Jamf Nation Community

dpertschi · ‎10-23-2013

I'm trying to document the communications flow between Casper, APNs, and the client. The only thing I'm not clear on is the interaction between the client and APNs.

Does APNs notify the client, or is the client checking in with APNs on a regular interval. If the later, what is that interval?

justinrummel · ‎10-28-2013

See if my post helps: http://www.justinrummel.com/how-apns-works-with-mdms-that-manage-osx-and-ios/

View solution in original post

bentoms · ‎10-23-2013

See below

bentoms · ‎10-23-2013

AFAIK it's a persistent connection over 5223 between the device & Apple, with a command sent when a APNS is needed.

Unsure of timing.

Pretty sure it's somehow a push & receive.

dpertschi · ‎10-25-2013

An Apple Engineer gave me this:

Each device establishes an authenticated and encrypted persistent connection, and APNS uses that connection for signaling.

Doubt that is going to satisfy our Security group who want's to know more specifically who calls who and how frequently.

Kumarasinghe · ‎10-27-2013

This might be helpful for you as well.

Troubleshooting Push Notifications (Technical Note TN2265)
https://developer.apple.com/library/ios/technotes/tn2265/_index.html

justinrummel · ‎10-28-2013

See if my post helps: http://www.justinrummel.com/how-apns-works-with-mdms-that-manage-osx-and-ios/

dpertschi · ‎10-30-2013

Justin, that's super cool, thanks so much! Turns out Don was holding out with this helpful nugget too (thanks Don):
https://jamfnation.jamfsoftware.com/featureRequest.html?id=1572

The thing that I'm questioning now: if the only thing that APNS does is tell the client to go talk to your JSS, why the need to involve APNS? The devices can reach JSS internally and externally already, so why can't we keep conversation between the two?

donmontalvo · ‎10-30-2013

APNs = trust

--
https://donmontalvo.com

justinrummel · ‎10-30-2013

@dpertschi the need for APNS is not how, but when. Setting up a configuration profile and scope it to a set of devices (OSX or iOS)... when you hit "Save" you are requesting APNS to find all the devices on your scope and telling them to talk to your JSS NOW (vs. a "15 min cycle" like POP/IMAP solutions). This helps save battery life for mobile devices, and for security in case you need to wipe a device.

donmontalvo · ‎10-30-2013

We've deployed configuration profiles to Macs via policies (wrap profile, trigger install with profiles command) in environments that don't allow APNs traffic. iOS is a different story. :)

--
https://donmontalvo.com

spraguga · ‎03-19-2014

@donmontalvo Does this mean you are using Casper Remote to find all new IP addresses, if the client address has changed, and then deploying the install manually? If not, can you explain in more detail? ;)

donmontalvo · ‎03-19-2014

@spraguga Not sure I understand your question. If you wrap a profile in a PKG and deploy, you don't need APNS to deploy that profile.

--
https://donmontalvo.com

spraguga · ‎03-20-2014

@donmontalvo Sorry, new here and I'm trying to understand what the roadblocks, differences, and added manual work will be without APNs ports enabled.

Jamf Nation Community

Communications with APNs