Since moving from a single JAMF Software Server (JSS) to a multiple JSS environment for their client base, Isaac Ordonez has had to rethink how his organization manages their JSS instances. As a consultant with Mann Consulting in San Francisco, Ordonez has managed a number of JAMF Software installations — each with their own unique needs.
He supports a wide variety of customers like the local bank, a manufacturing business, global startup company, and high-security clients with unique auditing needs. Today he manages about 50 JSS instances and is planning for a future with 500 to 1,000.
Along the way, Ordonez developed a strategy for working with clients to ensure that their technology needs are met in a way that is efficient, secure, and protects their data and privacy. He shared a few examples with the audience and shared a collection of scripts that are free to use.
One simple example is managing customer WiFi. When he sets up a client's WiFi network, he'll also deploy a WiFi profile to all their consultants devices so “when someone shows up onsite, they don't need to fumble with looking up the network credentials to connect to that network.” This saves time, eliminates confusion, and keeps their client networks secure.
Another common example is deploying antivirus software (they prefer Sophos). Using a repeatable process and a script he's developed, they can set up new clients on Sophos with about 15 minutes of work and the rollout takes less than a day.
Carrying the security theme forward, Ordonez showed the crowd how they protect data security and user privacy with randomized local admin accounts. Instead of common IT accounts with shared passwords, they rotate the local admin password weekly with a random 120+ character password. When access is required, they use a JSS policy to change the password on one computer at a time.
To build efficiency into their operations, Ordonez automates as much as possible using the Casper Suite. For the events that require manual intervention, Casper Suite and Sophos send alerts to Zendesk, their ticketing system. This makes an actionable item with a ticket trail. “Don't sacrifice security for speed and convenience,” Ordonez encouraged the crowd.
Their new Mac deployment workflow is built for scalability and doesn't require any special technical skills or on-site servers. They use over-the-air enrollment (with Device Enrollment Program or the JSS enrollment URL) then kick-off additional software deployment through the Self Service catalog. “I haven't used Casper Imaging in years,” added Ordonez with a smile.
True to the JAMF Nation spirit, Ordonez made his library of scripts available to all: http://mann.com/jnuc2015