Since 2009, Unbounce has helped marketers and digital agencies increase website and campaign conversions. Unbounce’s landing page and conversion marketing platform allow marketers to quickly create, launch and test high-converting landing pages, popups, and sticky bars without developers. With unrivaled customer support, global hosting and 99.95% server uptime, Unbounce has powered over 250 million conversions for marketers around the world.
Tim Fitzgerald is a Systems Administrator at Unbounce. He is responsible for developing and managing Unbounce’s macOS deployment for a rapidly growing user base, which currently consists of multiple office locations and a number of remote employees. Tim’s guidance and skills have been instrumental in successfully moving Unbounce’s deployment onto MDM as well as implementing and maintaining their Munki infrastructure.
A fast, secure, and touchless deployment process
An end-result that provides users immediately with all the software and accounts they need
The ability to reliably deploy Macs for remote employees without the need for an on-site technician
AWS + CloudFront
Unboxing to enrollment
Like many others, Tim’s goal for his macOS deployment is to set up devices quickly and with as little end-user interaction as possible. The deployment process starts with devices being enrolled using Apple DEP as soon as they are unboxed and activated. As specified by the DEP enrollment settings, many of the initial Setup Assistant panes are skipped, a local administrator account is created automatically and hidden from other local user accounts, and the end user is prompted to interactively create an administrator account.
Bootstrapping configurations & software
During the enrollment via DEP, devices are assigned to a “bootstrap” device group, which applies an initial Munki configuration profile, a wireless network profile, and installs the InstallApplications package.
The InstallApplications package installs a variety of items during the Setup Assistant stage, including Munki tools, an AWS CloudFront Middleware package, certificates, and a DEPNotify package. The certificates are used for authentication via CloudFront when accessing the Munki repository on AWS. This CloudFront Middleware provides an additional layer of security so that only MDM-enrolled devices can access the company’s Munki repo, as well as reduces potential costs by limiting the number of requests made to the AWS-hosted repository.
When the user account is created and the user logs in, the DEPNotify package runs a script to launch a DEPNotify window. This window includes Unbounce’s branding and a greeting message welcoming the user to Unbounce. This script reads from the Munki logs to retrieve information about package/application download statuses and then updates the DEPNotfiy window to keep the user informed about the setup progress. While this is happening, a second script runs that automatically configures the dock settings/icons. Upon completion, DEPNotify provides the user with contact information for the Unbounce IT team in case they have any questions or issues.
Role-specific device configuration
At this point, the main bootstrapping process is finished. From here, an MDM administrator will assign the device to its destination device group which is determined based on who will be using the Mac. This group then assigns a variety of additional configuration profiles, including a FileVault profile, Passcode Policy profile, a custom configuration to enforce ‘Always-On’ Firewall, a custom Energy Saver configuration, and a second Munki configuration based on which department the device will be used in. This second Munki profile specifies which additional software will be installed via Munki – for example, Mac assigned to developers will receive development-specific apps/software, designers will receive their design software, etc.
Upon completion, the machine is prepped and ready for the employee to start working on immediately, with all the software they need to complete their job tasks.
SimpleMDM is a mobile device management solution that helps IT teams securely update, monitor, and license Apple devices in a matter of minutes — all while staying on top of Apple updates automatically.