JAMF Client MGT White Paper
JAMF Client MGT White Paper
Information in this document including URL and other Internet Web site references is
subject to change without notice. Unless otherwise noted, the example companies,
organizations, products, domain names, e-mail addresses, logos, people, places
and events depicted herein are fictitious, and no association with any real company,
organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright, no part of
this document may be reproduced, stored in or introduced into a retrieval system,
or transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of
JAMF Software.
JAMF Software, Composer, and Recon are trademarks of JAMF Software LLC in the
United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks
of their respective owners.
Summary of Benefits 1
IT Challenges 2
Business Challenges 3
Client Management Solutions for IT Managers 4
Lowered Costs 5
Client Management in the Macintosh Environment 6
Return on Investment of the Casper Suite: A Case Study 7
The Casper Suite – An Overview 11
Recon and The Recon Suite 15
Composer 17
Casper Admin 19
Casper 20
JAMF Software Server – JSS 23
CasperVNC 25
Training and Support 26
Purchasing 28
Casper Suite Summary Back Cover
create image download .pkg convert updaters convert installers update software
installers to .pkg to .pkg
observe/control
d i
tracking
and
assignment
configure settings & printers modify settings
user request
Does image meet client needs? Have we tested updates? How many copies do we need?
.................................. ..................................
Compliance Purchasing
.................................. ..................................
Do we have
Who has which rights?
enough licenses?
v
..................................
Business Continuity Are we under warranty?
..................................
Managers are all too familiar with questions of compliance in the modern
business, with regulations like Sarbanes-Oxley requiring detailed,
accurate reporting of software licenses. Setting an organizational
standard for software and versions so that users can share files, or simply
purchasing new licenses, can turn into a spreadsheet challenge if the
environment is not managed. Technologists are diverted from support
and repurposed to gather information about existing assets. Automated,
detailed inventory reporting in the managed environment keeps IT
resources tasked to organization business, reduces liability, prevents
overspending, and maintains software versions across the organization.
See the “JAMF Software Study of Sarbanes-Oxley Compliance and the
Casper Suite” for more information.
“ Making Macs
“
first class citizens in the enterprise.
Lowered costs
Evaluating the cost savings associated with the managed client
environment can be tricky because of the traditional separation of the
various aspects of IT: Hardware, software, and staff are all major cost
centers and organizational budgets may be separated along these lines.
Client management software affects cost savings in all three aspects
of IT, as well as providing peace of mind regarding data backups, legal
compliance, and security issues.
For years, conventional wisdom has kept Macintosh computers out of the
large scale enterprise environment except for a few creative industries.
However, according to Computerworld magazine, Apple is making inroads
into larger organizations and Macintosh machines are becoming more
common in the enterprise. This trend may be attributed to security
concerns with Windows PCs, the popularity of Apple’s consumer products,
and the advent of the Intel chip in Macs (Seth Weintraub, “Why Apple’s
‘consumer’ Macs are enterprise-worthy” Computerworld.com, March 9,
2007).
Even so, the Casper Suite is a powerful toolset, providing great breadth
and depth of management functionality. The Casper Suite is designed
by engineers who work with Macintosh hardware and software. JAMF
Software™ developers value the intuitive ease and beauty of Apple
products and work to translate those values into the Casper Suite.
Managing Macs with the Casper Suite combines all the benefits of a
powerful client management tool with an elegant user experience.
7
JAMF Software - Casper Suite
Return on Investment Analysis
Introduction:
MDC Partners is a portfolio of best-in-class marketing extremely time and labor intensive process. Without the
communications companies whose strategic and use of tools to automate the process, an administrator
innovative solutions lead the marketing industry, attract would typically have to go to every workstation or laptop
the finest talent, and achieve outstanding results for and manually configure the devices. More experienced
clients. administrators can write scripts to install the printers, but
the execution of the script would require manual
We are a publicly traded company with compliance intervention by the end users. With the use of the Casper
requirements driven by Sarbanes-Oxley and our clients. Suite, we can now deploy the devices to user computers,
Because of the computing platform widely used in our without visiting the machines, from a central server in
industry, many organizations have difficulties executing the organization, thus allowing lower level system
controls systematically that enforce their IT and administrators to distribute and install printers on
corporate policies. hundreds of workstations in approximately 15 minutes.
Additionally, the Casper Suite allows for the creation of
The Casper Suite of products has allowed us to define user groups that allow administrators to even further
and efficiently implement controls through a centrally increase their efficiency by only deploying resources such
managed set of tools. The tool set has allowed us to as printers to the workstations that require them.
focus our efforts on growing the organization through
effective use of IT and not requiring our resources to Remote deployment of applications to the user
spend their time on maintenance. community greatly reduces the need for support
individuals to visit each desktop when upgrading or
Currently several of our partner firms are using the installing new applications. Additionally, the deployment
Casper Suite and many more are in various stages of can be defined to user groups which help to manage the
evaluating, acquiring and deploying the tools. inventory of licenses distributed. The Casper Suite
allows us to create packages that can be distributed
systematically for any application from any vendor.
Cost Savings:
Automation tools are widely used so administrators can The Casper Suite brings enterprise level management
focus their efforts on tasks that benefit the organization tools to the Apple platform. For a long time Windows
far more than the utilitarian functions that often administrators have been able to define and enforce
consume their time. Return on investment for policies on users machines from a central location. The
administrative and management tools is a function of Casper Suite brings many of these types of features to
efficiency and time savings directly driven by labor cost. the Apple platform. The ability to automatically discover,
The more efficiently people work, the more productive remove and report on applications installed by end users
they are, therefore less people are required to support is critical to any organization. These applications, fonts
the organization. etc… pose a serious security risk to organizations as well
as a financial liability.
The time for tasks, such as provisioning a computer, is
significantly reduced by the ability to create a standard There is a significant amount of savings when using the
image by class of user and push out that image to new Casper Suite to create and enforce security policies.
machines or to devices that need to be re-deployed. The Significant savings are seen when end users are prevented
process of configuring a machine manually used to be from performing actions that would increase the need
approximately 4 hours per machine. Utilizing the Casper for support. Functions like application blacklisting,
Suite, the same process is now performed in about 15 automated software updates, and automated e-mail
minutes. notifications ensure users workstations are current with
patches and fixes as well as ensuring they do not change
Printers are constantly changing across the organizations. configurations or install unauthorized software that can
They are replaced due to age, wear and tear, and pose a threat to the machine and the other workstations
upgraded for better print quality and performance. The on the network.
process of provisioning printers on the network is an 8
9
JAMF Software - Casper Suite
Return on Investment Analysis
Based on surveys performed across our partner firms currently using the Casper Suite the
following represents time savings for typical tasks performed by IT support personnel.
Before Casper After Casper Time Savings Dollar Savings Annual Savings Annual Savings
Hours to deploy new MAC 4.0 0.5 3.5 $87.50 $87.50 $0.00
Hours to roll out patch and/or printer maintenance 0.5 0.1 0.4 $10.00 $100.00 $120.00
Hours performing preventative maintenance per month 1.0 0.3 0.8 $18.75 $225.00 $225.00
Estimated savings due to security policy enforcement 0.5 0.1 0.4 $10.00 $120.00 $120.00
Hours to inventory IT assets and related SW 0.5 0.1 0.4 $10.00 $120.00 $120.00
*Note: Cost/machine depends on the number of machines managed with the Casper Suite.
This page intentionally left blank JAMF Software White Paper 10
The Casper Client Management Suite - Overview
The Casper Suite offers one set of tools to address all aspects of
Macintosh client management including inventory, package building,
configuration, image management, image deployment, remote updates,
and scheduled maintenance. Since all these applications are fully
integrated, there is no need to import or export data or to force diverse
tools to work together. Because the architecture all flows through
one central database, dynamic inventory information can be used in
scheduled maintenance and packages are used for both imaging and
updates, promoting efficiency and consistency. The simple user interface
ensures that the Casper Suite is not reliant upon one devoted system
administrator. The workload can be balanced, with privileges based upon
the user’s role in the organization.
With the pre-staging feature in the Casper Suite, IT can actually associate
an image with a machine before it is even out of the box. When the end
user plugs in the machine, it can be booted and configured by holding
down one key on the keyboard. The machine goes direct from the loading
dock to the end user’s desk with no layovers in IT.
The suite also uses a policy-based approach to tasks that means that
recurring rules can be enforced automatically without the intervention
of IT staff. Distribution of any file type also allows companies to easily
release new documents, such as HR forms, to their employees in
addition to software and settings. Remote utilities can be run during off-
hours to have a minimum impact on business, while keeping machines
well serviced. With the self-healing feature, the Casper Suite checks
for packages that have been broken or removed, then repairs or
reinstalls the packages automatically. Automated, scheduled repair and
maintenance is invisible support that reduces interruptions and incidents
for the end user, while giving time back to IT staff.
The Recon Suite is also available as an independent application for The Recon Suite:
organizations grappling with inventory and asset management challenges. an independent, cross
The Recon Suite includes Recon and the JSS and is an effective platform inventory
introduction to the world of client management, solving immediate solution for your entire
problems while providing a framework for additional functionalities of life network
cycle management in the future. The Recon Suite works cross platform,
reporting on both Macintosh and Windows machines and building a Casper uses a MySQL database,
comprehensive database of all these assets. just one of the many industry
standards in the Casper Suite.
Custom scripts can be run
against the database at any
point for easy export to third
party systems or in-house
applications.
Requirements
The Recon Suite has built in
Mac OS: 8.6, 9.x, 10.1, 10.2, 10.3, 10.4, 10.5, Windows: NT4, 2000/2003 reporting that can be exported
to a number of PDF reports, csv,
Professional, XP, Vista tab delimited, XML or custom
HTML files that can include your
company logo.
Package Building
Step 3: Validate
Composer uses a snapshot
Before a package is final, system for packaging. This
Composer allows you to validate makes it easy to build a
package without needing to
the contents. Using Composer’s know the exact location or
built in interface or the Finder, names of files that are installed.
you can view all modified Whether your installer is a .pkg,
directories to ensure that all .mpkg, .dmg, or VISE, Composer
can capture them all.
proper files are in place and
to confirm that any upgrade or
temporary files are not in the Packages can be saved in either
package. the .dmg or .pkg format. When
a package is saved to the .dmg
format, user preferences can be
pushed to the user templates
Step 4: Package Type
and any existing users on the
client machine
After verification, Composer will
create a deployable package
for you. Composer also comes
with a feature called Convert Many packages can be built
automatically if a certain
Package that anticipates your set of software is detected.
need to make changes to This reduces time spent on
existing packages. Rollout of a the packaging process and
final package can be controlled improves the accuracy of your
packages.
and scheduled across your entire
network or through location-
specific servers using Casper
Admin and Casper. No command Composer can be used as a
line or fixing permissions is troubleshooting tool. Do you
required. need to know which files are
affected by a certain preference
change? Composer can capture
any changes made in the Mac
OS X interface and create a
In addition to being a robust application within the Casper Suite, package based on the changes.
Composer is available as a stand alone utility. See also a Composer
demonstration at www.jamfsoftware.com/media/video.php
Requirements
Mac OS: 10.2, 10.3, 10.4, 10.5
Local Imaging
Network Startup devices can be used to individually image machines and
is an effective imaging strategy. Casper can also cost-effectively deliver
consistent first-images to all machines using a locally attached FireWire
drive. Casper also gives you the flexibility to do more with your installs.
Casper comes with options for installing configurations, such as erasing
the disk, installing software, naming the computer, creating local user
accounts, binding to Active Directory, specifying network settings, adding
printers, and rebooting. Since all of these unique settings are established
prior to imaging, there is very little post-fix work to be done.
The most efficient way to update a deployed machine is to use Casper. Casper can both push and pull.
Casper can push packages immediately or initiate a client side pull from Whether you are performing
a file share that has the computer’s required packages. The forced pull remote administration or sitting
requires dramatically lower network usage than the standard push to end directly at the client machine,
software can be installed to
users’ machines. The file shares that Casper uses as a package source meet your users’ needs.
can be housed on Mac OS X, Linux, Solaris, and/or Windows computers.
Since the only requirement for a package source is the support of AFP
or SMB, an organization can have as many shares as needed to support Casper can remove older
multiple floors or locations. versions of software. To uninstall
software, simply create a
package in Composer and
Beyond standard package pushing and uninstalling, Casper has the Casper will know which files to
ability to manage virtually every aspect of client computers. You can uninstall.
manage the mapped printers, local accounts, Active Directory bindings,
add or remove items from users’ docks, and run software updates from
locally hosted SWU servers.
Casper will restart downloading
after interruption using the self-
healing feature. Using Casper’s
policy framework, clients will
continue to run tasks until all
tasks in a policy have been
completed.
Pre-Staged Imaging
With the pre-staging feature, IT can actually associate a configuration
with a machine before it is even out of the box. When the machine is
plugged in, it can be booted and configured by pressing one button.
The machine goes direct from the loading dock to the end user’s desk
with no layovers in IT.
Remote Utilities
Supporting machines that are frequently imaged and updated becomes
easier because troubleshooting utilities can be run remotely.
Features in 5.0
Self-healing packages
Greater scalability
Requirements
Mac OS: 10.2, 10.3, 10.4, 10.5
The JSS is the web-enabled database that accepts and organizes all of
the information from the other components of the Casper Suite. Unlike
many utilities used in client management, the Casper Suite revolves
around this centralized server. One common repository allows you to track
all necessary information, monitor usage, and perform administrative
tasks and support functions across multiple locations.
The convenience of the JSS makes administrative tasks easier. You can: The JSS will retry for machines
that are off of the network.
• Create users. This allows you to assign different levels of control to The JSS keeps a log of tasks
different users in your IT department. that have run on a group of
machines and those that have
• Create departments. Set up functional workgroups within your not run an assigned set of work.
organization. If the client is not on the network
when a policy runs, the task will
• Create buildings. Create logical names for your sites. be attempted the next time it is
on the network.
• Manage peripherals. Add, delete, and modify peripherals supported
within your organization. The Casper Suite will replace
software that the end user
• Manage file servers. Add additional locations in order to pull deletes. Using the self-healing
packages. feature, the Suite can compare
a list of software that is currently
• Manage LDAP servers. Add, delete, and edit LDAP servers to get user installed against a list of known
and group information. software the machine should
have and automatically restore it
• Bind your Active Directory information with the JSS. to a known good state.
Requirements
Mac OS: 10.2, 10.3, 10.4, 10.5
JumpStart
This onsite visit introduces the Casper Suite to your environment and
gets it up and running correctly. Working with your IT staff, Certified
Casper Administrators from JAMF Software or our approved integrators
will install your JSS, inventory a subset of your computers, and create
packages. The JumpStart lasts three to five days and may also include
other tasks that solve your immediate problems, depending on your
organizational needs.
At the end of the JumpStart Program, you will better understand how to
resolve the business challenges facing your network by using the tools
within the Casper Suite.
Composer
If you just need a better package building utility, Composer fits the bill.
Easy, flexible, and fast, Composer allows you to build packages that make
imaging and updating more efficient than ever before.
Pricing for the Casper Suite and the Recon Suite is calculated per client
machine. The per seat price includes the installation of one JSS, with as
many file share (child) servers as the organization requires.
Discounts
Discounts on the per seat price are applied for volume purchases.
Serving Education
JAMF Software is a proud supporter of K-12 and higher education. JAMF
Software knows that educators must manage large organizations on
tight budgets. Though moving these large client bases to a managed
environment will save significant budget all by itself, the initial purchase
price can be difficult for some schools. With that in mind, JAMF Software
provides purchase discounts to these organizations to enable them to
realize the savings and benefits of moving to a managed environment.
Higher education receives a 30% discount off the commercial per seat
price. The ASA is calculated at 18% of the actual purchase price.
Centralized hub through which all other applications Mac OS X or 10.4 Server
interact; hosted web database Windows NT4, 2000, XP,
Server 2003 Red Hat,
SUSE, Solaris
Gathers inventory and asset information that is sent back Mac OS: 8.6, 9, Mac OS X
to the JSS Windows NT4, 2000/2003
Professional
Contact Information
JAMF Software Minneapolis (612) 605-6625 www.jamfsoftware.com
1011 Washington Ave. S New York (646) 416-6923 [email protected]
Suite 350 Los Angeles (213) 291-8863 [email protected]
Minneapolis, MN 55415 London 020 7993 8364
Support (612) 216-1296
Support UK 020 3002 3907