This item made me excited in the JAMF Pro 10.9 release notes:
You can now add a package to a computer PreStage enrollment. This allows you to deploy the package to computers with macOS 10.14 or later during enrollment with Jamf Pro. The package is installed on computers before the user completes the Setup Assistant.
...and then this item made me depressed in the JAMF Pro 10.9 release notes:
To deploy an enrollment package to computers, you must have a cloud distribution point configured as the master distribution point in Jamf Pro.
Does this mean if your JAMF environment is entirely on-premise you're SOL to use this feature? If it is, I'm wondering what the rationale is behind that decision by JAMF... is this the beginning of a trend of cloud-only features in upcoming versions of JAMF Pro?
Solved! Go to Solution.
I think this is more and Apple requirment then Jamf. The decision to go this route is likely because the cloud options are known quantities, with dependably verifiable certs and what not.
I think it's very possible Jamf could include any user managed HTTPS distro in the future so long as it has an acceptable cert, but this was probably a very easy way to get it out in a guaranteed functional way right off the bat.
Apple requires a "manifest" file be generated for the deployed pkg so it can be used by the InstallEnterprise mdm command. That means that your Jamf Pro instance has to be able to connect and upload to your Distribution Point(s). Apple also has a requirement for HTTPS only.
Those two things mean that v1 of this is Cloud only as that's easy. The rest will follow.
The thought process behind this is to prompt users to move to Jamf's cloud solution. Same with their new web training series they have. You have to be a cloud subscriber.
Why the push to the Cloud? The oldest business reason in the book - money. We've looked into it, and as great as it is, it's a lot more expensive than our on-site cost. :-(
The thought process behind this is what @franton posted. Jamf Cloud makes it easier, sure, but you can configure an on-prem Jamf Pro instance to use a cloud DP, like s3 or some other CDN (e.g., Akamai, Rackspace). So using Jamf Cloud isn't a requirement here, though it certainly makes it easier because Jamf provides a cloud DP with every Jamf Cloud instance.
Then I don't understand the requirement to have the package on a cloud server (Jamf's or anyone else). If I have valid certificates, etc. then why do I need a cloud distribution server. So if it's not a Jamf requirement I don't know why it's required. Aren't there other MDM systems that allow for package installation as part of enrollment that don't require cloud servers?
There are going to be a number of potential customers who can't, for cost or security reasons, use a cloud distribution system. Requiring that puts a big limiter on functionality. I know for my company it's a combination of both.
@cwaldrip during the beta I asked if it was possible, technically speaking, to deliver the package from an internal https server/DP.
Jamf's response was, yes, via a custom manifest:
I've not upgraded to 10.9 yet, so I've not explored it yet.