"Why did we do that?" Kyle Condon, Help Desk Trainer Specialist at Polk County Public Schools often asked himself as he and coworker Justin Phillips looked back on the process of moving from zero to 30,000 devices in two years. He laughed ruefully. "I guess we just didn't know what we didn't know," he said.
"Let our growing pains," said Phillips during their presentation at JNUC 2020, "become your growing gains."
First, the Polk County Public Schools district is large: 120+ schools and 100,000+ students. 99% of staff had never touched an Apple device, and they were still using an 802.1x WiFi network (a RADIUS server for each of the 120 schools with its own authenticiation certificates that would expire annually).
Even after they successfully convinced an Apple-phobic district to take on iPads, they had to remove themselves from a previous MDM that was not working out for what they needed, which meant they needed to migrate 10,000 iPads over to Jamf.
Oh -- and there were two of them to do it all.
They gave themselves a tall order: they wanted to create a workflow with easier enrollment than their previous MDM had offered. Because their plan was also to leverage each schools network manager to do the bulk of the enrollment, leaving the two of them free to focus on other challenges, They planned on providing 1-on-1 training and group trainings for network managers. Creating a concise, step-by-step online documentation would be critical to their success.
Their first iteration of this process involved the network manager connecting a cart to a Mac, and using Network Configurator they would export all the serial numbers to a spreadsheet which the network manager would copy and paste into Apple School Manager and do an assignment into their MDM server. The MDM server would create a pre-stage per cart (8, 9, 10 carts per school = 8, 9, 10 prestages). They'd create a Smart Group based on the PreStage, create a new profiles and upload them to Jamf, and the enroll through Configurator.
Unforseen issues and new challenges
Their multiple MDM servers with on-premise implementation simply was not suitable or scalable. And they even ran into a Jamf product issue that had been previously unknown. The PreStage enrollments were slow and difficult for network managers to grasp due to the multi-step process. And their WiFi network kept dropping off whenever their certificates would expire. As if that weren't enough, the AD accounts were viewing large enrollment sizes as a server attack and would lock everyone out.
Corrections and simplification
The potential failure points in their workflow, combined with network managers being interrupted for other urgent school tasks and losing their place in the documentation made them take a hard look at what to do next.
They move from on-premis to Jamf Cloud to help with scaleability. And they wanted to reduce their 120+ MDM servers down to three. When ASM allowed them to assign new devices in their MDM based on device type, they had the tech they needed.
They wanted to eliminate the PreStage enrollments an consolidated them down to five.
The district decided to move their WiFi network to the cloud, which gave them a chance to move all of the Apple devices from AD accounts to a single PSK.
With all of these changes, they were able to develop a bash script called Atlas which ran from self service and simplified the entire enrollment process for network managers with a much shorter workflow. (For more details on the bash script, and new workflow, view the full presentation video by registering for JNUC below.)
Throughout the process, they needed to ensure that their managers had excellent support. They use chat room-style troubleshooting, thorough online documentation, and identification of key personnel who are willing and able to help their colleagues through the process.
Although the Atlas bash script workflow worked well for half a year, there were still some points of failure in the system that they wanted to eliminate.
So they developed a Mac app to make the process even more streamlined for network managers. Now, Atlas was a MacOS native app. The network manager now creates a Smart Group through Jamf and then runs their cart through Atlas.
Phillips walked attendees through a brief demo of this app, which you can view yourself by watching the video.
To facilitate the training process, Phillips and Condon also created an app called RapidLaunch that walked network managers through the process.
So, Phillips and Condon distilled a complex, often overwhelming workflow down to two steps.
That's it. There is no step three.
Phillips and Condon can point to exactly how much of a difference they made with all of this iterative, complex work: they went from it taking 40 hours to enroll a cart or two to only a few minutes.
You can't argue with those numbers!