Jamf Nation Community

DanJ_LRSFC · ‎08-08-2016

My workplace has recently approved the purchase of a few iPads for various specific staff users around the college. These iPads will be used at home as well as at work, so I'm guessing that in order to be able to manage them while they are outside the college, I'll need to make our JSS (and the JDS too? or is that not needed?) available externally.

What's the easiest way to do this? Is it literally just a case of having an external IP address allocated for the JSS and poking a hole in the firewall on port 8443, or is there something more that we need to do? Will Self Service work OK with that sort of setup, or do we need to make the JDS available externally as well?

Thanks,
Dan Jackson (Lead ITServices Technician)
Long Road Sixth Form College
Cambridge, UK.

RobertHammen · ‎08-08-2016

First things first... you'll need to use a DNS name for your JSS that resolves outside of your own network.

Secondly, you either need to open up ports to your JSS, or you need to put a 2nd JSS into a DMZ (limited-access functionality), or move your JSS to a cloud-hosted one.

From a security perspective, exposing TCP port 8443 of your JSS to the outside world also exposes your web console to the outside world. This is why I am a big fan of the "limited access JSS" functionality.

Talk to your JAMF Account Manager, they can set you straight on the options, requirements, pro's/con's, costs (if moving to JAMFcloud), etc.

DanJ_LRSFC · ‎08-08-2016

We've got #1 (well, it doesn't resolve yet but we did set it up using our internet facing domain rather than our internal one, so it'd just be a matter of adding an external DNS entry).

For #2, opening up ports to our JSS was the option I was looking at as it doesn't cost us anything.

I was basically hoping to hear from people who had already done it and whether it was okay to do that and how well it worked.

Jamf Nation Community

Setup for devices being used externally as well as internally?