Help

Over saturated Open Access Provisioning Network Woes

fgrogan
New Contributor

Posted on ‎09-17-2019 02:28 PM

Is there a way to provision iOS DEP devices on an open access wireless network whereby only the enrollment and wifi profile pushes to the device initially and then, after the wifi profile lands and the device switches to the main network, pull down the app assignments? Our provisioning network is undersized for our implementation and i'm trying to determine what options we have for minimizing impact, and by extension provisioning failure rates, on that network.

0 Kudos
3 REPLIES 3

Look
Valued Contributor III

Posted on ‎09-17-2019 08:51 PM

The best way is probably to use scoping for the app deployment that the devices aren't part of initially, maybe if you could detect for the WiFi profile somehow and use that as part of the criteria for deployment, that would mean devices wouldn't deploy until after the next inventory update though which could be some time unless forced.

fgrogan
New Contributor

Posted on ‎10-07-2019 10:36 AM

Does anyone have any experience leveraging network segmentation as an assignment limitation? I'm thinking if maybe i can just get all the config / mgmt profiles pulled down first AND THEN assign the applications for installation after the devices has switched off the open access network that maybe I can reduce the over all bandwidth and connection count on that open access network.

If so, is anyone familiar with only limiting by network segment on an application when it's scoped to a specific prestage. As it stands i have 2 prestages (prod and test) and if add the limitation to the app assignment it impacts both.

0 Kudos

Gascolator
New Contributor III

Posted on ‎10-07-2019 07:27 PM

@fgrogan I've not tried this, but you could create a smart group that has two criteria:
1 - Enrollment Method Prestage Enrollment is "X" and
2- IP Address like "X.X.X.X"

Then change the scope of the app to the prestage that you don't want to limit by ip address as well as this new smart group.

I've attached a photo of what it might look like. You'll likely have to play around with the IP formatting to achieve the desired result. Like I said, I've not tried it before.

be480562d72b4ee08c5289154f109942
I think in order to use true network segmentation within Jamf, you'd have to add the app twice in Jamf. Scope one to one prestage then scope the other to the other prestage and limit it by network segment.

0 Kudos