UNCLASSIFIED////
The only problem would be that the new OS is still a violation to some
IA departments. If the hardware will not let you downgrade to a
supported OS version, then the organization is dead in the water until
the new OS passes IA approval.
-Norris
-----Original Message-----
From: fed-talk-bounces+norris.sizemore=email@hidden
[mailto:fed-talk-bounces+norris.sizemore=email@hidden]
On Behalf Of Pike, Michael (IHS/HQ)
Sent: Tuesday, October 18, 2011 4:25 PM
To: Kachman, Donald R. Jr (DJ) - (ESE)
Cc: Mr. William G. Cerniuk; Fed Talk
Subject: Re: [Fed-Talk] New Hardware Shipping with New OS and no support
for old
Technically you can support an old OS on new equipment with VMWare or
Parallels, but is an OS within an OS. If that would be a viable work
around.
Mike
On Oct 18, 2011, at 7:38 AM, Kachman, Donald R. Jr (DJ) - (ESE) wrote:
Yes and we have enterprise development account. The issue is less us
understanding the new OS, but rather the solutions we own supporting it.
It has been rare that enterprise solutions are ready day one.
Stockpiling equipment seems expensive, especially if you do not want it
sitting on the shelf collecting dust.
It would make sense, especially from an enterprise standpoint, that
Apple would understand that large enterprises cannot just switch over in
a few months.
I'm not sure I understand why Apple, as innovative as they are, can't
come up with a creative way to support an older OS on new equipment.
Best Regards,
DJ Kachman
CISSP CNSS/NSA
From: Mr. William G. Cerniuk [mailto:email@hidden]
Sent: Tuesday, October 18, 2011 8:40 AM
To: Trouton, Rich R; Benjamin, Charles (NIH/CIT) [E]; Fed Talk; Kachman,
Donald R. Jr (DJ) - (ESE)
Subject: Re: [Fed-Talk] New Hardware Shipping with New OS and no support
for old
The approach to purchasing models that can run the older OS only lasts
for about a month after a release of a new OS. In fairly short order
after a new release of an OS, all Macs have updated ROMs to leverage the
new capabilities of the OS. Once the ROM has been updated, you cannot
successfully re-install legacy operating systems on the machine. It has
been this way since 1984. (27 years)
We all have the capability of obtaining the latest pre-release of Apple
software months ahead of release and this includes iOS as well as Mac OS
X. By the time Apple releases an operating system, there really should
be very few surprises. This is how the Apple developer community pulls
off the simultaneous releases of software that leverage the new
capabilities on day-1 of a new OS from Apple:
<image001.png>
The thing to remember is that Apple is a hardware company and as such
treats the operation system as firmware, integrated, tested, no unknowns
in the platforms upon which it runs. This software has been heavily
tested both at Apple and by people such as our group here
(http://radar.apple.com).
By contrast (and I mean 180 degrees) Microsoft sells software which may
or many not work with the hardware you have and which may or may not
have been tested on the hardware you have. A new OS from Microsoft has
many external dependencies, especially with an enterprise configuration,
as there are so many moving parts and so many drivers from so many other
companies that it is amazing that Microsoft pulls it off.
Best,
Wm.
On Oct 13, 2011, at 1:02 PM, Trouton, Rich R wrote:
Another way to handle it is to provide your users with a list of "these
models can still run (previous OS). If you need a Mac, please buy one of
these" and have an (previous OS) image ready that you can apply to
qualifying Macs as they come in.
That approach gives you a way to keep supporting the old OS, gain time
to prepare to support the new OS, and still provide your folks with new
stuff. Does it help if your director says "I don't care, I want that new
(only runs the new OS) Mac,"? No, but at least that confines the problem
to a numerically smaller group of users.
Thanks,
Rich
On Oct 13, 2011, at 11:16 AM, Benjamin, Charles (NIH/CIT) [E] wrote:
Apple does make this incredibly hard on enterprises. It is my biggest
peeve.
We are trying to address this by going to a lifecycle model, which would
include spares. We are already doing this with Windows PC's so we have
some basis to model after. So we will try to predict what we need in
advance and basically use the "older model" until the new OS is ready
for production. I don't know how well this will work initially as we
are still assessing things to try and predict models to buy for
roles/functions/replacements. As luck would have it, Lion was released
before we got started and it is very much a game changer OS versus 10.4,
10.5,10.6 which is the style OS we were preparing for. Right now we have
best effort support for Lion boxes in use while trying to preserve our
10.6 installs.
That being said, my suspicion is life cycle will be the way to handle
it. By having the hardware in advance and knowing approximately when the
new OS is coming you setup your hardware buys so that you can give
yourself 6 months to a year to prepare for the new OS. Of course this
assumes the budget flexibility to do it and enough political clout to
stop the "Oh new shiny model" buys. :)
Chuck Benjamin
DHHS/NIH/CIT/DCS/SSB/DSS
CIT Desktop Security Team
email@hidden<mailto:email@hidden
.gov>
From: Kachman, Donald R. Jr (DJ) - (ESE) [mailto:email@hidden]
Sent: Thursday, October 13, 2011 10:49 AM
To: 'email@hidden<mailto:'email@hidden>'
Subject: [Fed-Talk] New Hardware Shipping with New OS and no support for
old
I'm looking for information on how other agencies handle Apple's policy
that they ship hardware with the latest OS and do not support previous
versions, typically within a short window after the latest OS is
released.
An example, Lion was released in August and all equipment subsequent is
shipped with Lion. As a federal agency, we do not move to the latest
without security, management, and user testing. In fact, some of the
security software we use, has not been available right after.
Another example is that iOS 5 is now shipped on all iOS devices. Do
other federal agencies just wholesale take the new OS and then attempt
to manage and secure it later?
Knowing that the future happens rapidly in this environment, we are
responsible as managers and security staff, to ensure that what is put
out there is indeed secure and protects the data that we are entrusted
with.
Thoughts and practices from other agencies?
Best Regards,
DJ Kachman
Director, Security and Mobile Division, Client Security, ESE Battle
Creek, MI 49051
(269) 317-5481
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
org
This email sent to
email@hidden<mailto:email@hidden>
---
Rich Trouton
email@hidden<mailto:email@hidden>
JFRC Help Desk
phone: x4030
email: email@hidden<mailto:email@hidden>
The best way to get in touch with me is through email.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list
(email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
army.mil
This email sent to email@hidden
UNCLASSIFIED////
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden