Jamf Blog
October 24, 2018 by Rachel Nauen

How SAP provides the best Mac experience possible

Learn how SAP's Mac CoE team is using Amazon Web Services, Jamf Pro, tools developed in-house and SAP's software to eat, sleep and deliver a productive and secure Mac environment.

Anyone who has been to a past JNUC has probably heard Rich Trouton of SAP speak. A JNUC staple, Trouton has been doing Macintosh system and server administration for over twenty years and has supported Macs in a number of different environments. His current position is at SAP, where he works with the rest of the Apple Center of Excellence (CoE) team to support SAP's Mac community.

SAP had to start somewhere…

In 2016, Thomas Saueressig became the new CIO at SAP. As part of his new role, he decided that SAP needed to provide not just a good experience for SAP's Mac-using employees, but the best experience to be found anywhere. SAP had a way to go, though – in 2016, the Mac environment was trying to replicate the Windows environment as much as possible. SAP had an internal-only Jamf Pro server. That meant that they could only manage Macs which were on their internal network or connected via the VPN. As soon as a Mac left the corporate network, they were not able to manage them.

Their imaging process relied on installing the OS from a USB flash drive, then running a separate script which enrolled the Macs with Jamf Pro and running policies to install software and configure the Mac’s settings. There were a TON of local distribution points, which meant a lag for deploying new software – NOT IDEAL.

Jamming with Jam and making big changes

On the bright side, SAP found one program that was working well — Jam, a secure collaboration tool. The Mac@SAP Jam community was very active and had more than 3,000 members in 2016, so it was a natural place to hold discussions and Q&A with SAP’s Mac users. As a bonus, the Jam community is accessible from outside the SAP network and there is even a Jam mobile app. SAP decided to concentrate content for both the general Mac community and IT technicians into this site.

The decision was also made to adopt new methodologies to help SAP respond more quickly to community needs and develop a more user-centric focus. The first methodology change was to adopt agile methods, by identifying owners for the various Mac applications used at SAP and instituting a monthly cycle of identifying changes, testing them and deploying them. The second methodology change was to adopt a more DevOps like approach, where SAP would start to build their own custom applications to solve problems in place of waiting for vendors to solve them. SAP also made their Jamf Pro server accessible to the outside Internet, which allowed management of corporate-owned Macs as long as they had an Internet connection. To help support this, they also added a Jamf Pro cloud distribution point hosted in Amazon Web Services.

Relaunching Mac@SAP

These changes were made more urgent by how the company’s Mac population was growing by leaps and bounds. SAP also had an increasingly mobile workforce, where laptop population far outstripped desktop population. SAP then decided to relaunch the Mac@SAP experience for its Mac-using colleagues.

  • Four new apps – Refresh, Assistant, Signature and Privileges.
    • Refresh was built to be an imaging tool which anyone can use. A user didn’t have to wait on IT to rebuild a Mac, they just needed to have a spare machine or colleague’s spare machine, which could connect to Target Disk Mode.
    • Assistant configured the Mac at a global level and installed all necessary software using Jamf Pro policies. It also worked at the user-level to help the user configure their Mac.
    • Signature helps users set up their email signature — a common issue at companies!
    • Privileges allows users to work as standard users most of the time, because they can always request admin rights when they need them. Privileges is also a self-contained application without network dependencies, so it can be used anywhere at any time.
  • A new emphasis on transparency — Apple Pies allows us to display certain information from SAP’s Jamf Pro server in an easy to understand format. All information displayed is pulled live from the Jamf Pro server, so Apple Pies is always up to date.

Using these tools helped SAP organize and communicate to end users clearly, which made their Sierra and High Sierra upgrades go smoothly!

What’s Next for Mac@SAP

SAP just announced it has welcomed the nine thousandth member of the Mac@SAP online community. They began support for macOS Mojave on release day and redeveloped their new machine setup process for non-DEP Macs, to add user-initiated enrollment to the process and include a new assistant app named Apple@SAP. The new enrollment workflow ensures that their Macs have user-approved (mobile device management) MDM enrollment from the start. Jamf Pro continues to be SAP’s choice of management tool, so they are now managing their macOS and tvOS population exclusively with Jamf Pro and migrating their iOS management to Jamf Pro as well.

See Jamf’s recent news about SAP choosing Jamf to manage all their Apple devices.

Rachel Nauen
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.