README
¶
MicroMDM - a devops friendly MDM server
MicroMDM is a Mobile Device Management server for Apple Devices currently focused on managing macOS.
Introduction
MDM is a large problem domain, and we are looking at how to solve many problems with device management and obstacles with existing solutions. However, at this stage of development we're focusing on a very specific use case which is current to many Mac Administrators:
When a device enrolls (through DEP or otherwise) we want to bootstrap some tools to manage the Mac. These are agents running on a mac like Munki or Chef/Puppet which will manage the software and configuration through the lifecycle of the Mac.
MicroMDM is able to solve this common use-case today, and we're focusing on improving the user experience for administrators and developing related features.
MicroMDM is being actively developed but is ready for you to start testing.
To get started, see the Quickstart tutorial on the wiki.
Installing
Unless you're a developer, you probably want a binary you can run. Download the latest release, either for macOS (darwin) or linux.
Getting Help
The best place to get help is the #micromdm channel on the MacAdmins Slack team. Join us there by following getting an invitation here.
Helping out
Over the last year this project has gained a lot of interest from the community. We want to make it clear that at this point MicroMDM is a passion project, and is being developed by a few fellow Mac Admins on weekends and during conference hackathons.
It would be great to get a few more developers to contribute, but at this point, there are more important tasks than knowing how to code. Here is how you can help:
- Read the documentation, install the tool and test MicroMDM.
- File bugs: https://github.com/micromdm/micromdm/issues
- Participate in discussions. The
#micromdmslack channel is best, but#mdmand#depare a few relevant ones. - Edit the project Wiki. The wiki page is open to anyone and you can make a lot of impact on the project by submitting additional documentation or designing proposals.
- Were you able to set up MicroMDM and enroll a few devices? Blogging about your experience. It can help others get started, or can help us figure out what we need to do better.
See the CONTRIBUTING page for additional info.
Design Goals
As mentioned in the introduction, a primary use case is bootstraping Macs. That's the short term (from now until WWDC). But there's a larger design goal we have in mind — what will differentiate MicroMDM from other vendor projects. Here it is in brief:
MicroMDM aims to provide a declarative approach to device management. Too often vendor tools expect you to manage devices by filling out various forms in a web interface. While MicroMDM might have a web interface of it's own one day, the tool itself is inspired by popular DevOps processes like Configuration Management (chef/puppet/ansible, terraform) and orchestration frameworks (Kubernetes, Docker).
For example here is a process of applying a DEP profile (not to be confused with an Apple Configuration Profile, of course):
$ mdmctl apply dep-profiles -template > /tmp/profile.json
$ mdmctl apply dep-profiles -f /tmp/profile.json
Defined DEP Profile with UUID 4B05B09E8AC7E7FC12C8F3338E099310
$ mdmctl get dep-profiles -f - -uuid=4B05B09E8AC7E7FC12C8F3338E099310
{
"profile_name": "Test Profile",
"url": "https://mdm.acmeinc.com/getconfig",
"is_mdm_removable": true,
"support_phone_number": "1-555-555-5555",
"support_email_address": "org-email@example.com",
"org_magic": "913FABBB-0032-4E13-9966-D6BBAC900331",
"skip_setup_items": [
"Registration",
"AppleID",
"TOS"
]
}
- Expose an API for developers and administrators. Today you can send MDM commands to the server using a RESTful API. We intend to make more processes scriptable.
- Provide a way for administrators to subscribe to events generated from the MDM interactions between client & server. MicroMDM works through a pubsub system at its core. For example, when a new device enrolls with the MDM server it doesn't record this in the database immediately, but instead creates an event which is sent on the message bus to other services that are listening. Today, this message bus is built in-memory, but we plan to expose the same hooks over the network, allowing developers to consume events in any language — not just Go.
Here is a slightly more in depth design overview of the pubsub system within MicroMDM.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
dep
|
|
|
depsync/internal/depsyncproto
Package depsyncproto is a generated protocol buffer package.
|
Package depsyncproto is a generated protocol buffer package. |
|
appmanifest
package appmanifest provides utilities for managing app manifest files used by MDM InstallApplication commands.
|
package appmanifest provides utilities for managing app manifest files used by MDM InstallApplication commands. |
|
mdm/internal/mdmproto
Package mdmproto is a generated protocol buffer package.
|
Package mdmproto is a generated protocol buffer package. |
|
pkg
|
|
|
crypto/mdmcertutil
Package mdmcertutil contains helpers for requesting MDM Push Certifificates.
|
Package mdmcertutil contains helpers for requesting MDM Push Certifificates. |
|
crypto/password
Package password provides utilities for creating and verifying macOS passwords for MDM account configuration.
|
Package password provides utilities for creating and verifying macOS passwords for MDM account configuration. |
|
platform
|
|
|
apns/internal/pushproto
Package pushproto is a generated protocol buffer package.
|
Package pushproto is a generated protocol buffer package. |
|
appstore/builtin
package builtin provides an abstraction for uploading files and manifests to a file repository.
|
package builtin provides an abstraction for uploading files and manifests to a file repository. |
|
blueprint/internal/blueprintproto
Package blueprintproto is a generated protocol buffer package.
|
Package blueprintproto is a generated protocol buffer package. |
|
command
Package command provides utilities for creating MDM Payloads.
|
Package command provides utilities for creating MDM Payloads. |
|
command/internal/commandproto
Package commandproto is a generated protocol buffer package.
|
Package commandproto is a generated protocol buffer package. |
|
config/internal/configproto
Package configproto is a generated protocol buffer package.
|
Package configproto is a generated protocol buffer package. |
|
device/internal/deviceproto
Package deviceproto is a generated protocol buffer package.
|
Package deviceproto is a generated protocol buffer package. |
|
profile/internal/profileproto
Package profileproto is a generated protocol buffer package.
|
Package profileproto is a generated protocol buffer package. |
|
queue
Package queue implements a boldDB backed queue for MDM Commands.
|
Package queue implements a boldDB backed queue for MDM Commands. |
|
queue/internal/commandqueuedproto
Package commandqueued is a generated protocol buffer package.
|
Package commandqueued is a generated protocol buffer package. |
|
queue/internal/devicecommandproto
Package devicecommandproto is a generated protocol buffer package.
|
Package devicecommandproto is a generated protocol buffer package. |
|
remove/internal/removeproto
Package removeproto is a generated protocol buffer package.
|
Package removeproto is a generated protocol buffer package. |
|
user
Package user provides utilites for managing users with MDM.
|
Package user provides utilites for managing users with MDM. |
|
user/internal/userproto
Package userproto is a generated protocol buffer package.
|
Package userproto is a generated protocol buffer package. |
|
workflow
|
|