AEiOS

AEiOS

Old MacDonald had a school. A-E-i-O-S,
And at that school he had some iPads. A-E-i-O-S,
With a iPad here, and a iPad there,
Here a iPad, there a iPad, everywhere a iPad.

Overview


AEiOS (Automated Enterprise iOS) is a python library designed to aid the automation of Apple iOS device management, configuration, and imaging. Originally designed for our in-house Student Checkout iPads, we wanted to provide our students and patrons the ability to use our iPads without restrictions as if they were personal devices. Users can configure the devices however they like, install their own applications, and even use iCloud, while we (MacAdmins) maintain user data privacy between each checkout.

By integrating the best features of Apple’s Apple Configurator, Device Enrollment Program (DEP), Mobile Device Management (MDM) and Volume Purchase Program (VPP). We have created a completely automated, and truly zero-touch solution for iOS device checkout using free and native Apple macOS solutions that requires no interaction by our very busy support staff other than plugging in with checkin.

A member of our team, Sam Forester, who developed this python library discussed it in detail on a popular Mac Admin podcast, Mac Admins Podcast, Episode 123: AEiOS and Sometimes Y.

Mac Admins Podcast, Episode 123: AEiOS and Sometimes Y

For more information or download the source code, see the following GitHub repository:

AEiOS (Automated Enterprise iOS) GitHub Respository

https://github.com/univ-of-utah-marriott-library-apple/aeios

Details


Originally designed for our in-house student checkout iPads, we wanted to provide our students and patrons the ability to use our iPads without restrictions as if they were personal devices. Users can configure the devices however they like, install their own applications, and even use iCloud, while we (MacAdmins) maintain user data privacy between each checkout. The location that these student checkout iPads are primarily checked out and supported by other students that are very busy with many other duties & projects. Our solution needed to be truly zero touch with little to no training and works around 99% of the issues and edge cases that we ran into during development and thought we might see during production deployment.

This python library in part uses the cfgutil  command line tool available inside the Apple Configurator 2 application bundle to aid in iOS shared device management:

Apple Configurator 2.app/Contents/MacOS/cfgutil

Example of the help page:

cfgutil 2.7.1 (444)

Global options:
	[-C | --certificate] <argument>
	Path to DER-encoded certificate of supervising organization.

	[-K | --private-key] <argument>
	Path to DER-encoded private key of supervising organization.

	[-e | --ecid] <argument>
	Device to act on, by ECID. Can be used more than once.

	[-f | --foreach]
	Act on all selected devices.

	--format <argument>
	Output format. (text, JSON, plist)

	--progress
	Show steps/progress even without plaintext output.

	--timeout <argument>
	Set the timeout for detecting connected devices. (in seconds)

	[-v | --verbose]
	Increase the logging verbosity.

Commands:
	activate
		Activate attached devices.
	add-tags
		Add tags to devices.
	backup
		Take a backup of a prepared iOS device.
	clear-passcode
		Clear passcode on a device. (supervised only)
	erase | erase-content
		Erase content and settings on devices. (supervised only)
	exec
		Run a script when devices attach or detach.
	get | get-property
		Show various properties of a device.
	get-app-icon
		Save app icons from a device.
	get-icon-layout
		Fetch the home screen layout from a device.
	get-unlock-token
		Get unlock tokens from supervised devices.
	help | usage
		Show help for a command or show all commands.
	install-app | install-application | install-applications | install-apps
		Install apps on attached devices.
	install-doc | install-docs | install-document | install-documents
		Install documents on attached devices.
	install-profile | install-profiles
		Install profiles on attached devices.
	list | list-devices
		List attached devices.
	list-backups
		List backups stored on the host.
	pair
		Try to pair with attached devices.
	prepare
		Initial configuration of freshly erased devices.
	remove-app
		Remove apps from attached devices.
	remove-profile
		Remove profiles from attached devices.
	remove-tags
		Remove tags from attached devices.
	rename | set-name
		Set the name on a device.
	restart
		Reboot attached devices. (supervised only)
	restore | update
		Install the latest OS version on devices.
	restore-backup
		Restore a backup to an iOS device.
	revive
		Attempt to revive a device from recovery mode.
	set-backup-password
		Set or remove backup passwords on attached devices.
	set-icon-layout
		Set home screen icon layout on devices.
	set-wallpaper | wallpaper
		Set background image on devices. (supervised only)
	shut-down
		Power off attached devices. (supervised only)
	syslog
		Print a running output of the device's syslog.
	unpair
		Remove pairing between the host Mac and device.
	version
		Show this program's version.

Here is a list of other potential options:

Apple Configurator & Automator
The Automator actions for the Apple Configurator application, make it easy to create and apply automation recipes for mobile device setup, dramatically reducing the complexity and time it takes to keep your mobile devices mobile.

Here is a presentation, Tethered Management of iOS Devices by Sal Soghoian covering setup and usage of Apple Configurator and Automator actions to manage iOS devices:

  • Video – To view archived presentation video, click here.
  • Slides – To view the presentation slides, click here.

For more details, see the following web site:

http://configautomation.com

Apple Provisioning Utility (APU)
This is a shared iOS devices management and deployment utility that can be customized for your environment by Apple Professional Services. Provides a dynamic dashboard interface and can bath process up to 40 iOS devices. The utility is a written in Swift and can be customized for your environment and needs by Apple Professional Service for a fee. It can be expensive for smaller schools or budgets and short term projects and less flexible than other enterprise solutions like GroundControl.

For more details send email to Apple Professional Services to consultingservices@apple.com.

GroundControl
GroundControl is a commercial service that has a yearly per device subscription fee. Launchpad is their patented application for Windows or Mac systems that drives the IT-free operation of devices in the field. Running on a headless system and a USB hub or dock, IT administrators can automate workflows that manage devices. GroundControl is software, specifically SaaS. The management console runs in the cloud; the Launchpad client runs on Windows and/or Macs system within your network; and the Locker and Self Heal applications, if you you use them, run on your shared devices. It has been said “GroundControl is Configurator on steroids.”, but it can be expensive for smaller schools or budgets and short term projects.

GroundControl presented at the May 2019, University of Utah MacAdmin meeting.

  • Video – To view archived presentation video, click here.
  • Slides – To view the presentation slides, click here.

For more information about GroundControl, see the following web site:



https://www.groundctl.com

Jamf Setup and Reset
Jamf Setup gives a new option between generic configurations and Apple’s Shared iPad. A single device supports multiple customized use-cases. This creates a more flexible shared-device. It provides an intuitive way for end users to receive relevant apps and settings – no IT involvement required, and allows for an over-the-air workflow with no need for additional hardware.

Jamf Reset empowers users themselves to digitally sanitize devices, with Home screen access to wipe the device. It creates an over-the-air workflow with no additional hardware required.

These solutions require that you have a Jamf Pro infrastructure with the expectation that users or support staff will properly sanitize iOS devices in between shared sessions, and require some initial setup steps after sanitization requiring either end-user or support staff touching devices. Over-the-air workflow can have drawbacks in application installation speed, depending on your scope and turn-around time in between shared device setup and sanitization.

For more information, see this web page:



https://www.jamf.com/resources/webinars/empower-it-with-jamf-setup-and-reset/

libimobiledevice
A cross-platform software protocol library and tools to communicate with iOS devices natively. libimobiledevice is a cross-platform software library that talks the protocols to support iPhone, iPod Touch, iPad and Apple TV devices. Unlike other projects, it does not depend on using any existing proprietary libraries and does not require jailbreaking. It allows other software to easily access the device’s filesystem, retrieve information about the device and it’s internals, backup/restore the device, manage SpringBoard icons, manage installed applications, retrieve addressbook/calendars/notes and bookmarks and (using libgpod) synchronize music and video to the device. The library is in development since August 2007 with the goal to bring support for these devices to the Linux Desktop.

For more information about this library, see the following website:

https://www.libimobiledevice.org

1 Comment

Leave a Reply