Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
iPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District [email protected] Our Session Today • Not technical Apple – iOS devices • Managing all those iPads • Things to consider • Things that can be a challenge • Ideas for further research Rapides Parish School District • 52 Schools • 600 iPads in first year • Administrators • Faculty • Classroom 1-1 • School Based Carts Topics for today… • Security • Management/Apps • Networking • Lost/Stolen Devices • Content Filtering • Asset Management • Configuration and Policies (BYOD) • Bandwidth Policy & Faculty BYOD • All district-owned devices are managed • Greatest risk is lost or stolen devices • Potential exposure of confidential information • Unmanaged BYOD devices are only allowed to access the guest networks • To access district network, device must be managed • Important to have a written policy for faculty BYOD So how can we manage mobile devices? • Non-enterprise • Apple sync cart • Sync with single iTunes account OTA • Both have disadvantages • Enterprise • Apple Configurator • Mobile Device Management Apple Configurator • Apple Configurator – Lion Server • Prepare devices • Apply a one-time, standard configuration • Good for faculty/staff one-time configuration • Supervise devices • Apply a configuration and then reapply after use • Good for shared devices, checkout, labs, etc. • Assign Devices • Configure devices for a specific user and keep backups of the user’s data. • Good for one user using multiple devices • Disadvantages of AC • Prepared devices are easily reconfigured by user • Apps are tied to the computer from which they were installed, not an iTunes account • Doesn’t communicate real-time with device Mobile Device Management (MDM) • Brings enterprise management to iOS for managing configuration, security and apps • Apples supports third-party MDM servers • Absolute Software • Meraki (free) • JAMF Casper Suite Mobile Device Management • Mobile Device Management Server • Over the Air Enrollment (OTA) • Install management app OTA that establishes connection to the MDM server • Apple Push Notification (APN) • MDM server sends background signal to iOS device through the APN • Maintains contact with device • Configuration Profiles • Push your configuration out to multiple devices MDM Process MDM Server Apple Push Notification iOS Device Configuration Profiles • Accounts • Email, Wi-Fi, VPN, calendar systems • Passcode Policies • Require, complexity, age, failed attempts • Security/Privacy • Encryption based on passcode • Restrictions • Installing apps, Siri, Facetime, camera, screen capture More Configurable Options • Application Restrictions • Disable YouTube, Safari, iTunes store, allow/deny specific apps • Set ratings for music, content, podcasts • Allow/restrict iCloud Asset Management • MDM allows querying of devices • Device information such as iOS version, warranty, serial number, capacities • Some MDM systems allow custom fields such as asset tag number, group, organization, etc. • Network information • Applications installed • Volume Purchase Plan codes • Plan your volume purchase/iTunes account structure App & Data Management • Deploy in-house apps directly • Send suggested apps for users to op-in • Manage Apple Volume Purchase Program codes and distribute them based on various criteria • Managed apps and data can be removed protecting personal data • Prevent backups of managed app data • Send web clips and documents to users Lost or Stolen Devices • Issue remote lock • Send message to device • Remove configuration profiles • Reset lost/forgotten passcodes • Locate device on map* • Remote wipe Other Management • Assign devices to groups for management • Monitor network access by IP • Smart reports Security Considerations • For faculty/staff devices, require complex passcodes • Enable erase data • Do not store open passcodes – use an app like Keypass or others to store passwords • Enable Safari security • Limit location services • Enable encryption where possible Bandwidth • Restrict bandwidth on guest networks • All unmanaged devices connect only through guest • All student-owned devices connect only through guest • BYOD and mobiles have not had a huge impact • Large high school with 800+ BYOD connections resulted in a +4mb bandwidth use Recommendations • Set up Apple Volume Purchase • For few iPads that don’t go home, iTunes management • If you don’t want continuous management, Apple Configurator • For large deployments, MDM brings enterprise management • Deploy and image with Apple Configurator • Manage with MDM Resources • Apple • Mobile Device Management • Apple Configurator • http://www.apple.com/education/resources/informationtechnology.html • Absolute Software • Mobile Device Manager • BYOD Whitepaper • Meraki • Systems manager • JAMF Casper Suite