Overall Satisfaction with Fleetsmith
Fleetsmith solves two problems for me: first, I want to spend a minimum of time tinkering with the configuration of my own workstation, and second, I support relatively nontechnical users who have even less
patience for tinkering.
patience for tinkering.
- Fleetsmith does a great job of being unobtrusive on managed devices. After initial deployment, one might never know it’s there except when it prompts to enforce a software update.
- Fleetsmith has sensible defaults and relatively few decisions for the administrator to make; for most applications and configurations, it’s sufficient to enforce a minimum version. For more complex use cases, I suggest falling back on Fleetsmith’s ability to install tools such as Puppet and run arbitrary shell commands.
- I’ve seen Fleetsmith be unable to achieve its desired configuration, but not communicate the problem clearly. For example, when I first enforced FileVault encryption via Fleetsmith, the device showed FileVault encryption as “Enabled, but not enforced”. After talking with Fleetsmith technical support, I found that the underlying issue was that Fleetsmith had not been able to escrow the encryption key because encryption had been manually applied before Fleetsmith was installed; technical support staff suggested that I resolve this situation by manually disabling encryption and then allowing Fleetsmith to reenable it. This solution was acceptable for me, a relatively technical user, but would have been a nonstarter for a nontechnical user.
- It’s difficult for me to determine what exactly the Fleetsmith agent is doing on a managed device. When I enforce a change via Fleetsmith and then notice that the change has not been made on the device, it’s difficult for me to tell whether a) the agent tried to make the change but was unable or b) the agent hasn’t yet tried to make the change.
Initial setup was very smooth, onboarding macOS devices was slick and easy (onboarding iOS devices required a wipe and reinstall, so that was a nonstarter). The administrative web interface is easy to get into but a bit difficult to navigate; profile inheritance, in particular, is not intuitive to me.
My initial attempts to contact support received well-meaning but somewhat generic answers; I had to persist for a while before I eventually got a response from a Fleetsmith engineer who could provide a detailed rationale for some of the behavior I saw. On the other hand, I’m delighted that I was able to talk to an engineer at all!
Jamf seems much more dependent upon a dedicated IT staff to configure and support it; I chose Fleetsmith because to a much greater extent it “just works” out of the box. To my mind, the value proposition is that it comes as close as possible to eliminate the need for IT staff where fleet management is concerned.
My sense is that Fleetsmith is a good fit for use cases where the organization is already invested in G Suite as a directory service, and where best-effort configuration management is acceptable. I don’t know that I would trust Fleetsmith in an environment where strict compliance was of paramount importance; Fleetsmith’s design seems to be to choose to “fail open” rather than “fail closed”.