This is episode nine in our series on setting up and managing devices using Server’s Profile Manager service.
If you’re just tuning in now, you’ll want to look at:
- A Primer in Profile Manager
- The Setup
- The Server App
- Manage Your Server Remotely
- Set Up Open Directory
- Turn on Profile Manager
- Add Users, Enable Device Management
- Enrolling and Managing Devices
What’s in a payload?
At the end of the last episode you enrolled a device in Profile Manager and pushed out a configuration change to your Mac by creating a Dock payload. According to Apple’s Profile Manager Help:
Configuration profiles are XML files consisting of payloads that load settings and authorization information onto Apple devices such as iPhone, iPad, iPod touch, Mac, and Apple TV. Profile Manager can create and install profiles on any of these devices.
A payload is nothing more than a fancy term for settings. Profiles are a collection of payloads. By creating payloads you can easily deploy settings to devices enrolled in your system.
We did not remove the Dock settings after last episode’s exercises. So let’s have a look at how settings can be removed remotely.
- Open System Preferences.
- Select the Profiles preference.
- Open Safari.
- Log in to Profile Manager by typing
yourserver.yourdomain.com/profilemanagerin the address bar.
- Log in as an administrative user.
- Select Devices in the Profile Manager sidebar.
- Select the device you enrolled in last week’s exercises.
- Place the System Preferences window next to the Profile Manager Web browser window. What you see should look something like this.
Note that you have at least three profiles installed.
- A trust profile.
- A remote management profile.
- A settings profile for your managed device.
Let’s remove the settings profile.
- Click the Settings tab in Profile Manager for your device.
- Click the Edit button.
- Scroll down to and select the Dock payload.
- Click the “-” button at the upper right-hand side of the Dock payload.
- Click the OK button.
- You will see a dialog box asking if you want to remove all settings from this profile. Click Remove All Settings.
- Click the Save button, then keep your eye on the Profiles preference in System Preferences.
You should see the settings Profile disappear from the Profiles preference and your Dock should go back to what it was before you changed the settings in Profile Manager. All within a matter of seconds after the moment you click the Save button. All through the power of Push Notifications.
The down-low on Apple’s Push Notification Service
This raises an interesting question about Push Notifications, how they work, and what kind of data is passing through Apple’s servers on its way to your devices. You’d be right to be concerned that your configuration data is passing through Apple’s servers and you should be happy to know that it’s not.
When you added the Device Management service to your server a couple of episodes ago you may recall that you also enabled Push Notifications and added a Code Signing Certificate for Push Notifications to your server. (You can view that certificate by selecting Certificates in the sidebar of the Server app and then double-clicking the Code Signing Certificate.)
This certificate creates a link between your server and Apple’s servers and when a device is enrolled in Profile Manager that same Code Signing Certificate is used to link that device to Apple’s servers and your Profile Manager server.
When you make a configuration change, because there is a link between your device, your server, and Apple’s Push Notification Services, your device gets updated configuration pushed out to it.
This how Push Notifications works with your server and devices to update configuration information:
- Your Profile Manager server sends a message to Apple’s servers that a profile has been updated.
- Apple’s servers notify enrolled devices that a Configuration Profile has been updated.
- Enrolled devices go directly to your Profile Manager server to download the updated profile.
At no point during this process does any of your information pass through any servers but your own and, because you’re using SSL certificates, the information being transferred point-to-point is secure as well.
Next we’ll begin looking in detail at the settings you can change in each configuration profile payload.