A digital publication from the J. Willard Marriott Library

June 2025 – MacAdmins Meeting

11 Jun June 2025 – MacAdmins Meeting

Posted at 12:44h in Administration, Automation, Client Management, Documentation, Enterprise, Event, Higher Education, Information Technology, Jamf Pro, Mac, Meeting, Swift by
0 Likes

June 18th, 2025 – University of Utah, MacAdmins Meeting

mac_mgrs_crowd

The University of Utah MacAdmins Meeting is held virtually monthly on the 3rd Wednesday of each month at 11 AM Mountain Time. Presentations cover Apple technology and integration in a heterogeneous university enterprise environment. This month’s meeting will be held on Wed, June 18th, 2025, at 11 AM MT, and we will provide live broadcasts and archives that will be made available 2-3 days after the meeting.

 

IBM Data Shift – Simone Martorelli , IBM

This presentation will be a brief overview of the IBM Data Shift project—its origins, development journey, and deployment. The session will also cover how to configure/rebrand the tool and what to expect from its future evolution.

When it comes to Mac migrations, enterprises encounter complexities that personal device users typically don’t face. Managed Device Environments, for instance, have high-security standards and stringent configuration needs that general migration tools aren’t designed to meet. While Apple’s Migration Assistant is well-suited for a personal environment, it may lead to headaches in a managed setting. Some of the main challenges include: 

  • Post-Setup Migration Issues: it often disrupts essential connections to Jamf Pro, requiring complex remediation efforts to restore communication. 
  • MDM and Configuration Conflicts: it frequently creates a new user account that isn’t MDM-compatible, complicating the deployment of managed configurations. 
  • Time-Consuming Processes: standard migration processes can be lengthy, leaving users with delayed access to their devices until the transfer completes. 

IBM Data Shift was created with one goal in mind: to deliver an efficient, future-proof migration experience that meets the demands of managed environments. IBM Data Shift allows the Mac@IBM team to maintain a seamless migration experience while preserving critical management connections and configurations. Here’s how it works: 

  • Device Pairing and Connection: IBM Data Shift operates on both old and new devices, pairing them securely via Wi-Fi or Thunderbolt connection, using TLS-PSK encryption to ensure data security. 
  • Flexible Migration Options: users can select a “Lite” option, migrating only documents and desktop folders, or a “Complete” migration that includes the user folder, applications, and selected preferences. Additionally, an advanced option allows users to hand-pick  specific files and applications. 
  • Real-Time Guidance During Migration: the IBM Data Shift app ensures both the source and destination devices stay awake, displays the estimated time for completion, and advises against file interactions during the transfer—providing a seamless experience for users. 
  • Flexible Post-Migration Steps: IBM Data Shift is designed with the intent to accommodate workflows specific to each organization. Post-migration options include a device reboot, an optional Apple ID login for iCloud syncing, and a Jamf Inventory Update. 

Built entirely in Swift, IBM Data Shift leverages SwiftUI, Combine, and Apple’s Network Framework. Secure pairing and communication between devices are handled through TLS-PSK. It doesn’t use any third-party libraries. This focus on native Apple technologies not only enhances security but also ensures long-term compatibility and fewer unexpected issues. IBM Data Shift is compatible with macOS 12 and later. 

About Simone Martorelli

Simone Martorelli joined IBM in 2020 as a Senior Software Engineer on the Mac@IBM team, based in Bratislava. He specializes in native development for Apple operating systems. A passionate football and tennis fan, he supports Inter Milan and Jannik Sinner—though lately, it hasn’t exactly been a season to celebrate.

ACME Certificate Management – Mike Malone, Smallstep

In today’s rapidly evolving IT landscape, secure communication is non-negotiable, yet the manual management of digital certificates remains a significant burden for IT teams—especially for MacAdmins managing large fleets. The ACME protocol—Automated Certificate Management Environment—was designed to eliminate this complexity. Originally popularized by Let’s Encrypt, ACME now powers a new era of automation, enabling devices and applications to seamlessly request, renew, and revoke certificates without human intervention.


At Smallstep, we’ve extended the power of ACME beyond websites and servers, bringing it into modern enterprise environments. This means MacAdmins can now automate the entire certificate lifecycle on macOS endpoints—issuing Wi-Fi, VPN, SCEP replacement, and client authentication certificates with minimal setup. With tools like step-ca and step CLI, certificates can be securely provisioned based on device or user identity and integrated directly into MDM workflows. No more expired certs, no more fragile scripts. ACME does the hard work—securely, transparently, and automatically.

About Mike Malone

As Founder and CEO, Mike and the team at Smallstep aim to solve the missing half of Zero Trust by ensuring only trusted devices can access sensitive resources with high-assurance device identity. As a published author in cybersecurity policy, and an experienced Lead Architect and CTO, Mike is a self-described nerd with a degree in Business Information Systems from Virginia Tech. Malone witnessed the security challenges in large, distributed systems firsthand, and is passionate about solving them at scale.

 

iCloud Private Relay – Jedda Wignall, Beyond the Box

Apple describes Network Relay and MASQUE as a “modern alternative to VPNs”, and it’s already in production on hundreds of millions of devices via iCloud Private Relay. This emerging technology is built on secure, high-performance protocols designed for the future of the web.



In this session, we will:- introduce and unpack the core technologies behind Network Relay,

– Demonstrate real-world examples and use cases on Apple platforms,
– Compare relays and traditional VPNs, and
– Highlight key challenges and takeaways for Apple and network admins

About Adam Selby

Jedda is an Australian infosec & technology consultant from Melbourne, Australia with a focus on Apple platform security & user experience. His interests include applied cryptography, network protocols, identity & attestation. He holds a CISSP certification and is a member of the Australian Information Security Association (AISA). His favorite Mac is the Performa 5400.

 

Open Discussion

Questions, comments, problems, and fixes.

Directions

This meeting will not be held in person but virtually via Zoom video communications architecture.

With Zoom, we will implement the following security best practices:
 
  • Require a Password to Join This meeting will require a password to join. Information will be emailed via a campus internal list, but if you are external and want to attend the meeting, please use the Contact Us form to receive details. Otherwise, the archive of the meeting will be available 2-3 days after the live meeting.

  • Waiting Room When joining the meeting, you will be placed in the Waiting Room by default, and the hosts will give you access to the live meeting.

  • Miscellaneous We will also implement other settings and safeguards to secure the meeting.

Archived Presentation(s)

  • Archives of the presentations will be available on this web page.
No Comments

Leave a Reply

OSZAR »