stevewood
Honored Contributor II
Honored Contributor II

In large enterprises and organizations with thousands of computers, it’s often necessary to break up software deployments into more manageable groups. Need to push a configuration profile out to 5,000 devices? You might want to break that into chunks of 1,000, so you don’t hammer your Jamf Pro server.

When I was a customer, we had over 17,000 devices in each of our Jamf Pro instances, and we often wanted to deploy software in stages. Right now, there is no built-in method to do this in Jamf Pro. So, I came up with a way to generate semi-randomized Smart Groups by utilizing the UDID of the device. The UDID is a 32-character identifier (Unique Device ID) that all devices have and is what Jamf Pro uses to uniquely identify all devices. You can view a device’s UDID by navigating to the device’s inventory record and selecting Hardware from the sidebar.

CalleyO_0-1665520678193.png

Each UDID contains HEX characters, which means 0 through 9 and A through F. Using a little bit of REGEX-fu, you can create a Smart Group that gathers devices with a UDID that starts with certain characters.

CalleyO_1-1665520277402.png

The REGEX:

^[A1]

Pretty simple. The caret symbol is telling the REGEX to start at the beginning of the item we are evaluating. The next bit, [A1], tells REGEX to evaluate the first character of the item and find a match if that character is an A or a 1. That’s it. That simple REGEX captured 3 devices out of the 22 that I have in my Jamf Pro server. Changing it to ^[B2] pulls in 4 devices.

Want to capture more devices in one group? Just change your REGEX a little. By changing it to:

^[A-B1-2]

I now have 7 devices. Each of these devices has a UDID with an A, B, 1, or 2 in the first character of the UDID.

You could also use this REGEX to evaluate the first and second character of the UDID:

^[A-B1-2][A-B1-2]

The above only pulled in 3 computers for me. So, adding characters at the second place and on could wind up limiting the group. But for larger orgs that might be okay if they want to have, say, 100 devices in each software group.

These groups could be used for the following:

  • Breaking up deployments (configuration profiles or policies) into smaller chunks
  • Creating a randomized Test group for software testing or a pilot group.Combined with a script to pull the user email from the computer record, you could send emails to the users ahead of deployments.

There are certainly other ways to accomplish this task, however, if you need quick and easy randomized groups of devices, this is a good option to keep in your tool belt.

24 Comments
rastogisagar123
Contributor II

This is great!!

jimmy-swings
Contributor II

We manage over 4,500 macOS devices and been doing this for years. It’s never failed us!

florent_bailly
New Contributor II

I'm managing ~1400 laptops and I was looking for a way to create random smart groups to ease policies/profile deployment. This is awesome, works like a charm ! 
Thanks !

karthikeyan_mac
Valued Contributor

This will be great for breaking up deployments. Thanks.

tommypatzius
New Contributor III

Smart Groups are used extensively in my organization. It helps me stay organized and on top of my OCD involving software and application deployments.

oli
New Contributor III

I'm far away from large amounts of devices, but I really keep this in mind.
Keep on posting such kind of good to know stuff!

ChrisMcBride
New Contributor

When our instance grows to that level I'll definitely be implementing this approach..... Thank you for sharing. 

ThomM
Release Candidate Programs Tester

Very interesting, thanks. Our footprint isn't quite big enough for that to be an issue yet, but this'll be a good trick to have in my pocket!

UmpNorth24
New Contributor

This is great! I feel like making these kinds of groupings for SMBs is just as crucial as for large orgs but for another reason. For large orgs, it is to not overwhelm the system. In SMBs, it is to not overwhelm the users. It may sound silly at first, but think about the fact that there are so few users doing more and wearing multiple hats that if something goes down, multiple productive lines could be without operation. I like this alot.  

BookMac
Contributor

Sounds nice. thx for this inside!

dan_ashley
New Contributor III

This seems like a great method for building out deployment groups for patching rings for our 3,500 macOS devices. Love it!

dlbrabb
New Contributor III

Amazing way to break up the deployments!  This is what helps the Jamf Community grow and get better, people thinking outside the box.

jhtevans
New Contributor

Not something I had ever considered, but I could definitely see the use-case for this in our org where we have ~17,000 devices and ~4000 computers.

smcshaner
New Contributor II

This is such a smart way to do batch deployments

woaikonglong
New Contributor III
  • Since we are a relatively small deployment, I never thought to break down our smart groups smaller than they are. Occasionally, we need to do something silly like update all of the iPads during the school day, which would really bog down the network. Currently we use smart groups to do this by grade, but if we got to a point where we were doing something with the whole set, this would definitely be another way to go about it.

  • I do not think that this will give me any difference in our current numbers for smart groups from what I currently do, so I probably will stick with my batches of 30-40.

  • I would definitely recommend this blog to larger deployments that do not already utilize groups to get to smaller sets of devices.

chadkay
New Contributor

I dig this! I’ve been looking for a way of doing smaller test groups and never thought of using the UDID. My regex game is lacking so I also appreciate you explaining those bits!

kylegilmore
New Contributor

This is great, we are consolidating instances and are about to be managing ~10,000 devices. I had never thought of this as a way we could make deployments not completely bog things down. Thanks for taking the time to share this!

steadbe
New Contributor II

Interesting idea, Will definitely test this out and see how it works in our midsize environment. Thanks for sharing!

barberd
New Contributor II

I look forward to testing this in my environment.

Samstar777
Contributor II

Phased Deployment is something which I am doing from Day 1

JakubWen2k
New Contributor

Smart groups saved me a few times! Great feature!

AntMac
Contributor

Brilliant idea. Also really appreciate the clear explanation on how to structure the regex. One of the most straightforward explanations I’ve seen. 

ChaseEndy
New Contributor III

Thanks for the idea, our School District currently isn't big enough to have to worry about implementing this but if we do get an influx of computers I now have a way to upgrade incrementally.

ktrojano
Release Candidate Programs Tester

I manage over 15,000 devices and have had to apply a configuration profile to all of them at once. This will be very helpful the next time I need to deploy something to all of our devices. It will also keep our network admin happy!

About the Author
Well... [2009] I started off working as a sports reporter for community sports (not that I know sports)... the became the unofficial IT person there... [2012] Then I got a job as a Chinese teacher (and did some part-time IT on the side). [2014] Two years later, I am teaching more Chinese (eventually resting on 4 classes [2017] with 5 being considered "full-time"), am "full-time" IT, and the "full-time" PowerSchool SIS Administrator. [2020] Six years later, my brain broke, so I no longer teach Chinese, and just do the other two. [2023] Two more years later and now I am teaching web design and isolated paleontology lessons... 10+ years at the same place, and I am perfectly aware that I don't know what the future holds.