Totally need BEGINNER HELP with adding SUS catalogs and Branch Catalogs

COOKD
New Contributor II

Hello NetSUS professionals. I was pointed to NetSUS by JAMF Support in order to store our software and OS updates locally instead of eating up oour bandwidth. SO, I have downloaded and installed the Netsus v5.0.1 ova and I have kicked off the updates. The help that I know I need is how to setup the Branch URLS's and the additional Apple SUS Catalogs (I am Lost)? My enviromet has Macs that go back to 10.12.6 and newest are 10.14.6. Can someone please explain to me in "NetSUS 101 for Beginners" terms, maybe with screen shots included on how I need to setup my NetSUS in order to have all our devices use our NetSUS Server instead of going out to Apple's update servers? Any help would be greatly appreciated and much needed.
fbb1f991a3c54aa595f38d06cc2668b2

85e9b15a23704ab182f1917111609b8f

946bddbf47e34e55a59edadd8abfe02b

7 REPLIES 7

Sims_
Contributor

@COOKD Now that you have your SUS setup, you need to have all your Macs pointed to it for updates. The easiest method is to log into your JSS > Settings > (Server Infrastructure) Software Update Servers > Input your FQDN or IP for your SUS.

You can also do this manually with a command:

Pointing Computers at a SUS Branch by Executing a Command Use a policy or Jamf Remote to execute the following command on managed computers: defaults write /Library/Preferences com.apple.SoftwareUpdate CatalogURL <Branch URL> Substitute <Branch URL> with the branch URL. For more information, see the “Branch URLs” section below. You can execute a command from the Advanced pane in Jamf Remote, or from the Files and Processes payload in a policy.

It looks like you've already got your catalogs selected, but I would suggest selecting a time for scheduled sync. I have mine set for 3 AM. You can also sync manually too by selecting "Sync" under Manual Sync. Be patient during the sync, its pulling a lot of data. I would suggest having at least 500GB of storage.

EDIT: I forgot to add, You can setup multiple branch catalogs if you wish. I only have one for production and the "Default" and "Auto Enable" are selected.

COOKD
New Contributor II

Thanks very much for the response and quick reply.....MUCH NEEDED! LOL

"EDIT: I forgot to add, You can setup multiple branch catalogs if you wish. I only have one for production and the "Default" and "Auto Enable" are selected."

The reason I setup multiple Branch Catalogs is I thought you had to create one for each Mac OS version that I had locally onsite that would be retrieving updates from the NetSUS server. Please explain if this is not correct? I would love to be able to point all my local Mac's to one URL (Branch Catalog) and it get all the updates no matter what the version of OS it is. Can I create just a "Default" and "Production" and place ALL updates there no matter what the Mac OS version is?

Another question I have is that when I try to access the branch URL it says "not found" is this normal because the port etc that the clients will establish connectivity to it?

Apologizes for elementary questions.

a8b24afd9b4349ebbfebbe8a8cffefef

Sims_
Contributor

Yep, you can have just one Branch Catalog and have all your Macs pointed to that one branch and have multiple macOS versions on that one branch also.

Here is how mine looks
98e698429bf340f48a9cbb913b47ef9f

d47dbfb42175417c8884c18d131411d1

I'm not sure why when you click on the branch that it isn't showing. Since nothing is setup yet it may be easiest to delete all your current branches and recreate the one you will use.

ThijsX
Valued Contributor
Valued Contributor

Hi,

I also recommend to generate a proper SSL certificate that is meeting Catalina SSL requirements.
You are now using HTTP, make sure you are going to use HTTPS when going to production.

Sims_
Contributor

@txhaflaire Funny you mention it, I'm working with Jamf support on how to do that right now. Trying out SimpleSSL to do just that!

COOKD
New Contributor II

Thanks for the great information. I will delete all the branches and leave one for Production and one for testing. I would really like to know what you find out about the SSL certs. I have tried to create ours but I only receive a private key. Thanks again for your help.

COOKD
New Contributor II

I will see if I can figure out how to enable and use https before I go live.