How to Plan a Large-Scale Deployment of Apple Devices
A few months ago, we told you about how you—as an IT admin in the enterprise—can think about the mass deployment of Apple devices. Our main point then: When it comes to deploying hundreds or thousands of Apple devices at a time, enterprise admins have a lot to learn from their colleagues in education, who do it every year.
In that previous post, we looked at the mass deployment of Apple devices from a fairly high level. We wanted to revisit the topic now from closer to the ground, looking at tactics as much as strategy. The goal is to help you identify the obstacles, gaps, and other issues that might need to be addressed before you begin your rollout. While a large-scale deployment might seem overwhelming at the start, breaking it down into smaller pieces can help make it manageable.
While we’ll try to outline that planning process here, you should also be sure to consult Apple’s excellent resources on the subject, particularly its Apple Platform Deployment website and its Mac Deployment Overview guide.
What’s Your Deployment Model?
Begin with the end in mind: What do you want the user experience to be? Should users enroll themselves or will you do it for them? Will users authenticate during enrollment or not? How will they connect to Wi-Fi right out of the box? Those are just some of the decisions you need to make before you do anything else. Depending on your goals, there are several deployment models to choose from. Make that choice first.
You then need to get buy-in from your organization’s leadership, so everyone is aligned on goals. It helps to identify one of those leaders to champion the project.
You also need to have some other early conversations. Start with stakeholders and organizational decision-makers in procurement, human resources, and security. You should also talk to the department managers whose people will be getting the new devices, as well as the managers of your directory and network infrastructure. It’s essential that everyone is on the same page about what’s happening well ahead of time.
Finally, you need to identify a project manager. This person should be adept at achieving consensus, keeping stakeholders informed, and ensuring projects stay on track. Engaging a project manager early in the planning process can easily make the difference between success and failure. An empowered project manager can help you see past the technical details and hold everyone involved accountable to ensure that timelines are met. Good project management is the most important success factor for any large deployment.
How to Procure Apple Devices at Scale
It’s imperative to purchase devices through a channel that supports Apple Business Manager. Automated Device Enrollment is the only scalable way to conduct a mass deployment. That means buying directly from Apple or from an Apple Authorized Reseller. If you buy through Apple Retail, you should work with the Business Team about adding those devices to Apple Business Manager. Authorized resellers offer similar options.
If you are deploying devices acquired through other channels, you can use Apple Configurator on Mac or iPhone to add iPhone, iPad, and Apple TV devices or Mac computers to Apple Business Manager. But this isn’t practical for large-scale deployments. If you’re deploying more than a couple dozen devices at a time, this is not the workflow to use; it should be reserved for rare exceptions.
When you place your order is also critical. It can take time for large orders to be processed, shipped, and delivered, especially if you’re ordering custom configurations. This is especially true in the first weeks after a product is introduced. Allow plenty of time to ensure your devices are delivered comfortably before you plan to do your deployment.
Is Your Network Ready?
Before devices begin to arrive, you need to be sure your network infrastructure is ready for the influx. That means knowing (a) how many devices will be added to your production network and (b) how much bandwidth they will need. Apple has some great resources for predicting network usage. Many enterprise networks have bandwidth utilization rules, so make sure that your network is ready for the expected changes. This is why a conversation with your network administrator is important.
You’ll want to use Ethernet as much as possible when provisioning devices. If you’re deploying iPhone or iPad, use USB to connect the devices to a Mac running Apple Configurator and content caching. (Configurator also provides handy automation capabilities.) If that’s not an option, you can use Gigabit adapters for touch-driven provisioning or set up a Wi-Fi network specifically designed for your deployment. The latter could be an existing guest network or one set up temporarily for the deployment (which ensures that network traffic is only for deployment purposes). Remember that access to the Internet is required to activate devices.
Whichever method you choose, make sure the network is adequately provisioned for the amount of data that will be passing through it. In particular, pay close attention to the size of apps that will be installed during the initial setup and provisioning.
However you’re connecting new devices to the network, make sure you’re doing so securely. You’ll need to work with network administrators and security officers so they know which network ports are required and to ensure you are maintaining your organization's expected level of network security.
Again, Apple has some excellent resources about connecting to enterprise networks, particularly in the context of mobile device management. If you’re a Kandji customer, you can refer to our overview of the topic as well. Kandji hosts apps and resources on the Amazon Web Services Cloudfront Content Delivery Network for your instance. AWS provides a great data flow chart.
You also need to figure out how you’re going to efficiently distribute content to all those devices. Content caching is key. It can help alleviate bandwidth issues and speed up the delivery of content by storing a cached copy of App Store apps on the local network.
This feature is built into macOS. It’s best to dedicate at least one Mac to it; a Mac mini with Ethernet is a good candidate, but if 10 Gigabit Ethernet is an option, so much the better. But it’s an even better idea to deploy content caches throughout your organization—anywhere you have concentrations of Apple devices with the same apps installed or where you are using Shared iPad. For large deployments, it is worth spending some time planning your caching architecture in advance.
Setting Up Apple Business Manager
Check to be sure Apple Business Manager is set up for the deployment. One good reason to do so: You can use your MDM to suppress unwanted Setup Assistant panes, that appear on the new devices during the first login.
If you’re configuring devices centrally before distributing them to users, you want to avoid the Setup Assistant unless absolutely necessary, to minimize the time your techs will spend interacting with each and every device being deployed.
If, on the other hand, end-users are handling setups, you want to minimize the decisions they have to make. Ideally, you limit the Setup Assistant screens to those that are absolutely necessary: Country, language, network, location services, and potentially a macOS account. (Network can and should be avoided whenever possible by installing a network profile on iOS, iPadOS, and tvOS devices with Apple Configurator.) This also provides some protection from unexpected changes to the operating system associated with updates, upgrades, and new product launches.
While you’re checking your Apple Business Manager instance, double-check to make sure your APNs, Apps and Books, and MDM tokens are up-to-date and won’t expire during your deployment; the last thing you want is for an expired token to cause a communication glitch. And make sure that the incoming devices are already assigned to the correct MDM server.
Be sure you have more than enough Apps and Books licenses for the apps you are deploying. You don’t need to be excessive: 10 percent more licenses than what you need, especially if there is no additional cost, should do it. Just be sure that the licenses you need are assigned to your devices in MDM before you start the deployment. A sudden need to fund additional licenses in the middle of the deployment can set your timeline back significantly. Managed Distribution is the primary way to deploy iOS, iPadOS, and tvOS apps; it’s also used for Mac.
Physical Logistics: The Warehouse
All that done, you need to think through the details of how you’ll physically handle the influx of devices. Where are they going to go? Will you store them in a warehouse and then move them to a deployment center? Are you sending them to specific buildings? Or are they going straight to users’ homes?
If you’re storing the devices somewhere, remember that warehousing costs money. You may want to work with your seller to time the delivery to minimize storage time. Or you may want to take a series of deliveries so that you have on hand only the devices necessary for each phase of your deployment. If you are receiving a large shipment, trucks will be involved. Do you have a delivery dock? Will you need a forklift or pallet jack?
With thousands, if not hundreds of thousands, of dollars in assets at stake, you need to be sure the facility has adequate security. Is access to storage areas monitored and restricted? This is where a conversation with your company’s facilities manager becomes essential.
If you're storing your devices in a warehouse but will deploy them somewhere else, you will need to make plans to transport, account for, and re-secure the devices in a holding room for the deployment day.
Physical Logistics: The Unboxing
Wherever you end up unboxing devices, make sure the facility has enough space for the number of devices that will be out of the box at any given time, without stacking them. Take into account charging and networking connections, as well as space for deployment documentation. The facility should accommodate adequate inflow and outflow so that inbound and outbound devices don’t interfere with provisioning. It should have enough inbound stock on hand to keep the provisioning benches busy.
Work with building management to prepare for the volume of refuse you will be generating. Figure out how to break boxes down to their thinnest form. Most Apple packaging is recyclable, so work with your waste-removal vendor to recycle what you can.
If you’re unboxing devices then reboxing them to ship to users, be sure to retain the packaging. That packaging is designed for stacking on pallets. If your deployment is on that scale, note how high the pallets are stacked when you receive them and don’t stack your outgoing pallets any higher. While provisioning the devices, keep the boxes organized and orderly. Design a process to ensure that each device goes back into the same box it came in. It’s much easier for a user to read the serial number or MAC address off the box than to find it on the device.
Avoid stacking devices, which can easily lead to scratched or broken screens. If you’re provisioning lots of devices in a small space, consider using desktop file organizers or something similar to keep the devices upright yet still easy to grab.
As you receive devices, you’ll want to asset-tag them and gather their serial numbers. You may also want to determine their network and user names in advance. Serial numbers and MAC addresses can be collected as part of provisioning or read from the box using a bar code scanner. Some organizations have dedicated software to track this, while others just use spreadsheets. In either case, factor this step into the workflow and schedule.
Once asset tagging is done and data collected, you need to add that information to your MDM solution. This can be done manually or programmatically. Your MDM solution may be able to collect the serial number from Apple Business Manager or from the device. Depending on your deployment model, you may also be able to pull MAC addresses, network names, and user names from the devices. Your MDM solution may be able to store the asset tag information, but it will need to be added using one of the techniques above.
Physical Logistics: Handing Devices to Users
If you’re going to be handing devices directly to users, choose a space that has enough room for the equipment, the number of users you will service at one time, all necessary staff, and comfortable ingress and egress. Have signage and clear instructions for where to go once a device is handed out. Typically, this is not the same space where devices are provisioned, so you’ll need to plan on moving the devices again.
Staff should be prepared for the event; walkthroughs and rehearsals are great ways to do that. Prepare users for the experience by communicating clearly and extensively in advance of the event. They’ll likely have questions, so plan to have people and documentation available to answer questions.
For deployments in which the users will perform setup, it makes sense to set aside a space where they can do that. This is a great place for knowledgeable staff to hang out to answer questions. Drinks and snacks can make this step informal and friendly. Make sure the Wi-Fi in this area is up to the task.
Final Thoughts
In any mass deployment project, you’re looking to optimize three things: Scale, speed, and simplicity. Working through the processes outlined above should help make that happen. Every time you go through a deployment like this, document what worked and what didn’t, refine your processes, and define standard operating procedures.
Still, no matter how thorough your planning or how smooth your process is, unforeseen things will come up. So be patient, especially with yourself. No two deployments are identical, even for the same organization.
Professional project managers often refer to the “voice of the customer.” That simply means letting user feedback inform process improvements. So be sure you set up and share communications channels with the recipients of all those new devices, so they can provide that feedback and you can polish your processes for future deployments. And keep the lines of communication open with all those stakeholders you talked to at the outset—leadership and other teams—so can provide feedback and feel that you’re with them every step of the way.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.