VMware ESXi 5.5 on the Mac Pro (2013)
Articles,Server 3 comments

VMware ESXi 5.5 on the Mac Pro (2013)

VMware now supports ESXi on the latest Mac Pro - virtualizing OS X has never been easier.

Securing a Munki deployment with Puppet SSL certificates
Articles 2 comments

Securing a Munki deployment with Puppet SSL certificates

Munki and Puppet have become very popular tools in the last few years, and make a great team for Mac management.  While Puppet is inherently secure due to its use of client-certificate based SSL for all communication, most Munki deployments still run over plaintext HTTP.  One of the best features […]

Hidden AirPlay feature in the AppleTV 6.1 (iOS 7.1) update
Articles,iOS 6 comments

Hidden AirPlay Feature

Here’s one that will make educators and education network administrators realllllly happy. There’s a hidden gem in the AppleTV 6.1 update that was released today. In addition to Bonjour over UDP negotiation for AirPlay, iOS 7.1 devices will also look for AirPlay sources using Bonjour over bluetooth when doing its […]

Exploring Apple’s new Device Enrollment Program
Articles,iOS,Management 2 comments

Exploring Apple’s new Device Enrollment Program

On February 26, 2014 Apple announced its new Device Enrollment Program (DEP). You can read about the features of the DEP here. In a nutshell, for US customers who have purchased devices directly from Apple, you can: 1) Force enrollment with your MDM when device is set up (every time) […]

Clean Migration of Existing Open Directory Users to a New Mavericks Server
Articles,OS X,Server 0 comments

Clean Migration of Existing Open Directory Users to a New Mavericks Server

For many reasons, you may find yourself needing to start a new Mavericks Open Directory server from scratch. In this article, I’ll go over how to import your existing users from an older Open Directory server and import them to your new Mavericks server. I will also use a tool […]

Sydney Mac Admins April Meetup

If you manage or administer devices with an Apple logo and are in Sydney on the 16th, you should come along to meet your peers. Take part in an informal chat and share what has and hasn’t been working for you and others. Find out what is new, what works […]

Read more

Return of the Intermittent Bricking

Return of the Intermittent Bricking

So it used to be we’d wait for machines that were bound to Active Directory running 10.10.0-10.10.2 to freeze during startup and we’d either perform CPR or apply rc.server script fixes. ‘Things can only get better,’ we said. ‘Just trust them,’ we said. ‘They’ll get it all fixed if we […]

Read more

Autopkg – Download Recipe Decision Making Process

Autopkg – Download Recipe Decision Making Process

It’s been a long-standing goal of mine to help people get started making their own recipes for autopkg, which was recently spurred on by revisiting my previously-discussed recipeGenerationUtils. The autopkg wiki can only be so instructive on the process besides some general guidelines, so I thought I’d expand on some points here, while […]

Read more

Pepijn Bruienne Reverse-Interview by Charles Edge, Part One

Once again donning the yellow jersey, Charles Edge returns to reverse-interview Pepijn Bruienne, recorded back at the turn of the year. We’re so happy to have Charles back with his new role at Bushel, mostly because we can finally drag out the ‘scrum masters’ tag again. Lovingly polished by the awesome Aaron Lippincott, […]

Read more

Thunderstrike Need-To-Know

Thunderstrike Need-To-Know

When we heard about the ‘bootkit’ exploit branded Thunderstrike having the potential to remove all of your security controls it was pretty disturbing. Luckily Apple controls a relatively small number of models, and released a patch for several affected CPU versions, bundling it with 10.10.2 so as to lessen the number […]

Read more

Stop Remediating While you Audit

Stop Remediating While you Audit

Let’s talk about orchestration. This term is different than just applying the normal set of configuration profiles you want near-permanently enforced on the workstations under your management. Too much theory isn’t necessarily helpful, but sometimes I come across something that feels right, and then experience validates it as a real, […]

Read more

Enhancing Sal with Facter and Profiles

In a previous post, I showed how to set up Sal. Sal‘s basic functionality is useful on its own, for the basic Munki reporting – what are the completed installs, pending updates, what OS versions, how many devices checked in the past 24 hours, etc. In this post, I’m going […]

Read more

Using Puppet with WebHelpDesk to Sign Certs, with Docker

In a previous post, I showed how to use Munki with Puppet SSL Client certificates in a Docker image. In that example, the Puppetmaster image is set to automatically sign all certificate requests. Good for testing, but not a good idea for production use. Instead, we should look into Puppet […]

Read more

Running Munki with Puppet SSL Client Certificates

Previously, I showed how you can run Munki in a Docker container. Then, I talked about how to build Munki to use Puppet for SSL certificates. Assuming you’ve got a running Puppetmaster image (which I talked about building here), let’s run the Munki-Puppet image we just built. Running the Container: […]

Read more

Building Munki with Puppet for SSL Client Certificates

Note: this is based on the README for the Munki-SSL docker container. In a previous post, we ran a Docker container serving Munki repo content via Nginx. That works fine, but only serves insecure HTTP content. It’s generally in everyone’s best interest to use a secure connection between the Munki […]

Read more