Jamf Pro Installation and Configuration Guide
for Mac
Version 10.19.0
© copyright 2002-2020 Jamf. All rights reserved.
Jamf has made all efforts to ensure that this guide is accurate.
Jamf
100 Washington Ave S Suite 1100
Minneapolis, MN 55401-2155
(612) 605-6625
Under the copyright laws, this publication may not be copied, in whole or in part, without the
written consent of Jamf.
Amazon and Amazon RDS are trademarks of Amazon.com, Inc. or its affiliates in the United States
and/or other countries.
Apache Tomcat and Tomcat are trademarks of the Apache Software Foundation.
Apple, Mac, macOS, OS X, and Safari are trademarks of Apple, Inc. registered in the U.S. and other
countries.
The CASPER SUITE, COMPOSER®, the COMPOSER Logo®, Jamf, the Jamf Logo, JAMF SOFTWARE®,
the JAMF SOFTWARE Logo®, RECON®, and the RECON Logo® are registered or common law
trademarks of JAMF SOFTWARE, LLC in the U.S. and other countries.
Chrome and Google are trademarks or registered trademarks of Google Inc.
Firefox is a registered trademark of the Mozilla Foundation.
Intel is a registered trademark of the Intel Corporation in the U.S. and other countries.
Java and MySQL are registered trademarks of Oracle and/or its affiliates. Other names may be
trademarks of their respective owners.
Microsoft, Microsoft Edge, and Windows are either registered trademarks or trademarks of
Microsoft Corporation in the United States and other countries.
Ubuntu is a registered trademark of Canonical Ltd.
All other product and service names mentioned herein are either registered trademarks or
trademarks of their respective companies.
Contents
3
Contents
4 Preface
5 About This Guide
6 Additional Resources
8 Overview of Technologies
9 Applications and Utilities
10 Jamf Pro System Requirements
11 Installation
12 Installing Jamf Pro Using the Installer
15 Upgrading Jamf Pro Using the Installer
16 Setup
17 Setting Up Jamf Pro
18 Jamf Pro User Accounts and Groups
23 Activation Code
24 Integrating with an SMTP Server
26 Change Management
28 GSX Connection
32 Jamf Pro Summary
34 Database Management
35 Backing Up the Database
39 Restoring Database Backups
41 Viewing the Status of Database Tables
42 Server Infrastructure
43 About Distribution Points
45 File Share Distribution Points
47 Cloud Distribution Point
50 Jamf Infrastructure Manager Instances
52 Advanced Configuration
53 SSL Certificate
54 Configuring Tomcat to Work with a Load Balancer
55 Tomcat Thread Pool Settings
56 Jamf Pro Web App Memory
58 Clustering
60 Limited Access Settings
61 Flushing Logs
63 Migrating to Another Server
4
Preface
5
About This Guide
The Jamf Pro server is a web app that functions as the administrative core of Jamf Pro. The Jamf Pro
server allows you to perform inventory and remote management and configuration tasks on
managed computers and mobile devices. All other administrative applications in Jamf Pro
communicate with the Jamf Pro server.
This guide provides step-by-step instructions for installing and configuring Jamf Pro on the Mac
platform. It also explains how to perform advanced configuration tasks.
6
Additional Resources
Jamf Nation
https://www.jamf.com/jamf-nation/
The Jamf Nation website allows you to communicate with other Jamf Pro administrators via
discussions, submit feature requests, and access several different types of resources related to Jamf
Pro.
Knowledge Base
https://www.jamf.com/jamf-nation/articles
The Knowledge Base contains hundreds of articles that address frequently asked questions and
common issues.
Product Documentation
To access the following product documentation for a specific Jamf Pro version, log in to Jamf Nation
and go to:
https://www.jamf.com/jamf-nation/my/products
Jamf Pro Release Notes
The release notes include information on new features and enhancements, system requirements,
functionality changes, and bug fixes.
Jamf Pro Administrator's Guide
This guide contains overviews of features and instructions for performing administrative tasks
using Jamf Pro.
In addition, you can search Jamf Nation to find best practice workflows, technical papers, and
documentation for other Jamf Pro apps.
Other Resources
For access to other Jamf Pro-related resources, visit the following webpages:
Resources on jamf.com
The Resources area on the Jamf website gives you access to product documentation, best practice
workflows, technical papers, and more.
Jamf 100 Course
The Jamf 100 Course offers a self-paced introduction to Jamf Pro and an enterprise-focused
foundation of the macOS, iOS, and tvOS platforms.
Jamf Online Training Catalog
The Jamf Online Training catalog provides self-paced modules to help you master Apple device
management with Jamf Pro. This resource is available for free to all Jamf customers.
7
Jamf Knowledge Base Videos
The Jamf YouTube channel features Knowledge Base videos and troubleshooting tips on managing
computers and mobile devices with Jamf Pro.
Jamf Marketplace
The Jamf Marketplace is a central location for you to find, learn about, and utilize valuable tools to
integrate with and extend the Jamf platform.
8
Overview of Technologies
9
Applications and Utilities
This section provides an overview of the applications and utilities that you need to install and
maintain Jamf Pro.
Jamf Pro Server
The Jamf Pro server is a web app that functions as the administrative core of Jamf Pro. The Jamf Pro
server allows you to perform inventory and remote management and configuration tasks on
managed computers and mobile devices. All other administrative applications in Jamf Pro
communicate with the Jamf Pro server.
Jamf Pro Installer for Mac
The Jamf Pro Installer for Mac is a standard .pkg installation package that allows you to install and
upgrade Jamf Pro on Mac. It is signed by Jamf.
Jamf Pro Server Tools
Jamf Pro Server Tools allows you to back up and restore the Jamf Pro database. It also allows you to
restart Apache Tomcat and MySQL and modify their settings.
Jamf Pro Server Tools is installed automatically when you run the Jamf Pro Installer. It is located at:
/Library/JSS/bin/server-tools-gui.jar
Jamf Pro Server Tools also has a command-line interface (CLI). It is located at:
/Library/JSS/bin/jamf-pro
11
Installation
12
1.
2.
3.
4.
Installing Jamf Pro Using the Installer
Installing Jamf Pro using the installer involves the following steps:
Install the required software (if you haven’t already).
Run the Jamf Pro Installer.
Create the Jamf Pro database.
Connect to the Jamf Pro Server.
Note: If you are installing Jamf Pro on a server with macOS Server 5.x installed, the macOS Server
Profile Manager service will not be accessible after the installation is complete.
Requirements
The server used to host Jamf Pro should meet the minimum requirements for operating system,
Tomcat version, database configuration, and Java installation. For additional information on these
Jamf Pro Server Environment requirements, see "Jamf Pro System Requirements" in the Jamf Pro
for your version of Jamf Pro.Release Notes
In addition, the following resources are recommended as the minimum allocation for a typical
installation of Jamf Pro:
Mac
A 64-bit capable Intel processor
8 GB of RAM
150 GB of disk space available
Ports 8443 and 9006 available
Note: Each installation of Jamf Pro and its required services is unique, and requirements may vary
depending on your implementation. Questions regarding scaling an environment’s resources
beyond the typical recommendations can be submitted to .Jamf Support
Step 1: Install the Prerequisite Software
Java must be installed on the server where you will install Jamf Pro. MySQL must be installed on a
server before you can create the Jamf Pro database.
For instructions, see the Knowledge Base Installing Java and MySQL for Jamf Pro 10.14.0 or Later
article.
Note: MySQL is not required to be installed on the same server as the Jamf Pro web application. For
more information, see .Clustering
13
1.
2.
Step 2: Run the Jamf Pro Installer
The Jamf Pro Installer for Mac ( ) installs Apache Tomcat and the Jamf Jamf Pro Installer.pkg
Pro web app.
To run the Jamf Pro Installer for Mac, copy it to the server. Then open the installer and follow the
onscreen instructions.
Step 3: Create the Jamf Pro Database
You must create a MySQL database before you can use Jamf Pro. For instructions, see the Creating
Knowledge Base the Jamf Pro Database Using the Jamf Pro Server Tools Command-Line Interface
article.
Step 4: Connect to the Jamf Pro Server
Configure the database connection settings using Jamf Pro Server Tools GUI or CLI. For instructions,
see the Knowledge Base article.Editing the Database Connection Using Jamf Pro Server Tools
Access Jamf Pro by opening a web browser and typing the protocol, IP address or hostname of the
server, and port. For example: https://jamf.mycompany.com:8443/
Installed Files and Folders
The following files and folders are installed when you run the Jamf Pro Installer:
Jamf Pro web app
The files that make up the Jamf Pro web app (formerly the JSS web app) are stored in the following
location:
/Library/JSS/Tomcat/webapps/ROOT/
Apache Tomcat
Tomcat is the web application server that runs the Jamf Pro web app. A directory named is Tomcat
installed in the following location:
/Library/JSS/
For more information about the version of Tomcat installed by the Jamf Pro Installer, see the Apache
Knowledge Base article.Tomcat Versions Installed by the Jamf Pro Installer
server.xml
The Jamf Pro Installer installs a modified copy of Tomcat’s file. This file enables SSL, server.xml
ensures. that Jamf Pro appears in the context, and enables database connection pooling. It is root
installed in the following location:
/Library/JSS/Tomcat/conf/
14
com.jamfsoftware.tomcat.plist
This is the launchd item that controls Tomcat. It is installed and loaded in the following location:
/Library/LaunchDaemons/
keystore
Tomcat requires a keystore file to provide connections over SSL. The Jamf Pro Installer creates a
default file and stores it in the following location:.keystore
/Library/JSS/Tomcat/
Jamf Pro Server Tools
Jamf Pro Server Tools, filename , is installed in the following location:server-tools-gui.jar
/Library/JSS/bin/
Jamf Pro Server Tools also has a command-line interface (CLI), filename , that is installed jamf-pro
in the same location.
Database backup location
By default, Jamf Pro Server Tools stores database backups in the following location:
/Library/JSS/Backups/Database/
Logs
Logs for the installation and for the Jamf Pro server (formerly the Jamf Software Server) are stored in
the following location:
/Library/JSS/Logs/
15
1.
2.
3.
4.
5.
6.
7.
8.
9.
Upgrading Jamf Pro Using the Installer
Review the following Knowledge Base articles:
Preparing to Upgrade Jamf Pro
Incremental Upgrade Scenarios for Jamf Pro 10.0.0 or Later
Ensure that you have backed up the current database.
For more information, see .Backing Up the Database
If you are upgrading from Jamf Pro 10.15.0 or earlier and currently have MySQL 5.7.7 or earlier
installed, follow the instructions in the Knowledge Base article to upgrade to Upgrading to MySQL 8.0
MySQL 8.0.
If you are upgrading from Jamf Pro 10.13.0 or earlier, follow the instructions in the Migrating to Java
Knowledge Base article to migrate from Java 8 to Java 11.11
Copy the latest version of the Jamf Pro Installer for Mac ( ) to the Jamf Pro Installer.pkg
server.
Double-click the installer and follow the onscreen instructions to complete the upgrade.
Verify that the settings for port 8443 in the file match the settings listed Connector server.xml
in the Knowledge Base article, and Configuring Supported Ciphers for Tomcat HTTPS Connections
modify them if needed.
If you modified the file, restart Tomcat.server.xml
Log in to Jamf Pro and verify devices are checking in as expected.
Important: If you are upgrading to Jamf Pro 10.6.0 or later, you must make a one-time change to
the MySQL configuration to avoid performance issues. See "Step 2. Configure MySQL" in the
Creating the Jamf Pro Database Using the Jamf Pro Server Tools Command-Line Interface
Knowledge Base article for instructions.
16
Setup
17
Setting Up Jamf Pro
The first time you connect to the Jamf Pro server, the Jamf Pro Setup Assistant guides you through
the following setup tasks:
Accept the license agreement.
Enter your activation code.
Create your first Jamf Pro user account.
Enter your Jamf Pro URL.
The Jamf Pro URL is the URL that client applications, computers, and mobile devices will connect to
when communicating with the Jamf Pro server.
After you complete the Jamf Pro Setup Assistant, you can click the setup tips that are displayed
onscreen to start configuring commonly used settings.
You may also want to make changes to the following pre-configured settings to ensure they meet
the needs of your organization. These settings are important because over time, they can
significantly affect the size of your database and your levels of network traffic:
“Update Inventory” policy—Determines how often computers submit inventory to Jamf Pro.
For more information, see "Computer Inventory Collection" in the Jamf Pro Administrator's
.Guide
Recurring check-in frequency—Determines the interval at which computers check in with Jamf Pro
for available policies.
For more information, see "Recurring Check-in Frequency" in the .Jamf Pro Administrator's Guide
Mobile device inventory collection frequency—Determines how often mobile devices submit
inventory to Jamf Pro.
For more information, see "Mobile Device Inventory Collection Settings" in the Jamf Pro
.Administrator's Guide
Related Information
For related information, see the following Knowledge Base article:
Network Ports Used by Jamf Pro
Learn about the network ports that you may need to configure when setting up Jamf Pro.
18
Jamf Pro User Accounts and Groups
Jamf Pro is a multi-user application. Jamf Pro user accounts and groups allow you to grant different
privileges and levels of access to each user.
When configuring a Jamf Pro user account or group, you can grant access to the full Jamf Pro or to a
specific site. You can grant privileges by choosing one of the following privilege sets:
Administrator—Grants all privileges.
Auditor—Grants all read privileges.
Enrollment Only—Grants all privileges required to enroll computers and mobile devices.
Custom—Requires you to grant privileges manually. For a Custom user account or group to have
access to a particular function, privileges may need to be granted for multiple objects. For example,
to create a mobile device configuration profile, the user needs privileges for both “Mobile Devices”
and “Mobile Device Configuration Profiles”.
If there are multiple users that should have the same access level and privileges, you can create a
group with the desired access level and privileges and add accounts to it. Members of a group inherit
the access level and privileges from the group. Adding an account to multiple groups allows you to
grant a user access to multiple sites.
There are two ways to create Jamf Pro user accounts and groups: you can create standard accounts
or groups, or you can add them from an LDAP directory service.
Important: It is recommended that you have at least one account that is not from an LDAP
directory service in case the connection between the Jamf Pro server and the LDAP server is
interrupted.
The Jamf Pro User Accounts and Groups settings also allow you to do the following:
Configure account preferences for each Jamf Pro user account.
Configure the password settings in the Password Policy for all standard Jamf Pro user accounts.
Unlock a Jamf Pro user account that is locked.
Requirements
To add accounts or groups from an LDAP directory service, you need an LDAP server set up in Jamf
Pro. For more information, see “Integrating with LDAP Servers” in the . Jamf Pro Administrator’s Guide
19
1.
2.
3.
4.
5.
6.
7.
8.
9.
1.
2.
3.
4.
5.
6.
7.
Creating a Jamf Pro User Group
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Jamf Pro User Accounts & Groups
Click .New
Do one of the following:
To create a standard Jamf Pro user group, select and click .Create Standard Group Next
To add a Jamf Pro user group from an LDAP directory service, select and click Add LDAP Group Next
. Then follow the onscreen instructions to search for and add the group.
Use the Group pane to configure basic settings for the group.
If you chose “Custom” from the pop-up menu, click the tab and select the Privilege Set Privileges
checkbox for each privilege that you want to grant the group.
Click .Save
Creating a Jamf Pro User Account
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Jamf Pro User Accounts & Groups
Click .New
Do one of the following:
To create a standard Jamf Pro user account, select and click .Create Standard Account Next
To add a Jamf Pro user account from an LDAP directory service, select and click Add LDAP Account
. Then follow the onscreen instructions to search for and add the account.Next
On the Account pane, enter information about the account as needed.
20
8.
9.
10.
1.
2.
3.
4.
5.
Choose an access level from the pop-up menu:Access Level
To grant full access to Jamf Pro, choose “Full Access”.
To grant access to a site, choose “Site Access”.
Note: The “Site Access” option is only displayed if there are sites in Jamf Pro.For more information
on adding sites to Jamf Pro, see "Sites" in the .Jamf Pro Administrator's Guide
To add the account to a standard group, choose “Group Access”.
Note: The “Group Access” option is only displayed if there are standard groups in Jamf Pro. For
more information on creating groups, see .Creating a Jamf Pro User Group
Do one of the following:
If you granted the account full access or site access, choose a privilege set from the Privilege Set
pop-up menu. Then, if you chose “Custom”, click the tab and select the checkbox for Privileges
each privilege that you want to grant the account.
If you added the account to a group, click the tab and select the group or Group Membership
groups you want to add the account to.
Click .Save
Configuring Account Preferences
You can configure Language & Region and Search preferences for each Jamf Pro user account.
Language & Region preferences allow you to configure settings such as date format and time zone.
Search preferences allow you to configure settings for computer, mobile device, and user searches.
Log in to Jamf Pro.
At the top of the page, click the account settings icon and then click .Account Preferences
Click the tab and use the pop-up menus to configure language and region Language & Region
preferences.
Click the tab and use the pop-up menus to configure search preferences.Search Preferences
Note: The default search preference is “Exact Match”. For most items, the option can be changed to
either “Starts with” or “Contains”.
Click .Save
Configuring the Password Policy
The Password Policy in Jamf Pro allows you to configure the password settings. The Password Policy
applies to all standard Jamf Pro user accounts. You can configure the following password settings:
21
1.
2.
3.
4.
5.
6.
7.
8.
1.
2.
3.
4.
5.
Number of login attempts allowed before a Jamf Pro user is locked out of the account
Password length and age
Password reuse limitations
Password complexity
Settings to allow a user to unlock their own account
Note: The settings configured in the Password Policy do not apply to Jamf Pro user accounts added
from an LDAP directory service.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Jamf Pro User Accounts & Groups
Click .Password Policy
Click .Edit
Use the settings on the pane to specify the password settings.
Click .Save
The settings are applied immediately.
Unlocking a Jamf Pro User Account
A Jamf Pro user could be locked out of their account if they exceed the specified number of allowed
login attempts. If the Password Policy is configured to allow the user to unlock their account, the user
can reset their password to unlock their account. In this case, an email is immediately sent to the
email address associated with the account in Jamf Pro allowing the user to unlock their account by
resetting their password. For an email to be sent, an SMTP server must be set up in Jamf Pro. For
more information, see .Integrating with an SMTP Server
In addition, a Jamf Pro user account that is locked can be manually unlocked from Jamf Pro by
another Jamf Pro user with the Administrator privilege set.
The access status of the account is displayed as “Disabled” in Jamf Pro until the account is unlocked.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Jamf Pro User Accounts & Groups
A list of Jamf Pro user accounts and groups is displayed.
22
5.
6.
7.
8.
Click the Jamf Pro user account that has an access status of “Disabled”, which means the account is
locked.
Click .Edit
Choose “Enabled” from the pop-up menu to unlock the account.Access Status
Click .Save
The Jamf Pro user account is unlocked immediately.
Related Information
For related information, see the following section in the :Jamf Pro Administrator’s Guide
"Sites"
Learn about sites and how to add them to Jamf Pro.
23
1.
2.
3.
4.
5.
6.
7.
Activation Code
The Activation Code settings in Jamf Pro allow you to update the activation code for your license.
You can also change the organization name associated with the license and view licensing
information.
Updating the Activation Code
Every time you receive a new activation code, it must be updated in Jamf Pro.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Activation Code
Click .Edit
Enter the new activation code.
Click .Save
24
1.
2.
3.
4.
5.
6.
7.
1.
2.
3.
4.
5.
6.
Integrating with an SMTP Server
Integrating with an SMTP server allows you to do the following:
Send email notifications to Jamf Pro users when certain events occur. For more information, see
"Email Notifications" in the .Jamf Pro Administrator’s Guide
Send enrollment invitations via email.
Send mass emails to end users.
To integrate with an SMTP server, you need to configure the SMTP Server settings in Jamf Pro.
Configuring the SMTP Server Settings
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .SMTP Server
Click .Edit
Configure the settings on the pane.
Click .Save
Testing the SMTP Server Settings
Once the SMTP Server settings are configured, you can send a test email from Jamf Pro.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .SMTP Server
Click .Test
Enter a test email address and click again.Test
A message displays, reporting whether or not the email was sent successfully.
25
Related Information
For related information, see the following sections in the :Jamf Pro Administrator’s Guide
"Email Notifications"
Learn about the different email notifications that can be sent to Jamf Pro users.
"User-Initiated Enrollment for Computers"
Find out how to send computer enrollment invitations via email.
"User-Initiated Enrollment for Mobile Devices"
Find out how to send mobile device enrollment invitations via email.
"Performing Mass Actions for Computers"
Find out how to send a mass email to computer users.
"Performing Mass Actions for Mobile Devices"
Find out how send a mass email to mobile device users.
26
1.
2.
3.
4.
5.
6.
7.
Change Management
Change Management allows you to track the changes that happen in Jamf Pro, such as the creation
of a Jamf Pro user account. The Change Management settings in Jamf Pro allow you to log those
changes to a log file (JAMFChangeManagement.log) on the Jamf Pro host server and log the changes
to a syslog server.
The Change Management logs can also be viewed in Jamf Pro. The information displayed includes:
Date/time the change took place
Username of the administrator who made the change
Object type (such as a Jamf Pro user account)
Object name (such as the username of a Jamf Pro user account)
Action (such as “Created”)
Details about the change
In addition, you can view the changes to a specific object in that object’s history. For more
information, see "Viewing the History of a Jamf Pro Object" in the .Jamf Pro Administrator's Guide
Requirements
To log changes to a log file, the account used to run Tomcat must have write permissions for the
directory where the file is located.JAMFChangeManagement.log
Configuring the Change Management Settings
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Change Management
Click .Edit
Configure the settings on the pane.
Click .Save
27
1.
2.
3.
4.
5.
6.
Viewing Change Management Logs in Jamf Pro
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Change Management
Click .Logs
The Change Management logs are displayed on the pane.
Do one of the following:
To view the object associated with a change, click the object in the Object Name column.
To view details about the change, click in the Details column.Details
28
1.
2.
3.
4.
5.
6.
GSX Connection
The GSX Connection settings allow you to integrate Jamf Pro with Apple's Global Service Exchange
(GSX) to look up and populate the following purchasing information for computers and mobile
devices:
Purchase date
Warranty expiration date
Note: GSX may not always return complete purchasing information. Only the information found in
GSX is returned.
To integrate Jamf Pro with GSX, you must first create a GSX account and obtain a certificate from
Apple. Then you can configure the GSX Connection settings in Jamf Pro, which involves entering GSX
account information, retrieving an API token from Apple, and uploading the Apple certificate.
You can also use Jamf Pro to test the GSX connection and upload a renewed Apple certificate when
needed.
Requirements
To configure the GSX Connection settings, you need:
A GSX account with the “Manager” role, access to Web Services, and access to coverage/warranty
information
An Apple certificate (.pem or .p12)
For instructions on creating a GSX account and obtaining an Apple certificate, see the Integrating
with Apple’s Global Service Exchange (GSX) Knowledge Base article.
Configuring the GSX Connection Settings
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Global Management
Click .GSX Connection
Click .Edit
Select .Enable Connection to GSX
Note: This setting and others on this pane may already be configured if Jamf Pro was used to
generate a CSR.
29
6.
7.
8.
9.
10.
11.
1.
2.
3.
4.
5.
6.
Enter the username and account number, including the leading zeros, for the GSX account.
Log in to your Apple GSX account, retrieve the API token, and then enter it in the field in API Token
Jamf Pro.
Note: The API token is not displayed after you finish configuring the GSX connection or when you
edit an existing GSX connection. This is because the API token changes with every request and will
always be different.
In the Certificate-based Authentication section, click .Upload
The field will be populated automatically.URI
Follow the onscreen instructions to upload the Apple certificate (.pem or .p12).
Testing the GSX Connection
After the GSX Connection settings are configured, you can test the connection to verify it works.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Global Management
Click .GSX Connection
Click .Test
Click again.Test
A message displays, reporting the success or failure of the connection.
A successful connection will display information similar to the following:
[Accept: application/json, Content-Type: application/json, X-Apple-
SoldTo: 0000000000, X-Apple-ShipTo: 0000000000] GET https://partner-
connect.apple.com/gsx/api/authenticate/check HTTP/1.1
Response: OK
Renewing the Apple Certificate
You can use Jamf Pro to upload a renewed Apple certificate without removing the existing certificate
so the connection with GSX is not lost. A notification is displayed 31 days prior to the expiration date
of the Apple certificate.
30
1.
2.
3.
4.
5.
6.
7.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Global Management
Click .GSX Connection
Click Edit.
Click .Renew
Follow the onscreen instructions to upload a renewed Apple certificate.
31
Related Information
For related information, see the following sections in the :Jamf Pro Administrator’s Guide
“Performing Mass Actions for Computers”
Find out how to mass look up and populate purchasing information from GSX.
“Performing Mass Actions for Mobile Devices”
Find out how to mass look up and populate purchasing information from GSX.
“Viewing and Editing Inventory Information for a Mobile Device”
You can look up and populate purchasing information for a single mobile device by editing the
device’s inventory information in Jamf Pro.
“Viewing and Editing Inventory Information for a Computer”
You can look up and populate purchasing information for a single computer by editing the
computer’s inventory information in Jamf Pro.
“Local Enrollment Using Recon”
Find out how to look up and populate purchasing information when enrolling a computer by
running Recon locally.
“Remote Enrollment Using Recon”
Find out how to look up and populate purchasing information when enrolling a computer by
running Recon remotely.
32
Jamf Pro Summary
The Jamf Pro Summary is a custom report that can be useful for troubleshooting Jamf Pro issues, and
for providing information to Jamf for purposes of support or license renewal.
By default, the Jamf Pro Summary includes the following information:
Number of managed and unmanaged computers
Number of managed mobile devices
Operating system on the Jamf Pro host server
Path to the Jamf Pro web app
Apache Tomcat version
Information about the version of Java installed on the Jamf Pro host server
Information about the MySQL connection and configuration
You can also add information to the Jamf Pro Summary from the following categories as needed:
Computers
Mobile Devices
Users
System Settings
Server Infrastructure
Global Management
Computer Management
Computer Management–Management Framework
Mobile Device Management
User Management
Network Organization
Database
You can view the Jamf Pro Summary in a browser window or send the Jamf Pro Summary to Jamf.
Requirements
To send the Jamf Pro Summary to Jamf, you need a valid Jamf Nation account.
To create a Jamf Nation account, go to:
https://www.jamf.com/jamf-nation/users/new
33
1.
2.
3.
4.
5.
6.
7.
1.
2.
3.
4.
5.
6.
7.
Viewing the Jamf Pro Summary
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Jamf Pro Information
Click .Jamf Pro Summary
Select the checkboxes next to the items you want to include.
Click .Create
The Jamf Pro Summary displays in a browser window.
Click the button in the web browser to return to the Jamf Pro Summary pane.Back
Sending the Jamf Pro Summary to Jamf
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Jamf Pro Information
Click .Jamf Pro Summary
Select the checkboxes next to the items you want to include.
Click .Send Summary to Jamf
Enter your Jamf Nation credentials, and then click .Send
The Jamf Pro Summary is sent to Jamf via Jamf Nation.
Related Information
For related information about Customer Experience Metrics (CEM), see the following Knowledge Base
article:
Customer Experience Metrics
Learn about Customer Experience Metrics and how to configure the setting in your Jamf Pro
environment.
For related information about Customer Experience Metrics, visit the following webpage:
https://www.jamf.com/products/jamf-pro/customer-experience-metrics/
34
Database Management
35
1.
a.
b.
c.
2.
3.
4.
Backing Up the Database
You can create database backups as needed or schedule automated database backups using Jamf
Pro Server Tools.
Note: The time it takes to create a backup depends on the size of the database.
Creating a Database Backup
Open the Jamf Pro Server Tools GUI by performing the following steps:
Open a command terminal and enter the following but do not press Enter:
java -jar
Drag the Jamf Pro Server Tools .jar file into the window. This will add the .jar file path to the java
command.-jar
Press Enter.
Click in the sidebar.Database Connection
Configure the settings to match your database configuration, and then click .Test Connection
If successful, the message "Successfully Connected" appears. Continue with Step 4 below.
If the connection is not successful, an error message will appear.
Click in the sidebar.Backup and Restore
36
5.
6.
1.
a.
b.
c.
2.
3.
4.
5.
Click .Save Backup
Choose a location to save the backup and click .Open
Jamf Pro Server Tools saves the backup as a .sql.gz file.
Scheduling Database Backups
You can schedule database backups to occur on an ongoing basis. You can also automate the
deletion of scheduled backup files that are older than a specified number of days.
Open the Jamf Pro Server Tools GUI by performing the following steps:
Open a command terminal and enter the following but do not press Enter:
java -jar
Drag the Jamf Pro Server Tools .jar file into the window. This will add the .jar file path to the java
command.-jar
Press Enter.
Click in the sidebar.Scheduled Backups
Select the checkbox.Enable scheduled backups
If prompted, enter your Jamf Pro Server Tools configuration password.
Choose the hour and the days that you want backups to occur.
37
6.
7.
To automatically delete old backups, enter the number of most-recent backups that you want to
keep in the field. All older backup files will be deleted when the scheduled backups run. Backups limit
To retain all backups, enter "0".
To save the backups in a custom location, click and select a new location. It is recommended Browse
that you store the backups on a separate drive.
38
1.
a.
b.
c.
2.
3.
Stopping Scheduled Database Backups
Open the Jamf Pro Server Tools GUI by performing the following steps:
Open a command terminal and enter the following but do not press Enter:
java -jar
Drag the Jamf Pro Server Tools .jar file into the window. This will add the .jar file path to the java
command.-jar
Press Enter.
Click in the sidebar.Scheduled Backups
Deselect the checkbox.Enable scheduled backups
Jamf Pro Server Tools immediately stops creating scheduled backups.
Related Information
For related information, see the following Knowledge Base articles:
Jamf Pro Server Tools Overview
Backing Up and Restoring the Database Using the Jamf Pro Server Tools Command-Line Interface
39
1.
a.
b.
c.
2.
3.
4.
5.
6.
7.
8.
Restoring Database Backups
If you need to revert to an earlier version of your database, you can restore a database backup using
Jamf Pro Server Tools.
Note: You must stop Tomcat before you restore a database backup.
Open the Jamf Pro Server Tools GUI by performing the following steps:
Open a command terminal and enter the following but do not press Enter:
java -jar
Drag the Jamf Pro Server Tools .jar file into the window. This will add the .jar file path to the java
command.-jar
Press Enter.
Click in the sidebar.Tomcat Settings
Click .Stop Tomcat
Click in the sidebar.Backup and Restore
Click .Restore Backup Now
Select the backup file that you want to restore, and click .Open
Click in the sidebar.Tomcat Settings
40
8. Click .Start Tomcat
The existing database is replaced with the database backup that you selected.
Related Information
For related information, see the following Knowledge Base articles:
Jamf Pro Server Tools Overview
Backing Up and Restoring the Database Using the Jamf Pro Server Tools Command-Line Interface
41
1.
2.
3.
4.
Viewing the Status of Database Tables
MySQL database tables can become corrupt if the database was not shut down properly or if the
Jamf Pro host server is too slow to manage the number of computers in your organization. You can
view the status of database tables right from Jamf Pro.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Jamf Pro Information
Click .Database Table Summary
42
Server Infrastructure
43
About Distribution Points
Distribution points are servers used to host files for distribution to computers and mobile devices.
The following types of files can be distributed from a distribution point using Jamf Pro:
Packages
Scripts
In-house apps
In-house books
Jamf Pro supports two types of distribution points:
File share distribution points
A cloud distribution point
You can use any combination of these types of distribution points.
By default, the first distribution point you add to Jamf Pro is the master distribution point. The master
distribution point is used by all other distribution points as the authoritative source for all files during
replication. You can change the master distribution point at any time.
Note: On computers with macOS 10.15 or later that do not have an MDM profile, you must use an
HTTP, HTTPS, or cloud distribution point to install packages.
When planning your distribution point infrastructure, it is important to understand the differences
between each type of distribution point. The following table explains the key differences:
File Share Distribution Point Cloud Distribution Point
Description Standard server that is
configured to be a distribution
point
Distribution point that uses one of the
following content delivery networks (CDNs)
to host files:
Rackspace Cloud Files
Amazon Web Services
Akamai
Maximum
Number per
Jamf Pro
Instance
Unlimited
One
44
File Share Distribution Point Cloud Distribution Point
Server
/Platform
Requirements
Any server with an Apple Filing
Protocol
(AFP) or Server Message Block
(SMB) share
Note: File share distribution
points cannot be mounted
and hosted on the same
server.
None
Protocol AFP, SMB, HTTP, or HTTPS HTTPS
Ports
AFP: 548
SMB: 139
HTTP: 80
HTTPS: 443
443
Authentication
Options
AFP or SMB:
No authentication
Username and password
HTTP or HTTPS:
No authentication
Username and password
None
Files that Can
Be Hosted
Packages
Packages
In-house apps
In-house books
Parent-Child
Capabilities
No No
File
Replication
Method
Replication to file share
distribution points must be
initiated from Jamf Admin.
Replication to a cloud distribution point
must be initiated from Jamf Admin.
Selective
Replication
Not available when replicating
to file share distribution points.
Available when replicating to a cloud
distribution point if the master distribution
point is a file share distribution point.
The files for replication must be specified in
Jamf Pro and the replication initiated from
Jamf Admin.
Related Information
For related information, see the following sections in this guide:
File Share Distribution Points
Find out how to manage file share distribution points in Jamf Pro.
Cloud Distribution Point
Find out how to manage the cloud distribution point.
45
1.
2.
3.
4.
5.
6.
7.
8.
9.
File Share Distribution Points
A server with an AFP or SMB share can be used as a file share distribution point. Before you can use a
file share distribution point with Jamf Pro, you must set up the distribution point and add it to Jamf
Pro.
Note: A server with an AFP share cannot share files on the Apple File System (APFS), which is the
default file system for computers with macOS 10.13 or later. Computers with macOS 10.13 or later
that are HFS+ formatted can still support AFP. If you need a file share distribution point for APFS
formatted computers, SMB is an option.
For more information on APFS and SMB, see the following Apple macOS Deployment Reference:
https://support.apple.com/guide/deployment-reference-macos/welcome/web
For information on setting up a file share distribution point, see the Setting Up a File Share
Knowledge Base article.Distribution Point
When you add a file share distribution point to Jamf Pro, you can do the following:
Make it the master distribution point.
Choose a failover distribution point.
Configure HTTP downloads.
Adding a File Share Distribution Point
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Server Infrastructure
Click .File Share Distribution Points
Click .New
Use the General pane to configure basic settings for the distribution point.
Click the tab and enter information about the AFP or SMB share.File Sharing
(Optional) Click the tab and configure HTTP downloads.HTTP
Click .Save
46
1.
2.
3.
Replicating Files to a File Share Distribution Point
During replication, all files on the master distribution point are replicated to the file share distribution
point that you choose.
Open Jamf Admin and authenticate to the Jamf Pro server.
In the sidebar, select the file share distribution point you want to replicate files to.
Click .Replicate
Related Information
For related information, see the following section in the :Jamf Pro Administrator’s Guide
“Network Segments”
You can use network segments to ensure that computers and mobile devices use the closest
distribution point by default.
For related information, see the following Knowledge Base articles:
Setting Up a File Share Distribution Point on Linux Using Samba
Find out how to use Samba to set up a file share distribution point with an SMB share on a Linux
server.
Using Apache HTTP Server to Enable HTTP Downloads on a Linux File Share Distribution Point
Find out how to use Apache HTTP Server to enable HTTP downloads on a Linux file share
distribution point.
Using IIS to Enable HTTPS Downloads on a Windows Server 2016 or 2019 File Share Distribution
Point
Find out how to activate Internet Information Services (IIS) and use it to enable HTTPS downloads
on a Windows Server 2016 or 2019 file share distribution point.
47
Cloud Distribution Point
The cloud distribution point uses a content delivery network (CDN) to host packages, in-house apps,
and in-house books. Jamf Pro supports the following content delivery services:
Rackspace Cloud Files
Amazon S3 or Amazon CloudFront
Akamai NetStorage
Jamf Cloud Distribution Service (JCDS)
When you configure the cloud distribution point in Jamf Pro, you can choose to make it the master.
You can also choose whether to replicate specific files or the entire contents of the master
distribution point if the master is a file share distribution point.
Note: If you plan to use the JCDS for your cloud distribution point, it is recommended that you do
not attempt to upload files larger than 20 GB. Due to the file size download limit set by Amazon
CloudFront, files larger than 20 GB may not download successfully. For more information, see the
following website:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html
Jamf Pro supports the use of signed URLs created with Amazon CloudFront. It also supports Akamai
Remote Authentication. For more information about signed URLs created with CloudFront, see the
following website:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-
urls.html
For more information about Akamai Remote Authentication, contact your Akamai Account Manager.
Requirements
If you plan to use Akamai for your cloud distribution point, Akamai must be configured to use File
Transfer Protocol (FTP).
Note: If you have upgraded from Jamf Pro 8.x, you must migrate the scripts and packages on your
master distribution point before configuring the cloud distribution point. For more information,
see the Knowledge Base article.Migrating Packages and Scripts
Files that are uploaded to a cloud distribution point cannot have filenames that include the following
characters :
/ : ? < > \ * | ” [ ] @ ! % ^ #
48
1.
2.
3.
4.
5.
6.
7.
8.
1.
2.
3.
4.
5.
6.
Configuring the Cloud Distribution Point
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Server Infrastructure
Click .Cloud Distribution Point
Click .Edit
Choose a content delivery network from the pop-up menu.Content Delivery Network
Configure the settings on the pane.
Click .Save
Testing the Cloud Distribution Point
Once the cloud distribution point is configured, you can test the connection to the content delivery
network.
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Server Infrastructure
Click .Cloud Distribution Point
Click .Test
Click again.Test
A message displays, reporting the success or failure of the connection.
49
1.
2.
3.
Replicating Files to the Cloud Distribution Point
During replication, files on the master distribution point are replicated to the cloud distribution point
via Jamf Admin. The files that are replicated depend on whether the cloud distribution point is
configured to replicate specific files or the entire contents of the master.
Open Jamf Admin and authenticate to the Jamf Pro server.
In the sidebar, select the cloud distribution point you want to replicate files to.
Click .Replicate
Related Information
For related information, see the following section in the :Jamf Pro Administrator’s Guide
“Network Segments”
You can use network segments to ensure that computers and mobile devices use the closest
distribution point by default. For related information, see the following Knowledge Base article:
Information Required to Configure a Cloud Distribution Point in Jamf Pro
Learn about the information that must be obtained from your cloud services provider to configure
the cloud distribution point in Jamf Pro.
For more information about content delivery services, visit the following websites:
Rackspace Cloud Files
http://www.rackspace.com/cloud/files/
Amazon S3
http://aws.amazon.com/s3/
Amazon CloudFront
http://aws.amazon.com/cloudfront/
Akamai NetStorage
http://www.akamai.com/html/solutions/netstorage.html
Jamf Cloud Distribution Service
http://www.jamfsoftware.com/products/jamf-cloud/
50
1.
2.
3.
4.
5.
Jamf Infrastructure Manager Instances
A Jamf Infrastructure Manager instance is a service that is managed by Jamf Pro. It can be used to
host the following:
LDAP Proxy—This allows traffic to pass securely between Jamf Pro and an LDAP directory service.
The Infrastructure Manager and the LDAP Proxy typically reside within the DMZ.
The LDAP Proxy requires integration with an LDAP directory service.
For more information, see "LDAP Proxy" in the .Jamf Pro Administrator’s Guide
Healthcare Listener—This allows traffic to pass securely from a healthcare management system to
Jamf Pro.
For more information, see "Healthcare Listener" in the .Jamf Pro Administrator’s Guide
When you install an instance of the Infrastructure Manager, Jamf Pro allows you to enable the LDAP
Proxy or the Healthcare Listener. Infrastructure Manager instances can be installed on Linux and
Windows.
For more information, see the .Jamf Infrastructure Manager Installation Guide
Viewing Inventory Information for a Jamf Infrastructure
Manager Instance
Jamf Pro displays the following inventory information for each Infrastructure Manager instance:
Last Check-in
IP Address at Last Check-in
Operating System
Operating System Version
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click Server Infrastructure.
Click .Infrastructure Managers
A list of Infrastructure Manager instances is displayed along with the services that are installed on
each instance.
Click the Infrastructure Manager instance you want to view inventory information for.
51
5.
Further Considerations
When editing an Infrastructure Manager instance, only the display name and recurring check-in
frequency can be changed.
Note: The default check-in frequency at which the Infrastructure Manager instance checks in with
Jamf Pro is 30 seconds.
An Infrastructure Manager instance cannot be deleted if there are dependencies for the
Infrastructure Manager. For example, an Infrastructure Manager cannot be deleted if there is an
LDAP Proxy hosted on it. To delete the Infrastructure Manager, you must first disable the LDAP
Proxy.
If a Healthcare Listener is hosted on the Infrastructure Manager, the Healthcare Listener is deleted
when the Infrastructure Manager is deleted.
Related Information
For related information, see the following section in the :Jamf Pro Administrator’s Guide
"Email Notifications"
Learn how to enable an email notification in the event that an Infrastructure Manager instance does
not check in with Jamf Pro.
52
Advanced Configuration
53
1.
2.
3.
4.
5.
6.
7.
8.
SSL Certificate
Jamf Pro requires a valid SSL certificate to ensure that computers and mobile devices communicate
with the Jamf Pro server and not an imposter server.
The Apache Tomcat settings in Jamf Pro allow you to create an SSL certificate from the certificate
authority (CA) that is built into Jamf Pro. You can also upload the certificate keystore for an SSL
certificate that was obtained from an internal CA or a trusted third-party vendor.
Note: If your environment is hosted in Jamf Cloud, the Apache Tomcat settings are managed by
Jamf Cloud and are not accessible.
Requirements
To create or upload an SSL certificate, Jamf Pro must be installed as the “ROOT” web app, and the
user running the Tomcat process must have read/write access to Tomcat’s file.server.xml
Creating or Uploading an SSL Certificate
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Apache Tomcat Settings
Click .Edit
Select and click .Change the SSL certificate used for HTTPS Next
Follow the onscreen instructions to upload or create an SSL certificate.
Restart Tomcat for the changes to take effect.
For instructions on how to restart Tomcat, see the following Knowledge Base article:
Starting and Stopping Tomcat
Related Information
For related information, see the following Knowledge Base article:
Using OpenSSL to Create a Certificate Keystore for Tomcat
Find out how to use OpenSSL to create a certificate keystore that you can upload to Jamf Pro.
54
1.
2.
3.
4.
5.
6.
7.
8.
Configuring Tomcat to Work with a Load
Balancer
When Jamf Pro is behind a load balancer, you must configure the remote IP valve, proxy port, and
scheme in Tomcat's file. The Load Balancing settings in Jamf Pro allow you to server.xml
configure these settings without having to edit the file manually.server.xml
Requirements
To configure Load Balancing settings using Jamf Pro, Jamf Pro must be installed as the “ROOT” web
app, and the user running the Tomcat process must have read/write access to Tomcat’s server.
file.xml
Configuring Load Balancing Settings
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Apache Tomcat Settings
Click .Edit
Select and click .Configure Tomcat for working behind a load balancer Next
Follow the onscreen instructions to configure the Load Balancing settings.
Restart Tomcat for the changes to take effect.
For instructions on how to restart Tomcat, see the following Knowledge Base article:
Starting and Stopping Tomcat
55
1.
2.
3.
4.
5.
6.
7.
8.
Tomcat Thread Pool Settings
Configuring the Tomcat Thread Pool settings using Jamf Pro allows you to make modifications to
Tomcat’s file without having to edit it manually.server.xml
Requirements
To configure Tomcat Thread Pool settings using Jamf Pro, Jamf Pro must be installed as the “ROOT”
web app, and the user running the Tomcat process must have read/write access to Tomcat’s
file.server.xml
Configuring Tomcat Thread Pool Settings
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Apache Tomcat Settings
Click .Edit
Select and click .Update the settings for Tomcat's thread pool Next
Follow the onscreen instructions to configure the Thread Pool settings.
Restart Tomcat for the changes to take effect.
For instructions on how to restart Tomcat, see the following Knowledge Base article:
Starting and Stopping Tomcat
56
1.
2.
3.
4.
1.
2.
3.
Jamf Pro Web App Memory
Jamf Pro allows you to view the amount of memory being used by the web app. If you need to
change the amount of memory allocated to the web app, you can use Jamf Pro Server Tools.
Viewing Memory Usage
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .Jamf Pro Information
Click .Memory Usage
Current free and used memory values are displayed.
Configuring Web App Memory Using Jamf Pro Server Tools
Open Jamf Pro Server Tools on the Jamf Pro host server. Jamf Pro Server Tools is located in:
/Library/JSS/bin/server-tools-gui.jar
Select , click , and enter your local user password.Preferences Run as Admin
Select .Tomcat Settings
57
4.
5.
Enter values in the and fields to configure the Tomcat minimum memory Tomcat maximum memory
amount of memory allocated to the web app.
Note: Type an "m" after the memory value to specify megabytes, e.g., "256m".
Restart Tomcat. The changes will take effect after Tomcat restarts.
58
1.
2.
3.
4.
5.
6.
Clustering
A clustered environment is one that has multiple instances of the Jamf Pro web app pointing to the
same database. Clustering is useful in large environments that require multiple web apps, or
environments with a web app in the DMZ.
When setting up a clustered environment, it is recommended that you configure the Clustering
settings in Jamf Pro using the web app that you plan to make the master, and then install other Jamf
Pro web apps that point to the same database. However, if you already have multiple Jamf Pro web
apps installed and pointed to the same database, you can configure the Clustering settings in Jamf
Pro after the fact. For more information on setting up a clustered environment, contact your Jamf
account representative.
The Clustering settings in Jamf Pro allow you to configure the frequency at which clustered web apps
are synced with the database, and specify which web app should function as the master.
The master web app handles tasks such as upgrading the database schema and flushing logs from
the database.
Jamf Pro also allows you to view a list of web apps that are pointed to the same database and
information about them.
Requirements
To cluster web apps that are not in the DMZ, you need a load balancer with the address of the Jamf
Pro server (formerly the Jamf Software Server). For example:
https://jss.mycompany.com:8443/
The load balancer should route traffic to the servers running the web app.
Configuring Clustering Settings
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Clustering
Click .Edit
Configure the settings on the pane.
To specify which web app should function as the master, select the option for the web app.Master
59
7.
8.
Click .Save
If you already have multiple Jamf Pro web apps pointed to the same database, restart Tomcat on any
of the web apps for the changes to take effect.
For instructions on how to restart Tomcat, see the Knowledge Base Starting and Stopping Tomcat
article.
Related Information
For related information, see the following Knowledge Base articles:
Caching Configuration
Find out how to configure distributed caching for clustered Jamf Pro environments.
Installing a Jamf Pro Web App in the DMZ
Find out how to install a web app in the DMZ, and learn when in the process you should configure
the Clustering settings in Jamf Pro.
60
1.
2.
3.
4.
5.
6.
Limited Access Settings
If you have a clustered environment, the Limited Access settings in Jamf Pro allow you to disable the
Jamf Pro interface and limit the types of devices that can communicate with Jamf Pro. This is most
commonly used if you have a web app in the DMZ.
For each Jamf Pro web app, you can choose one of the following Limited Access settings:
Full Access
Computer Access Only
Mobile Device Access Only
Computer and Mobile Device Access
Choosing anything other than “Full Access” disables the Jamf Pro interface.
Configuring the Limited Access Settings
Log in to any of the Jamf Pro web apps.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Limited Access
Select a setting for each Jamf Pro web app as needed.
Click .Save
61
1.
2.
3.
4.
5.
6.
7.
8.
Flushing Logs
Flushing logs reduces the size of the database and can speed up searches. You can flush the following
types of logs:
Application Usage logs
Computer Usage logs
Policy logs
Jamf Remote logs
Screen sharing logs
Jamf Imaging logs
Computer and mobile device management history
Computer inventory reports (computer inventory information from past inventory submissions)
Mobile device inventory reports (mobile device inventory information from past inventory
submissions)
Jamf Pro access logs
Change Management logs
Event logs
You can schedule log flushing to take place daily, or you can manually flush logs as needed. You can
also choose to flush logs that are older than a certain number of days, weeks, or months.
For information on the types of data flushed with each log and the database tables affected, see the
Knowledge Base article.Data and Tables Affected by Log Flushing
Scheduling Log Flushing
Log in to Jamf Pro.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Log Flushing
Click .Edit
Use the pop-up menus to choose the number of days, weeks, or months after which each type of log
should be flushed.
Choose a time of day from the pop-up menu.Time to Flush Logs Each Day
Click .Save
62
1.
2.
3.
4.
5.
6.
7.
8.
Manually Flushing Logs
Log in to any of the Jamf Pro web apps.
In the top-right corner of the page, click .Settings
Click .System Settings
Click .Log Flushing
Click .Flush Manually
Select the checkbox for each type of log you want to flush.
From the pop-up menu, choose the number of days, weeks, or months after Flush Logs Older Than
which logs should be flushed.
Click .Flush
A message displays, reporting the success or failure of the flush.
Related Information
For related information, see the following sections in the :Jamf Pro Administrator’s Guide
“Viewing and Flushing Policy Logs for a Computer”
Find out how to view and flush policy logs for a computer.
“Viewing and Flushing Logs for a Policy”
Find out how to view and flush logs for a policy.
“Viewing the History for a Computer”
Find out how to view the logs and the management history for a computer.
“Viewing the Management History for a Mobile Device”
Find out how to view the management history for a mobile device.
