Jamf Nation Community

Hi @Mansour and welcome to the JAMFNation
World wide, you can use the same JSS provided your not taxing it with clients. Geolocating the JSS'es is worth more effort than its worth.

Seconding @jarednichols your distro points can be pretty well anything that serves up files.

Thanks for the quick response guys. I do still need Mac OS X server to do the imaging, right?

You'd only need osx server if you're doing netboot imaging. Although there are third party programs that'll let you do a netboot image without osx server (NetSUS, BSDPy) Otherwise any machine with casper imaging installed can image a machine. (provided the user also has creds that allows imaging in the JSS)

You would also need OS X Server if you wanted to have more than 10 simultaneous clients connected to that system.

NetSUS is the JAMF way of doing it. Another option would be Mac Minis with OS X Server installed - this is how I did it at my last position, and for the most part it was the easiest thing to manage remotely. YMMV, of course.

Otherwise any machine with casper imaging installed can image a machine

I think Casper imaging can only be installed on Mac OS, correct? I can't install it on a Windows server? I wouldn't need 10 simultaneous connections for imaging. More like a couple at a time.

NetSUS also mentions OS X server as a requirement:

Requirements
A minimal base OS image.
A server with OS X server installed that you can use to host the NetBoot image.
Casper NetInstall Image Creator v4.0 or Later

Would the OS X provided by Apple with what you needed pushed over the top be sufficient?
If you get Apple Device Enrollment Program working correctly you can create a scenario where machines can be internet reset directly from Apple, they will then automatically enroll in Casper during setup, then Caspaer will push any settings and applications required.
Not for everybody but definitely an option especially for remote sites.
There are limitations such as where the hardware can be pruchased etc... but it's potentially a better system for you depending on the remote users needs.

Hi,

The JSS can certainly be clustered for load balancing or resilience (or both). I'd recommend the CJA course as it covers pretty much all you'd need to know on the topic.

Regarding imaging, this depends on how far you want to take it. If you want to actually erase the target Mac and replace the OS, you need to boot it from something other than the built-in boot drive. This can either be from a netBoot server or an external drive with OS X installed. If you want to do this from multiple sites, you'll need a netboot server at each location (netbooting across a WAN will be painful).

If instead, you just want to deploy a set of apps on top of the OS the Mac ships with (specifically, not erasing the Macintosh HD), you just need to run Casper Imaging on the booted drive and pick the desired configuration.

For Netboot servers, Mac minis do the job well, although I would make upgrade the internal drive for either a fusion drive or an SSD. The default 5400-rpm drive is a bit lame. The BSDPy or JAMF's NetSUS appliance will also work well. These are our preference as they can run in an existing virtual environment. If you do go for Mac minis, you can also make use of the Caching service to speed up app deployments and updates from the app store.

On top of the netboot server, you need a netboot image that the clients will actually use to boot up. I would recommend using Ben Tom's AutoCasperNBI https://macmule.com/projects/autocaspernbi/. It makes the netboot image creation really easy.

Distribution points are just AFP, SMB and/or HTTP shared folders containing the packages and disk images for deployment. As Jared said, if you have SCCM (or similar) already, piggy backing off them would be an easy solution. Of course, tying it all in together on Mac minis is a nice easy solution.

Thanks for all the replies guys. Very insightful. I would like to take some classes but it's not in our budget so I have to make do with forums and what I can stitch together from Googling and the excellent JAMF support.

A few follow up questions.
1. Can i mirror distribution points or each individual DP has to be uploaded with each set of software I need distributed?
2. Personally I would like to use VMs and JAMF's NerSUS appliance but I was told it would be easier to deploy hardware. Would you buy 5 Mac minis for a 5 office location to do NetBooting and can I at that point use them as distribution points? I think this is what David meant when he said "tying it all in together on Mac minis is a nice easy solution."
3. What would you use to back them up? Is it as simple as hooking up an external drive and doing TimeMachine backups or something more sophisticated would be needed?

This is what I'm thinking so far on what is needed to have a half decent setup:
- A single JSS server. We already have it stood up and configured on a Windows VM. It is being backed up and I do snaps whenever updates are applied. There is also a backup process that is running against the VM.
- 5 Mac minis with OS X Server installed on each for NetBoot and File Share Distribution Points for each region.
- Anything else?

1. Can i mirror distribution points or each individual DP has to be uploaded with each set of software I need distributed?
Nope in Casper admin you can select all the dp's at once and clone them. Although alot of us have Rsync, BTsync or other sync methods in place.
2. Personally I would like to use VMs and JAMF's NerSUS appliance but I was told it would be easier to deploy hardware. Would you buy 5 Mac minis for a 5 office location to do NetBooting and can I at that point use them as distribution points? I think this is what David meant when he said "tying it all in together on Mac minis is a nice easy solution."
We use mini's in every office, running netboot, caching services, & file share DP (we found the JDS model did not work for us)
3. What would you use to back them up? Is it as simple as hooking up an external drive and doing TimeMachine backups or something more sophisticated would be needed?
We don't back them up, all the data is cloneable over the internet, we did opt for slower drives instead of ssd, and mirrored the two 1TB drives to provide us a somewhat failover.

As for setup, if you have a mobile workforce you may want to look at setting up to jss'es and having one in your dmz. You'll get checkins and allow self service to be used outside of your network (this will require an externall DP)

While we use a separate dns for each (due to our network limitations) JAMF recommends using one DNS and multihoming it, to both your internal & external JSS.

Can the remote nodes (Mac Minis) host Self-Service site or is it handled exclusively by JSS?

The actual website self service runs off is exclusively handled by the JSS
(its actually Https://casperurl:8443/selfservice2)

What you see in self service is served by the JSS. If you have any policies deploying packages or dmgs they'll come from the distribution point once triggered.

@Mansour I've recently documented how I'm globally i'm making the most of the mac mini for use with the casper suite, linked within the post is video to a panel I was on at JNUC2014 titled Thinking Big: Scaling JSS Infrastructures for the Mobile Workforce

Hope they shed some light too.

Awesome help. Thanks a ton guys!! Looks like we will be sticking with Casper thanks in part to this forum.

@Mansour glad we can all help. There's also a bunch of us that hangout on irc