Home > Bushel, iOS, Mac administration, Mac OS X > Walking through Bushel

Walking through Bushel

At JAMF Nation User 2014, JAMF Software took the wraps off of a new product: Bushel. Bushel is a cloud-based MDM solution for managing Apple Macs, iPhones, iPads and iPod devices. It’s designed to be simple to use, so that a business can get their Apple devices managed without needing to invest in a complex solution which needs a specialized skill set.

Since Bushel’s current pricing model allows for up to three devices free, I was able to take Bushel for a test drive and document what the process of setting it up and working with it looks like. For more details, see below the jump.

Prep work

Before starting with Bushel, I set up a Google Apps for Business domain named hiddenplant.com. This is where I hosted the email addresses which I used during this walkthrough.

Once I had my HiddenPlant Google Apps for Business domain set up with Google, I set up the following accounts for use with my testing:

Name: User Name
Email: username@hiddenplant.com

Name: John Doe
Email: johndoe@hiddenplant.com

Name: Jane Doe
Email: janedoe@hiddenplant.com

Name: Push Certificate
Email: pushcertificate@hiddenplant.com

I also set up Apple IDs for each of these accounts.

What was not tested

Bushel supports Apple’s DEP and VPP programs. Regrettably, I was not set up to test these (Apple understandably won’t provide DEP for virtual machines, for example) so I will not be covering Bushel’s capabilities in those areas during the course of this post.

Setting up a Bushel instance for hiddenplant.com

1. I went to bushel.com and clicked on the Sign Up Free button.

Screen Shot 2015 04 12 at 4 53 16 PM

 

2. This took me to signup.bushel.com, where I filled in the requested information to begin the setup process.

Screen Shot 2015 04 12 at 4 56 28 PM

 

3. Bushel notified me that verification would be needed, then sent me a verification email.

Screen Shot 2015 04 12 at 4 58 52 PM

 

Screen Shot 2015 04 12 at 5 00 22 PM

Screen Shot 2015 04 12 at 5 01 09 PM 

 

4. After verification, I logged in at login.bushel.com

Screen Shot 2015 04 12 at 5 04 16 PM

 

5. I was then prompted to continue the setup process by linking Bushel with an Apple account by clicking on the Let’s Go button.

Screen Shot 2015 04 12 at 5 05 33 PM

 

This part of the the Bushel setup walked me through the process of setting up an APNS certificate for the Bushel instance.

Setting up an Apple Push Notification Certificate for hiddenplant.bushel.com


1. To start the process, I clicked on the Certificate Signing Request.plist link

Screen Shot 2015 04 12 at 5 06 09 PM

Once the link was clicked, I verified that the referenced Certificate Signing Request.plist file had been downloaded to my Mac.

Screen Shot 2015 04 12 at 5 06 53 PM

 

2. Once I had the Certificate Signing Request.plist file, I clicked on the Go to Step 2 button.

Screen Shot 2015 04 12 at 5 06 54 PM

3. At this point, I needed to go to Apple’s Push Certificates portal and set up an APNS certificate for use by my Bushel instance by clicking on the Go to the Apple Push Certificates Portal link. Since it’s assumed that new users of Bushel may not be familiar with this process, there is a video available to walk you through the process.

Screen Shot 2015 04 12 at 5 07 21 PM

My assumption for most folks reading this post is that they are familiar with how to get an APNS certificate from identity.apple.com, so I’m not going to walk through this process as part of this post. I used pushcertificate@hiddenplant.com as the Apple ID used to generate this certificate and downloaded the APNS certificate in PEM format.

Screen Shot 2015 04 12 at 5 21 28 PM

That said, for those reading this who are not familiar with how this process works, a very similar video is available from JAMF’s resource site for creating an APNS certificate for BYOD management.

4. Once I had the APNS certificate downloaded, I clicked on the Go to Step 3 button.

Screen Shot 2015 04 12 at 5 21 45 PM

 

5. On the next setup page, I clicked on the Upload Push Certificate button and chose the downloaded APNS certificate.

Screen Shot 2015 04 12 at 5 21 56 PM

Screen Shot 2015 04 12 at 5 22 17 PM

 

6. Once uploaded, a new icon appeared on the Bushel setup page to indicate that Bushel had the certificate.

Screen Shot 2015 04 12 at 5 22 23 PM

7. I then clicked on the Start Using Bushel button to complete the setup process.

Screen Shot 2015 04 12 at 5 22 24 PM

 

8. Bushel then initialized hiddenplant.bushel.com and I was ready to move on to the next part:

A. Enrolling devices
B. Pushing setting to the enrolled devices

Screen Shot 2015 04 12 at 5 22 32 PM

 

Screen Shot 2015 04 12 at 5 22 34 PM

 

Setting up device enrollment for hiddenplant.bushel.com

1. On the Bushel management page, I clicked on the Account icon in the sidebar.

Screen Shot 2015 04 28 at 2 01 42 PM

 

2. That gave me the option to enable open enrollment for my devices by clicking on the selector button.

Screen Shot 2015 04 28 at 2 02 07 PM

 

3. Once enabled, I chose the options I wanted:

  • Setting an access code as a way to protect open enrollment.
  • How long I wanted open enrollment to last
  • Setting network restrictions on enrollment (in this case, I chose to have no restrictions.)

Screen Shot 2015 04 28 at 2 03 09 PM

 

4. Once I had the settings the way I wanted them, I clicked on the Update Open Enrollment Settings button to apply them to my Bushel instance.

Screen Shot 2015 04 28 at 2 03 10 PM

Screen Shot 2015 04 28 at 2 04 17 PM

Now that I was set up to enroll devices, next up was device management

Setting device management for hiddenplant.bushel.com

1. On the Bushel management page, I clicked on the Settings icon in the sidebar.

Screen Shot 2015 04 28 at 2 05 17 PM

 

2. I chose Email Accounts and enabled GMail.

Screen Shot 2015 04 28 at 2 06 23 PM

Note: While the guidance in Bushel at the time of this post recommends that Google Apps for Business users set up an Exchange profile and to use m.google.com for the mail server, I found that this worked for iOS but did not work for OS X. I’ve notified the appropriate Bushel folks about this.

3. Next, I selected Device Security and chose the options I wanted:

  • Requiring a lock code or password on devices.
  • Setting devices to automatically lock after a set amount of time.
  • Setting FileVault 2 to be automatically enabled on Macs running OS X.
  • Restricting which email accounts and applications could share documents and attachments by enabling managed open-in for iOS devices managed by my Bushel instance.
  • Locking down iCloud features for both iOS and OS X devices.

Screen Shot 2015 04 28 at 2 07 50 PM

 

4. Lastly, I chose Network Settings and set up a WiFi network which my Bushel-managed devices could access.

Screen Shot 2015 04 28 at 2 08 58 PM

Screen Shot 2015 04 28 at 2 09 14 PM

 

Now that Bushel was set up to enroll devices and provide management, it was time to enroll my test iOS and OS X devices.

Enrolling on iOS

For my test iOS device, I had an available iPod Touch running iOS 8.3. Prior to enrolling it, I did the following:

A. Performed a complete wipe of the device
B. Went through the setup procedure and skipped the following options:

  • Setting up anything iCloud-related
  • Setting up a passcode

1. On the iPod Touch, I opened Safari and went to the following address:

https://hiddenplant.bushel.com

2. When prompted, I provided the enrollment passcode and signed in as the following person:

Name: Jane Doe
Email: janedoe@hiddenplant.com

Bushel JaneDoe  1

3. The iOS device was enrolled and I was walked through the process of installing the needed profile support.

Bushel JaneDoe  2

Bushel JaneDoe  3

Bushel JaneDoe  4

Bushel JaneDoe  5

Bushel JaneDoe  6

Bushel JaneDoe  7

Bushel JaneDoe  8

Bushel JaneDoe  9

 

4. Once the Bushel profiles were installed, I was prompted to set a passcode.

Bushel JaneDoe  10

 

5. Once the passcode was set, I was prompted for the password to Jane’s Google Apps email account.

Bushel JaneDoe  13

6. Once the password was provided, Jane’s email was set up automatically and her email began downloading.

Bushel JaneDoe  14

 

Enrolling on OS X

For my test OS X device, I had an VMware Fusion VM running OS X 10.10.3. Prior to enrolling it, I did the following:

A. Went through the setup procedure and skipped the following options:

  • Setting up anything iCloud-related
  • Setting up anything FileVault 2-related

1. On the OS X, I opened Safari and went to the following address:

https://hiddenplant.bushel.com

2. When prompted, I provided the enrollment passcode and signed in as the following person:

Name: John Doe
Email: johndoe@hiddenplant.com

Screen Shot 2015 04 28 at 2 10 47 PM


3. The VM was enrolled and I was walked through the process of installing the needed profile support.

Screen Shot 2015 04 28 at 2 11 02 PM

Screen Shot 2015 04 28 at 2 11 13 PM

Screen Shot 2015 04 28 at 2 11 39 PM

Screen Shot 2015 04 28 at 2 18 40 PM

Screen Shot 2015 04 28 at 2 18 45 PM

Screen Shot 2015 04 28 at 2 18 49 PM

 

4. Once the Bushel profiles were installed, I was prompted for the password to John’s Google Apps email account.

Screen Shot 2015 05 02 at 1 05 09 AM

Screen Shot 2015 05 02 at 1 05 36 AM

Screen Shot 2015 05 02 at 1 05 40 AM

Screen Shot 2015 05 02 at 1 05 52 AM

 

 

5. Once the password was provided, John’s email was set up automatically and his email began downloading.

Screen Shot 2015 05 02 at 1 11 42 AM

 

6. On logout, I was prompted to enter the login password for my account in the OS X VM to begin the FileVault 2 encryption process.

Screen Shot 2015 05 02 at 1 11 43 AM

Screen Shot 2015 05 02 at 1 11 44 AM

 

Monitoring Bushel-enrolled devices

Once devices are enrolled, a great amount of detail about them is available via the Bushel management page.

Screen Shot 2015 05 01 at 10 56 05 PM

To bring up information about a particular device, click on its listing.

Screen Shot 2015 05 01 at 10 56 37 PM

Screen Shot 2015 05 01 at 10 56 51 PM

 

If you want to remotely lock, wipe, unenroll or change a particular device’s assignment, this can be done via its device listing page.

Screen Shot 2015 05 02 at 1 27 39 AM

 

Conclusion 

In my testing of Bushel, I found it to be a good solution for quickly and easily standing up management for Apple iOS and OS X devices. The Bushel team went to considerable lengths to make sure that the setup process was smooth and easy to follow. If I had a number of devices that I needed to set up where the same general configuration was applied to all of them, Bushel would be a great way to make that happen in fairly short order.

Where Bushel will fall short is in situations where you need custom configurations applied. Bushel’s focus is on simplicity of management, but it comes at the cost of management flexibility. When you hit the point of needing to set up different configurations for devices, Bushel stops being the one-stop solution for you. At that point, I’d recommend looking for a device management solution that can handle the increased complexity.

This does not mean that Bushel is a bad solution. It just means that it does one job. In my testing, I found it to do that one job well.

  1. Graham
    May 2, 2015 at 6:31 am

    Great post Rich. Do you know if Bushel can do Enterprise wifi (802.1x)? It looks like you use a web interface to set the wifi, rather than pick up a Profile or existing connection.

    • May 2, 2015 at 6:41 am

      All of Bushel’s management goes through the Bushel web interface, so the options are limited to what’s available there. As of today, I didn’t see any 802.11x-related options:

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: