Chef Blogs

What’s in an endpoint? Managing laptops with Chef

Alan Baptista | Posted on | Chef Automate | Chef Habitat | Chef Infra | Chef InSpec

For over 11 years Chef customers and community have trusted us to manage their infrastructure and servers, so it should be no surprise that you can also manage desktops and laptops just as effectively by using Chef Effortless Infrastructure Suite.

Chef on Chef for desktop (or laptop) management

Chef itself has transitioned to using our own solutions to manage our Windows, Mac and Linux desktops or laptops because we found that what we were using wasn’t quite as robust as we needed them to be. 

After a few iterations of managing our systems with common system management tools, like JAMF, we discovered that we had issues we had to overcome. We explored using our own Chef tools to manage our endpoints (laptops and desktops). 

When implementing our screensaver policies with a required password, instead of impeding our users from getting near any of the screensaver settings we have the flexibility to implement the corporate standard policy while allowing for configuration of many other system preferences for each user profile. In essence, things that had been previously blocked can now be fine-tuned by each user profile. 

We chose to use Chef to manage our laptop/desktop endpoints for a myriad of reasons, but most importantly we wanted to “drink our own champagne” which allowed us to have:

  • More flexibility and fine-grained control for things like being able to set up the screensaver for 20 minutes, but not block out the rest of the UI.
  • Broader OS coverage under one solution to be able to manage Windows, OSx and Linux desktops or laptops all with one set of tools.
  • Continuous compliance management to quickly update systems, verify their occurrence, and confirm the desktop or laptop remains compliant.  
  • Quick management process and automatic configuration without having the employee stare at a screen, and not be able to work for several minutes. 

How others use Chef to manage laptops/desktops

This use case of treating laptops or desktops as any other endpoint, allowing Chef to manage a server on-premise or in the cloud, is not an exclusive one. We’ve had others join us and adopted Chef Infra to configure, Chef InSpec to validate compliance and Chef Automate to visualize and manage their laptop/desktop real estate.

Slack, Facebook, and Chef’s IT platform managers shared their experiences of using Chef Infra and Chef InSpec for managing their laptops and desktops during a ChefConf 2018 session you can check out here

Slack uses Chef Infra to manage their Windows, Linux and Mac laptops, while leveraging Chef InSpec to check for laptop and desktop compliance. 

Facebook manages thousands of client endpoints (laptops, desktops, and workstations) with Chef. They chose this solution because of the flexibility it allows them to set a corporate-wide base configuration and customize by departments while still allowing for individual-level special configuration allowances. Facebook has gracefully shared their Chef Cookbooks with the community here

What’s next

As you can see Chef can be so much more than a configuration and compliance validation tool for your large scale data centers or cloud resources.  We can help automate the infrastructure configuration, update management, and continuous compliance of your laptop/desktop estate, helping your organization maintain consistent configuration and compliance standards across your enterprise.

You should contact your Chef account team or reach out to one of our Business Development Representatives at sales-dev@chef.io to get more information.