Access Keys:
Skip to content (Access Key - 0)

Casper Suite

Q: What is the Casper Suite?

The Casper Suite is a management platform for OS X computers providing inventory, software distribution, operating system imaging, settings and security management.

The Casper Suite allows IT administrators to proactively manage equipment lifecycles, efficiently deploy software and policies in a consistent method, and provides data for troubleshooting computer issues.

More information regarding the Casper Suite can be found here.

Q: What information does the Casper Suite collect as inventory?

The MIT Casper implementation has been customized in consultation with IT Security Systems & Services team (ITSSS) to only collect necessary data to assist in the central management of Macs. Information collected includes:

  • Hardware specifications
  • Applications installed
  • Services running
  • Available software updates
  • List of local user accounts
  • Firewall status (enabled/disabled)
  • SSHd status (enabled/disabled)
  • TSM nodename and server
  • KerbID based on the MIT personal certificate installed on the computer

Note: The Casper Suite is NOT configured to collect Application Usage, User login/logout timestamps, contents or names of personal files (documents, email, etc) or any browsing history.

Q: How does the Casper Suite work?

The Casper Suite consists of a management server (JAMF Software Server - JSS), and a client on each managed computer.

The Casper client checks with the JSS at computer startup and every 15 minutes, causing 2KB of network traffic, 4MB Real Memory, and 0.10 CPU time. In addition, computer inventory is uploaded to the JSS once a day, causing less than 200KB of network traffic, 8MB Real Memory, and 3.74 CPU time. Client/Server communication is encrypted by a certificate pair configured when the client is installed.

Currently, the JSS is only accessible from the MIT network (on-campus and through the VPN).

Q: How is the Casper client installed on the computer?

Starting in May 2012, new computer deployments that are part of the Desktop Renewal Program will have the Casper client pre-installed unless requested otherwise.

The second phase of the project will have DITR consultants manually installing the Caper client on computers in the DLC after consulting with their clients.

Q: What changes will I see once the Casper client is installed on the computer?

  • A hidden local service account named 'casper' is created. This account has a randomized 12 digit password that functions similar to TSM passwords (the client and server know it, but it is not human readable). The management account is hidden from the logon window. However, if 'Display Logon Window' is set to 'List of users', you will see a new entry named 'Other', which provides a username and password box for login.
  • Installs the Casper Self Service Applications under /Applications/Self Service.app. This application requires logon with kerberos credentials. See the question "What is the Self Service App" below.
  • Adds a Mobile Device Management (MDM) enrollment profile, Apple's technology to provide configuration profiles (XML files that load settings and authorization information) onto Mac OS X using Apple Push Notification Services.

In addition, here's a complete list of all the files and folders that are installed when the Casper client is installed. Please note that our implementation of the JAMF Software Server has been customized and not all components listed in the link are added.

Q: Will you be installing software on the computer?

Since the Casper Suite is a tool to assist in managing Mac OS X clients, certain policies and software can be centrally deployed.

Clients will be informed in conjunction with their DITR consultant before any changes are applied, and only software sanctioned by the IS&T Software Release Team (SWRT) will be deployed.

Q: What is the Self Service App?

The Self Service application is an MIT-specific portal similar to the Apple App Store that provides access to software, links, and the end-user flexibility of choosing what to install and when to install it.

The contents of Self Service are centrally maintained and will be updated regularly, so please poke around and check back often. Let us know if you have ideas for what could be offered by emailing DITR Mac Workgroup

Q: How do I uninstall the Casper client?

If you have concerns about the Casper client, please do not hesitate to contact the DITR Mac Workgroup

While the Casper client does not come with an uninstaller, it can be cleanly removed by running this command: jamf removeFramework

Q: What if I have other questions?

Please send an e-mail to DITR Mac Workgroup

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

September 04, 2013

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
casper casper Delete
mac mac Delete
ditr ditr Delete
jamf jamf Delete
jss jss Delete
c-mac-os c-mac-os Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki