Jamf Discontinuing JDS

joe_bloom
New Contributor III

Jamf will be discontinuing the Jamf Distribution Server (JDS). We know many of you use and rely on the JDS, but in its current state we cannot recommend it. Therefore, Jamf is planning to end of life JDS at the end of 2017 and access to the JDS installer on Jamf Nation has been removed. The decision to discontinue the JDS is due to several key issues:

  • Reliance on TLS 1.0
  • Incompatibility with InnoDB for MySQL, making it reliant on MyISAM
  • Incompatibility with Jamf Pro 9.100 and newer

Jamf has determined that now is the proper time to move forward with new technologies. Jamf will be focusing on making improvements to the Jamf Cloud Distribution Server (JCDS). Our goal is to provide quality products and help to find a solution for anyone using the JDS. There are a number of alternatives and we are ready to assist you in migrating away from the JDS.

66 REPLIES 66

bvrooman
Valued Contributor

I understand the decision to not put development effort into the JDS to solve the TLS 1.0 and MyISAM dependencies, but I am a bit confused by the mention of an incompatibility with Jamf Pro 9.100+. We have an all-JDS setup with Jamf Pro 9.101.0 and haven't encountered any issues.

Is Jamf going to be providing guidance in migrating to a now-preferred distribution infrastructure?

were_wulff
Valued Contributor II

@bvrooman

The incompatibility statement stems from PI-004248 which caused an issue with the JDS certificate that was built by the built-in CA that would break communication with the JSS by having an incorrect Subject Alternative Name.

Since each environment is likely to have different criteria for what an acceptable alternative to the JDS is, it'll be best to handle those individually with Support so something more tailored to your environment can be worked out.

If you need guidance on JDS alternatives or want to go over possible ideas for alternative setups, the best option will be to get in touch with Support to go over what you're looking for for your environment, and they can help you come up with an alternative solution to the JDS. You can get in touch with Support by either calling, sending an e-mail to support@jamf.com, or using the My Support section of Jamf Nation.

Support will be able to help you work out an alternative as well as working with you to plan out a migration plan to get away from the JDS and onto something else.

Thanks!
Were Wulff
Jamf Customer Experience

RobertHammen
Valued Contributor II

As someone who tried to use JDS twice in customer environments, and repeatedly ran into reliability and functionality issues that made me swear "never again", I'm glad to see this decision was officially made and communicated. The ideas behind JDS were good, the actual execution (running large packages/DMGs through the MySQL database) was not.

jrippy
Contributor III

As someone who has relied on the JDS product since it was introduced, I have seen the benefits and drawbacks and the benefits STILL outweigh the drawbacks. I was really looking forward to 2.0 and I'm sorry to hear it will never make it to light.
The ability to have all of my distribution points remain true without having to manually trigger syncs was awesome!
I hope you will bring us a local version of the JCDS or a way to keep smb shares in sync reliably and in an automated fashion.
Thanks for the update.

znilsson
Contributor II

Am I the only one who has noticed that there is an actual werewolf posting from Jamf under the flimsy pseudonym "Were Wulff"? Dear sir or madame, it is insulting that you would assume we could not see through your paper-thin alias, and we demand that Jamf audit their employees for werewolfery. This is a serious post and we are serious people who will not tolerate this type of shameful flim-flappery from werewolves masquerading as Jamf employees.

And that goes for fairies, cyclopses, unicorns, basilisks, banshees, poltergeists, wendigos, kobolds, leprechauns, and lawyers, too.

Signed,
Very Serious People

were_wulff
Valued Contributor II

@znilsson

Someone finally noticed that my name changed! :)

I changed my first name legally back in May for reasons that amount to, "I'm an adult, and I could." I've got a pretty awesome last name and figured why not make the whole thing great?

It's been pretty fun, honestly!

Were Wulff
Jamf Customer Experience

damienbarrett
Valued Contributor

Good thing I've been stocking up on silver bullets for my trip to JNUC next week.

emilh
New Contributor III

Wow. We've been using the JDS as our sole distribution platform since we started using Jamf a couple of years back and currently running it along with JAMF Pro 9.101 without any apparent issues.

Guess I need to start looking into JCDS then.
Will there be some JDS -> JCDS migration documentation made available?

RobertHammen
Valued Contributor II

@emilh There are some alternatives being developed and/or discussed. Would personally wait until JNUC for more details...

karlmikaeloskar
New Contributor II

Well...

jrwilcox
Contributor

inconceivable

donmontalvo
Esteemed Contributor III

Torrent or even Magnet please...

Please support Torrent/Magnet

BitTorrent for Package Distribution in the Enterprise

--
https://donmontalvo.com

blackholemac
Valued Contributor III

It had a loyal following for those that relied on it, but every Jamf I've ever discussed it with was always quick to point out the "file distribution points are a good option" while answering all my questions diligently on the topic.

I'm interested in the JCDS personally but am wondering what my options are given I host our JSS cluster on prem.

Sonic84
Contributor III

Will the cost of the jamfPro product be going down to reflect the reduction in supported features?

were_wulff
Valued Contributor II

@blackholemac @emilh

Currently, JCDS is for our hosted customers only, however, there is this Feature Request to make it available to on prem JSSes so feel free to upvote and comment.

@damienbarrett

Sadly, I won't be at the JNUC this year. :(

Thanks!
Were Wulff
Jamf Customer Experience

cwaldrip
Valued Contributor

First, thanks for pulling the plug on the JDS. It was a great concept, but the execution and reliability was questionable at the best.

Second, thanks for hiring a Lycanthrope-American. They're truly under represented in the corporate world. ;-)

donmontalvo
Esteemed Contributor III

@cwaldrip wrote:

Second, thanks for hiring a Lycanthrope-American. They're truly under represented in the corporate world. ;-)

Great...coffee on my laptop monitor again! LOL

We're doing fine with a couple dozen RHEL DPs, and rsync using RSA keys. Hasn't missed a beat in a year and a half. Upload to master, the rest is automagical.

--
https://donmontalvo.com

dfarnworth_b
New Contributor III

Based on the spelling of Wulff, I'd say it's far from clear that this is an American Werewolf... Also, I thought that the last of these died in London in the 1980s

strider_knh
Contributor II

We have been told for a few years now that they were working on a full re-write of the software. Guess that won't ever get done.

We have multiple JDSs scattered around our 10 campuses, we are k-12 with 1:1 in the middle schools, high schools and staff with multiple labs. We liked the JDSs since it allowed for distribution of software from the local site and not have to use the external the bandwidth. If we now need to pull that 15GB Adobe installer from the cloud hosted site instead of a local server that will be annoying landfill up our pipe.

were_wulff
Valued Contributor II

@strider.knh

There are non-cloud options for distribution points.

Please get in touch with Support to go over what your organization's needs are and we can help you come up with a plan for new, non-JDS distribution points and migration to those.

If your JDSes are working, there is likely not large rush to get the actual migration to something different done; the JDSes will not (usually) stop working if they're left alone to do their thing, it's just something you'll want to plan for, ideally, by the end of the year.

Thanks!
Were Wulff
Jamf Customer Experience

chris_kemp
Contributor III

Rsync takes jumping a few hoops to set up, but it worked better (imho) than the JDS replication.

Oh and:
e0a4ec5ac3e944628a4790856c596041

exno
Contributor

Since the JDS installers have been pulled for a while, i think we all saw this coming. My experience with the JDS was all aces, but a few cases of it working really well can't balance the scales since it was unreliable for so many others.

I look forward to seeing what new tool will replace the JDS for on premiere, or options to have a JCDS only option for subscriptions.

And as far as the lycanthropic name change... I like it! It conjures the image of a wolf typing responses to all our questions. But its got to be difficult playing One Night Ultimate Werewolf.

- I am @exno or @exnozero on almost everything that exists.

sgorney
New Contributor III

@donmontalvo We use Resilio Sync for all our on prem SMB distribution points. Fast and relatively flawless.

walt
Contributor III

We never really took advantage of JDS'...we are currently setting up with just our JSS and that as our main distribution point. Possible something similar to a caching server set-up will take its place or be an option?

dgreening
Valued Contributor II

For those of you hosting your DPs on Windows Server boxes, I will heartily recommend DFS for replication! It has been working excellent for us! Up to ~150 distribution points currently.

donmontalvo
Esteemed Contributor III

@sgorney interesting stuff:

Reselio Sync

--
https://donmontalvo.com

Lotusshaney
Contributor II

I use Syncthing for all my 50 DP's around the globe. Its free and works fantastically well

Syncthing

GabeShack
Valued Contributor III

So if anyone calls you Amanda, do we get bitten?

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

were_wulff
Valued Contributor II

@gshackney

Some people forget, which is fine as I still respond to it (nearly 38 years of habit), but most correct themselves.
A few people thought I'd somehow got IT in on a prank at first but, considering everything they had to change for me to change my name across our systems, there's no way they would have done it for a prank! It would have been a pretty good prank, though.

My parents still call me that, though, as they felt the whole thing was silly but, "you're an adult and can do what you want." :D

Were Wulff
Jamf Customer Experience

GabeShack
Valued Contributor III

@were.wulff BTW love the Black Hole pic.
I had the read along record for that movie as a kid.

Gabe Shackney
Princeton Public Schools

Gabe Shackney
Princeton Public Schools

mjhersh
Contributor

There's a lot of talk about replication, but aren't there still important features that are only available when using a JDS?

Is there any way to allow techs to upload packages through the JSS, besides using a JDS? We rely on this very heavily, since Casper Admin is not safe for multiple people to use concurrently. What are our options, besides reinventing the wheel with API scripts? Do I now need to be middleman for every department's techs to upload packages? (It's too early to start drinking, isn't it?)

What about in-house apps and eBooks? Is that just going away?

I mean, I get it, the JDS had problems...but the proper response to outdated TLS support not "welp, better kill the whole thing".

mscottblake
Valued Contributor

I'm in a very similar situation to @mjhersh. I have other site admins that have the ability to upload packages via the JSS web interface. This setup works great as it limits the damage that can be done with Casper Admin (I don't give them access to it either).

We have been working with Jamf Support on this already and the response has left a pretty sour taste in our mouths. The only way to continue using that feature is to switch our Master DP to a Cloud Distribution Point, which costs more money. That topic received pushback from my leadership about covering extra costs when we already pay for Jamf Pro (a solution that did not previously require anything be hosted).

Basically, our options are either to use a CDP or to roll our own scripts to create the packages via API and then scp the files to the DP. Neither is desirable.

were_wulff
Valued Contributor II

@mjhersh

Cloud distribution points (JCDS, AWS, Rackspace, or Akamai) can use the web interface to upload to the JSS.

File share distribution points, at the moment, still go through Casper Admin.

In-House apps and eBooks were around long before the JDS, and a JDS is not required to use these features. It never has been, the JDS was simply an additional method that customers could use to host In-House apps and eBooks.

Information on using In-House eBooks can be found in here, in the Casper Suite Administrator’s Guide.

Information on using In-House Apps can be found here, in the Casper Suite Administrator’s Guide.

It is also possible to host In-House eBooks and apps on a Tomcat instance; we have a KB on how to do that here.

If you have additional questions or need more detailed help on getting any of the above set up, please contact Support and they'll be able to assist you with specific how-to or setup questions for your environment.

Thanks!
Were Wulff
Jamf Customer Experience

lashomb
Contributor II

Would love to use a cloud distribution point, but you guys don't support the up and coming small tech startups out there... like Google GCP.

blackholemac
Valued Contributor III

Official support for Azure could help us here. Probably not a popular option for heavy Apple folks but we get Azure services provided to the district at a steep discount.

were_wulff
Valued Contributor II

@blackholemac

It looks like you've already voted it up and commented but for others who haven't and are interested, we have a Feature Request to add Microsoft Azure distribution point support here.

Comments about the why/use case for your organization are super helpful for our Product Management teams on Feature Requests so, if you have the time, it's definitely worth both voting up and leaving a comment.

Thanks!
Were Wulff
Jamf Customer Experience

a_stonham
Contributor II

Does this now mean that INNODB will supported by Jamf in future update of Jamf Pro?

a_holley
Contributor

This is terrible news.

We are a NFP that relies on our JDSs to get our 600 Macs up to date across 60 remote sites. We have invested a lot of money in having Mac Minis at every site, which are almost exclusively used for JDSs. Being that some of our sites are in rural Australia, we don't have the infrastructure for our Macs to download from our data centre or the cloud. Our links just aren't good enough.

Yeah, great, they will still work for now. But what happens when Jamf Pro 10 comes out? How are we going to get (for example) Microsoft Office updates out to our 10 Macs on a shitty link in the middle of nowhere?

We have invested too much in JSS to switch to something else, but this has seriously got me considering our options.

martin
Contributor III

JDS has been badly designed from the start but it offered HTTPS distribution and it replicated the packages automatically to other JDS servers.

Jamf has been promoting JDS 2.0 for a long time but it seems that it is has become vaporware.

Your JDCS is not available to customers that use on-premise installations. The JDCS is not capable of replicating packages to another distribution point. None of the option that you provide provide automated replication.

This requires us to invest in other (paid) solutions. There is not even a proper statement which alternative we could use. Therefor people are referring to “Resilio Sync” (paid software) but for me it’s hard to believe that Jamf had increased there licensing costs again in just a few year. This increase does not reflect the features we as customers get.

So explain to me, why are we paying more for Jamf?