iPads Everywhere!
Download
Report
Transcript iPads Everywhere!
iPads Everywhere!
Management Considerations for the Enterprise
Bill Morrison
Director of Technology, Rapides Parish School District
[email protected]
Our Session Today
• Not technical Apple – iOS devices
• Managing all those iPads
• Things to consider
• Things that can be a challenge
• Ideas for further research
Rapides Parish School District
• 52 Schools
• 600 iPads in first year
• Administrators
• Faculty
• Classroom 1-1
• School Based Carts
Topics for today…
• Security
• Management/Apps
• Networking
• Lost/Stolen Devices
• Content Filtering
• Asset Management
• Configuration and Policies (BYOD)
• Bandwidth
Policy & Faculty BYOD
• All district-owned devices are managed
• Greatest risk is lost or stolen devices
• Potential exposure of confidential information
• Unmanaged BYOD devices are only allowed to
access the guest networks
• To access district network, device must be
managed
• Important to have a written policy for faculty
BYOD
So how can we manage mobile
devices?
• Non-enterprise
• Apple sync cart
• Sync with single iTunes account OTA
• Both have disadvantages
• Enterprise
• Apple Configurator
• Mobile Device Management
Apple Configurator
• Apple Configurator – Lion Server
• Prepare devices
• Apply a one-time, standard configuration
• Good for faculty/staff one-time configuration
• Supervise devices
• Apply a configuration and then reapply after use
• Good for shared devices, checkout, labs, etc.
• Assign Devices
• Configure devices for a specific user and keep backups of the user’s
data.
• Good for one user using multiple devices
• Disadvantages of AC
• Prepared devices are easily reconfigured by user
• Apps are tied to the computer from which they were installed, not
an iTunes account
• Doesn’t communicate real-time with device
Mobile Device Management
(MDM)
• Brings enterprise management to iOS for
managing configuration, security and apps
• Apples supports third-party MDM servers
• Absolute Software
• Meraki (free)
• JAMF Casper Suite
Mobile Device Management
• Mobile Device Management Server
• Over the Air Enrollment (OTA)
• Install management app OTA that establishes
connection to the MDM server
• Apple Push Notification (APN)
• MDM server sends background signal to iOS
device through the APN
• Maintains contact with device
• Configuration Profiles
• Push your configuration out to multiple devices
MDM Process
MDM
Server
Apple Push
Notification
iOS Device
Configuration Profiles
• Accounts
• Email, Wi-Fi, VPN, calendar systems
• Passcode Policies
• Require, complexity, age, failed attempts
• Security/Privacy
• Encryption based on passcode
• Restrictions
• Installing apps, Siri, Facetime, camera, screen
capture
More Configurable Options
• Application Restrictions
• Disable YouTube, Safari, iTunes store,
allow/deny specific apps
• Set ratings for music, content, podcasts
• Allow/restrict iCloud
Asset Management
• MDM allows querying of devices
• Device information such as iOS version,
warranty, serial number, capacities
• Some MDM systems allow custom fields such as
asset tag number, group, organization, etc.
• Network information
• Applications installed
• Volume Purchase Plan codes
• Plan your volume purchase/iTunes account
structure
App & Data Management
• Deploy in-house apps directly
• Send suggested apps for users to op-in
• Manage Apple Volume Purchase Program codes
and distribute them based on various criteria
• Managed apps and data can be removed
protecting personal data
• Prevent backups of managed app data
• Send web clips and documents to users
Lost or Stolen Devices
• Issue remote lock
• Send message to device
• Remove configuration profiles
• Reset lost/forgotten passcodes
• Locate device on map*
• Remote wipe
Other Management
• Assign devices to groups for management
• Monitor network access by IP
• Smart reports
Security Considerations
• For faculty/staff devices, require complex
passcodes
• Enable erase data
• Do not store open passcodes – use an app like
Keypass or others to store passwords
• Enable Safari security
• Limit location services
• Enable encryption where possible
Bandwidth
• Restrict bandwidth on guest networks
• All unmanaged devices connect only through guest
• All student-owned devices connect only through guest
• BYOD and mobiles have not had a huge impact
• Large high school with 800+ BYOD connections
resulted in a +4mb bandwidth use
Recommendations
• Set up Apple Volume Purchase
• For few iPads that don’t go home, iTunes
management
• If you don’t want continuous management,
Apple Configurator
• For large deployments, MDM brings enterprise
management
• Deploy and image with Apple Configurator
• Manage with MDM
Resources
• Apple
• Mobile Device Management
• Apple Configurator
• http://www.apple.com/education/resources/informationtechnology.html
• Absolute Software
• Mobile Device Manager
• BYOD Whitepaper
• Meraki
• Systems manager
• JAMF Casper Suite