My head is full of random thoughts and generally useless tidbits of information. I figure I just as well share them with the rest of the world...
Oct 31, 2014
Oct 29, 2014
I wished for more... Review of "As You Wish..." #review #audiobook #theprincessbride
I know I posted earlier on facebook about having purchased this audiobook, but seriously, if you are even a casual fan of "The Princess Bride," this audiobook is well worth the listen. With cameo audio from the likes of Rob Reiner, Billy Crystal, and a host of others, this story of the endurance of the film will make you laugh out loud at some parts, provides a few "ahhhs" in others, and will bring a tear to your eye when you least expect it.
Cary Elwes does a wonderful job of taking us through casting, rehearsal, filming, wrapping, and the aftermath of the movie that has truly become one of the all-time gems of filmmaking.
I laughed at loud at his very concise rehash of the story itself for those folks who have not seen it, as I did at the apology which followed (or perhaps there was an apology on both ends, which is most likely the case).
The book itself is a little over 7 hours long, but it passes quickly. It passes too quickly, in fact. It is one of those great pieces that pulls you in and gives you a driver's view of what it's like to make a movie. More than that, though, it really delves very deeply into the human side, the actor side, of the process and the lives going on inside and outside of the film itself.
There are wonderful tales of meeting Andre the Giant, working with Billy Crystal as Miracle Max, and of swordfights and hilts to the head (Yes, hiLts - the L is intentional).
I grew up watching many of the folks in the movie (or connected to it, as in the case of Reiner), so it was a true peek into their world for me. I remember going to wrestling matches as a kid with my brother and father to see Andre. Getting to know him as a person, not just a persona, was pure magic as Elwes delivered various lines and recalled a slew of escapades involving the gentle giant.
It is quite evident that Elwes loved Robin Wright, perhaps quite literally. She used the term "smitten" when referring to her feelings toward Cary. Of course, how can you be a heterosexual male and NOT have fallen for Wright? I submit it would be impossible, certainly inconceivable.
My only real knock of the book is the use of some of the cameo quotes. I have not read the print version, so I don't know how (or if, for that matter) those appear in the book. But, sometimes, the other actors seem to be doting on Elwes and his acting, etc, even when the context didn't quite seem to fit. Carol Kane, for example, has several quotes in which she is simply talking about how great Cary was even when Cary, himself, was discussing a particular scene or offscreen tale. It was a bit weird, really.
But, even with that, as minor as it is, I couldn't help but be sucked in. It was very much like pulling back the curtain on the wizard. And yet, instead of revealing some little man pulling a trick, it was like being allowed to see how a magician performs just the sleightest of hand. I was pulled fully and totally into an adventure about a story about adventure being made into a movie about adventure. In a way, it was like "Inception" for "The Princess Bride" movie lovers.
In the end, the final kiss goodbye comes much too soon. Sure, everything comes together nicely and cleanly, but when the final words were spoken (by Norman Lear as part of the Epilogue), I longed for more. I can't imagine what else there would be to say, but I just didn't want it to end.
I suppose, in my own way, it was like the final scene in which Buttercup and Westley kiss. That is, during the filming, neither of the actors seemed to have wanted the scene to end (you will understand when you listen). In fact, when the Audible.com tag came on, I actually said aloud, "That's the end!? Inconceivable!"
Get the book here:
https://itunes.apple.com/us/audiobook/as-you-wish-inconceivable/id923070225
Oct 28, 2014
#StudentGPS #ArkEd StudentGPS Dashboard Training for SysAdmins
Why I am attending:
Since I support area school technology coordinators, my boss suggested I sit in on this to see what they were being taught and to get a refresher on the StudentGPS Dashboards rolling out to schools across Arkansas. Also covers ASIS: Arkansas Student Intervention System.
What we learned:
Intro
Training Model
Features
Security and User Access
Dashboard Support
Support Resources
ASIS Overview
Questions
Initially called "EdFi"
Developed by Michael and Susan Dell Foundation
Uses ADE existing systems
Provides timely information for educators and student data-driven decision-making
6 Performance Categories
Fully customizable, stakeholder input on front end to refine what AR educators want
Data comes from eSchool, AELS, SIS, CCMS
Video played as an overview of the dashboards.
Train-the-Trainer Approach: Co-op > District > Building > Teacher
Trainer Roles and Responsibilities laid out for the attendees.
System is optional, but can prove to be helpful in fulfilling some of the requirements placed on educators.
ADE will handle login issues, handouts, etc.
Attendees presented with a variety of screenshot overviews of a student's dashboard sample with list of items presented.
Admins can upload student photos (in a zip, by building). Can replace photos as needed/desired.
Supports multiple system administrators for the StudentGPS system.
System is updated nightly from other student info (eSchool, etc)
Requirements:
- MOU from Supt
- Ed-Fi Manager Form
-Establish Administrator
-- Escalates tech support issues
-- Resolve data anomalies
-- Create StudentGPS email address to capture tech support
-- Place users in AD
- Offer training
Dashboard Security and User Access
FERPA-compliant login, based on where user is assigned and what role has been given to individual user(s). Local access designation determined by district/building admins.
Attendees shown various roles pertaining to the system (not enumerated in this post).
System admins have added abilities for system-wide features. District admins have abilities for district-wide features.
Attendees taken to an edfi demo site and walked through various aspects of system administration (again, not enumerated in this post).
Attendees shown support overview (District > ADE > DLP)
-- District verifies data between system and eSchool
-- District must set up a generic email for ticket submission
Two roles are System Admin and Data Steward. System Admin has access to everything. Data steward serves as a backup to that person (verification of data, mainly).
Discussion/slide regarding Identifying and resolving data anomalies. Examples (enrollment numbers, student incorrectly tagged (SPED), features not working, etc
Examples of errors/issues and what should/would be done in terms of troubleshooting and/or submitting a ticket.
Should work on all browsers and all platforms.
Q&A - Will the functions of HIVE and QuickLooks be replicated? Possibly, but no ETA as of this writing.
ASIS: Arkansas Student Intervention System (AIP, IRI, SARS)
- Free intervention system for AR schools.
- Populates to StudentGPS
- Print-to-PDF for signatures
- Can create templates
- Anywhere access
- Revision history
Oct 26, 2014
Oct 24, 2014
Oct 23, 2014
#jnuc #jamf 10/23 - Casper Focus in the Enterprise
Why I picked this:
Interested to see how Focus could be used in a non-educational environment. As it turned out, the district with whom I was traveling experienced a Focus problem as we waited for this session. The local JAMF folks on site had never seen the problem nor could solve it. Turns out the school tech coord was able to narrow the problem down to a class size greater than 20 devices will not release focus on the teacher app. Turns out 8.0.2 and 8.1 both crash the Focus App. The tech will have to submit a ticket to support.
What was covered:
(Note, my battery was nearing its end during this session. If it is incomplete, I may attempt to fill in the blanks at some point)
EventBoard App
- Conference Room Schedule display
-- Needed to be physically secured
-- Interactively secured (App Lock)
Crestron AV Automation app
- Works with existing crestron environment
- Physically secure
- limited mobility as an option
- interactively secured
ArmorAcive's iPad Enclosure
AppLock
- Apple Configurator - enable supervision, enable profiles, etc.
-- Requires physical connection
- Casper Focus
-- Enable OTA focus
-- Only need iOS device
Created classrooms. Field service techs as 'teachers' in the classroom for working on the devices.
Push app through MDM so you can select the device/app
Apple Deployment Program
- pre-stage enrollment
-- with supervision
- create smart groups
-- wireless settings, apps installs, etc
- scope class to mobile device group
This is handy for posting the ipads outside conference rooms and push the conference information for the appropriate rooms so participants know which room/session they are walking into.
Q&A
How do you designate info for each ipad? In AD, etc? User info in AD for each room.
Other use cases? Tom Larkin may have seen them.
Could Sites have been used? Perhaps, but easier to set it up with AD info.
#jnuc #jamf 10/23 - Avoid Gotchas of Enterprise Cloud Dist in Education
Why I chose this:
Education-specific sessions are few and far between, so I picked this one.
What was covered:
Statewide hosted solution with every higher ed institution in the NC system under a single Casper instance.
17 schools plus UNC general admin system.
How can they leverage the system to allow common operation across all systems?
Right Time
Decreased budgets
Taste for streamlined licensing
Desire to not reinvent the wheel (shared packages, etc)
Increased demand for Mac and iOS
VPP and DEP
UNC System handles AD, LDAP, packages, etc.
Use Sites for each school so folks aren't stepping on each other's toes.
Hosted JSS and local JDS
- Best of speed and cost
- Auto sync of the JDS
- Someone else (mostly) does infrastructure
- Allows smaller groups/institutions easy scaling
- Each group maintains security via LDAPS
Admin team does very little work, then hands-off. Can be done on group-level (ex: School of Journalism) as opposed to ONLY the school at large.
The Good
- It works!!
- Shared work packaging and scripting
- Read-only policies for examples
- Communities form group help/Crowdsourcing - need a peer-review system for vetting
Challenging
- Migration from local Casper to Shared Cloud
-- Take time to clean up JSS.
-- Rebuild the JSS
- Web-only interface (takes time getting used to it)
- Casper Admin limited to read-only (take away delete permission wholesale, can change things)
- Politics of LDAP/AD access (run through governance body at university level; takes time to work through admins etc. Help them understand - https, read-only, which ports, etc)
- Technical details of secure LDAP/AD access (self-sign certs, where is root, etc)
- Packages without licenses (who is responsible for licensing? Spell it out. Make sure you have rights to share, etc)
- Change management - get into logs, check details
- Political policies to promote good neighbors (shared section, so had to set/enforce naming conventions with packages and scripts, etc.)
- Shared GSX and APN accounts (who has it? Who is logging in to check? That is global in JSS, not a site setting)
- Disk encryptions are not site specific. Make sure security folks understand it is a shared model
The Bad
- No concept of site for: Categories, packages, scripts, printers, directory bindings, dock items, configurations, and self service plugins. Must plan scope of work, naming, etc.
- Network segment collisions (NAT, subnets, etc)
- Needed prefixes to avoid confusion (naming conventions)
- SCCM Plugin not support (*multiple SCCM could be supported, but who rules the roost on that one!?)
The Cost to Join
- 10 Licenses for either OSX or iOS devices to have their own Casper Site Setup
- Secure (ldaps) access to supported directory site for group of Casper Site Admins
- Firewall changes (443, 636)
- Internal Netboot and/or SUS servers (not provided, must be local)
- Internal JDS (optional, but recommended)
- JAMF training (optional, but recommended)
- Can request packaging rights (create a Directory Service group, which would be added)
- Can request to member of UWCA (Admin) team
- Can request access to APIs
Q&A
How many sites and who are site admins? 41 sites/subsites, don't care who the local admin is so it varies. Purchasing dept adds admin(s) to directory service group.
Packages: Sites can upload packages. Cannot delete packages without requesting from the overall admin.
Security info stored in JDS. Each institution evaluates what they can/cannot store in the cloud.
How about non-Apple devices? At certain sites, use SCCM locally. Not big demand for Android support. Planning for future implementation. Right now, polices and best practices.
Created a template license and got it approved by Attorney General for use among all participating entities.
Easier for schools to come on because they are not installing all the backend.
Helpful to set up a 'kick the tires' account for schools to test the system and see if they want to join.
Oct 22, 2014
#jnuc #jamf 10/22 - Small and Medium Rollouts (Bushel)
Preparing for the Bushel preso |
Why I chose this session:
I originally chose this because it looked like something that might apply to me at the education service center. During the keynote, JAMF revealed a new program called "Bushel" that is targeted at small-to-medium businesses with an easier to use (read, fewer features and/or less access to advanced features). I am very interested to see how I might leverage this new program.
What I learned:
Enterprise Tools - lots of features; useful, help users, etc.
What about smaller business? Need a "playground" with someone else to monitor. Small biz generally does not have the monitor. Shadow IT? Maybe, but can lack time, budget.
What if MDM was simple? Centrally managed, didn't need IT assistance hands-on all the time Compliance?
Bushel is new product. For persons whose primary function is not IT but has hands in IT.
Bushel does NOT need:
- Jumpstart, training, VPP Codes, scripts, imaging, packages, user accounts...
Bushel - free for 3 devices forever. After that $2/device/month. Hosted system.
Steps to walk through Push Certificates. Download cert, handoff to bushel. Set up devices.
Various settings to push out (Security, Email, Apps (Managed VPP), invite users, Devices (Various enrollment scenarios)
Devices can show status, perform various actions (remove passcode, lock device, wipe, remove corporate data, unenroll device)
Live Chat support available at all times, globally
User gets device, walks through setup, device gets enrolled and configured.
Very simple, straight-forward
Currently INVITE-ONLY (at time of this writing).
Q&A
How far does this scale? Not a technical issue, but logistical. This is for one group. So, not for entire district, but maybe for one grade. Essentially need a homogenous group. Not meant for different groups/kinds of users.
Will consultants be given a high-level view of multiple accounts? So far, no. May scale out a type of "admin panel."
If you already have Casper, is Bushel for me? Overall, this is not for Casper users. Will you be able to up/downgrade in the future? That is in the pipeline. Possible to see your bushel devices within Casper might be in the works.
Will not work with Casper Focus (this is not Casper).
Could have separate Bushel accounts for each "group" of users, if trying to leverage this in that manner. Not really the appropriate fit for Bushel, but could pilot the program before rolling out on larger scale. Another example would be carts - don't need Casper, necessarily, but still want management.
Is this cloud-only? Yes. Hosted in US right now. Plan to host in EU.
Single-App mode is a Casper feature, not appropriate for Bushel.
Other Q&A, mostly stemming from the highly-technical folks in the room. This is NOT for the tech folks running Casper, so was a challenge to release this product in front of this group.
#jnuc #jamf 10/22 - Simplifying VPP
Comparing VPP to a public library |
Why I chose this:
VPP is a key component to any Apple-related mass rollout and management system. I am hoping to grab some tips and hints to help me handle our VPP better.
What I learned (These are loose notes and will be missing actual steps):
JSS Framework
Users, VPP Invitations VPP Assignments, VPP Content Deployment
Compared VPP to being at the public library - what do you want? Get a card. Check it out from the library. Take book home, etc.
VPP Service Token
Purchase content via VPP
SMTP integration active
Use the fields in the JSS with VPP accounts (which email address, etc)
Modify JSS User Accounts and Group Permissions
Users:
Users vs JSS User Accounts and Groups - reframe our thinking, different than users logging into jss.
Assigned to a device
User-Initiated Enrollment
Manual Creation (non-LDAP)
LDAP
Find the computer, Computer/User info, fill in LDAP info
Could use Devices and find user-initiated users
Manually create users (or for testing purposes)
Use LDAP if possible
Enroll with user-initiated enrollment if possible
Fill in various screens (send email to user).
Use Smart Group (Not associated and Not Sent)
Use email invitation
Do not block app store for mobile devices
VPP Assignment
What are you assigning? iOS Apps and/or Mac Apps
Who are you assigning these to?
Create a smart group (VPP invitation is associated - that is, user accepted token)
Select the EDU account
Select user group that have completed process
Limited group to actual staff group
App shows in purchase history
Same thing for Mac or iOS apps. Must be done for each app on each platform
Use a Smart User Group (IS associated)
Be modular and try not to bundle
Content appears in Users' Purchase History
VPP Content Deployment
Computer or mobile device?
Make it available in self-service
Limit to LDAP group who should get the app (Staff, etc)
Save config
Keep your network infrastructure in mind - use self service
Install automatically - conditions that MUST be met
Automatic Downloads - does not need to be enabled
Self service allows users to install the app(s) when THEY want/need them
Revoking apps:
iOS Apps/Mac Apps - yes
eBooks - cannot be revoked
How to revoke (choose one - do not use all of these, though circumstance governs):
Remove user from LDAP Group
Change scope
Change app selection
Delete VPP assignment
Revoke All
Review:
1. JSS Framework in place, configured, VPP token
2. Users
3. VPP Invitations
4. VPP Assignments
5. VPP Content Deployment
Q&A -
For free apps: Nice thing about VPP is updating apps with their apple id.
Other q&a ensued, but I was talking with a colleague about LDAP integration and true SSO for local domain, Google Apps, and JSS
Oct 21, 2014
#jnuc #jamf - 10/21 - Session 2: JSS REST API
Discussing API usage/features |
Why I chose this:
This is marked as advanced session, which seems a bit counterproductive, given my first session was a "101" variety. But, the other sessions offered at this time did not appeal to me, and I wanted to see what an "Advanced" session was like. So, why not, right?
What I learned:
What it means to be RESTful
Replace in all polices with...
RADAR and Printer Chooser. Client API usage.
Representational State Transfer (REST) Methods
- Standard web calls with different methods being used.
-- Get method (get information)
-- Put method (replacing collections, update specific element)
-- Post method creates a new member element (forms in web)
-- Delete method - cannot delete entire collection, used to delete specific element
Usage: yourjssurl:port/api/
(Presenter showed examples of the methods in order to pull the "get" url and the xml response body.)
These are used in your scripts as ways to get/put/update/delete information from within your jamf scripting.
Replace in all policies with...
-- define variables
-- gather list of policies
-- loop through all policies, searching for policies which deploy a specific pkg
-- replace found entries with the updated package
-- update policy record by uploading updated xml
Define jssserver; username/password for service account; old/new package id; newaction
Gather a list of policies
Loop through all policies
Find package and replace
Update policy record
XML must be used for updating. JSON can be used to read data only.
RADAR
- Robust multi-Area Distribution Active Routing
-- Pings Distribution points in parallel then downloads from the "closest" DistPoint
Printer Chooser
- Grabs all printers defined in JSS
- Can use drop-down to find the printer. Can browse to find the printer and install.
- Specify driver to look for
- Cache all drivers on client machine
- Checks to see if driver is installed. If not, install the driver then install the printer.
Revision Control in JSS
Pull down anything from jss via XML
Commit > git hook > update jss script(s)
Q&A
Covered package-related questions such as clearing logs, not replacing unaffected packages from within a given policy. Question about the API and smart groups - display glitched but not affect actual devices. Other Q&A as well.
#jnuc #Jamf - 10/21 - Session 1: Policies 101: Unleashing Power
As I have come to do with all my conference sessions, I will be posting about the sessions I attend, why I chose the particular sessions and what I learned while in there.
Why I chose this session:
Since I am brand-new to JAMF, CasperSuite, etc, I am hoping to learn what I can about the software in order to help the schools in my area that are running the software or who are looking to implement it.
What I learned:
What do I want to do?
To Whom?
General
- Display Name (the "pretty" name, what users see in self-service)
- Enabled
- Category (Apps, OS, Printers, plug-ins, etc) - relevant to end-user
Triggers
- Startup (Firewall settings)
- Login (Make sure on YOUR network, then mount share, etc. validation BEFORE the attempt)
- Logout
- Network state change (wifi vs wired)
- Enrollment complete (1st-run script)
- Recurring Check-in
- Custom (useful for prerequisites)
Execution Freq
- Once per computer
- Once per user
- Once per day, week, month (ex: software updates)
- Ongoing (can make avail offline)
Server-side/client-side limitations
- particular days/times (ex: updates during work hours)
- Network connection (ex: only if on ethernet, etc)
Packages
- Install, cache, install from cache
- Select distribution point (location, cloud storage, etc)
Software Updates
- Self-service, auto-install, etc
Scripting
- first three variables taken by JAMF
-- $1 = mount point target drive
-- $2 = computer name
-- $3 = username, usually. Make sure user is logged in
Printers and Docks
- Add/remove printer configs, remove/add items from dock (without delete)
Local Accounts
- Create one
- Allow as admin
- check for filevault
- reset, delete, disable for filevault
- Ex: standardized testing environment (change pw every 24 hrs, delete acct after 14 days, etc)
Management Account
- Be different account than helpdesk uses.
- Password can be randomize it and is unknown
Restart Options
- Startup disk, installer, etc
- Issues with restarting (logged in user, running apps may be issue, etc)
Maintenace
- Update inventory
- Reset name
- Install cached items
- "Mac Voodoo" (fix permissions, flush cache, etc)
Files and Processes
- Find a file or folder, option to delete if found
- Option to kill process if running
- Run command
To Whom
- Scope
- Self-service
Scope
- Set up buildings, departments, etc
- Smart and static groups
- Targets (Can use ALL, if needed)
- Can set up exclusions (depts, groups, buildings, etc)
Self-Service
- Make standard users feel like they have power. They have control over which apps they can install, etc.
- grab icons from clipboard after copying to SS
User Interaction
- Start message (warn the user)
- Defer for 1hr, 2hr, etc
Open for Q&A
- "iBeacon was on slide?" "Yes, but for exclusions and limitations."
- "Do you recommend using update server?" "Depends on the environment. Ex: govt had to vet every update, so they used SUS. Can also use caching service (with various parameters)."
- Discussion about firmware updates. Watch for firmware updates as they will wipe out other updates, continual reboot
- limitation for custom triggers? not that they are aware. Cascading triggers are actually nested, so be careful about order and subtriggers.
- Do not lump a bunch of installs because update releases are not in sync. Keep each install/update as its own policy. Exception: dependencies, printer drivers.
- Issue discussions regarding non-installs/misinstalls. Common solution is to have two policies: one for drivers and one for printers with a check for driver before installing printer.
Getting ready for the session |
Why I chose this session:
Since I am brand-new to JAMF, CasperSuite, etc, I am hoping to learn what I can about the software in order to help the schools in my area that are running the software or who are looking to implement it.
What I learned:
What do I want to do?
To Whom?
General
- Display Name (the "pretty" name, what users see in self-service)
- Enabled
- Category (Apps, OS, Printers, plug-ins, etc) - relevant to end-user
Triggers
- Startup (Firewall settings)
- Login (Make sure on YOUR network, then mount share, etc. validation BEFORE the attempt)
- Logout
- Network state change (wifi vs wired)
- Enrollment complete (1st-run script)
- Recurring Check-in
- Custom (useful for prerequisites)
Execution Freq
- Once per computer
- Once per user
- Once per day, week, month (ex: software updates)
- Ongoing (can make avail offline)
Server-side/client-side limitations
- particular days/times (ex: updates during work hours)
- Network connection (ex: only if on ethernet, etc)
Packages
- Install, cache, install from cache
- Select distribution point (location, cloud storage, etc)
Software Updates
- Self-service, auto-install, etc
Scripting
- first three variables taken by JAMF
-- $1 = mount point target drive
-- $2 = computer name
-- $3 = username, usually. Make sure user is logged in
Printers and Docks
- Add/remove printer configs, remove/add items from dock (without delete)
Local Accounts
- Create one
- Allow as admin
- check for filevault
- reset, delete, disable for filevault
- Ex: standardized testing environment (change pw every 24 hrs, delete acct after 14 days, etc)
Management Account
- Be different account than helpdesk uses.
- Password can be randomize it and is unknown
Restart Options
- Startup disk, installer, etc
- Issues with restarting (logged in user, running apps may be issue, etc)
Maintenace
- Update inventory
- Reset name
- Install cached items
- "Mac Voodoo" (fix permissions, flush cache, etc)
Files and Processes
- Find a file or folder, option to delete if found
- Option to kill process if running
- Run command
To Whom
- Scope
- Self-service
Scope
- Set up buildings, departments, etc
- Smart and static groups
- Targets (Can use ALL, if needed)
- Can set up exclusions (depts, groups, buildings, etc)
Self-Service
- Make standard users feel like they have power. They have control over which apps they can install, etc.
- grab icons from clipboard after copying to SS
User Interaction
- Start message (warn the user)
- Defer for 1hr, 2hr, etc
Open for Q&A
- "iBeacon was on slide?" "Yes, but for exclusions and limitations."
- "Do you recommend using update server?" "Depends on the environment. Ex: govt had to vet every update, so they used SUS. Can also use caching service (with various parameters)."
- Discussion about firmware updates. Watch for firmware updates as they will wipe out other updates, continual reboot
- limitation for custom triggers? not that they are aware. Cascading triggers are actually nested, so be careful about order and subtriggers.
- Do not lump a bunch of installs because update releases are not in sync. Keep each install/update as its own policy. Exception: dependencies, printer drivers.
- Issue discussions regarding non-installs/misinstalls. Common solution is to have two policies: one for drivers and one for printers with a check for driver before installing printer.
This photo captures just how RED this room is! Whoa! |
Oct 20, 2014
Oct 19, 2014
Oct 11, 2014
Oct 9, 2014
Subscribe to:
Posts (Atom)