JSS URL after the On-Prem to Cloud migration

karthikeyan_mac
Valued Contributor

Hi Team,

We are migrating from On Prem to Jamf Cloud and working on redirecting the current JSS URL DNS to .jamfcloud.com to avoid re-enrolling the devices

Did anyone migrated with this method ? What will the JSS URL for the devices enrolling after the migration? Will it be *.jamfcloud.com or the old URL?

Thanks.

8 REPLIES 8

pbenware1
Release Candidate Programs Tester

Yes.  When we moved to Jamf cloud 2 years ago, we had our network team point the DNS name of our previous on-prem server to the jamf cloud host. None of our endpoints were impacted, and we can still enroll new devices to the same URL we've always used.

One item of note- Jamf cloud is hosted in AWS, so Amazon had to create a new SSL cert for us, which our domain manager had to approve, and must do so whenever the cert is up for renewal.  Given the size of our higher end (25k staff & faculty), and the staff turn over rate, it can be quite the challenge to find out who the current domain manager is.

Thank you @pbenware1. We followed the same method and the clients are reporting without any issues.

Can you access the admin console with  https://yourcompanyname.jamfcloud.com/ ? Do you get certificate error when accessing through jamfcloud url?  

I've a doubt, your network team point the DNS name to your previous on-prem server to the Jamf cloud host. So I'm assuming your on prem jamf url is jss.company.com/8443, is that right? 

Also, AWS needs domain manager approval for the new SSL cert, I got 2 questions here,
1. Can Domain manager approve to create new SSL cert through email?

2. If so, can the email be sent manually from AWS or it will send automatic email to domain manager? If it's automatic, how it know to which domain it needs to send.

Thanks for understanding...

@sk25 Yes, our URL was jss.company.com:8443 and it will remain the same after migration as well. You have to reach out to team who handles the DNS for your Jamf Environment.

  1. Redirect current JAMF FQDN (jss.company.com) to JAMF Cloud FQDN (company.jamfcloud.com)
  2. At the time of migration, Jamf has to validate the domain from their AWS Cloud. You can chose any of these two method https://docs.aws.amazon.com/acm/latest/userguide/domain-ownership-validation.html

Thanks.

@pbenware1 I've a doubt, your network team point the DNS name to your previous on-prem server to the Jamf cloud host. So I'm assuming your on prem jamf url is jss.company.com/8443, is that right? 

Also, AWS needs domain manager approval for the new SSL cert, I got 2 questions here,
1. Can Domain manager approve to create new SSL cert through email?

2. If so, can the email be sent manually from AWS or it will send automatic email to domain manager? If it's automatic, how it know to which domain it needs to send.

Thanks for understanding...

pbenware1
Release Candidate Programs Tester

"I'm assuming your on prem jamf url is jss.company.com/8443, is that right?"

Correct.

Honestly, I'm not sure of exactly how the SSL cert approval process works, in that I don't know who is actually sending the email, AWS or Jamf. Our domain manager gets an email notification to which they need to respond within a certain period of time to approve the new SSL cert.  Based on previous conversations, I was under the impression that they login into an AWS portal to do the approval, but I don't know if that is accurate.

Our on prem jamf url is 'jss.it.company.com/8443'. Thanks.

In this video, they are saying it's automated. Migrating to Jamf Cloud without falling back to Earth | JNUC 2020 | Jamf

pbenware1
Release Candidate Programs Tester

We can access through the jamfcloud.com url without cert errors,  but we primarily use the same company DNS alias for console access.