- Jamf Nation Community
- Products
- Jamf Pro
- JAMF Pro Upgrade - Best Practice
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
JAMF Pro Upgrade - Best Practice
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 06:01 AM
I am trying to figure out how to best manage upgrades for JAMF Pro. It seems like there are upgrades constantly available for the server. I am wondering what is appropriate for implementing these upgrades. Upgrading once a year seems extreme, but upgrading monthly seems extreme also. Does anyone have a good handle on this?
Thank you.
Reply
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 06:22 AM
how and when you update is driven by the business requirement, but as most update from Apple contain fixes for zero days, they should be implemented sooner rather than later..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 06:46 AM
so sounds like read through the release notes, see if it has a business requirement, then plan the upgrade if needed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2024 06:34 AM - edited 01-24-2024 06:35 AM
@mikesmithwsu I take it you're running your Jamf Pro instance on-prem? I'm strongly in favor of Jamf Cloud hosted instances because it removes the headache of having to do your own updates. I realize that's not an option for everyone though so here's my thoughts from when I was running on-prem instances:
There's no requirement that you install every JSS update that is released, but you probably don't want to get more than 2-3 versions out as there are often changes in the database schema that will result in having to do an intermediate update to get to the latest version if you aren't on N-1. My criteria was did the list of bugs fixed include anything critical or that was extremely annoying. Or a feature that would be extremely useful.
Automate everything possible in the upgrade process.
Never do a an upgrade until you have backed up your JSS database along with the Server.xml and Database.xml files (or whatever they're called these days) from your current install
Have a Test JSS instance where you can try upgrades before you decide if upgrading your Production instance is appropriate/necessary.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2024 12:38 PM
If your Jamf Pro instance is self-hosted, follow your own internal tolerances for Updates. Generally speaking, you "must" update relatively soon after Jamf adds support for a new Major OS release. It is also a good idea to update after Apple releases new hardware.
The major feature reasons aside. Many of Jamf updates include security patches, and minor feature adds. Update to address those concerns as your environment allows.
All that being said, you don't want to let your Jamf Server fall too many versions behind as the upgrade path to current can be convoluted. You can only guarantee a direct upgrade (1>2>3) for international updates, if you skip versions (1>2>8) you may very well have to install several versions in between (1>2>4>7>8) to get to current. I also suggest updating MySQL and Java every time you update Jamf just to keep them all in line. When we were self-hosted, I would update 30 days after public release unless a 0-day like log4j was being patched which was not terribly common but did happen.
I cannot stress enough, have a test instance of Jamf. Also, it's a really good idea to put that test instance on the beta version and have no less then ~5 devices in it so it's actually doing something.
