21 Aug Time for a Jamf Health Check: But what is it?
So you’re (hopefully) used to going through a regular check-up with your car, personal health and IT infrastructure in general – but when was the last time you performed a Health Check on your Jamf MDM configuration?
This may be one of those tasks that’s always on the to-do list and never manages to get done, but also sometimes it’s better to just have a fresh set of eyes look through everything thoroughly.
Not only that, but – as you’re probably aware – best practice for workflows changes regularly, usually with each new OS or technology release from Apple (and sometimes, more regularly). It’s fairly easy (and common) for the estate to evolve over time and as a result leave orphaned, outdated or even bad practice settings and configurations still in place – these can have a variety of effects from absolutely nothing, to actually creating issues within the infrastructure.
As one of the leading Jamf Integrators in the UK, this is something we see all the time… as a result, we’ve devised a comprehensive process to ensure you’re aware of everything that’s going on, what needs to be fixed, and ultimately what do to get things running smoothly again.
So let’s take a look under the hood of what a good Jamf Health Check looks like:
Everyone loves a good report…
Firstly, and most obviously, this should result in a comprehensive high-level report of the Jamf Pro Server. This is important, as it cements a defined time stamp on what state the server was in at a particular time – as a result, remedial progress tracking is much easier, and future fault diagnosis is a much simpler process when you can look back in time and see what’s changed from a high level.
Policing the policies
Going deep into policies, settings and configurations is an absolute must – it’s one thing to take a skim over the surface and check everything is “OK”, but it’s another to critically analyse how these elements are working together (or not, as the case may be!). Part of this requires having an in-depth understanding of how Jamf Pro works from the inside out, as well as any changes that have been made to the server software and it’s operation over time – bear in mind Jamf works on the basis of a “day zero” policy, meaning that every time Apple changes something or add a feature to the OS, Jamf update the Server software to fall in line. Over time (even within the course of a year), this can add up to quite a large number of changes and additions… so it’s key to ensure a Health Check is conducted by someone who is fully up to date with what these changes are and the context behind what they mean in practice.
Servers need love, too
While making sure policies and configurations are all set up correctly and running smoothly is a must, in the case of on-premise or Private Cloud-based Jamf Pro, the technology behind the server process itself also needs maintenance over time.
Is the database fully optimised? Does anything need trimming? Is the database engine fully up to date with the latest security patches? We’ve seen some fairly catastrophic issues occurring purely due to bad database configurations, or an upgrade that didn’t go as smoothly as planned. This is especially the case if a database upgrade is left until the last possible opportunity… in these cases, it’s usually left due to time constraints – and if that is the case, how much time is available to fix any major issues that may occur during the process? None? Thought so…!
Same goes for Apache Tomcat – is the latest compatible version installed and configured correctly? This is especially important as Tomcat is effectively the process that’s exposed to the wider world… as a result, it’s critical that a potential attack vector within your estate is patched as regularly as possible and everything is configured correctly to ensure maximum security.
Take action to plan and plan for action
Right… so at this point, we’ve now figured out what’s working, what’s not, what needs to be changed and how it needs to be changed. Does everyone understand why, and the impacts? Who’s going to do the work? When are they going to do it? What’s the rollback plan if it all goes wrong (this is especially important if you have a large estate as every device can be affected!)?
All of these questions should be answered and wrapped up in an easy-to-understand format that can be read and agreed by anyone in the organisation… again, especially in the case of a large estate, it’s crucial that if changes occur en masse – particularly if there may be user impact – that a network of individuals are aware, rather than just one person. This not only helps with organisational preparedness, but also means there’s likely to be a greater understanding from the user-base when something changes or (hopefully and usually not, but) if there’s an issue.
Putting it all together
So the above all sounds great, right? But what happens if you don’t have the time, resource, skills or expertise to do it all yourself? Funnily enough, we provide all of the above (as well as all of the remedial work and ongoing support, if you wish) as part of our standard health check offering. This can be conducted either on site or remotely and we provide the following:
- A comprehensive high-level report of your Jamf Pro server
- Analysis of your existing policies and configurations
- Analysis of your server and infrastructure configuration
- Overview of the key management settings
- Recommendation report of workflows, configuration and associated remedial work
- Carrying out any recommended remedial work required• Holding a formal meeting and presenting a final report of your Jamf Pro environment
- Supplying signed documentation of work carried out alongside the final report
We recommend this takes place annually to ensure you’re ready for the next iteration of macOS and are up to date with the latest and greatest MDM settings, configurations and controls. If the above sounds interesting to you, feel free to pop your contact details on the form below or contact your Account Manager to discuss further.