- Jamf Nation Community
- Products
- Jamf Pro
- Cache Apple Updates
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-28-2016 02:09 PM
Hello everyone,
I am currently using JAMF for a K-12 school district and am wondering how the Software Update Server works within JAMF. Is my current assumption correct: Updates are cached to the local servers and that's where the Mac's pull updates from?
Questions:
1. Does the package need to be manually uploaded?
2. Is there a special sign-in required for within the App Store
3. We currently don't have any Mac App Store logins set up on laptops. Will we need to go to each computer manually and set them up to update?
4. What is the set-up like for the JAMF Software Update Server?
Thank you,
Ricky
Solved! Go to Solution.
4 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-28-2016 02:43 PM
@Ricky Actually there are different kinds of software updates and sources for those updates, even though they all get presented to you in the Mac App Store application. Updates/downloads for Mac App Store applications can be cached using the caching service in OS X server. This feature doesn't require JAMF. You just put the OS X Server box on a network reachable by the clients and using the same public IP on the internet and the caching service registers with Apple. When the clients check in Apple sees them coming from the same public IP and then redirect the clients to the local caching server to get updates. If the caching server doesn't already have the content being requested it will download it and pass the bits through to the client while caching it off to the side so users after the first user will pull it directly from the caching server. JAMF doesn't really come into play here.
The feature you are seeing in the JSS is for the kind of updates you would have seen come for Software Update in older versions of OS X. Things like iTunes updates, OS X point updates, etc. With those kind of updates, they are mirrored on OS X Server using the Software Update service which is a separate service from the caching server one. You turn it on and then it starts mirroring Apple's catalog of updates but you can disable certain items you don't want to be available when a client checks in. The client then will pull whatever updates you have made available directly from the server you specified. For a client to look to this software update catalog though it has to be pointed to it. It doesn't happen automatically. The options in the JSS for setting the Software Update server for clients is what this is for. You can have the JSS handle setting that setting for you with clients.
If you don't have or don't want to use OS X server, there is a third party implementation of the software update server called Reposado.This is what the NetSUS appliance JAMF makes available uses under the hood.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 01:38 PM
@Ricky sounds like you deployed the apps under an institutional ID, either in "the image" or maybe via AutoPKGr?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 01:39 PM
So, the iLife & iWork apps are different they're not considered base.
You may want to refer to this post on the best way to do them: here
Alternatively, you could (although not ideal) deploy updated versions of them through Casper.
We just delete them as we really don't have a use for them.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 01:41 PM
For update, an Apple ID is not required. For an OS upgrade, an Apple ID is required. Also for any app updates/purchases.
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-28-2016 02:43 PM
@Ricky Actually there are different kinds of software updates and sources for those updates, even though they all get presented to you in the Mac App Store application. Updates/downloads for Mac App Store applications can be cached using the caching service in OS X server. This feature doesn't require JAMF. You just put the OS X Server box on a network reachable by the clients and using the same public IP on the internet and the caching service registers with Apple. When the clients check in Apple sees them coming from the same public IP and then redirect the clients to the local caching server to get updates. If the caching server doesn't already have the content being requested it will download it and pass the bits through to the client while caching it off to the side so users after the first user will pull it directly from the caching server. JAMF doesn't really come into play here.
The feature you are seeing in the JSS is for the kind of updates you would have seen come for Software Update in older versions of OS X. Things like iTunes updates, OS X point updates, etc. With those kind of updates, they are mirrored on OS X Server using the Software Update service which is a separate service from the caching server one. You turn it on and then it starts mirroring Apple's catalog of updates but you can disable certain items you don't want to be available when a client checks in. The client then will pull whatever updates you have made available directly from the server you specified. For a client to look to this software update catalog though it has to be pointed to it. It doesn't happen automatically. The options in the JSS for setting the Software Update server for clients is what this is for. You can have the JSS handle setting that setting for you with clients.
If you don't have or don't want to use OS X server, there is a third party implementation of the software update server called Reposado.This is what the NetSUS appliance JAMF makes available uses under the hood.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 11:35 AM
@chriscollins So we should be using OS X Server for caching application updates, correct? Nothing special needs to be configured within JAMF for this to happen?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 11:45 AM
Nope, nothing special is needed in the JSS to use the OSX caching server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 11:48 AM
@rderewianko Thank you for the info! I have taken and started the caching server on OS X. It seems to be doing its job. Is there a way to push out App Store login credentials to all of our computers?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 12:02 PM
Apple App Store Login is a whole other beast.
You don't need login credentials to do OS updates.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 12:03 PM
@Ricky Perhaps describe what you want to achieve and you might get better advice on potential solutions.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 01:26 PM
@bpavlov Right now we have about 400 MacBooks that are configured in JAMF. The majority of them are on OS X Yosemite (I am working on a policy for an El Capitan update). If a user goes into the Mac App Store and go under update, the majority of them will see things for iMovie, iPhoto, Pages, Keynote, etc. If a user clicks the update all button or even tries to update applications on an individual basis, they are presented with the login box requiring the IT App Store account password.
I tested a download using my personal credentials (not work-related AppleID) and it said that my account is not valid for the updates.
Based on what @rderewianko is saying, this shouldn't be happening. I'm trying to find out if there is something that we did wrong with the original image or if we need to somehow push the login credentials out via policy / configuration profile.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 01:38 PM
@Ricky sounds like you deployed the apps under an institutional ID, either in "the image" or maybe via AutoPKGr?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 01:39 PM
So, the iLife & iWork apps are different they're not considered base.
You may want to refer to this post on the best way to do them: here
Alternatively, you could (although not ideal) deploy updated versions of them through Casper.
We just delete them as we really don't have a use for them.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-29-2016 01:41 PM
For update, an Apple ID is not required. For an OS upgrade, an Apple ID is required. Also for any app updates/purchases.
