Despite Growth, Apple Falls Short of Acceptance in the Enterprise
Modernizing Authentication — What It Takes to Transform Secure Access
Despite big gains in compatibility with Windows networks, acceptance is hampered by a scarcity of vertical software available for the platform, by a lack of knowledge by IT staff of what today's Mac is capable of, and by a certain lack of attention by Apple.
"What Apple provides is good, but not good enough for the enterprise," said Tom Kemp, CEO of Centrify, a Mountain View, Calif., company that makes Active Directory integration tools for Mac and Linux clients. "If the Mac is going to succeed in enterprise, it has to plug in easily into the existing infrastructure."
Active Directory support is one of the most important areas of enterprise integration, an area in which Apple has made big improvements in recent years. Mac OS X provides single-log-on authentication with Active Directory, allowing users to log on to the network once to gain access to many services.
Administrators can also set up server-based home directories for Mac users, and configure permissions using Access Control Lists.
"The ability to plug into Active Directory was a huge step forward," said Charles Edge, partner and lead engineer for 318, a Santa Monica, Calif., consulting firm that integrates Macs into enterprise systems.
But there are still holes in Apple's Active Directory support, holes partially filled by products like Centrify and AdMitMac from Thursby Software. These products add integration features and don't require networks to run Mac OS X Server. Apple server software uses a version of the open-source Open Directory.
"People in organizations of 2,000 or 3,000 employees want to fully integrate Open Directory with Active Directory," Edge said. "Apple hasn't fully done it, but has come up with the 'golden triangle' strategy."
The "golden triangle" strategy uses a Mac OS X Server on the enterprise network. The Mac clients run plug-ins for both Active Directory and the LDAP protocol. The Mac client authenticates with Active Directory while getting managed group settings from the Mac OS X Server.
Edge said he thinks that the requirement to run Mac OS X Server to support Macs has not been too much of a burden, as it comes with a bundle of other features, including unlimited e-mail client support, spam filters and a lot of Unix software.
"At $1,000 a seat, OS X Server makes a pretty compelling argument as a server," Edge said. "In the enterprise, people are using OS X Server as a file server for the Macs. Currently, the graphics designers are using Macs to build Web sites, so when they go to host, they go with Mac servers."
"Rarely do you see Mac servers employed as an intranet server or that kind of thing," Edge said.
Next Page: Macs need more ported apps.