Walking through Bushel

At JAMF Nation User 2014, JAMF Software took the wraps off of a new product: Bushel. Bushel is a cloud-based MDM solution for managing Apple Macs, iPhones, iPads and iPod devices. It’s designed to be simple to use, so that a business can get their Apple devices managed without needing to invest in a complex solution which needs a specialized skill set.

Since Bushel’s current pricing model allows for up to three devices free, I was able to take Bushel for a test drive and document what the process of setting it up and working with it looks like. For more details, see below the jump.

Prep work

Before starting with Bushel, I set up a Google Apps for Business domain named hiddenplant.com. This is where I hosted the email addresses which I used during this walkthrough.

Once I had my HiddenPlant Google Apps for Business domain set up with Google, I set up the following accounts for use with my testing:

Name: User Name
Email: username@hiddenplant.com

Name: John Doe
Email: johndoe@hiddenplant.com

Name: Jane Doe
Email: janedoe@hiddenplant.com

Name: Push Certificate
Email: pushcertificate@hiddenplant.com

I also set up Apple IDs for each of these accounts.

What was not tested

Bushel supports Apple’s DEP and VPP programs. Regrettably, I was not set up to test these (Apple understandably won’t provide DEP for virtual machines, for example) so I will not be covering Bushel’s capabilities in those areas during the course of this post.

Setting up a Bushel instance for hiddenplant.com

1. I went to bushel.com and clicked on the Sign Up Free button.

2. This took me to signup.bushel.com, where I filled in the requested information to begin the setup process.

3. Bushel notified me that verification would be needed, then sent me a verification email.

4. After verification, I logged in at login.bushel.com

5. I was then prompted to continue the setup process by linking Bushel with an Apple account by clicking on the Let’s Go button.

This part of the the Bushel setup walked me through the process of setting up an APNS certificate for the Bushel instance.

Setting up an Apple Push Notification Certificate for hiddenplant.bushel.com

1. To start the process, I clicked on the Certificate Signing Request.plist link

Once the link was clicked, I verified that the referenced Certificate Signing Request.plist file had been downloaded to my Mac.

2. Once I had the Certificate Signing Request.plist file, I clicked on the Go to Step 2 button.

3. At this point, I needed to go to Apple’s Push Certificates portal and set up an APNS certificate for use by my Bushel instance by clicking on the Go to the Apple Push Certificates Portal link. Since it’s assumed that new users of Bushel may not be familiar with this process, there is a video available to walk you through the process.

My assumption for most folks reading this post is that they are familiar with how to get an APNS certificate from identity.apple.com, so I’m not going to walk through this process as part of this post. I used pushcertificate@hiddenplant.com as the Apple ID used to generate this certificate and downloaded the APNS certificate in PEM format.

That said, for those reading this who are not familiar with how this process works, a very similar video is available from JAMF’s resource site for creating an APNS certificate for BYOD management.

4. Once I had the APNS certificate downloaded, I clicked on the Go to Step 3 button.

5. On the next setup page, I clicked on the Upload Push Certificate button and chose the downloaded APNS certificate.

6. Once uploaded, a new icon appeared on the Bushel setup page to indicate that Bushel had the certificate.

7. I then clicked on the Start Using Bushel button to complete the setup process.

8. Bushel then initialized hiddenplant.bushel.com and I was ready to move on to the next part:

A. Enrolling devices
B. Pushing setting to the enrolled devices

Setting up device enrollment for hiddenplant.bushel.com

1. On the Bushel management page, I clicked on the Account icon in the sidebar.

2. That gave me the option to enable open enrollment for my devices by clicking on the selector button.

3. Once enabled, I chose the options I wanted:

• Setting an access code as a way to protect open enrollment.
• How long I wanted open enrollment to last
• Setting network restrictions on enrollment (in this case, I chose to have no restrictions.)

4. Once I had the settings the way I wanted them, I clicked on the Update Open Enrollment Settings button to apply them to my Bushel instance.

Now that I was set up to enroll devices, next up was device management

Setting device management for hiddenplant.bushel.com

1. On the Bushel management page, I clicked on the Settings icon in the sidebar.

2. I chose Email Accounts and enabled GMail.

Note: While the guidance in Bushel at the time of this post recommends that Google Apps for Business users set up an Exchange profile and to use m.google.com for the mail server, I found that this worked for iOS but did not work for OS X. I’ve notified the appropriate Bushel folks about this.

3. Next, I selected Device Security and chose the options I wanted:

• Requiring a lock code or password on devices.
• Setting devices to automatically lock after a set amount of time.
• Setting FileVault 2 to be automatically enabled on Macs running OS X.
• Restricting which email accounts and applications could share documents and attachments by enabling managed open-in for iOS devices managed by my Bushel instance.
• Locking down iCloud features for both iOS and OS X devices.

4. Lastly, I chose Network Settings and set up a WiFi network which my Bushel-managed devices could access.

Now that Bushel was set up to enroll devices and provide management, it was time to enroll my test iOS and OS X devices.

Enrolling on iOS

For my test iOS device, I had an available iPod Touch running iOS 8.3. Prior to enrolling it, I did the following:

A. Performed a complete wipe of the device
B. Went through the setup procedure and skipped the following options:

• Setting up anything iCloud-related
• Setting up a passcode

1. On the iPod Touch, I opened Safari and went to the following address:

https://hiddenplant.bushel.com

2. When prompted, I provided the enrollment passcode and signed in as the following person:

Name: Jane Doe
Email: janedoe@hiddenplant.com

3. The iOS device was enrolled and I was walked through the process of installing the needed profile support.

4. Once the Bushel profiles were installed, I was prompted to set a passcode.

5. Once the passcode was set, I was prompted for the password to Jane’s Google Apps email account.

6. Once the password was provided, Jane’s email was set up automatically and her email began downloading.

Enrolling on OS X

For my test OS X device, I had an VMware Fusion VM running OS X 10.10.3 iOS 8.3. Prior to enrolling it, I did the following:

A. Went through the setup procedure and skipped the following options:

• Setting up anything iCloud-related
• Setting up anything FileVault 2-related

1. On the OS X, I opened Safari and went to the following address:

https://hiddenplant.bushel.com

2. When prompted, I provided the enrollment passcode and signed in as the following person:

Name: John Doe
Email: johndoe@hiddenplant.com

3. The VM was enrolled and I was walked through the process of installing the needed profile support.

4. Once the Bushel profiles were installed, I was prompted for the password to John’s Google Apps email account.

5. Once the password was provided, John’s email was set up automatically and his email began downloading.

6. On logout, I was prompted to enter the login password for my account in the OS X VM to begin the FileVault 2 encryption process.

Monitoring Bushel-enrolled devices

Once devices are enrolled, a great amount of detail about them is available via the Bushel management page.

To bring up information about a particular device, click on its listing.

If you want to remotely lock, wipe, unenroll or change a particular device’s assignment, this can be done via its device listing page.

Conclusion 

In my testing of Bushel, I found it to be a good solution for quickly and easily standing up management for Apple iOS and OS X devices. The Bushel team went to considerable lengths to make sure that the setup process was smooth and easy to follow. If I had a number of devices that I needed to set up where the same general configuration was applied to all of them, Bushel would be a great way to make that happen in fairly short order.

Where Bushel will fall short is in situations where you need custom configurations applied. Bushel’s focus is on simplicity of management, but it comes at the cost of management flexibility. When you hit the point of needing to set up different configurations for devices, Bushel stops being the one-stop solution for you. At that point, I’d recommend looking for a device management solution that can handle the increased complexity.

This does not mean that Bushel is a bad solution. It just means that it does one job. In my testing, I found it to do that one job well.