Migration/Cutover to new JSS

ChickenDenders
New Contributor III

Hey all,

We are in the process of upgrading all of the Macs in our department from 10.9.5 to 10.12.

The systems, and all our deployment packages, were created during my first foray into JAMF deployment about a year ago. Everything is pretty messy, and has a few random issues that pop up every time a new system is imaged.

I have an entirely new, separate JSS instance spun up. I've recreated all my packages, confident that I've ironed out all the issues we've been seeing this past year. I've just got just one system enrolled, for testing and building out new packages.

I'm thinking that we do a complete system reimage/cutover to the new JSS. Nothing really needs to be saved from the old systems. Rather just start fresh. Is there anything that could bite me if we go this route?

What would be the best way to do it? Just create a 10.12 netboot image that enrolls to the new JSS, then delete the machines from the old one?

*EDIT - Looks like another method is to push out an enrollment policy from the old JSS, to point machines at the new one.

Current JSS: 9.73
New JSS: 9.96 (Upgrading from 9.93 for 10.12 support)

Thanks guys.

4 REPLIES 4

chriscollins
Valued Contributor

That is what we did. We just pushed out a quickadd package in a policy from the old JSS which enrolled it to the new JSS.

Once we were done we just decommisioned the old JSS. We didn't worry about deleting machines from the database because once they get enrolled with the policy they won't check in anymore anyways.

The only thing we had to work on was filevault encrypted machines needed to have new recovery keys generated.

jchurch
Contributor II

as long as you are just working with Mac OS X machines deploying a new quickadd package should work. but things will get much more complicated if you have any iOS devices in the mix. i toyed with the idea of just spinning up a new JSS and just re-enrolling to get the devices over but having to physically touch over 3000 ipads was a deal breaker. we had to import the entire database into the new system. lots of posts on jamfnation with walkthroughs if you want to go that route.

mike_paul
Contributor III
Contributor III

Also be aware that enrolling into the new server would require removing the old mdm profile to get one from the new JSS as just enrolling into the new one won't automatically do that. And if your previous wifi was pushed via MDM, removing said mdm profile would remove wifi so getting the new one would be tricky without network. You would have to ensure that the computer can maintain network connection while doing the switch of MDM.

#to remove old MDM
sudo jamf removeMdmProfile

#to pull down new MDM
sudo jamf mdm

easyedc
Valued Contributor II

I am in the middle of doing the exact same thing and am using the API to clean up the old JSS as they move over to make sure we don't miss any stragglers.

#!/bin/bash
 SN=$(system_profiler SPHardwareDataType | grep 'Serial Number (system)' | awk '{print $NF}')
echo "$SN"
curl -kvX DELETE -u jamfadmin:password https://jsstest.org.com:8443/JSSResource/computers/serialnumber/"$SN"
exit 0