Posted on 12-05-2013 09:16 AM
I'm struggling here... We are a geographically diverse company, and I need the ability to serve policies to my West Coast offices without them having to phone home to our headquarters in the Mid-West. So I went the route of creating a File Share Distribution Point...
Though now I'm not quite understanding how to assign the machines out there to that DP. I noticed I could do that under 'Network Segments', though with as large and complex as our network is that's not an option. So what I'm asking JAMF Nation is; How in the world do I assign Computers to a specific DP, other than through Network Segments?
Thanks!
Bill
Posted on 12-05-2013 09:19 AM
assuming your geographic locations have somewhat unique subnets, you can set that up in network segments section. you define the west coast ip range 10.10.10.1-10.10.11.254 and point them at the west coast DP. and so on.
Posted on 12-05-2013 11:16 AM
+1 for what @nessts said.
When creating a policy manually you have several choices when choosing who you're adding to the "Scope" section. In my environment I have some policies scoped to what building and department people are in. We do have several users that use satellite offices in other buildings but as of yet that hasn't been an issue. Try assigning building names to people in your West coast office then create a policy manually - setting "Override Default Policy Settings" to the distribution point and scoping it to the building names you setup.
I've read what I just typed twice now for mistakes or ramblings but I've been sick for several days now so that is my excuse for a bad answer or one full of typos. :-)
Posted on 12-05-2013 11:30 AM
We have over 400 subnets configured for our network (also geographically diverse) so I decided to bite the bullet one day and build all of the network segments.
I ended up exporting AD Sites & Services subnet data to a CSV file, wrote a script that read that in and converted the CIDR notation into first/last IPs using the whatmask command-line executable, then was able to do a bunch of copy/paste work into the JSS to build the segments.
I still ended up with well over 100 network segments after consolidating and it took me the better part of a day, but it was worth the effort to make sure clients don't pull packages from the primary DP.
Posted on 12-05-2013 11:59 AM
Is your network really that complicated that you can't set up Network Segments? Because as @nessts][/url][/url mentioned this is the official and easiest way to assign Macs to specific local DPs. You may be able to do it in some scripted way, but I doubt it will be easy. You're best off setting up those Network Segments and using that.
Keep in mind, it doesn't need to be perfect. Our Network Segments are by no means complete or comprehensive. The company is so large and worldwide that its literally impossible for us to create a NS for every possible network associated with the company, but we have as many of the known ones set up as possible, and continue to add new ones as they become known to us.
Everything else falls into a generic "internet" segment. Since Network Segments use the smallest scope over the largest ones its possible to set up an "internet" segment as 1.1.1.1 through 254.254.254.254. More specific ranges will override this if a Mac falls into one.
What we do is point our "internet" Macs to an externally available DP, but you can choose to point these to your fastest or most available internal DP for example if you want.
Posted on 12-06-2013 01:04 PM
Like @nessts][/url][/url and @mm2270][/url][/url said, it can be imperfect. I watch the emails coming in from Macs that enroll. If I see IP ranges I don't recognize, I go into the JSS and search for them. If they don't exist, I find out where they're located and add them. We have a mess as well with a global setup and with subsequent company acquisitions, the ranges are all over the place.
You do the best you can and then keep updating it as you go. The initial setup sucks, but once it's done, it's maintenance.
Good luck.
Posted on 05-15-2014 01:19 AM
Little bit older post, but @alexjdale are you able to share the script to import the CSV file?
That is something that is similar to our environment.
Thanks