Jamf Nation Community

You have to put an SMB/AFP share for Jamf Admin. You can change the default distribution server for on site vs off site. I cant remember how exactly but Jamf support can help you.

You should be able to use your existing (public facing) 8443 port - and have your LTM (f5) take care of the traffic with an iRule. The iRule can direct specific traffic to a pool of httpd hosts on port 443.
i.e. Set the irule to redirect any request for "/bar/*" to specific pool https://externalurl.foo.com:8443/bar/package.name

I would recommend you look into an AWS S3/Cloudfront style pkg distribution for the WFH crowd. It will be faster for the Users and JAMF can natively interact with it. You can switch your file distribution over to being the master and sync your internal Package Distribution from it. This would give you the benefit of DEP install pkgs.

@tak10 I have the same question you posed, with the same concerns. Did you come up with a solution? I'm wondering if we have to choose SMB under File Sharing but then only allow HTTPS through the firewalls...

@tfahmy That's not an uncommon configuration for DPs in a DMZ if you're still using Jamf Admin to synchronize it, and the ports for SMB are open to the internal network interface but not the public. If you're using some sort of file sync tool, such as rsync to synchronize the DMZ DP with your Primary DP, you can just leave those ports closed.

Please, never ever put a Tomcat webapp in the DMZ. Use another endpoint like a load balancer, proxy, VIP, or some other type of appliance. The security risk is too high to put web apps in the DMZ. If you are allowed to use Cloud storage like S3 I would highly recommend that over on prem, if you have to use on prem Apache servers aren't too bad and scalable.

I was told by Jamf that cloud distribution points are only available to hosted customers, is that true?

@KyleGDG Not unless you're asking for a Jamf Cloud hosted Cloud DP. If you're on-prem, or self-hosting in AWS, you can use Rackspace, Akamai, or AWS S3/CloudFront for a Cloud DP.

Thanks @sdagley ! Looks like I got some misinformation or I misinterpreted. Going to give AWS S3 (man I wish I could use Wasabi) a try. Been having so many problems with my home-made https DP not allowing installation of pkg's.

@KyleGDG I use Wasabi's S3 clone for personal backups, but the standard pricing is based on you not downloading significantly more data than you have stored. If you could use it for a DP the pricing structure would be different.

What issues are you having with .pkg installs via https? That does require flat packages, but Jamf Admin automatically creates a .zip for any non-flat .pkg when it's uploaded to your Primary DP.