Migrating Jamf Pro from on-prem to cloud, any advice?

thebrucecarter
Contributor II

Greetings all,

We are migrating from our on-prem Jamf Pro to the cloud product.  We are working with Rocketman Tech as consultants, and with Jamf Support of course.  I just wanted to hear from anyone who has gone through this transition as to things to watch out for, possible problem points, things you would do differently and so forth.  Our "lift and shift" date is January 21, 2025, so we are definitely approaching the critical point in the process.  Any thoughts or comments would be greatly appreciated.

5 REPLIES 5

AJPinto
Esteemed Contributor

We did this in 2023, my best advice is to ignore the salespeople and demand to talk to engineers BEFORE your cutover date. The salespeople really have no idea what the heck they are talking about.

 

In our situation, our internal domain is not publicly addressable, and we were told repeatedly that this would not be an issue by the sales and support staff. I was very confused that this would not be an issue but trusted them. Migration date comes and I am talking to the engineer, and in the first 5 minutes we are told this non publicly addressable domain will be an issue and a massive one at that as we needed to go open internet. In the end we had to wipe and load the entire fleet.

 

If you are migrating you're existing Jamf instance to Jamf Cloud, you need to setup a CNAME redirect to "trick" your devices that the new Jamf server is the old Jamf server. If you want to be open internet, whatever your servers URL is needs to be publicly addressable now, if it's not then the Jamf Cloud server will not be publicly addressable either.

 

Other than that, the engineer that worked with us was amazing and went well above and beyond to make sure we were buttoned up as best as could be done. Nearly 2 years in, and I have no regrets once so ever, and I am actually thankful we effectively restarted the environment as it allowed us to clear out a lot of tech debt.

sdagley
Esteemed Contributor II

@thebrucecarter Hopefully you have an on-prem test environment you're migrating first? That's really the only way to have any confidence that your Cloud migration will go smoothly. And are you going with the standard Jamf Cloud offering or Jamf Premium Cloud? You've got a lot more flexibility with the latter (e.g. control over your JSS certificate, restricting access to the JSS console, Global Accelerator so your Cloud instance has fixed IPs, specifying when updates are applied, ...)

pete_c
Contributor III

Use Prune and clean out the cruft first. Practice with your DNS provider to document how long changes will take to propagate and be prepared with a script to update or flush DNS on the endpoints if necessary. Don't decommission the on-prem side to account for any stragglers or just for post-migration reference. Ask for a sandbox / test environment and use that to verify functionality with any remaining on-prem services like certificates or AD/LDAP.

dlondon
Valued Contributor

Maybe you could explain whether your migration will have a change in DNS name or not.  Ours retained the same name and port so that made the transition to the new system easier because as far as the clients were concerned, it was the same system. 

Also does it need access to info on your site regarding users and computers from e.g. a Microsoft Domain?  Do people log in to the Server using Microsoft Domain accounts?  If so, then some form of LDAP proxy will need to be set up.

We engaged with Jamf to work with us on our migration and the Engineer was very competent