Skip to main content
Question

Distribution Point in DMZ

  • July 30, 2013
  • 12 replies
  • 25 views
N
Forum|alt.badge.img+7

I am trying to figure out how to put a distribution point on our DMZ that can talk to the main DP on the LAN. I have looked at all the documentation on setting the JSS up on a DMZ, but it is pretty lacking in information and I must say I am a little confused.

Here is the goal of what I need to accomplish:

-Clients that are managed will be able to download software from Self Service outside of our LAN
-I need to replicate the master DP to the external DP

I am a little confused as to what steps I need to take to get this process started. I am running my current setup (on the LAN) on a 10.8 Mac server and will be running a 10.8 VM server to serve as the external DP. I currently have MySQL and everything else installed on the VM - I was going off of the article about JSS in the DMZ, but now I am stuck and can't seem to get the master to replicate to the VM.

How do I setup a DP that talks to the internal master so clients can download software outside of the LAN?

    12 replies

    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • July 31, 2013

    DMZ servers typically have two network interfaces (NICs). One NIC is connected to the internal LAN and the other is connected to the Internet (with a suitable firewall in place that allows only certain traffic to pass).

    So, first question: Does your DMZ distribution point server have two NICs configured?

    Second question: Is your JSS accessible both on the LAN and to the Internet? If not, do you have a second JSS in the DMZ for clients reporting from the Internet?

    The Certified JSS Administrator course may interest you if you need to set up multiple JSS systems.

    D
    Forum|alt.badge.img+13
    • daworley
    • Valued Contributor
    • July 31, 2013

    Hi Nichele!

    Another option might be something along these lines, leveraging Box.com for a public CasperShare:
    http://bryson3gps.wordpress.com/2013/02/06/using-box-as-a-casper-share/

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • July 31, 2013

    Hi Nichele,

    I've done what your attempting except we are using real Mac servers & not VM's.

    I'm on holiday for a few more days, I'll try & respond when back.

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • July 31, 2013

    i am using a reverse proxy on the external server pointing to the http share on the internal server that way you dont have to have space on the external server and no replication...

    N
    Forum|alt.badge.img+7
    • ndudley
    • Author
    • Contributor
    • August 9, 2013

    Hi Bentoms-

    No pressure, but I wanted to see if you have any updated information that could help me? Thanks!

    R
    Forum|alt.badge.img+18
    • rderewianko
    • Honored Contributor
    • August 9, 2013

    I'd second the post about using box.com.. Took it one step further since you are using a Actual server, install the box sync tool on it.. And let it auto upload that content to box.com. Just remember to never try and sync to it in casper admin. It won't work.

    This takes the strain off your network to supply that content externally..

    easyedc
    Forum|alt.badge.img+16
    • easyedc
    • Esteemed Contributor
    • August 26, 2013

    How'd this turn out? I've just gotten my DMZ JSS set (literally today) and am in the process of configuring a DP out there. I am 100% positive our Server team and Security would flip if I suggest a public Box.com account.

    N
    Forum|alt.badge.img+7
    • ndudley
    • Author
    • Contributor
    • September 3, 2013

    I had to put a hold on it because things got busy, but I am on the same page as you. We don't want to use a Box account to transfer anything, and now I am also looking at adding another DP in Amsterdam and need to get that configured, so I am still at the starting point.

    S
    Forum|alt.badge.img+10
    • spotter
    • Contributor
    • September 5, 2013

    @nessts... Could you email more detail around setting up the reverse proxy on the DMZ server.

    My setup is as follows - Windows VM Server in the DMZ with limited access and XServe internal.

    Currently external clients are checking in but not able to see apps within Self Service.

    Thanks in advance.... ::sp

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • September 5, 2013

    in my Mac server and my linux server that do the same thing running Apache web server i created a reverse.conf file
    you would replace internal server with your real internal server, you have to have 80 and or 443 open between them for that traffic to pass.

    ProxyPass /CasperShare http://internalserver/CasperShare
    ProxyPassreverse / https://internalserver/
    ProxyPassreverse / http://internalserver/

    msample
    Forum|alt.badge.img+9
    • msample
    • Valued Contributor
    • June 19, 2015

    @nessts Can you share the reverse.conf file script? Thanks.

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • June 19, 2015

    well. its not a script its a conf file for apache. and the contents of said file are in my last post on 9/5/13

    Terms & ConditionsCookie settingsAccessibility statement