We recently had to upgrade to 10.3.1 as our 10.0.0 environment was spiking the server CPU to a consistent 100% per core utilization causing tomcat to become unresponsive after about 15 minutes of uptime before we had to reset tomcat again. After a lot of back and forth with JAMF we were unable to address the issue with 10.0.0 so as a last resort we installed 10.3.1. This addressed our performance issue and from the console side of things JAMF has been pretty snappy.
However, on the build workflow side of things, it has been nothing but trouble. Prior to 10.3.1 we were on 10.0.0 and our workflow was as follows:
- DEP enroll or User-Initiated JAMF Enrollment (Quickadd.pkg)
- Launch Self Service and run the build policies for a particular group (AD Bind, HostName, Apps, etc. etc.) - Deploy Mac to end user
- DEP enroll or User-Initiated JAMF Enrollment (Install MDM profile)
- Wait anywhere from 10 to 60 minutes for the JAMF Binaries to fully install. (Current average is about 30 minutes for us)
- Launch Self Service and run the build policy for a particular group (AD Bind, HostName, Filevault, Install Apps, etc. etc.)
- Deploy Mac to end user
On JAMF 10.3.1 the build policy results seem to be inconsistent. Sometimes the SMB distro point fails to mount, sometimes our hostname script doesn't complete properly. I am troubleshooting these as unrelated to the JAMF upgrade, but it is odd we didn't see these under 10.0.0
I know the switch from the quick add to the MDM profile method is due to the changes Apple made in 10.13 for user approved kernel extensions, but there has to be some way to speed up the installation of the JAMF binaries.
What are other people using for the DEP and User-Initiated enrollment build workflows? Is there something simple I am missing here?
Just a shameless bump..
The TL;DR version of this post is simply that with 10.3.1, we are seeing a 10-60 minute delay in the JAMF binaries getting installed after both DEP and User Initiated Enrollments. I have a case open with JAMF but was curious if this is an issue with everyone or just me?
The Tomcat utilization piece has been an issue for us since 9.0. We have had 2, multi-month long support sessions with JAMF over the last 3 years on this. Both times it ended up being a bug deep the the code that JAMF had to release a .x release for. We just recently updated to 10.2.2 and we still will see Tomcat pegg at load averages of 20+ and stay there requiring a Tomcat restart. Although, it is not very common anymore.
I am just getting started figuring out a DEP workflow for Macs. Still working on what works best for config'ing Macs. I think a basic DEP config followed by a Tech running a SS on-boarding script is the way we will end up going.
@ChrisJScott-work That is the process we are following. Unfortunately the JAMF binaries don't install immediate or even close to the completion of the enrollment. We are typically seeing about a 30 minute average lag behind enrollment before the binaries are fully installed.
I have a case open with JAMF and they are looking into it. I'm just hoping they have a quick easy fix.