We have a JamfPro server that is currently not exposed to the outside world. I would like to have the Internal JSS be the master and then clone itself to the cloud instance so when a user is outside of the lan they access the cloud instance. I know I have seen someone explain a similar setup but for the life of me I cannot remember. Does anyone have any pointers?
I would definitely contact Jamf Support on this, I've never heard of this being done due to the constraints of Jamf Cloud. You could go the standard route of putting a limited access instance off Jamf Pro in your DMZ. You could also setup your own Amazon EC2 limited access instance in AWS, of course that instance would need to be able to communicate with your database that is inside of your network so you would have to setup VPN for the EC2 instance to be able to reach the MySQL database "Hybrid Cloud" type deal. Also are you only using a FQDN that can be reached inside of your LAN or something your devices could potentially reach out of network? Lots of variables to consider.