The Difficult Life of a Mac in the Mixed Environment

Thursday, February 02, 2012

Bozidar Spirovski


Just before the sad event of Steve Jobs death, we obtained a MacBook. While everyone is still immersed in reading the biography, we embarked on the journey of using a new OS for the first time.

Here are the positive experiences and gripes that we found when using it in a multi-purpose multi-platform environment...

Please note that we are just starting up using the Mac, and some of our issues may have solutions that we haven't found yet.

The Environment

The MacBook arrived in the very mixed environment of Shortinfosec:

  • Domain - an active AD Win2008 functional level domain, but used only for testing. The computers are only added to the domain to do research related to the domain.
  • Computers - Work is done on our laptops - HPs, Lenovo and Acer running Windows 7, Vista and Ubuntu
  • Virtual environment - Virtual Box and VMWare player based virtual machines, mostly bridged network
  • Network - 802.11 n Wifi and wired 1 Gbps Ethernet network. Cisco and Huawei network elements
  • VPN - Cisco IPsec VPN for remote access
  • Storage - iSCSI based storage server, built around an Openfiler storage server, on the wired LAN segment
  • Printing - a very old HP LaseJet printer, so old that we have to use a Centronix to USB convertor, so we attach it to any laptop we need.

What we do on this environment:

  • Testing and honing skills of attack tools
  • Running test scenarios on corporate products
  • Active Directory fiddling and trying to break
  • Playing games
  • Blog management
  • A lot of article and paper writing
  • Java development
  • Odd accounting jobs
  • Lots of games ;)

The Positives

We like to start on a positive note, so here are the things we like about our Mac:

  • User experience - as Steve Jobs insisted, the user experience of working in Mac Applications on the Mac is seamless. Everything just runs. Even attaching external hardware a 20 year old printer was a breeze - much easier then doing the same on Vista.
  • Battery life - the battery life is simply outstanding. The commercials say that the Mac can do 7 hours on battery, and that is quite true, for working in word processor, at 65% screen brightness.
  • Portability - not really comparable, since all other laptops are 15'', but the Mac is very easy on the shoulders, and an excellent companion at meetings.
  • Speed of functions - all implemented functions within the OS are implemented VERY WELL. For example, the Cisco IPSec VPN connection using the native Lion client authenticates at least 10 seconds faster than the Cisco VPN Client for 64bit Windows 7 (we actually measured)

The Gripes

Naturally, not everything is that great, and here are the frustrations that we faced with our Mac:

  • The keyboard shortcuts - putting an IT pro who worked on a PC and Unix for 20 years in front of a Mac running OSX is a special kind of hell: NONE of the keyboard shortcuts are the same, and it a significant effort to shift to OSX shortcuts. They are not illogical, only completely different, which hampers productivity for anyone used to do much of their work on a keyboard.
  • Interoperability with other platforms - There are interoperability gripes with a lot of stuff. The Mac can join an AD domain (sort of), but we had a lot of stress getting the Mac to use cached credentials. Mostly the same happened with a Linux based LDAP service.
  • Software is missing - A lot of productivity software that we are used to is missing for Mac - we stumbled on Visio, then on MS Project, then on Notepad++, then on 7zip... We didn't go into developing Java in Eclipse, because of the following point. Mind, there are replacements for most of the software we were missing, but productivity was hampered since we needed to find the appropriate software, buy it and learn how to use it. VMware player is nonexistent for Mac, we are limited to VirtualBox.
  • Lacking native support for obvious items - first disaster - no support for NTFS write. We had to revert to the dreaded FAT32, which was a deal breaker for development. As if that wasn't enough, iSCSI is not natively supported, which further killed any attempt at accessing the large Java codebase on our iSCSI fileserver.
  • Remote access - So far we haven't discovered an efficient native tool to access and work on our Mac remotely. The Apple Remote Desktop is a shameless highway robbery - why should any company or user need to pay any money to access and manage a single Mac remotely? We are at the moment trying out VNC, which is not a very preferred platform.
  • No Native or Free Disk Encryption - (Updated, thanks to comments on Up to OSX 10.6 only Sophos SafeGuard provided full disk encryption for a Mac. For OSX 10.7 there is FileVault full disk encryption, but we haven't tried it.

Conclusions and thoughts

We are not abandoning the Mac - it is a great tool and an asset in our little lab. But in the current state of things, it takes a lot of effort and compromise to fully migrate to a Mac platform, especially since a multi-environment knowledge is required.

If today someone asks us whether a Mac is a good idea for company use, we would not be very supportive
for the following reasons:

  • Business Software lack of compatibility
  • (Updated per the comment of Ryan Black) Incompatibility with writing to NTFS filsystem (which is everywhere) (previously stated NTFS fileservers - fileservers are accessed through SMB, which is supported)
  • Learning Curve for efficient use

Talkback and comments are most welcome...

Cross-posted from Information Security Short Takes

Possibly Related Articles:
Operating Systems
Information Security
Encryption Software Virtualization Remote Access VPN Mac Integration Enterprise Resource Planning Bozidar Spirovski Interoperability compatibility file servers
Post Rating I Like this!
Laura Walker Thank you for posting this detailed experience. I was just recommended shifting to a MacBook Pro for deployments and this is a really handy guide for adjusting. Really, can't thank you enough. Perfect timing =)
Tiago Rosado Just some tips and error correction:
The keyboard shortcuts - replace the ctrl (windows) by the cmd key for shortcuts
Interoperability with other platforms - If you are using the Kerberos in the AD and OpenLDAP make sure that the NTP is the same for the Mac client,i.e., use the AD NTP service (this might solve your cached issues), for complete Mac (machine) control you'll need a Server version running OpenDirectory (Apple's implementation for LDAP), beside the above pointed out NTP issue integrating a Mac with and AD or OpenLDAP is very simple and straight forward.
iSCSI is not natively supported - Just use GlobalSAN Xtarget
No Native or Free Disk Encryption - FileVault is there since 10.4 Tiger ;)
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.