I am installing an additional JSS in our DMZ. And it occurred to me that if we had separate DNS entries (in internal DNS and external DNS), we could use one FQDN to resolve to both JSSs. So, when a laptop user brought their machine in to work, they would be managed by the internal JSS and when they work from home they would be managed by the external JSS - and this switch would occur seamlessly.
All data would be stored on the internal JSS, since the JSS in the DMZ is just a webapp pointing to the internal server (along with a software distribution point in the DMZ).
Here is how I want to do it:
1. Internal JSS is named SERVER1.INTERNALDOMAIN.com
2. External JSS is named SERVER2.EXTERNALDOMAIN.com
3. A new hostname JAMF.EXTERNALDOMAIN.com is entered into both internal and external DNS. On internal DNS it resolves to SERVER1 on external DNS it resolves to SERVER2.
The problem with this approach is that we would need to add a second certificate to each JSS for JAMF.EXTERNALDOMAIN.COM and that certificate would need to be generated on the first JSS, then exported to the second JSS so the certificate for both is identical.
My questions are:
1. Is it possible for a JSS to have more than one certificate and hostname?
2. Would I have to unmanage the clients, then manage them using the single host name?
Bob Reed
