MacEnterprise, and Behind the Macs at Yale
Volume Number: 22 (2006)
Issue Number: 2
Column Tag: Interview
In The Trenches
MacEnterprise, and Behind the Macs at Yale
by Schoun P. Regan
Interviewing Philip Rinehart: I spoke with Philip over the phone somewhere in the swamps of Jersey (with apologies to Bruce Springsteen). Philip Rinehart is co-chair of the steering committee leading the Mac OS X Enterprise Project (macenterprise.org) and manages Macs as a support specialist at Yale University.
Schoun Regan: Tell me about your job.
Philip Rinehart: I support the Macintosh computers that students use and whatever software and is on them. I'm responsible for the care and feeding of them if you will so that anyone can sit down at the box with a relative degree of confidence that one, it will work, and two, that it will be secure.
SR: What about MacEnterprise?
PR: The goal of the project is for Mac IT professionals to communicate and share information relating to the deployment of Macs in the enterprise and really talk about what it means to drop it into an Active Directory environment or a Netware environment. It's a pool of knowledge...that fosters collaboration between MacIT professionals.
SR: Is it primarily education based?
PR: It started out as...primarily education based...but we're trying to get more enterprise involved. Part of it is that enterprise does not have large Mac deployments relative to education, and typically people who are doing these sorts of things keep their heads down and stay off the radar so they don't get hammered for running Macs. People are posting from all sorts of businesses and we are trying to allow a way for them to communicate.
SR: This gives your more clout as a group with Apple when an issue arises.
PR: That's precisely it. One of the things we want to launch is a bug tracking database which allows people to do the "me too" factor. For example if I post a bug about launchd...then others can chime in. So then a problem that affects me with only $x million in Macs now affects more than $25 million. It means a lot more to Apple Marketing.
SR: The collaboration is really the key
PR: Exactly. This then becomes a priority one instead of a priority five.
SR: How would one join MacEnterprise?
PR: Anybody is welcome. You can have a deployment as small as 10 or as large as 10,000, we pretty much don't care. To a certain extent, if you think about it, the difference between 10 and 10,000 isn't as large as one might think. The issues are essentially the same. We like to get the smaller folks in because it gives them a voice, which they may not otherwise have.
SR: Let's talk tech for a moment. What's the easiest way to shoot an image out back to other Macs?
PR: Use...either command line asr...or Mike Bombich's NetRestore. They use a disk image and they bump it down to the drive.
SR: So I know on a PC using Ghost from Symantec, the way the license fees are structured, it's horrible in my opinion. And Apple's?
PR: As long as you own the operating system and have a site license, you can do what you want. Now that asr is part of the OS, it does not cost you a penny.
SR: What about Radmind?
PR: I'm a user of it myself. Let's say you have an asr image from six months ago, you can take that image and make some changes, test it, and roll back if necessary to that perfect machine state.
SR: Bingo. The word for today is Rollback.
PR: And that to me is the biggest power of Radmind. If you screw something up, you can roll back to the perfect image.
SR: C'mon, your users never screw something up.
PR: (Laughs out loud for a long time) Riiiiiiiiiight.
SR: What scripting language is used by most of the group?
PR: Shell
SR: AppleScript?
PR: That too. The combination of the two and Automater is exciting. I think Automater has the potential to do some very cool things.
SR: And scripting for you personally?
PR: I'm a huge Python fan. I used to use PERL but now I love Python.
SR: So what do you say to the high school teacher who wants to lock down the computers for their students? Do they need to know the command line?
PR: There are two ways off the top of my head. If you are using some sort of non-directory setup, you can use the Parental Controls. The better way to do this would be using a directory structure like Open Directory, which allows much more flexability on controls.
SR: If Apple were to call you up and say, "Philip, what one thing can we change on Mac OS X Server to make it better?"
PR: Take Workgroup Manager and give it a complete overhaul. Since half my life is spent in Windows, directory management is a lot easier to use than Workgroup Manager. There are some paradigms that just don't work. Delegated OUs. I've seen articles on AFP548 and Michael (Bartosh) has sent me information on this. I think they (Apple) have made it better but...want more flexibility.
SR: Same question on Client.
PR: Hmmmmmmmm. I would like to see an integrated groupware solution. I think the Outlook interface went out about 10 years ago. I think Apple could take their designers and come up with an excellent interface for it. Mail, iCal, Address Book are nice, but it needs to be better integrated.
SR: What about Windows Server?
PR: That's a tough one. (Pauses) If Apple had better policy based management. Leverage institutional policies and group policies.
SR: How would you walk into a Windows based company and sell them on Macs for their desktop machines. Convince them to swap their Windows desktops with Mac desktops.
PR: To me, it's TCO. It's much lower on the Mac side.
SR: Why?
PR: Initial cost might be more but continued support will be lower. I know that licensing comes into play too. One of the other things I think about is the virus/malware/adware problem. The cost of buying and supporting the software to rid yourself of these problems, costs money. Those costs are not looked at is direct costs, and they should be. You will likely buy Windows Server and now you have more licenses.
SR: I think what happens sometimes is that software purchasing after the fact is not rolled into the initial cost. If IT managers can swoon over low computers prices, then once they arrive, the "I need this and this and this" is now too expensive NOT to implement, because the computers are already there.
SR: Last question. What are your top five favorite movies? Movies that you could watch over and over and over again. No order is necessary, just the top five.
PR: This is tough (laughs): The Third Man, Citizen Cane, Rushmore, Midnight Cowboy, Apocalypse Now.
SR: Philip, thanks very much for speaking with us.
PR: No problem Schoun.
Vital Stats
Years in IT industry : 9
Spoke at Macworld 2004
Information: Philip Rinehart is co-chair of the steering committee leading the Mac OS X Enterprise Project (macenterprise.org) and manages Macs as a support specialist at Yale University. He has been using Macintosh Computers since the days of the Macintosh SE, and Mac OS X since its Developer Preview Release. He presented on OS X security at MacWorld 2004, and is an active member of the Mac OS X Lab project. He has contributed to many areas of the project. Before coming to Yale, he worked as a Unix system administrator for a dot-com company.
Computers: All flavors
Programming Languages: Shell Scripting, AppleScript
Schoun P. Regan is CEO of ITInstruction.com, which specializes in Mac OS X training and consulting. He speaks regularly to CEOs and CFOs on how to control IT department spending, the myths surrounding cross-platform integration, and the lunacy of expected lost revenue stemming from a culture bred to tolerate IT staff and operating system inadequacies as "normal". He seeks to change self-fulfilling IT departments that breed complacency for their jobs and contempt for the end user, neither of which are conducive to business.
