Parallels is known for running Windows in a virtual environment on your Mac. It is the premiere software program for doing this. They also have another product – an SCCM plugin that allows for Mac management with SCCM. Detailed information, white papers, and contact information can be found here.
The primary advantage of using the Parallels plugin over native SCCM management is that a PKI environment is not needed. All of the traffic goes over HTTP. As SCCM administrators know, a PKI environment can be very involved and expensive, and is really only required to manage clients across the Internet. The plug-in also provides all of the same software inventory and deployment for SCCM. With the plugin, packages and applications can be deployed to Mac OS X.
The second major advantage of using the plugin is operating system deployment. With the plugin, administrators can image Mac’s just like they do PC’s. In its current release, this can only be achieved with thick images. You cannot layer packages or applications on top of a base image. This will be changing in a future release of Parallels. Parallels also brings in the Netboot protocol, so Mac’s can be booted over the network in a similar fashion to PXE.
Another great advantage is that all of the management from SCCM looks exactly like the management for PC’s, so administrators do not have to learn a new system. Deploying packages, creating collections, etc all looks the same whether you have a Mac or PC.
With the introduction of 10.9, administrators have the ability to deploy management profiles to Mac’s that set things like password length, Dock applications, and network settings. These are similar to Apple’s default configuration profiles. These are set by using SCCM’s configuration items and baselines.
Another option added under Compliance Settings is the ability to enable FileVault encryption. The further extends SCCM management of OS X, because SCCM can enable BitLocker for PC’s.
As stated above, the Parallels add-on allows administrators to deploy configuration profiles to OS X. These configuration profiles work in a similar fashion to Group Policy, though they are not as granular as administrators can get with a GPO.
The “General” settings allow you specify a description and context of the profile. You can also define when, if at all, a profile can be removed. There are three options – always, with authorization, and never. The “Always” option allows the end user to remove the profile whenever he/she wants. The “With Authorization” allows the end user to remove it with authorization of an administrator. The “Never” option doesn’t allow the end user to ever remove the profile. The other available option is to remove the profile after a given period of time. This box also has three optrions. The first one is never, meaning that the profile will never be removed. The second option is “On Date”, which will expire the profile on a given date. The third option is “After Interval”, which will expire the profile after a given number of days.
The “Password” settings are self-explanatory. Administrators can specify complexity, age, and reuse option, just to name a few. Some of these options are for iOS devices only, but those are noted on the screen.
Next we’ll skip ahead to Dock. Here, administrators can define settings for the Dock. Administrators can pre-define dock settings for users. These settings can be changed on the end user’s computer, as long as you keep the “Merge with User’s Dock” box checked.
I am also going to skip over Contacts and Calendars. The next section is Network. Administrators can use this section to pre-define a corporate WiFi network with all of the correct security settings. This can greatly simplify set up after a computer is built. Multiple networks (or “Payloads”) can be added here.
Next, the “Certificate” section allows administrators to add certificates to the device for communication on the network. Administrators can upload the certificate to the policy and provide the passphrase for access.
Finally, the “Security and Privacy” settings define two settings. The first is whether or not diagnostic data is sent to Apple. The second item defines whether or not users can override Gatekeeper settings.
I hope this is good introduction to the Parallels SCCM plug-in. Come back next week for deploying packages and operating systems.