24 Sep Jamf Pro: Decisions, decisions
By now I’m assuming you’ve heard about the wonders of Jamf Pro, and how managing your Mac/iOS estate is an absolute must. But what about the back-end – who manages it? Where is it hosted? Who maintains the infrastructure side? What are the best practices?
Luckily, we have the answers (to be fair, this would be a bit of a terrible article if we didn’t)! Read on to find out…
There are a few options for setting up your Jamf Pro infrastructure – namely On-Premise, Jamf Cloud or an accredited Jamf Managed Service Provider’s cloud (and you may have guessed at this point that Academia are the latter)! When making the decision, there are a few points to consider… not only about whether you want to go Cloud in general, but also what the back-end infrastructure actually is.
So this is an important one – as Jamf Pro is based on the Apache Tomcat and MySQL stack, it can be installed on macOS, Windows or Linux and the right choice of OS will decide the support base required for and the stability of the installation.
With a macOS installation, while this may be a familiar platform, it cannot be virtualised in an enterprise environment on a Hypervisor such as Hyper-V or VMWare vSphere/ESXi. This is a decision-maker for some, due to the need for redundancy and business continuity/disaster recovery.
Windows is the most common choice we find in the field – however with this, there are licencing costs, frequent security patching and updates and additional elements such as anti-virus. While this is absolutely not an issue per se, there is another option…
Linux is our strong recommendation for your hosting platform for Jamf Pro – not only from a security and stability perspective, but also that it has the least “additional requirements” to be able to install the Jamf Pro stack on. The more core Operating System requirements there are, the less there is to support/patch/upgrade/juggle. Admittedly, the additional requirements for macOS are similarly low in comparison, however for the aforementioned reasons we’d recommend away from macOS.
Aside from that, performance testing results tend to be far superior on Linux over any other OS for both MySQL and Apache Tomcat – as a result, when hosted in our environment, Linux is always the Operating System used.
As many establishments don’t tend to have too many engineers well-versed in Linux (and for those that do, the engineers tend to be extremely busy!), this isn’t usually a feasible option for self-hosting. So if you want to have Jamf Pro running from the best possible operating system, but don’t necessarily have the required expertise or resource internally, what do you do? Yep, you guessed it… Cloud!
To Cloud or not to Cloud?
With many Educational establishments now preferring a “Cloud first” strategy, this is probably a serious consideration for you – not least if as per the section above, you want to be running on the best possible infrastructure for the management of your Apple estate. As a result, you’re now down to a couple of options – Jamf Cloud, or MSP-hosted.
Now… here’s where it gets interesting. While Jamf provide their own vendor-supported Cloud (and believe me, it is a great service!), you’ll need to make some decisions regarding what your requirements are and whether it’s the suitable choice for you.
First of all, let’s talk geo-location; Jamf’s Cloud is hosted utilising Amazon Web Services, tenanted in either the United States, Germany, Japan or Australia – if UK-tenancy is important to you (and let’s face it, with directives such as the GDPR and your own internal policies, it may well be) then this may well rule Jamf Cloud out as an option.
Next up, if you want the ability to control the version of Jamf Pro you’re running, use your own Domain/URL (and if you’re planning on migrating from an on-premise Jamf Pro installation, this may be an important one!), IP Whitelisting to ensure only users on your network can access the Admin Panel, choose the specific ports Jamf Pro will be communicating on or use third-party SSL certificates, you’ll now need to purchase Jamf Premium Cloud. This carries a list price of – wait for it – $20,000/yr.
So – what if you want UK Tenancy, Secure Private Cloud (i.e. not hosted in AWS or Azure or in someone’s office) and all of the above features without breaking the bank?
Perhaps not-so-shockingly, Academia’s Hosted Jamf Pro offering is built exactly for this purpose…
Academia’s Hosted Jamf Pro
Due to customer demand – and originally designed using heavy input from Academia’s customers – we built our Hosted Jamf Pro offering. This is hosted in our own equipment within our occupied space in multiple Datacenters in Central London (with a Backup location on the South Coast of England), residing on our Tier 2 ISP network within our ISO 27001, ISO 27017 and CISPE Code of Conduct-certified environment.
This means that we have complete, end-to-end control over the infrastructure and can give the flexibility customers require from an Enterprise hosted solution, with a price point tailored specifically to the budgets of the Education sector. Want to use your own Domain, specific ports, Whitelist IP addresses for Admin or dictate the version of Jamf Pro you want to run? No problem! All included in the price.
If you already have Jamf Pro on-premise and would like to move to our Cloud, we can also facilitate the migration process – whether a lift-and-shift or a complete rebuild.
In addition to all of the above, we have a variety of combinations of Jamf hosting and/or support to suit your needs, as below:
We install Jamf with you as part of a JumpStart on your own on-premise equipment, and following this you self-manage your solution.
As per “Classic” Jamf, but we continue to support you under support contract for Tier 2 (configuration/application packaging etc.) and Tier 3 (server maintenance/patching/uptime) support, working with and assisting your own engineers.
As per “classic” Jamf, but hosted in our secure, UK datacentre-based cloud using our own servers, storage and network.
Hosted & Managed Jamf
The benefits of both Hosted Jamf and Managed Jamf.
Hosted and fully managed. We do everything for you, as part of a change request process, including making all configuration changes and support for the solution. Under this, however, you will not have reporting-only access to the Jamf Server.
If you’re interested in discussing any of the topics raised in this article further, please get in touch with your account manager – they’ll be more than happy to give you further information, or arrange for a more in-depth technical call.
Written by James Dancer – Academia’s IT Director