I'm trying to document the communications flow between Casper, APNs, and the client. The only thing I'm not clear on is the interaction between the client and APNs.
Does APNs notify the client, or is the client checking in with APNs on a regular interval. If the later, what is that interval?
See below
AFAIK it's a persistent connection over 5223 between the device & Apple, with a command sent when a APNS is needed.
Unsure of timing.
Pretty sure it's somehow a push & receive.
An Apple Engineer gave me this:
Each device establishes an authenticated and encrypted persistent connection, and APNS uses that connection for signaling.
Doubt that is going to satisfy our Security group who want's to know more specifically who calls who and how frequently.
This might be helpful for you as well.
Troubleshooting Push Notifications (Technical Note TN2265)
https://developer.apple.com/library/ios/technotes/tn2265/_index.html
See if my post helps: http://www.justinrummel.com/how-apns-works-with-mdms-that-manage-osx-and-ios/
Justin, that's super cool, thanks so much! Turns out Don was holding out with this helpful nugget too (thanks Don):
https://jamfnation.jamfsoftware.com/featureRequest.html?id=1572
The thing that I'm questioning now: if the only thing that APNS does is tell the client to go talk to your JSS, why the need to involve APNS? The devices can reach JSS internally and externally already, so why can't we keep conversation between the two?
APNs = trust
@dpertschi the need for APNS is not how, but when. Setting up a configuration profile and scope it to a set of devices (OSX or iOS)... when you hit "Save" you are requesting APNS to find all the devices on your scope and telling them to talk to your JSS NOW (vs. a "15 min cycle" like POP/IMAP solutions). This helps save battery life for mobile devices, and for security in case you need to wipe a device.
We've deployed configuration profiles to Macs via policies (wrap profile, trigger install with profiles command) in environments that don't allow APNs traffic. iOS is a different story. :)
@donmontalvo Does this mean you are using Casper Remote to find all new IP addresses, if the client address has changed, and then deploying the install manually? If not, can you explain in more detail? ;)
@spraguga Not sure I understand your question. If you wrap a profile in a PKG and deploy, you don't need APNS to deploy that profile.
@donmontalvo Sorry, new here and I'm trying to understand what the roadblocks, differences, and added manual work will be without APNs ports enabled.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.