Making the decision to migrate to the cloud is a big one. It takes time, effort and can be a little scary to make a change from the comfort of your on-premises deployment. But it’s worth it – right? At bol.com, we think so. But like many Jamf customers, it’s not where we started.
Recognizing the need for MDM
Six years ago, we found ourselves purchasing our first set of MacBooks. It was unusual for bol.com to have Macs, so they were few and far between. Some were even employee-owned. As time passed, bol.com grew. So did the demand for Apple hardware. My colleagues in Office Automation managed the Windows devices at the time and knew it was time to find a mobile device management solution for our Apple devices. They found Jamf.
The team installed it on a virtual Windows Server distribution on our VMware cluster. This had some advantages, because you could easily take snapshots of the virtual machine and restore it after an issue. But at that time, our implementation had its limitations. It was only accessible from our office network or behind our VPN connection. This limited where our users could check in. We wanted, and needed, to do more, so we set up third-party software patching with AutoPkg.
Then Automated Device Enrollment (formerly DEP) came into play with zero-touch workflows. Even still, our Jamf Pro environment was only accessible within our office network. And with a growth rate of about 80 to 100 devices a year, we knew we needed a better solution.
Making the decision to move to Cloud MDM
Bol.com’s Macs were used everywhere – in the office, in employee homes, at the airport, etc. We knew relying on our VPN or office network to manage the devices wasn’t the best option. In order to lock a device at any time and remotely erase it via Jamf Pro and Apple’s own powerful APNs framework, we knew we needed Jamf Cloud MDM.
After navigating the necessary steps with our IT security and legal departments, I went through all the documents to ensure Jamf met all our expectations. We decided to host our Jamf Pro environment in the EU Central data centre and reviewed the disposition of our unique company data within Jamf hosting. After verifying they agreed with Jamf’s security measures, our security department gave the green light, and everything aligned!
Based on our experience moving from on-premises to Jamf Cloud, here are some things I recommend you consider:
- Check if you have the possibility to export the MySQL database.
- If you use an internal DNS record, see if it’s possible to point it to the new Jamf Cloud address to prevent all devices from having to re-register in Jamf Pro.
- Do you use an internal mail server? Check whether it’s also available externally or whether you no longer need it.
- Don’t have files larger than 5TB at your distribution point.
- Decide if you’re satisfied with a standard Tomcat and MySQL setup.
And don’t forget to check your custom integrations and scripting. Think about the following:
- Do you use LDAP? Look at the possibilities with the Jamf Infrastructure Manager to offer LDAP via a proxy.
- Do you have a lot of scripting using the Jamf API? If you change your DNS name, you’ll also have to change all this.
- See if there is a possibility to have your AutoPkg environment point to the cloud, if you use it.
In short, check your custom integrations, and make sure you draw up project documentation so you can process each step clearly. At the end of the day, we agreed on a three-year contract with Jamf. For me, moving to the cloud was a great goal and success!
Migrating the environment
As a next step, we were paired with a Jamf migration services team to help guide us through the process. Exciting! Our big day was February 11, 2020. I worked with our internal networking teams to make sure the DNS entry for our internal management address would re-route to the new cloud address once it was available. Then at 12:30 p.m., I dove into the Jamf WebEx. I exported our MySQL database and turned off our Jamf Pro on-premise environment. Jamf sent an upload link where I uploaded the export. Then I waited for them to import the database.
Everything went smoothly, with the exception of one small issue. We hadn’t created a CA record on our external DNS environment of bol.com to indicate that Amazon may generate a certificate for the Jamf Pro Cloud environment on our behalf. After adding this, Amazon also gave the green light, and 45 minutes later, our environment was in the Jamf Cloud. Fantastic!
Together with Jamf, we checked in devices, ensured the policies worked properly and took a look at the performance enrollments. Everything worked, and we celebrated the success that we migrated to Jamf Cloud within three hours! What a great service from the migration services team! Now we’re managing 600 Macs in Jamf Cloud and have full remote control over our devices, no matter where they are in the world. What a win!