
Apple Acquires Fleetsmith - gmemstr
https://blog.fleetsmith.com/fleetsmith-acquired-by-apple/
======
jedieaston
Fleetsmith disabled their entire third-party app catalog this morning and
disabled Bash scripting (that was reenabled 15 minutes ago), breaking
workflows for a bunch of users (and, according to the MacAdmins slack, tons of
end users got random popups asking for an administrator to fix kernel
extensions that were previously loaded via Fleetsmith). [0]

I can understand having to sunset the catalog, but how did Fleetsmith (or
Apple) think that doing that without one peep was okay? Even a "we've been
informed by legal that we can't host these packages, so within x days they
will be removed from our catalog. we will provide functionality to replace
them on your systems with packages you make yourself".

0:
[https://www.reddit.com/r/macsysadmin/comments/hf30qk/apple_b...](https://www.reddit.com/r/macsysadmin/comments/hf30qk/apple_buys_fleetsmith_mdm/)
(discussion about fallout)

~~~
PaulHoule
In the enterprise IT world, admins pay money precisely because they don't want
things like this to happen.

I can't imagine that IBM would make an acquisition like this and screw it up
in quite this way.

~~~
traceroute66
"Can't imagine IBM would ..."

Oh really ? IBM's probably the most enterprisey lawyer-driven tech outfit
there is ?

And even if they didn't, its IBM ... they've got a dozen other ways they'll
mess it up.

IBM is a brand relic living in the glories of its past. Its not the company it
used to be.

~~~
rezonant
I believe you are thinking of Oracle

~~~
duncanawoods
Pretty sure they are an enterprisey tech-driven lawyer outfit.

~~~
rezonant
Ahh, that's right.

------
jasoneckert
This is very likely bad news for companies like Jamf.

Apple is likely wanting to bring macOS/iOS management into their own product
suite and tightly integrate it in future products, much like what Microsoft
did with Terminal Services, which nearly killed Citrix 20 years ago.

~~~
cj
This was also my first thought.

It's surprising because JamF is recommended as the de facto (only serious)
solution for people serious managing fleets.

~~~
w0de
That’s simply not true, a marketing a line from jamf. There are several
serious MDMs. Of big enterprises I know of just one that uses jamf, and they
augment it with many, many questionable bash scripts.

~~~
cj
> a marketing a line from jamf

My perspective comes from talking to anyone on the Apple Business team at the
San Francisco union square location, and also reps from apple's general
business support line.

There are definitely a ton of other MDM solutions, but none that I've heard
mentioned so frequently by apple employees as JamF.

~~~
w0de
Apple has long echoed this line (part of the reason their purchasing of
fleetsmith, not jamf, is surprising).

A sampling of MDMs that large companies you've heard of use:

\- vmware workspace one

\- bare metal micromdm

\- simplemdm

\- fleetsmith

\- kandji

\- jamf

------
Adaptive
I deployed Fleetsmith a couple years ago after evaluating the field. Fewer
features than the competition but well designed and clearly improving over
time.

Zach Blum (CEO/co-founder) would regularly follow up on issues and tickets
himself, always friendly and helpful.

I know transitions like this can be rough but I'm glad to see them achieve
this success.

------
mrpippy
Wow. Apple seems to have gone out of their way over the years to _not_ provide
their own actual MDM service, or even a server for people to host themselves.

"We look forward to continuing to deliver Fleetsmith to existing and new
customers." sure sounds like the service will stay open, AKA this is not
Apple's usual acqui-hire and shut down the company.

~~~
scarface74
Apple has offered an MDM service for years.

[https://developer.apple.com/documentation/devicemanagement](https://developer.apple.com/documentation/devicemanagement)

~~~
andreasley
While Apple has been publishing their MDM Protocol Reference, the only
implementation they ever offered was "Profile Manager", a limited, unreliable
service that only runs on macOS Server. Apple never provided MDM as a cloud
service.

~~~
wcfields
Profile Manager works great* ____* __ __, ask me how I know.

* Until your hidden-from-view postgre SQL db gets corrupted and stops working and all the solutions on the Apple support forums are "couldn't find a fix so just flatten and reinstalled... now moving to Jamf", so every thing in PM is treated like a faberge egg and you're using a kludge of package managers and such to fill in the gaps.

 __Your 2012 Mac Mini Server in a Sonnet Rackmac needs it 's dying 5400rpm HDD
switched over to SSDs, which, now you're also using 3rd party hardware + SAS
PCIe controllers to connect to a RAID / Tape Drive to keep this thing going.

 __* Every OS X update is held off because you 're trigger shy of the last
time it broke OS X Server and your 3rd party SAS controller drivers.

 __ __Yet another server to manage on site and /or spend too much $$$ on a
boutique "Mac Stadium" data center which is essentially a colo'd Mac Mini.

~~~
wpm
Beeg oof. I feel your pain.

Jamf Pro is more like Jank Pro but fuck me, it's a million times better than
PM.

First time I met our now current Apple Systems Engineer for my region, he
laughed when I said I had used PM in the past and said "Uhhh, yeah, don't use
Profile Manager in production."

------
terracatta
CEO of Kolide here.

This announcement couldn't have come at a crazier time...today I planned on
announcing our intentions to enter the MDM product space.

Our MDM is meant to be a new fresh take on device management that puts end-
users in the driver seat. It's user focused device management and we are
applying everything we've learned from our security product to the management
space.

[https://blog.kolide.com/kolide-mdm-for-those-that-dont-
need-...](https://blog.kolide.com/kolide-mdm-for-those-that-dont-need-to-be-
managed-8f07a58319d2)

If you are interested in trying out what we are releasing later this year,
read the post, and get on the list
[https://www.kolide.com/mdm/](https://www.kolide.com/mdm/)

~~~
wrboyce
Am I missing something, or by “crazier time” do you mean “standby while I
advertise my product”?

~~~
jtbayly
It _is_ crazy timing from his point of view. Crazy perfect timing. He was
going to advertise it anyway, and now he has lots more people that would be
interested. And in fact, it _is_ relevant to this news.

~~~
PaulHoule
I like to kid that every time we read "Google bought company A", that
salespeople from Company A's competitors get busy.

~~~
donarb
Until Company B gets bought out...

------
groobongithub
Fleetsmith has always been one of the only two commercial products I've
endorsed for Mac management. They do great work and have the right vision.

I work a lot in this space on [https://micromdm.io/](https://micromdm.io/) an
open source service, and have industry experience doing device management at
various organizations.

~~~
enos_feedler
Thanks for sharing your take on this from a unique vantage point.

~~~
enos_feedler
And thanks for the downvote! Will never again thank anyone with unique
insights to take their time and offer perspective on this forum again!

------
olliepop
I migrated our entire fleet to Fleetsmith a few weeks ago, largely due to
their third-party catalog and features like Chrome extension deployment.

All third-party apps have now been pulled and we have virtually no fleet
management.

Happy for them, but it's painful for us. Classic Apple move.

------
gsn
Ok. So what exactly happens to Fleetsmith's coveted ISO 27001 and SOC 2
certifications? Barely four months ago Jesse Endahl promised: [0]

"Achieving compliance with the SOC 2 and ISO 27001 standards means that we are
committed not just this year or the next — we are committed to operating our
business in compliance with these standards every year going forward. Our
auditors will request evidence to prove that we’ve continued to follow the
policies, processes, and technical controls we’ve put in place on an annual
basis. We look forward to demonstrating, year after year, that we’re worthy of
your trust.

To get access to our SOC 2 report and ISO 27001 certificate, get in touch at
sales@fleetsmith.com."

Apple has an ISO 27001 certification for Apple Business Manager, but I don't
exactly see them being so hot on an independent CPA auditing their accounting
practices for an AICPA certifications.

Personally, I think Fleetsmith being under Apple's control (a full service MDM
solution provided solely by Apple), renders these certifications meaningless.

But hey, do you think if I email sales@fleetsmith.com, they'll be happy send
me Apple's ISO 270XX certifications now?

0:
[https://blog.fleetsmith.com/soc-2-iso-27001/](https://blog.fleetsmith.com/soc-2-iso-27001/)

~~~
ejcx
Nothing changes. No matter what certification, there’s a scope of what parts
of the business and product are in and out of scope of the audit. Fleetsmith
having SOC2 doesn’t bring the rest of Apple into scope

~~~
gsn
And, in the interest of full disclosure, the only _real_ reason I commented at
all: I was following the some of the "advice" at
"[https://news.ycombinator.com/item?id=12897921"](https://news.ycombinator.com/item?id=12897921")
in hopes of being able to gain all of one additional karma, so I can verify
this account with Keybase.

~~~
gsn
Guess I'll try writing something in LISP instead...

------
ksajadi
It is infuriating to see the entire investment we put into adopting and
setting up Fleetsmith in our company to be done and they didn't even have the
decency to send an email to tell us that. We had to find out here that this
happened.

Next time when you want to sign up for a VC backed service, remember how many
times they pushed the companies behind the tools we use to this end leaving us
holding the can.

------
viraptor
Is Apple planning to really go in on the enterprise usage? This aquisition,
locking down access behind T2, notary notifications of everything in Catalina.
I've not seen that direction in marketing yet, not it's like they started
putting the foundations in place.

------
monocasa
I'll throw out there that I work for JumpCloud. We just launched our MDM
service for Macs on top of the remote management of Macs we've supported for
almost eight years now, and continue to support Windows, and Linux systems as
well. If you manage a heterogeneous fleet you should check us out. (Or
honestly, I think we're pretty great in homogeneous envs too).

Accounts with less than 10 users are free.

[https://jumpcloud.com](https://jumpcloud.com)

EDIT: Clarified that we've been remotely managing macs or the better part of a
decade. The MDM piece is the new one.

~~~
jtbayly
Just visited your site and now my title bar (tab name) is flashing "(1) New
Message!"

Definitely not interested in your product now. Just FYI.

~~~
monocasa
I don't really understand it either, but it does give way better attach rates.
A lot of B2B clients seem really into it.

~~~
jtbayly
I’m not sure I understand. They like being tricked into thinking there’s a
message for them?

~~~
monocasa
They like clicking and talking to someone real in a chat like application, and
like having the option extremely clearly marked.

~~~
jtbayly
I like chatting with support via that sort of widget, too. I've used it many
times, and it is far superior to the old popup window chat interface.

However, I've never noticed those widgets lying to me and claiming that I've
got a message waiting for me in order to steal my attention.

~~~
monocasa
There's a difference between the normal support chat, and making it very very
clear that you can chat before you even have an account or any real
relationship with us.

~~~
jtbayly
Lol. There sure is. I'm also sure there is a way to do that without returning
to one of the most-hated browser abuses of the 1990's.

------
pharaohgeek
Only tangentially related, but if you're looking for a sufficiently
challenging development project the iOS MDM protocol is a great one. It's
well-documented, so you're not stuck banging your head against a wall. It
lends itself to microservices very well, and is explicitly asynchronous for a
lot of operations. I spent a week or so writing one in Java (and later ported
to server-side Swift) and found it moderately challenging and a lot of fun to
write.

------
quadrifoliate
Good news! I trust Apple with user privacy a lot more than the horde of
"Device Management" solutions lately that are full of grotesque privacy
violations.

A world in which an IT person or contractor is able to run amok with random
bash scripts on a user's laptop in the name of "device management", _without
any controls whatsoever_ is horrible for privacy.

------
languagehacker
I worked with Zach and Ken back at Wikia. They were great to work with! When
Zach showed me the first version of Fleetsmith I was beyond impressed and knew
he had discovered a very cool market opportunity. It's really nice to see
their efforts get recognized in such a fantastic manner. Way to go!

------
ksec
May be a silly question.

Does that mean JAMF is dead? I dont see how there would be a large enough
market left once Apple enter the field to sustain their business.

------
czbond
Does this mean they might get into the MDM full service game and add testpilot
to it?

------
ohduran
Can't not see the favicon they have is Ghost's instead of their logo.

~~~
Kye
It appears to be fixed.

------
sup_
Congrats!

