29 May AEiOS
Old MacDonald had a school. A-E-i-O-S,
And at that school he had some iPads. A-E-i-O-S,
With a iPad here, and a iPad there,
Here a iPad, there a iPad, everywhere a iPad.
Overview
AEiOS (Automated Enterprise iOS) is a python library designed to aid the automation of Apple iOS device management, configuration, and imaging. Originally designed for our in-house Student Checkout iPads, we wanted to provide our students and patrons the ability to use our iPads without restrictions as if they were personal devices. Users can configure the devices however they like, install their own applications, and even use iCloud, while we (MacAdmins) maintain user data privacy between each checkout.
By integrating the best features of Apple’s Apple Configurator, Device Enrollment Program (DEP), Mobile Device Management (MDM) and Volume Purchase Program (VPP). We have created a completely automated, and truly zero-touch solution for iOS device checkout using free and native Apple macOS solutions that requires no interaction by our very busy support staff other than plugging in with checkin.
A member of our team, Sam Forester, who developed this python library discussed it in detail on a popular Mac Admin podcast, Mac Admins Podcast, Episode 123: AEiOS and Sometimes Y.
For more information or download the source code, see the following GitHub repository:
https://github.com/univ-of-utah-marriott-library-apple/aeios
Details
Originally designed for our in-house student checkout iPads, we wanted to provide our students and patrons the ability to use our iPads without restrictions as if they were personal devices. Users can configure the devices however they like, install their own applications, and even use iCloud, while we (MacAdmins) maintain user data privacy between each checkout. The location that these student checkout iPads are primarily checked out and supported by other students that are very busy with many other duties & projects. Our solution needed to be truly zero touch with little to no training and works around 99% of the issues and edge cases that we ran into during development and thought we might see during production deployment.
This python library in part uses the cfgutil command line tool available inside the Apple Configurator 2 application bundle to aid in iOS shared device management:
Apple Configurator 2.app/Contents/MacOS/cfgutil
Example of the help page:
cfgutil 2.7.1 (444) Global options: [-C | --certificate] <argument> Path to DER-encoded certificate of supervising organization. [-K | --private-key] <argument> Path to DER-encoded private key of supervising organization. [-e | --ecid] <argument> Device to act on, by ECID. Can be used more than once. [-f | --foreach] Act on all selected devices. --format <argument> Output format. (text, JSON, plist) --progress Show steps/progress even without plaintext output. --timeout <argument> Set the timeout for detecting connected devices. (in seconds) [-v | --verbose] Increase the logging verbosity. Commands: activate Activate attached devices. add-tags Add tags to devices. backup Take a backup of a prepared iOS device. clear-passcode Clear passcode on a device. (supervised only) erase | erase-content Erase content and settings on devices. (supervised only) exec Run a script when devices attach or detach. get | get-property Show various properties of a device. get-app-icon Save app icons from a device. get-icon-layout Fetch the home screen layout from a device. get-unlock-token Get unlock tokens from supervised devices. help | usage Show help for a command or show all commands. install-app | install-application | install-applications | install-apps Install apps on attached devices. install-doc | install-docs | install-document | install-documents Install documents on attached devices. install-profile | install-profiles Install profiles on attached devices. list | list-devices List attached devices. list-backups List backups stored on the host. pair Try to pair with attached devices. prepare Initial configuration of freshly erased devices. remove-app Remove apps from attached devices. remove-profile Remove profiles from attached devices. remove-tags Remove tags from attached devices. rename | set-name Set the name on a device. restart Reboot attached devices. (supervised only) restore | update Install the latest OS version on devices. restore-backup Restore a backup to an iOS device. revive Attempt to revive a device from recovery mode. set-backup-password Set or remove backup passwords on attached devices. set-icon-layout Set home screen icon layout on devices. set-wallpaper | wallpaper Set background image on devices. (supervised only) shut-down Power off attached devices. (supervised only) syslog Print a running output of the device's syslog. unpair Remove pairing between the host Mac and device. version Show this program's version.
Here is a list of other potential options:
Apple Configurator & Automator
The Automator actions for the Apple Configurator application, make it easy to create and apply automation recipes for mobile device setup, dramatically reducing the complexity and time it takes to keep your mobile devices mobile.
Here is a presentation, Tethered Management of iOS Devices by Sal Soghoian covering setup and usage of Apple Configurator and Automator actions to manage iOS devices:
- Video – To view archived presentation video, click here.
- Slides – To view the presentation slides, click here.
For more details, see the following web site:
Apple Provisioning Utility (APU)
This is a shared iOS devices management and deployment utility that can be customized for your environment by Apple Professional Services. Provides a dynamic dashboard interface and can bath process up to 40 iOS devices. The utility is a written in Swift and can be customized for your environment and needs by Apple Professional Service for a fee. It can be expensive for smaller schools or budgets and short term projects and less flexible than other enterprise solutions like GroundControl.
For more details send email to Apple Professional Services to consultingservices@apple.com.
GroundControl
GroundControl is a commercial service that has a yearly per device subscription fee. Launchpad is their patented application for Windows or Mac systems that drives the IT-free operation of devices in the field. Running on a headless system and a USB hub or dock, IT administrators can automate workflows that manage devices. GroundControl is software, specifically SaaS. The management console runs in the cloud; the Launchpad client runs on Windows and/or Macs system within your network; and the Locker and Self Heal applications, if you you use them, run on your shared devices. It has been said “GroundControl is Configurator on steroids.”, but it can be expensive for smaller schools or budgets and short term projects.
GroundControl presented at the May 2019, University of Utah MacAdmin meeting.
- Video – To view archived presentation video, click here.
- Slides – To view the presentation slides, click here.
For more information about GroundControl, see the following web site:
https://www.groundctl.com
Jamf Setup and Reset
Jamf Setup gives a new option between generic configurations and Apple’s Shared iPad. A single device supports multiple customized use-cases. This creates a more flexible shared-device. It provides an intuitive way for end users to receive relevant apps and settings – no IT involvement required, and allows for an over-the-air workflow with no need for additional hardware.
Jamf Reset empowers users themselves to digitally sanitize devices, with Home screen access to wipe the device. It creates an over-the-air workflow with no additional hardware required.
These solutions require that you have a Jamf Pro infrastructure with the expectation that users or support staff will properly sanitize iOS devices in between shared sessions, and require some initial setup steps after sanitization requiring either end-user or support staff touching devices. Over-the-air workflow can have drawbacks in application installation speed, depending on your scope and turn-around time in between shared device setup and sanitization.
For more information, see this web page:
https://www.jamf.com/resources/webinars/empower-it-with-jamf-setup-and-reset/
libimobiledevice
A cross-platform software protocol library and tools to communicate with iOS devices natively. libimobiledevice is a cross-platform software library that talks the protocols to support iPhone, iPod Touch, iPad and Apple TV devices. Unlike other projects, it does not depend on using any existing proprietary libraries and does not require jailbreaking. It allows other software to easily access the device’s filesystem, retrieve information about the device and it’s internals, backup/restore the device, manage SpringBoard icons, manage installed applications, retrieve addressbook/calendars/notes and bookmarks and (using libgpod) synchronize music and video to the device. The library is in development since August 2007 with the goal to bring support for these devices to the Linux Desktop.
For more information about this library, see the following website:
Pingback:Student Checkout iPads Now Available | J. Willard Marriott Library Blog
Posted at 20:42h, 10 December[…] In the spirit of “One U”, we have made our iPad automation software available for use by other entities on campus for free. If you are curious about how you can implement your own Student Checkout iPads, additional information can be found here. […]