iChatting across subnets

We’ve had iChat set up on our macs for a while, making use of Bonjour to provide a zero- configuration way for teachers to communicate around the school. We now have a second site and teachers wanted to be able to iChat between sites but it wasn’t working as Bonjour doesn’t easily work across two different subnets (especially if LGfL are involved!). So instead I set up iChat Sever on our Lion Server.

It was mainly straightforward, once I had figured out how…

  1. Turn on iChat server on the Lion server.  Involves switching it to on.  It sets up a Jabber messaging server.
  2. Set up the login details using Workgroup Manager.  There is a manifest called ‘iChat.Jabber’ which gives you a managed client settings already set up.
  3. When a user logs onto the Mac, their credentials are used to log onto the iChat server.  This requires an AD or OD setup, which meant a few issues when it came to the experimental ditched directory Macs. I had to set these machines up manually using the user’s network logins.
  4. Initially, the iChat window doesn’t show any ‘buddies’, which  renders the service useless at school because teachers wouldn’t know each other’s iChat accounts.  Lion server promises the ability to add all users as buddies automatically, but this only seems to work if you’ve got an Open Directory setup (i.e. all user accounts are on the Mac server rather than elsewhere).  Instead I had to log each user into iChat and then run the command ‘sudo jabber_autobuddy -m’ in Terminal on the Lion server.  This adds everyone who has ever logged into the iChat server onto everyone’s buddy list.

It seems to be working fine, with the teachers across two sites particularly finding it helpful.

Erasing SMART Ink

One of the features of Smart Notebook 11, the latest version of the software used to run Smartboards, is a featured called ‘SMART Ink’.  It’s an evolution of the previous functionality that allowed you to write on any window using the Smartboard pens. Previous versions just put a big picture frame over to allow you to write, which was great for full-screen applications but not so good for windows that move around.  To get around this problem, SMART released SMART Ink, which ties the writing to a specific window, which can then be moved around the screen.  Which is all great in theory.

However, in practice it results in lots of ugly green boxes sitting in the title bar of every single window you have open, and even every little dialogue box as well.  And then when you move the window around, it doesn’t gracefully move with it but rather jitters around, destroying all the hard work Apple engineers have done in giving silky-smooth-graphic-card-accelerated windowing.

But not only that, it also seems to generally slow the Mac down, as acknowledged here and here by SMART. Not very smart.

Several people have suggested ways to remove the software, which I have roughly followed.  It basically involves removing the ‘SMART Ink’ login item from System Preferences > Users & Groups > Login Items and then killing the process using Activity Monitor.  It’s a bit of a faff to go computer to computer, but seems to have had a good impact on speed.

Macs and Antivirus

Yesterday I noticed that the top free app on the Mac App Store was a piece of antivirus software. Very depressing.

Why is it depressing? Now I know there have been a few virus scares on the Mac recently, but on the whole OSX is much more secure than Windows. The problem with antivirus software is that it slows down a computer as it continually checks files and processes for errant behaviour. I’ve noticed that some of the Macs at school run quite slowly compared with my own MacBook Air, particularly with startup times. I suspect that the wonderful SMART software and drivers might be something to do with it, but probably Sophos antivirus is too. I’m under the impression that using Sophos is required by LGfL, but maybe it’s not. And it’s not as if all the iPads can run Sophos either…

…so maybe I’ll try removing Sophos and see what happens then. Am I being foolish and crazy?

WebDAV

My problem is that I, deep down, hope and expect software and technology to work easily and first-time. One day I shall learn…

Our other task for today was to try and set up a WebDAV share on our windows server for our new iPads. Unfortunately we couldn’t get it to work, although our amazing technician is looking into it

I did manage to setup a new WebDAV share on our Lion server though. I was having trouble accessing it until I discovered the correct URL for the WebDAV share. It should be something like this:

http://hostname/webdav/sharename

The Lion share will work for windows and Macs too, so I’ll just add another share point to each user’s desktop called ‘ipad’ or something. It’s not ideal that it’s separate to our ‘school’ shared drive, but hopefully we’ll get the Windows WebDAV working before too long.

Setting Up iPads pt.1

Yesterday I finally had the time to start setting up the iPads at school. Yay!

The first job was to get the wifi going. We’re putting in Ubiquiti’s UNIFi wireless access points, which seem pretty good but also very reasonably priced. They have ceiling-mountable access points which can then be configured by a web-based controller you install somewhere on your network. All the points aren’t in yet, so I just had one sitting on the table in the room I was in. I couldn’t get the controller to work for a while, but thankfully our amazing technician got it working (something to do with conflicting ports).

I could then begin unboxing iPads. They came in bigger boxes of 5, so it was a case of entering the serial numbers on a spreadsheet, labelling each one and then making a big pile of the smaller, white boxes. Opening the first few is fun, but it does get a little tiresome after a while!

The next step was to use Apple Configurator to do a simple bit of setting up, mainly just to set it so that a custom wallpaper and iPad name appears on the lock screen. To do this, I had to use the ‘supervise’ mode, which means the iPad can only be connected to the one Mac which you’re running Apple Configurator on. This could be a real pain with syncing carts and iTunes, but I’m planning on running a completely ‘cloud’ setup, requiring no wired syncing, so this should be ok.

I didn’t manage to figure out how to deploy configuration profiles at this point, as I was hoping to set up wifi using a configuration setting rather than doing it manually. I didn’t finish them all though, so I might try that when I finish setting up the rest of them.

Here’s what’s left to do:

  • Create all the relevant Apple IDs (one per class)
  • Create @me.com email addresses
  • Decide on and download the apps on one iPad per class
  • Backup that iPad to iCloud and then restore it to the other iPads in the class set
  • Put on Parental Controls to stop apps being deleted
  • Set up iWork apps with an internal WebDAV server
  • Setup classroom macs so that downloads from iTunes automatically install on the class iPads
  • Put in cases and deploy!

Not too much really!

Deploy Studio and Gigabit Switches

Deploy Studio is a wonderful piece of software that lets you make a system image from a Mac and then deploy it to loads of other Macs from your Mac server.  I’ve just upgraded 16 iMacs to Lion like this, taking only about 10 minutes per machine (perhaps 20 minutes per machine if you’re doing 5 at the same time).  All you have to do is netboot (hold down ‘N’ when you turn on the Mac), which makes the computer boot up from Deploy Studio on the server.  Then you choose the image you want to deploy, and then it does it all for you.  Marvellous.  It even automatically binds it to the relevant directories as well.

And with gigabit ethernet, this process really is much faster that it used to (possibly even 10x!).

Toucan set this up for us, of which I am very appreciative. 

Giving up on Profile Manager

The promise of Lion’s Profile Manager seemed good: a nearly free way of managing all the macs and iPads on your network, pushing setting etc over air using Apple’s Push Notifications.

Except I can’t get it to work. The issue is that when you try and enrol an iOS device, it complains that the certificate is invalid. I’ve searched hi and low on the Interweb for solutions, and even tried out a few. However, the result has been even more of a mess, as far as I can tell!

45 iPads arrived at school today, just waiting for me to set them up ready for September. I was hoping to use Profile Manager as part of the setup process, but I think now I’ll just have to make do with Apple Configurator and iTunes. Hey ho.

Maybe more joy will be to had with Mountain Lion Server?

These guys at Amsys seem to have gotten it going, if anyone’s interested.