Overview
The article discusses how Uber's Client Platform Engineering team scaled Mobile Device Management (MDM) for macOS using Chef. It highlights the challenges faced, the solutions implemented, and the impact of these strategies on managing a diverse array of devices across a large organization.
What You'll Learn
1
How to scale Mobile Device Management (MDM) using Chef
2
Why standardizing macOS versions is critical for security and consistency
3
How to implement user-approved MDM enrollment effectively
Prerequisites & Requirements
- Understanding of Mobile Device Management (MDM) concepts
- Familiarity with Chef and its ecosystem(optional)
Key Questions Answered
How did Uber scale MDM for macOS devices?
Uber scaled its MDM for macOS by standardizing user enrollment processes and leveraging API-driven Chef cookbooks to orchestrate and configure services. This approach allowed for flexibility and efficiency in managing a diverse range of devices across the organization.
What challenges did Uber face with MDM enrollment?
Uber faced challenges such as the need for a bifurcated enrollment process due to worldwide availability issues and the complexities introduced by Apple's security features. These challenges necessitated the development of a custom wrapper around MDM enrollment to streamline the process for users.
What is the impact of using Chef for MDM at Uber?
Using Chef as the primary management tool allowed Uber to create deterministic workflows tailored to their unique requirements. This resulted in improved efficiency and a clear audit trail of changes made to the fleet, ensuring devices remained in a known state.
How does UMAD improve MDM enrollment at Uber?
UMAD, or Universal MDM Approval Dialog, significantly improved MDM enrollment by allowing dynamic enrollment processes and fallback options. Within weeks of deployment, it enabled thousands of employees to enroll in MDM, addressing misconfigurations and improving compliance.
Key Statistics & Figures
Percentage of employees enrolled in MDM using UMAD
92 percent
Within 10 weeks of deploying UMAD, it helped enroll 92 percent of Uber employees in MDM.
Number of employees enrolled in MDM within six weeks
16,000
UMAD facilitated the enrollment of 16,000 employees in MDM within six weeks of its deployment.
Number of employees helped by UMAD with misconfigurations
4,000
Approximately 4,000 users had misconfigurations that were quickly remediated by enrolling in MDM using UMAD.
Technologies & Tools
Configuration Management
Chef
Used as the primary management tool for endpoint management workflows.
Mdm Tool
Umad
A custom wrapper to streamline MDM enrollment processes.
Key Actionable Insights
1Implement a custom wrapper around MDM enrollment to address unique organizational challenges.This approach allows for flexibility in managing diverse device types and ensures users can navigate the enrollment process with minimal friction.
2Leverage API-driven cookbooks to create deterministic workflows for endpoint management.Using API cookbooks can help maintain consistency across various operating systems and reduce technical debt by allowing for easy updates and modifications.
3Standardize macOS versions across the organization to enhance security and streamline support.A consistent operating environment simplifies troubleshooting and ensures all devices meet the necessary security standards.
Common Pitfalls
1
Failing to account for the diverse enrollment processes required for different devices.
This can lead to confusion among users and hinder compliance with MDM requirements. It's crucial to develop a clear strategy that addresses these variations.
2
Neglecting the importance of standardizing operating system versions.
Without standardization, security vulnerabilities may arise, and support can become complicated. Companies should aim to unify their operating systems for better management.