Management Considerations for the Enterprise
Bill Morrison
Director of Technology, Rapides Parish School District bill.morrison@rpsb.us

• Not technical Apple – iOS devices
• Managing all those iPads
• Things to consider
• Things that can be a challenge
• Ideas for further research

• 52 Schools
• 600 iPads in first year
• Administrators
• Faculty
• Classroom 1-1
• School Based Carts

• Security
• Management/Apps
• Networking
• Lost/Stolen Devices
• Content Filtering
• Asset Management
• Configuration and Policies (BYOD)
• Bandwidth

• All district-owned devices are managed
• Greatest risk is lost or stolen devices
• Potential exposure of confidential information
• Unmanaged BYOD devices are only allowed to access the guest networks
• To access district network, device must be managed
• Important to have a written policy for faculty
BYOD

• Non-enterprise
• Apple sync cart
• Sync with single iTunes account OTA
• Both have disadvantages
• Enterprise
• Apple Configurator
• Mobile Device Management

Apple Configurator
• Apple Configurator – Lion Server
• Prepare devices
• Apply a one-time, standard configuration
• Good for faculty/staff one-time configuration
• Supervise devices
• Apply a configuration and then reapply after use
• Good for shared devices, checkout, labs, etc.
• Assign Devices
• Configure devices for a specific user and keep backups of the user’s data.
• Good for one user using multiple devices
• Disadvantages of AC
• Prepared devices are easily reconfigured by user
• Apps are tied to the computer from which they were installed, not an iTunes account
• Doesn’t communicate real-time with device

• Brings enterprise management to iOS for managing configuration, security and apps
• Apples supports third-party MDM servers
• Absolute Software
• Meraki (free)
• JAMF Casper Suite

• Mobile Device Management Server
• Over the Air Enrollment (OTA)
• Install management app OTA that establishes connection to the MDM server
• Apple Push Notification (APN)
• MDM server sends background signal to iOS device through the APN
• Maintains contact with device
• Configuration Profiles
• Push your configuration out to multiple devices

MDM
Server
Apple Push
Notification iOS Device

• Accounts
• Email, Wi-Fi, VPN, calendar systems
• Passcode Policies
• Require, complexity, age, failed attempts
• Security/Privacy
• Encryption based on passcode
• Restrictions
• Installing apps, Siri, Facetime, camera, screen capture

• Application Restrictions
• Disable YouTube, Safari, iTunes store, allow/deny specific apps
• Set ratings for music, content, podcasts
• Allow/restrict iCloud

• MDM allows querying of devices
• Device information such as iOS version, warranty, serial number, capacities
• Some MDM systems allow custom fields such as asset tag number, group, organization, etc .
• Network information
• Applications installed
• Volume Purchase Plan codes
• Plan your volume purchase/iTunes account structure

• Deploy in-house apps directly
• Send suggested apps for users to op-in
• Manage Apple Volume Purchase Program codes and distribute them based on various criteria
• Managed apps and data can be removed protecting personal data
• Prevent backups of managed app data
• Send web clips and documents to users

• Issue remote lock
• Send message to device
• Remove configuration profiles
• Reset lost/forgotten passcodes
• Locate device on map*
• Remote wipe

• Assign devices to groups for management
• Monitor network access by IP
• Smart reports

• For faculty/staff devices, require complex passcodes
• Enable erase data
• Do not store open passcodes – use an app like
Keypass or others to store passwords
• Enable Safari security
• Limit location services
• Enable encryption where possible

• Restrict bandwidth on guest networks
• All unmanaged devices connect only through guest
• All student-owned devices connect only through guest
• BYOD and mobiles have not had a huge impact
• Large high school with 800+ BYOD connections resulted in a +4mb bandwidth use

• Set up Apple Volume Purchase
• For few iPads that don’t go home, iTunes management
• If you don’t want continuous management,
Apple Configurator
• For large deployments, MDM brings enterprise management
• Deploy and image with Apple Configurator
• Manage with MDM

• Apple
• Mobile Device Management
• Apple Configurator
• http://www.apple.com/education/resources/informationtechnology.html
• Absolute Software
• Mobile Device Manager
• BYOD Whitepaper
• Meraki
• Systems manager
• JAMF Casper Suite