Jamf Nation Community

We're at the end of transitioning off using Apple's Server app as our SUS. We're transitioning to a reposado/margarita combo configuration. Reposado is extremely flexible and can run on any hardware/OS. We have our reposado server hosted in our data center on a Linux VM running red hat. Margarita is just a nice little GUI that runs on top of reposado so you can easily approve new updates and remove deprecated ones. The project should be done in the next week or so - we're just wrapping up configuration and doing some additional pilot testing before rolling it out to all of our Macs.

Two other benefits of reposado: 1) you can create branches, and then use a tool of your choice to point your clients to different branches (so have a Beta group that gets all new updates day 0, but a production group that gets them after a week). You can also block updates completely (so prevent the Install High Sierra update rolling out). 2) You can choose to download updates locally to your reposado server, saving your clients from going to Apple to download the latest update if you have concerns about network bandwidth.

https://github.com/wdas/reposado
https://github.com/jessepeterson/margarita

We've been using actual Mac servers (Mac Pros) running OS X/macOS server for years, but I've struggled with keeping SUS and other services running reliably on these boxes. I'm now in the process of setting up Reposado with Margarita on them and will turn off the SUS service, once it's all configured. Is it more work and less convenient in ways? Yes, but Apple has completely ruined OS X Server in my opinion with the crazy amount of bugs and deprecations they've been pushing it toward, and I know I'm not alone in that opinion. It's just not worth fighting it anymore.
At this point, I would definitely not bother with setting up actual macOS servers. Apple has made it clear they want that product to die and they're doing a pretty efficient job of killing it.

I struggled with SUS on several servers for years until Caching Server came along. Then SUS just started to work reliably.

We all know Apple lacked the resources to make macOS Server a great product. /sarc

Recently bought a small Synology NAS for testing and to familiarize myself with. Might be changing to those to replace much of what Apple has taken away,

hi All, thanks for the information.

Gone through this but didn't see how we are actually targeting end points from JAMF? What kind of policy would help to make the endpoints to be updated with latest patches?

Do you suggest a policy with Smart group to target machine with Once per computer pay load or an ongoing?

From last two months we have got many security updates for Sierra and El Capitan --like 2018-002, 2018-003 and 2018-004 ?

Can you please suggest the best approach with JAMF and NetSUS to target endpoints to be in compliance?

Just implemented the JAMF NetSUS and deployed via Configuration profiles. Having the ability to create different branches is a great feature.

@ammonsc -- Yes configuration profile helps to point end points to NetSUS. However, how are you configuring policy to check for the updates and how often are you changing the frequency to get the updates installed?

Only Config Profile will install all updates?

Please share your thoughts @ammonsc even i am struggling to figure out. @ukspvmalapati Please update is you have any luck