Help

infrastructure help - Distribution Point in DMZ

tak10
Contributor II

Posted on ‎03-08-2017 08:56 AM

We are looking to expand the file distribution point for macOS and potentially needing to host In-house apps for iOS.

We currently have an internal server running MySQL, Apache Tomcat. Consider this as a primary JSS. All internal network will communicate to this server based on DNS.

We have two DMZ JSS server boxes (load balanced) for any external devices. These are running Apache Tomcat and reporting into the internal server's MySQL.

We have a file share distribution point separate from JSS that houses all the macOS packages and scripts. This is only accessible via internal network.

We would like to put a distribution point in the DMZ for external device to access packages and host in-house iOS apps. I do not think we would like to have a file share distribution point using smb or afp to do this. I'm looking to run https distribution point. I see that the only option is to run JDS instance. Can anyone confirm this is the right direction to go and anyone have any experiencing setting this up?

Reference: http://docs.jamf.com/9.97/casper-suite/jss-install-guide-mac/About_Distribution_Points.html

0 Kudos
4 REPLIES 4

thoule
Valued Contributor II

Posted on ‎03-08-2017 09:04 AM

You can distribute files over http(s) without a JDS. When setting up a 'File Share Distribution Points' in Settings, go to the HTTP tab and put in settings as appropriate. And as it's http, you can use load balancers, dns round robin or whatever other trick you'd like. You'll still need AFP or SMB to copy files to the share using Casper Admin. Also, Casper Imaging will use AFP or SMB during the imaging process. HTTP is only file file distribution during a policy.

0 Kudos

Sandy
Valued Contributor II

Posted on ‎03-08-2017 01:13 PM

HI Tak,
Edit: we do not have a JDS.
We have our 3 internal DPs running HTTPS, each with their failover DP being an SMB share. I have seen WAY better success with policies since making this change!
We also have a webApp in the DMZ, so devices can check-in from home and Self Service for OS X works from home too.
Our External DP is on Amazon S3, and a nice feature with adding a cloud DP is that it is a selective sync, meaning you pick what you want to have on that DP. It was pretty easy to set up and cheap. Apart from last week's AWS failure it has been solid and reliable.
Sandy

0 Kudos

donmontalvo
Esteemed Contributor III

Posted on ‎03-08-2017 09:28 PM

The article needs an update. Scripts are now in the jamfsoftware database.

RHEL DPs, HTTP FTW.

--
https://donmontalvo.com
0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎03-09-2017 12:14 AM

@donmontalvo only if migrated.. I know some folks that haven't

0 Kudos