Articles by: cedge

App Store Volume Purchasing Program (VPP) for Business On the Way

Apple has announced that the Volume Purchase Program (VPP for short) is coming to business. The VPP allows organizations to purchase applications in bulk. These applications can be standard apps that are on the store, and would be the same price you would otherwise pay, but acquired with a redemption code (similar to how you can gift applications) that is distributed from program facilitators rather than using a credit card. 

VPP for Education has been around for awhile and there are a few lessons we've learned from deploying it: 


  • The VPP can only be used for paid apps, so no free apps
  • iBooks and In-App Purchases are not part of the VPP
  • The first step is to enroll
  • To enroll, you need a Dun & Bradstreet number (DUNS)
  • The address you use needs to match the D&B database
  • You'll then create a new Apple ID used to manage the account (same ID developers will use if you're using B2B apps), which becomes the Authorized Purchaser
  • Once you are logged in as the Authorized Purchaser, you can then search for an App and purchase an unlimited number of them (again, no free Apps) using a credit card, PCard or Paypal (Education customers can buy tax exempt vouchers)
  • Then download codes for each installation of the App and email or distribute them as needed (you can have multiple Program Facilitators to do this)
  • Codes are distributed in a URL, where users use their Apple ID to redeem the codes (think tap a link and you just bought an app).


Originally, distribution of codes was done manually. I would expect that the future of software distribution using these codes will be through MDM providers. VPP codes can be managed via JAMF, FileWave and others today (think recommended apps), taking a lot of the pain out of software distribution via the App Store. 

Additionally, Apple now offers Custom B2B Apps, which as the name implies are custom applications that undergo the same App Store approval process as other apps and can then be distributed via the App Store, which opens up the distribution of private white labeled application versions of apps that are already on the App Store as well as a marketplace for custom developers and enterprise software makers. These apps do have a minimum of $9.99 but there are a number of ways vendors can built that into licensing models.

The extension of the VPP into business and some new additions that weren't present in the education version of the VPP are welcomed to those who have been doing large deployments of iOS devices. There are still a lot of issues that need to be worked out around this strategy of application deployment; however, it's good to see a little traction!

Read more

GroupLogic Brings CommVault Simpana to Mac OS X

GroupLogic is working to bridge the gap between corporate mass archival solutions and Mac OS X. With a new product called ArchiveConnect, the makers of Extreme Z-IP now have a product that provides the ability to fully integrate CommVault's Simpana. This allows you to reduce the required footprint of on-line disk capacity while being able to meet compliance and data retention requirements. Check out their webinar at: 


Read more

Moving the Journal

In Mac OS X 10.2.2 journaling was added to the Mac OS X Extended file system (I first read about it here on afp548). Journaling introduced a lot of great stuff, most notably improved resiliency to crashing. This resiliancy comes from the fact that a journaled file system uses part of a disk to write changes that are intended to go into the actual file system. This way if a crash occurs while a transaction to the file system is occurring the file system will usually easily and quickly recover by using the journal to bring the file system back into a consistent state.

Read on for more…

Read more


Snow Leopard comes with a great little new command in mcxrefresh, which as you might have guessed refreshes policy information. This allows you to request a new set of policies and provided the command returns with no errors the process has completed successfully (exit's 0). Use a UID using the -u option and use a short name using the -n option:

mcxrefresh -n cedge

You can also use the -a option, which prompts for authentication when dealing with Active Directory. There's not really a lot to mcxrefresh, but what there is turns out to be really useful.

Read more

New networksetup Features in Snow Leopard

The networksetup command is pretty useful for deploying static network information, which is otherwise tedious (to say the least).  In Mac OS X 10.6 there are three major additions to networksetup that have not gotten a lot of attention yet.  The first is that you can now use networksetup to import and export 802.1x profiles (and link them to certificates that you import from pkcs12 into Keychain), which will hopefully ease implementation burdens for environments with supported 802.1x setups.  The second is that networksetup can now be used to manage a Baseboard Management Controller (BMC), which is the chip that enables ipmi/Lights Out Management.  The third new option is the addition of network locations control from within networksetup.  This means that networksetup can now be used to configure basically the entire network stack. 

Read on for more…

Read more

Source Based Routing Quietly Finds Its Way Into Snow Leopard

On Mac OS X 10.5, if you connect two different ports on a host to two different networks and assign them with two different IP schemes then only one can act as the default gateway.  This means that any incoming packets will all, by default, get responded to over the default gateway; despite which interface the packets came in on.  You can customize your routing table using the route command but this can be tedious and doesn't always necessarily net the desired results.

Read on for a bit more…

Read more

Malware Safeguards in Snow Leopard

A number of you may have noticed the article on ZDNet that stated that Mac OS X now has built in Malware protection (actually, I guess Intego made it public).  Despite the fact that the articles from Intego and then ZDNet were written prior to the release of the actual operating system (in their defense it was only 3 days prior) they have a point. They were also correct in that this isn't using a standard anti-virus engine such as ClamAV (which many think should be included by default in both Client and Server rather than as just a mail plug-in for Server)…  So what is this new anti-malware tool and what's it doing?

Read more

Directory Services Plug-ins

In a number of contexts, we hear about directory services plug-ins. A directory services plug-in is a way for a Mac OS X computer to leverage the DirectoryServices daemon to obtain account information (be it authentication or policy information) from a server. This might be an Active Directory server that uses the Active Directory Plug-in or an Open Directory server that uses LDAP. You disable plug-ins that you don't need and enable plug-ins (ie Active Directory plug-in or third party plug-ins) that you need in order to access directory services of various types.  These plug-ins are developed in the form of .dsplug files. The default plug-ins that Apple includes with Mac OS X are located in the /System/Library/Frameworks/DirectoryService.framework/Versions/A/Resources/Plugins folder in Mac OS X. Any .dsplug file stored in this directory will be loaded as a plug-in, assuming it matches the parameters laid out in the DirectoryServices API.

Read more

SANS Security Checklist

There is now a security checklist covering 10.4 and with limited coverage of 10.4 Server available from the SANS S.C.O.R.E. team.

You can get the guide here.

Read more