Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Leveraging DEPNotify and Jamf Pro for Device De...

Jamf
October 25, 2018
Technology
1
1k

Leveraging DEPNotify and Jamf Pro for Device Deployment

Presentation from JNUC 2018, the world's largest rally of Apple IT administrators.

Session:
Leveraging DEPNotify and Jamf Pro for Device Deployment

Presented by:
John Mahlman, The University of the Arts

View all session slides, recordings and more at https://www.jamf.com/events/jamf-nation-user-conference/2018/.

Jamf

October 25, 2018
Tweet

More Decks by Jamf

See All by Jamf
MDM for Everyone
jamf
0
96
Off-boarding in a Modern Deployment
jamf
0
510
Sharing Control to Improve Process and Relationships
jamf
0
44
Roll Your Own Configuration Profiles
jamf
0
410
Teaching the Teacher: Leveraging Jamf and Apple Resources for Professional Development with iPad
jamf
0
73
Jamf@SAP: Journey to 100,000 Mobile Devices
jamf
0
200
What's in the Blue Bin: Recycled Malware
jamf
0
240
Who's Afraid of the Command Line
jamf
0
220
Your Internal Beta Test Program: Opt-in/Opt-out via Self Service
jamf
0
130

Other Decks in Technology

See All in Technology
dev 補講: プロダクトセキュリティ / Product security overview
wa6sn
1
2.3k
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
Engineer Career Talk
lycorp_recruit_jp
0
120
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
EventHub Startup CTO of the year 2024 ピッチ資料
eventhub
0
110
ハイパーパラメータチューニングって何をしているの
toridori_dev
0
140
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
2
580
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
160
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210

Featured

See All Featured
Scaling GitHub
holman
458
140k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
Code Review Best Practice
trishagee
64
17k
For a Future-Friendly Web
brad_frost
175
9.4k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Art, The Web, and Tiny UX
lynnandtonic
297
20k

Transcript

  1. None

  2. © JAMF Software, LLC John Mahlman Network Systems Administrator The

    University of the Arts, Philadelphia • Over 10 years in Mac IT • Write bad code • Brew good beer • Play Tabletop Games • Love Philly sports teams Find me: @jmahlman (slack, git, jamfnation) Website: https://yearofthegeek.net

  3. © JAMF Software, LLC LDEPNAJPFDD Presentation agenda: • The recent

    past (Imaging) • What happened? It happened… • Options we considered • Find the process • What we built • What’s next?

  4. © JAMF Software, LLC UArts at a Glance • Approximately

    1,800 students • 6 Academic buildings • Over 200 “student-facing” public Macs • Offices, faculty/staff, Students (BYOD) — 97% Macs • Computers range from 2009-2018 models • On-Prem Jamf Pro since 2012 • Over 1,700 managed systems

  5. © JAMF Software, LLC Where did we start? Let’s go

    back in time a few years..er..months…weeks?

  6. © JAMF Software, LLC Imaging… (not too long ago) ~$

    sudo bless --netboot --nextonly --server bsdp://<server> ~$ sudo shutdown -r now

  7. © JAMF Software, LLC Imaging… (not too long ago) Send

    command or set policy… Go home… Have beverage!

  8. © JAMF Software, LLC Imaging… (not too long ago) Send

    command or Set policy…. Go home… Have beverage!

  9. © JAMF Software, LLC And then it happened… You all

    know what I’m talking about…

  10. © JAMF Software, LLC It happened “Apple doesn't recommend or

    support monolithic system imaging as an installation method, because the system image might not include model-specific information such as firmware updates.” Apple, https://support.apple.com/en-us/HT208020 (Obtained 8/7/18)

  11. © JAMF Software, LLC User-Approved Kernel Extension Loading (UAKEL, Ukulele)

  12. © JAMF Software, LLC User-Approved MDM (UAMDM)

  13. © JAMF Software, LLC Apple T2 chip/Secure Boot “Secure Boot

    offers three settings to make sure that your Mac always starts up from a legitimate, trusted Mac operating system…Full Security is the default Secure Boot setting…” Apple, https://support.apple.com/en-us/HT208330 (Obtained 8/7/18)

  14. © JAMF Software, LLC Is imaging dead? Let’s google!

  15. © JAMF Software, LLC

  16. © JAMF Software, LLC

  17. © JAMF Software, LLC

  18. © JAMF Software, LLC

  19. © JAMF Software, LLC ^ MOSTLY TM

  20. © JAMF Software, LLC So, what are we going to

    do? -Me, 2017

  21. © JAMF Software, LLC Option 1: Stay on 10.12 +

    Most of our software works fine on 10.12 + Our current workflow works fine - Security Updates will eventually stop - New Machines will come with 10.13 - Some Apple software already updated to 10.13 only Option 2: In-Place Upgrade + Quick process + No more imaging at all on public systems - Computers will have leftover bits from software - A lot more manual work than desired

  22. © JAMF Software, LLC Option 3: In-place Upgrade then image

    in future + Firmware is installed at upgrade + Workflows are already good + Same issues as Option 2 (leftovers, more work) - UAMDM will not automatically work - UAKEL will not work until we manually allow MDM (AV software, sound drivers, etc.)

  23. © JAMF Software, LLC Really, what are we going to

    do? -Also me, 2018

  24. © JAMF Software, LLC Apple School Manager Jamf Pro =

    Device Enrollment + Device Enrollment The Tools

  25. © JAMF Software, LLC SplashBuddy DEPNotify + Beautiful/Informative UI +

    Lots of functionality + Allowed User Input - More setup required - More info than we need + Highly-Customizable UI + Really Simple Setup - No User Input And then came Frederico Deis (@fgd) + User Input!

  26. © JAMF Software, LLC • Reads input echoed into log

    file • Input sets up UI and controls flow • All UI aspects are controllable echo "Command: MainTitle: New Mac Setup" >> $DNLOG echo "Command: Image: /var/tmp/your-logo.png” >> $DNLOG echo "Command: WindowStyle: NotMovable" >> $DNLOG echo "Command: ContinueButtonRegister: Begin" >> $DNLOG echo "Status: Please click the button below..." >> $DNLOG DEPNotify

  27. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  28. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  29. © JAMF Software, LLC Preparation… New Machines • Assign to

    MDM • Setup Prestage • Assign Devices
 to Prestage

  30. © JAMF Software, LLC Preparation… New Machines • Assign to

    MDM • Setup Prestage • Assign Devices
 to Prestage

  31. © JAMF Software, LLC Preparation… Existing Machines (APFS) • Package

    Installer • Script with ‘eraseinstall’ and ‘nointeraction’ flags • Make Policy #!/bin/bash /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/ startosinstall --applicationpath "/Applications/Install macOS High Sierra.app" --rebootdelay 30 --nointeraction $4 <—For additional flags!

  32. © JAMF Software, LLC Preparation… Existing Machines (HFS) • Internet

    Recovery!

  33. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  34. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  35. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deployment • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) Assignment • Rename machine and assign to user • Enter Asset Tag • Give to user • Enjoy a drink

  36. © JAMF Software, LLC The Process… Preparation • New machines

    get added to DEP then assigned to jamf • Old machines get wiped via internet recovery or policy Deploy and Assign • Boot machines to Setup Assistant • Install Mobile Config • Install software based on cohort (machine type) • Rename machine and assign to user • Enter Asset Tag

  37. © JAMF Software, LLC The Process… Enrollment Trigger • Install

    DEPNotify • App Package • Logo • Provisioning Script Run Script to do things! • Install Software • Assign computer to user in Jamf Pro • Crete local account • Rename computer • Install updates

  38. © JAMF Software, LLC But…we ran into issues… • Ran

    behind the login window • Added a “wait for dock” loop • Ran before user was completely logged in • Added timer • Still was not running every time… • Launch Daemon!

  39. © JAMF Software, LLC The Process… Enrollment Trigger • Install

    DEPNotify • App Package • Logo • Launch Daemon • Deployment Script Launch Daemon runs Script • Install Software • Assign computer to user in Jamf • Crete local account • Rename computer • Install updates

  40. © JAMF Software, LLC DEPNotify Package

  41. © JAMF Software, LLC

  42. © JAMF Software, LLC DEPNotify Package

  43. © JAMF Software, LLC

  44. © JAMF Software, LLC Enrollment Policy

  45. © JAMF Software, LLC Enrollment Policy

  46. © JAMF Software, LLC The Process… Enrollment Trigger • Install

    DEPNotify • App Package • Logo • Launch Daemon • Deployment Script Launch Daemon runs Script • Install Software • Assign computer to user in Jamf • Crete local account • Rename computer • Install updates

  47. © JAMF Software, LLC

  48. © JAMF Software, LLC

  49. © JAMF Software, LLC

  50. © JAMF Software, LLC

  51. © JAMF Software, LLC

  52. © JAMF Software, LLC

  53. © JAMF Software, LLC

  54. © JAMF Software, LLC

  55. © JAMF Software, LLC

  56. © JAMF Software, LLC

  57. © JAMF Software, LLC

  58. © JAMF Software, LLC

  59. © JAMF Software, LLC

  60. © JAMF Software, LLC

  61. © JAMF Software, LLC

  62. © JAMF Software, LLC Can I automate this for labs,

    etc..? -Also also me, 2018

  63. © JAMF Software, LLC HECK YEAH! -Me, 3 months ago

    Neil Martin’s JNRS presentation: https://github.com/neilmartin83/Jamf-Nation-Roadshow-London-2018

  64. © JAMF Software, LLC Automate it, yo! Extension Attribute Auto-Login

    User Is this a known machine? Public Office/Checkout Find machine type Ask for Input Yes No Do the things!

  65. © JAMF Software, LLC DEPNotify Package - Automated

  66. © JAMF Software, LLC

  67. © JAMF Software, LLC

  68. © JAMF Software, LLC DEPNotify Package - Automated Thanks, MacUserGenerator!

    (https://github.com/ninxsoft/MacUserGenerator)

  69. © JAMF Software, LLC

  70. © JAMF Software, LLC

  71. © JAMF Software, LLC

  72. © JAMF Software, LLC

  73. © JAMF Software, LLC

  74. © JAMF Software, LLC

  75. © JAMF Software, LLC

  76. © JAMF Software, LLC

  77. © JAMF Software, LLC

  78. © JAMF Software, LLC

  79. © JAMF Software, LLC

  80. © JAMF Software, LLC

  81. © JAMF Software, LLC Why are there two processes?? -You,

    right now

  82. © JAMF Software, LLC

  83. © JAMF Software, LLC No… And that’s okay..right?

  84. © JAMF Software, LLC I’m not into scripting…any ideas? -You,

    right now…maybe?

  85. © JAMF Software, LLC https://github.com/jamfprofessionalservices/DEP-Notify

  86. © JAMF Software, LLC

  87. © JAMF Software, LLC The hopeful future! • Hope that

    Apple gives us a way to have 100% zero-touch • --eraseinstall flag • Skip Setup Assistant? • Better use of snapshots? • DEPNotify at login window • See what Jamf comes up with

  88. © JAMF Software, LLC Resources • My GitHub • https://github.com/jmahlman/uarts-scripts/tree/master/DEP%20Scripts

    • Updated process: https://github.com/jmahlman/DEPNotify-automated • DEPNotify • https://gitlab.com/Mactroll/DEPNotify • Neil Martin’s Presentation/Code from JNRS • https://github.com/neilmartin83/Jamf-Nation-Roadshow-London-2018 • Jamf Professional Services DEPNotify repo • https://github.com/jamfprofessionalservices/DEP-Notify

  89. © JAMF Software, LL THANK YOU!