Intel Unite Solution - Enterprise Deployment Guide
Intel Unite® Solution Enterprise Deployment Guide v3.1.7 60 of 83
If you wish to "pin" the Client application to your Enterprise Server, regardless of whether auto
discovery is being used, you can do so by setting the “Public Key String” on each Client. To obtain
this value:
o Open Safari on any Mac on your corporate network
o Go to the HTTPS address of your Enterprise Server
o Click the lock icon in the Address Bar
o Click the Show Certificate button in the certificate sheet
o Click the Details disclosure triangle to expand it
o Scroll down the certificate data until you find the Public Key Info > Public Key field
o Click on the data field, which starts with "256 bytes:"
o The data field will expand
o Select all the data in this field via a mouse selection or CMD+A
o Copy the data to your clipboard by selecting Copy from the context menu or CMD+C
o In the defaults command, replace Public Key String with the data from your clipboard.
Note: You will need to wrap the data in double quotes.
Just as with defining a default Enterprise Server, setting this option will make it difficult for your
user base to connect to other Intel Unite solution installations at other partners/locations.
Force a Client to Only Allow Trusted Server Certificates
Beyond defining a specific Enterprise Server or pinning the certificate Public Key, you can also tell
the Intel Unite app to only allow connections to servers/certificates that are fully allowed by your
certificate trust chain. In doing so, you must ensure that your Enterprise Server certificate follows
back to a public root server as defined by Apple in the keychain, or that you've installed your own
root server certificate and any intermediate certificates necessary on each Client.
Force a Client to Connect in Standalone Mode
Setting this mode will change the connection workflow to perform a UDP Auto Discovery of a Hub
that has generated a PIN in an environment without an Enterprise Server. In this scenario the Intel
Core vPro processor-based system will act as the primary host and is useful in a small and medium
business environment where there may not be an IT department to install the Enterprise Server
infrastructure. This mode will only work across systems on the same subnet where UDP packets
are not blocked.
11.4 Common Distribution Methodologies
If you are using Auto Discovery, distribution can be as easy as dragging the Intel Unite application to the
Applications folder. In more complex environments, or those that require additional security settings, you
may want to set specific preferences in conjunction with the app package distribution. There are numerous
ways of doing this and here are some of the more common ones:
Bash Script
You can define your preference settings in a Bash script that can be distributed to your
users in conjunction with the app package.
Custom Installation Package via PackageMaker
You can define your preference settings via a pre- or postflight script.
Custom Installation via Apple Remote Desktop
Using Apple Remote Desktop, you can install the Intel Unite app package and define any
preference settings via the Send UNIX Command… menu.
Custom Installation via Enterprise Mac Management software
You can create a custom push or pull installation via most common Enterprise Mac
Management solutions including:
o Casper / Bushel
o Puppet
o Munki
o Chef
o Etc.