I am curious about how everyone is handling Apple Software Updates. At this point with Windows we host an internal WSUS and my bosses want to continue with that tradition with Apple Updates. Since we cannot scope out updates to test machines like we can in WSUS, I am curious to see what everyone else is doing. Are you just letting the machines get updates from Apple or are you managing the distribution of them.
Our Apple Engineer told us that SUS has been deprecated, to reinforce your comments above. I pushed for "so how do we manage this" and his response was rather unhelpfully "The best approach is always to ensure app compatibility ahead of update releases." and:
"With hard and fast OS version limitations and users with admin rights, the best approach is user education. IT needs to maintain a matrix of app/OS version compatibility and communicate any gaps to the users.
With each major OS release, Apple IS&T publishes a “Can I Install Sierra” web page explaining any app compatibility gaps."
There are some tricks you can do to stop particular OS-level updates (or, any other app updates I guess) by using
softwareupdate --ignore "Update Name"
You can get the applicable update name by running
softwareupdate --list and taking the value up to the "-" character, i.e.:
macOS Sierra Update-10.12.3 macOS Sierra Update (10.12.3)
So you run
softwareupdate --ignore "macOS Sierra Update" and it won't show the 10.12.3 update anymore. The bad part is that there doesn't seem to be any way to go ahead and install 10.12.2 if you want (my test machine for example is on 10.12.1 and I can't make it just let me update to 10.12.2 if I want to, at least not that I can see).
Hi Guys, Both @anickless and @KSchroeder make good points for caching server, however if you want something that you can "legally virtualize",with a bit more control, you may want to look into setting up Reposado on a physical Linux or into Jamf's NetSUS appliance. I am also at a K-12 and use Reposado vs a Caching server
some info from a past post
Throwing my 2¢ into this as well. We currently are running an Apple SUS through server 5.2. We've had similar discussions with Apple and are looking to migrate off it as well. Will most likely leverage a JAMF netSUS as it's replacement. Currently have bought ourselves a bit of time since it's running still on macOS 10.12 and Server 5.2.
@chris.denoia NetSUS bundles the SUS clone features of Reposado in a package that's easily deployable on non-Mac hardware (read that as beefier server hardware running a VM host like VMware's ESXi). Setup is very straightforward, but the 500GB disk space recommendation is on the low side these days with a current sync of the Apple updates coming in around 430GB, so you'd be better off starting with 1TB.