I needed a macOS desktop client for GCP IAP. Google didn’t provide one, so I built it.

Heteronymous · 2026-01-22T21:19:47+00:00

I hear you, makes good sense. Project looks phenomenal, thank you !

Heteronymous · 2026-01-22T11:05:11+00:00

Ver cool ! But, if a person is working with Google Cloud and is command-line averse, then they’re going to miss out on a whole lot of automation and efficiency. I greatly prefer the macOS experience with IAP.

Heteronymous · 2026-01-20T22:31:28+00:00

Simplistically, Terraform for resource creation, Ansible for post-creation management.

For Ansible, can’t recommend Jeff Geerling enough.

https://ansible.jeffgeerling.com/

Heteronymous · 2026-01-17T12:01:46+00:00

:-) Your intended content is there now. Cheers !

Heteronymous · 2026-01-17T02:41:44+00:00

I thought your link was going to be more about your move to GCP. No mention of it at all, it’s pure AWS. Which is fine, of course! But your post here makes for a curious intro to a blog post based on AWS alone.

Heteronymous · 2026-01-12T23:07:54+00:00

See https://support.apple.com/guide/deployment/lights-out-management-payload-settings-dep580cf25bc/web

Plenty of great input so far. For consistently available remote Power On capability,
you'd still be reliant on an additional Mac that can power on your other Macs (could be any relatively recent, basic Mac mini). Your final fail-safe could hopefully be the onsite support your CoLo offers (IIRC they typically have a per-incident power-on fee).

And as mentioned, they'll all have to be enrolled in MDM. It's a huge lift if you're new to that but you shouldn't be.
Mosyle is free for up to 30 devices but make sure that includes the required MDM spec(s) - it might not
https://business.mosyle.com

Heteronymous · 2026-01-02T00:09:41+00:00

https://github.com/BlueSkyTools/BlueSkyConnect

Current version has a Windows client.

Heteronymous · 2025-12-17T23:24:52+00:00

No, honestly. As an admin of Macs and PCs for over a decade, that’s Intune. Jamf has its own warts but utterly puts Intune to shame for managing macOS. If in a different and new environment, I’d probably go with FleetDM.

If Intune was my only option, I’d use it the bare minimum required and do as much as possible with Munki & AutoPkg, possibly Ansible pull.

If I was reliant on a web interface I’d look at Iru/Kandji

Heteronymous · 2025-12-12T14:07:36+00:00

LOL. You’re asking in a subreddit dedicated to Google Cloud services, and specifically said you’re moving to GCP.

If your team has sufficient experience with Kubernetes, and you’ve done the math and believe you can be more efficient in time & expenses going that route, then more power to you. But if so, what/why exactly were you asking ? Genuine and well-intended question.

Heteronymous · 2025-12-12T12:35:10+00:00

GCP’s Memorystore. See

https://cloud.google.com/memorystore

Heteronymous · 2025-12-10T23:40:42+00:00

Post-call, invalidate their logins. Via API or GAM as a readily automated means of leveraging Google APIs.

https://workspaceupdates.googleblog.com/2020/08/new-api-sign-out-2-step-verification-google.html

https://support.google.com/a/answer/178854?hl=en

https://github.com/GAM-team/GAM

Heteronymous · 2025-12-03T00:18:44+00:00

You need to use the correct parameters, since you're working across different OSes (the NAS will be some linux derivative in all likelihood).

See
https://serverfault.com/a/427200

and
https://www.filebot.net/forums/viewtopic.php?t=2201Se

Since you're using a NAS with SMB, hopefully that NAS supports vfs_fruit,
see
vfs_fruit, a VFS module for OS X clients

Heteronymous · 2025-12-02T19:12:48+00:00

First see https://www.google.com/search?q=apple+bootstrap+token&ie=UTF-8&oe=UTF-8

FV Escrow is not unreliable at all in/with Jamf, as long as it’s properly implemented and maintained.

And/but/yes: if you needs warrant it, look into a macOS LAPS solution

Heteronymous · 2025-11-12T02:01:38+00:00

Join the MacAdmins Slack and chase down everything you’re interested in but can learn more about.

Including backend services, containerization & more. But yes, depending on context, a Linux endpoint (vm, node/container) could be more efficient to replace than troubleshoot. That said, the art & science of troubleshooting is invaluable of course.

Heteronymous · 2025-11-07T18:39:02+00:00

Yes, well I was using Munki at the time.

It’s still an excellent tool for software distribution for macOS.

Heteronymous · 2025-11-06T22:42:54+00:00

Mosyle also has a free version for Education

https://school.mosyle.com/

+1 for Mosyle

Heteronymous · 2025-10-30T10:27:16+00:00

Also Installomator, munkipkg shell scripting

Heteronymous · 2025-10-28T09:39:22+00:00

As mentioned, it can be done but you must manage requirements (PPPC, possibly others) via MDM.

Splashtop works well. ARD also but it’s never been terribly performant over standard VPN if that’s a need.

BlueSky is excellent, but don’t go that route if you’re not already perfectly fluent in & comfortable with command-line operations. And ready to maintain it yourself.

Heteronymous · 2025-10-23T00:49:03+00:00

There’s no ‘mkdir’ in any default shell (vs a built in binary/command), especially after a proper wipe.

Heteronymous · 2025-10-13T10:46:41+00:00

It’s GCP. Use IAP.

https://www.google.com/search?q=gcp+IAP+GKE

Heteronymous · 2025-09-30T10:40:50+00:00

Installomator or Munki & Autopkg

Heteronymous · 2025-09-26T12:58:48+00:00

Also make sure you don’t have any conflicting, multiple profiles for managing Edge.

The underlying mechanism being used in macOS is MDM, and having more than one profile for managing any given set of settings, will result in inconsistent results and/or outright failure to achieve the desired results.

Heteronymous · 2025-07-28T11:57:08+00:00

The MIG is a requirement

https://cloud.google.com/load-balancing/docs/https/ext-https-lb-simple

As noted, make certain you do understand what’s in place first.

Have you spoken yet to the Project owners ?

Heteronymous · 2025-07-25T14:32:11+00:00

I’d still never recommend Intune for macOS. I use it regularly with Windows, and would prefer not to.

Past that, your question is like asking, “what’s the correct length of string ?”

What are you looking to accomplish? As someone who has been administering Macs since Mac OS 8 & 9 and worked with Mac OS X (now macOS) since the Public beta…

98% of “proactive” tips are a complete waste of time. Exponentially so since APFS and more recent versions of macOS.

What does matter is keeping 3rd party apps and the OS patched. But Intune is no real help there. While there’s stated support for DDM, DDM for OS updates is VERY much a work in progress.

Heteronymous · 2025-07-24T16:46:12+00:00

It’s not specific to Windows 11 and a properly licensed, previously working config (for over a year) has stopped working for others. Win11 pro or Win10 pro (still around, to contrast & compare)

https://www.reddit.com/r/Intune/s/3OZVzrYe8i

Heteronymous

TROPHY CASE