On 4/6/2012 11:26 AM, Tim Kirby wrote:
Much to my surprise and contrary to many years of prior stance
to the contrary, a "fast track" project has appeared at $WORK
with a view to "supporting" Mac laptops as an alternative to
the Dell windows systems - certain area, in particular in
engineering, have seen a proliferation of people bringing in
their own systems and I guess there's a sense that the powers
that be would rather provide and support $WORK owned machines
than have a network full of home boxes. Things such as cost
and the like are understood and will be factored in so when
managers sign up for employees to have such machines they will
know the impact on their budget...
The more interesting aspect is what constitutes "support";
the windows guys perspective they wax lyrical about group
policies, imaging systems etc. etc. ... which leads me to
ask whether any of this body have any useful experience in
"managing" such machines. I'm open to pointers to useful
resources, but I'm particularly interested in anyone who is
actually "doing" this at some level.
And offline responses are fine if you don't want to admit
to it in public :)
There is an alternative... You could continue to treat them as untrusted
but provide resources. For instance, a firewall with VPN that separates
the machines from your stuff, but provides sufficient access would work.
You might take a look at Palo Alto which has a Global Protect client for
Mac, PC and other that allows certain amounts of management on the
client side (particularly with PC and Mac, not so much with others).
They also have anti-virus definitions which automatically update and
botnet detection subscription services to help you isolate malware
built-in to the firewall, which gives them a leg up on a lot of the
multi-appliance alternatives. They cost a bit more, to be sure, but the
integrated protections and flexible policy management make them worthy
of a look.
I think, no matter how much management you want to do on user machines,
the fact is that you're going to want a firewall anyway, and if you plan
for it from the beginning, it might allow you to consider the least
amount of management possible that still meets your organizational goals.
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
