Jamf Nation Community

Earlier this year we introduced a new App Installers binary which provided a number of new capabilities, one of the most significant being the ability to download trusted installation media directly from a vendor and then performing the installation whereas previously the installation media had to be hosted on Jamf’s cloud infrastructure.

As I described in my previous post, we planned to utilise this external URL method to enable us to add titles that we were previously unable to offer such as VLC and iTerm, now both available in App Installers.

We recently introduced a new App Installers capability in Jamf Pro 11.16 that allowed admins to influence the flow rate of MDM commands that App Installers sent to managed Macs in their environment to help address network congestion/capacity issues. This is controlled by the new Deployment settings option in the App Installers section of the Jamf Pro settings page.

As the volume of updates for software titles continues to increase we will continue to look for ways to reduce the impact of these downloads on customer networks. To that end, our next development efforts are focussed on supporting the smaller delta updates that are available for some software titles such as the Microsoft Office applications. Using Office as an example, utilising the delta update file instead of the full installer to perform the update, can save almost a gigabyte of traffic per software title (Word, Excel, PowerPoint, etc).

The installation manifest that App Installers sends out to the end user machines will be expanded to include some additional information, the URL for the full installer as well as the URL of a delta updater if available from a vendor. The binary will then look at what is installed locally on the machine and decide as to which installer (full or delta) is required to install/update the application. We do not envisage any additional steps required from the Jamf admin to use the delta updater functionality with the exception of ensuring that the vendor URLs are accessible on the corporate network. These URLs are always viewable in the App Installers metadata in Jamf Pro. We will be making some changes very soon to the App Installers Software Titles page so that Jamf School or Now customers are also easily able to identify which App Installers software titles use the external URL method and the associated vendor domains for those titles.

The first applications that we are targeting to support the delta updates are the Microsoft Office applications (Word, Excel, PowerPoint, Outlook and OneNote) along with the Adobe Acrobat Reader DC and Acrobat DC titles. To start this process we will be changing these titles in App Installers to use the external URL method so that the end user devices will download the installers directly from Microsoft and Adobe instead of from Jamf storage. These titles utilise the officecdnmac.microsoft.com and ardownload3.adobe.com domains respectively. As a reminder, the App Installers binary will check the integrity of the downloaded package to ensure that it should be trusted before performing the installation. This includes the details that we display in the metadata within an App Installers deployment window such as developer ID, media checksum, etc. The binary will download the media from the original vendor and if it passes the integrity checks, will perform the installation.

You may be asking, “this is a lot of info, what do I need to do?”. If the officecdnmac.microsoft.com and ardownload3.adobe.com domains are accessible on your network, then nothing. If you are on a very restricted corporate network you may need to work with your network/security teams to ensure that these two domains are accessible on your network before the change otherwise you will need to disable any deployments that you may have for these titles.

We will implement this change to the Microsoft Office and Adobe Acrobat titles on the 2nd of June so any new version updates for these titles that are published after that date will use the external URL method. Any previously published version in App Installers will remain as they were. We are currently planning on rolling out the delta updater support for these titles in Q3 of this year.