Jamf Nation Community

350+ clients, labs plus faculty/staff. We have a pretty robust network infrastructure, which will be improved even further in the near future (gigabit to the desktop).

Main goals are to manage software updates & patches, integrate inventory with SCCM, simplify remote control, and provide a software installation portal. We are also interested in imaging, although DeployStudio works well for us.

We evaluated Casper, Absolute, and Filewave, and we have basically decided on Casper. I am interested in hearing about your hardware config suggestions/best practices.

-Andy

--

Andrew Cunningham
Information Systems Analyst (Mac guy)
Butler University
317-940-4357
http://www.butler.edu

350+ clients isn't going to be too taxing. You could probably get away
with sort of new Xserve and 8gigs of RAM. We have 14,000 clients
(though 7,000 of them are about to be retired) and get by with one JSS
running OS X 10.6.8 Server with 24gigs of RAM and a 2TB RAID 5 set up. If your network infrastructure is good, then your biggest bottle neck
will probably be disk I/O.

If I had to scrap my 1:1 and start over today, I would probably go
Linux in my back end and ditch OS X Server. Then you can use HTTP
downloads for Casper (protocol works on all platforms) since there are
some caveats of a non AFP file share. Though NFS with Kerberos or SMB
does in fact work.

With 350 clients you can probably get away with one server and then one
distribution point for load balancing when you have to push out major
updates. The JSS sits idle and the client is the one that checks in and
forces the push to the client when triggering a policy.

So, the real question for you would be, do you want to run your JSS on
a Windows or Linux Server? You can use OS X Server, but given the
discontinuation of apple server hardware and the lack of options in
their current machines to even be comparable to servers, I would suggest
you keep your options open.

-Tom

Might also want to consider NAS for distribution points.

We are migrating JSS to Windows VM in the not to distant future. We already have Distribution Points on EMC CLARiiON. Haven't ironed out replication (etc) stuff yet, will cross that road when we begin LAB testing the migration.

Happy to get the JSS infrastructure off Apple hardware...hoping NetBoot/AppleSUS will be next on our hit list.

Don

as tom mentioned, it would be a better use of your time and existing infrastructure if you configure the jss on linux within vmware esx.

i have a client running the jss in a cent os vm (web app + db) and repositories shared via sun NAS with smb. you'll get more bang for the buck by splitting functionality and using a more flexible platform than os x server.

Are they all in one office or spread around?

Regards,

Ben.

Netboot works on Linux and SUS can be replaced by Reposado, which is why I suggest running a Linux back end.

-Tom

Yep, unfortunately without a vendor to back up these solutions with paid support contracts, we won't be able to roll out to our clients. :)

(hint for JAMF...hehe)

Don

@tlarkin you have everything installed in one server? MySql as well as the JSS on it? I have to build a new casper enviroment from scratch and am looking for best practices/setups.

I have about 350+ Clients as well, and 3 Locations. The person who did it before me suggested that hosting MYSQL somewhere else. Do you recommend this?

@wmateo... Woah. This is an old thread.

FWIW, I'd advise having a "Master" server running the JSS & services, as well as a distribution point.

But at each location have it's own server for NetBoot & DP to offload the work.

What hardware do you have assigned?

@bentoms the locations span across the country. you recomend separate JSS + MySql? Hardware I am setting up is 1 MacPro with 32G ram and 1TB disk.

@wmateo, that should be more than enough for the JSS. Mine is on a Mac Mini server with 8GB RAM + 500GB drive & is handling 200 clients fine.

No need to separate, just make sure you allocate a decent chunk of RAM to MySQL & Tomcat.

Fwiw, we have 10 other mac mini's scoped to the local offices & they run NetBoot, ASUS & DP.

@bentoms How would you handle disaster recovery then? One of the the requirements is to create my enviroment in Disaster Rcovery site. I was thinking to install a brand new enviroment for the DR site, and replicate or cluster DB. Any suggestioons?

4 Locations

2 in NY
1 ATLANTA
1 CHICAGO

With the central data center in ATLANTA

keeping in mind disaster recovery, and fault tolerance for users in all locations.

Thanks

@wmateo.. One of the Mac Mini's is on our BCP site.

It's "cloud" accessible & as such is used as the failover DP for all DP's.

Also, we nightly backup our JSS... The folder that holds these backups is nightly RSYNCed to the BCP server.

In a DR scenario, we restore the JSS DB on the BCP server & change both internal & external DNS to point to the BCP server.

Estimated downtime 4 hours (except for external DNS replication).

@wmateo,

Thanks for the question. My original post from this thread was from a few years ago, and I was at a different employer at the time. Since then, I have changed jobs and now work for JAMF Software. I have had exposure to a lot of different infrastructures and organizations. My opinions have changed a bit after getting out there and seeing hands on how everyone else manages their environment.

First and foremost I would say stick with a platform you are comfortable with. Me personally (this is my opinion, and does not reflect anything official from JAMF Software), if I had to build out an infrastructure to manage I would do so with Debian based Linux Distros. Probably Debian stable, around their current stable release. This is just my opinion, and you could easily build out something similar with any version of Linux, Windows, or OS X Server. So, I would highly recommend you choose whatever platform you are most comfortable with, and one that Info Sec approves, and everything else that goes with your internal procurement process.

As for splitting things out into multiple web apps and a dedicated MySQL box, there are a lot of advantages to this. I think the most obvious benefit is scalability, so if your current deployment of 350 Macs, increased 10 fold and becomes 3500 Macs, you can just toss a load balancer up and additional web apps to scale out the back end to fit your needs. It also has the initial benefit of failover. If one web app fails, the load balancer would not send traffic to it. The downside is that it has a higher support cost, because you have to manage and maintain more servers now.

Like I mentioned before, I had over 10k clients running off of one Master JSS, and it did pretty well. However, I wasn't necessarily overly aggressive with the product either. Going off the maximum number of clients really is not the only factor to consider. A lot of it has to do with how you use the product. If you need to run tons of recons to get near real time information, or if you are heavily using Self Service for a lot of services (help desk, web portals, plugins, package deployment, etc) and the JSS is getting high traffic from your clients, you will obviously need more resources. I also had multiple locations, but all with in a 10 mile radius of my data center for the most part. So, I had no national, or international WAN traffic to consider.

Now, you also have to consider the cloud hosting solutions as well. We offer them at JAMF, and you can leverage things like Amazon, Rackspace, and Akamai, so you have even more options available to you. So, if you are already are leveraging these services, or are looking into them that is another option. Plus if you have multiple sites, the Cloud can be attractive so you don't have to worry about DMZ/borderzone stuff, and everything else with outside clients hitting your data center. Assuming you have people in the field that is.

I would first suggest contacting your Account Manager at JAMF, and request some more information. I don't want to tell you right now to split up your servers and services until we get the bigger picture of what you are doing with the product, and your road map. Each environment is highly different, and I am guessing you also have to deal with PCI security compliance since you are in financial? Sorry, I took a peek at your LinkedIn profile. So, I would first contact your Account Manager and let them know you are looking to rebuild or change your infrastructure. We also offer services to come onsite and help you do this as well.

So, since you have so many options to explore, and I think we should qualify your needs first, contacting your Account Manager would be the first step. Your Account Manager at JAMF will have access to other people and resources internally to best assist you as well.

Welcome to the Casper Suite, and I look forward to hearing about how you build everything out.

Thanks,
Tom

Just a note to add to Tom's response. If you've got infrastructure folks on who can provide you with VMs, your job would be a whole lot easier if you build on what they give you. Nothing beats having someone else deal with the VM/OS stuff, so you can concentrate on the apps and services. This includes distribution points, why not tap into what's already there? ;) Just an opinion, we always try to leverage existing infrastructure.

@donmontalvo Thanks Don.

@tlarkin Thanks for your detailed response. Will do....

Hmm looking at what y'all are using compared to what we are using, I think we are overkilling a bit :)

We have 9 or 10 "servers" total. In our main location we have 2 - XServes (2009), and 2 Mac Pros (though one is just in my office for a local Netboot/DP/Update Server), then we have 2 Mac Pro's in Chicago, 1 xserve in NY, 1 macpro in michigan, 1 macpro in California, and 1 macpro in india. All supporting about 950 clients connecting back to one of the Xserves here at the main location.

This year I hope to get new MacPros to replace the xserves and then move onto the DMZ.

@jwojda what happens if your server in main location goes down?

Excellent question. Haven't had to do it yet. The plan is...

I keep a backup server production ready at all times, so all it needs is the current Casper/JSS install and the DB.
We import our DB to a backup server and make some quick DNS changes, theoretically we can be up and running in the time it takes to import the DB new server.

Hey Everyone,

I would also like to say that we had primary distribution points in every high school, so a total of 6. We also had Mac Minis in place where we needed more load balancing of package/script deployment. On top of that we had several other Mac Minis that acted as NetBoot servers, that we deployed in each tech's office. That way the tech at that site could mass image off their own Mac Mini. Small buildings that were geographically close to the high schools would piggy back off of them for software distribution.

I think overall we had 40 to 50 servers running. However, I was also running a massive Open Directory replication, and other services on top of Casper. Like cascading SUS, extra file shares for departments (science, art, English, etc.), wiki server, and probably a few things I am not recalling. I however, did not set up a clustered Tomcat environment. I am not saying that I would never do so at my old job, but it was more of the fact I wasn't sure where I was headed. At the time the Xserve was discontinued so I was looking at Linux options. I just never got to that point before I left that job. I just knew that I was going to prefer something I can rack, and we were also talking about virtualization as well.

I just want to reiterate that I am not suggesting to always go one way or the other. I just want everyone to be aware of their options.

Thanks,
Tom

@jwojda.. Similar to my setup. It works well when we've needed it.

I wonder what's the feeling with:

( OS X ) Vs ( Windows 7 ) Vs ( Linux ) ?

At present, we have our Casper Servers running on a Virtualised ( Mac OS X 10.6.8 ) on XServer Hardware..
This summer we are planning on replacing it with… Something..

The Something will likely be running Virtualised on ESX..
-- I have a choice of: OSX, Windows-7, Linux..

But only (EULA) OSX on Apple Hardware... Possibly a MacMini..

But I am also considering Linux or Windows, on Dell Server hardware.
(Since that has better infrastructure support..)

I think that any of those combinations are possible.. But some have different advantages..

But what are admin's experiences of Casper on: Windows-Server 2008 (R1 or R2) and on Linux Server ? (Which flavour ?) -- That would be useful to know..