Viewing entries tagged
macbook

Flat Out of Time - Correcting the System Clock from the Login Window

9 Comments

Flat Out of Time - Correcting the System Clock from the Login Window

Some of the schools I work with have shared class sets of MacBooks. Their shared MacBooks are configured to connect to the school’s Wi-Fi (WPA2 enterprise network) at the login window. Sometimes the MacBooks are left in sleep mode for extended periods of time, causing the battery to deplete and the system clock to reset.

After the flat MacBooks are recharged and turned on, they fail to connect to Wi-Fi and this leads to users complaining that they cannot log in. This is due to the ‘Not Valid Before’ value of the Remote Authentication Dial-In User Service (RADIUS) certificate being ahead of the system clock.

Correcting this issue would require a user to first realise the time is incorrect and then connect the MacBook to the network with an Ethernet cable or more commonly bring the MacBook to an IT Administrator with access to a local administrator account.

With the number of users coming to see me with this issue, I started looking into ways I could give the user the ability to correct the system time themselves from the login window and without an Ethernet cable. My idea was to create an application that appears over the top of the login window if the system clock is set to a date before 2015.

I found making an application visible at the login window surprisingly difficult. It wasn’t until I came across Apple’s PreLoginAgents sample code that I was a big step closer. Not long after that I had a working app that prompted users to correct the date and time after a flat battery.

To use, simply download the package from here and deploy it to your clients.

9 Comments

The Ultimate Education/Enterprise Deployment Guide to Apple TV AirPlay Mirroring

9 Comments

The Ultimate Education/Enterprise Deployment Guide to Apple TV AirPlay Mirroring

This guide was written primarily to benefit educational and corporate I.T. staff deploying Apple TVs in enterprise networks, however many of the tips can also be applied to home setups to greatly improve your AirPlay Mirroring experience.

What is AirPlay Mirroring?

AirPlay Mirroring, a feature in second and third generation Apple TVs, allows supported iPad, iPhone, iPod touch and Mac owners to wirelessly project their display to an audience. With recent updates, an Apple TV can even be used as a secondary display.

When giving a presentation, think about the time spent mucking around with cables, inputs and resolutions. AirPlay Mirroring allows a presenter to instantly share a Keynote presentation directly from an iPhone while freely moving around the room. Once that presentation is over, the next presenter can instantly take control of the screen and start their presentation.

AirPlay Mirroring takes advantage of the H.264 encoding functionality found in newer graphics cards. You can find Apple’s official list of supported AirPlay Mirroring Mac hardware here

It is also worth mentioning AirParrot, a third party AirPlay Mirroring application for unsupported Macs and PCs. Just be aware that AirParrot relies heavily on CPU and as a result has a substantial impact on battery life.

 

Network Infrastructure

Wi-Fi Hardware

AirPlay Mirroring is a highly bandwidth intensive, low latency technology. All of our previous wireless APs (access points) were wireless N specification and yet the AirPlay Mirroring experience with a class full of students was unreliable. Increasing the number of APs to balance wireless usage helped, but not to the standard we were after.

After investigating various wireless vendors we made the move to Aerohive APs. It has greatly improved our AirPlay Mirroring experience and has allowed us to reduce our total number of APs. Now, each classroom containing an Apple TV also has an Aerohive AP330

Special attention is required when positioning APs; for example, mounting an AP to a celling containing an air-conditioning duct may dramatically reduce the APs SNR (signal-to-noise ratio) and greatly impacts throughput. WiFi Explorer is a Mac application for tracking signal to noise ratio of APs. A good AirPlay Mirroring experience requires a SNR of at least 25dB. 

 

Wi-Fi Configuration

In 2011, connecting an Apple TV to a WPA2 Enterprise (802.11x) wireless network was unsuccessful. Therefore we created a WPA2 PSK network with a hidden SSID (not displayed on client devices) purely for Apple TVs. Please note that some time has passed since our initial tests and WPA2 Enterprise support has probably improved. Currently we have chosen to stick with WPA2 PSK as there is no need to install a WPA2 Enterprise profile with Apple Configurator and no real benefit.

 

2.4GHz vs 5GHz

Wireless N supports both the 2.4GHz and 5GHz radios. The 5GHz radio relies on line of sight, where as the the 2.4GHz signal penetrates through walls. During our initial rollout of Apple TVs, we found that they were connecting to the 2.4GHz radio coming from APs in other buildings instead of connecting to the 5GHz wireless access point in the same room.

Since all of our wireless clients are iPads and Macs with 5GHz radio support, we were in a fortunate position to completely disable the 2.4GHz radio on our network and, as a result, Apple TVs connect to their closet access point. This has been a major component to delivering a smooth AirPlay Mirroring experience.

 

Ethernet vs Wi-Fi

Even with the best enterprise wireless equipment, Apple TVs still drop off of the network from time to time and simply require a reboot. Where possible, allocating a dedicated Ethernet port for your Apple TVs is by far the best option to improve reliability and performance.

 

Apple TV Discovery

Bonjour Discovery
Both OS X and iOS use the Bonjour protocol to advertise and discover services on the network; this includes AirPlay. Bonjour is limited to only advertising to clients on the local subnet. This is a problem as enterprise networks generally separate clients into different subnets depending on their credentials (e.g. staff are segregated from students).

A Bonjour gateway is the solution to this problem as it listens to Bonjour traffic on one subnet and then re-advertises on other subnets. We run Aerohive’s virtualised Bonjour gateway, however most wireless manufactures (e.g. Aruba, Cisco, Meru, Ruckus, Xirrus, etc.) now offer Bonjour gateways and experienced Linux administrators should take a look at Avahi.

To get optimal performance from a Bonjour gateway, it is recommend to use a small subnet purely for Apple TVs, as Bonjour gateways scan smaller subnets much faster.

Bluetooth Discovery
With the release of Apple TV Update 6.1, third generation Apple TVs can now advertise themselves via Bluetooth. This is great for networks that don’t have a Bonjour gateway. Better yet, it means clients will only see a list of nearby AirPlay devices.

 

Controlling Apple TV Updates

Originally whenever Apple released a new Apple TV update I was filled with excitement followed by the dread of having to run around and manually update each of the eighty plus Apple TVs across the campus.

To block Apple TV updates we assign our Apple TVs a DNS server (via DHCP) that contains DNS cache poisoning (resolves to 127.0.0.1) of the following URLs:

  • appldnld.apple.com
  • mesu.apple.com
  • appledld.com.edgesuite.net
  • itunes.apple.com.edgesuite.net

It is also a good idea to point time.apple.com at your local NTP (Network Time Protocol) server.

When we are ready to update all of our Apple TVs, we temporarily disable the DNS poisoning and all of the Apple TVs detect a new update. This used in conjunction with automatic updates is the best solution for enterprise networks with large numbers of Apple TVs.

Another bonus to DNS poisoning is the removal of the movie banners and unnecessary services.

The biggest issue we still battle with is the Apple TV updates which displays the ‘What’s New’ screen after it has updated as it prevents AirPlay until ‘Continue’ is selected with an Apple TV remote.

 

Apple TV Configuration

720p vs 1080p

Setting third generation Apple TVs to output 720p video, greatly improves the AirPlay Mirroring experience. This is simply due to the client transmitting a 720p stream of their screen compared to a higher bandwidth intensive 1080p stream.

 

AirPlay Security

I am proud to be part of an I.T. team where delivering a great user experience always comes first and is not restricted with unnecessary policies. Due to the culture of our students, we provide open access to AirPlay Mirroring, therefore we do not make use of any AirPlay Mirroring security features. For the schools that are not in a position to do this, below are the available options for controlling AirPlay access.

Static Password (Settings > AirPlay > Security > Password)
With a static password, users are prompted to enter a password when they connect.

Onscreen Code (Settings > AirPlay > Security > Onscreen Code)
Selecting an Apple TV causes a randomised four digit code to be displayed on the selected Apple TV. The user is required to enter this code before AirPlaying.

Network Access Control List
In theory (untested), you could also use an ACL to limit access to the subnet containing your Apple TVs. Even if a device discovers an Apple TV via Bluetooth, if it cannot connect to the Apple TVs IP address, it will be unable to AirPlay.

 

Conference Room Display (Settings > AirPlay > Conference Room Display)

The Apple TV 6.0 update introduced a Conference Room Mode; while idle instructions to AirPlay Mirror are displayed. This feature works great in situations where the Apple TV is connected via Ethernet or to the same wireless SSID as your clients. However, in our situation the hidden SSID we connect our Apple TVs to would be displayed. To avoid any confusion we do not use this feature.


Out of the Box Configuration

Below are the steps we take configuring a brand new Apple TV.

  1. Connect to the network via Ethernet or Wi-Fi.
  2. Name the Apple TV based on its physical location (Settings > General > Name > Custom).
  3. Physically label the Apple TV for easy identification.
  4. Disable sleep (Settings > General > Sleep After > Never)
  5. Disable screen saver (Settings > Screen Saver > Start After > Never)
  6. Set time zone (Settings > General > Time Zone > Manual)
  7. Enable automatic updates (Settings > General > Update Software > Update Automatically > On)
  8. Set resolution to 720p (Settings > Audio & Video > TV Resolution > 720p HD - 60Hz)


Client Configuration and Training

DVD Playback While AirPlay Mirroring


For what is believed to be copyright reasons, the OS X DVD Player application will not allow playback of movies while AirPlay Mirroring. Our solution to this problem has been to use VLC for DVD playback. We have made the experience of inserting a DVD and having it play seamlessly with the following scripts:

The bellow AppleScript ‘DVD.scpt’ opens VLC, detects the optical drive and then tells VLC to start playing the DVD.

activate application "VLC"
set drive to do shell script "mount | grep udf | awk '{ print $1 }'"

tell application "VLC"
OpenURL "dvdnav://" & drive
play
next
end tell

We then set DVD.scpt as the default action for DVDs, in System Preferences > CDs & DVDs.

Manually configuring this setting through System Preferences on every Mac was not an option, so we pushed out the setting in the plist file:

~/Library/Preferences/com.apple.digihub.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.digihub.dvd.video.appeared</key>
    <dict>
        <key>action</key>
        <integer>6</integer>
        <key>otherscript</key>
        <dict>
                <key>_CFURLString</key>
                <string>file:///Library/Scripts/AirPlay%20DVD/DVD.scpt</string>
                <key>_CFURLStringType</key>
                <integer>15</integer>
        </dict>
    </dict>
</dict>
</plist>

 

Entering Passwords While AirPlay Mirroring

If you have ever entered a password into an iOS device, you would have noticed the last character entered is displayed for a split second before it is masked. While AirPlay Mirroring from an iOS device, this behaviour still occurs and could allow others to work out your password.

To combat this issue, users are taught to disconnect from AirPlay before entering passwords. Using iCloud Keychain is also encouraged as login credentials are pre-filled.

 

Apple TV Alternatives

Using an Apple TV for AirPlay Mirroring is the only Apple supported solution, but not the only AirPlay Mirroring solution out there, some schools run AirServer or Reflector. These solutions are worth considering if:

  • You don’t have the budget for a set of Apple TVs.
  • Your current displays do not support HDMI.
  • You already have dedicated computers connected to your projectors.
  • You want to record your AirPlay Mirroring into a video file.

9 Comments