Managing Macs, iPhones, iPads and other Apple devices at scale is not something really native to iOS or OSX. Enter Fleetsmith. In sort of a Puppet-meets-Apple environment, the Fleetsmith team automates configuration, management and security of your Apple devices.
In this DevOps Chat we sit down with Fleetsmith co-founder and CEO Zack Blum and company adviser, Puppet co-founder Luke Kanies, to discuss the mission and challenge in managing Apple devices.
As usual, the streaming audio is immediately below, followed by the transcript of our conversation.
Alan Shimel: Hey everyone. Alan Shimel DevOps.com and we are here for another DevOps Chat. Excuse me. This episode of DevOps Chat features an old friend and a new friend. We have, first of all, cofounder and CEO of Fleetsmith, Zack Blum, who is the new friend. Zack, welcome.
Zack Blum: Thanks, so much. Great to be here.
Shimel: Okay. And then joining Zack is our old friend, Luke Kanies. And Luke really needs no introduction to our audience. Luke is the founder of Puppet.
Luke Kanies: Famous on the internet.
Shimel: Famous on the internet, but still puts a token in when he jumps on the subway. But anyway, Luke, welcome.
Kanies: Thank you very much for having me.
Shimel: So let’s get this out of the way right away. Luke, what’s your connection to Fleetsmith?
Kanies: I have been trying to help Zack and his cofounders, trying to tell all the stories of all the ridiculous mistakes that I made in hopes that they make only new mistakes.
Shimel: Wouldn’t that be a great thing? Man.
Kanies: We can dream, right? We can dream.
Shimel: Yeah. I was just going to say, if you can bottle that, man, you really would be famous. So Zack, before we even jump into Fleetsmith, then let – you know, Luke has told us what the connection is. Always interested to hear. How did you hook up with Luke and come about to – I’m going to assume you asked him to an advisor here.
Blum: Yeah. Well, it’s funny actually. Even before that, the interesting thing is Puppet itself was the inspiration for us starting Fleetsmith. So the connection goes really far back. I was the IT director at a company called wikia and we had this problem where we needed to manage our device fleet. So I asked around my peers at IT and security and talked to a guy at Dropbox and asked how they did it internally. And it turns out that they use a bunch of open source tools traditionally used by DevOps pros actually to manage their laptops.
So I went out and learned all about Puppet and realized, “Oh, my goodness. There is an amazing application opportunity here on the endpoint side.” So long story short, that guy at Dropbox, Jesse Endahl, became our cofounder and CSO; had a product. And Luke and Puppet were a major inspiration. So pretty cool.
Shimel: Very cool. Very cool. So let’s address Fleetsmith, right? What is it you guys do?
Blum: Yeah. Thanks so much for asking. We do a few things. We are a modern Apple device management product. So we help companies manage their corporate Macs, iPhones, iPads, and Apple TVs. And we really try to accomplish four things for our customers. Number one is making on boarding new hires as seamless as possible. So employees ramp right away. We do that by automating new device set up. So straight out of the box, to have a computer set themselves up.
The second one is we provide fleetwide device intelligence so that IT can see problems before employees get interrupted. We do that with really core reporting on exactly what’s going on out there. The third one is we provide employees with uniform, up-to-date computing environment. We do that through automating OS and third-party app packaging, patching, and the delivery of those as well as config for Wi-Fi printers and other tools.
And the fourth one, the last one, is we decrease business risk for customers by allowing them to enforce, in an automated way, security best practice so features like disk encryption with automatic key escrow, remote lock and wipe. And so those are the four things we do; really try to help companies of any size, especially small and medium businesses, take those best practices and apply them in an automated way without huge teams and huge _____.
Shimel: Excellent, man. You know, as crazy as it sounds, I almost feel like you serve an underserved business segment for first trillion dollar company ever, right?
Blum: Well, we think you’re right. Yeah unfortunately, too many of the companies that we come across have nothing in place at all; no visibility, no automation around this. Then there are a lot of companies who have something in place and it’s just incredibly tedious to administer. There are so many higher value things that IT and security can focus on than manual packaging of software updates.
You know, providing great customer service to their employees, helping them do better work. So we are really excited.
Shimel: You know, but this has always been a – I go back in my years in security. We – the company I helped found, kind of one of the pioneers in what we call the NAC market, the network access control. So it was a little different. As you would log onto a network, we would check your endpoint, whatever that might be, and make sure it conforms to whatever the policy that was set. And part of those policies were; were you up-to-date on your patches and your AVs and all that good stuff.
Shimel: And even then – and by the way, this was for three letter agencies and U.S. Department of Defense networks. Even then, checking Macs was like a black hole. Right?
Kanies: It’s always been that way.
Shimel: I’m sorry, what?
Kanies: It’s always been that way, for various reasons. And one of them is that they just haven’t been used as much. The second is that Macs have always been kind of cut out of IT policy. Either the Windows – the IT has always been run by Windows and they either say, no, you can’t have them, or, yes, you can have them, but don’t ever talk to us about them. So they’ve kind of always been out.
In the last 10, 15 years, Apple has really done a great job of building a device that is better for actual usage. So it started out very much in the consumerization of IT, which is how PCs got started in the ’80s, course, as people bring their own computers in. What then they started bringing their own Macs in. Now you look at, especially small companies, and they’ve gone from, “I’ve got a couple of Macs for my designers.” To, “Everyone have a Mac and I’ve got a couple of PCs because my accounting people have to use the Windows version of Excel for whatever reason.
Shimel: You know what? That’s exactly it. And it’s interesting that we get this kind of folks coming in. And one of my colleagues just joined here. I apologize. So when Macs were 2 percent of the market, maybe no one cared. But as we were talking off mic earlier, when you started getting to 20 percent or more of the market or thereabouts, that’s a number, right? That’s a sizable amount to worry about.
But how much are the – and I will throw it both at Luke and Zack. How much are the guys – and due to Apple’s professed policy of not wanting to be in the enterprise or not wanting to be in that business market of being a consumer brand? Right? And as a result, you know, if it walks like a duck, it quacks like a duck, but it’s really not a duck. Right how much of that is to blame here for our, up to this point, neglect of managing Macs in the workplace?
Blum: You want to start on that Luke?
Kanies: Sure. Honestly, I don’t think much is, for at least two reasons. No. 1 is that it wouldn’t have mattered if Apple had decided they really wanted to be enterprise. They would have failed. We know that because of taking multiple cracks at trying to do enterprise stuff and all of them fail. If they are lucky, they deflate quietly and just get brushed into a corner. If they’re unlucky, they fail relatively spectacularly.
So Apple has, in the past, fought against its own DNA and lost because that’s how it works, right? And when you look at Microsoft today and they are resurgent. And one of the ways they are resurgent is that they are doing a better job of being who they are rather than trying to be who they are not.
I think the second reason is that Windows was incredibly dominant for so long. The way in which Windows succeeded was very business oriented, very – and yes it was kind of user oriented at first, but that was long time ago. You know, when I came up and went to college in the 90s, my – first cut my teeth, I was a Solaris user. I was – back before there was Linux. So even then you wouldn’t choose between Windows and Mac and a corporate environment. You would choose between Windows and Solaris in a corporate environment.
Kanies: And again, you had a couple of designers in the corner and they had Macs what they did was really specialized. But I don’t really think it had anything to do with Apple. If anything, Apple was struggling to hold on at all. It was less that they weren’t an enterprise company and more that, “Wow. We found like two people who can’t live without our product that we going to make sure we do everything you can to make them as happy as possible and we’re not going to worry about anybody else. ”
And it was only when, kind of the world changed a lot, partially because Jobs came back. But partially because the world changed a lot, right? The internet came out. And the reason why you wanted a computer shifted from, “Because I need one for work,” to, “Because I need one at home.” Right? And if the iMac had been 10 years earlier, they wouldn’t have sold any because, why would you have a computer at your house in 1990. There was no – there is not nearly so much reason. But when you can dial-in, when you’ve got Internet, that really changed the world.
Then the trends, the drivers of computing shifted from entirely business use cases to at least 50/50 personal, business use cases. And one can argue today that the majority of drivers of how people think about their relation to computing is mostly driven by consumer use cases and that pushes to the enterprise. And we’ve seen this consumerization of IT trend going back decades. It’s more of a treadmill or an escalator than it is a one-time blip. But to me, this really explains why it matters now and it didn’t matter before, because that consumer use case driving so much of the story.
Shimel: Yeah. I mean, so Luke, I’m a little older than you, right? Solaris is … My first company, we ran you know, SPARC servers, UltraSPARC, actually. But –
Kanies: They may be slow, but they sure are expensive.
Shimel: Don’t even go there, man. But on top of that, I was an OS2 dude. I loved OS. I was running OS2 really early on. I still don’t understand why Windows is here and not OS2. But that’s another story.
Kanies: But you know, one of the things that I think has really enabled this is they used to be such a gulf, such a, frankly, a pain in the butt to move. If your colleague was on Mac and you are on Windows, you just had to give him a word file to use or spreadsheet or anything, for that matter. You know, reformatting discs and doing all that nonsense. Beyond the internet, interoperability between has really, I think forced it. But that’s – you know, that, it speaks for itself, right? A lot of us are using Macs today. I’m on a Mac right now.
Zack, one of the – and we shouldn’t just focus on Macs. We should focus on what the iPhones and the iPads and Apple TV and it’s is ubiquitous, man. Nothing drives security people battier then having sort of unknown devices or unmanaged devices or black holes in their network.
Shimel: And so I would imagine that’s the allure, if you will, of giving Fleetsmith a whirl.
Blum: Yeah, absolutely. And especially with the move to the internet of things. Even with computing devices like iOS and iPad, you had iPads, for example, in nontraditional computer roles like a front desk check in machine or the conference room calendar. Then you have, often, three devices comprising a conference room videoconference set up, right?
So these aren’t as much for individual employees anymore. These are sort of use case driven, almost appliance type applications. So not only do you have these unassigned, if you will, devices floating out there, they’re just on the internet. The corporate network as far as computer management and security of devices is dead, we need to secure the endpoints wherever they are and provide visibility.
So that’s one of the great things about a product like Fleetsmith is that we provide that things to security folks whatever network the devices on and whatever its application is. And I wanted to add one thing to what – continue Luke’s first point from before.
Apple absolutely has been a consumer company and now that there is such a high enterprise market share, they’ve actually stepped up and are building a lot of really great management APIs, kind of recognizing that third-party providers of MDM like us are then able to run with that where that is in our DNA. We are experienced IT and security folks. So they are doing some really exciting stuff that’s enabling further penetration into the enterprise stream.
Shimel: Absolutely. One other just question. This is something that’s kind of – it’s close to where I’ve come from in some ways. If I’m the IT guy or the security guy, I absolutely abhor having multiple management interface systems that I’ve got to work with. So I’ve got this to manage my Mac stuff and iOS. I got this to manage my Windows stuff. I got this to manage my Linux. I got my cloud management stuff.
How – does Fleetsmith integrate with any of, sort of the larger Windows or other kinds of device management products out there?
Blum: Alan, you’re talking about the fabled, single pane of glass. I think that’s what I’m hearing.
Shimel: Yeah. Well, the mythical single plane of glass, but okay.
Blum: That’s right. Well, you said it. To answer your question directly, we do integrate with G-Suite and Office365 so that when people adopt Fleetsmith they don’t have a ton of manual data entry for their inventory. But aside from that, as far as devices go, there’s kind of the suite – device management, there is the suite approach and the best-of-breed approach.
Unless you have incredibly, incredibly simple needs, usually the suite approach, you know, these companies that build management for every single OS, really fall short in all but one. They really started as a signal platform and just tacked on a couple of checkboxes. So unfortunately, in today’s world the reality is that if you need zero touch deployment, you need to automate the setup of the devices and you need FileVault disk encryption with automated _____ _____ _____. You need to make sure everything is encrypted. You really need the best-of-breed solution.
So we do all of Apple and there is some products that do all of Windows, a lot out of Microsoft. And past a certain point, those are pretty much just a requirement today.
Kanies: I would go a little further and say I would add a different dimension that’s less platform because Puppet, for example, is promiscuously cross-platform, but almost entirely server-side. So you can use, as Zack found in the early days, you can use Puppet to manage your desktops. But what you will find is just a constant low-level of friction in doing so because so much of our workflow, so much of the experience is built around servers.
You might say, “Why is it hard to – if you are servicing more complicated than desktops why is it hard to manage them?” The answer is, desktops are off all the time, laptops are off all the time, they check in from different networks all the time. You don’t get to decide when is a good time for the user to reboot their computer. The user really has to decide.
You’ve got to build a completely different experience around the product. It’s something that could be done, but there was a lot of friction. So I would say that I agree with that point, that you got to pick best-of-breed. And part of that dimension is what platform you’re talking about managing. Certainly a Windows solution… A solution for Windows being used to manage your Macs is not a great idea. But also, I think a solution for servers, a solution for back in, is not a great solution to manage desktops and laptops.
That’s really where you do need a different solution. And not that it’s impossible that you could have a company doing both, but it’s unlikely and it certainly hasn’t happened yet.
Shimel: Got it. Got it. Got it. Guys, we are right on the top of the hour. Unfortunately, I need to end it right here. But before we do, Zack, really quickly, people can get more information about Fleetsmith at…?
Blum: Yeah, just go to Fleetsmith.com.
Shimel: Okay. And you know what? Maybe we could follow up in a couple of weeks before the end of the year because I do think the whole issue of Mac management as well as non-computer – or nontraditional PC devices, whether they be iPads or some sort of IoT and whether they’re running, frankly iOS or some other non-windows, non-Linux – well, maybe Linux. The idea of keeping them compliant, with whether it be a security policy, access policies, what have you, is a really big problem a lot of companies try to tackle, but they tend to stay in the low hanging fruit way rather than maybe some of the corner cases, as bad as a corner case as it may be, you know, it’s still not the mainstream like that.
Blum: Yeah. Absolutely. I could talk about that all day. I would love to.
Shimel: All right. We will schedule something. Hey Luke, I’m sorry we didn’t have enough time to really dig into what else you got going on. But maybe we can do a follow up at some point on that as well.
Kanies: That would be great. I will warn you that most of what I’m doing next is pointedly not very DevOps. I took 20 years in one industry. It has been enough.
Shimel: Thank you.
Kanies: So there is a lot that I’m working on but it’s taking the lessons of the last 20 years and trying to use some of the same tools in different places with different people.
Shimel: That’s not a bad thing either, my friend. As you said earlier, it’s life.
Shimel: Good luck with it though, and we will be in touch. Guys, thanks for being our guests on this episode of DevOps Chat. Fleetsmith.com, that’s; F-L-E-E-T-S-M-I-T-H.com. If you’re looking to manage and secure your Macs or iOS devices, worth checking out.
This is Alan Shimel for DevOps.com. Until next time, everyone, have a great day. Bye-bye.
Kanies: Thanks so much, Alan.