Posted on 12-05-2019 04:37 AM
I have some questions for anyone here that has moved to cloud posting after formerly being an on prem customer.
With the transition to cloud, it’s assumed you lose direct access to MySQL. How has that affected your organization?
I believe that we have solved most pricing and technical issues, But there is a small element of fear in losing access to the database. Obviously they handle the back up function well. If I came in some morning and realized I screwed up royally the day before how easy is it to get them to restore the back up from the previous evening? Is it possible for me to call someone and ask for a particular SQL command to be run that will check for pending app/prime installations across the fleet? How receptive is cloud support in handling open tickets? In general for us this is not a frequent occurrence. I’ve only had Three or four situations over the 7 years where I either had to restore a back up or run queries that support did not tell me to run. I do not have any scripts that directly use MySQL. Can I access a dump on demand to use internally for investigation?
Our CTO is wanting to know this information before agreeing to such a project. We have had other hosted products in our district that we have not had a positive experience with. Despite good experiences with Jamf, we want to make sure that we own our data not Jamf.
Thank you kindly,
Posted on 12-05-2019 08:55 AM
We migrated in 2015. Normal Jamf Support does not have access to your environment for privacy reasons - there is a special internal Cloud Support that they interface with. Cloud Support has a lot of structure and policies to follow and does not run queries or change things unless absolutely necessary, usually only due to a documented bug. I have no idea whether they would even consider doing a DB Restore of a previous night's backup. If you needed to see pending commands across the fleet you could try asking Support to ask Cloud Support to run a query but they probably would not do it and instead point you to the API. Normal Support sometimes has to wait for Cloud Support to get back to them but generally they are responsive. In other words - you are losing pretty much all access to the DB and the ability to get info out of it directly.
You will also lose access to previous JamfSoftwareServer logs - you get just the current one in the GUI (which you can download). It can be difficult to go into debug node and get all data - I'll download over and over again to try and get a 100 MB download before it flips.
If you sign legal paperwork you can get a copy of your DB (at least you could before) but we never pursued it. If you do, be sure to never spin it up or else you'll create havoc - it is custom configured for cloud hosting.
I was very concerned about losing access to the DB but we have been ok. Some things I utilize the API for and some things I don't do anymore.
Hope this helps,
Posted on 12-05-2019 09:12 AM
In general that’s exactly where I’m at....I’m not the best scripter in the world but I haven’t done direct database access in a long time due to all the community help I’ve gotten from here over the years....based on what you’ve said, I find myself wondering if there is a means to periodically script getting a log dump through the API since we see it in the GUI. I know you can partially invoke debug mode through the GUI, but I don’t know if it’s as robust as tweaking log4j even if you could script through the API.
I’m more concerned though with restoration above all and getting a dump of our data when requested by us.
I made two major mistakes over the years that were due not to Jamf but my own confusion...both times restoring a backup helped. Very infrequent considering we’ve been a customer since 2012, but I know that no engineer is perfect and I need CYA capabilities for those rare instances. I also would like to get a copy from time to time of the DB for my dev server or for forensics.
Thank you @cdenesha for your thoughts....I think I’m going to push sales harder on these issues. Other than that I believe moving to the cloud will be better for us. What improvements has your org derived from the move that I can play up?
Posted on 12-05-2019 09:55 AM
@blackholemac The usual.. I don't have to spend time maintaining a high availability system, and the district doesn't have to purchase, maintain, and upgrade web/db servers, load balancers, etc. In general I have more time to train the techs and work on some automation. I have more time to inspect the features of iOS 13 and Catalina and how they work in our environment, and I try to join the Jamf beta programs. I have more time to spend supporting my school building. I also try and keep up with JamfNation to learn from others, the current product, and help others if I can.
Posted on 12-05-2019 11:04 AM
It sounds like we think similarly...I'm also playing up the cloud distribution point and the enrollment package capability we will get by virtue of having a true cloud distribution point.
Posted on 12-05-2019 12:40 PM
Jamf Cloud is great, TBH. Now, like some, I'm not the superstar of Jamf Nation and scripting, etc. Many of my clients run a lean setup and with that simplicity, I can't say whether or not losing access is more a mental loss or needed.
Thus far, I've not had anything come up where I need that so at least for simple(r) environments, it works great.
I would hope that one of the real admin stud/studettes might step in here and give you more data...
Getting a client who images to move off is a struggle. Some OTOH can't wait. A true transition for sure, and it's a complicated time managing Macs...