DTS seeks to provide the best technological environment to support LSE in its learning, teaching, research, and administration. As a part of that we need to ensure that we are providing a safe network and secure devices for people to use, protecting the integrity and confidentiality of our systems and data, helping contribute to a vibrant teaching and research environment and meeting enhanced security requirements many of our data suppliers and course commissioners expect us to meet at minimum. An important element in getting the balance of these goals is securing our devices from attack, with Higher Education being one of the primary targets for cyber-attacks from both nation states and criminal gangs. A key part of this involves making sure we can maintain and update all LSE-owned devices that access our systems and services, so we can ensure operating systems are up to date, applications patched and critical vulnerabilities that attackers can exploit on- or off-campus are removed. This work is known as device management (or sometimes mobile device management or MDM), and DTS are in the process of extending this process initially to all Apple devices, and then later to Windows devices owned by the School.
The existing solution for Apple devices has reached its end of life and is no longer fit for purpose – existing Apple devices are not able to receive updates to various applications and operating systems resulting in users missing out on the latest functionality, security updates and vulnerability patches.
The new cloud-based management system (dataJAR.mobi) is the current version of our previous management solution (JAMF Pro). Unfortunately, due to restrictions imposed by Apple, the management system does not allow a straightforward migration, this means the devices need to be rebuilt from scratch when they are migrated.
The new management solution will provide the same capabilities including the retention of admin rights post-migration.
- For people who have admin access on their existing Macs or who will need it on new Macs to carry out their roles, admin access will continue to be granted when requested. (The security standards that we need to apply limit use of admin rights to when they are essential. Even with local admin rights certain actions, such as changing some security settings, will be restricted. As we roll out other security related technologies how these additional access rights are granted will change.)
- The LSE Store provides a comprehensive range of existing applications via the DataJAR.mobi self-service portal. We add to it on a daily basis, as we continue to engage with people to ascertain the applications they require. Please see our current list of applications
It also provides these benefits:
- Compatibility with the latest macOS, ensuring optimal performance and functionality.
- Applications will be updated to the latest versions within 7 days to ensure changes to the latest functionality after some initial testing – please note on occasion we will retain a specific version of software if required for teaching purposes, or to retain OS compatibility.
- Applications will be patched with the latest security patches automatically and where vulnerabilities are identified will be securely updated as soon as possible.
- New applications that are requested by users will usually be available within 24 hours. Further information on requesting new applications
However, there are also some changes; one side effect of registering computers in the management system is that the standard Apple store can no longer be used, and the software you need is delivered via an LSE App Store (dataJAR.mobi portal). As outlined above we've already packaged most of the software you should need and will continue to add to this catalogue. We have already provisioned nearly 200 applications in dataJAR.mobi self-service portal since deployment with more being added every day. Over the last month we had over 7500 installs from self-service.