Jamf Premium Cloud Prerequisites

Jamf Premium Cloud is an add-on for cloud hosting that allows you more control over your server with the following features:

  • Upgrade control

  • IP safelisting

  • Third-party SSL certificates

  • Secure ports

  • Hosting

  • Jamf Log Stream

This technical article describes the prerequisites for certain features, including the information that you must provide to your Jamf Customer Success Manager.

All features included below must be enabled by your Jamf Customer Success Manager.

IP Safelisting
  • Provide a list of IP addresses to safelist and blocklist in CIDR format.

  • Provide an outage window that Jamf can use to implement your IP safelisting, and plan for up to 1 hour of outage.

Third-party SSL Certificates

If you would like to use your choice of third-party SSL certificates instead of the Jamf Pro built-in certificate authority to secure the Jamf Pro web interface, provide the following information:

  • Select the FQDN you want to use and point that domain to your Jamf Cloud instance name as a CNAME record.

  • Obtain the certificate body, host, chain, ROOT, and private key.
    Note:

    The certificate cannot be a wildcard certificate and must be a PEM file.

Jamf Log Stream
  • Specify which logs you would like to stream. JSSAccess and JAMFChangeManagement logs can be streamed.

  • Provide your Jamf Customer Success Manager with one of the following:
    • The name of the Amazon S3 bucket you want to forward logs to

    • Your Splunk endpoint URL and authentication toke

    • Your HTTPS endpoint URL

If you want to stream to an Amazon S3 bucket, assign the following policy to the S3 bucket:
{


"Version": "2012-10-17",
"Id": "PolicyID",
"Statement": [
    {
        "Sid": "StmtID",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::521540784405:role/jamflogs-kinesisstream"
        },
        "Action": [
            "s3:AbortMultipartUpload",
            "s3:GetBucketLocation",
            "s3:GetObject",
            "s3:ListBucket",
            "s3:ListBucketMultipartUploads",
            "s3:PutObject",
            "s3:PutObjectAcl"
        ],
        "Resource": [
            "arn:aws:s3:::<bucket-name>",
            "arn:aws:s3:::<bucket-name>/*"
        ]
    }
]
}
The specified logs will begin streaming to your data collection endpoint after your request has been processed.
Important:

If streaming JAMFChangeManagement logs, there will be a brief, up to 30 minute, outage in your Jamf Pro environment to complete necessary database updates. If you are only streaming JSSAccess logs, no outage should occur.

Additional Information

In addition to the features listed above, Jamf Premium Cloud provides support for custom build needs. Contact your Jamf Customer Success Manager to discuss possible customizations.

For more information on Jamf Premium Cloud features, pricing, and availability, see Jamf Premium Cloud.