Engineering for Exponential Growth with Jamf Pro

Transcript

1. None

2. © JAMF Software, LLC Christian Medina IT Support Engineer

3. © JAMF Software, LLC Engineering for Exponential Growth with Jamf

   Pro Presentation agenda: Challenges Engineering our infrastructure Re-enrolling the fleet Our environment today

4. © JAMF Software, LLC Challenges • Manual Mac & iPad

   configuration • Jamf Pro Server performance issues • No public access • FileVault in multi-user environment Inherited Jamf Pro Server posed the following problems:

5. © JAMF Software, LLC Rebuilding our infrastructure • Robust, scalable

   infrastructure • Public access • DEP/Jamf for zero-touch deployment • Reliable Self Service Goals

6. © JAMF Software, LLC Infrastructure • EC2 (Elastic Compute Cloud):

   Jamf Pro Server • ELB (Elastic Load Balancing) • RDS (Relational Database Service) • S3 bucket: distribution point Amazon Web Services

7. © JAMF Software, LLC Private Public EC2 EC2 S3 RDS

   ELB ELB

8. © JAMF Software, LLC Jamf Pro Servers (Private & Public)

   • Jamf Pro Server and required components • Clustered environment • Limited access to public server • AWS Route 53 for DNS EC2 + ELB

9. © JAMF Software, LLC Jamf Pro Database • Migrate database

   • Edit settings for new server • Edit configuration for scaling Amazon RDS (Relational Database Service)

10. © JAMF Software, LLC Jamf Pro Distribution Point • Previously

    used JDS on on-prem Mac mini • Publicly accessible S3 bucket • No effect on internal network Amazon S3 Bucket

11. © JAMF Software, LLC New Jamf Pro Server Configuration •

    Retail Macs • Retail iPads • Retail iPhones • Retail music iPods DEP MDM Servers & PreStage enrollment:

12. © JAMF Software, LLC New Jamf Pro Server Configuration •

    Period of two production instances • Server tokens unique to server • New VPP tokens for new server Apple Volume Purchase Program (VPP)

13. © JAMF Software, LLC Scaling for growth • Inventory updates

    only when necessary • Allocated more memory to Tomcat • Edited required config files • Two memcached servers Best practices and recommended configuration

14. © JAMF Software, LLC Re-enrolling the fleet • 943 iOS

    devices & 196 Macs • Scheduling for 63 stores • Documentation • Method Challenges

15. © JAMF Software, LLC Re-enrolling the fleet • Two Self

    Service policies for more control • User-initiated enrollment for non- DEP devices

16. © JAMF Software, LLC Re-enrolling the fleet • First policy:

    sudo rm -rf /var/db/ConfigurationProfiles/ • Second policy: QuickAdd package created using Recon Self Service Policies

17. © JAMF Software, LLC Zero-touch deployment • Device Enrollment Program

    • NoMAD & NoLoAD • FileVault challenges • Self Service Shipping devices directly to retail locations

18. © JAMF Software, LLC Device Enrollment Program Easy setup for

    end- users, enabling devices (macOS & iOS) to be shipped directly to retail locations.

19. © JAMF Software, LLC Enrollment Policies Simple script run at

    enrollment to call policies in specific order. More granular control over order of events at enrollment.

20. © JAMF Software, LLC NoMAD • Sync AD password to

    local account without binding • Keeps user’s local keychain and FV2 passwords in sync

21. © JAMF Software, LLC NoLoAD (NoMADLogin-AD) • Customized login window

    • AD login and just- in-time provisioning • Enable FileVault upon sign-in

22. © JAMF Software, LLC Self Service • Create policies by

    analyzing ticket trends • Building a culture of Self Service through user education

23. © JAMF Software, LLC Questions?

24. © JAMF Software, LL THANK YOU!