Archive for category: Articles

In order for an app to run on an iOS device, it needs to be code signed. This proves to iOS that the app has been approved to run on iOS devices. This is true of any apps in the App store, ad-hoc, or enterprise apps. The App store apps […]

Introduction It comes as part of an amazing revolution that the devices we carry are increasingly smaller and lighter. For the first time in history, we have truly mobile devices, including laptops. This also means that they’re more likely to be misplaced or be carried with us in hostile environments, […]

Starting with OS X 10.7 (Lion), there has been a shift from managing via Workgroup Manager and Managed Profiles (“MCX”) to managing via Profile Manager and Configuration Profiles (.mobileconfig). Configuration Profiles can be managed in a variety of ways, but OS X Server 10.7 provides a simple and efficient tool […]

If you’ve done any deployment work with OS X Lion, InstallESD.dmg is probably not a new concept for you. But just in case you haven’t, or just in case you need a quick refresher, with the release of OS X Lion, Apple completely changed its distribution method for Mac OS […]

With Apple releasing updates to OS X every year, the Mac SysAdmin has yet another thing to worry about. As if increasingly frequent security updates and managing iOS devices were not enough to keep us busy, we must now add yearly releases to our work load. This presents quite the […]

Apple posted new whitepapers to http://training.apple.com/lion. The Configuration Profiles and 802.1X authentication whitepapers look brand spankin' new. The whitepapers include:

• 802.1X Authentication
• Managing OS X with Configuration Profiles
• Mac Integration Basics Guide
• Best Practices for Integrating OS X Lion with Active Directory
• OS X Security
• Strategies and Best Practices for Evaluating and Deploying Mac Computers in the Enterprise 
• Managing OS X with Configuration Profiles

 The 802.1X whitepaper contains some excellent indepth 802.1X integration informatoin for both OS X and iOS, and also includes some sample configuration profiles in the Appendix. If you are tasked with 802.1X integration of Apple devices in your environment, check it out.

We are considering another rockin' AFP548.com party on one of the evenings of WWDC 2012, and want to know if enough IT folks are going to make it to WWDC to make it worthwhile.  We have a new poll posted (look down, and to the left on the page), so please take a moment to let us know if you are going to be there!

The MacSysAdmin 2012 European Macintosh System Administrator Meeting tickets are now available!  Head on over to registration and grab your ticket early, so you don't miss out.  The lineup of speakers looks awesome, and AFP548.com will be there to cover most of the sessions.  It is in Sweden from Tuesday, Sept 11 to Friday, Sept 14 2012, and will feature topics such as OS X Server, iOS, client management, 3rd party management, and much much more (see the full session list).  A huge part will be meeting up with the other IT folks to meet and discuss.  The MacSysAdmin is quickly turning into the premiere Apple IT conference to go to.  Go get a ticket before they sell out and if you can't go, be sure to check back here to AFP548.com during the conference for updates!

Apple has posted the Apple FIPS Cryptographic Module v1.1 and has an associated "How to set up and maintain a FIPS-enabled OS X Lion system" kbase.  FIPS validation is a certification program by NIST (National Institute of Standards and Technology) to verify cryptographic modules.  It appears from here that the CDSA module is 140-2 level 1 certified. For those not versed in the dark details of FIPS certification, Wikipedia defines 140-2 Level 1 as "all components must be "production-grade" and various egregious kinds of insecurity must be absent".

 The interesting piece to all this is in the "additional information" section of the "How to set up and maintain a FIPS-enabled OS X Lion system" kbase:

"OS X Lion security services are now built on a newer "Next Generation Cryptography" platform and have transitioned from the CDSA/CSP module previously validated on Mac OS X v10.6. However, Apple has re-validated the same CDSA/CSP module under OS X Lion to provide continued validation solely for third-party applications."

 So Lion is not FIPS validated, but the CDSA on Lion is, but only 3rd party apps use it.  Clear?

Well, that was fast.  WWDC 2012 tickets sold out in record time!  Hopefully you got yours, but if not, there is always the videos.  Now we just need to wait to hear the screams from the folks on the West Coast and as they wake up and realize what happened.  Not to mention our friends in Australia and Asia!