Apple does make this incredibly hard on enterprises. It is my biggest peeve.
We are trying to address this by going to a lifecycle model, which would include spares. We are already doing this with Windows PC’s so we have some basis to model after. So we will try to predict what we need in advance
and basically use the “older model” until the new OS is ready for production. I don’t know how well this will work initially as we are still assessing things to try and predict models to buy for roles/functions/replacements. As luck would have it, Lion was
released before we got started and it is very much a game changer OS versus 10.4, 10.5,10.6 which is the style OS we were preparing for. Right now we have best effort support for Lion boxes in use while trying to preserve our 10.6 installs.
That being said, my suspicion is life cycle will be the way to handle it. By having the hardware in advance and knowing approximately when the new OS is coming you setup your hardware buys so that you can give yourself
6 months to a year to prepare for the new OS. Of course this assumes the budget flexibility to do it and enough political clout to stop the “Oh new shiny model” buys. J
Chuck Benjamin
DHHS/NIH/CIT/DCS/SSB/DSS
CIT Desktop Security Team
From: Kachman, Donald R. Jr (DJ) - (ESE) [mailto:email@hidden]
Sent: Thursday, October 13, 2011 10:49 AM
To: 'email@hidden'
Subject: [Fed-Talk] New Hardware Shipping with New OS and no support for old
I’m looking for information on how other agencies handle Apple’s policy that they ship hardware with the latest OS and do not support previous versions, typically within a short window after the latest OS is released.
An example, Lion was released in August and all equipment subsequent is shipped with Lion. As a federal agency, we do not move to the latest without security, management, and user testing. In fact, some of the security software we use, has not been available
right after.
Another example is that iOS 5 is now shipped on all iOS devices. Do other federal agencies just wholesale take the new OS and then attempt to manage and secure it later?
Knowing that the future happens rapidly in this environment, we are responsible as managers and security staff, to ensure that what is put out there is indeed secure and protects the data that we are entrusted with.
Thoughts and practices from other agencies?
Best Regards,
DJ Kachman
Director, Security and Mobile Division, Client Security, ESE
Battle Creek, MI 49051
(269) 317-5481
Do not post admin requests to the list. They will be ignored.