MDM for Linux
Posted by archiekane@reddit | linuxadmin | View on Reddit | 25 comments
Okay folks, Apple has Business Manager which is used to ultimately control their devices. You use a MDM server and can control them pretty much however you want within reason.
Windows now has Intune with Zero Touch Deployment, or Autopilot, to do the same thing. It makes the device register whenever Windows is installed.
What have we got for Linux that is remotely close? I know there is Chef/Puppet/Ansible but is there MDM yet?
scorp123_CH@reddit
At my previous employer the folks in charge of end-user device management were experimenting with these:
https://www.manageengine.com/products/desktop-central/
https://www.ninjaone.com/rmm/
Fun-Complex862@reddit
Used both products here are my two cents:
- Manage Engine Desktop Central: Only supports package deployment and patch mgmt not True MDM, in the sense like you can't get device location or remote wipe which is crucial when users are all over the world.
btw: We're using both the products at the moment.
DerryHuin@reddit
Yep NinjaOne Linux support is incomplete, the patch management is not fully functional yet.
Lagkiller@reddit
I cannot stress enough that Manage Engine is terrible and their support is non-existent. It's more of a problem than a solution itself.
scorp123_CH@reddit
Interesting. Thank you for your input.
ashwanipaliwal@reddit
SecOps Solution (https://secopsolution.com) might be a good fit. It’s cost-effective, covers vulnerability and patch management, custom scripts, and software deployment without any minimum device requirements.
angelokh@reddit
I recommend trying out Swif.ai. Swif supports software deployment with Package Manager Type - APT, DNF, FlATPAK, PACMAN, RPM, SNAP, YUM, ZYPPER, and management of all distributions.
Dangerous_Question15@reddit
SureMDM supports Linux management, including OS Patch management, full remote control, kiosk mode, and remote terminal access. With remote scripting one can execute virtually any bash script.
_BoNgRiPPeR_420@reddit
Intune can manage linux machines. We have a few developers running Ubuntu on their laptops and we have them joined.
deltashmelta@reddit
Out of curiosity, what sorts of things are you doing with the scripts?
Checking for certain packages, automatic unattended updates, host naming, etc?
Working-Doctor-1428@reddit
I have been using Apptec360 for over a year now, and I must say, it has made my job as an IT administrator much easier. The user interface is intuitive, and I can easily manage all the devices in our organization from one central dashboard. The remote-wipe feature has been a lifesaver in case a device is lost or stolen.
National_Display_874@reddit
Yes, SureMDM for Linux has these device management capabilities, you can sign up for trial and explore application management, OS update, device configuration, shell scripting and more
https://www.42gears.com/products/mobile-device-management/linux-device-management/
Rohit_survase01@reddit
Scalefusion is a notable solution that offers comprehensive device management for Linux. Scalefusion's Linux MDM supports device enrollment, policy management, application management, remote commands, and security enforcement, making it a robust choice for managing Linux devices.
marcovanbeek@reddit
It’s at the other end of the scale, but we use CFEngine to manage the settings on all of our servers. It’s a lot of programming and it’s not the easiest thing to learn, and it is entirely based on your own scripts, but we have been using it for 20 years now and it is brilliant.
HeadlessChild@reddit
We use CFEngine as well. For both servers (~1500) and laptops/desktops (~1000), running a mix of Debian and Ubuntu. It's been working quite well.
craigmontHunter@reddit
We’re bringing CFEngine online for our endpoints, we needed the agent for systems on VPN to phone home. So far I’m really liking it, there is a learning curve but it is really powerful.
Dolapevich@reddit
There is RedHat cockpit
sits-biz@reddit
Opsi?
justmirsk@reddit
We use Automox for this to a degree. We build out Worklets that evaluate endpoints based on our evaluation code (Bash scripts). If evaluation code exits with 0, device is compliant with that worklet. If the code exits with 1, device is not compliant with that policy, then remediation code is run per the policy schedule.
Most of our eval code is fairly basic, it checks for specific software, validates it is running etc. We have some patching policies for specific items too, such as NodeJS patching that automates updates to the latest minor version in an LTS major version etc.
If you can script the detection and the fix, you can use Automox to automate the remediation and report on the compliance of the worklets/policies and patching status.
Iseeapool@reddit
Saltstack can do that, and windows and probably apple.
UsedToLikeThisStuff@reddit
https://fleetdm.com/ might be what you need. It just can push shell scripts but I’ve used it to call out to Ansible.
encbladexp@reddit
Intune is also available for Linux, not great, but available.
UsedToLikeThisStuff@reddit
So far it only supports Ubuntu, by my testing.
dowcet@reddit
I guess Jumpcloud doesn't quite do what you need?
mcstooger@reddit
Some suggestions from https://www.reddit.com/r/sysadmin/comments/d6g488/mdm_for_linux_devices/