Jamf Nation Community

I am also interested in standing up Apple SUS, either NetSUS or Reposado, in AWS. Have you had any progress on this front?

We just built out our Jamf Pro server in AWS and are in the process of migrating from an on-prem environment. Having SUS in the cloud would be great for our external users.

@bloree I haven't pursued if further due to other end of the year commitments, but based on the flavors of *nix Amazon makes available on AWS in addition to VMware Cloud on AWS if you want to roll your own VMs, I don't expect it's very problematic.

Any comments/observations you can share on moving your Jamf Pro infrastructure to AWS? That's another item high on my "We really should do this" list.

Looking at this too. Since you can run a static website in S3 with all the goodies like versioning, security and geo location. I am looking at a cascaded reposado solution. will post once i get started

Larry

@sdagley Prior to 2018, I had very little familiarity with AWS. I encountered some minor obstacles with learning how different services integrate and dealing with dependencies. All of the AWS resources were created using Terraform (infrastructure as code), nothing manually created. Now that we are in maintenance mode, making minor changes in code and pushing to multiple instances is proving to be very simple and quick. All of our code is version controlled in git. If you are interested in going the IAC route, I would recommend using Terraform to write the IAC modules and leveraging Terragrunt to separate out configs for sandbox, non-prod, prod environments. The most challenging and time consuming part of the effort was writing out the user-data template to configure the web server ec2 instances upon creation. This included installing AWS CLI, SSM, CloudWatch agent, OpenJDK, Tomcat 8.5 as well as copying the ROOT.war from an S3 bucket and configuring DataBase.xml, server.xml, log4j, and memcached settings.

Regarding SUS, the Kinobi integration in NetSUS looks really cool. Unless anyone has any other recommendations, I will most likely go this route. I should also mention that I will not be using the NetSUS to house and deploy updates, but to act as an authority on which updates clients should retrieve from Apple.

@bloree Thanks for the reference to Terraform and Terragrunt, that looks like an extremely useful set of tools. Were there any tutorials you found especially useful for them when creating the definitions for your infrastructure in AWS?

The Kinobi+NetSUS combo is good for having your own server, but you can also host patch definitions publicly via @brysontyrrell's CommunityPatch project. Your best source of info on that is probably the #communitypatch and #patchserver channels on the MacAdmins Slack.

Did anybody get any traction with this?