My name is Michal Moravec and I specialize in managing Apple devices within a corporate setting. My professional portfolio also encompasses skills in Linux-based infrastructure, identity management, network infrastructure, and software development.
It all started back in 1997 when my father acquired a second PowerBook 540 to replace the broken screen on his original one. Luckily, the screenless PowerBook was still operational, and with the help of a 12-inch Apple CRT monitor my father repaired, I ended up with a computer I could play Asterax and Marathon on 😉. I grew up as a Macintosh kid, learning how to use the classic MacOS systems, quickly evolving into a teenage Apple fan mesmerized by Mac OS X.
A pivotal moment in my life occurred when I chose to pursue studies at the Faculty of Information Technology (FIT) at Czech Technical University in Prague. This decision transformed me from an advanced user into the IT engineer I am today. The Apple Lab project, which formed the basis of both my bachelor’s and master’s theses, marked a significant shift in my perspective. I moved on from tinkering with a single Mac and started considering how to manage tens, hundreds, or even thousands of devices. The choice of the study program led me to also focus on Linux infrastructure and networks. The invaluable education and experiences gained at FIT have greatly influenced my subsequent professional journey.
Presently, I am employed at Epidemic Sound, located in Stockholm. The relocation to Sweden marked a significant change, yet I do enjoy life here very much. I have been helping Epidemic to build strong internal IT by leveraging my expertise in MDM and IAM systems.
Contact and links
- LinkedIn: Michal Moravec
- GitHub: MichalMMac
- Twitter: @MichalMMac
- E-mail: michal.moravec@<domain of this website>
My current life
- Slowly learning Swedish 🇸🇪
- Building a SCIM bridge in Python for one of the prominent SaaS apps, which does not bother with natively supporting it 😉
Work history
Epidemic Sound AB (2021 – Present)
The role of IT Systems Engineer encompasses numerous responsibilities. Not only do I oversee several critical systems, but I also collaborate with various stakeholders throughout the company, coordinate with multiple vendors, and offer vital support to several other teams.
Responsibilities:
- MDM System Ownership: I personally handled the migration of our Apple devices from Workspace ONE to Kandji. Additionally, we manage Windows devices.
- IAM System Ownership: We continually integrate new SaaS solutions with our IdP, Okta. I’ve implemented an Infrastructure as Code approach to manage our IAM infrastructure using Terraform.
- Process Automation: Utilizing Okta Workflows, we have implemented various automation tasks between systems.
- Cisco Meraki Office Network Infrastructure Ownership: I am responsible for the management of the Cisco Meraki office network infrastructure.
- Onboarding and Training: I have onboarded several new colleagues and provided training support for our support staff.
Logicworks, s.r.o. (2016 – 2021)
I worked as an Apple System Administrator, assisting business customers with the management of Apple devices. Additionally, I was responsible for building the internal IT infrastructure from scratch.
Responsibilities:
- Analysis, implementation and management of MDM solutions for clients. VMware Workspace One, SimpleMDM, Jamf Pro, Intune and Profile Manager.
- Volume management of Apple devices using open-source tools such as Munki, MunkiReport, AutoPkg, munki-pkg, custom DEP, Snipe-IT, and more.
- Leading a small team responsible for the design, implementation, and management of the new Logicworks IT infrastructure, encompassing physical servers, Debian Linux, virtualization, containers, high availability, web hosting, mail server, LDAP server, automated certificate authority, RADIUS, monitoring, backup, firewall, IPSec, databases, identity management, inventory, wiki, documentation, password management, and file sharing.
- Automation and scripting: System management leveraging Ansible configuration management and Git SCM, along with the creation of tools in Python, shell scripts, and JavaScript.
- Deployment of a distributed monitoring system for client networks utilizing Icinga 2, influxDB, and Grafana.
- Design and management of internal Wi-Fi and Ethernet networks employing 802.1X authentication and dynamically assigned VLANs.
- Colleague training focused on macOS and network management.
- Presentation and training sessions on Apple platform management for customers.
More details on the Logicworks project page.
Faculty of Information Technology, CTU in Prague (2014 – 2021)
I was responsible for the management of an Apple Laboratory classroom designed for the development of mobile applications.
Responsibilities:
- Supporting the solution for deploying and simultaneously operating macOS, Linux, and Windows on Mac mini computers
- Integrating macOS with existing systems, such as network accounts (LDAP, Active Directory), network home directories (NFS, Samba), system image deployment (PXE, multicast), and monitoring (Nagios).
- Managing macOS using DeployStudio, Profile Manager, Munki, and Ansible.
- Operating a virtualized environment for classroom management and deployment testing (virtualized macOS in VMware ESXi).
More details on the AppleLab project page.
Abuco ICT, s.r.o. (2015 – 2018)
I designed and implemented a system for remotely managing macOS devices for our customers. Additionally, I regularly visited customers’ offices to provide support to users.
Responsibilities:
- Remote management of Macs using Munki, Reposado, AutoPkg, MunkiReport, and DeployStudio.
- Integration of macOS clients with the SafeQ print system.
- On-site end user support.
More details on the Abuco project page.
Quentin, spol s.r.o. (2014 – 2018)
The collaboration with Quentin seamlessly extended from my role at the Qstore. As an external consultant, I contributed expertise to tackle the more intricate customer requirements.
Responsibilities:
- Deployment of iPads and Apple TV in hotels.
- Integration of macOS clients with Active Directory.
- OS X Server administration.
- Development of automation tools in AppleScript.
More details on the Quentin project page.
Qstore (2011 – 2014)
During the first part of my university studies, I earned extra money thanks to a part-time job at the Apple Premium Reseller Qstore.
Responsibilities:
- Identifying customer needs and finding suitable Apple solutions for them.
- Resolving customer issues.
- Providing training on using Apple products and services to individuals.
Capabilities
Through my job, I’ve gained proficiency in utilizing a diverse array of technologies and tools.
Human skills:
- Languages:
- Czech (native)
- English (B2)
- Swedish (Beginner)
- Learning new things
- Independence, reliability and responsibility
- Small team management
- Preparation and management of training
- Presentations
- Creating technical documentation
- Transport: Driving license type B
- Writing bugreports 🙂
Apple device management solutions and tools:
- MDM solutions:
- Kandji
- VMware Workspace ONE UEM
- Jamf Pro
- Mosyle Business
- Simple MDM
- Microsoft Intune
- macOS management tools: Munki, MunkiReport, AutoPkg, NoMAD, MDS, installapplications, DEPNotify, Octory
- Apple tools:
- Apple Business Manager and Apple School Manager
- Apple Configurator
- Apple Remote Desktop
- Content Caching service.
- Creating signed and notarized macOS installation packages: munki-pkg,
pkgbuild
/productbuild
and Packages
Programming languages:
- I actively use Python, shell and Swift
- In the past I used AppleScript, C, C++, JAVA, JavaScript and Ruby
- I briefly worked with code in Perl and PHP
IAM and directory services:
- Modern Identity Management:
- Okta
- Google Workspace
- Azure Active Directory
- VMware WorkspaceONE Access
- Directory systems:
Servers, systems and services:
- Cloud Infrastructure: Google Cloud Platform
- Databases: MariaDB, PostreSQL, Redis
- Inventory and documentation: Snipe-IT, Wiki.js
- Network:
- AAA: FreeRADIUS
- DNS: bind9
- Failover: keepalived
- Firewall: nftables, iptables
- VPN: strongSwan, OpenVPN
- File:
- Mail: dovecot, postfix, amavis, SpamAssassin, ClamAV, exim
- Monitoring: Icinga2, influxDB, Grafana, Nagios
- PKI:
- CA: OpenXPKI
- Protocols: SCEP, EST, CRL
- Virtualization and Containerization:
- Docker
- LXC
- QEMU/KVM
- VMware ESXi (Not Linux! :-))
- Web: Apache, PHP-FPM
Networks
- Concepts: Routing, Switching, VLAN, VPN
- Documentation: NetBox
- Protocols: IPv4, IPv6, 802.1X, IPSec, IKEv2, SNMP
- Solutions: Cisco Meraki
General skills
- Config management is the way I like to manage infrastructure:
- I use git version control on daily basis. I collaborate on GitHub and GitLab
- I documented many projects in Confluence, Miro and Nuclino
- I have been involved with management of SaaS apps such as:
- 1Password
- Docker Hub
- Google Workspace
- Gandi
- Slack
Education
Master’s degree
- School: Faculty of Information Technology, CTU in Prague
- Years of study: 2013 – 2016
- Field: Computer systems and networks
- Diploma thesis: Operation of Apple laboratory for FIT CTU
Bachelor’s degree
- School: Faculty of Information Technology, CTU in Prague
- Years of study: 2010 – 2013
- Field: Information technology
- Bachelor thesis: Case study of Apple classroom at CTU FIT
Other activities
Open source
In addition to bug reports and requests for improvements, I actively contribute to open source projects. I also created some custom tools.
- InstallApplications Swiftly. Swift replacement for Python based InstallApplications.
- wso-munki-manifest-sync program for synchronizing device groups between VMware Workspace ONE UEM and Munki (Logicworks).
- Refactoring of AutoPkg processors for downloading data from URLs and creating a new URLGetter processor providing basic functions. Improvements to others processors and new unit tests.
- Support for notarization of signed installation packages tp munki-pkg.
- Repository with recipes for AutoPkg. Contributions to other repositories within the autopkg GitHub organization.
- Monitoring scripts for Icinga 2 (Logicworks).
- New function for API library PyVMwareAirWatch.
- Minor contributions to Icinga 2, Mac Ports, OpenXPKI and installapplications projects.
- Script for running scripts using launchd.
- Script for bulk conversion of subtitle encoding.
Certifications and courses
- Apple Certified Technical Coordinator (ACTC): 10.8, 10.9
- Apple Certified Support Professional (ACSP): 10.7, 10.8, 10.9, 10.15
- Apple Certified Associate (ACA) – Mac Management: 10.8, 10.9, 10.10
- Apple Certified Associate (ACA) – Mac Integration: 10.8, 10.9, 10.11, 10.12, 10.13
- Cisco CCNA 1-4
- MikroTik Certified Network Associate
- VMware Certified Professional – Digital Workspace 2021
SuperApple (2012 – 2017)
Together with Petr Škuta, we wrote many articles for SuperApple magazine. Every two months, readers could anticipate new reviews of currently released games for macOS and iOS. Moreover, we were entrusted with curating the main feature for the July-August 2013 issue.
MacForum.cz
Since its inception in 2012, I’ve been an active contributor to the MacForum.cz community forum. From 2014 onward, I’ve taken on moderation duties for select sections of the forum. While I was once among the most engaged members, the repetition of answering similar questions became tiresome over time. Consequently, my visits to the forum have become more sporadic in the last couple of years.
Volunteer at iCON Prague
I volunteered at the iCON Prague festivals in both 2013 and 2014, assuming the role of “iCON professor”. In this capacity, I fielded complex technical inquiries from visitors regarding Apple platforms.
At the 2014 and 2015 iCON events, attendees had the opportunity to explore the “Mac Gaming Station,” where my colleague Petr Škuta from SuperApple and I showcased gaming on Macs. This endeavor also involved collaboration with porting companies Feral Interactive and Aspyr Media, who generously supplied us with copies of games for presentation and competitions.