Re: [Fed-Talk] New Hardware Shipping with New OS and no support for old
Re: [Fed-Talk] New Hardware Shipping with New OS and no support for old
- Subject: Re: [Fed-Talk] New Hardware Shipping with New OS and no support for old
- From: "Pike, Michael (IHS/HQ)" <email@hidden>
- Date: Tue, 18 Oct 2011 20:25:19 +0000
- Thread-topic: [Fed-Talk] New Hardware Shipping with New OS and no support for old
Technically you can support an old OS on new equipment with VMWare or Parallels, but is an OS within an OS. If that would be a viable work around.
Mike
On Oct 18, 2011, at 7:38 AM, Kachman, Donald R. Jr (DJ) - (ESE) wrote:
Yes and we have enterprise development account. The issue is less us understanding the new OS, but rather the solutions we own supporting it. It has been rare that enterprise solutions are ready day one.
Stockpiling equipment seems expensive, especially if you do not want it sitting on the shelf collecting dust.
It would make sense, especially from an enterprise standpoint, that Apple would understand that large enterprises cannot just switch over in a few months.
I’m not sure I understand why Apple, as innovative as they are, can’t come up with a creative way to support an older OS on new equipment.
Best Regards,
DJ Kachman
CISSP CNSS/NSA
From: Mr. William G. Cerniuk [mailto:email@hidden]
Sent: Tuesday, October 18, 2011 8:40 AM
To: Trouton, Rich R; Benjamin, Charles (NIH/CIT) [E]; Fed Talk; Kachman, Donald R. Jr (DJ) - (ESE)
Subject: Re: [Fed-Talk] New Hardware Shipping with New OS and no support for old
The approach to purchasing models that can run the older OS only lasts for about a month after a release of a new OS. In fairly short order after a new release of an OS, all Macs have updated ROMs to leverage the new capabilities of the OS. Once the ROM has been updated, you cannot successfully re-install legacy operating systems on the machine. It has been this way since 1984. (27 years)
We all have the capability of obtaining the latest pre-release of Apple software months ahead of release and this includes iOS as well as Mac OS X. By the time Apple releases an operating system, there really should be very few surprises. This is how the Apple developer community pulls off the simultaneous releases of software that leverage the new capabilities on day-1 of a new OS from Apple:
<image001.png>
The thing to remember is that Apple is a hardware company and as such treats the operation system as firmware, integrated, tested, no unknowns in the platforms upon which it runs. This software has been heavily tested both at Apple and by people such as our group here (http://radar.apple.com).
By contrast (and I mean 180 degrees) Microsoft sells software which may or many not work with the hardware you have and which may or may not have been tested on the hardware you have. A new OS from Microsoft has many external dependencies, especially with an enterprise configuration, as there are so many moving parts and so many drivers from so many other companies that it is amazing that Microsoft pulls it off.
Best,
Wm.
On Oct 13, 2011, at 1:02 PM, Trouton, Rich R wrote:
Another way to handle it is to provide your users with a list of "these models can still run (previous OS). If you need a Mac, please buy one of these" and have an (previous OS) image ready that you can apply to qualifying Macs as they come in.
That approach gives you a way to keep supporting the old OS, gain time to prepare to support the new OS, and still provide your folks with new stuff. Does it help if your director says "I don't care, I want that new (only runs the new OS) Mac,"? No, but at least that confines the problem to a numerically smaller group of users.
Thanks,
Rich
On Oct 13, 2011, at 11:16 AM, Benjamin, Charles (NIH/CIT) [E] wrote:
Apple does make this incredibly hard on enterprises. It is my biggest peeve.
We are trying to address this by going to a lifecycle model, which would include spares. We are already doing this with Windows PC’s so we have some basis to model after. So we will try to predict what we need in advance and basically use the “older model” until the new OS is ready for production. I don’t know how well this will work initially as we are still assessing things to try and predict models to buy for roles/functions/replacements. As luck would have it, Lion was released before we got started and it is very much a game changer OS versus 10.4, 10.5,10.6 which is the style OS we were preparing for. Right now we have best effort support for Lion boxes in use while trying to preserve our 10.6 installs.
That being said, my suspicion is life cycle will be the way to handle it. By having the hardware in advance and knowing approximately when the new OS is coming you setup your hardware buys so that you can give yourself 6 months to a year to prepare for the new OS. Of course this assumes the budget flexibility to do it and enough political clout to stop the “Oh new shiny model” buys. :)
Chuck Benjamin
DHHS/NIH/CIT/DCS/SSB/DSS
CIT Desktop Security Team
email@hidden<mailto:email@hidden>
From: Kachman, Donald R. Jr (DJ) - (ESE) [mailto:email@hidden]
Sent: Thursday, October 13, 2011 10:49 AM
To: 'email@hidden<mailto:'email@hidden>'
Subject: [Fed-Talk] New Hardware Shipping with New OS and no support for old
I’m looking for information on how other agencies handle Apple’s policy that they ship hardware with the latest OS and do not support previous versions, typically within a short window after the latest OS is released.
An example, Lion was released in August and all equipment subsequent is shipped with Lion. As a federal agency, we do not move to the latest without security, management, and user testing. In fact, some of the security software we use, has not been available right after.
Another example is that iOS 5 is now shipped on all iOS devices. Do other federal agencies just wholesale take the new OS and then attempt to manage and secure it later?
Knowing that the future happens rapidly in this environment, we are responsible as managers and security staff, to ensure that what is put out there is indeed secure and protects the data that we are entrusted with.
Thoughts and practices from other agencies?
Best Regards,
DJ Kachman
Director, Security and Mobile Division, Client Security, ESE
Battle Creek, MI 49051
(269) 317-5481
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
---
Rich Trouton
email@hidden<mailto:email@hidden>
JFRC Help Desk
phone: x4030
email: email@hidden<mailto:email@hidden>
The best way to get in touch with me is through email.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden