One of my goals for this summer is to focus on how our readers are using Macs in the enterprise. This is a subject that's near and dear to my heart; I've been an advocate for Apple's platform in business for over a quarter century. But manageability has always been a stumbling block for Macs, and for other alternatives to Windows, and I want to figure out what we actually can do in this area, now that Mac OS X is a mature environment.
I see this question as having many facets, but with better solutions available for some aspects than others. At the top of my list is classic device management. This covers a lot of turf, starting with imaging, through active in-use monitoring and asset tracking, and taking a look at backup and recovery along the way.
I want to discuss that last topic in detail here, because it's an excellent example of the challenges that exist for admins who want to provide the level of management for Mac OS X machines that's almost taken for granted in a Windows environment.
Backup and recovery are so fundamental that it's really kind of surprising that the solutions out there seem to be so fragmented in features, and limited in their reach. Apple's own Time Machine is dirt simple to use, but I can't imagine using it as an enterprise backup tool, no matter what I put in my brownies. Bombich Software's Carbon Copy Cloner handles imaging as well as backup, but again, it's not designed for use in a multiple-target environment. Retrospect, which was recently sold by EMC to Roxio, has been a gold standard for more years than I have toes. But even it falls short when you're trying to run backups on a truly massive scale.
There appear to be a few backup packages that play at this level, but their capabilities and caveats are all over the map, as demonstrated by Michael Dhaliwal of District13 Computing. If you're tasked with evaluating major league backup tools for Mac OS X, his findings as of 2009 (PDF) are a good place to start, and if I want to do a better job than he has, I'm going to have my work cut out for me. (But I digress...)
Back to the manageability breakdown, I also want to look at identity management, which is helped by Mac OS X's built-in support for Active Directory and LDAP. That's a necessary foundation, but I'm curious to know what's still missing (if anything) from the basic features, and how you're addressing needs that aren't filled by those directory services.
We've heard for years about how Macs require less care and feeding than Windows systems do, from the perspectives of antivirus and malware protection; what's less clear is whether that's due to inherent strengths of the platform, or if it's just a matter of presenting a smaller attack surface by virtue of the much smaller installed base. I have never run anti-malware software on my Macs, and have been off and on about antivirus tools for them; just once, I'd like to hear these tools justified by somebody who isn't working for a company that sells the stuff.
I sort of touched on software management earlier when I mentioned the imaging part of device management, but that's only a small chunk of the problem; provisioning is an even murkier area for Mac OS X machines. One has to cope with deploying and maintaining applications; that's hard enough to do with machines that never leave the premises, and even more challenging for notebooks and mobile devices.
That brings me to what is (mercifully) the final thing I want to mention in this post. I don't want to limit my focus to conventional computers running Mac OS X; it's clear that with the introduction of the iPad and the explosion of iPhones in business environments, I really have to include handheld devices in my thinking.
So that's the extended-play, dance-mix version of what's bouncing between my back burner and the one in front.