-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add to docs Jamf Pro NetBird integration (#260)
* Add to docs Jamf Pro NetBird integration * Update src/pages/how-to/jamf-pro-netbird-integration.mdx Co-authored-by: Maycon Santos <[email protected]> * creates menu structure for MDM articles --------- Co-authored-by: Marco Garcês <[email protected]> Co-authored-by: Maycon Santos <[email protected]> Co-authored-by: Marco Garcês <[email protected]>
- Loading branch information
4 people
authored
Dec 18, 2024
1 parent
6390089
commit c87e20b
Showing
12 changed files
with
154 additions
and
0 deletions.
There are no files selected for viewing
Binary file added
BIN
+193 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-01.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+353 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-02.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+360 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-03.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+803 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-04.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+523 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-05.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+582 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-06.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+278 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-07.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+338 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-08.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+283 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-09.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+365 KB
.../docs-static/img/how-to-guides/jamf-pro-netbird-integration/netbird-jamf-10.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,150 @@ | ||
| # Deploying NetBird's with Jamf Pro | ||
|
|
||
| Integrating NetBird with Jamf Pro's robust device management capabilities creates a scalable system for secure access management across your entire Apple ecosystem. | ||
|
|
||
| This comprehensive tutorial guides you through deploying NetBird on Apple devices using Jamf Pro, covering: | ||
|
|
||
| 1. Setting up NetBird Access Policies for Team-Specific Permissions | ||
| 2. Creating a Jamf Pro Policy for Automated NetBird Deployment | ||
| 3. Verifying the Automated Provisioning Process | ||
|
|
||
| By following these steps, you'll establish an automated pipeline that: | ||
|
|
||
| * Streamlines network security management | ||
| * Minimizes manual configuration errors | ||
| * Ensures appropriate access levels for each team in your organization | ||
|
|
||
| This integration enhances your organization's security posture while simplifying remote access management for your Apple devices. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| Before beginning the integration process, make sure you have the following: | ||
|
|
||
| * A [NetBird account](https://app.netbird.io/) with administrative privileges. | ||
| * A [Jamf Pro subscription](https://www.jamf.com/request-trial/) with administrative permissions. | ||
| * A valid [Jamf Pro Push Certificate](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Push_Certificates.html). | ||
| * At least one Apple device (Mac, iPhone, or iPad) enrolled in Jamf Pro. | ||
|
|
||
| These requirements are essential for successfully implementing NetBird-Jamf Pro integration and managing your Apple devices securely. | ||
|
|
||
| ## Setting Up NetBird Access Policies for Team-Specific Permissions | ||
|
|
||
| NetBird's [Access Control Policies](https://docs.netbird.io/how-to/manage-network-access) are essential to this integration, allowing you to define and enforce specific permissions for different user groups. This ensures that team members can only access the resources necessary for their roles. | ||
|
|
||
| For this tutorial, we'll create a policy that allows the `Support` team to access the `Servers` group: | ||
|
|
||
| * Log in to your NetBird dashboard. | ||
| * Navigate to `Access Control > Policies` and click `Add Policy`. | ||
| * Set the source group to `Support` and the destination group to `Servers`. | ||
| * Configure the appropriate protocol and port settings (e.g., TCP 22 for SSH access). | ||
|
|
||
|  | ||
|
|
||
| Give the policy a descriptive name (e.g., "Support team remote access") and click `Save` to create the policy. | ||
|
|
||
|  | ||
|
|
||
| With this policy in place, any device assigned to the `Support` group will gain access to the `Servers` group as defined in the Access Control Policy. | ||
|
|
||
| Now that NetBird is configured, let's proceed to the next step: setting up Jamf Pro to deploy NetBird on support team devices. | ||
|
|
||
| ## Creating Jamf Pro Policy for Automated NetBird Deployment | ||
|
|
||
| To deploy NetBird using Jamf Pro, you need to [upload the NetBird package](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Package_Deployment.html) to Jamf and then [configure a policy](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Policy_Management.html) that includes the package. | ||
|
|
||
| ### Uploading NetBird Package | ||
|
|
||
| Navigate to `Settings > Computer management > Packages` and click `+ New`. | ||
|
|
||
| In the `General` tab: | ||
| * Enter a descriptive **Display name** (e.g., NetBird_vX.XX_Support_Team, where X.XX is the current NetBird version). | ||
| * Optionally, assign a **Category** (e.g., VPN). | ||
| * Upload or drop the package file in the **Filename** field. This tutorial uses the Apple Silicon package you can download [here](https://pkgs.netbird.io/macos/arm64). | ||
| * Optionally, add Info and Notes. | ||
|
|
||
| In the `Options` tab: | ||
| * Set a **Priority** (default is 10). | ||
| * The priority determines the order in which packages are installed when multiple packages are included in a policy. Lower numbers indicate higher priority (e.g., 1 is a higher priority than 10). Use this to ensure critical packages are installed before NetBird if needed. | ||
|
|
||
| Click `Save` to finish. If you see the message "Availability pending", click `Refresh` to update the package status. | ||
|
|
||
|  | ||
|
|
||
| ### Creating a Policy for NetBird | ||
|
|
||
| Go to `Computers > Computer management > Policies` and click `+ New` to create a new policy for the NetBird app. | ||
|
|
||
| In the `General` section of the `Options` tab: | ||
| * Provide a descriptive name in the **Display Name** field (e.g., NetBird Apple Silicon) | ||
|
|
||
| In the **Trigger** options, check the following boxes: | ||
| * Startup: Installs NetBird when the computer starts up. | ||
| * Enrollment Complete: Ensures NetBird is installed immediately after the device is enrolled in Jamf Pro. | ||
| * Recurring Check-in: Allows periodic checks to ensure NetBird is installed and up-to-date. | ||
|
|
||
| These trigger selections ensure NetBird is installed promptly and remains current on all managed devices. Leave the remaining options as default. | ||
|
|
||
|  | ||
|
|
||
| In the `Packages` section, click `Configure` and add the corresponding NetBird package: | ||
|
|
||
|  | ||
|
|
||
| Accept the default values for **Distribution Point** and **Action** | ||
|
|
||
|  | ||
|
|
||
| In the `Scope` tab, specify the target computers (all computers, specific computers or groups, etc.). For simplicity in this example, use `All Computers`. | ||
|
|
||
|  | ||
|
|
||
| Optionally, in the `User Interaction` tab: | ||
| * Enter messages to display before and after the policy runs. | ||
| * This can help inform users about the installation process. | ||
|
|
||
|  | ||
|
|
||
| Click `Save` to finish. | ||
|
|
||
|  | ||
|
|
||
| This configuration ensures NetBird is installed as soon as any machine enrolls, maintaining security across your device fleet. | ||
|
|
||
| It's worth mentioning that for first-time devices when NetBird is launched after installation, it automatically triggers the Single Sign-On (SSO) login flow. This seamless process combines connection setup and authentication, establishing both network connectivity and user verification in one streamlined step. | ||
|
|
||
| The SSO flow works as follows: | ||
|
|
||
| 1. When users open NetBird for the first time, they will be prompted to authenticate. | ||
| 2. The user will be redirected to your organization's identity provider (IdP) login page. | ||
| 3. After successful authentication, the user is automatically connected to the NetBird network. | ||
| 4. NetBird then configures itself with the appropriate permissions based on the user's identity and group memberships. | ||
|
|
||
| This approach ensures secure and efficient user authentication by integrating with your organization's identity management system. It eliminates the need for separate VPN credentials, simplifying the user experience while maintaining robust security. | ||
|
|
||
| Throughout the process, NetBird logs its actions, which can be useful for troubleshooting purposes. Upon successful completion of the SSO flow and network connection, NetBird is fully operational, marking the end of a smooth, automated deployment and configuration process. | ||
|
|
||
| ## Verifying the Automated Provisioning Process | ||
|
|
||
| After setting up NetBird deployment policy in Jamf Pro, it's crucial to verify that the automated provisioning process is working correctly. Follow these steps to confirm the successful installation of NetBird: | ||
|
|
||
| * In Jamf Pro, navigate to `Computers > Search Inventory`. | ||
| * Click `Search` to display all enrolled machines. | ||
| * Select a newly enrolled machine from the list. | ||
| * In the device details, go to the `Management` tab and locate the `Policies` section. | ||
| * Look for the NetBird policy in the list of applied policies. | ||
|
|
||
|  | ||
|
|
||
| If you see the NetBird policy listed, that would indicate that NetBird has been successfully installed on the device. | ||
|
|
||
| To further verify the integration, check that the machine has been added to your NetBird network: | ||
|
|
||
| * Log into a NetBird account with administrative privileges. | ||
| * Go to the `Peers` section. | ||
| * Look for the newly enrolled machine in the list of peers. | ||
|
|
||
| If you can see the new machine listed as a peer in NetBird, this confirms that the automated provisioning process is working correctly and the device has been successfully added to your NetBird network. | ||
|
|
||
| By following these verification steps, you can ensure that your Jamf Pro policy is effectively deploying NetBird to your managed devices and integrating them into your secure network infrastructure. | ||
|
|
||
| This tutorial taught you how to seamlessly integrate NetBird's VPN solution with Jamf Pro for Apple devices. By configuring NetBird Access Policies, creating a Jamf Pro policy for automated deployment, and verifying the provisioning process, you've established a solid system for managing secure network access across your organization. |