Posted on 10-16-2019 05:45 AM
Hello NetSUS professionals. I was pointed to NetSUS by JAMF Support in order to store our software and OS updates locally instead of eating up oour bandwidth. SO, I have downloaded and installed the Netsus v5.0.1 ova and I have kicked off the updates. The help that I know I need is how to setup the Branch URLS's and the additional Apple SUS Catalogs (I am Lost)? My enviromet has Macs that go back to 10.12.6 and newest are 10.14.6. Can someone please explain to me in "NetSUS 101 for Beginners" terms, maybe with screen shots included on how I need to setup my NetSUS in order to have all our devices use our NetSUS Server instead of going out to Apple's update servers? Any help would be greatly appreciated and much needed.
Posted on 10-16-2019 06:20 AM
@COOKD Now that you have your SUS setup, you need to have all your Macs pointed to it for updates. The easiest method is to log into your JSS > Settings > (Server Infrastructure) Software Update Servers > Input your FQDN or IP for your SUS.
You can also do this manually with a command:
Pointing Computers at a SUS Branch by Executing a Command Use a policy or Jamf Remote to execute the following command on managed computers: defaults write /Library/Preferences com.apple.SoftwareUpdate CatalogURL <Branch URL> Substitute <Branch URL> with the branch URL. For more information, see the “Branch URLs” section below. You can execute a command from the Advanced pane in Jamf Remote, or from the Files and Processes payload in a policy.
It looks like you've already got your catalogs selected, but I would suggest selecting a time for scheduled sync. I have mine set for 3 AM. You can also sync manually too by selecting "Sync" under Manual Sync. Be patient during the sync, its pulling a lot of data. I would suggest having at least 500GB of storage.
EDIT: I forgot to add, You can setup multiple branch catalogs if you wish. I only have one for production and the "Default" and "Auto Enable" are selected.
Posted on 10-16-2019 07:48 AM
Thanks very much for the response and quick reply.....MUCH NEEDED! LOL
"EDIT: I forgot to add, You can setup multiple branch catalogs if you wish. I only have one for production and the "Default" and "Auto Enable" are selected."
The reason I setup multiple Branch Catalogs is I thought you had to create one for each Mac OS version that I had locally onsite that would be retrieving updates from the NetSUS server. Please explain if this is not correct? I would love to be able to point all my local Mac's to one URL (Branch Catalog) and it get all the updates no matter what the version of OS it is. Can I create just a "Default" and "Production" and place ALL updates there no matter what the Mac OS version is?
Another question I have is that when I try to access the branch URL it says "not found" is this normal because the port etc that the clients will establish connectivity to it?
Apologizes for elementary questions.
Posted on 10-16-2019 12:39 PM
Yep, you can have just one Branch Catalog and have all your Macs pointed to that one branch and have multiple macOS versions on that one branch also.
Here is how mine looks
I'm not sure why when you click on the branch that it isn't showing. Since nothing is setup yet it may be easiest to delete all your current branches and recreate the one you will use.
Posted on 10-16-2019 01:00 PM
I also recommend to generate a proper SSL certificate that is meeting Catalina SSL requirements.
You are now using HTTP, make sure you are going to use HTTPS when going to production.
Posted on 10-16-2019 01:02 PM
@txhaflaire Funny you mention it, I'm working with Jamf support on how to do that right now. Trying out SimpleSSL to do just that!
Posted on 10-17-2019 05:20 AM
Thanks for the great information. I will delete all the branches and leave one for Production and one for testing. I would really like to know what you find out about the SSL certs. I have tried to create ours but I only receive a private key. Thanks again for your help.
Posted on 10-17-2019 05:21 AM
I will see if I can figure out how to enable and use https before I go live.