Rich Trouton, IT Technology Senior Consultant, SAP, discussed how SAP pivoted quickly to a remote workforce when faced with the COVID-19 epidemic.
But first, he gave us an idea of the timeline he was facing: from March 2, when the SAP Executive Board sent a company-wide email to ask that only business-critical travel happen in March, to March 20th, Trouton's team had to ramp up to support 100,000 SAP employees working from home.
Well, that escalated quickly.
Or did it?
Years of laying the foundation
It might have looked like it happened overnight, but it in fact took years of preparation.
"It’s fair to say that SAP spent years unknowingly preparing for the situation we’re now all in because SAP has fostered a remote-friendly workplace culture for a while," says Trouton. "In order to work remotely, you need the approval of your immediate manager. In the US, a large percentage of the SAP America workforce works either partly or entirely remotely."
Because SAP has already fostered a remote-friendly workplace, they were already partway there.
Transforming the set up and updating of Mac systems
Trouton's team are long-time users of Jamf Pro, which gives them the ability to set up new Macs, install software and manage the Macs' configuration and settings.
In particular, users and technicians rely on Jamf's Self Service portal to install SAP-approved software and to run scripts to diagnose and fix problems. "It is difficult to overstate how useful Jamf Pro is to our company's Mac users," says Trouton. "In 2020, it is available to every SAP Mac with an Internet connection."
Before 2016, SAP was doing what a lot of companies do: their Mac environment was trying to replicate the Windows environment as much as possible. They had a Jamf Pro server which could only manage Macs when they were on the company network. As soon as a Mac left the company network, SAP was unable to manage them or provide any of Jamf Pro’s services like the Self Service portal.
They had two seperate wikis, both of which required being on the company network; all of the Macs were bound to an on-premise Active Directory domain and used it for account and login information. This AD domain was only accessible within the company network. Their new machine setup process relied on installing the OS from a USB flash drive, then running a separate script which enrolled our Macs with Jamf Pro. Once enrolled, Jamf Pro would then install software and configure the Mac’s settings. Because their Jamf Pro server was only available on the company network, new machines could only be set up in an office. The number of distribution points also meant a delay in deploying software, as all needed to be updated before the new software can be installed.
"If coronavirus had struck in 2016," says Trouton, "it would have been difficult if not impossible to transform this into a good work-from-home experience."
How did they do it?
First, the company consolidated its knowledge base with one Jam site dedicated to Mac @ SAP, and learned to refrain from reinventing the wheel.
Then, they freed themselves from being trapped in the physical office with Jamf Cloud. Now, SAP IT manages all Internet-connected SAP-owned Macs, no matter where they are.
They also cut down on the infrastructure they needed to set up and run themselves in favor of using Apple’s cloud services. For example, they now use Internet Recovery to wipe and reload an operating system instead of having to set up and maintain their own tools. They use Apple’s software update services in place of using on-premise caching servers. They also use the Mac App Store to upgrade to new versions of macOS.
Next, they developed three apps to handle certain needs they saw within the SAP Mac community:
Refresh: an imaging tool that anyone can use.
Assistant: works at the user-level to help users configure their Mac.
Privileges: allows a standard user to easity request and recieve admin rights, and just as easily turn them off when they don't. Privileges is also a self-contained application without network dependencies, so it can be used anywhere at anytime. (For information on packaging it, please visit Rich Trouton's web site.)
"As of April 1st," says Trouton, "we've rolled out a new method where Jamf Pro is used to connect to the AD certificate server and retrieve an SSO certificate for that Mac's user. Since Jamf Pro is accessible from any internet connection, this means that getting an SSO certificate no longer requires a connection to the corporate network."
In four years, Trouton and his team turned a process that required the corporate network and a lot of support from IT into a process which can be run by one person, sitting in at home.
"While we didn’t have a crystal ball and didn’t see this pandemic coming either," says Trouton, "the actions we took between 2016 and 2020 were the right ones to help us quickly move our workforce from one in the office to one working at home."
- Make sure your employees are well-equipped to work no matter where they are located.
- Find and remove barriers to getting work done remotely.
- Leverage the Cloud.
- Have a Plan B (and C). Having a Plan B and C is essential when things go even more sideways than you think they possibly can.
- Talk to your people and make sure they’re OK. SAP management went to great lengths to keep the company as a whole in the loop on what was going on and how it affected us as a company.
For more detail on the company's preparations and communications, watch the full SAP in the Haus video. Don't forget to wait until the end when you can download Trouton's speaker notes and slides!