Despite Growth, Apple Falls Short of Acceptance in the Enterprise

By John Rizzo  |  Posted 03-30-2006

Despite Growth, Apple Falls Short of Acceptance in the Enterprise

As Apple Computer reaches the 30-year mark as a successful consumer electronics company, Macs are better integrated in enterprise systems than ever before. But if the enterprise market is paying attention, it isn't expressing this with large Mac purchases. It's also not evident how much Apple cares.

Despite big gains in compatibility with Windows networks, acceptance is hampered by a scarcity of vertical software available for the platform, by a lack of knowledge by IT staff of what today's Mac is capable of, and by a certain lack of attention by Apple.

"What Apple provides is good, but not good enough for the enterprise," said Tom Kemp, CEO of Centrify, a Mountain View, Calif., company that makes Active Directory integration tools for Mac and Linux clients. "If the Mac is going to succeed in enterprise, it has to plug in easily into the existing infrastructure."

Active Directory support is one of the most important areas of enterprise integration, an area in which Apple has made big improvements in recent years. Mac OS X provides single-log-on authentication with Active Directory, allowing users to log on to the network once to gain access to many services.

Administrators can also set up server-based home directories for Mac users, and configure permissions using Access Control Lists.

"The ability to plug into Active Directory was a huge step forward," said Charles Edge, partner and lead engineer for 318, a Santa Monica, Calif., consulting firm that integrates Macs into enterprise systems.

But there are still holes in Apple's Active Directory support, holes partially filled by products like Centrify and AdMitMac from Thursby Software. These products add integration features and don't require networks to run Mac OS X Server. Apple server software uses a version of the open-source Open Directory.

Click here for a trivia challenge in honor of Apple's 30th anniversary.

"People in organizations of 2,000 or 3,000 employees want to fully integrate Open Directory with Active Directory," Edge said. "Apple hasn't fully done it, but has come up with the 'golden triangle' strategy."

The "golden triangle" strategy uses a Mac OS X Server on the enterprise network. The Mac clients run plug-ins for both Active Directory and the LDAP protocol. The Mac client authenticates with Active Directory while getting managed group settings from the Mac OS X Server.

Edge said he thinks that the requirement to run Mac OS X Server to support Macs has not been too much of a burden, as it comes with a bundle of other features, including unlimited e-mail client support, spam filters and a lot of Unix software.

"At $1,000 a seat, OS X Server makes a pretty compelling argument as a server," Edge said. "In the enterprise, people are using OS X Server as a file server for the Macs. Currently, the graphics designers are using Macs to build Web sites, so when they go to host, they go with Mac servers."

Apple's Xserve and Xserve RAID hardware has garnered good reviews, as has the Xsan storage software. However, in enterprise, Apple's server lineup has not broken out of the Mac niche.

"Rarely do you see Mac servers employed as an intranet server or that kind of thing," Edge said.

Next Page: Macs need more ported apps.

Macs Need More Ported


Overcoming the burden of not being Windows is not entirely up to Apple. The Mac's dependence on third-party developers is acutely felt when the Mac functions as an Exchange client.

March's 11.2.3 update of Microsoft Exchange 2004 added important features, including the ability to sync calendars and contacts with Mac OS X's built-in Address Book and iCal programs.

But Microsoft's Entourage still doesn't have the features available to Outlook for Windows, including the support of the Microsoft MAPI (Messaging API) protocol. And performance remains a problem.

"Compared to Entourage X [the previous version], the current Entourage is great. Compared to Outlook, it's a lousy Exchange client," Edge said. "If you're looking at a lot of messages, you're looking at a lot of beach balls."

The spinning beach ball cursor is the Mac equivalent of the Windows hourglass, indicating an unresponsive application.

There are also holes that third parties don't fill, mostly in the areas of vertical applications and in-house Web-based applications.

The problem of the lack of software is a classic chicken-and-egg scenario. Having more applications running on Macs would enable companies to deploy more Macs, which, in turn, would increase the incentive for developers to port software to the Mac. But Apple isn't doing much to change the status quo.

"Apple doesn't cater to the enterprise market," Edge said. "It makes really good computers, and if enterprises want to use it, that's okay with Apple. I can't image Apple co-funding companies to make a Mac client."

One way Mac users have been able to get around this problem is through the use of Microsoft's Virtual PC to run Windows software not available to Mac OS X. Because Virtual PC emulates an x86 processor, performance is not good, but Virtual PC does do Windows networking well.

Paradoxically, the Intel Macs currently have less functionality at running Windows than the PowerPC Macs. That's because Microsoft's Virtual PC doesn't run on the Intel Macs. Although there is now a hack for booting Windows natively on the Intel Macs, it doesn't have the support for the Mac's hardware and peripherals that is found in Virtual PC on PowerPC Macs.

In January, Microsoft indicated interest in porting Virtual PC to Intel Macs, but did not announce a schedule. But with Apple now becoming a member of BAPCO (Business Applications Performance), an industry Windows benchmarking group, it looks like Apple may be working on its own Windows virtualization environment.

Perception is everything

One thing that Macs have going for them is a reputation for being better from a security standpoint. Apple frequently releases security patches, including two in the month of March; but except for the recent low-risk Leap-A virus, Mac OS X malware hasn't appeared.

However, bad experiences die hard. Part of the problem of getting the Mac into the enterprise has to do with memories of old incompatibles and the traffic-inducing AppleTalk protocol, which the Cupertino, Calif., company has successful phased out.

"Legacy IT staff sees an Apple computer as messing up their network, bringing down performance of the network," Edge said. "It's a lack of education from IT staff that's holding it back."

Edge said he thinks that Apple's transition to Intel processors could change the misperceptions. Replacing the PowerPC processor for an Intel processor doesn't solve the problems of network compatibility, but it does add a certain amount of trust to the platform. It's a touchy-feely perception of a brand image, the kind of feeling that Apple has been successful at exploiting during the past 30 years.

Check out's for the latest news, reviews and analysis on Apple in the enterprise.