Apple on the Enterprise level
 

I wanted to start a general discussion about implementing apple products on the enterprise level. This is somethng that microsoft is dominating the market in. I am not an elitist either way, but would like to learn if anyone here using any of the following, and how it is working out for them.

Open directory master server, OS X with tons of users authenticating

ACLs, group policies, user management, home directories, etc

Data storage, and RAID solutions Xsan, etc

Printing server, network printers, mass document printing

Mass email on the enterpirse level

Network security, NAT, routing, gateways, etc

If you are running a pure mac enviroment please let me know what you are doing, if you are running a mixed enviroment what exactly do your macs do for you, and how do you think it compares (in an unbiased as way possible:p )

thanks for your feed back in advance

I sure hope Apple never becomes a Micro$oft! :eek: http://forums.macosxhints.com/images/icons/icon13.gif

.
Now that’s an interesting topic! I know zilch about it, but look forward to reading more and repairing my ignorance.

Surely some of the IT professional on this Forum – and there appear to be a fair number – work with networks. I would think that at least some of these, such as in major advertising agencies, would be all Mac; and that there is lots of experience about mixed corporate networks.

don't know much about macs in enterprises myself but these sites might also be useful:

http://www.macenterprise.org/
http://www.apple.com/itpro/
http://www.apple.com/xsan/
http://www.apple.com/server/macosx/ (check links on the left side for more info on server capabilities).

All of this info is provided by people that work with apples and might not be objective. But macenterprise.org sounds alright (just had a very quick glance at it). Can't help you much more though. I'm quite curious about some more reactions here myself as well.

dav.

well for one, we run an enterprise level network at the school district I work for. We have a huge network that spans over three cities, and has over 52 buildings connected to it. We have at least one, if not multiple servers in each building. We have lots of enterprise solutions for print servers, NDS to authenticate users push home directories, we use zen to push out applications and utilties to our users as well as policy, we have about a 7% mac population out of over 10,000 computers. The macs are pretty much just clients, on their own network and they print via LDP and IP and they just have a few xservs running RAID for data storage. However, they aren't really part of the solution and they dont manage anything other than user data for our specialty labs. We have a small render farm that the G5s connect to for our computer animation lab, and that is probably the most high tech solution we have. Only one school is lucky enough to have the render farm though.

I was hoping someone could perhaps add some things that they use. I was reading about XSAN the other night studying for my tiger server cert, and it seems like a very expensive solution compared to others.

update
 

so I was reading further on this, and found this interesting

http://macenterprise.org/content/view/222/77/

however, there seems to be a lack of content. I know about tons of mac enterprise level solutions, I just don't really know anybody who uses them other than simply binding to AD for authentication and home directories, which makes it pointless IMHO. Considering AD is way more robust with permissions/policies/groups than just mapping home directories.

I really hope apple steps it up a notch, because I want to see them succeed and make the market more competitive, making the vendors produce better products due to more competition.

Anyways....discuss!

I think Apple is ready for the enterprise market...it's IT Management that isn't ready for the Macs. A few of the companies I've worked for have been bitter Microsoft opponents so there was no Microsoft presence in the backend. Things worked great. I do think the Exchange calendar system (from a PC) is the best I've used to date. I just wished it performed equally on the Mac.

At my current company it's a very MS-centric environment. Macs are getting better at integrating into the network. We don't use networked logins becuase the Mac "engineering" team feels it'd cause more problems that it solves.

Printing is handled via AppleTalk directly to the printers, with the exception of the Fiery boxes and HP plotters. The HP plotters give us a ton of problems. Basically they print 12-hours a day for six days a week...so they get worked.

We don't have wireless for a slew of reasons...

Cool, thanks for sharing. We just change our wireless solution over to a company called trapeze ( http://www.trapezenetworks.com/ ). So far all of our notebooks can connect to the wifi no problems (mac notebooks that is). Previously, we had 3COM, and those just kind of sucked all around to be honest. We only have it up in a few schools right now testing it, and we have juice boxes running power over ethernet to all the APs in the schools. So far it seems to be working nicely.

We also have digital class rooms with LCD panasonic projectors. These projectors actually have 802.11x cards in them, and machines can connect to them wirelessly for control and technically stream video, however we run analog video cables to the projectors anyways. We also got some new bluetooth tablets called Airliners. They allow intsructors to walk around the room and control their PC via BlueTooth. These devices work on both the mac and windows platforms. They come with a tablet, a pen, and a mouse. They are pretty cool actually.

We use iprint (novell) for our print servers and man it is a really nice web based product. I can print to any printer in the whole school district city wide over the internet the only problem is the support for macs is not really that great.

We don't exactly run an enterprise level service from the xserve's we have but its getting there.

We run a network of about 300 users country wide using 2 xserves and 4 xraid units. this is about to expand by 2 more xserve's (when the intel ones come out)

Currently we run mail web shared folders and backup data for all the users as well as DNS.

When 10.5 is released we will most likely include calendar services too.
As OS X Server get more advanced we use more and more of its features.
The people who run the company are pretty much against the way Microsoft charge for licenses, and are big fans of the Apple Servers and all thing open source. This is a pretty big step for the industry they are in which here in South Africa is pretty un-dynamic when it comes to technology and not doing what everyone else in the pack is doing.
They are one of the top 10 Medical Insurance companies here.

I manage a few mixed environments, and am just reaching the level of Mac penetration where I need better ways to manage them. Right now, I don't know how to do it, in an Active Directory environment. The AD isn't going to go away, so the Macs need to somehow integrate. There's an add-on product I'm going to check out, but it's expensive.

I feel that soon we will change as well. It looks like to me that Novell is pretty much changing their goals. I am sure that Netware is almost a thing of the past, especially since Novell bought out SUSE Linux, and if you actually look what they have done to it. Novell has really done some great things with Linux.

They now offer enterprise desktop and server in SuSE. WIth that being said, I think eventually all our netware servers will go away. Most likely to Linux is what it looks like with a few win2k3 (or whatever MS version is out at the time) servers.

We have a few xserves and a few RAIDs but they are used in specialty labs, and not really a solution to the whole network.

to ressurrect an old thread here...........

Okay so vista is now released and so is the forth coming of some of the new MS server products. I am going to some MS training in two weeks for IT managment, IT Professional, vista deployment, the new exchange server training, office 2007 deployment, etc.

Basically its a giant sales pitch MS does, and I am sure several of you here have been to their road show training events.

With that being said and with vista the mess that it is I think Apple now has the opportunity to act and gain some enterprise level sales. OS X Server definitely needs revamps all around, and there needs to be more models available to the consumer. They need to have a Core 2 Duo desktop that is NOT an all in one machine.

Just to bring up another point of why they should do this, we run novell/NDS here and Vista pretty much broke everything that novell had to offer us, so we now have to wait for everything to catch up before we can even start to think of deploying vista. With that being said, and Novell pretty much is at the point of just dropping netware completely and going with Linux that leaves a decent percentage of Enterprise level networks (mainly in education and goverment) that use Netware/Novell that perhaps may be looking for a new way to migrate into a new solution.

Novell's main problem is that they do not offer any smooth painless way to migrate from netware to Linux. To be fair, no one really offers a painless way to migrate.

However, I think if apple could come up with a way to migrate like lets say an AD/NDS network into their own this would be the time to do it.

Elements of an Enterprise-level, Apple "Switch Strategy"?
 

What you’re basically suggesting is that Apple offer a carefully considered "Switch" strategy, with appropriate high-power tools, to prospective enterprise-level customers?

Is that right?

1.) Could you detail what that Switch Strategy would have to comprise?
2.) And the ideal Switch Tools for the job?

Go ahead, it may be dreaming, but I would really like to see you paint some details of that picture. :cool:

Best regards,
ArcticStones

The local hospital near my place was running a full windows setup for 3000+ users and machines, until they had one crash - which for a hospital setup is one too many, at a loss rate of $570,000 an hour downtime. They are currently in the process of switching to Mac servers i believe, i'll post back once i have more details.

Wow! Is that getting appropriate press coverage?
I can see the headline: :eek:

Macs to cure virus-infected hospital

I guess they can’t exactly add the cost of computer downtime onto their patients’ itemised bills...
.

Well, this is of course my opinion based off my experience.....There are things apple should do to make it easier to enter the enterprise level.

1) Apple needs to make a mid range desktop. A Mac Pro for most users is over kill. Not everyone needs dual xeon processors and 6 gigs of ram. Apple needs to make a Core 2 Duo basic mid tower computer that has a lot of customization options (storage, video, peripherals etc). That way a company could buy in bulk for its users. At my work we have 55 buildings now spanning over 3 cities, 34,000 users, 10,000 computers and only like a 3 to 4% mac population out of all of that. A lot of people do not want to buy All-In-One machines like the iMac and the mac mini is not really upgradeable. If they had a mid range basic barebone tower, which was competitvely priced it couldn't do them any harm. they also need to make these desktops easy to work on. put the logic boards on trays that pull out, access panels to everything, trays or rails that hold drives, easy access powersupplies. You know, to make it easier on the companies IT staff, and for minimal down time. I replaced a HD in a powerbook yesterday out of warranty. It took me about 6 hours to replace it, reload the OS and add all that users apps. Normally, I would have used an image, but this user had a custom set up.

2. Easy migration or Organization tool. Novell came out with eDirectory, which in a way is a very genious product. eDirectory basically can be placed over any existing network, on any platform (unix, windows, Linux, mac) and it can organize and help network everything. of course it is not as simple as it sounds. Apple needs to make either built in support for AD/NDS networks, or come up with a technology that is similiar to eDirectory. Something on the back end they can just lay over the whole entire network. Since Macs are based off of x86 technology they already have the hardware compatibility of a PC now, they just need to develope for it. This could even start out as an open source project and wouldn't cost apple that much in overhead in the begining. Basically Novell did a lot for modern networking and a lot of companies ripped off novell's product and made it better. Novell's downfall is that they didn't improve their product at a rate their competitors did. Like if you could have an Xserve running OS X Server OD master mirror an MS AD network or something like that. There has to be a way to integrate that kind of stuff. I am sure that there are intulectual property problems and other legal matters that may make this process hard...

I think those two things would be the first step in making Apple a MAJOR competitor in the Enterprise world of business

It's called the iMac. For most users, the only upgrading it will ever need (before being replaced by a new Mac in 4 or 5 years) is extra RAM.
I think this is one of the areas where most IT departments fail miserably. The implication is that Apple needs to do things the PC way, when the reverse is true. It's the Apple way that has resulted in relatively secure, hassle free computing, not the PC (also the IT) way. Until businesses recognize that the user experience is more important to their bottom line than placating their IT departments, this argument will continue to keep Apple out of the enterprise, no matter what Apple does, short of selling Windows boxes.

I'm not saying there aren't things that Apple could/should do to improve management of a large number of networked Macs. I'm just saying that it is an overused excuse, and it isn't a legitimate reason to lock them out.

The iMac is not the answer. This is why

1) All in one machines are not ideal. You could cut costs by making an iMac in a mid tower with no LCD built in. That way when your replacement cycle comes up to replace the work stations, you can save money by not having to buy a new monitor. Of course this will also drive the cost down of replacing computers because you aren't buying a new LCD every time you buy a new system.

2) Repair. Downtime is a factor, a big factor. I have been Apple certified for some years now and Apple's service/self maintainer end is very nice. You get parts next day air, and their web based service system is easy to use and works on any platform, ie no buggy ass active x application to deal with. The down side is, the iMac is not really that easy to repair compared to a buisness class desktop. It takes me litterally 10 minutes to exchange a motherboard out of our HP business class desktops, flash the bios, and run the naming app to rename the computer. Taking apart an iMac takes a lot longer. Having a desktop mid tower C2D system, which is spec'd like an imac would be more ideal. this also gives the orginization the ability to cut costs. Things like video cards, optical audio, etc would be options that the business/orginization could configure. Why pay for optical audio if you don't need it? Why pay for a mid ranged ATI Radeon video card, when a cheaper one would suffice? Enterprise level things look at dollar cost just as much as functionality. That is why sometimes the cheaper solution gets put in, and well if you work IT you know what I am talking about. It can suck sometimes.

I disagree and I think you misunderstood what I am saying. First off, I hate vista, and am no fan boy of any OS or platform. I have my problems with OS X, Linux, Windows, etc. I have no favorite OS. I think they all have their flaws and they all annoy me in one way or another. When I was referring to eDirectory and what they did, does not reflect what you are saying. Their product works over existing networks, on all platforms. It may not be the best, but it works and it is very secure. Basically it puts what they call a container over whatever domain network you are running and allows you to organize it through console 1, zen, etc. These tools work with existing platforms.

I was suggesting Apple take the same approach. I am not saying they need to change their platform, but make it more available, more compatible, easier to integrate.

Also, MS does do some things right. Exchange, AD are all good technologies.

I also disagree with your statement about IT departments fail to realize these things. If migrating from an existing windows 2k3 AD/Exchange enviroment to the Apple platform was easy and inexpensive maybe a lot of people would switch. The fact of the matter is, migrating to anything isn't easy. We still run netware at my work because it really isn't easy to migrate to anything else. it is not an overnight process. It is a long, drawn out process of testing and making sure things work before you go live with anything. AD and OS X boxes are a mess right now, just ask any admin on this forum who has to deal with it. Lucky for me we run NDS/LDAP so its not as bad. However, next replacement cycle of servers we go through we have a chance of changing the platform we run since Novell is Linux based now and Netware is kind of at end of life at the moment. If it were an easy process to Migrate we would probably do it a lot sooner.

It is of my opinion that Apple really doesn't want to get into the Enterprise level of things. I think their only buisness demographic they go for, is the small business. They spend a lot more time and money marketing their products towards the consumer (as in end user) and not towards business.

Maybe not for everybody, but for most, it's fine.

Yes, it can, and that's what I'm talking about. The idea that the cheaper box is the better buy is just silly, and an IT department that makes that assumption is starting off as a failure.

The fact is, the iMac is often the better buy, as is demonstrated by small busiesses and consumers, neither of which has an IT department to keep a system running. I do agree that the iMac could be (and future versions likely will be) easier to repair, but it isn't about the cost of working on the hardware. The idea behind the Mac is to reduce support costs by reducing support calls, not the amount of time it takes to replace a part.

Then it's up to their developers and not Apple to make them work just as well with the Mac.

Who needs to be more compatible? The Mac can read/write to PC disks, use SMB, etc. but what has Microsoft done to integrate with other operating systems? Half the time, Windows doesn't even work well with other versions of itself!

Migrating from 68K to PowerPC wasn't bad. Neither was the transition from PowerPC to Intel. The difference is, those didn't involve Microsoft.

Yes, it is a mess. What I take issue with is blaming Apple for it. AD is a Microsoft product. If it doesn't work well with other platforms, it IS Microsoft's fault!

Of course they don't market to large businesses! Who could blame them? They know that they've got an uphill battle in the enterprise that has nothing to do with their products or services.

Okay, we can get a business class HP destkop, 17" LCD with keyboard/mouse/speakers on board gigabit nic, 2 optical drives 1 of which is a lightscribe DVDRW, 1gig of RAM, PCI-E expansion slots with an AMD64 processor for under 1,000 dollars. Comes standard with a 3 year warranty, and is easy to repair. Down time in minimal. If a part dies, I can order it and get it next day go to location and fix it in a matter of minutes. The cost of hardware is a big deal. Apple charges like 300 dollars for logic boards on G4 iMacs right now, we are talking about a machine that is old. I just replaced a 700Mhz G4 iMac logic board this week. I had no choice because that building is not due to have replacement computers for one more year, so either I had to repair it or they had to lose it. So, I repaired it.

That is why apple can't compete, and that is why the iMac is not the answer. A regular mid tower desktop would be easier and cheaper to mass produce over an iMac. Also, I am sorry but you are wrong cost does become a huge factor and it is looked at. If we are going to order 2500 comptuers and can save 100 dollars per a unit at really no feature or benefit loss, then we will probably do it.

Also, just like every other enterprise the IT department usually isn't in charge of the money. I have no purchasing power at all. The only thing I get to do, is put in my input when asked about said technology.

I disagree here as well. there are third party products that integrate a mac os x network very well with NDS, but its like over $10,000 USD for an unlimited license of this software. Why couldn't apple just develope their own plug in? Which is probably why MS just bought out $350 million dollars of technology from Novell, so they could natively add support for this in there. MS knows Netware is at end of life and they are probably planning on making a nice Migration tool from NDS to AD environment.

[quote]Migrating from 68K to PowerPC wasn't bad. Neither was the transition from PowerPC to Intel. The difference is, those didn't involve Microsoft.[/quote

sorry for the confusion on this one, I was speaking of OS platforms. Migrating from a previous version of netware to a new one is very easy and simple. Migrating from a previous version of MS server is somewhat painless, but it does have its issues. Migrating from OS X 10.1 to 10.4 is for the most part not that bad.

Migrating from NDS to AD, a pain. Migrating from Netware to Linux, a huge pain. Migrating from Windows to Unix/Linux huge pain. That is what I meant.
That being said...
[qutoe]Yes, it is a mess. What I take issue with is blaming Apple for it. AD is a Microsoft product. If it doesn't work well with other platforms, it IS Microsoft's fault![/qutoe]

To quote Carlos again (like the third time I have quoted him this month) AD isn't going to disappear anywhere and it works fine for the windows environment. So there is no need to change or make a huge mess out of migrating, unless apple has some way of making it not such a huge pain in everyone's ass. Talk to Yellow about getting macs to work with AD and I am sure he can tell you it plain sucks. Pointing out who's fault it is, is not going to make any difference. AD is an established product and is everywhere. Apple needs to make itself play nicely with it because no one wants to restructure an entire enterprise network. Any Sr. network engineer is going to tell you know if it requires that much, and I wouldn't blame them. The downtime alone would be annoying enough.

You are totally right, but I am talking about bigger scale networks with SANs, Print servers, redundancy DNS and back up solutions, extensive permissions and policies being pushed out, virtual LANs, DHCP servers, massive email, corporate calendars, data recovery (novell can salvage files you deleted its very nice) etc. OS X really doesn't offer any kind of solution for this stuff now. I have played with the admin tools and an Open Directory master server with Tiger server to learn it, and you can do some stuff but the windows and novell side is just more robust of what you can do.

If you could push out policy from a windows server to mac clients I could see some companies switching over to the mac platform.

.
Tom, this is immensely interesting watching from the sidelines.
Quite an a-ha experience, really...

One key question... You said:

"It is of my opinion that Apple really doesn't want to get into the Enterprise level of things."

Why do you believe Apple is making this choice? So far...

-- ArcticStones

Yes, cost is always a factor, but I'm talking about all costs, not just hardware repairs. How many billions of dollars do companies lose every year due to Windows insecurities?

This is a chicken or the egg issue. If IT departments hadn't locked out the Mac, many (all?) of these things would be in place. If they let Macs back in, these things would rapidly appear. Instead, they use things like print servers (LOL, why would anyone need a print server in the 21st century?) as an excuse to keep the Mac out! It's too hypocritical for me.

Probably because windows and active directory are vastly embeded in the enterprise environment already. There is also that saying, "If it ain't broke, don't fix it." I am no marketing genius either and Jobs has boosted Apple's sales with things like the iPod and the ITMS. The iPhone will be its next big cash cow and it seems like they are becoming more of a consumer level company. You don't see commercials advertising their xserves, and you don't hear of companies running a whole Apple platform enterprise solution. All of this makes me kind of think apple is targeting the consumers because its easier to get a hold of that market.

This is a great point, and you are 100% correct and I agree with you totally. I have a friend who is a network admin for a company that owns a call center. This call center is not a telemarketing one, its a debts claim center. You know people who call you about debt and try to get you on a payment plan or they start to garnish your wages? Ya that kind of call center. Its a complete windows enironment with a Unix back end running some sort of terminal service, WYSE or whatever, I am not sure. Data is backed up every few hours multiple times, and even picked up by guys in suits a couple times a day. This is because their data is litterally worth millions upon millions of dollars. He also has to do an offsite back up, where he sends data over fiber to a different location. Here is my point on this one, the best kind of security is layered. There are many things you can do to make a windows server secure, and there are many things you can do on other levels of the network to ensure security. Fireboxes, NAT, routers, managed switches etc. Its not like a windows server's only defense is itself. Then you must encourage strong passwords for users, and things like that security comes in many layers. If you read any Mitnick books he talks about it a lot. Also training an employee is key also. If someone doesn't know to log out when their done, or to do a task a certain way they also leave vulnerabilities. Social engineering is a big one these days, and that doesn't even involve technology.

So, the best kind of security is layered. We have a huge windows environment and to be honest rarely get any viruses or spyware. Sure it happens but its not as bad as you people think. We have a spam filer, some hardware firewalls, secured routers, managed switches, windows servers and netware servers and we have never had a full crash that was our or the OSes fault. In fact the only complete system crash we ever had was SBCs fault because they cut their own fiber line and it took down our whole network. That was a physical disconnection, lol, and somehow they managed to cut both the primary and the secondary token ring of fiber around the city. Ya I was totally impressed that they pulled that off.

Well OS X did not come out until 2001, and Apple didn't even sell servers until I want to say 2003, but let me look it up real quick...I was wrong, it was 2002. Here go some references.

http://en.wikipedia.org/wiki/Xserve

http://en.wikipedia.org/wiki/Apple_Network_Server

Also, iPrint from Novell is a super sweet product. Its a web based front end print server. So lets say I work for a company that has three global locations, one in London, One in New York and One over in Tokyo, and they are all globally networked. I can send print jobs to any printer over my global network. Of course you could always email the document, but whatever. iPrint also pushes out drives to the clients. All I have to do is launch my web browser and simply click on the printer I want to install and walk away, the rest is done for me. You can also set permissions, only department X can print to these 3 pritners, etc. Print servers are nice. We also are looking into using RIP servers for auto cad labs doing huge print jobs to our massively sized plotters.

Then again, Apple will do what they want. Like I said I am not into marketing at all. I do not own or run a company (though I am self employed for my second job) so I really am no expert on what Apple should do. This is just my opinion being an IT worker is all.

Yes, but Macs have been around since 1984. They've been essentially locked out of the Fortune 500 since day one. The point is, nobody develops a product for which there is no demand, including Apple. What needs to happen is that Apple needs to see some significant Mac purchases from large corporations. If that happens, the software will follow quickly.

One day somebody in another building (miles away) asked me what our fax number was, because she was going to send me a copy of something. I asked her why she didn't just print to the printer in my office. She thought for a moment and said, sure! The document came out of the printer a few seconds later.

That was in 1994, and she was printing from a Mac to an HP laser printer over the company network. No print server. No problem. It's hard to believe that 13 years later, she would honestly need a server to do the same thing.

Yes but a print server can handle 1000s of print jobs, a printer alone can not. That is the need for a print server.

Apple has made multiple attempts, they have multiple server products over the years, they just all failed. Now with the success of OS X they have a chance. The enterprise level isn't going to change what is already working and go with apple and just hope they come up with something better. If Apple wants in that market they will have to provide the product first, end of story. Apple may not ever do that, who knows.

It isn't the printer alone, each Mac handles a portion, and printers rarely handle 1000s of print jobs.

Yes, they have made multiple attempts, and each of them taught Apple that there was a bias against them in the enterprise that couldn't be overcome by quality or marketing. The Xserve is a great example. They've provided an excellent product that most IT departments refuse to acknowledge.

when you are managing 10,000+ users and like lets say 150 printers total, you want a print server, they serve their purpose.

As I was reading and thinking about a response, I realized it's been well covered. The AD and repairability points are very high on my list also. The repairability isn't a huge issue for me because of a good personal relationship at the local Apple store, but that doesn't scale to the enterprise level.

Active Directory has a lot of good reasons for existing in the enterprise, and there is NO replacement for Exchange yet. I hear people argue that point but have never been shown any product anywhere near it. And you can't deploy Exchange without AD.

That's less than 70 users per printer, and from the businesses I've been in, there would likely be more printers. There might be one or two departments that printed so much that they need a server, but I doubt there would be more. If there were, they would be wasting a lot of paper. Somebody should be teaching them to print to pdf.

Nobody's saying there's a replacement, or even that is doesn't serve a purpose. What I'm saying is that a secondary and illegitimate purpose is to help Microsoft lock other platforms out of the enterprise. That's wrong on many levels, and IT departments have no business doing it.

If your computer can't play nice with the existing infrastructure, go away. Simple as that. It's not only my business, but my responsibility.

Then we agree that Windows must go!

Kerio comes closer than one might think. It doesn't have the 3rd party add-ons that Exchange does, but I consider that a plus, as I've seen Exchange get destabilized by those more than once. And of course, no CALs.

http://www.kerio.com/kms_home.html

I'll have to check that out for a project we're doing right now. The cost of Exchange isn't quite justified, though a couple features beyond "just mail" would be nice. We've been trying to install Zimbra but with little success. Also Zimbra requires Suse or Redhat for its enterprise/supported product, and we hate working with RHEL and variants.

Kerio and Zimbra do have some Exchange-like features for smaller companies, but there are still many things Exchange does above and beyond, particularly for large or scattered enterprises. I'll definitely give it a shot, right now in fact.

we could use something like this to intergrate our Macs, but we have 33,000 users in our orginization. Now, not all of them would use a mac, so I guess we may get away with ordering one client per a mac machine, but at the same time that really starts to hurt our expandibility.

http://www.prosofteng.com/products/netware_client_x.php

Look how expensive that gets. Plus who knows if Apple ever makes a mid tower desktop that is competively priced we may see more in there.

The repair aspect is a huge deal when it comes down to productivity. Time lost = money lost. I have been working with Macs professionaly since 1999, so its easy for me to go right in and take apart almost any apple product with out using service manuals or anything, but at the same time I have lots of expereince working with them. This is also how I landed the job, back in 1999 our apple guy quit. My boss tossed a couple of performa macs on my work bench and told me I was going to learn how to fix them. Then I became a mac tech like right after that. Half the techs I worked with didn't want to touch them either. An easy to repair machine would look better to an enterprise. Also, most business class machines come standard with a three year warranty, perhaps apple could do the same.

As for print servers, they do more than just share the printer they also remotely manage them. Things like killing print jobs, rebooting the printer, running remote diagnostics, logging errors, remote supplies check, etc. They are more valuable than you think and have more functions over just sharing printers on a network.

Also, I am not sure of what all features you may need, but I do believe I read somewhere that Leopard Server will have improved calendar and mail features. I am not sure what exactly you all implement with exchange, but it does look like Apple is starting to make a very small effort to do some of these things. Which makes me think their business solutions are still geared towards small business.

I think this demonstrates the crux of the dilema Apple faces in the enterprise. They can't count on people in IT being willing to support them without direct orders to do so, and yet the enterprise demands that it be treated differently than any of their other customers. I don't see why they'd do that, especially with Windows apparently ripping apart at the seems, and profit margins on enterprise hardware being so much lower than all of their other markets.

Yup, you are right on that account. I was never not willing to learn mac, but the mac people who were above me never wanted to teach anyone their knowledge either. They have always been scared for their job security. One example is this lady who used to be above me at my current job. She had been there before I was ever hired and was promoted into being the Mac Admin. When I started working there a couple years ago I was the only (and still am the only) employee that holds current certifications with Apple. She would not give me any passwords, she would not give me software she only asked my help if she was completely stuck on something and she made it clear that she was keeping these secrets from me. I am not by any means trying to sound arrogant here, but I did know a lot more than her, and she knew that. It works both ways, and it can be simply summed up as people are just dumb and scared of things they shouldn't be. Her and I bumped heads a few times because she wanted me to do hardware level repairs on all the macs (which she couldn't do herself) but didn't want to give me any kind of OF password or admin log in to run diagnostics. At one point I just gave myself access to the machines and then cleared my tracks when i was gone. She eventually found out about it months down the road and complained. My bosses knew she did not know as much as me and they knew how difficult she was to deal with. So, they told me just to lay off for a bit and then go back to what I was doing. I think management at this point forced her to give me access to certain things so I could properly do my job. The fact is when you are that specialized you tend to feel threatened when anyone else has the same knowledge and capabilities as you do. Plus management likes that whole warranty reimbrusement check each month from Apple, Gateway, and HP I get for doing warranty work. Don't get me started on our Cisco guy, he is SUPER secretive.

IT workers like that also kill the platform. I got lucky because my first IT manager was a mac guru. When everyone else had PCs he had the very first model G3 B&W tower. He took the time to show me the differences of the mac platform. After working with him for a short period I went out and got certified and have renewed it every year since then.

Over the years I have probably repaired around 10,000 macs under warranty by now. For 6 years I worked for a sales/service company that did retail/business sales and had a full on service department that would do warranty repair, custom builds, OEM installs, etc. We were an Apple, HP, MS, Sony, etc reseller. So we were also an AASP. Almost all the businesses around us that had macs but no Mac IT guy they came to us for repairs. I did repairs for a couple of school districts and a community college, a law firm, and a few small businesses because they didn't have an IT guy, or their IT guy didn't know macs. So, not a day went by where I did not have at least one if not several Macs to fix (yes macs break down!). They do take longer to fix and are sometimes a bit harder to diganose over PCs. Mainly because their parts are so expensive you can't afford to stock test parts, which makes diagnostics really easy. I was the only Apple certified tech at this AASP for several years, so there are miles of paper work for macs and my name at my old company.

So, yes there are probably a shortage of people who know mac in the IT world compared to other platforms. I consider myself more of a jack of all traits and a master of none, or a master of integration. I work with all platforms and get them to work together nicely (thats the hard part). So having the idea that people need to accept apple for what it is, is probably not going to make a difference. Everyone's infrastructure is already there and in place, if Apple wants to make it into this market they will have to provide a product that is good enough to make people want to switch. Migrating to the Apple platform won't be easy and it won't come over night, and I think they should start where I stated last. Have a mid tower core 2 duo desktop that is fairly market priced and not an all-in-one, and start implementing a way for macs to play nice with existing networks.

I agree that a mid tower would help them get into the enterprise, but I just don't think it would be worth it to them. I think that some of the attitudes in IT that you've described need to change before they could think about taking the risk.

Remember that a lower-end mid tower would be much less profitable than their current systems at the same time that it would require more capital for the extended warranty alone. The fact is that small business and consumers drive more innovation than big business, so getting into the enterprise could be a drain on Apple's creativity that might hurt them more than the increase in market share would help them. It is after all, their innovation that sets them apart from PC box assemblers. As a consumer, I actually like the idea that whatever I buy from them today might be replaced by something better next month because it means that they're constantly pushing things forward. I can't see the enterprise being happy with that. In fact, aren't they always complaining that Apple won't provide them with a 2 or 3 year road map?

They could easily make a creative mid tower C2D mac. Apple has no problem being creative the problem they have is making their product desireable by everyone else. The lack of ability to put macs in existing environments is what is holding them back.

They wouldn't lose money either. A lot of enterprise level companies buy 1000s of computers at a time, I think it would boost their sales.

And Microsoft doesn't make it difficult for their competitors to coexist by making Windows-only products like Active-X, and for that matter, Active Directory?

Sure, Apple has no problem being creative now, but what happens when the bulk of their attention is focussed on the enterprise

They certainly would boost their sales, but what would the cost be? How creative could they be if they had to stick to some arbitrary 2, 3, or 5 year plan that satisfied the accountants at XYZ Inc.?

Apple makes a special iMac for education, why not a special business model?

Now that's retarded. I'll be happy to give you any Cisco knowledge I have, and no matter what, it would take you years to catch up. It took me many years and a crash course working for an ISP to get here. It's that cryptic. If you know Cisco, share freely, there's no threat. If you barely have a CCNP and grasp of the IOS, well, maybe then you have a legit fear.

Your implication is that they made AD to be difficult, but at the time they were creating security models to support things like Exchange there were no other suitable choices. And while AD can be a real beast if you blow it up (always due to errors in my experience), it's very robust and easy to work with considering the incredible complexity.

Craig, Kerio was a great tip! I have it running on a VMware machine (all my new deployments are VMware based now), and took no effort. I'll just transfer it off my MacBook onto a production server when I visit the client. It's impressive. For a smaller enterprise it seems just as good as Exchange.

Funny aside: I often configure and demo servers on my laptop now. I tell the client to connect and run through things. They can't believe I'm running Windows servers on my MacBook. Then I just copy the VMware file to a production machine and it continues working.

Because education doesn't require multiple year roadmaps, and because education isn't infamous for an anti Apple bias.

I meant to imply that after the way they developed ActiveX and the way they've treated their own Plays For Sure partners, not to mention the way they've abused their OS monopoly in the past, it doesn't make sense to give them the benefit of the doubt with AD or anything else, now or in the future.

To be honest with you, education is different nowadays. We have some very state of the art technology in our Highschools. I set up a render farm this fall so the students could render animations over a network, output their frames to a linux samba share, then import those frames into final cut studio on the G5s and edit and do post on their project. They added music and voice over as well. I was actually impressed a 16 year old kid was doing this type of stuff. We run a mixed platform there, 50 PCs running autodesk suite (viz, auto cad, inventor, etc) and about 4 or 5 mac desktops and a whole laptop cart filled with power books. So I made a linux server since it was cheap and cross platform. It has worked nicely and the instructor actually emailed me their final project. The top 10 students each designed a building and then took all their buildings and put them together into one city. Then animated a camera through the whole thing, added in textures and backgrounds, and then edited it and did post production on it. These are kids in high school doing this now.

Our maya lab is all G5 dual 2.5s w/ 2gig of ram, they all have quadro render cards, run on their own VLAN and have about $500K worth of render boxes on the network. Each box contains 32 processors, and all rendering is sent over fiber to the box and back. It is quite impressive that teenagers get to use this type of technology.

I also did all the image (software) deployment for the Autodesk auto cad suite. Each suite consisting of like 35+ CDs, and they are all up to date real world applications engineering and design firms are using.

The Educational iMac is kind of a joke, it has no optical drive so you are forced to image over the network, which right now isn't the greatest thing with the mac platform. Netbooting takes FOREVER on the mac client side, and the server runs so chunky it takes a while to pull an image over. There is just too much overhead going on from it running in the cool looking mac graphical mode. This is Apple's doing as far as I can tell. Though, the multi casting capabilities we have not tried yet and will do so over the summer. It takes like 30 minutes to pull down a 9 gig image over the network with OS X server. On my DRBL box I built I was pulling 6 gig images over the network in about 7 minutes. However, DRBL runs more like a terminal service, with no gui and so there is less packets being sent and less bandwidth and resources being used. It is also an All-in-One machine. Which is nice and all but like I said earlier. Right now we are getting HP buisness class desktops which consist of

2Ghz AMD 64 processor
1GIG DDR400 RAM
80 SATA HD
CD/DVD ROM
DVDRW - lightscribe
Built in USB2.0/FW
Some PCI-E ATI Radeon card (can't remember which one, but its upgradeable)
Gigabit ethernet
17" 1280x1024 native resolution LCD monitor
3yr Waranty - standard
Speaker bar

All of this for under $1,000 each. Next replacement cycle we can keep all the 17" LCD monitors and order only towers if we are able to and save even more money.

To be honest with you education is run like big business now. The school district I work for has buildings in three cities, servers in every building, running an enterprise level network, and is constantly expanding. So we are getting lots and lots of money since the city I work for has a big part of it that is undeveloped at the moment.

So compare all that to the educational imac and I laugh, its not worth it.

And how many PCs are netbooting? It seems to me that this may indeed be run like a 'business' with the Macs set up to netboot and the PCs running off their faster hard drives. It would certainly make the Macs look like dogs in comparison.

Everything netboots, the Macs run slower its as simple as that.

I've never run netbooting, but have recently discovered interesting anomalies in network speed between different Macs, specific switch brands, and Windows/Linux machines. Curious...what brand/model of switches do they connect to?

all the head end rooms run cisco switches, there are some mini consumer (linksys) 5 port switches here and there through out the buildings, however they are few and far between. They are just used to add data drops in rooms we don't want to run new cable from the patch panel. We have spanning tree and port fast enabled, and they are set up for multicasting, at least that is what I am told since I do not personally configure the cisco stuff.

The model I can't remember

Given the enormous size of Windows code compared to OS X code and the greater need for RAM on a Windows box just to run it, I'd put money on the problem being that the network is set up to favor Windows. I know some people here like them, but for me, Linksys is suspect right off the bat. I've never had a good experience with their tech support. Cisco seems to love to over complicate things, and while it's been a while since I had to deal with them, they didn't seem to have any interest in doing things the Mac way at the time. If you toss in a PC centric tech configuring the switches, it's almost a surprise that the Macs are able to function at all!

Well PXE booting is a firmware level boot, and had nothing to do with OS because the OS hasn't taken over the boot strap process yet. The linksys mini switches I am referring to are few and far between. The backbone is cisco giga switches, and cisco 10/100 switches, managed and configured for our network.

I'm finding a serious performance issue with late model Macs and some of the linksys switches, and super-high performance with Dell switches (which I think are HPs rebranded).

okay just forget whatever I said about Linksys switches, like I said they are very few and far between. Most Macs are on their own VLAN on the cisco stuff.

Iif you had one Mac netbooting from an Xserve with no switch in between, and you had a PC netbooting from a Windows server with no switch in between, I find it very difficult to believe that the Mac wouldn't boot faster. If the Mac would boot faster, then there has to be something about the network setup that's strongly favoring the PC.

This is where it gets weird. See PXE booting just sends a request to the DHCP server to get an IP, once booted we can run our imaging app, or in the case of my DRBL box it actually boots a distro of linux based on knoppix and I can use clonezilla to image the windows clients. Like I said, its faster than the macs. Also when you turn netbooting on the os x server it broadcasts to the whole network which doesn't cause any problems as far as we can tell, but when you enable the image you want to pull it marks it as being owned by the system. Since it broadcasts everyone who is on a mac can browse to that netboot share and can read it. OS X server needs some polishing that is for sure. The netboot uses NFS so I know it can be faster. My DRBL box uses NFS and its way faster transfer rate. Though I think we might switch over to zen imaging sometime soon. That will be nice if we can get it working since it deploys things in packages. We will still use Netbooting on the mac side for the macs. Also my DRBL server is a measily P4 2.4ghz, 512mb of ram, gigabit ethernet. Compared to our G5 Xserve with RAID, my DRBL box is way lower spec and it images faster.

I am not quite sure how apple does their netbooting since they write their own firmware. The newer macs run off of EFI technology and I am not quite sure how that works either.

Also how is your example of not using swithces relevant? You have to have switches otherwise you have no network.

You're more familiar with your setup than I am, so I can't say what's going on with it. I am saying that if you eliminate the network as a factor, I think that the Mac should be faster. If you add the network back in and the Mac is slower, then there's something about the network causing problems for the Mac. Even switches can slow things down. I know I've seen things with Cisco switches that definitely favored the PC. That was about 5 years ago though, and I can't say how they are now.

Yeah, I'd try it once with no switch at all, and see what happens. My point about the Linksys switches was meant to be more general; that switches can affect different machines in different ways.

And Cisco owns Linksys, so there is a small possible corelation there.

It doesn't make any sense for people to develope networking hardware to make macs slower. Networking hardware is a seperate platform all together and is completely independent of any OS or hardware platform you find in a computer.

They both use the same protocol for file transfering, NFS, the switches do not recognize idividual platforms. It all runs over the same protocol and the same traffice goes over the same switches. I am pretty sure a switch can not tell the difference between mac or PC clients using NFS.

Even though cisco owns linksys they do not do anything with the hardware. Cisco wanted to tap into the consumer market so they bought out Linksys and slapped their name on it. Linksys is simply a cash cow for Cisco

True, but it does make sense that Cisco would optimize for the PC and not for the Mac. I know they did that for a long time. In fact, the last time I dealt with Cisco, that very issue came up. There were some things that Cisco did that actually slowed down the Mac (or made it more difficult to get the Mac on the network) while speeding up the PC. Again, that was in 2002, I don't remember the exact issue, and I don't know if they've gotten any better.

I can see this being true for things that may use an older protocol like Apple Talk, but NFS is used by pretty much every OS in existence and it is what OS X Tiger Server uses for netboot imaging. I really do not think it is the switch, unless it was configured in a way to do so. Since I do not have access to them and our cisco guy is in charge of that I will truly never know. I could ask him how they are configured but I am not sure I would even understand it fully since I am pretty much a cicso noob. I have configured a few switches in my day and a router here and there, but I just used wikipedia and google to accomplish it. I did just pick up some CCNA elearning software that I think I will peek at after I get a few other certs out of the way.

I know Apple Talk was an issue, but I think AFP over IP on a Cisco switch had some problems too. Nothing broke, but it didn't get the same speed. This might even been one area that the Linksys would provide better throughput, since it isn't managed. Anyway, my point was, if you can test it without the network and compare the results with it on the network, you may see significant differences.

Netboot uses NFS, not AFP and my other NFS netboot solutions (linux based) run better because I am almost 95% sure OS X Server needs an overhaul.

Even though the linksys mini switches are not managed they still support multi casting. I multicasted a 6 gig image to 25 HP laptops at once and imaged them all in approx 10 minutes. It uses the same protocol (NFS) as the mac side Netboot.

In fact, a Cisco switch probably sees OS X server as a Unix server, and other Unix solutions probably do not have this problem. A lot of it is, like I said earlier, the Linux side uses Knoppix to load a small gui front end over NFS for clonezilla to image windows boxes. OS X server uses Aqua for netboot gui and its slow and chunky.

Everything you said is true. However the fact remains that I have seen with my own eyes, and my own MacBook Pro, that there IS a large difference. Sense or not, like it or not, it's there. Simple as that. Now you can choose to do some testing and figure out what it might be doing in your own network, or live with it. I haven't had time to test in detail, but I can tell you that there is a huge difference.

As far as Cisco and Linksys, it goes deeper than what you said.

You can direct-connect to the server and see what happens.

If Cisco used a slightly different version of Appletalk than Apple's version, and they had a problem with Apple File Protocol of IP, then it seems possible, even likely, that their version NFS isn't entirely compatible with Apple's.

Like CAlvarez says, you can test it or not. I'm sure that properly configuring OS X Server is a good idea too. ;)

I will test it, and yes there are settings on cisco switches (I just found this out) to optimize pxe booting. Also, port fast can cause problems as well. I will try a direct connection netboot and see what happens.

Just to chime in real quick...

We generally use Symantec Ghost for PC imaging and NetBoot (NetRestore) for Mac imaging. I usually run my mass imaging sessions on both through a gigabit switch. The biggest and most important difference is that we use multicast for the PCs and Unicast for the Macs. However, off loading the image transfer to another server (usually via AFP) makes up a lot of time and keeps the imaging times similar considering the differing protocols.

Just my 2 cents...

Craig, I wanted to comment on Kerio--it's fantastic. I'm glad you made the recommendation. We've now deployed it for one client and for ourselves. It's a breeze to install, and as far as Entourage and mail are concerned, they see an Exchange server (for a fraction of the price). The management tools are great, and it's highly configurable but at the same time easy to configure.

I know i'm jumping in this late, but i think the main thing you guys are missing about a major fourtune 500 company switching to Macs is the enormous amount of software made specifically for windows that these companies have acquired over the years. I work for the IT division for one of those companies. Just to switch from Windows NT 4.1 to XP it took us 4 years to make sure all the software we used would work on XP. I bet it will be 3 to 4 years before we switch to Vista. Finding alternatives to all the software we use on OS X would take at least 5 years if a committment was made to switch. Now i know that Macs are great windows machines but not cost effective when you can get an hp that will get your work done for half the price of an iMac. I have a MBP for home with both os x and windows, but I only log onto windows when absolutely necessary because I grow tired of using the POS while at work. I would love to have a mac loaded with windows at work but i simply do not see it happening unless i become CIO one day. The way I see it is that apple will have to find a way for windows apps to work on os x without an emulator. I know that there were rumors of this for leopard but it does not look like that will come to fruition. That would be the only way apple will take over because sadly there is too much money invested in windows software and too many people in companies who would have to be retrained to us OS x.

I have to say that this is the lamest excuse used by IT types. First, the fact is that most of the custom Windows software used by companies is junk. It costs more to maintain and use than switching would, and switching would be an excellent opportunity to re-do it right! Second, no HP machine running Windows will do the work for less than a Mac. The extra security costs alone make the HP machine more expensive. When that security fails, and it does, then the real costs skyrocket. Third, requiring Macs to run Windows keeps the high cost of Windows issues, negating the advantages of using a Mac in the first place! Finally, as I've said in other threads, an IT person who can only support one platform is not a professional, and should expect to lose their job at any time. The switch to Macs is as good a time as any.

This has been discussed a lot actually and there are several options you can look at to remedy the application barrier.

1) There is almost always a mac version, open source version, or alternative app you can run
2) Macs can run windows both virtually and natively (most enterprise have site license so they can install windows on their macs)
3) Actually Licensing for Apple software is cheaper in many cases (saves money)
4) With things like crossover and darwine it is only a matter of time before they run windows applications natively

However, you and I both agree, there is no "smooth way" to migrate from an existing platform to a mac one. If that ever happens then maybe we will see Apple more in the enterprise level.

Okay, I am going to go out on a limb here and call you out on this one. I am guessing you are not in the IT world, nor have you worked in IT before. Supporting multiple platforms is a complete nightmare. I used to use SuSE Linux a lot back in version 6.5, then I skipped using versions 7 and 8 all together and went to version 9 when it came out. They had made so many changes and adapted other distro's technology that it was almost impossible for me to use. On top of that, most of the man pages are written in a sense where they are assuming you know a lot about Linux already so when I upgraded and did not know much about these new things like rug and such and tried using the old YUM i was used to in the older distros it didn't work anywhere near the same. Then I was like, wtf is rug? That is just one version of Linux, you take in account every major distro does this and it becomes a support nightmare. Debian does some retarded things with its distros.

Now take every major platform that is out there today. Unix, Linux, OS X, Windows, Citrix, Novell, etc and look at that from the same perspective. People specialize for a reason, because it is just too much to be a know it all in all the platforms. Then add Cisco in the mix, which is complicated on its own and you have all kinds of information to remember.

I have MS and Apple certs and enterprise level certs with HP, and I work with just about everything out there (*nix, OS X, windows, Novell, done a bit of wyse stuff, etc) and it is literally a support nightmare to take any existing platform and migrate another one into it, or even merge another platform into an existing one. There are tons of compatibility problems, tons of application barriers, networking issues, etc that all play into this. At this point it seems to me that you are just trying to argue and not even discuss this logically, therefore I am just done explaining my point. I think I have expressed my opinions enough in this thread that everyone gets the point and if anyone wishes to discuss things they have experienced when migrating Macintosh computers into an existing enterprise level network please share your thoughts.

Right now we are working on getting the macs to work with our LDAP servers, so they can authenticate via eDirectory. If I ever get a clean solution up I'll post it.

You're guessing incorrectly. I no longer work in IT, in part because I never like the attitude that pervades IT. Specifically, that the company exists for the benefit of the IT department, and not the other way around. I've seen this at US Surgical, Unilever, ING, Aetna, and at all three consulting firms I've worked for, so I don't think it was an aberration.

I know that supporting multiple platforms isn't easy, but that is the job! If everything were the same and just worked all the time, there wouldn't be a need for IT support.

It's a bit odd that somebody with MS and Apple certifications, who also works with Linux, would defend the prevailing IT attitude that it's okay to only support Windows. :eek:

Put it this way, tried zen imaging it was annoying to set up, tried DRBL and it wouldn't work with our existing set up, all I want now is just an enterprise license of Norton Ghost, because its easy and it freaking works. It is also ungodly expensive.

I am pretty ticked off at several Linux distros now for doing retarded things and not documenting it that well.

I have enterprise level certs with HP and to tell you the truth, as long as I never have to call them about anything or deal with warranty verification I like working with their products. Calling them makes me want to go on a 5 state killing spree, so I avoid that.

I just plain out hate gateway, and I hold some sort of certs with them (not sure their process and I never took a test they just qualified me).

My main point is that the reason we have a whole IT department is to have people who kind of specialize in one way or another. I am the only exception. I help out with lots of different things but at the same time, if I run into a problem with cisco hardware, or like something weird going on in edirectory or one of our win2k3 servers has some weird specific problem I typically get the person who is considered the "local expert" to work on it.

I agree with you that people should have a more diverse set of skills when it comes to this stuff but you can't expect everyone to know everything.

I don't expect them to know everything. I just think it's a capital offense for some one in the field to say "I only support Windows." To me, that demonstrates that far from knowing everything, they probably know nothing!


Hmmm, shall I say it? ...
CCC.

That would work, if you wanted to phsyically go to each machine and image off of an external drive, and then you have naming convention problems. On top of that, it would only work with our 6% mac population.

I want to push images out from a central location and netboot clients when out at location. I also want the ability to multi-cast

CCC does none of that

It was meant as a joke, sort of. I'm sure that CCC would do all of that if there were a demand for it. Unfortunately, IT likes to force the cart before the horse by requiring an available product before demonstrating a demand.

I was just saying at a complete switch to mac would take years because all the software the company already owns that we would have find alternatives for. Not to mention many of the end users have never used a mac and would have to be retrained. As for myself and my team, we support Unix, Linux, and Windows so you can't say that we only support one platform. I understand where you are coming from saying that the hp is more expensive when you have to spend money to make it secure but if you already have the infrastructure and software that make it secure than it is cheaper as far as the hardware goes.

But you never have all of the infrastructure to make it secure! In fact, it's never really secure, at least not as secure as a Mac. If you're using Windows, it's an ongoing battle that you're always going to be spending money on, either hardware, software, or employee time. Then there's the increased risk factor, and what that costs businesses running Windows is higher than what they spend on their infrastructure! A single breach in the right place can cost millions.

If you take your car to the dealer, chances are the mechanic there will tell you he only supports one brand.

All it means is that's what he's trained on.

And if I were to ask somebody at Microsoft what they're trained on, I wouldn't necessarily expect them to say Macintosh!

On the other hand, if I take my car to an independent repair shop (Which is what an IT department is!) then I don't care what they're trained on, they had better fix my car if they want my business.

An IT department is whatever the owner of the company says it is, not the users.

It isn't what the IT department says, either. In cases where it is, and there are far too many of them, the IT department has over stepped both its authority and its area of expertise. Since most of these companies are publicly traded, any IT department that does this is probably guilty of fraud. Unfortunately, this crime is low on the list of corporate misdeeds, so it goes unpunished.

1) Securing a network has nothing to do with macs or PCs, it has to do with routers and server products, switches, firewalls, fireboxes, spam filters, etc. Apple does not offer any good products, MS does, Cisco does, and a decent router can usually replace a server in some cases which is cheaper and lower maintenence, and a lot of times more secure.

2) It is in no way any IT department's fault for Apple's short comings on the enterprise level. If Apple made a kick ass enterprise solution some people would adapt to it. They don't, and from what it looks like they aren't even trying to tap into that market, see my tons of prevous posts for reasons in this thread.

3) Having your network infastructure in place actually already saves you money since you already have all your things in #1 I mentioned for your network. Adding mac clients really doesn't make it that much more secure and a lot of security flaws fall into the users not using secure passwords or staying logged in their account, or any other million things a user can do to mess up security. It is a factor that every IT person just takes into account. Apple does not offer anything better, and just saying it is more secure means nothing in the real world. Because if Apple were used more in enterprise levels and have a larger market share, you would start to see spammers, hackers, spyware, malware, etc start showing up for the mac. The fact remains that they are more secure because they aren't as widely used. Apple is not immune to making dumb choices and not leaving loop holes in their OS. Just read the technotes on the security updates from OS X. Apple has already documented everything they mess up on.

Have you seen Microsoft's Apple room? Where there are shelves and shelves of mac computers? Where their tech people and developers play with them to learn what they are about, so they can implement things into their OS to make them more compatible. Since windows 2000 MS has actually had apple talk support.

Also about costs, like I said earler, we get HP business class desktops with 17" flat panel monitor for under $1,000, which are similar specs to iMacs, and on top of all that come standard with a three year warranty. The machines take about 15 minutes to replace any part in them, so you can repair them fast and all parts arrive second day via UPS, overnight on server products. So, next replacement cycle if our LCD monitors are still good, we can cut costs even more by just upgrading the towers. Or if a major OS update comes out we can add new video cards and more ram to them and they work fine. With the iMac that is not possible.

Bottom line is, apple has no real great enterprise level solutions.

Well, Microsoft does have a section developing software for the Mac. In fact, they did a reasonably good job with Office. And they wouldn’t do such a thorough job of "borrowing" OSX ideas if they lacked people with in-depth Mac expertise! ;)

Your analogy seems flawed. And it points in a different direction.

First: Who is the "I" in your analogy? If it’s management, then yes. If it’s the user, then no. As Carlos makes clear.

Second: Many companies limit the number of makes and models in their car park for good reasons -- including limiting the expertise required of their mechanics, and to increase the efficiency of similar repairs.
Same thing holds true computers and the company’s IT department. Which of course may mean making a strategic decision not to deal with Macs at all! Or Windows PCs for that matter.

That simply isn't true. Most (not all) breaches require Microsoft software.

I didn't say it was. I'm saying it's IT's fault for trying to solve every problem with a Microsoft centered solution. When all you've got is a hammer, everything looks like a nail, and it is an IT department's fault if it has chosen to focus solely on one OS as a 'standard.'

Where do I begin??? With the security by obscurity myth, the blame the user mentality of myopic IT departments, or the fact that Apple has closed holes before they have been exploited, not after?



I said I wouldn't necessarily expect them to be trained on Macs. That many actually are puts Microsoft a step above the average IT department. Ow! It pains me to say that!


And as I said earlier, the HP is no bargain.

The "I" is the stock holder, who legitimately expects that the INFORMATION TECHNOLOGY Department (NOT the WINDOWS TECHNOLOGY Department) can and will integrate all forms of technology from mainframes down to cell phones and PDAs into the company's business. The stock holder does not care about the irrational desires of the IT Department. He/she cares that they efficiently serve the company, and there is no conceivable way that they can do that and only support Windows.

Gaining radar visibility -- and vulnerability
 

That is a very interesting assertion!
Malware has yet to compromise OSX 5 (or 7) years after its introduction. Yet we can talk about superior OS design and architecture until we’re blue in the face. Increased Mac penetration would definitely up the ante and make such security compromises much, much more likely -- even if I wouldn’t take it as a given.

For a hacker, compromising my company’s network is not particularly interesting. Hacking into Statoil, Kongsberg, Raufoss, Oslo University or Den norske Bank, is. It stands to reason where the efforts will be concentrated.

Not here in America. If it isn't a dealership, you'll see signs that read "Foreign and Domestic" at most repair shops. Even many dealerships advertise that they can repair other makes.

.
IT is an in-house shop, not an independent outfit.
My comments must be read in that light.

Here (and I suspect in the US) many companies select a few models and makes for their car park. Especially if they have in-house mechanics.

But the "in-house" IT department serves a publicly held corporation. If that department unilaterally chooses to limit its support to one platform but still claim to be an INFORMATION TECHNOLOGY Department, then it is lying to the company's stock holders and costing them money.




It just struck me that the argument against incorporating Macs into the enterprise is essentially the same one that scares some individual PC users from switching! The argument that it's easier to deploy images for example is basically the same as the PC user who thinks it's necessary to reinstall the OS every time there's a problem. We see the posts from recent switchers here on this site, and we all know it's rarely necessary with a Mac. I suspect that many of the things that make IT more efficient when fixing Windows problems just aren't needed with Macs, and just like the novice PC user who's afraid of switching, IT blames the Mac for not having those unneeded tools as a rationale for not correcting themselves!

Umm, seriously? Are you smoking crack? All the share holders care about is their stocks going up in value, they only want the company to be successful.




I am not telling you I think it is easier, I am telling you it is easier. The PC platform has way too much to offer. Linux, Netware, Citrix, Windows server, etc all work pretty much flawlessly with windows clients. They do not work flawlessly with mac clients. All the comapnies have support for macs, and all of them can technically work with macs but since its not an adopted platform the support is skiddish.

Yes A LOT OF IT HAS TO DO WITH USERS. We have around 8,000 or so PCs running windows XP Pro at my work, and they do not crash and get viruses like you make it sound. This is because we have windows locked down by policy. You can make it secure, and we do. If it was as bad as you are making it out to be you make it sound like every day we have 100s of PCs crash. Out of the small mac population we have as well there are numerous problems, and we have the macs locked down by policy pretty well also.

If users don't have the ability to screw up a system because certain features are locked by policy then its not a huge issue. If you network infrastructure is in place and security is configured properly then there really isn't a huge issue at hand. How many companies have a complete 100% client crash?

What apple does not offer is a robust server side solution for anything. OS X server is chunky and a mediocre product at best. There is a reason why windows servers exist. Apple has nothing to offer like exchange, but there is apparently a third party one that is mentioned in this thread a few posts back. They do not offer any kind of print server solution. Their image deployment system is okay, but it is by far the best I have ever seen and it is limiting. Where as Norton Ghost will work with any and all platforms and it works well. Which is probably why it costs 100k for a site license of that application. Which is why we aren't running it.

cwntnospam your arguments are all stereotypical and clearly show that you are just here to argue. I do not image a computer at the first sign of a problem, no one does. There are ways to fix windows which are built into the OS just like OS X, and they work about the same in my professional experience. The only difference is the Mac platform has diskwarrior which is by far one of the best corruption repair tools I have ever used. There is no blame to be put on MS, novell, Citrix, whomever because their products work, and they work as promised which is why they are used in the enterprise environment. The IT departments are not to blame because they support their users, and their users need those products to do their jobs. Apple is to blame because they are not coming out with any enterprise level solutions, and the only one they have they don't put a lot of work into it. In an enterprise environment people are expected to work on their computers, and there is no enterprise level desktop that is suitable for this. iMacs just don't cut it, no matter how you look at it. iMacs have too many down sides to be considered a decent desktop for an enterprise solution. Apple still needs to come out with a mid tower system. Apple's mass imaging solution is not that great, and it has security issues already because the images have to be owned by the system which means any client can have access to them. It also broadcasts to your whole network, this is where routers and managed switches come into play. So that means any client on that subnet can browse right to the images folders while any client is imaging over the network. They also have no support for AD or eDirectory and this is what almost every company uses. So, why in the hell would any IT department want to go through the nightmare of setting up a huge mac client population in their company/orginization? There is a third party that made a netware client from scratch, but it costs you an additional $150/mac to be able to log on the network.

The bottom line is, it would just cost way too much money to implement macs into any existing enterprise solution, and it would be a support nightmare. The only thing I can see going for apple in this scenario is maybe laptops. Laptops are more personal computers and its more about what the user can do with them since they travel with them. I took my Macbook Pro to the latest microsoft technet road show training last week. I think I was the only person running a mac in the whole road show (like 500+ people there) and I got some looks and some questions. However, I don't need to authenticate on our network with my macbook because its my work computer and it solely functions as a tool for me in the IT department. Since I am one person who supports Macs, I get one.

Seriously, part of the stock going up and the company being successful is an efficiently run IT department. One that doesn't need to waste time and money isolating every single computer from the outside world. You DON'T make Windows secure. What you do is hide it from reality, or as you say, lock the system down. That is expensive to do, expensive and time consuming to (and I DON'T mean for IT, I mean for the departments you're SUPPOSED to support!) maintain, and those expenses pale in comparison to the lost opportunities for innovation and creativity that drive progress. It slows down the very users you're supposed to be supporting!

Maybe you're looking too closely at the trees to see the forest. Look at it this way, if you have 3 platforms: A,B, and C, with A being 80% likely to be the best for any given job, then what is the probability that A will be the best solution for ALL of 50 unique jobs at a company? The answer is 0.0000142725, or approximately 1 chance in 70,065! That mean's that there's essentially ZERO chance that any IT department is doing anywhere near the right thing for a company by limiting access to one platform. Read this next sentence carefully: It just doesn't matter whether or not it's more efficient for IT to have one platform! The goal is not to make IT happy, but to make the company happy, and the way to do that is to use technology more efficiently, not to make IT's control over that technology easier.

You can say whatever you like about me, but as long as you defend an indefensible industry practice, I'll keep pointing it out.

That is a glaring, logical self-contradiction.

Enough said.

No, it's not. It's more important that the technology is efficient for the company than have it be efficient for the IT department. By limiting access to one platform, IT makes their job easier at the expense of the company.

ROFL! That is the funniest, most contrived statement you've ever made about IT and platforms. I got a huge laugh, thanks.

BTW, right now I'm rolling out Macs in a couple of companies despite the fact that they are less efficient for productivity, but since they take me much less time to support, that's what I'm going with.

Talk about contrived!

you rolling out a pure mac solution with OD master OS X server and all? Please let me know how it pans out because I am very curious as to how well it will actually work.

I assume you are rolling out that Kieros(sp?) package (exchange alt.?)

Oh and one more thing, when we budget out of warranty repairs, our apple budget is double or sometimes tripple the amount of the PC side because they are just plain out more expensive to replace hardware on. This fiscal year I have already spent a few thousand dollars repairing a couple of macs out of our out of warranty repair budget.

No, just replacing Windows machines with Mac notebooks. As they migrate to portables, they get Macbooks. It's too much work to support Windows notebooks. They can adapt, or keep the desktops. For some people there has been a bit of a productivity loss, but by using Terminal Server they can always work if they get truly lost, and adapt to Mac OS as they have time. All except one are quite happy with them. One simply could not adapt, but then most of her issues were with adapting to portables (what do you mean I can't access my files on the network when I'm on a plane?).

Kerio has gone into other environments, but not the ones gettting these machines. Those already have Exchange, no reason to change. I've got Kerio in a newly installed Windows-only environment (well, except I'm now putting in Linux machines slowly), already in production and working well. Kerio is now also running the mail for a company I just bought and am integrating into our company (or integrating our company into that, or something like that).

Apple hardware is definitely way more expensive to repair, but there's a lot less that needs fixing in my experience (though my Mac experience is shorter in time than yours).

The new company we bought is as mixed as it can get. Three Macs, several Ubuntu servers, several Debian servers, a CentOS server, VMware running on CentOS to run Windows servers, Debian and Ubuntu workstations... There's one guy with a Windows laptop but he's on his own, self-supporting.

cool, glad to know, and I agree with the mac laptops being easy to intergrate into an existing environment considering laptops are generally a bit more person than desktops and they will travel a lot.

Most laptops don't need policy pushed out to them, they just probably need drives mapped. So, really it doesn't matter what users use on their laptops. I know that if someone decides to load linux on their laptop I don't have a problem with it, but I am also not going to support it since its the non standard. If we did support it, it would flood help desk to hell and back, and no one wants that.

Debian servers eh? Man, Debian can be a HUGE pain in the butt with their licensing useage. Shall I mention ice weasel?? LOL Our Linux servers run suse and for the most part I like it, with the exception of the things they have implemented in the new OS and did not document that well. I think I should attend the next webinar so I can get up to date with some of the new things. Ubuntu is cool and all but I never saw what the big deal was, I run kubuntu on my macbook as a vm and I like it, but not sure if it is really that great for me to switch. Apt has so many issues when updating it, or when trying to add more repositories, or an update does go through smoothly and it botches something else. Of course this happens in every distro, so its something I am used to by now. I just loaded Beryl on a desktop at work, man talk about eye candy, that 3D desktop stuff is nuts. Strangely enough, I almost want to say you can justify using it to be more productive, but I haven't come to that conclusion yet.

I still stand by my point that apple does indeed make some of the best laptops out there period, but I still think a PC desktop is just as good as a mac one.

The only policy I use is to keep people from hurting themselves (their computer), so the Macs don't need that. None of my customers need locked-down environments other than the issues with security and Windows. For net access we block things at the router if needed. So the Mac portables are easy. I join them to the domain, then have the user log in and create a mobile profile. This means they can log in anywhere, and in the office they stay in sync with the AD account. The only issue I've run into with this is a user didn't bring in the machine for months, the password on the domain timed out, and he reset it on BOTH the domain and the machine while the machine was not on the network. --kaboom--

Debian has a license? Huh? I've never bothered to look. None of the servers have a GUI, so no weasels or anything else on them. For workstations I nearly always use Ubuntu. I personally don't like Suse or CentOS/Redhat, and the wife...well, she'd sooner kill me than accept being forced to work on those. So she gets to choose the distros for our servers and I'll work on whatever, even RHEL (I call it MS-Linux).

I too think Beryl may enhance productivity. The users sure like it, and it makes giving them Linux so much easier. "How do I get my computer to look like that?" Heh, I'll take care of that...

We'll see in a few years. I've found that the Windows laptops are a HUGE pain in the butt long term. I've only been doing the MacBooks for a while, so we'll see in a year or two. Right now, I'm finding them a lot easier.

Yup I agree, and the only problem I see is that an iMac is not ideal for every situation and giving some users dual xeons is way over kill.

Debian only uses packages (i am pretty sure about this, not 100%) that are published only under the GNU license, meaning anything that anyone puts out that is a great application/utility/etc has to be under that license or Debian doesn't bother to play nice with it. Ice Weasel is actually Debian's port of Firefox, the same exact open source browse recompilied, named changed, and published under the GNU license so Debian will play nice with it.

http://en.wikipedia.org/wiki/IceWeasel

Redhat, I haven't used in a long time. Suse is actually not that bad, there are some things I do not like about it, but I have some hope for Novell. What I don't like about Debian is how one patch can kill a lot of stuff, and when you try to use APT to get it all back installed properly you have to jump through a lot of hoops sometime, but like I said earlier, it happens with every distro.

An interesting package you may want to look at for your clients is called DRBL (diskless remote boot linux) and I have personally set up a small imaging server in our shop to image and deploy windows boxes. I simply get a windows box up to snuff with udpates, apps, novell client, etc then sys prep it, then netboot it into my DRBL box and create a master image of the machine. Then, I can netboot all my clients and unicast/multi-cast all my imaging. It uses clonezilla and NTFS clone, the compression rate of the images is good and the speed is very decent. It basically loads a very small micro kernel of linux (knoppix based i think...) and loads when the client machine PXE boots. Here is the kicker, it loads to a grub menu so you can actually have net installs of OSes on there, imaging options of what you have set up, and the option to boot into the OS incase the user netboots by accident. One feature it also offers is a boot up password. I can lock down all options from netbooting at the client level, but leave the option to boot to the local disk un protected. Unfortuneately, the down side is that the DRBL box has to be your DHCP server, or you have to create a DHCP proxy, and proxy all PXE IP requests out to the box. I have one in our tech shop to image like 20+ laptops at once but I won't be able to deploy it anywhere in our network because we would have to change our infrastructure around. We are tinkering with Zen Imaging now, and the Macs still netboot image via OS X server. It would be nice to have one solution for everything, and Ghost is really the best product I have seen, it is also the most expensive.

DRBL is of course open source and free so it could be something to look at for one of your clients who needs a small imaging solution. It uses distributed hardware (multiple NICs) to lower the load on the server box itself. So, technically you could load it on a DHCP server that was already running Linux and slap a few cheap giga ethernet cards in there and have yourself a very cheap viable solution.

http://drbl.sourceforge.net

I've heard that a couple times but never experienced it. My experience with Apt is 100% positive, and I love it. This may be due to my use, which is purely for servers where there is never a GUI and no unnecessary stuff loaded. I do the most pure install possible, then run a standard script of Apt-get/installs, and add in the software the server will run. Even kernel patching has gone fine for me. That may be different for workstations that run a lot of apps.

Interesting thoughts on DRBL...I might have just the place to try it.

How does laptop penetration influence the equation?
 

.
I see a growing number of my clients using a laptop as their primary machine, and in some instances as their only machine.

Q1: What is the rate of change of laptop penetration at the Enterprise Level?
Q2: How large a portion of enterprise users, and in what fields, have laptops as their primary/only computer?
Q3: How is this likely/unlikely to influence Apple’s coming success/penetration at the Enterprise Level?

-- ArcticStones