To the Jamf Cloud?

llitz123
Contributor II

We have an on prem JSS...
Should we move to Jamf Cloud?
Are there any pitfalls I should be aware of?
We're small with 75 devices if that matters...
Thanks for any input.

16 REPLIES 16

mm2270
Legendary Contributor II

That depends. What are your pain points with the current setup, or things you think may improve by moving to their cloud offering?
Generally speaking I prefer the 'if it ain't broke don't fix it' model, but there are some advantages in moving to their cloud environment, depending on if it's all on your shoulders to manage Jamf or if you are part of a larger team that manages it.

Also, are you only managing Macs with it? If so, that's not too bad a move. With iOS its a little more complicated to move services as you may know or have heard.

Dylan_YYC
Contributor III

To be honest, every year i look at the cloud instance and i just can't justify it. Our on-prem instance works so well for our ~1000 devices, sure it's a little more upkeep on my end for OS updates and Jamf Pro installers but that takes minimal effort and it usually just works. So yeah, im just going to keep trucking along with the on-prem!

jhuls
Contributor III

I'm considering making the move but need to learn more about it. In my situation our on-prem server runs fairly well but the people who manage updates and maintenance on it are windows guys who are not only short staffed and overworked but have 99% of their focus on windows services.

I'm curious if there can be a local distribution point so that deployments don't all have to be from the cloud. I work at a community college with labs so deploying Creative Cloud to a few labs at once might not be good for our internet.

sdagley
Honored Contributor II

@jhuls You can still create local DPs, and use Network Segments to direct Macs to them when appropriate

mm2270
Legendary Contributor II

Yup, what @sdagley said. Definitely possible to use local DPs in addition to the cloud DP and use those under certain circumstances. Network Segments are indeed a good way to make sure that clients on specific subnets are using the right distribution point(s).
You also have the option of choosing a specific distribution point to use on a per policy basis, so if for example you wanted to make sure that your large Adobe CC packages were always coming from your internal DP and not the cloud one, you can select that when setting up any policies that use those pkgs. Of course that would mean that those policies will only work when on the internal network or VPN, unless you also make those distribution points available over the internet. But that would kind of defeat the purpose of them.

jhuls
Contributor III

Thanks to both of you...good to know.

pbenware1
Contributor

In 2018 we moved to cloud from on-prem. We support roughly 2000 devices (mostly Macs, about 100 iOS and some ATv's).
Our datacenter ops team is actively engaged in moving on-prem services to cloud when it makes organizational sense in order to reduce our datacenter footprint (in our case we lease a lot of our datacenter capacity, which is very expensive in our area compared to cloud licensing for a relatively small footprint service like Jamf).

Also, because I had limited access to the Windows VM hosting the service, I always had to engage with a member the server management team face to face in order to perform JSS upgrades, which was always a challenge. More often than not in resulted in some issues (server guys telling me they don't want, or shouldn't have, to do things a particular way; problems with Java and tomcat installs due to security constraints, etc). I don't miss the server management part at all.

We've no had any issues with using JSS in the cloud and have used local DP's.
One thing to be aware of is JSS upgrades. Less control over when JSS upgrades are performed, which means we have to engage our change management process sooner and pay more attention to it. But since I no longer have to deal with on-prem servers the overall process is easier and the trade-off to me was worth the time savings, less aggravation and extra licensing costs.

sdagley
Honored Contributor II

If you really need control of JSS upgrade timing, Jamf does offer a Premium Cloud option where you can defer an update for up to a year.

dulban
New Contributor II

We went to the Premium Cloud about two years ago and our biggest issue was it removed (unassigned) all the prestage assignments.
We had to reassign the Macs and iPads to the correct prestage if they had to be reenrolled. Other than that, I think the Premium Cloud service is great.

jhuls
Contributor III

@dulban Thanks for that info. I hope that's been fixed but good to know up front if it can't be helped. That would be painful with our current configuration to go back and reassign.

pbenware1
Contributor

@sdagley Less about control, more about planning. Just need to plan a bit further ahead rather than alerting my team the day before that the server would be down, and hoping it was only down for a few hours. Since moving to cloud, there has yet to be an upgrade failure and it's done during off hours, so little to no downtime for my team. I just need to communicate earlier (part of my commitment to change control in exchange for allowing me to move to cloud)

FatBandit
New Contributor

I had limited access to the Windows VM hosting the service, I always had to engage with a member the server mcdvoice management team face to face in order to perform JSS upgrades, mcdvoice which was always a challenge. More often than not in resulted in some issues (server guys telling me they don't want, or shouldn't have, to do things a particular way; problems with Java and tomcat installs due to security constraints, etc). I don't miss the server management part at all.

llitz123
Contributor II

Thanks for all the feedback so far. It's going to help me make a better, more informed decision.

user-pFhDIOxPAi
New Contributor

Our datacenter ops team is actively engaged in moving on-prem services to cloud when it makes organizational sense in order to reduce our datacenter footprint (in our case we lease a lot of our datacenter capacity, which is very expensive in our area compared to cloud licensing for a relatively small footprint service like Jamf).

Luis7688
New Contributor

One thing to be aware of is JSS upgrades. Less control over when JSS upgrades are performed, which means we have to engage our change management process sooner and pay more attention to mymilestonecard it. But since I no longer have to deal with on-prem servers the overall process is easier and the trade-off to me was worth the time savings, less aggravation and extra licensing costs.

sdagley
Honored Contributor II

@Luis7688 If you require more control over your JSS than provided by the normal Jamf Cloud offering there is always Jamf Premium Cloud: https://www.jamf.com/resources/product-documentation/jamf-premium-cloud/