For an operating system to be successful in an enterprise environment, it needs to be easily managed. System administrators don’t want to spend a lot of time tweaking each new system on their network by hand, and users want the computers they use every day to work reliably and predictably. This means administrators need to be able to manage applications and updates behind-the-scenes without interrupting users’ work.
All major operating systems, from Windows to OS X to iOS to Android, are all fully customizable and manageable using either first- or third-party tools. Google’s Chrome OS is no exception. As part of our ongoing check-in with the revamped operating system and new, more robust Chrome hardware, today we’ll be spending some time with the Chrome OS management console, looking at whether it makes Chrome OS a viable choice for businesses.
To get some background on the management console’s development and features, we spoke to Glenn Wilson, a product manager on the Chrome OS team who has also worked on the Chrome browser’s enterprise features.
Wilson explained that while there were relatively few settings to be managed on Chrome OS compared to a more traditional operating system like Windows, the Chrome team wanted to enable “zero-touch” Chromebook deployment in enterprises. The goal was that employees could buy a Chromebook themselves, log in with their Google Apps credentials, and automatically have all of the settings, security certificates, VPN configurations, and extensions required for their workplaces.
In Windows, this normally necessitates some combination of a customized operating system image, Group Policies managed by an Active Directory server, and some post-imaging customization of the computer, whether done automatically or manually. In Chrome OS, the solution to this problem is the Chrome OS management console.
“The management console is actually just an extension to the Google Apps control panel where you can set your settings for your Chrome OS devices,” Wilson told Ars. “Those settings will apply to either devices that are specifically registered with your domain or to your users on any device anywhere. Regardless of how the user got it, regardless of whether it’s the organization’s device or not, there’s still a way for an administrator to get the settings to users that they need to do their jobs.”
These seamless management features are Google’s way of increasing compliance with any security policies in a business while also combating the “bring your own device” phenomenon—when an employee buys a laptop or iPad and wants to use it at work, businesses often have a set of best practices for employees to follow, but generally can’t configure and lock down those devices to the same extent as their company-owned devices. With the Chrome OS management console, administrators and users can both be happy, in theory.
Like Chrome OS itself, Wilson noted that the management console is still a work in progress and under continuous development. For example: while extensions and Chrome Web Apps can be pushed to configured machines currently (and in-house apps can also be side-loaded from a company’s servers without going through Google’s storefront), the ability to manage settings for these extensions is still in development. As new features are rolled out in Chrome OS, you can expect controls for those features to be added to the management console.
The management console itself is accessed from the Google Apps control panel for your account, and it’s only available if you’ve paid the $150-per-device management and support fee (or $30-per-device for education customers), though Google provided us with a seat for testing. Any of your Google Apps accounts with access to the “Settings” tab of your control panel can adjust the settings for Chrome OS (the “Services Admin” role can give out those permissions) and enroll devices on your Google Apps domain.
The management console for Chrome OS is reasonably straightforward, and you can find a detailed description of manageable settings and descriptions of those settings on Google’s support page (though we’ll also dive into many of the most important ones here). Most settings are under the “Org Settings” tab. Here you can set the screen lock policy, configure homepage settings and blacklisted URLs, and control whether systems will save browsing history and passwords. You can also block or allow certain plug-ins, browser extensions, and content types. You can even push out defined browser extensions and apps to users either from the Chrome Web Store or by side-loading them from your own server (Metro apps can be managed much the same way on Windows 8 machines). Settings applied at the top level of your organization apply to all of your users, but you can also augment or replace these with different settings for subgroups of users defined in the “Organization Users” tab of the Apps control panel.