The document discusses Square, an expert in global Apple deployments. It outlines their challenge of deploying and managing over 200 Macs across 6 locations in 3 continents with only 2 support specialists. Key considerations for the deployment included choosing servers for the JSS and distribution points, JSS setup, security, package replication, and imaging processes. Possible imaging workflows like pre-stage, quickadd, and custom quickadd are described. Next steps mentioned involve cloud storage and VM environment integration.

1. THE EXPERTS IN GLOBAL APPLE DEPLOYMENT
UK • USA • AUSTRALIA • SINGAPORE
www.square-i.net

3. Normalizing a Worldwide Apple Deployment
Paul Gibbons & Emmanuel Gomez

5. About us...

6. Midlands
High Wycombe
London

7. United Kingdom
USA
Singapore
Australia

9. What is Square?

10. What is Square?
‣ Apple Premium Reseller in the UK

11. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)

12. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
‣ Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)

13. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
‣ Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
‣ International Apple Support Centres

14. What is Square?
‣ Apple Premium Reseller in the UK
‣ Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
‣ Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
‣ International Apple Support Centres
‣ 42 Square Design & Marketing Communications

16. The Challenge

17. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?

18. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
‣ Only 2 Mac Support specialists based in London and New York

19. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
‣ Only 2 Mac Support specialists based in London and New York
‣ Being able to work with and re-purpose existing ‘standard’ packages

20. The Challenge
How does the world’s largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
‣ Only 2 Mac Support specialists based in London and New York
‣ Being able to work with and re-purpose existing ‘standard’ packages
‣ 6 locations in 3 Continents - Distributing the Distribution Points!

22. Considerations

23. Considerations
‣ Choice of the Server for the JSS

24. Considerations
‣ Choice of the Server for the JSS
‣ Choice of the Server for the Distribution Point

25. Considerations
‣ Choice of the Server for the JSS
‣ Choice of the Server for the Distribution Point
‣ JSS setup

26. Considerations
‣ Choice of the Server for the JSS
‣ Choice of the Server for the Distribution Point
‣ JSS setup
‣ Security

27. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point
‣ JSS setup
‣ Security

28. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point ‣ Replication servers
‣ JSS setup
‣ Security

29. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point ‣ Replication servers
‣ JSS setup ‣ Imaging Process
‣ Security

30. Considerations
‣ Choice of the Server for the JSS ‣ Package Replication
‣ Choice of the Server for the Distribution Point ‣ Replication servers
‣ JSS setup ‣ Imaging Process
‣ Security ‣ What is Next? (In few words)

32. Choice of the Server for the JSS

33. Choice of the Server for the JSS
‣ Cloud

34. Choice of the Server for the JSS
‣ Cloud
‣ Windows

35. Choice of the Server for the JSS
‣ Cloud
‣ Windows
‣ Red Had Enterprise Linux

36. Choice of the Server for the JSS
‣ Cloud
‣ Windows
‣ Red Had Enterprise Linux
‣ Mac OS X

38. Choice of the Server for the DP

39. Choice of the Server for the DP
‣ Mac OS X

40. Choice of the Server for the DP
‣ Mac OS X
‣ Windows

41. Choice of the Server for the DP
‣ Mac OS X
‣ Windows
‣ Red Had Enterprise Linux / CentOS

42. Choice of the Server for the DP
‣ Mac OS X
‣ Windows
‣ Red Had Enterprise Linux / CentOS
‣ NAS Drives

44. JSS setup

45. jsscasper.mycomp.com
Mobile Devices and Computers Checking in from home or wireless hotspots

47. Network Setup

48. Network Setup
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore

49. Network Setup
‣ Casper servers are clustered
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore

50. Network Setup
‣ Casper servers are clustered
‣ Outside the LAN, managed devices
will check in from the dmz
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore

51. Network Setup
‣ Casper servers are clustered ‣ Only one port transits from DMZ to LAN 3306
(MySQL)
‣ Outside the LAN, managed devices
will check in from the dmz
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore

52. Network Setup
‣ Casper servers are clustered ‣ Only one port transits from DMZ to LAN 3306
(MySQL)
‣ Outside the LAN, managed devices
will check in from the dmz ‣ Change of the JSS database password
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore

54. How do you do that?

55. How do you do that?
https://jamfnation.jamfsoftware.com/article.html?id=174

56. How do you do that?

58. * subject to changes
JSS seen from the Public jsscasper.mycomp.com JSS seen from the Private jsscasper.mycomp.com

60. Replication server and package replication

61. *
*

62. Madrid Helsinki Munich Singapore London Edu
London
*
*
Paris Amsterdam NY Santa Fe Hong Kong
*
Netboot AFP sharepoint * Not available anymore

64. How do you do that?

65. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel

66. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'

67. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
rsync via ssh tunnel

68. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
rsync via ssh tunnel
#rsync -avrpogz --delete -e ssh root@myjssserver:"Source" "Destination" >>yourlogfile

70. Imaging Process

72. Possible Workflow with Pre-Stage

73. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging

74. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots

75. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
Computer is automatically imaged

76. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
Computer is automatically imaged
Computer is ready to be given to the end user

78. Possible Workflow with QuickAdd

79. Possible Workflow with QuickAdd
Computer is given to the end user

80. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed

81. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
Computer is added to the inventory

82. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
Computer is added to the inventory
The policies are triggered automatically according to the network segment

84. Possible Workflow with Customised QuickAdd

85. Possible Workflow with Customised QuickAdd
Computer is given to the end user

86. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed

87. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information

88. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
Computer is added to the inventory

89. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
Computer is added to the inventory
The policies are triggered automatically according to the Extended attributes set by the user.

91. QuickAdd
cocoaDialog postflight script
Customised QuickAdd

93. What is Next?

94. What is Next?
Cloud Storage integration

95. What is Next?
Cloud Storage integration
VM Environment integration

97. Paul Gibbons
paul@squaregroup.co.uk
Emmanuel Gomez Verardo
emmanuel.gomez@squaregroup.co.uk
www.square-i.net @squaregroup