iPad deployment: Strategies

iPad deployment strategies.

There seem to be different strategies for iPad and iPod deployment.  One strategy that I hear about frequently is to build a master device that includes all the settings and content desired, then take a backup of the device and restore it’s backup to all of the other devices.

I tried this strategy at first with a small number of iPads. I think there were five. I configured wifi, installed a few apps, organized my screens, installed a couple configuration profiles, and set a few restrictions. I then performed a backup and restored it to another iPad.

I found the apps were reinstalled during the sync process but the locations of those apps were restored.

I found the wifi password was not saved and needed to be entered on the imaged device.  I also found that the configuration profiles that had been installed were not restored either. I can’t quite remember which one, but one of the settings set in restrictions was not restored.  These were things that I was now going to have to configure or reinstall on all the iPads that received this image.

Looking at what I gained from the backup/restore strategy I did not feel that it was worth the time an effort to pursue this option.  Also, the teachers using these iPads were probably going to be downloading and installing their own apps and content on a regular basis.

So below are the steps that I followed to deploy a small number of iPads, less than 50, in a “ready-for-you-to-fill-it-with-the-content-you-wish” setup.

Because I may be discussing more than one deployment strategy it makes sense to name them.  I am referring to this as a one-by-one deployment strategy.  After doing a few of these here are the steps that seemed to make sense to me.  This might not be the best deployment strategy but it is an option.

One-by-one Deployment Strategy

Setup a school ipad admin email account. This email account will be used to create the iTunes account that the school will use to purchase content.
Setup a unique email account for each device. This email account will be used as the hostname for the device, to apply for a no-credit-card iTunes account, and for device based email.  Because these devices will be shared with multiple users, we felt that unique generic email accounts on each device would easily allow teachers and students to collaborate with each other.  A teacher could easily email materials to all the iPad email accounts and students could email questions or finished assignments back to their teachers.
Setup iPad iTunes accounts. Use each device based email address to register for a unique no-credit-card iTunes account to be used for licensing applications and purchases where no access to volume purchasing is available.
Setup the iPad admin iTunes account. Use the ipad admin email account to register for an iTunes account to become known as the ipad admin itunes account.
Setup an iCloud account. This account will be used later  for the find my iPad functionality.
Unpack and assemble the syncing cart or station.
Unpack, label, and power up all the i-devices. Store in cart.
Setup dedicated sync station. Preferably Mac, create a second admin user to be used for syncing.  Download and install Xcode.
Upgrade IOS.  Using the cart or hub, update the OS on all devices using Xcode.
Activate and register devices. Individually activate, register, and name each device in iTunes.  Set the individual iTunes sync preferences for each device.  Do not enable wireless syncing at this time.  Return devices to cart.
Build and apply configuration profiles. Using a hub connect devices to computer and apply configuration profiles.  Right now I apply configuration profiles for wifi, restrictions, and email configurations.
Set device backup encryption password. Sync each device with iTunes once and provide a device backup encryption password when prompted by iTunes.  This is required when configuration profiles are applied via USB cable.
Apply manual settings. Build a list of settings that must be performed manually and perform them to all devices.  For example auto download of purchased apps, find my iPad, enrolling in profile manager etc…
If desired, enable wireless syncing. This needs to be set for each device in iTunes and is applied after a sync with device.  I am not sure if I like this option yet.


This has worked well to configure the devices and put them into the hands of the teachers.

But this weekend I stumbled upon something while reading another iPad deployment document at pineglen.info. The writer there suggests encrypting the backup before restoring as this will save any passwords you entered during the building of your master.

So I tried a little experiment today. I took an iPad, joined it to the wifi network, and installed a configuration profile through USB. The backup was already encrypted as you are prompted for this if your configuration profiles are installed through USB. I took a backup and restored it to a freshly erased iPad. The wifi password was retained, the iTunes account was still logged in, and the locations of the apps were retained after they were reinstalled but none of the configuration profiles were restored.

If using this restore strategy, is it better to configure and include as many of the settings as possible locally on the device before the backup so they can be included in the restore, or is it better to perform these after the restore using configuration profiles.

I am now going to do a little experimenting and try to come up with a set of working steps for a backup/restore deployment strategy and will post my steps and perhaps discuss some of the differences between the two.

Backup/restore Deployment Strategy : This is a work in progress.  I have done some testing with a couple of devices but will get a chance to try this out with 30 devices soon.

Setup a school ipad admin email account. This email account will be used to create the iTunes account that the school will use to purchase content.
Setup a unique email account for each device. This email account will be used as the hostname for the device, to apply for a no-credit-card iTunes account, and for device based email.  Because these devices will be shared with multiple users, we felt that unique generic email accounts on each device would easily allow teachers and students to collaborate with each other.  A teacher could easily email materials to all the iPad email accounts and students could email questions or finished assignments back to their teachers.
Setup iPad iTunes accounts. Use each device based email address to register for a unique no-credit-card iTunes account to be used for licensing applications and purchases where no access to volume purchasing is available.
Setup the iPad admin iTunes account. Use the ipad admin email account to register for an iTunes account to become known as the ipad admin itunes account.
Setup an iCloud account. This account will be used later  for the find my iPad functionality or any other iCloud functions desired.
Unpack and assemble the syncing cart or station.
Unpack, label, and power up all the i-devices. Store in cart.
Setup dedicated sync station. Preferably a Mac so multiple devices can be synced at the same time. With Windows syncing any more than one at a time is reported as being problematic. Create a separate admin user to be used for syncing.  The sync station should be a dedicated machine and not used as a workstation. Download and install Xcode to be able to upgrade the os on multiple iPads at the same time.  iTunes configuration considerations: Disable “check for new software updates automatically” as if there is an update it will be displayed for each device connected, if automatic backups of the iPads are not required each time the iPads are connected then you can disable them from terminal using the following command “defaults write com.apple.iTunes AutomaticDeviceBackupsDisabled -bool true”.
Build master device. Update IOS on your master device. Download and install apps through iTunes.  Organize apps through iTunes or on device.  Configure device and application settings.  It appears as though settings and passwords will be retained during a restore as long as the device backup was encrypted.  Things to consider including: Wifi password, iCloud login for find my ipad, store account login information, shortcut to your mdm server. etc…(Restrictions could also be set here but can also be set using ipcu or Lion profile manager.  With profile manager these settings could be more easily managed at a later time.)
Take encrypted backup of master. Once a backup of your master iPad has been taken, you can store a copy of this in another location in case it needs to be used again.  It is located in ~/Library/Application Support/MobileDevice/Backup.  Perhaps a designated folder on the computer can be used to store a copy.
Upgrade IOS on recipients. Using the cart or hub, update the OS on all devices using Xcode if possible.
Activate, register, Restore and sync recipient devices. Individually activate, register, and restore each device in iTunes.  Rename the unit.  Set the individual iTunes sync preferences for each device.  Set the iPad backup to encrypted.  For large rollouts it may be desirable to separate the activation and sync tasks to increase workflow efficiency.  iTunes can be run in activation only mode to allow activations from a computer other than the dedicated sync station.
If available enroll all devices into Lion Profile Manager for device management. Using the shortcut to your mdm server you created in step 9, download the trust cert and enroll the device in Lion profile manager.  Set group configurations as well as device configurations.
Apply any device based configurations to individual devices. Because we are using device based email accounts, each device has a different account that needs to be configured.  Configuring with iPhone configuration utility will allow you to perform this quickly as profiles can be duplicated quickly and modified, but you won’t be able to remotely manage this in the future as you can with profile manager, but with profile manager each device email must be built manually one by one as far as I can tell.


I think this second strategy will now work well.  Cloning the devices is now a little more streamlined and I have been able to cut out the need to use the iPhone configuration utility as well as lower the amount of steps I would need to perform manually on each device.  I will see how it goes and update the strategy.
|