VPN: Enrolling test groups
The purpose of enrolling is for ITSOs to have time to test and report any issues before a new VPN client is deployed into production and the VPN server is updated. Precedent has shown issues with the Cisco VPN installer when deployed against a living fleet of endpoints.
Enrollment
ITSOs are to create an AD or Jamf Group that they can add/remove objects from and provide the name of that group to EPM.
We recommend ITSOs provide endpoints that are in use by IT Staff or others that can tolerate possible disruptions during testing, but ideally no more than 1% of your production fleet.
Timeframe
H1 | H2 |
|---|---|
EPM deploys a test client to test groups in January | EPM deploys a test client to test groups in August |
VPN client deployed into production in February | VPN client deployed into production in September |
Networking updates the VPN appliance in March | Networking updates the VPN appliance October |
The upgrade window has been reviewed and adopted by Networking & Telecom to facilitate a scheduled process to keep the campus VPN service updated.
Glossary
Test client: Any endpoint enrolled in configuration manager can be chosen as a “test client” to have a newer VPN version deployed to it during the test period
Test group: An AD of Jamf group created and maintained by the ITSO that created it for the purpose of adding test clients.
Production: All workstation endpoints (excludes servers) enrolled in Configuration Manager or Jamf Pro.