Help

Best practice for large scale OS upgrades

cghigliotty
New Contributor

Posted on ‎08-25-2015 11:05 AM

Hi all.

I have roughly 300 deployed end user machines on 10.9.x that I'd like to upgrade to 10.10.x. and I wanted to see how others have handled such a large scale OS upgrade. Drop an installer into Self-Service and send an email informing users to upgrade? Push notifications?

I did scope out a test policy that would send a push notification to anyone on an OS <10.10 to see how it looked visually, but the notification doesn't seem to be particularly flexible, and looks a bit small on retina screens.

In any event, looking forward to your thoughts.

0 Kudos
3 REPLIES 3

jrserapio
Contributor

Posted on ‎08-25-2015 11:18 AM

We have had some issues with this as well. Not so much the policy/deployment portion, but getting something automated that would work with FV2, EFI and the myraid of security tools.

I would say look into jamf helper for a better looking popup. You could then use this with a deferment of the policy to give the users time to cancel if they are in the middle of stuff. Also i would suggest either caching the installer first, or making it so that the policy will only run if they are on ethernet. (Not sure if you have VPN users, but 5gig over VPN can be painful)

0 Kudos

hkabik
Valued Contributor

Posted on ‎08-25-2015 12:16 PM

I go the Self Service and email route. Then schedule a policy that once a week or something pops a reminder message that the update needs to be completed for those not at the expected OS level. I prefer alert messages over notifications because you have a bit more flexibility and it requires direct user interaction to remove from their display.

Something like:

#!/bin/sh

osascript -e 'tell application "SystemUIServer" to display dialog "" & "***An Essential Mac OS Update is Available***" & return & return & "1. Launch Self Service." & return & return & "2. Under Featured, select Yosemite Update." & return & return & "3. Click Install." & return & return & "4. Allow installer to run through the update process, this can take up to an hour." & return & return & "***Please save all work before beginning as the installer will restart your machine and render it unusable for the duration of the update. I know this is inconvenient, but the bells and whistles of a brand spanking new OS are totally worth it. Now promise me you will update as soon as is convenient.***" buttons {"I Promise To Update"} default button 1 with icon caution'

m_entholzner
Contributor III
Contributor III

Posted on ‎08-26-2015 02:13 AM

We did this via jamfhelper as well. I have one policy that caches all required installers for the upgrade, after the cache there is a jamfhelper notification that will inform the user that the upgrade is ready to be installed via Self Service. In addition, there is a weekly reminder policy to install the OS upgrade via Self Service.

you can setup the upgrade policy to do a FileVault authenticated restart, so that this can be built as an fully automated process.

0 Kudos