The beginning of any new journey can yield surprises, but an experienced navigator can help chart a safe course. Dave Acland, Technical Director at Amsys and Casper Suite Integrator, has sailed the Casper Sea a time or two before, and set out today to share his Apple device deployment strategies with an audience made up of about 50% new implementations.
Acland kick-started his presentation with an old adage, To err is human. “Mistakes. We make them. Don’t hide from them. Make them, then share and learn from them.” With that in mind, he set in to cover his first step – planning.
Among the highlights, “Set goals and consider who they will be benefitting. Determine who should be involved and make sure everyone you need is onboard. Get everyone to discuss the design and prerequisites ahead of time.” A 2015 Dean’s List honoree, Acland chuckled as he recalled a JAMF Nation post where an IT administrator had been given the task of implementing the Casper Suite without any proper planning. It read (desperately) something like, “Can anyone tell me what I can do with Casper??” Of course you’re dead in the water at this point. “It’s a little too late,” Acland said. “Work out your goals first.”
Packaging, Imaging, Policies, and Profiles followed.
“Understand the packaging process first before you jump into AutoPKG. Determine if you need re-packing? A vendor package? Above all, avoid monolithic packages. Use only the files you need, and avoid the System Keychain.”
"For imaging, first determine if you need an OS image deployment or if you’re wasting your time. If you find that you do, create a clean OS image or DMG. A few additional considerations include NetBoot. It can be really useful, but if done wrong, it will cause a lot of problems. Make sure the network link and drive is fast enough, and use IP-helpers. It will make your life a lot easier. Last but not least, TEST, TEST, TEST. And test at scale, not just on one machine."
Up ahead, danger might be lurking…watch out for inventory and scoping to smart groups. “Make sure you’re doing inventory updates, otherwise it won’t know, for example, if Flash is installed and will run the update over and over.” Acland elaborated on a few additional chaining policy tips. “Traditionally, smart groups are the best way to accomplish this, but you can use logs and ‘Once per computer’. But avoid log-in and log-out triggers. It annoys the user and takes a long time.”
While setting up your configuration profiles, there are a few things that should be understood prior to jumping in. “Understand the APNS process. Understand the ports, the direction the traffic is flowing, and again, avoid monolithic profiles.”
As he moved along to scoping, “Always start with ONE device!”, the audience broke out in laughter. “If scoping based on EAs (extension attributes), test very carefully,” Acland stressed. "If you plan to use exclusions, just remember that they equal complexity. I tend not to use them. Even if they seem like a good idea at the time, you won’t remember what you meant to do it if you come back to it a few months later.”
Acland wrapped up this helpful session with a few outlying pointers, and the audience broke out into a Q&A session. As with any voyage, no one can completely predict how smooth the sailing will be. Be prepared for anything to happen and go with the flow. Map everything — documentation will be key for long-term success.