windows PCs, the popularity of Apple’s consumer products, and the advent of the Intel chip in Macs (Seth Weintraub, “Why Apple’s ‘consumer’ Macs are enterprise-worthy” Computerworld.com, March 9, 2007).
Both enterprises switching to the Macintosh platform and organizations that have been using Macs for a long time are now looking at client management solutions. Sarbanes-Oxley compliance and manufacturers’ audits drive some organizations toward client management. Tight budgets and the need for greater operational efficiencies drive others, while others look to expand user bases without expanding the IT staff. Client management solutions available for the Macintosh platform may be cross platform hybrids or utilities that address only a part of the client life cycle. Only one product, the Casper Suite from JAMF Software™, provides a comprehensive client management solution that is developed exclusively for the Macintosh enterprise.
Using a native Macintosh solution such as the Casper Suite allows IT to use a tool that has been developed for Apple hardware and the Macintosh Operating System (OS). This means that there are no issues of compatibility with Apple machines and no need for non-Macintosh hardware or servers. Technically, it also means that the Casper Suite treads lightly on client machines: No agents or applications are installed on the client machine.
Even so, the Casper Suite is a powerful toolset, providing great breadth and depth of management functionality. The Casper Suite is designed by engineers who work with Macintosh hardware and software. JAMF Software™ developers value the intuitive ease and beauty of Apple products and work to translate those values into the Casper Suite. Managing Macs with the Casper Suite combines all the benefits of a powerful client management tool with an elegant user experience.
Client Management in the Macintosh Environment
7
Return on Investment of the Casper Suite: A Case Study
8
Introduction:
MDC Partners is a portfolio of best-in-class marketing
communications companies whose strategic and
innovative solutions lead the marketing industry, attract
the finest talent, and achieve outstanding results for
clients.
We are a publicly traded company with compliance
requirements driven by Sarbanes-Oxley and our clients.
Because of the computing platform widely used in our
industry, many organizations have difficulties executing
controls systematically that enforce their IT and
corporate policies.
The Casper Suite of products has allowed us to define
and efficiently implement controls through a centrally
managed set of tools. The tool set has allowed us to
focus our efforts on growing the organization through
effective use of IT and not requiring our resources to
spend their time on maintenance.
Currently several of our partner firms are using the
Casper Suite and many more are in various stages of
evaluating, acquiring and deploying the tools.
Cost Savings:
Automation tools are widely used so administrators can
focus their efforts on tasks that benefit the organization
far more than the utilitarian functions that often
consume their time. Return on investment for
administrative and management tools is a function of
efficiency and time savings directly driven by labor cost.
The more efficiently people work, the more productive
they are, therefore less people are required to support
the organization.
The time for tasks, such as provisioning a computer, is
significantly reduced by the ability to create a standard
image by class of user and push out that image to new
machines or to devices that need to be re-deployed. The
process of configuring a machine manually used to be
approximately 4 hours per machine. Utilizing the Casper
Suite, the same process is now performed in about 15
minutes.
Printers are constantly changing across the organizations.
They are replaced due to age, wear and tear, and
upgraded for better print quality and performance. The
process of provisioning printers on the network is an
extremely time and labor intensive process. Without the
use of tools to automate the process, an administrator
would typically have to go to every workstation or laptop
and manually configure the devices. More experienced
administrators can write scripts to install the printers, but
the execution of the script would require manual
intervention by the end users. With the use of the Casper
Suite, we can now deploy the devices to user computers,
without visiting the machines, from a central server in
the organization, thus allowing lower level system
administrators to distribute and install printers on
hundreds of workstations in approximately 15 minutes.
Additionally, the Casper Suite allows for the creation of
user groups that allow administrators to even further
increase their efficiency by only deploying resources such
as printers to the workstations that require them.
Remote deployment of applications to the user
community greatly reduces the need for support
individuals to visit each desktop when upgrading or
installing new applications. Additionally, the deployment
can be defined to user groups which help to manage the
inventory of licenses distributed. The Casper Suite
allows us to create packages that can be distributed
systematically for any application from any vendor.
The Casper Suite brings enterprise level management
tools to the Apple platform. For a long time Windows
administrators have been able to define and enforce
policies on users machines from a central location. The
Casper Suite brings many of these types of features to
the Apple platform. The ability to automatically discover,
remove and report on applications installed by end users
is critical to any organization. These applications, fonts
etc… pose a serious security risk to organizations as well
as a financial liability.
There is a significant amount of savings when using the
Casper Suite to create and enforce security policies.
Significant savings are seen when end users are prevented
from performing actions that would increase the need
for support. Functions like application blacklisting,
automated software updates, and automated e-mail
notifications ensure users workstations are current with
patches and fixes as well as ensuring they do not change
configurations or install unauthorized software that can
pose a threat to the machine and the other workstations
on the network.
JAMF Software - Casper SuiteReturn on Investment Analysis
9
(In
Ho
urs)
Per M
ach
ine
Per M
ach
ine
Year 2
fo
rw
ard
Befo
re C
asp
er
Aft
er C
asp
er
Tim
e S
avin
gs
Do
llar S
avin
gs
An
nu
al
Savin
gs
An
nu
al
Savin
gs
Ho
urs t
o d
ep
loy n
ew
MA
C4.0
0.5
3.5
$87.50
$87.50
$0.00
Ho
urs t
o r
oll
ou
t p
atc
h a
nd
/o
r p
rin
ter m
ain
ten
an
ce
0.5
0.1
0.4
$10.00
$100.00
$120.00
Ho
urs p
erfo
rm
ing
preven
tati
ve m
ain
ten
an
ce p
er m
on
th1.0
0.3
0.8
$18.75
$225.00
$225.00
Esti
mate
d s
avin
gs d
ue t
o s
ecu
rit
y p
oli
cy e
nfo
rcem
en
t0.5
0.1
0.4
$10.00
$120.00
$120.00
Ho
urs t
o i
nven
tory I
T a
ssets
an
d r
ela
ted
SW
0.5
0.1
0.4
$10.00
$120.00
$120.00
To
tal
Savin
gs
$136.2
5$652.5
0$585.0
0
Co
st/
mach
ine y
ear 1
*$118.00
$18.00
Retu
rn i
n e
fficie
ncy -
d
oll
ars
per
mach
ine
$534.50
$567.00
Co
st
savin
gs f
or o
rg
an
izati
on
based
on
50 m
ach
ines
$26,7
25.0
0$28,3
50.0
0
Base
d o
n s
urv
eys
perf
orm
ed
acro
ss o
ur
part
ner
firm
s cu
rren
tly u
sin
g t
he C
asp
er
Su
ite t
he
foll
ow
ing
rep
rese
nts
tim
e s
avin
gs
for
typ
ical
task
s p
erf
orm
ed
by I
T s
up
po
rt p
ers
on
nel.
*No
te: C
ost
/m
ach
ine
dep
ends
on
th
e num
ber
of
mac
hin
es m
anag
ed w
ith
th
e C
asp
er S
uit
e.
JAM
F S
oft
ware
- C
asp
er
Su
ite
Ret
urn
on
Inve
stm
ent
An
alys
is
This page intentionally left blank JAMF Software White Paper 10
11 JAMF Software White Paper
An overview of the Casper Suite
The Casper Suite offers one set of tools to address all aspects of Macintosh client management including inventory, package building, configuration, image management, image deployment, remote updates, and scheduled maintenance. Since all these applications are fully integrated, there is no need to import or export data or to force diverse tools to work together. Because the architecture all flows through one central database, dynamic inventory information can be used in scheduled maintenance and packages are used for both imaging and updates, promoting efficiency and consistency. The simple user interface ensures that the Casper Suite is not reliant upon one devoted system administrator. The workload can be balanced, with privileges based upon the user’s role in the organization.
The Casper Client Management Suite - Overview
12JAMF Software White Paper
Inventory and asset management with Recon:
An organization’s hardware and software purchases represent a significant investment. Complete, accurate, and timely inventories are usually used to ensure compliance and facilitate planning. However, when the state school board or parent company requires a full software and hardware audit, those system administrators with Recon running inventory can rest easy. Departments with an unmanaged system may look forward to adding staff and putting other projects on hold to meet audit requirements. IT managers can run Recon on a customized schedule using the suite’s advanced reporting frameworks to create branded reports that are ready for review by management or auditors. Several standard templates are included in the suite that meet common requirements and customized reports can be created.
Package building with Composer:
When software is purchased from manufacturers it usually needs to be configured or customized to meet the requirements of the end users. Rather than doing this customization after installation as a post-fix, the use of packages and Casper Admin allows changes to be made prior to distribution so that the software arrives configured and ready for usage. This saves valuable engineering time as well as network bandwidth.
Approved packages on the JSS:
The JSS serves as the central repository for all the packages available across the organization, regardless of department or location. While file servers may be set up for load balancing, the JSS is the sole source for approved packages. That means that only software and updates that are approved by IT management are available to the client machines. This is an easy way to manage software versions, fonts, and utilities: If it’s not on the JSS, it can’t be installed with Casper. It’s that simple.
Computer imaging with Casper and Casper Admin:
When computers need to be deployed, the challenge is how to get standard applications and end user configurations on machines in the least amount of time, while maintaining consistency and accuracy. Casper’s modular approach to imaging makes configuring multiple images a breeze by building each configuration on a base image. The utilization of single OS or application packages used with multiple configurations means that identical components make up all the end user configurations. The system administrator puts the configurations together in Casper Admin, setting up parent and children images, and then pushes them out to the client machines.
Managing the Macintosh Life Cycle with the Casper Suite
13 JAMF Software White Paper
With the pre-staging feature in the Casper Suite, IT can actually associate an image with a machine before it is even out of the box. When the end user plugs in the machine, it can be booted and configured by holding down one key on the keyboard. The machine goes direct from the loading dock to the end user’s desk with no layovers in IT.
Configuration and settings management with Casper and Casper Admin:
The ability to modify end user environments from a central location allows IT to respond to varying demands as rapidly as they arise. Configuration and settings management differs from remote deployment in that it modifies the existing user environment rather than adding or removing components. Settings include printers, security, and other user configurable options.
Computer updates with Casper and Casper Admin:
With the Casper Suite, machine imaging and updating are done with the same tool, ensuring consistency between new machines and those previously deployed. Since changes made to a parent configuration are inherited by all its children, updates are made once in a parent configuration and all associated child configurations are ready to go.
The suite also uses a policy-based approach to tasks that means that recurring rules can be enforced automatically without the intervention of IT staff. Distribution of any file type also allows companies to easily release new documents, such as HR forms, to their employees in addition to software and settings. Remote utilities can be run during off-hours to have a minimum impact on business, while keeping machines well serviced. With the self-healing feature, the Casper Suite checks for packages that have been broken or removed, then repairs or reinstalls the packages automatically. Automated, scheduled repair and maintenance is invisible support that reduces interruptions and incidents for the end user, while giving time back to IT staff.
Managing the Macintosh Life Cycle with the Casper Suite
14JAMF Software White Paper
Policy enforcement with Casper:
End users are often unaware of the implications of their actions when they install unlicensed software, download copyrighted materials, and use unlicensed fonts. This opens up potentially crippling liabilities for companies, schools, and other organizations. To prevent this, organizations write policies that govern computer and internet usage. However they often lack the tools to track and enforce compliance – until now. IT can create custom policies in Casper, reflecting the organization’s culture and governance, that kill, remove, or notify management when restricted material surfaces on client machines. This flexible, custom control puts management back in the driver’s seat.
Remote deployment with Casper:
Updating software, releasing new printers and documents, and applying security updates on all network computers is a time consuming task that needs to be done multiple times per year. Remote deployment solutions reduce the time this takes by automating the distribution. Deployment is scheduled on your timetable, based on your triggers. Schools can reconfigure labs overnight on the weekends or remote users can get updates after returning to a certain building. If you can write a business rule for your deployments, you can write a policy in the Casper Suite that meets your particular needs.
Remote control with CasperVNC:
CasperVNC allows technicians to control client machines remotely to provide issue resolution to machines in the next room or miles away. Remote control saves the organization time, staff, and budget by minimizing end user down time, IT travel time and expenses, and allowing each technician to resolve more incidents every day. CasperVNC is secure because it is encrypted and centrally authenticated.
Managing the Macintosh Life Cycle with the Casper Suite
15 JAMF Software White Paper
RECON AND THE RECON SUITE
Recon is a client application that completes its inventory in 45 seconds. No more clipboards. No more hand cramps. This application gathers an accurate inventory of all network devices and computers, including Mac OS 9, Mac OS X, and Windows machines. Every application, font, plug-in, peripheral, and device on the network is documented and communicated to the JAMF Software Server (JSS). It also logs MAC addresses, serial numbers, purchasing information, and allows IT to associate employees with computers by entering a small amount of personal data.
In a larger environment, Active Directory or Open Directory can be used to help associate personal information with computers. If the organization is struggling with unauthorized software, Recon will find it in any directory on the computer. Recon uses no computer or network resources until it delivers information to the JSS based on the schedule created by the IT department. After delivering its information, Recon sits dormant until the next execution time, sparing the CPU from background processors and the network unnecessary traffic. This robust inventory capability delivers both the big picture and the granular detail needed to inform IT and business decisions. As the piece that lays the groundwork for a managed environment, Recon is an integral part of the Casper Suite.
16JAMF Software White Paper
New reporting framework and built-in PDF reports
License management and reporting
Network discovery and self-updating based on subnet (Mac OS only)
Greater scalability
RECON AND THE RECON SUITE
The Recon Suite is also available as an independent application for organizations grappling with inventory and asset management challenges. The Recon Suite includes Recon and the JSS and is an effective introduction to the world of client management, solving immediate problems while providing a framework for additional functionalities of life cycle management in the future. The Recon Suite works cross platform, reporting on both Macintosh and Windows machines and building a comprehensive database of all these assets.
Casper uses a MySQL database, just one of the many industry standards in the Casper Suite. Custom scripts can be run against the database at any point for easy export to third party systems or in-house applications.
Inventory covers Mac OS 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows NT4, 2000/2003 Professional, XP, and Vista. Machines running any other OS, such as Solaris or RedHat, can be added to the database manually for asset tracking purposes.
Inventory scans of both hardware and software can be automated. Recon uses SSH to perform remote scans of hardware and software. If SSH is not enabled on the client machines, Composer will create a deployable ‘QuickAdd’ package for you that will run an inventory scan and that can enable SSH.
The Recon Suite is broadly scalable, working across 10 to 100,000 client workstations.
The Recon Suite has built in reporting that can be exported to a number of PDF reports, csv, tab delimited, XML or custom HTML files that can include your company logo.
The ReCoN SuITe: an independent, cross
platform inventory solution for your entire
network
Features in 5.0
Requirements
Mac OS: 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows: NT4, 2000/2003
Professional, XP, Vista
17 JAMF Software White Paper
Step 1: The Before Snapshot
Composer takes a before snapshot of a computer’s existing directory structure.
Step 2: Install, Configure, and Take the After Snapshot
After you install and configure new software and remove the updaters, Composer will scan the directory structure and find all changes and modifications. These changes are automatically bundled up for you.
COMPOSER
Composer is the package creation utility in the Casper Suite. Composer allows you to point-and-click your way through the package creation process in four simple steps. Composer allows you to create both .PKG and .DMG style packages.
18JAMF Software White Paper
COMPOSER
Composer uses a snapshot system for packaging. This makes it easy to build a package without needing to know the exact location or names of files that are installed. Whether your installer is a .pkg, .mpkg, .dmg, or VISE, Composer can capture them all.
Packages can be saved in either the .dmg or .pkg format. When a package is saved to the .dmg format, user preferences can be pushed to the user templates and any existing users on the client machine
Many packages can be built automatically if a certain set of software is detected. This reduces time spent on the packaging process and improves the accuracy of your packages.
Composer can be used as a troubleshooting tool. Do you need to know which files are affected by a certain preference change? Composer can capture any changes made in the Mac OS X interface and create a package based on the changes.
PACkAge BuILdINgStep 3: Validate
Before a package is final, Composer allows you to validate the contents. Using Composer’s built in interface or the Finder, you can view all modified directories to ensure that all proper files are in place and to confirm that any upgrade or temporary files are not in the package.
Step 4: Package Type
After verification, Composer will create a deployable package for you. Composer also comes with a feature called Convert Package that anticipates your need to make changes to existing packages. Rollout of a final package can be controlled and scheduled across your entire network or through location-specific servers using Casper Admin and Casper. No command line or fixing permissions is required.
In addition to being a robust application within the Casper Suite, Composer is available as a stand alone utility. See also a Composer demonstration at www.jamfsoftware.com/media/video.php
Requirements
Mac OS: 10.2, 10.3, 10.4, 10.5
19 JAMF Software White Paper
CASPER ADMIN
Casper Admin simplifies building and updating standard configurations for you. Using the software packages created by Composer, Casper Admin associates them with workgroups. The configurations are then deployed using Casper.
Casper Admin is modular, allowing you to use one package for multiple groups. It also creates a user standard for software and eliminates the need to install and configure common packages multiple times. This increases the usability of a package by allowing it to be associated with as many workgroups as necessary without having to recreate the package. Casper Admin can assign different packages to different groups so that customized installs can be implemented based on differing job functions, shifts, or usage needs.
Because of this modular approach, it’s easy to update images in Casper Admin. For example, if an update is released to a piece of software, you can edit the original package using Composer and drop the updated package into Casper Admin. Using Casper, you can quickly deploy this update to remote computers that have the older version installed. At the same time, any new computers that are imaged also get the latest version of the software because the package is assigned to the workgroup.
Casper Admin reduces the amount of time and labor needed to support end users with disparate software needs and provides a more consistent and easier environment to manage.
Requirements
Mac OS: 10.2, 10.3, 10.4, 10.5
The modular based approach to images in the Casper Suite means that software titles can be packaged once and used in multiple configurations, eliminating repetitive work. It also means that images can be easily maintained by swapping out packages as needed through an easy drag and drop interface.
The parent-child relationship between configurations in Casper Admin makes it easy to manage similar images by putting all the common packages in the base configuration. The smart configurations made from the base configuration inherit all its packages. Additionally, when changes are made to the base, its children are automatically updated.
There is no need to maintain separated images for different hardware or OS types. Every package in Casper Admin has built in logic that can identify the machine processor and install the correct software. This same logic can also be used for software titles that require a specific version of Mac OSX or have other dependencies.
After a machine is imaged using Casper, the JSS can remember which configuration was used, including any custom changes made to the configuration. That way, the next time the machine is imaged, the Casper Suite remembers the exact configuration, removing the need for long memories or image management spreadsheets.
IMAge MANAgeMeNT
20JAMF Software White Paper
Casper can install OS upgrades. Using before and after scripts upon imaging, Casper can forklift user data to a separate location, image the OS partition, and restore any previous user data. This strategy makes the upgrade to the latest OS version a breeze for administrators while minimizing disruption to your users’ workflow.
Casper’s imaging can be fully automated and eliminates the need for post-fixes, providing the ability to image client machines in remote locations without human intervention.
Using a hidden partition, Casper allows imaging without a network connection so that mobile users can easily refresh a machine while out in the field.
IMAgINg
CASPER
Casper is the component that is used to image, update, and maintain existing Macintosh computers or set up new ones. Casper’s functionality means consistency between computers, whenever and wherever they’re deployed. Local or remote imaging is easy and packages can be pulled from local Mac OS X, Linux, Solaris, and/or Windows servers. You can schedule this activity across your network in the middle of the night, over the weekend, at login, or whatever works for your organization. Using Casper, you can reload a computer from scratch, remove unauthorized applications, perform preventative maintenance, and more.
Local Imaging
Network Startup devices can be used to individually image machines and is an effective imaging strategy. Casper can also cost-effectively deliver consistent first-images to all machines using a locally attached FireWire drive. Casper also gives you the flexibility to do more with your installs. Casper comes with options for installing configurations, such as erasing the disk, installing software, naming the computer, creating local user accounts, binding to Active Directory, specifying network settings, adding printers, and rebooting. Since all of these unique settings are established prior to imaging, there is very little post-fix work to be done.
21 JAMF Software White Paper
CASPER
Remote updating
The most efficient way to update a deployed machine is to use Casper. Casper can push packages immediately or initiate a client side pull from a file share that has the computer’s required packages. The forced pull requires dramatically lower network usage than the standard push to end users’ machines. The file shares that Casper uses as a package source can be housed on Mac OS X, Linux, Solaris, and/or Windows computers. Since the only requirement for a package source is the support of AFP or SMB, an organization can have as many shares as needed to support multiple floors or locations.
Beyond standard package pushing and uninstalling, Casper has the ability to manage virtually every aspect of client computers. You can manage the mapped printers, local accounts, Active Directory bindings, add or remove items from users’ docks, and run software updates from locally hosted SWU servers.
Pre-Staged Imaging
With the pre-staging feature, IT can actually associate a configuration with a machine before it is even out of the box. When the machine is plugged in, it can be booted and configured by pressing one button. The machine goes direct from the loading dock to the end user’s desk with no layovers in IT.
Casper can both push and pull. Whether you are performing remote administration or sitting directly at the client machine, software can be installed to meet your users’ needs.
Casper can remove older versions of software. To uninstall software, simply create a package in Composer and Casper will know which files to uninstall.
Casper will restart downloading after interruption using the self-healing feature. Using Casper’s policy framework, clients will continue to run tasks until all tasks in a policy have been completed.
Casper can work across subnets, whether clients are located in he next room or across the country. Using file servers at remote locations, clients in the remote location will look first to local file servers to minimize communication over the WAN. If the local file server becomes overloaded, the clients will automatically fall over to a secondary filer server.
ReMoTe dePLoyMeNT
22JAMF Software White Paper
CASPER
Remote utilities
Supporting machines that are frequently imaged and updated becomes easier because troubleshooting utilities can be run remotely.
These actions can be run manually or on an automated schedule:
Update inventory • Fix permissions • Change administrator password • Search for any file • Search for any file type • Delete any file • Kill any active process running in memory • Run any UNIX command as Root • Flush caches•
Self-healing packages
Pre-stage imaging for mass deployments
Network discovery and self-updating based on subnet
Greater scalability
Features in 5.0
Requirements
Mac OS: 10.2, 10.3, 10.4, 10.5
23 JAMF Software White Paper
JAMF SOFTWARE SERVER – JSS
The JSS is the web-enabled database that accepts and organizes all of the information from the other components of the Casper Suite. Unlike many utilities used in client management, the Casper Suite revolves around this centralized server. One common repository allows you to track all necessary information, monitor usage, and perform administrative tasks and support functions across multiple locations.
The JSS Web Server
Because the JSS is a web server running on your intranet, it allows users on Macintosh, Solaris, Linux and Windows platforms to access its functionality. Communication with the JSS is secure using industry standard SSL encryption.
The JSS allows you to remotely track:
End user information • Purchasing, warranty, and vendor information • Hardware details • Software versions and base installs • Asset tags with bar code support•
24JAMF Software White Paper
Performing Administrative Tasks
The convenience of the JSS makes administrative tasks easier. you can:
Create users. This allows you to assign different levels of control to • different users in your IT department.
Create departments. Set up functional workgroups within your • organization.
Create buildings. Create logical names for your sites. • Manage peripherals. Add, delete, and modify peripherals supported • within your organization.
Manage file servers. Add additional locations in order to pull • packages.
Manage LDAP servers. Add, delete, and edit LDAP servers to get user • and group information.
Bind your Active Directory information with the JSS. •
Create policies. Policies allow you to perform all of the remote management tasks that Casper can perform automatically. This allows you to manage all of your client computers from any web browser.
Multiple Locations, one JSS
The information passed between client machines and the JSS are small XML transactions that enable data to be passed quickly over great distances. The Casper Suite also takes advantage of file shares to pass its packages to client machines. This division of labor means environments can have their configurations stored in one place while files are distributed from share points on local subnets.
JAMF SOFTWARE SERVER – JSS
Greater scalability
New improved look and feel of the JSS
Features in 5.0
Requirements
Mac OS: 10.3 or 10.4, 10.5 Server Also; Windows: NT4, 2000, XP, 2003 Server, Red Hat, SUSE, Solaris
The JSS will retry for machines that are off of the network. The JSS keeps a log of tasks that have run on a group of machines and those that have not run an assigned set of work. If the client is not on the network when a policy runs, the task will be attempted the next time it is on the network.
The Casper Suite will replace software that the end user deletes. Using the self-healing feature, the Suite can compare a list of software that is currently installed against a list of known software the machine should have and automatically restore it to a known good state.
The Casper Suite can install files for later activation. When pushing packages using Casper, you have the option to store the packages to a cached location on the client to be installed later.
The Casper Suite distributes the server load across multiple servers.
The Casper Suite does not require programming or scripting. All functions of the Casper Suite can be managed using a combination of the web interface and GUI client applications. Casper’s entire policy engine can be managed through the web interface, thus allowing easy management from any machine that has a web browser, including Internet Explorer, Safari, or Firefox.
Policies can be cached offline. Routine tasks such as flushing cashes, fixing permissions, or installing cached software packages can be run without a network connection.
PoLICy eNFoRCeMeNT
25 JAMF Software White Paper
CASPERVNC
Assisting end users is more convenient through the use of CasperVNC. This tool allows you to observe and control a managed desktop using your keyboard and mouse. This works well for certain kinds of training, providing immediate assistance to end users, and troubleshooting. The down time associated with having to get to a user’s office is gone. If you have traveling staff or users, they no longer have to wait until they get back to the office to receive support. As travel costs increase and efficiency becomes more important, CasperVNC can lower expenses immediately.
CasperVNC is also a secure way to accomplish remote control of client machines because there is not an agent listening for an inbound connection. Administrators with the proper credentials must initiate the session, which then starts VNC through SSH. When the problem is solved and the administrator is finished, quitting the VNC session kills the application on the client side and the entire transaction is logged in the database. Now you know who controlled which machine at what time and from which IP address.
Security, documentation, and accountability are built in to the CasperVNC.
See the JAMF Software Security Presentation at www.jamfsoftware.com/media/video.php
Requirements
Mac OS: 10.2, 10.3, 10.4, 10.5
CasperVNC tunnels connections through SSH. The VNC server is launched on demand when trying to control or observe a remote client. This minimizes the possibility of a security threat through the VNC port on client machines.
Every connection and all remote control, including VNC, are logged centrally in a database.
Every connection is centrally authenticated to the JSS or directory service.
CASPeR VNC SeCuRITy
26JAMF Software White Paper
TRAINING AND SUPPORT
JAMF Software’s commitment to staff developmentAcquiring software is only half the challenge: Implementation is where real change happens. JAMF Software and its integration partners deliver initial installations, training, and certification, as well as other professional development services, to ensure that you get the most out of your investment. If you don’t have time to do it yourself, we also deliver specific projects, including inventory, imaging, and package building, using the Casper Suite toolset. JAMF Software is about solutions, as well as writing code.
JumpStart
This onsite visit introduces the Casper Suite to your environment and gets it up and running correctly. Working with your IT staff, Certified Casper Administrators from JAMF Software or our approved integrators will install your JSS, inventory a subset of your computers, and create packages. The JumpStart lasts three to five days and may also include other tasks that solve your immediate problems, depending on your organizational needs.
At the end of the JumpStart Program, you will better understand how to resolve the business challenges facing your network by using the tools within the Casper Suite.
CCA – Certified Casper Administrator
The CCA course is intended for individuals who have existing Casper Suite installations that they want to improve. This 4-day course is a hands-on series of exercises where system administrators increase their proficiency through problem resolution using the Casper Suite. This is a great opportunity to strengthen current skills, connect with the JAMF peer community, and get the most out of the Casper Suite.
Imaging. Package Building. Inventory. We can do it for you.
Ask us about our project delivery programs.
27 JAMF Software White Paper
TRAINING AND SUPPORT
Annual Support Agreements (ASA)
The ASA entitles users to new versions or product updates, and includes phone and email technical support. We encourage customers to contact us for assistance and support. Our goal is to provide a high level of customer service, with a four-hour response time to support requests whenever possible. The ASA also includes product documentation, including a librarian indexed, searchable pdf, and access to the product List Serve and related mailing list archives.
Support Mailing Lists
Current administrators share ideas and thoughts regarding their installations using the JAMF Software Support Mailing Lists. Occasionally, problems that are encountered at one institution have been resolved by another and answers are shared through this peer network. There is no charge to join the list, and there are no requirements that you be a customer or prospective customer before being granted access.
28JAMF Software White Paper
PURCHASING
JAMF Software provides several ways for organizations to step into a managed client environment. From a stand-alone packaging utility to the full Casper Suite, organizations can address the challenges they have today with the appropriate applications. JAMF Software is focused on solving the problems of customers. The versatile framework of the Casper Suite allows an organization to use our toolset creatively to create custom policies and solutions. The JAMF Software development cycle is responsive to client feature requests, and we have tried to provide applications that speak to your needs, projects, and requirements.
Composer
If you just need a better package building utility, Composer fits the bill. Easy, flexible, and fast, Composer allows you to build packages that make imaging and updating more efficient than ever before.
The Recon Suite
If you are facing a Macintosh or cross platform audit, or want to build and maintain a centralized hardware and software database, the Recon Suite is a good fit. Some organizations need to do a detailed, accurate inventory before they can even start thinking about overall client management. Because IT assets come in all shapes and sizes, Recon works cross platform, compiling a complete inventory of your Windows and Macintosh machines, software, and peripherals. The Recon Suite is the first step toward a no-surprises environment. When you are ready, you can always step up to the full Casper Suite.
The Casper Suite
Our most robust collection of software, the Casper Suite is for those organizations that are ready for an integrated client management system, where inventory talks to updates, packages talk to imaging, and updates talk to imaging. Once an organization installs and runs the client network with this approach, they rarely go back. Automated life cycle management is simply the most efficient, accurate, and complete method of taking care of a large number of machines. Casper Suite is the only complete client management solution developed exclusively for the Macintosh platform.
Inventory. Image. Update. Maintain.
29 JAMF Software White Paper
COST STRUCTURE
Pricing for the Casper Suite and the Recon Suite is calculated per client machine. The per seat price includes the installation of one JSS, with as many file share (child) servers as the organization requires.
discounts
Discounts on the per seat price are applied for volume purchases.
Annual Support Agreement (ASA)
The cost of either suite from JAMF Software also includes the ASA, which is calculated at 18% of the purchase price. Annual maintenance is mandatory and entitles the customer to all product updates for a year, plus free email and phone support from JAMF Product Specialists. Annual maintenance is due every year on the anniversary of the date of purchase. Every year, the customer runs a count of it is managed client machines and trues up the seat count for the upcoming year.
Serving education
JAMF Software is a proud supporter of K-12 and higher education. JAMF Software knows that educators must manage large organizations on tight budgets. Though moving these large client bases to a managed environment will save significant budget all by itself, the initial purchase price can be difficult for some schools. With that in mind, JAMF Software provides purchase discounts to these organizations to enable them to realize the savings and benefits of moving to a managed environment.
Higher education receives a 30% discount off the commercial per seat price. The ASA is calculated at 18% of the actual purchase price.
K-12 educators participate in JAMF Software’s ‘straight to maintenance’ program. This means that the per seat purchase price is discounted 100% and the school system is responsible only for the ASA, calculated at 18% of the commercial purchase price. K-12 technical departments can manage their networks with a predictable, annual budget item. Where school systems are implementing or managing one-to-one programs, this can mean the difference between adding staff or performing better support with existing staff.
Please contact JAMF Software for details about pricing for your organization!
This page intentionally left blank JAMF Software White Paper 30
Casper Suite Summary
Component Function RequirementsLocal and remote installation of software; remote utilities Mac OS X
Organizes software packages and scripts Mac OS X
Allows for the remote viewing and control of managed desktop computers
Mac OS X
Package creation utility Mac OS X: 10.2, 10.3, 10.4, 10.5
Centralized hub through which all other applications interact; hosted web database
Mac OS X or 10.4 ServerWindows NT4, 2000, XP, Server 2003 Red Hat, SUSE, Solaris
Gathers inventory and asset information that is sent back to the JSS
Mac OS: 8.6, 9, Mac OS XWindows NT4, 2000/2003 Professional
JAMF Software1011 Washington Ave. SSuite 350Minneapolis, MN 55415
Contact [email protected]@jamfsoftware.com
MinneapolisNew YorkLos AngelesLondon
SupportSupport UK
(612) 605-6625(646) 416-6923(213) 291-8863020 7993 8364
(612) 216-1296020 3002 3907
Revision Date: 8/20/08