Testing DEP and VPP in non-production environments

New Contributor III

Hello. Our team currently has three JSS environments, production, staging, and development. Development work is done in dev, and testing is done in staging (which has a regularly cloned copy of the JSS database) before it gets moved to prod. We are currently testing out DEP and VPP for OS X. The DEP and VPP accounts are currently configured in our production environment.

I think the answer is no, but is there any way to develop for and test DEP and VPP without deleting the accounts from production and re-creating them in one of the test environments? That sounds messy and has a lot of potential to break a lot of things when we move the accounts, both to and from the testing environments. The idea of testing things like DEP in a production environment is even scarier, though.

Surely someone else has run into this dilemma?


Contributor III

DEP has the ability to have multiple MDM instances. Each instance has a different token from each server. This allows you to assign devices to the dev MDM instance for testing, remove it and then add it to the prod instance when your ready to go.

From what I understand, (anyone feel free to correct me if I am wrong) VPP is not so easy. Having one VPP account on multiple servers will create a conflict of ownership of apps deployed as you can only download one token from the VPP store. You may find that apps installed by the dev MDM will be removed from the prod MDM then re-deployed by prod, and visa versa!

This is something I am also wanting to setup and look forward to hearing of possible solutions!

Valued Contributor III

You used to be able to setup multiple VPP facilitators on the Apple VPP site. I have one facilitator account dedicated only for my test server.

New Contributor III

DEP: What was said above.

VPP: You can have a master account and then sub VPP accounts attached below. Similarly for what you would do for your international accounts. I would attack it this way

Valued Contributor II

@hzimmerman Good question!

You will no longer be able to simply use a DB restore for testing - VPP will definitely have issues. If the backup was just made you'll be ok initially, but as soon as a change is made in one environment the other will revert it and you'll have a back and forth loop. This was my experience. This comment from an old post advises the same thing (be sure to read the rest of the thread for thoughts on using the API and github - though I haven't tried yet).

I suggest that you bring up the restored test server OFF the network and make the following changes:

  • change the JSS URL
  • update the TomCat SSL
  • remove DEP
  • remove VPP token
  • remove APNS cert
  • remove Proxy cert