Jamf Blog

Navigating Integration with the Network

Are you offering global services? Are you asking yourself what can I do with my Jamf instance? This session recap is for you.

Watch this JNUC session in its entirety.

Is your customer base is growing? Are you offering global services? Are you asking yourself what can I do with my Jamf instance or what should I do with my Jamf Pro instance? These are the questions that kicked off today’s Navigating Integration with the Network session with Matthew Bentley, Joel Seeger and Michael Gallagher.

“Most of our customers start with about 200 iOS devices on campus, using one JSS Web App and a single Web App host, no distribution points, and a LDAP directory. Then, in a handful of months, you scale.”

What does that look like? “Management access is now global. You have multiple, load balanced JSS Web Apps. Dual and replication+ of MySQL is at play. And, you have multiple internal and cloud distribution points and LDAPS for your directory.”

As customers scale, the number of policies created in Jamf Pro start to scale, and so demand on the JSS increases as well.

“You need to distribute the network traffic, so clustering or setting up multiple Jamf Pro instances is an option.”

Once you move to a clustered environment, it was recommended to move MySQL onto separate hardware from your JSS. In other words, separate the MySQL database from the Tomcat web server. The following tips were provided:

  • MySQL Enterprise Edition is preferred over Community Edition.
  • For smaller environments with a single node JSS, shared hardware is appropriate.
  • When you move to a clustered JSS to support more devices, dedicated hardware is key.

Shifting to security, the speakers talked about leveraging Jamf Pro in connection with Cisco Identity Services Engine (ISE) to determine which devices get access to the network:

  • Access allowed if device is enrolled in Jamf Pro and compliant with security requirments
  • Unknown or unenrolled devices are automatically redirected to the Jamf enrollment portal
  • Non-compliant devices can be denied access, given restricted access, or sent to a splash page with further information

Recently added to Jamf Pro, the Jamf Infrastructure Manager is used to integrate components outside of the Jamf server. (Pro tip: Enroll at least one component for the Infrastructure Manager icon to show up in the Jamf Pro settings). A common use case for the Infrastructure Manager is to provide a secure relay between your internal directory services and Jamf Cloud.

Check back in a few weeks for the video.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.