Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leveraging DEPNotify and Jamf Pro for Device Deployment

Jamf
October 25, 2018
Technology
1
940

Leveraging DEPNotify and Jamf Pro for Device Deployment

Presentation from JNUC 2018, the world's largest rally of Apple IT administrators.

Session:
Leveraging DEPNotify and Jamf Pro for Device Deployment

Presented by:
John Mahlman, The University of the Arts

View all session slides, recordings and more at https://www.jamf.com/events/jamf-nation-user-conference/2018/.

Jamf

October 25, 2018
Tweet

More Decks by Jamf

See All by Jamf
MDM for Everyone
jamf
0
83
Off-boarding in a Modern Deployment
jamf
0
430
Sharing Control to Improve Process and Relationships
jamf
0
31
Roll Your Own Configuration Profiles
jamf
0
370
Teaching the Teacher: Leveraging Jamf and Apple Resources for Professional Development with iPad
jamf
0
61
Jamf@SAP: Journey to 100,000 Mobile Devices
jamf
0
190
What's in the Blue Bin: Recycled Malware
jamf
0
190
Who's Afraid of the Command Line
jamf
0
150
Your Internal Beta Test Program: Opt-in/Opt-out via Self Service
jamf
0
120

Other Decks in Technology

See All in Technology
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
870
反実仮想機械学習とは何か
usaito
PRO
9
3.3k
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
250
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
200
ChatGPT for IT Service Management (IT Pro)
dahatake
7
1.5k
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
340
エンジニアのキャリアをちょっと楽しくする3本の軸/Three Pillars to Make an Engineer's Career More Enjoyable
kwappa
0
2.6k
ここが嬉しいABAC ここが辛いよABAC #再解説+補足編
masahirokawahara
1
270
サーバー間 GraphQL と webmock-graphql の話 / server-to-server graphql and webmock-graphql
qsona
2
180
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
4
4.7k
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
340

Featured

See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
Done Done
chrislema
178
15k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Practical Orchestrator
shlominoach
182
9.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
187
16k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
Navigating Team Friction
lara
178
13k
Designing for humans not robots
tammielis
248
25k
Embracing the Ebb and Flow
colly
80
4.1k
Facilitating Awesome Meetings
lara
42
5.6k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k

Transcript

  1. None

  2. © JAMF Software, LLC John Mahlman Network Systems Administrator The

    University of the Arts, Philadelphia • Over 10 years in Mac IT • Write bad code • Brew good beer • Play Tabletop Games • Love Philly sports teams Find me: @jmahlman (slack, git, jamfnation) Website: https://yearofthegeek.net

  3. © JAMF Software, LLC LDEPNAJPFDD Presentation agenda: • The recent

    past (Imaging) • What happened? It happened… • Options we considered • Find the process • What we built • What’s next?

  4. © JAMF Software, LLC UArts at a Glance • Approximately

    1,800 students • 6 Academic buildings • Over 200 “student-facing” public Macs • Offices, faculty/staff, Students (BYOD) — 97% Macs • Computers range from 2009-2018 models • On-Prem Jamf Pro since 2012 • Over 1,700 managed systems

  5. © JAMF Software, LLC Where did we start? Let’s go

    back in time a few years..er..months…weeks?

  6. © JAMF Software, LLC Imaging… (not too long ago) ~$

    sudo bless --netboot --nextonly --server bsdp://<server> ~$ sudo shutdown -r now

  7. © JAMF Software, LLC Imaging… (not too long ago) Send

    command or set policy… Go home… Have beverage!

  8. © JAMF Software, LLC Imaging… (not too long ago) Send

    command or Set policy…. Go home… Have beverage!

  9. © JAMF Software, LLC And then it happened… You all

    know what I’m talking about…

  10. © JAMF Software, LLC It happened “Apple doesn't recommend or

    support monolithic system imaging as an installation method, because the system image might not include model-specific information such as firmware updates.” Apple, https://support.apple.com/en-us/HT208020 (Obtained 8/7/18)

  11. © JAMF Software, LLC User-Approved Kernel Extension Loading (UAKEL, Ukulele)

  12. © JAMF Software, LLC User-Approved MDM (UAMDM)

  13. © JAMF Software, LLC Apple T2 chip/Secure Boot “Secure Boot

    offers three settings to make sure that your Mac always starts up from a legitimate, trusted Mac operating system…Full Security is the default Secure Boot setting…” Apple, https://support.apple.com/en-us/HT208330 (Obtained 8/7/18)

  14. © JAMF Software, LLC Is imaging dead? Let’s google!

  15. © JAMF Software, LLC

  16. © JAMF Software, LLC

  17. © JAMF Software, LLC

  18. © JAMF Software, LLC

  19. © JAMF Software, LLC ^ MOSTLY TM

  20. © JAMF Software, LLC So, what are we going to

    do? -Me, 2017

  21. © JAMF Software, LLC Option 1: Stay on 10.12 +

    Most of our software works fine on 10.12 + Our current workflow works fine - Security Updates will eventually stop - New Machines will come with 10.13 - Some Apple software already updated to 10.13 only Option 2: In-Place Upgrade + Quick process + No more imaging at all on public systems - Computers will have leftover bits from software - A lot more manual work than desired

  22. © JAMF Software, LLC Option 3: In-place Upgrade then image

    in future + Firmware is installed at upgrade + Workflows are already good + Same issues as Option 2 (leftovers, more work) - UAMDM will not automatically work - UAKEL will not work until we manually allow MDM (AV software, sound drivers, etc.)

  23. © JAMF Software, LLC Really, what are we going to

    do? -Also me, 2018

  24. © JAMF Software, LLC Apple School Manager Jamf Pro =

    Device Enrollment + Device Enrollment The Tools

  25. © JAMF Software, LLC SplashBuddy DEPNotify + Beautiful/Informative UI +

    Lots of functionality + Allowed User Input - More setup required - More info than we need + Highly-Customizable UI + Really Simple Setup - No User Input And then came Frederico Deis (@fgd) + User Input!

  26. © JAMF Software, LLC • Reads input echoed into log

    file • Input sets up UI and controls flow • All UI aspects are controllable echo "Command: MainTitle: New Mac Setup" >> $DNLOG echo "Command: Image: /var/tmp/your-logo.png” >> $DNLOG echo "Command: WindowStyle: NotMovable" >> $DNLOG echo "Command: ContinueButtonRegister: Begin" >> $DNLOG echo "Status: Please click the button below..." >> $DNLOG DEPNotify

  27. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  28. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  29. © JAMF Software, LLC Preparation… New Machines • Assign to

    MDM • Setup Prestage • Assign Devices
 to Prestage

  30. © JAMF Software, LLC Preparation… New Machines • Assign to

    MDM • Setup Prestage • Assign Devices
 to Prestage

  31. © JAMF Software, LLC Preparation… Existing Machines (APFS) • Package

    Installer • Script with ‘eraseinstall’ and ‘nointeraction’ flags • Make Policy #!/bin/bash /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/ startosinstall --applicationpath "/Applications/Install macOS High Sierra.app" --rebootdelay 30 --nointeraction $4 <—For additional flags!

  32. © JAMF Software, LLC Preparation… Existing Machines (HFS) • Internet

    Recovery!

  33. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  34. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  35. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  36. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deploy and Assign • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) • Rename machine and assign to user • Enter Asset Tag

  37. © JAMF Software, LLC The Process… Enrollment Trigger • Install

    DEPNotify • App Package • Logo • Provisioning Script Run Script to do things! • Install Software • Assign computer to user in Jamf Pro • Crete local account • Rename computer • Install updates

  38. © JAMF Software, LLC But…we ran into issues… • Ran

    behind the login window • Added a “wait for dock” loop • Ran before user was completely logged in • Added timer • Still was not running every time… • Launch Daemon!

  39. © JAMF Software, LLC The Process… Enrollment Trigger • Install

    DEPNotify • App Package • Logo • Launch Daemon • Deployment Script Launch Daemon runs Script • Install Software • Assign computer to user in Jamf • Crete local account • Rename computer • Install updates

  40. © JAMF Software, LLC DEPNotify Package

  41. © JAMF Software, LLC

  42. © JAMF Software, LLC DEPNotify Package

  43. © JAMF Software, LLC

  44. © JAMF Software, LLC Enrollment Policy

  45. © JAMF Software, LLC Enrollment Policy

  46. © JAMF Software, LLC The Process… Enrollment Trigger • Install

    DEPNotify • App Package • Logo • Launch Daemon • Deployment Script Launch Daemon runs Script • Install Software • Assign computer to user in Jamf • Crete local account • Rename computer • Install updates

  47. © JAMF Software, LLC

  48. © JAMF Software, LLC

  49. © JAMF Software, LLC

  50. © JAMF Software, LLC

  51. © JAMF Software, LLC

  52. © JAMF Software, LLC

  53. © JAMF Software, LLC

  54. © JAMF Software, LLC

  55. © JAMF Software, LLC

  56. © JAMF Software, LLC

  57. © JAMF Software, LLC

  58. © JAMF Software, LLC

  59. © JAMF Software, LLC

  60. © JAMF Software, LLC

  61. © JAMF Software, LLC

  62. © JAMF Software, LLC Can I automate this for labs,

    etc..? -Also also me, 2018

  63. © JAMF Software, LLC HECK YEAH! -Me, 3 months ago

    Neil Martin’s JNRS presentation: https://github.com/neilmartin83/Jamf-Nation-Roadshow-London-2018

  64. © JAMF Software, LLC Automate it, yo! Extension Attribute Auto-Login

    User Is this a known machine? Public Office/Checkout Find machine type Ask for Input Yes No Do the things!

  65. © JAMF Software, LLC DEPNotify Package - Automated

  66. © JAMF Software, LLC

  67. © JAMF Software, LLC

  68. © JAMF Software, LLC DEPNotify Package - Automated Thanks, MacUserGenerator!

    (https://github.com/ninxsoft/MacUserGenerator)

  69. © JAMF Software, LLC

  70. © JAMF Software, LLC

  71. © JAMF Software, LLC

  72. © JAMF Software, LLC

  73. © JAMF Software, LLC

  74. © JAMF Software, LLC

  75. © JAMF Software, LLC

  76. © JAMF Software, LLC

  77. © JAMF Software, LLC

  78. © JAMF Software, LLC

  79. © JAMF Software, LLC

  80. © JAMF Software, LLC

  81. © JAMF Software, LLC Why are there two processes?? -You,

    right now

  82. © JAMF Software, LLC

  83. © JAMF Software, LLC No… And that’s okay..right?

  84. © JAMF Software, LLC I’m not into scripting…any ideas? -You,

    right now…maybe?

  85. © JAMF Software, LLC https://github.com/jamfprofessionalservices/DEP-Notify

  86. © JAMF Software, LLC

  87. © JAMF Software, LLC The hopeful future! • Hope that

    Apple gives us a way to have 100% zero-touch • --eraseinstall flag • Skip Setup Assistant? • Better use of snapshots? • DEPNotify at login window • See what Jamf comes up with

  88. © JAMF Software, LLC Resources • My GitHub • https://github.com/jmahlman/uarts-scripts/tree/master/DEP%20Scripts

    • Updated process: https://github.com/jmahlman/DEPNotify-automated • DEPNotify • https://gitlab.com/Mactroll/DEPNotify • Neil Martin’s Presentation/Code from JNRS • https://github.com/neilmartin83/Jamf-Nation-Roadshow-London-2018 • Jamf Professional Services DEPNotify repo • https://github.com/jamfprofessionalservices/DEP-Notify

  89. © JAMF Software, LL THANK YOU!