JAMF Netsus or Apple Mac Mini Netboot and update server?

jnice22
New Contributor II

I looked around and have not found this specific post so here goes.

I am in the beginning stages of designing an infrastructure to support a small group of Macs in a large Windows environment. This environment is highly secure and not very welcoming to open source/community products. That being said I can probably sell them on either JAMF Netsus or Apple Mac Minis. The selling points of JAMF Netsus are that it can be run on RHEL. I will have some level of support from our redhat team and JAMF. It can also be setup in a vm environment. The negatives for JAMF Netsus:
- one. It can be painful to setup. Especially when you need it to be highly secure. (can't use the appliance, requires ssl, no passwords flying around, etc.)
- two. If Apple Decides to go a new way with their update system or netboot you are at the mercy of the community to get things going. It does not fall under JAMF's support. (correct me if I'm wrong)

The main issue with Apple netboot and SUS is the hardware. We would just need to make sure we have a solid backup and restore option that could be done by anyone in our environment. Their enterprise OS support looks like it has gone way up since working with IBM.

Anyone in a similar situation? What is the general consensus for JAMF Netsus vs Apple Netboot/SUS?

Thanks for your feedback. Jason

10 REPLIES 10

benducklow
Contributor III

Sounds like we're in the same type of workplace environment (Open Source concerns, Windows environment, etc). Due to the same points you called out in your post, I'm afraid I would dig my own grave if I chose to build out infrastructure that was running an application not supported by JAMF directly. Our SLAs are too tight and we've got too much at stake to be down for any period of time.

I know other environments are much more flexible and can do whatever they want. If I were in that boat, I might consider it more.

My 2 cents...

jnice22
New Contributor II

Thanks for your 2 cents. That is exactly what I was thinking.

I wish Jamf had a fully supported appliance (hardware based and/or software based) with the same level of support as the rest of their products. This would make everything go without a hitch. I've have thrown my 2 cents on this in another forum.

djwojo
Contributor

We have JAMF's netsus running on a RHEL VM, supported by our internal server team. If you have a good team, there are no issues with security as the SUS has nothing to do with it other than the open ports and passwords. We do not use the NetSUS' netboot as we need it available on different subnets and in different locations. We have mini's setup with a standard build for that and they provide a local DP for casper as cross talk is limited.

Knock on wood, but I have not seen downtime other than for maintenance and updates. There is really no support needed other than changing the sucatalog targets when the next OS is out.

On point #2 you are correct.

ericbenfer
Contributor III

Another advantage of a Mac Mini is Caching Server.
It is a powerful yet simple alternative to the old Software Update Server.

Eric

calumhunter
Valued Contributor

bsdpy reposado docker + your choice of linux

jnice22
New Contributor II

@djwojo At my job we kind of look at worse case situations. We have rhel admins who can support the OS, install secure, backup. We have a Mac engineer who can support the config/install of the netsus. We can do restores if something breaks or gets corrupted. Who do we call if Apple updates their SUS and requires a new security component that netsus does not support? What are the SLA's for getting a version that will support this new Apple feature? If you purchase a lot of systems and hold off on updates you can push things off for a bit, but nobody wants to do that.
Since I am the only Mac guy in my company it is also a valid point for having a team support the server side. I will need to come up with a solid failover, backup for the Minis. I already need to get my team trained and up to speed on the tech. Thanks!

@ericbenfer That adds another plus to the MacMini/macpro model. Thanks!

@calumhunter opensource. Lucky person. >_< I would just write an a ruby gem that ties into the jss-api if I had the option. Thanks!

calumhunter
Valued Contributor

netsus is open source aswell but you're considering and jamf don't really provide support for it either soo.....
Not sure why open source is a problem? Docker runs just fine on RHEL. it also takes the head ache out of dependancies for your linux team. install docker, run container, get a netboot server up and running in 5 minutes.
repeat for SUS

Plus reposado gets updated much much faster than JAMF updates the netsus, so if Apple did make a change that requires an update like say adds a new catalog for 10.12, then I would expect to see reposado updated within a matter of hours. NetSUS, not so much, you're going to be on your own to update that mess

perhaps the mac engineer needs to branch out to linux a bit more? i mean OS X is BSD anyway its not much of a stretch...

theres already some good python jss api stuff out there https://github.com/sheagcraig/python-jss for example

Friends don't let friends use ruby ;)

jnice22
New Contributor II

@calumhunter open Source is not the problem. Support is the problem. I can purchase support for MySQL. I can purchase support for RHEL. I cannot purchase support for docker or netsus. My company requires definitive support, a signed contract and probably a throat to choke.

When Reposado or docker breaks who do I call? This will most likely happen because of something Apple changes. Little things like adding a catalog are not a concern I am talking about major changes. Something along the lines of switching vanilla smb to their own version. If reposado offered a paid support option I would be set. Even if I never used it, my boss would have the warm and fuzzies.

I am the Apple engineer. I am well versed in Linux, Bash, Python, Ruby etc. My experience is not the issue. I could probably write my own solution. I would LOVE to use open source products that are community supported. My company does not allow this.

If Ruby is good enough for Pixar its good enough for me ;)
http://pixaranimationstudios.github.io/jss-api-gem/

calumhunter
Valued Contributor

It seems that you are unable to use any open source software, which NetSUS is.

So you have only one commercial alternative product that has "support".

Get a Mac Mini with OS X server and try to get a software support agreement with Apple.

jnice22
New Contributor II

@Calumhunter Not to nit pick but we have lots of open source software. We just use the commercial version. :)
Apple is considered open source since Darwin is freely available.

and that is what I have ended up doing. Mac Minis with Apple Enterprise Support. I would much rather use netsus or bsdpy+reposado on a VM but as you said there is only one alternative...

This sounds like an opportunity for someone. Sell a supported open source netsus and make some money from companies that have fun requirements.

I appreciate your input. Cheers.