¶ Mac OS SASE Client Deployment using RMM
SASE architecture allow IT to deliver networking and security to all locations, applications and users. This happens through tight integration of networking and security delivered through a single cloud platform. But one of the fundamental elements of SASE is its identity-based policy framework.
The identity of users and devices is the foundation of how SASE delivers its policy-driven access. Exium's SASE solution offers both user identity and device identity based access and policies. The two methods described below are part of the broader deployments methods described here.
The Mac scripts provided in Customer portal can be run locally on the machine or pushed via any RMM tool or Intune remote deployment tool.
¶ RMM - Device Based Client Activation
SASE architecture allows IT to deliver networking and security to all locations, applications and users. This happens through tight integration of networking and security delivered through a single cloud platform. But one of the fundamental elements of SASE is its identity-based policy framework.
The identity of users and devices is the foundation of how SASE delivers its policy-driven access. Exium' SASE solution offers both user identity and device identity based access and policies. In the case of the Device Based Client Authentication deployment, described below, the security policies can only be applied at the device or endpoint level. If you desire to apply user level policies, see other methods of deployments here.
For Device Based Deployment, follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Admin console in the left menu bar
- Click on “Users and Devices” → “RMM Deployment” as shown in the screenshot below
- Select your device type (Windows, Mac etc.)
- Copy the script and push it to the user's device (or run locally on the machine for early testing)
Note the script you copy this way already has TOKEN and Workspace name. You do not need to modify the script as it is complete for deployment.
¶ Copy script for Deployment using ConnectWise RMM
After selecting 'Device based (Remote)' , Please select “CW RMM” option in drop down to select Mac script.
¶ Method 3A: Include user information in the Script
In this approach, individual user information needs to be passed as additional input parameter. You may automate this process if you have information linking users to devices in your RMM system.
We have made it easy for you to copy the script for a user deployment. Note the script copied below can also be run locally with admin or root privilege on the machine to test before pushing it via RMM.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users in the left menu bar
- Click on the icon with the down arrow sign next to the user as shown in the Figure below
- Select your device type (Windows, Mac etc.)
- Copy the script and push it to the user's device (or run locally on the machine for early testing)
Note the script you copy this way already has TOKEN, Workspace name and user name included. You do not need to modify the script as it is complete for deployment for a particular user.
¶ MacOS Client Deployment using RMM
MacOS Client deployment is done using shell scripts and they can be deployed using any RMM Framework. Based on the deployment approach, copy the script (one line) following steps mentioned
if RMM framework supports Bash Shell commands, Copy script directly in to shell and deploy the client.
If Framework looks for bash file to be uploaded, you can create a file and upload it. Following is example to create a sample bash script file. Paste the copied installation script from admin console to a file as shown below and save it with .sh (Example: test.sh). upload the script file into RMM framework.
#!/bin/bash
****** Paste the copied script (one line) from admin console here ****
Client Installation may take up to 25 mins if prerequisite tools are missing and needs to be installed. Please select longest duration possible for script timeout to make sure installation script executes completely. Typically on slower network connections, installation will take 15 ~25 mins based on the tools to be installed. If the RMM framework does not provide an option to select a duration of more than 10 Minutes, please use separate scripts as described in the next sections.
¶ MacOS Client Deployment in Multiple steps to avoid script timeout
The timeout can be avoided by breaking the deployment into 2 or 3 steps. We provide 3 separate scripts for deployment in steps.
- Pre-Requisite tools installation ( This will install Xcode command line utils)
- Pkg Manager ( This will install home-brew needed for installation. This also install Xcode command-line utils if they are not installed)
- Once these are installed, Please follow steps mentioned in section “MacOS Client Deployment using RMM” to install client.
Please see next sections for steps to install #1 and #2
Please try script #2 (Pkg Manager) first, This installs all required for prerequisites (that means including script 1) also. However, even if this script takes longer than RMM allowed time, Please run #1 and #2 sequentially.
¶ Mac Client - Pre requisite tools installation
Copy full uninstall script from admin console and follow same steps as Installation in Intune
- Navigate to the MSP admin console -> Client Workspace
- Click on “Users and devices”
- Click on “RMM deployment”
- Please go to “prerequisites tools installation” and click on button to copy script as shown in screenshot
if RMM framework supports Bash Shell commands, Copy script directly in to shell.
If Framework looks for bash file to be uploaded, you can create a file and upload it. Following is example to create a sample bash script file. Paste the copied installation script from admin console to a file as shown below and save it with .sh (Example: test.sh). upload the script file into RMM framework.
#!/bin/bash
****** Paste the copied script (one line) from admin console here ****¶ Mac Client - Package Manager installation
Copy full uninstall script from admin console and follow same steps as Installation in Intune
- Navigate to the MSP admin console -> Client Workspace
- Click on “Users and devices”
- Click on “RMM deployment”
- Please go to “ Package Manager” and click on button to copy script as shown in screenshot
if RMM framework supports Bash Shell commands, Copy script directly in to shell.
If Framework looks for bash file to be uploaded, you can create a file and upload it. Following is example to create a sample bash script file. Paste the copied installation script from admin console to a file as shown below and save it with .sh (Example: test.sh). upload the script file into RMM framework.
#!/bin/bash
****** Paste the copied script (one line) from admin console here ****
¶ Mac Client Uninstallation
Copy uninstall script from admin console and follow same steps as Installation in Intune
¶ Mac Client Uninstallation (including home-brew)
Copy full uninstall script from admin console and follow same steps as Installation in Intune