The Benefits of a Managed Macintosh Environment in the Enterprise

The Benefits of a Managed Macintosh Environment in the Enterprisewith the Casper Suite from JAMF Software

Revision Date: 8/20/08

JAMF Software White Paper This page intentionally left blank

JAMF Software White Paper

Legal

Information in this document including URL and other Internet Web site references is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of JAMF Software.

JAMF Software may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from JAMF Software, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2007 JAMF Software LLC. All rights reserved.

JAMF Software, Composer, and Recon are trademarks of JAMF Software LLC in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

JAMF Software White Paper This page intentionally left blank

JAMF Software White Paper

Table of Contents

Summary of Benefits

IT Challenges

Business Challenges

Client Management Solutions for IT Managers

Lowered Costs

Client Management in the Macintosh Environment

Return on Investment of the Casper Suite: A Case Study

The Casper Suite – An Overview

Recon and The Recon Suite

Composer

Casper Admin

Casper

JAMF Software Server – JSS

CasperVNC

Training and Support

Purchasing

Casper Suite Summary

1

2

3

4

5

6

7

11

15

17

19

20

23

25

26

28

Back Cover

1 JAMF Software White Paper

Summary of Benefits

While Apple computers in the enterprise have long been unmanaged, many organizations are beginning to recognize the need to bring their Macs into a managed state. Faced with larger populations of Macs and greater pressure from end users, organization management, and auditors, IT managers are faced with the challenge of finding a client management solution for the Macintosh platform.

End users are now demanding a more pro-active, invisible approach to support for their Macs to increase their uptime and improve their overall experience. IT management is charged with making sure that the investment the organization has made into Apple hardware is maximized by seamless support. Every machine should work every day. Using client management software enables IT to provide remote, automated, pro-active support that improves the end user experience and minimizes down time.

Organizations are now making the same demands of Mac IT managers as they do of those managing computers on other platforms, including accountability, planning, and security. No longer are the Macs living on the fringes of the organization. Client management software for the Macintosh platform can bring first class support to Macs while reducing liability for the organization by providing an inventory of hardware and software, managing user privileges, and increasing security. Remote, automated support also significantly reduces the organization’s cost for support by increasing efficiency dramatically.

The Casper Suite is the one suite of client management software developed exclusively for the Macintosh platform. As such, it offers a native solution that provides great breadth and depth of functionality for IT managers including inventory, package building, image management, remote imaging, remote updates, management and a powerful framework for automated support.

In the following pages, the challenges of IT and modern organizations are explored in more detail, followed by how the Casper Suite addresses these challenges.

2JAMF Software White Paper

IT Challenges

The Enterprise IT department is responsible for managing end user computers from the loading dock to the recycler. Along the way, the machines go through several phases of management: new machine deployment, software updates, new software distribution, and issue resolution. All the while, user and company data must be protected and secure, the company must know the status of all hardware and software, and the end user must experience minimal disruption.

Like any piece of business infrastructure, IT hardware, software and staff exist solely to support and enable the core business of the organization. The business of a school is education, not technology. The business of an ad agency is innovative ideas, not technology. IT is at its best when it is invisible to the end user. This goal drives IT professionals to seek solutions to client management challenges that enable them to support the end user with minimal inconvenience and loss of production to the company’s business.

In order to ensure that the IT department is managing every phase of the machine life cycle, it is helpful to break down each phase into tasks that a typical IT department performs. One way or another, this work is getting done, whether by hand, scripts, software, or, most often, a combination of approaches.

....................................

....................................New Software Distribution

....................................

....................................Issue Resolution

..............................

..............................Protect user data

backup user data

....................................

....................................New machine deployment

create image

apply image

configure settings & printers

move user data

user request

automatednotification

d itrackingand

assignment

....................................

....................................Software Updating

convert updatersto .pkg

download .pkginstallers

distribute .pkgto computer

convert installersto .pkg

distribute .pkgto computer

observe/control

re-image

modify settings

run utilities

hardware repair

update software


Business Challenges

The business of an IT department and of technological assets presents distinct challenges to managers and technologists. The manager is not concerned with the details of how to push a package to a client machine. Instead, the manager is responsible for bringing projects in on time and under budget, maintaining legal compliance for software licensing, ensuring the backup and security of company data, budgeting for new hardware and software purchases, and staffing the IT department to provide ‘invisible’ support.

To make sound business decisions, IT managers and company financial officers rely on sound data from the technologists in the field. If the tech staff is using a variety of ad hoc solutions to manage client machines, retrieving this data may be a project all by itself. This approach may leave the business at risk when software audits or purchasing decisions inevitably come around.

v

Have we tested updates?

How do we ensurebackup?

What are our notification criteria?

Are we under warranty?

Who has which rights?

How many copies do we need?Does image meet client needs?

Do we haveenough licenses?

What software does not comply with our standards?

..................................Business Continuity

..................................

..................................Compliance

..................................

..................................Purchasing

..................................


Client Management Solutions for IT Managers

Moving a large number of machines into a managed client environment is an undertaking that results in several positive outcomes for IT management. The overall goal is better IT service and support for lower costs. However, defining “better IT service and support” and “lower costs” is the subject of endless study and debate. Most managers agree upon a few aspects of these ideals.

Better IT service and support means focusing staff on minimizing machine downtime and maximizing productivity.

A managed client environment achieves this goal through automation and remote control, allowing staff to move from a reactive to a pro-active approach. Automation of repetitive tasks frees up the IT staff for planning, implementation, projects, and time with end users. Remote control of client machines allows system administrators to quickly resolve most problems without a trip to the desktop. The option of quickly reimaging machines, while preserving user data, returns machines to a known good state in less time than most problem diagnosis.

Better IT service and support means managing software licenses efficiently and accurately.

Managers are all too familiar with questions of compliance in the modern business, with regulations like Sarbanes-Oxley requiring detailed, accurate reporting of software licenses. Setting an organizational standard for software and versions so that users can share files, or simply purchasing new licenses, can turn into a spreadsheet challenge if the environment is not managed. Technologists are diverted from support and repurposed to gather information about existing assets. Automated, detailed inventory reporting in the managed environment keeps IT resources tasked to organization business, reduces liability, prevents overspending, and maintains software versions across the organization. See the “JAMF Software Study of Sarbanes-Oxley Compliance and the Casper Suite” for more information.

““Making Macsfirst class citizens in the enterprise.


Lowered costs

Evaluating the cost savings associated with the managed client environment can be tricky because of the traditional separation of the various aspects of IT: Hardware, software, and staff are all major cost centers and organizational budgets may be separated along these lines. Client management software affects cost savings in all three aspects of IT, as well as providing peace of mind regarding data backups, legal compliance, and security issues.

Cost savings for staffing

Client management solutions are incomplete without the ability to provide support from a remote location. The amount of time saved by remote resolution drastically increases the number of end user incidents that can be resolved by a single technician in one day. Automation of tasks such as inventory, new machine deployment, software updates, new software distribution, and incident notification allow the IT department to support a greater number of machines with fewer staff. See the “MDC Partners Casper Suite ROI Study” for more information.

Cost savings for software and hardware

Hardware and software purchases represent a significant investment for any organization. Complete and accurate inventories can be used to plan purchases and allocation of software licenses. The efficient allocation of organization resources prevents overspending to ensure license compliance or duplication of spending because company assets are lost or untracked.

More Support,Existing Staff

From a cost center to a corporate resource.


For years, conventional wisdom has kept Macintosh computers out of the large scale enterprise environment except for a few creative industries. However, according to Computerworld magazine, Apple is making inroads into larger organizations and Macintosh machines are becoming more common in the enterprise. This trend may be attributed to security concerns with Windows PCs, the popularity of Apple’s consumer products, and the advent of the Intel chip in Macs (Seth Weintraub, “Why Apple’s ‘consumer’ Macs are enterprise-worthy” Computerworld.com, March 9, 2007).

Both enterprises switching to the Macintosh platform and organizations that have been using Macs for a long time are now looking at client management solutions. Sarbanes-Oxley compliance and manufacturers’ audits drive some organizations toward client management. Tight budgets and the need for greater operational efficiencies drive others, while others look to expand user bases without expanding the IT staff. Client management solutions available for the Macintosh platform may be cross platform hybrids or utilities that address only a part of the client life cycle. Only one product, the Casper Suite from JAMF Software™, provides a comprehensive client management solution that is developed exclusively for the Macintosh enterprise.

Using a native Macintosh solution such as the Casper Suite allows IT to use a tool that has been developed for Apple hardware and the Macintosh Operating System (OS). This means that there are no issues of compatibility with Apple machines and no need for non-Macintosh hardware or servers. Technically, it also means that the Casper Suite treads lightly on client machines: No agents or applications are installed on the client machine.

Even so, the Casper Suite is a powerful toolset, providing great breadth and depth of management functionality. The Casper Suite is designed by engineers who work with Macintosh hardware and software. JAMF Software™ developers value the intuitive ease and beauty of Apple products and work to translate those values into the Casper Suite. Managing Macs with the Casper Suite combines all the benefits of a powerful client management tool with an elegant user experience.

Client Management in the Macintosh Environment

7

Return on Investment of the Casper Suite: A Case Study

8

Introduction:

MDC Partners is a portfolio of best-in-class marketing

communications companies whose strategic and

innovative solutions lead the marketing industry, attract

the finest talent, and achieve outstanding results for

clients.

We are a publicly traded company with compliance

requirements driven by Sarbanes-Oxley and our clients.

Because of the computing platform widely used in our

industry, many organizations have difficulties executing

controls systematically that enforce their IT and

corporate policies.

The Casper Suite of products has allowed us to define

and efficiently implement controls through a centrally

managed set of tools. The tool set has allowed us to

focus our efforts on growing the organization through

effective use of IT and not requiring our resources to

spend their time on maintenance.

Currently several of our partner firms are using the

Casper Suite and many more are in various stages of

evaluating, acquiring and deploying the tools.

Cost Savings:

Automation tools are widely used so administrators can

focus their efforts on tasks that benefit the organization

far more than the utilitarian functions that often

consume their time. Return on investment for

administrative and management tools is a function of

efficiency and time savings directly driven by labor cost.

The more efficiently people work, the more productive

they are, therefore less people are required to support

the organization.

The time for tasks, such as provisioning a computer, is

significantly reduced by the ability to create a standard

image by class of user and push out that image to new

machines or to devices that need to be re-deployed. The

process of configuring a machine manually used to be

approximately 4 hours per machine. Utilizing the Casper

Suite, the same process is now performed in about 15

minutes.

Printers are constantly changing across the organizations.

They are replaced due to age, wear and tear, and

upgraded for better print quality and performance. The

process of provisioning printers on the network is an

extremely time and labor intensive process. Without the

use of tools to automate the process, an administrator

would typically have to go to every workstation or laptop

and manually configure the devices. More experienced

administrators can write scripts to install the printers, but

the execution of the script would require manual

intervention by the end users. With the use of the Casper

Suite, we can now deploy the devices to user computers,

without visiting the machines, from a central server in

the organization, thus allowing lower level system

administrators to distribute and install printers on

hundreds of workstations in approximately 15 minutes.

Additionally, the Casper Suite allows for the creation of

user groups that allow administrators to even further

increase their efficiency by only deploying resources such

as printers to the workstations that require them.

Remote deployment of applications to the user

community greatly reduces the need for support

individuals to visit each desktop when upgrading or

installing new applications. Additionally, the deployment

can be defined to user groups which help to manage the

inventory of licenses distributed. The Casper Suite

allows us to create packages that can be distributed

systematically for any application from any vendor.

The Casper Suite brings enterprise level management

tools to the Apple platform. For a long time Windows

administrators have been able to define and enforce

policies on users machines from a central location. The

Casper Suite brings many of these types of features to

the Apple platform. The ability to automatically discover,

remove and report on applications installed by end users

is critical to any organization. These applications, fonts

etc… pose a serious security risk to organizations as well

as a financial liability.

There is a significant amount of savings when using the

Casper Suite to create and enforce security policies.

Significant savings are seen when end users are prevented

from performing actions that would increase the need

for support. Functions like application blacklisting,

automated software updates, and automated e-mail

notifications ensure users workstations are current with

patches and fixes as well as ensuring they do not change

configurations or install unauthorized software that can

pose a threat to the machine and the other workstations

on the network.

JAMF Software - Casper SuiteReturn on Investment Analysis

9

(In

Ho

urs)

Per M

ach

ine

Per M

ach

ine

Year 2

fo

rw

ard

Befo

re C

asp

er

Aft

er C

asp

er

Tim

e S

avin

gs

Do

llar S

avin

gs

An

nu

al

Savin

gs

An

nu

al

Savin

gs

Ho

urs t

o d

ep

loy n

ew

MA

C4.0

0.5

3.5

$87.50

$87.50

$0.00

Ho

urs t

o r

oll

ou

t p

atc

h a

nd

/o

r p

rin

ter m

ain

ten

an

ce

0.5

0.1

0.4

$10.00

$100.00

$120.00

Ho

urs p

erfo

rm

ing

preven

tati

ve m

ain

ten

an

ce p

er m

on

th1.0

0.3

0.8

$18.75

$225.00

$225.00

Esti

mate

d s

avin

gs d

ue t

o s

ecu

rit

y p

oli

cy e

nfo

rcem

en

t0.5

0.1

0.4

$10.00

$120.00

$120.00

Ho

urs t

o i

nven

tory I

T a

ssets

an

d r

ela

ted

SW

0.5

0.1

0.4

$10.00

$120.00

$120.00

To

tal

Savin

gs

$136.2

5$652.5

0$585.0

0

Co

st/

mach

ine y

ear 1

*$118.00

$18.00

Retu

rn i

n e

fficie

ncy -

d

oll

ars

per

mach

ine

$534.50

$567.00

Co

st

savin

gs f

or o

rg

an

izati

on

based

on

50 m

ach

ines

$26,7

25.0

0$28,3

50.0

0

Base

d o

n s

urv

eys

perf

orm

ed

acro

ss o

ur

part

ner

firm

s cu

rren

tly u

sin

g t

he C

asp

er

Su

ite t

he

foll

ow

ing

rep

rese

nts

tim

e s

avin

gs

for

typ

ical

task

s p

erf

orm

ed

by I

T s

up

po

rt p

ers

on

nel.

*No

te: C

ost

/m

ach

ine

dep

ends

on

th

e num

ber

of

mac

hin

es m

anag

ed w

ith

th

e C

asp

er S

uit

e.

JAM

F S

oft

ware

- C

asp

er

Su

ite

Ret

urn

on

Inve

stm

ent

An

alys

is

This page intentionally left blank JAMF Software White Paper 10


An overview of the Casper Suite

The Casper Suite offers one set of tools to address all aspects of Macintosh client management including inventory, package building, configuration, image management, image deployment, remote updates, and scheduled maintenance. Since all these applications are fully integrated, there is no need to import or export data or to force diverse tools to work together. Because the architecture all flows through one central database, dynamic inventory information can be used in scheduled maintenance and packages are used for both imaging and updates, promoting efficiency and consistency. The simple user interface ensures that the Casper Suite is not reliant upon one devoted system administrator. The workload can be balanced, with privileges based upon the user’s role in the organization.

The Casper Client Management Suite - Overview


Inventory and asset management with Recon:

An organization’s hardware and software purchases represent a significant investment. Complete, accurate, and timely inventories are usually used to ensure compliance and facilitate planning. However, when the state school board or parent company requires a full software and hardware audit, those system administrators with Recon running inventory can rest easy. Departments with an unmanaged system may look forward to adding staff and putting other projects on hold to meet audit requirements. IT managers can run Recon on a customized schedule using the suite’s advanced reporting frameworks to create branded reports that are ready for review by management or auditors. Several standard templates are included in the suite that meet common requirements and customized reports can be created.

Package building with Composer:

When software is purchased from manufacturers it usually needs to be configured or customized to meet the requirements of the end users. Rather than doing this customization after installation as a post-fix, the use of packages and Casper Admin allows changes to be made prior to distribution so that the software arrives configured and ready for usage. This saves valuable engineering time as well as network bandwidth.

Approved packages on the JSS:

The JSS serves as the central repository for all the packages available across the organization, regardless of department or location. While file servers may be set up for load balancing, the JSS is the sole source for approved packages. That means that only software and updates that are approved by IT management are available to the client machines. This is an easy way to manage software versions, fonts, and utilities: If it’s not on the JSS, it can’t be installed with Casper. It’s that simple.

Computer imaging with Casper and Casper Admin:

When computers need to be deployed, the challenge is how to get standard applications and end user configurations on machines in the least amount of time, while maintaining consistency and accuracy. Casper’s modular approach to imaging makes configuring multiple images a breeze by building each configuration on a base image. The utilization of single OS or application packages used with multiple configurations means that identical components make up all the end user configurations. The system administrator puts the configurations together in Casper Admin, setting up parent and children images, and then pushes them out to the client machines.

Managing the Macintosh Life Cycle with the Casper Suite


With the pre-staging feature in the Casper Suite, IT can actually associate an image with a machine before it is even out of the box. When the end user plugs in the machine, it can be booted and configured by holding down one key on the keyboard. The machine goes direct from the loading dock to the end user’s desk with no layovers in IT.

Configuration and settings management with Casper and Casper Admin:

The ability to modify end user environments from a central location allows IT to respond to varying demands as rapidly as they arise. Configuration and settings management differs from remote deployment in that it modifies the existing user environment rather than adding or removing components. Settings include printers, security, and other user configurable options.

Computer updates with Casper and Casper Admin:

With the Casper Suite, machine imaging and updating are done with the same tool, ensuring consistency between new machines and those previously deployed. Since changes made to a parent configuration are inherited by all its children, updates are made once in a parent configuration and all associated child configurations are ready to go.

The suite also uses a policy-based approach to tasks that means that recurring rules can be enforced automatically without the intervention of IT staff. Distribution of any file type also allows companies to easily release new documents, such as HR forms, to their employees in addition to software and settings. Remote utilities can be run during off-hours to have a minimum impact on business, while keeping machines well serviced. With the self-healing feature, the Casper Suite checks for packages that have been broken or removed, then repairs or reinstalls the packages automatically. Automated, scheduled repair and maintenance is invisible support that reduces interruptions and incidents for the end user, while giving time back to IT staff.



Policy enforcement with Casper:

End users are often unaware of the implications of their actions when they install unlicensed software, download copyrighted materials, and use unlicensed fonts. This opens up potentially crippling liabilities for companies, schools, and other organizations. To prevent this, organizations write policies that govern computer and internet usage. However they often lack the tools to track and enforce compliance – until now. IT can create custom policies in Casper, reflecting the organization’s culture and governance, that kill, remove, or notify management when restricted material surfaces on client machines. This flexible, custom control puts management back in the driver’s seat.

Remote deployment with Casper:

Updating software, releasing new printers and documents, and applying security updates on all network computers is a time consuming task that needs to be done multiple times per year. Remote deployment solutions reduce the time this takes by automating the distribution. Deployment is scheduled on your timetable, based on your triggers. Schools can reconfigure labs overnight on the weekends or remote users can get updates after returning to a certain building. If you can write a business rule for your deployments, you can write a policy in the Casper Suite that meets your particular needs.

Remote control with CasperVNC:

CasperVNC allows technicians to control client machines remotely to provide issue resolution to machines in the next room or miles away. Remote control saves the organization time, staff, and budget by minimizing end user down time, IT travel time and expenses, and allowing each technician to resolve more incidents every day. CasperVNC is secure because it is encrypted and centrally authenticated.



RECON AND THE RECON SUITE

Recon is a client application that completes its inventory in 45 seconds. No more clipboards. No more hand cramps. This application gathers an accurate inventory of all network devices and computers, including Mac OS 9, Mac OS X, and Windows machines. Every application, font, plug-in, peripheral, and device on the network is documented and communicated to the JAMF Software Server (JSS). It also logs MAC addresses, serial numbers, purchasing information, and allows IT to associate employees with computers by entering a small amount of personal data.

In a larger environment, Active Directory or Open Directory can be used to help associate personal information with computers. If the organization is struggling with unauthorized software, Recon will find it in any directory on the computer. Recon uses no computer or network resources until it delivers information to the JSS based on the schedule created by the IT department. After delivering its information, Recon sits dormant until the next execution time, sparing the CPU from background processors and the network unnecessary traffic. This robust inventory capability delivers both the big picture and the granular detail needed to inform IT and business decisions. As the piece that lays the groundwork for a managed environment, Recon is an integral part of the Casper Suite.


New reporting framework and built-in PDF reports

License management and reporting

Network discovery and self-updating based on subnet (Mac OS only)

Greater scalability

RECON AND THE RECON SUITE

The Recon Suite is also available as an independent application for organizations grappling with inventory and asset management challenges. The Recon Suite includes Recon and the JSS and is an effective introduction to the world of client management, solving immediate problems while providing a framework for additional functionalities of life cycle management in the future. The Recon Suite works cross platform, reporting on both Macintosh and Windows machines and building a comprehensive database of all these assets.

Casper uses a MySQL database, just one of the many industry standards in the Casper Suite. Custom scripts can be run against the database at any point for easy export to third party systems or in-house applications.

Inventory covers Mac OS 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows NT4, 2000/2003 Professional, XP, and Vista. Machines running any other OS, such as Solaris or RedHat, can be added to the database manually for asset tracking purposes.

Inventory scans of both hardware and software can be automated. Recon uses SSH to perform remote scans of hardware and software. If SSH is not enabled on the client machines, Composer will create a deployable ‘QuickAdd’ package for you that will run an inventory scan and that can enable SSH.

The Recon Suite is broadly scalable, working across 10 to 100,000 client workstations.

The Recon Suite has built in reporting that can be exported to a number of PDF reports, csv, tab delimited, XML or custom HTML files that can include your company logo.

The ReCoN SuITe: an independent, cross

platform inventory solution for your entire

network

Features in 5.0

Requirements

Mac OS: 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows: NT4, 2000/2003

Professional, XP, Vista


Step 1: The Before Snapshot

Composer takes a before snapshot of a computer’s existing directory structure.

Step 2: Install, Configure, and Take the After Snapshot

After you install and configure new software and remove the updaters, Composer will scan the directory structure and find all changes and modifications. These changes are automatically bundled up for you.

COMPOSER

Composer is the package creation utility in the Casper Suite. Composer allows you to point-and-click your way through the package creation process in four simple steps. Composer allows you to create both .PKG and .DMG style packages.


COMPOSER

Composer uses a snapshot system for packaging. This makes it easy to build a package without needing to know the exact location or names of files that are installed. Whether your installer is a .pkg, .mpkg, .dmg, or VISE, Composer can capture them all.

Packages can be saved in either the .dmg or .pkg format. When a package is saved to the .dmg format, user preferences can be pushed to the user templates and any existing users on the client machine

Many packages can be built automatically if a certain set of software is detected. This reduces time spent on the packaging process and improves the accuracy of your packages.

Composer can be used as a troubleshooting tool. Do you need to know which files are affected by a certain preference change? Composer can capture any changes made in the Mac OS X interface and create a package based on the changes.

PACkAge BuILdINgStep 3: Validate

Before a package is final, Composer allows you to validate the contents. Using Composer’s built in interface or the Finder, you can view all modified directories to ensure that all proper files are in place and to confirm that any upgrade or temporary files are not in the package.

Step 4: Package Type

After verification, Composer will create a deployable package for you. Composer also comes with a feature called Convert Package that anticipates your need to make changes to existing packages. Rollout of a final package can be controlled and scheduled across your entire network or through location-specific servers using Casper Admin and Casper. No command line or fixing permissions is required.

In addition to being a robust application within the Casper Suite, Composer is available as a stand alone utility. See also a Composer demonstration at www.jamfsoftware.com/media/video.php

Requirements

Mac OS: 10.2, 10.3, 10.4, 10.5


CASPER ADMIN

Casper Admin simplifies building and updating standard configurations for you. Using the software packages created by Composer, Casper Admin associates them with workgroups. The configurations are then deployed using Casper.

Casper Admin is modular, allowing you to use one package for multiple groups. It also creates a user standard for software and eliminates the need to install and configure common packages multiple times. This increases the usability of a package by allowing it to be associated with as many workgroups as necessary without having to recreate the package. Casper Admin can assign different packages to different groups so that customized installs can be implemented based on differing job functions, shifts, or usage needs.

Because of this modular approach, it’s easy to update images in Casper Admin. For example, if an update is released to a piece of software, you can edit the original package using Composer and drop the updated package into Casper Admin. Using Casper, you can quickly deploy this update to remote computers that have the older version installed. At the same time, any new computers that are imaged also get the latest version of the software because the package is assigned to the workgroup.

Casper Admin reduces the amount of time and labor needed to support end users with disparate software needs and provides a more consistent and easier environment to manage.

Requirements

Mac OS: 10.2, 10.3, 10.4, 10.5

The modular based approach to images in the Casper Suite means that software titles can be packaged once and used in multiple configurations, eliminating repetitive work. It also means that images can be easily maintained by swapping out packages as needed through an easy drag and drop interface.

The parent-child relationship between configurations in Casper Admin makes it easy to manage similar images by putting all the common packages in the base configuration. The smart configurations made from the base configuration inherit all its packages. Additionally, when changes are made to the base, its children are automatically updated.

There is no need to maintain separated images for different hardware or OS types. Every package in Casper Admin has built in logic that can identify the machine processor and install the correct software. This same logic can also be used for software titles that require a specific version of Mac OSX or have other dependencies.

After a machine is imaged using Casper, the JSS can remember which configuration was used, including any custom changes made to the configuration. That way, the next time the machine is imaged, the Casper Suite remembers the exact configuration, removing the need for long memories or image management spreadsheets.

IMAge MANAgeMeNT


Casper can install OS upgrades. Using before and after scripts upon imaging, Casper can forklift user data to a separate location, image the OS partition, and restore any previous user data. This strategy makes the upgrade to the latest OS version a breeze for administrators while minimizing disruption to your users’ workflow.

Casper’s imaging can be fully automated and eliminates the need for post-fixes, providing the ability to image client machines in remote locations without human intervention.

Using a hidden partition, Casper allows imaging without a network connection so that mobile users can easily refresh a machine while out in the field.

IMAgINg

CASPER

Casper is the component that is used to image, update, and maintain existing Macintosh computers or set up new ones. Casper’s functionality means consistency between computers, whenever and wherever they’re deployed. Local or remote imaging is easy and packages can be pulled from local Mac OS X, Linux, Solaris, and/or Windows servers. You can schedule this activity across your network in the middle of the night, over the weekend, at login, or whatever works for your organization. Using Casper, you can reload a computer from scratch, remove unauthorized applications, perform preventative maintenance, and more.

Local Imaging

Network Startup devices can be used to individually image machines and is an effective imaging strategy. Casper can also cost-effectively deliver consistent first-images to all machines using a locally attached FireWire drive. Casper also gives you the flexibility to do more with your installs. Casper comes with options for installing configurations, such as erasing the disk, installing software, naming the computer, creating local user accounts, binding to Active Directory, specifying network settings, adding printers, and rebooting. Since all of these unique settings are established prior to imaging, there is very little post-fix work to be done.


CASPER

Remote updating

The most efficient way to update a deployed machine is to use Casper. Casper can push packages immediately or initiate a client side pull from a file share that has the computer’s required packages. The forced pull requires dramatically lower network usage than the standard push to end users’ machines. The file shares that Casper uses as a package source can be housed on Mac OS X, Linux, Solaris, and/or Windows computers. Since the only requirement for a package source is the support of AFP or SMB, an organization can have as many shares as needed to support multiple floors or locations.

Beyond standard package pushing and uninstalling, Casper has the ability to manage virtually every aspect of client computers. You can manage the mapped printers, local accounts, Active Directory bindings, add or remove items from users’ docks, and run software updates from locally hosted SWU servers.

Pre-Staged Imaging

With the pre-staging feature, IT can actually associate a configuration with a machine before it is even out of the box. When the machine is plugged in, it can be booted and configured by pressing one button. The machine goes direct from the loading dock to the end user’s desk with no layovers in IT.

Casper can both push and pull. Whether you are performing remote administration or sitting directly at the client machine, software can be installed to meet your users’ needs.

Casper can remove older versions of software. To uninstall software, simply create a package in Composer and Casper will know which files to uninstall.

Casper will restart downloading after interruption using the self-healing feature. Using Casper’s policy framework, clients will continue to run tasks until all tasks in a policy have been completed.

Casper can work across subnets, whether clients are located in he next room or across the country. Using file servers at remote locations, clients in the remote location will look first to local file servers to minimize communication over the WAN. If the local file server becomes overloaded, the clients will automatically fall over to a secondary filer server.

ReMoTe dePLoyMeNT


CASPER

Remote utilities

Supporting machines that are frequently imaged and updated becomes easier because troubleshooting utilities can be run remotely.

These actions can be run manually or on an automated schedule:

Update inventory • Fix permissions • Change administrator password • Search for any file • Search for any file type • Delete any file • Kill any active process running in memory • Run any UNIX command as Root • Flush caches•

Self-healing packages

Pre-stage imaging for mass deployments

Network discovery and self-updating based on subnet

Greater scalability

Features in 5.0

Requirements

Mac OS: 10.2, 10.3, 10.4, 10.5


JAMF SOFTWARE SERVER – JSS

The JSS is the web-enabled database that accepts and organizes all of the information from the other components of the Casper Suite. Unlike many utilities used in client management, the Casper Suite revolves around this centralized server. One common repository allows you to track all necessary information, monitor usage, and perform administrative tasks and support functions across multiple locations.

The JSS Web Server

Because the JSS is a web server running on your intranet, it allows users on Macintosh, Solaris, Linux and Windows platforms to access its functionality. Communication with the JSS is secure using industry standard SSL encryption.

The JSS allows you to remotely track:

End user information • Purchasing, warranty, and vendor information • Hardware details • Software versions and base installs • Asset tags with bar code support•


Performing Administrative Tasks

The convenience of the JSS makes administrative tasks easier. you can:

Create users. This allows you to assign different levels of control to • different users in your IT department.

Create departments. Set up functional workgroups within your • organization.

Create buildings. Create logical names for your sites. • Manage peripherals. Add, delete, and modify peripherals supported • within your organization.

Manage file servers. Add additional locations in order to pull • packages.

Manage LDAP servers. Add, delete, and edit LDAP servers to get user • and group information.

Bind your Active Directory information with the JSS. •

Create policies. Policies allow you to perform all of the remote management tasks that Casper can perform automatically. This allows you to manage all of your client computers from any web browser.

Multiple Locations, one JSS

The information passed between client machines and the JSS are small XML transactions that enable data to be passed quickly over great distances. The Casper Suite also takes advantage of file shares to pass its packages to client machines. This division of labor means environments can have their configurations stored in one place while files are distributed from share points on local subnets.

JAMF SOFTWARE SERVER – JSS

Greater scalability

New improved look and feel of the JSS

Features in 5.0

Requirements

Mac OS: 10.3 or 10.4, 10.5 Server Also; Windows: NT4, 2000, XP, 2003 Server, Red Hat, SUSE, Solaris

The JSS will retry for machines that are off of the network. The JSS keeps a log of tasks that have run on a group of machines and those that have not run an assigned set of work. If the client is not on the network when a policy runs, the task will be attempted the next time it is on the network.

The Casper Suite will replace software that the end user deletes. Using the self-healing feature, the Suite can compare a list of software that is currently installed against a list of known software the machine should have and automatically restore it to a known good state.

The Casper Suite can install files for later activation. When pushing packages using Casper, you have the option to store the packages to a cached location on the client to be installed later.

The Casper Suite distributes the server load across multiple servers.

The Casper Suite does not require programming or scripting. All functions of the Casper Suite can be managed using a combination of the web interface and GUI client applications. Casper’s entire policy engine can be managed through the web interface, thus allowing easy management from any machine that has a web browser, including Internet Explorer, Safari, or Firefox.

Policies can be cached offline. Routine tasks such as flushing cashes, fixing permissions, or installing cached software packages can be run without a network connection.

PoLICy eNFoRCeMeNT


CASPERVNC

Assisting end users is more convenient through the use of CasperVNC. This tool allows you to observe and control a managed desktop using your keyboard and mouse. This works well for certain kinds of training, providing immediate assistance to end users, and troubleshooting. The down time associated with having to get to a user’s office is gone. If you have traveling staff or users, they no longer have to wait until they get back to the office to receive support. As travel costs increase and efficiency becomes more important, CasperVNC can lower expenses immediately.

CasperVNC is also a secure way to accomplish remote control of client machines because there is not an agent listening for an inbound connection. Administrators with the proper credentials must initiate the session, which then starts VNC through SSH. When the problem is solved and the administrator is finished, quitting the VNC session kills the application on the client side and the entire transaction is logged in the database. Now you know who controlled which machine at what time and from which IP address.

Security, documentation, and accountability are built in to the CasperVNC.

See the JAMF Software Security Presentation at www.jamfsoftware.com/media/video.php

Requirements

Mac OS: 10.2, 10.3, 10.4, 10.5

CasperVNC tunnels connections through SSH. The VNC server is launched on demand when trying to control or observe a remote client. This minimizes the possibility of a security threat through the VNC port on client machines.

Every connection and all remote control, including VNC, are logged centrally in a database.

Every connection is centrally authenticated to the JSS or directory service.

CASPeR VNC SeCuRITy


TRAINING AND SUPPORT

JAMF Software’s commitment to staff developmentAcquiring software is only half the challenge: Implementation is where real change happens. JAMF Software and its integration partners deliver initial installations, training, and certification, as well as other professional development services, to ensure that you get the most out of your investment. If you don’t have time to do it yourself, we also deliver specific projects, including inventory, imaging, and package building, using the Casper Suite toolset. JAMF Software is about solutions, as well as writing code.

JumpStart

This onsite visit introduces the Casper Suite to your environment and gets it up and running correctly. Working with your IT staff, Certified Casper Administrators from JAMF Software or our approved integrators will install your JSS, inventory a subset of your computers, and create packages. The JumpStart lasts three to five days and may also include other tasks that solve your immediate problems, depending on your organizational needs.

At the end of the JumpStart Program, you will better understand how to resolve the business challenges facing your network by using the tools within the Casper Suite.

CCA – Certified Casper Administrator

The CCA course is intended for individuals who have existing Casper Suite installations that they want to improve. This 4-day course is a hands-on series of exercises where system administrators increase their proficiency through problem resolution using the Casper Suite. This is a great opportunity to strengthen current skills, connect with the JAMF peer community, and get the most out of the Casper Suite.

Imaging. Package Building. Inventory. We can do it for you.

Ask us about our project delivery programs.


TRAINING AND SUPPORT

Annual Support Agreements (ASA)

The ASA entitles users to new versions or product updates, and includes phone and email technical support. We encourage customers to contact us for assistance and support. Our goal is to provide a high level of customer service, with a four-hour response time to support requests whenever possible. The ASA also includes product documentation, including a librarian indexed, searchable pdf, and access to the product List Serve and related mailing list archives.

Support Mailing Lists

Current administrators share ideas and thoughts regarding their installations using the JAMF Software Support Mailing Lists. Occasionally, problems that are encountered at one institution have been resolved by another and answers are shared through this peer network. There is no charge to join the list, and there are no requirements that you be a customer or prospective customer before being granted access.


PURCHASING

JAMF Software provides several ways for organizations to step into a managed client environment. From a stand-alone packaging utility to the full Casper Suite, organizations can address the challenges they have today with the appropriate applications. JAMF Software is focused on solving the problems of customers. The versatile framework of the Casper Suite allows an organization to use our toolset creatively to create custom policies and solutions. The JAMF Software development cycle is responsive to client feature requests, and we have tried to provide applications that speak to your needs, projects, and requirements.

Composer

If you just need a better package building utility, Composer fits the bill. Easy, flexible, and fast, Composer allows you to build packages that make imaging and updating more efficient than ever before.

The Recon Suite

If you are facing a Macintosh or cross platform audit, or want to build and maintain a centralized hardware and software database, the Recon Suite is a good fit. Some organizations need to do a detailed, accurate inventory before they can even start thinking about overall client management. Because IT assets come in all shapes and sizes, Recon works cross platform, compiling a complete inventory of your Windows and Macintosh machines, software, and peripherals. The Recon Suite is the first step toward a no-surprises environment. When you are ready, you can always step up to the full Casper Suite.

The Casper Suite

Our most robust collection of software, the Casper Suite is for those organizations that are ready for an integrated client management system, where inventory talks to updates, packages talk to imaging, and updates talk to imaging. Once an organization installs and runs the client network with this approach, they rarely go back. Automated life cycle management is simply the most efficient, accurate, and complete method of taking care of a large number of machines. Casper Suite is the only complete client management solution developed exclusively for the Macintosh platform.

Inventory. Image. Update. Maintain.


COST STRUCTURE

Pricing for the Casper Suite and the Recon Suite is calculated per client machine. The per seat price includes the installation of one JSS, with as many file share (child) servers as the organization requires.

discounts

Discounts on the per seat price are applied for volume purchases.

Annual Support Agreement (ASA)

The cost of either suite from JAMF Software also includes the ASA, which is calculated at 18% of the purchase price. Annual maintenance is mandatory and entitles the customer to all product updates for a year, plus free email and phone support from JAMF Product Specialists. Annual maintenance is due every year on the anniversary of the date of purchase. Every year, the customer runs a count of it is managed client machines and trues up the seat count for the upcoming year.

Serving education

JAMF Software is a proud supporter of K-12 and higher education. JAMF Software knows that educators must manage large organizations on tight budgets. Though moving these large client bases to a managed environment will save significant budget all by itself, the initial purchase price can be difficult for some schools. With that in mind, JAMF Software provides purchase discounts to these organizations to enable them to realize the savings and benefits of moving to a managed environment.

Higher education receives a 30% discount off the commercial per seat price. The ASA is calculated at 18% of the actual purchase price.

K-12 educators participate in JAMF Software’s ‘straight to maintenance’ program. This means that the per seat purchase price is discounted 100% and the school system is responsible only for the ASA, calculated at 18% of the commercial purchase price. K-12 technical departments can manage their networks with a predictable, annual budget item. Where school systems are implementing or managing one-to-one programs, this can mean the difference between adding staff or performing better support with existing staff.

Please contact JAMF Software for details about pricing for your organization!

This page intentionally left blank JAMF Software White Paper 30

Casper Suite Summary

Component Function RequirementsLocal and remote installation of software; remote utilities Mac OS X

Organizes software packages and scripts Mac OS X

Allows for the remote viewing and control of managed desktop computers

Mac OS X

Package creation utility Mac OS X: 10.2, 10.3, 10.4, 10.5

Centralized hub through which all other applications interact; hosted web database

Mac OS X or 10.4 ServerWindows NT4, 2000, XP, Server 2003 Red Hat, SUSE, Solaris

Gathers inventory and asset information that is sent back to the JSS

Mac OS: 8.6, 9, Mac OS XWindows NT4, 2000/2003 Professional

JAMF Software1011 Washington Ave. SSuite 350Minneapolis, MN 55415

Contact [email protected]@jamfsoftware.com

MinneapolisNew YorkLos AngelesLondon

SupportSupport UK

(612) 605-6625(646) 416-6923(213) 291-8863020 7993 8364

(612) 216-1296020 3002 3907

Revision Date: 8/20/08

The Benefits of a Managed Macintosh Environment in the Enterprise

Documents

software updates

jamf software revision

organization management

new software distribution

client management challenges

image management

phases of management

automated support