3 weeks ago
For some time our InfoSec guys have been giving me no end of heartburn due to near-continuous changes to the security architecture of the enterprise. Within the last year there have been no less than at least 14 security-related initiatives rolling concurrently.
I've experienced deployment failures, profile corruption, inability to auth via SSO depending upon network attachment...
To that end I've spun up a JPro server on prep, and just to make it fun (it's just for testing) it's running on macOS Sonoma 14.4.1:
3 weeks ago
I wouldn't even dabble for another second with Jamf Pro on macOS. It's not supported. You'll run into a lot of failures and crashes. It had to deal with the database, MySQL, if I'm not mistaken.
It might look rosy now, but let it run for a bit and you'll see. Backup your backups.
Or move to a platform Jamf supports.
3 weeks ago
It's just for testing for a short time. No way is anything production going on it...
3 weeks ago - last edited 3 weeks ago
Jamf killed support for running Jamf Pro on a macOS "Server" Last year. You need to use Windows Server or Linux.
Jamf Pro System Requirements - Jamf Pro Release Notes 11.4.0 | Jamf
Recommended |
|
|
|
Minimum Supported |
|
|
|
3 weeks ago
I'm well aware. Did this more as a challenge, and for fun. It's only going to be up as long as I need it for testing. Trying to as much as possible eliminate the Internet from the equation, e.g., what does the traffic look like if it's all internal.
3 weeks ago
I would schedule your Apple SE to meet with you InfoSec team. Show them the documentation from JAMF and Apple in regards to what ports are needed in order to successfully function in an Enterprise environment. https://support.apple.com/en-us/101555
https://learn.jamf.com/en-US/bundle/technical-articles/page/Network_Ports_Used_by_Jamf_Pro.html
If you're not already a member, join the AppleSeed for IT program to obtain access to the Mac Evaluation Utility so you can show the InfoSec and Networking teams concrete data on what is an is not working in their environment.
3 weeks ago
The scope of work with Apple has already been hammered out. I mean stop me if this sounds altogether too familiar: I was running myself ragged between building out, and maintaining, our MDM environment, dashing around on customer engagements, and fighting with InfoSec to get need resources.
We now have a tiered support structure in place; I'll be the engineer/tier 3, and others will be dispatched on customer visits (unless they can't resolve).
I know all about how Jamf Pro on Mac is deprecated; just did this for the fun of the challenge since I've got to do some testing.