Main Nav



Those interested seem to agree that we’d discuss specific pain points regarding “those other” Apple devices like AppleTv and any AirPlay/Bonjour-dependent gadgets until Friday, at which point we’d firm up the petition and find a place to host it. Then would come signatures, and ultimately presenting it to Apple, possibly via each of our Apple reps.


Neil Johnson has started the companion Facebook group, and has drafted the early version of what everyone appears to want from Apple development in petition form at with 72 members joining thus far. (Thanks, Neil)


We have at least one CIO interested, and interested in sharing it with other CIOs via Educause if petition is done in a constructive, fact-based way.


We also have a bit of media coverage coming soon on the process, with potentially more to follow.


A lot of excellent technical discussion has been spawned during all of this, and as usual, the interaction has been great between list members.


All of that being said, it is worth asking:


·         Is the group still feeling good about the direction this initiative is going in?

·         Does anyone have any problems with the wording and points in the doc so far?

·         Is everyone interested able to sign on behalf of their institution/organization? If not, can you get empowered or find someone who can sign?

·         Has anyone else approached senior IT management and found interest? Any other CIOs game at this point?

·         Any other mid-week thoughts, concerns, comments on the topic?




Lee Badman 


********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at


Message from

What is the scope of the petition?  What is the goal?  Is it only to improve the Airplay feature in the enterprise?  If so, the petition looks fine to me.  If the goal is to encourage Apple to incorporate enterprise support in *all* of their products, then we should include more lacking enterprise features in other products in the petition.

I don't want to muddy the waters with the message we are sending, but in my opinion - as soon as you get things like Airplay working you have another big problem and that is that you cannot pull off a seamless roam from any Apple device connected to a WPA2-Enterprise SSID.  So if you are fine with telling those users to stay put while doing Airplay, or voice apps, etc. then no biggie, but if you want to support mobile real-time video/voice - these devices have to support a fast-roam using an Enterprise method.

Since Windows XP, microsoft supports this - it is called "opportunistic key caching".  You can add the feature to Linux by editing the wpa_supplicant.conf file and adding "proactive key caching".  All of the WiFi phones (Cisco, Avaya, Polycom) support this.  Not a single Mac or iOS device does.

Some think 802.11r is the solution - I have my doubts that Apple will ever incorporate 802.11r, and if they did and you turn it on, then all of your other non-802.11r devices on that SSID will no longer fast-roam.  ...May be something to consider.

Curtis Larsen
University of Utah
Wireless Network Engineer
Office 801-587-1313

Message from

It's just my opinion, but while asking Apple to implement OKC sounds like worthwhile idea, I'd like to keep the focus on Bonjour and Airplay for this petition.


Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081

I agree.  I think if it get too broad it is just going to look like a well-organized rant.



Message from

So for those of us without Facebook, no way of signing it?


Hearing that some do not use FB that wish to sign, perhaps moving it to a site like is a possibility, or perhaps a page could be hosted on the Educause website itself?


The petition’s main statement reads:

“We the undersigned academic and research institutions request that Apple provide support for Bonjour/Airplay technology in enterprise networks.”

Might I suggest a possible refinement to:

“We the undersigned academic and research institutions request that Apple collaborate with us to improve Bonjour/Airplay technologies in enterprise networks.”


For me, if DNS-SD worked for Airplay (as it does for printing) , my current hurdle would largely be solved.

That would also require the AppleTV concession made to content-providers relaxed or removed.

Perhaps they could make an alternative AppleTV image that allows DNS-SD to work, but removes the content-provider features (?).


If one needs both the content services and Airplay across subnets, that seems the immediate problem we’d like Apple to help solve in lieu of other proprietary solutions.






I don’t use facebook so I think this would be a good move.


After discussing this with a colleague at another university I believe a broader approach than just addressing Bonjour is justified.  Apple does have many deficiencies to address in the enterprise.


I agree that there is a need to address all of the enterprise issues. We are really struggling with the AppleID on iOS and it is going to get 10x worse for us when we are forced to use Mountain Lion and everything has to come to the app store.


Maybe dividing it by “topic” is the best way though. Networking issues, software/OS deployement issues, etc.


Tim Cappalli, ACMP CCNA | (802) 626-6456

Office of Information Technology (OIT) | Lyndon

» |





I just loaded up Mountain Lion, can you explain what you mean or point to a doc that overviews the changes you are talking about? So far, my copy isn’t surprising me with anything unpleasant but then again I’ve spent a whole 15 minutes with it. No issues getting on 802.1x network.






Lee H. Badman

Wireless/Network Engineer

Information Technology and Services

Adjunct Instructor, iSchool

Syracuse University

315 443-3003



We were told by our Apple rep that Mountain Lion will only allow app installations through the app store. Applications installed outside of the app store will not run because of the new gatekeeper “functionality”. Quite frankly, it is a sad excuse to say the OS is secure.


This is a huge issue for us because of AppleID’s for each computer device and credits linked etc.



Tim Cappalli, ACMP CCNA | (802) 626-6456

Office of Information Technology (OIT) | Lyndon

» |



I’m waiting for the punchline…




I understand why there is a benefit to keeping the scope focused, but I agree that there is some merit in at least making some more general statements about the difficulties of running Apple products in the enterprise.


Pete Morrissey


I’m not from Missouri, but did drive through there once so I had to see this for myself. Indeed, when I attempted to open an application, I was told that my security settings only permit things that came from the app store (feels pretty bizarre). So, I changed my security settings to allow apps from anywhere, and that allowed the application to work.


My X11 did break after installing Mountain Lion (needed for wireshark on the Mac), and doesn’t look like an easy fix after spending a few minutes on it.


My first impression is that there is a lot of room for confusion and frustration, but it will likely fall on the helpdesk more than the network support folks (again, early impression).




Message from

Since we’re a networking group I think we need to keep the focus on networking issues. More specifically service advertisement (Bonjour) and wireless authentication (lack of support for WPA2-Enterprise).


What Apple hasn’t understood that is while creating great devices for homes our students’ “homes away from home” are on an enterprise network. If they’re able to come to an understanding of that maybe their R&D will be more likely to take that into account.


I don’t know if Apple knows, or even cares, how many of their devices touch enterprise networks. They normally only hear complaints on a single device (or from a single institution) at a time. We could possibly give them a count that might get their attention.


Mearl Danner

Systems Programmer

Samford University Technology Services




I've never had a complaint about BonJour but consistently have issues with Apple devices connecting via wireless or getting snagged in NAC.  As far as I know Macs connected via 802.1x still cannot survive a password change without blowing away the key chain.

Bonjour is a networking issue as are the wireless issues.  I'd like to see them included in the petition due to the considerable effort it takes to get the petition together.  Would we do another petition for the wireless issues?  How would that come off?  Seems like we would lose signatures on our end and we would lose the punch on their end.

John Kaftan
Infrastructure Manager
Utica College

----- Reply message -----
Message from

That's incorrect.  Just tried this yesterday, unsigned apps (and apps outside the App Store can be signed) will not run by default, but you can completely disable gatekeeper in the Security Preferences or override it per application.


I agree that we should include some of the key networking issues we see, WPA2-Enterprise, Opportunistic Key Caching, etc.  Basically we’d love to see Apple take a leadership role in supporting these technologies instead of their current status as a boat anchor forcing us to keep many of these features turned off.  We should keep the petition short and to the point, which so far it appears to be, just need to add in a few more bullets. J


Thanks for putting this together!!


Carl Oakes

Network Architect

California State University Sacramento




Message from


We are looking at several options for providing a way to officially "sign" the petition.  The Facebook group was one suggestion, but since not everyone is on (or wants to be on)  Facebook, we'll look at something else.

Stay tuned.


Message from

Lee, For our campus it's the Apple IDs that are the problem. the only copies of Lion that are running on Macs that were purchased before Lion came out are either from the free upgrades if you bought hardware in that ~ 1 month that you got the next OS, it was under OS contact (AMP), or if you paid for it out of pocket (and likely didn't get reimbursed). We have the technical part of going through the voucher system to get a redeem code to hand an employee all worked out, but then it's tied to that employee's apple ID. The university can't track it, move it to a different employee, or keep it when you leave the university, etc. So they wont let us get anything at all that works that way. If we have to buy it from the App store as the only way to get it, then we can't get it. It's been almost a year, and campus legal and our purchasing department still don't have it worked out. FWIW on a wireless topic, we're seeing if we can get the CIO or the central IT Director of Networking to sign the petition when it's worked out. We'd love to be able to say yes to some of the reasonable AppleTV requests we get, but among other reasons we can't we don't support multicast on wireless. As a Meru shop, when you turn multicast off, it turns it all off - even between devices on the same AP, since we're using the individual BSSID feature. -debbie On Jul 12, 2012, at 9:51, Lee H Badman wrote: > Tim, > > I just loaded up Mountain Lion, can you explain what you mean or point to a doc that overviews the changes you are talking about? So far, my copy isn’t surprising me with anything unpleasant but then again I’ve spent a whole 15 minutes with it. No issues getting on 802.1x network. > > Thanks- > > Lee > > Lee H. Badman > Wireless/Network Engineer > Information Technology and Services > Adjunct Instructor, iSchool > Syracuse University > 315 443-3003 > > >