Help

Disable check-ins etc during and after JSS upgrade

AVmcclint
Honored Contributor

Posted on ‎10-09-2015 05:25 AM

I think I'm ready to upgrade our JSS from 9.65 to 9.81. My wish is to be able to temporarily disable all connections to the JSS except for the web admin. I'd like to flip a switch that essentially puts up a wall that prevents self service, check-ins, recon, imaging etc for the duration of the upgrade process and for an undetermined time afterward. I'd like to still be able to login to the web interface to ensure that the upgrade on the server was successful before flipping the switch to allow all the managed macs to connect again and get the jamf client upgraded and resume their normal operations. From what I've been able to determine (and from prior experience) the upgrade process only stops the services during the actual installation of the software on the server... as soon as it's finished it's live. Is there an OFF/ON/PAUSE button?

0 Kudos
Reply
4 REPLIES 4

lwindram
Contributor

Posted on ‎10-09-2015 05:34 AM

I have a feature request to add this functionality. You could upvote it, but AFAIK there is nothing like what you want currently.

Disable all management activities while leaving the JSS web interface accessible

0 Kudos
Reply

AVmcclint
Honored Contributor

Posted on ‎10-09-2015 05:36 AM

I'm glad I'm not the only one who sees benefit in this. Upvoted!

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎10-09-2015 05:42 AM

Only thing I can think of is to temporarily get someone who controls your DNS to point any connections going to https://your.jss.server:8443/ to another invalid address. When any machines try to connect, it would fail since it would get routed to something that doesn't exist.
You yourself would need to connect to your JSS over an IP address while in this state, but that may work, assuming it doesn't mess things up with your actual upgrade. I'm not sure about the latter since I've never done that myself.
I'd probably contact JAMF about it to see what they say.

0 Kudos
Reply

Josh_Smith
Contributor III

Posted on ‎10-09-2015 06:50 AM

A couple of ideas:
- To manually control the services you can do the manual upgrade process. Our JSS is on Windows and I prefer the manual upgrade, it's very clean and easy.
- On Windows I think I could remove the firewall exceptions in the OS to block incoming connections temporarily, then check the JSS from a local browser on the server. Haven't tried it but it seems like an easy workaround.

0 Kudos
Reply