The Casper Suite is a management platform for OS X computers providing inventory, software distribution, operating system imaging, settings and security management.
The Casper Suite allows IT administrators to proactively manage equipment lifecycles, efficiently deploy software and policies in a consistent method, and provides data for troubleshooting computer issues.
More information regarding the Casper Suite can be found here.
The MIT Casper implementation has been customized in consultation with IT Security Systems & Services team (ITSSS) to only collect necessary data to assist in the central management of Macs. Information collected includes:
- Hardware specifications
- Applications installed
- Services running
- Available software updates
- List of local user accounts
- Firewall status (enabled/disabled)
- SSHd status (enabled/disabled)
- TSM nodename and server
- KerbID based on the MIT personal certificate installed on the computer
Note: The Casper Suite is NOT configured to collect Application Usage, User login/logout timestamps, contents or names of personal files (documents, email, etc) or any browsing history.
The Casper Suite consists of a management server (JAMF Software Server - JSS), and a client on each managed computer.
The Casper client checks with the JSS at computer startup and every 15 minutes, causing 2KB of network traffic, 4MB Real Memory, and 0.10 CPU time. In addition, computer inventory is uploaded to the JSS once a day, causing less than 200KB of network traffic, 8MB Real Memory, and 3.74 CPU time. Client/Server communication is encrypted by a certificate pair configured when the client is installed.
Currently, the JSS is only accessible from the MIT network (on-campus and through the VPN).
Starting in May 2012, new computer deployments that are part of the Desktop Renewal Program will have the Casper client pre-installed unless requested otherwise.
The second phase of the project will have DITR consultants manually installing the Caper client on computers in the DLC after consulting with their clients.
- A hidden local service account named 'casper' is created. This account has a randomized 12 digit password that functions similar to TSM passwords (the client and server know it, but it is not human readable). The management account is hidden from the logon window. However, if 'Display Logon Window' is set to 'List of users', you will see a new entry named 'Other', which provides a username and password box for login.
- Installs the Casper Self Service Applications under /Applications/Self Service.app. This application requires logon with kerberos credentials. See the question "What is the Self Service App" below.
- Adds a Mobile Device Management (MDM) enrollment profile, Apple's technology to provide configuration profiles (XML files that load settings and authorization information) onto Mac OS X using Apple Push Notification Services.
In addition, here's a complete list of all the files and folders that are installed when the Casper client is installed. Please note that our implementation of the JAMF Software Server has been customized and not all components listed in the link are added.
Since the Casper Suite is a tool to assist in managing Mac OS X clients, certain policies and software can be centrally deployed.
Clients will be informed in conjunction with their DITR consultant before any changes are applied, and only software sanctioned by the IS&T Software Release Team (SWRT) will be deployed.
The Self Service application is an MIT-specific portal similar to the Apple App Store that provides access to software, links, and the end-user flexibility of choosing what to install and when to install it.
The contents of Self Service are centrally maintained and will be updated regularly, so please poke around and check back often. Let us know if you have ideas for what could be offered by emailing DITR Mac Workgroup
If you have concerns about the Casper client, please do not hesitate to contact the DITR Mac Workgroup
While the Casper client does not come with an uninstaller, it can be cleanly removed by running this command: jamf removeFramework
Please send an e-mail to DITR Mac Workgroup