+ Post New Thread
Results 1 to 13 of 13
Mac Thread, School using Ipads and Macbooks in Technical; Hi, My school have put in an order for a load of Ipad Airs, Macbooks as well and I want ...
  1. #1
    Techdw's Avatar
    Join Date
    Jan 2009
    Posts
    164
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    School using Ipads and Macbooks

    Hi,

    My school have put in an order for a load of Ipad Airs, Macbooks as well and I want to know what the best way of setting this up and lock them down and be able to use AD accounts to be able to log into them.

    I am guessing I will need a Mac Mini as well, how do the Ipads and Macbooks get locked down??

    I am a Windows guy so all this apple stuff is new to me.


    Thanks in advance.

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,802 Times in 1,551 Posts
    Blog Entries
    12
    Rep Power
    467
    You need to separate the post really. Macs and iPads are not the same, they do not run the same operating system. iPads run iOS and Macs run OSX.

    Someone else will be better advising what to do. But i do know you can't login to a iPad like you can a computer. You can authenticate to get an internet connection but thats about it.

  3. #3
    Quackers's Avatar
    Join Date
    Jan 2006
    Posts
    1,433
    Thank Post
    45
    Thanked 156 Times in 131 Posts
    Rep Power
    56
    You can join your Mac's directly to Active Directory very easy. If you want to lock them down you will need to use Profile Manager, you can also use Profile Manager to manage the iPads. This is part of Apples Server.app which you can get from the Mac App Store, you will want a Mac Mini to run as a dedicated Mac Server ideally. I recommend DeployStudio for imaging the Macs, its free, you can also make DeployStudio do the AD joining for you. If you want to spend money you can get 3rd party stuff to use Active Directory to lock down the macs, but i use Profile Manager. It will be a VERY big learning curve if you're new to Macs, as everything you know on the Windows world you did not learn overnight, and will more than likely have to make a few scripts to get the end user environment exactly how you want it, but thats no more than had to be done in the Windows NT 4 days.

  4. #4

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,663
    Thank Post
    49
    Thanked 473 Times in 342 Posts
    Rep Power
    142
    Quote Originally Posted by Techdw View Post
    My school have put in an order for a load of Ipad Airs, Macbooks as well and I want to know what the best way of setting this up and lock them down and be able to use AD accounts to be able to log into them.
    So yet another school spends tax payers money on a technology refresh that changes the entire dynamic without having thought about the management impacts and costs involved?

    It seems that most schools don't have concerns for ROI, Feasibility Studies, Risk Assessments etc when it comes to IT related projects..

    What happens when they find they can't do half of the things they used to do on the PCs?
    A load more money needed to update or replace software licenses etc, integrate them into a Wintel infrastructure, MDM and secure them! Yet alone deal with the scripting, resource mapping , storage and backup/deployment issues.

    I recently had a PC user Sports Analyst using a £500 laptop and a £90 capture device decide he wanted to switch to MacBook.

    By the time he bought the Mac, all new software, Thunderbolt capture device and produced his first Mac Based project the cost was well in excess of £5k almost 10x the cost of the PC refresh.
    He went on his first away day with it to find his new toy and capture device now only accepts HD video input so he needed another piece of kit to convert from CV to HD/SDI as Composite video was all that was available.
    The resulting upscale/conversion results in an end product no better than the PC version he had previously.

    He has now decided to run both systems side by side as he can't find a true compromise. ;D
    The HD files created as a result of the switch to Macs have also required a huge demand on storage and backup requirements likely to add £20-30k in additional costs over the next 5 yrs.

    To the average joe PC/Mac they only see the difference in the initial CapEx maybe £500 not the longer term impact of such adoption.

    But your not the decision maker or cheque signer, so you have to do the bidding of your paymasters and make this stuff work which is why you turn to EduGeek for help... As they didn't even consider they only had a windows team to support their ideas!

    I have another school where Macs where deployed... They now boot them and run Windows as the Primary OS!

    You have to laugh, unless your a tax payer...

  5. 8 Thanks to m25man:

    AntonioRocco (1st August 2014), Arthur (31st July 2014), FN-GM (31st July 2014), jdoyle (31st July 2014), lionsl2005 (6th August 2014), markwilfan (6th August 2014), synaesthesia (5th August 2014), VeryPC_Colin_M (6th August 2014)

  6. #5

    Join Date
    Aug 2014
    Location
    North West, England
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Looks like not everyone is an Apple fan
    I am from an ICT provider, that regularly deploys iPads and Macs in school environments, so come across your concerns on a regular basis...

    Ok, so even though your iPads and Macs run different Operating systems (iOS and Mac OS respectively), this is not a problem, as they can be managed in the same place. If you grab yourself a Mac mini and the server app (depending on the number of devices you might want to look at enhancing specs, i.e. 8GB of RAM etc), you can actually enrol all of your Macs and iPads for management from your Mac server (using Profile Manager).

    Profile manager will allow you to create groups/policies etc and manage all your Apple devices from one place!

    The Mac server will also facilitate the integration of your Macs to your AD (check out the 'Magic Triangle' for more info on Mac/AD integrations).

    As you are aware, iPads do not have a 'login' screen as such, so you can't just link them up to the AD... there are ways to get data sharing between your AD and iPads, with various amounts of labour, costs etc (also some really nice free ways of doing things!!)

    Can I also ask what version of server you run?

    Hope some of this helps
    Scott

  7. #6

    Join Date
    Aug 2014
    Location
    North West, England
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Also, not sure how helpful the comment from M25Man is...
    Without proper instruction and consultation ANY piece of IT can be useless!

    For example, if you were sold a toaster on it's capabilities to heat bread, but were never told to plug it in to make it work (i.e not given proper consultancy and instruction before sale), it would very quickly become a door stop...

    Surely ANY device can be valuable is used correctly, and a long as you are getting the proper advice, guidance, and support... be it Windows, Android, Apple etc

  8. #7
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    "The Mac server will also facilitate the integration of your Macs to your AD . . ."

    Apologies but I don't think this is correct? Any client OS X will do this all by themselves without OS X Server facilitating anything. In reality you don't really need OS X Server if all you want to do is integrate mac workstations into AD. Furthermore there'll be local out-of-the-box policies that will apply for any user that is not the local administrator on that workstation. Again no need for OS X Server.

    However, OS X Server does provide a cheap platform for powerful deployment tools (the best are 3rd-party) as well as defining a more granular and far reaching approach to policing mac workstations similar to what you see in Windows.

    Antonio Rocco (ACN)

  9. #8

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,270
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by AntonioRocco View Post

    However, OS X Server does provide a cheap platform for powerful deployment tools (the best are 3rd-party)
    Agree with the third party comment, the Apple tools do seem to be able to get the job done, at least partially with ipads but with 30 of them on there the brand new mac mini slowed to a crawl. It takes a good couple of minutes to log out locally and log ins take as long. Hardware is fine but the software has got the wrong end of the CPU somewhere, it makes me wish for Windows NT4 let alone a more modern server OS.

  10. #9

    Join Date
    Aug 2014
    Location
    North West, England
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the comment Antonio:

    Bordoni: "The Mac server will also facilitate the integration of your Macs to your AD . . ."
    Antonio: "Apologies but I don't think this is correct? Any client OS X will do this all by themselves without OS X Server facilitating anything"

    Can I ask if you have looked up the 'Magic Triangle' scenario mentioned above?

    This is something we have been deploying under Apple's guidance for years, and many reputable guides/forums etc will outline this as the recommended process.

    "For mixed networks of Windows and OS X computers, Apple now tells server admins to bind Macs to both an Active Directory server and an Open Directory server, a configuration it calls a "magic triangle"—the Active Directory server handles authentication and settings for the Windows computers and authentication for the Macs, while the Open Directory server controls settings for Macs." Ars Technica

    To elaborate (and you touched on it above yourself) binding to AD is just part of the process... AD handles authentication, whilst OD (Mac server) handles
    GPO, you then add AD users in to an OD group and apply settings.

    I see what you are saying about being able to remove the server from the equation, but is this not a 'quick and dirty' solution?
    Especially with Mac minis being so cheap these days.

    And in this instance, with an MDM solution being required for the iPads mentioned above, seems like a good fit to me

  11. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,802 Times in 1,551 Posts
    Blog Entries
    12
    Rep Power
    467
    Especially with Mac minis being so cheap these days.
    They used to be cheaper!

  12. #11
    lionsl2005's Avatar
    Join Date
    Nov 2008
    Location
    Barnet
    Posts
    567
    Thank Post
    393
    Thanked 25 Times in 24 Posts
    Rep Power
    18
    We have MAcs with VMware Fusion running windows 7.

  13. #12
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    @ScottBordoni

    "Can I ask if you have looked up the 'Magic Triangle' scenario mentioned above?"

    I'll answer your question this way if that's OK? I was one of the few to try integration back in 10.3 (Panther) when it first became tentatively possible. At that time conditions had to be even more 'just right' than they became later on if it was to be successful. With the release of 10.4 (Tiger) integration became more viable even though the AD environment still had to have the 'Goldilocks' factor. Since then I've been trying my hand at integrating anything Apple anywhere and everywhere. In those early days Apple did not call it triangle anything. If you managed to talk to an Apple Systems/Software Engineer (these were then and still are now, thin on the ground) they would call it 'dual directory' or AD-OD Integration, and, for me, that sums it up neatly.

    Unlike Windows OS X can interface with multiple LDAP databases and I suppose that's what makes it unique - or if you like, 'Magic'. As 10.4 matured Apple began to call it the 'Golden Triangle' and with the advent of 10.5 (Leopard) Joel Rennich and others coined the phrase 'Magic Triangle' and, depending on what was required, the even sillier 'Cylinder of Destiny'. CoD was unique to 10.5 and 10.6 as it involved augmenting records to provide dual home folders for a single user (if that was required) that were independent of each other.

    CoD 'died' with the advent of 10.7 (Lion) but that did not matter because 'Magic Triangle' was all anyone really wanted and could cope with anyway.

    Apple do indeed recommend using OS X server but that does not mean their recommendation is the best or suitable for everyone's needs as their are other solutions that are better. Casper is one that stands out for me and their are others. As ever consulting with the end user regarding their requirements and developing a solution thereafter is more preferable rather than giving them what's recommended whether they want it or not. I've experienced this myself at some sites where they've had the 'recommended' and it didn't work for them at all. Who picks up the bill when that happens? Us, the taxpayer.

    I leave you with this last thought. Apple regards their own MDM as the baseline for the others. Mobile Iron and AirWatch are far superior and neither of them have anything to do with Apple. Anyone ever wondered which MDM Apple themselves use?

    Antonio Rocco (Apple Consultant & Systems Engineer)

  14. #13

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,081
    Thank Post
    210
    Thanked 431 Times in 311 Posts
    Rep Power
    145
    You'll have a lot of fun with the iPads if they are a shared resource, because iPads are not designed to work in this way, and it's incredibly tricky to used them as a shared resource because of the way they work, however it's not impossible.

    However, using a free on-line service like Meraki https://meraki.cisco.com/products/systems-manager to manage the devices can be useful, and getting to grips with apple configurator to allow you to mass-wipe them and re-configure them (get an iMac for this, it allows you to do 30 at a time!)

    I too was a 'windows guy' and still am to a certain extent, but the Academy I work for decided to go 1-1 with iPads 2 years ago. I had two choices, leave or learn - I decided to stay and get on with it. It's been a steep learning curve, but if you actually start researching and looking into it, the iPad is a very usable device and isn't as limited as some would have you believe, it's just a case of finding the right way of using them, the right tools for managing them and getting used to their little quirks. Like any system, the more you learn about it, the more you discover you can do with it.

    Mike.



SHARE:
+ Post New Thread

Similar Threads

  1. [iPad] iPad 2 - Mass App Delivery Problems - Primary School Use - HELP
    By KrisTech in forum Netbooks, PDA and Phones
    Replies: 11
    Last Post: 9th January 2014, 12:31 PM
  2. [iPad] Looking for Secondary Schools using iPads
    By Drapec in forum Netbooks, PDA and Phones
    Replies: 18
    Last Post: 10th May 2013, 02:57 PM
  3. [iPad] Using Apple Configurator to lock down iPAD and only install Google Chrome
    By kennysarmy in forum Netbooks, PDA and Phones
    Replies: 6
    Last Post: 6th December 2012, 02:59 PM
  4. [iPad] Adhoc Classroom network - ipads and macbook osx 10.6
    By stopa003 in forum Netbooks, PDA and Phones
    Replies: 0
    Last Post: 2nd November 2012, 12:41 AM
  5. Skype. Which schools use it and why
    By Dos_Box in forum General Chat
    Replies: 40
    Last Post: 22nd March 2011, 09:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •