Posted on 09-17-2019 09:07 PM
Would setting up a cluster help take some of the load off the main server? Or is the only function to provide another web app instance to run and work from an existing database?
Posted on 09-18-2019 06:02 AM
Yes, if you split out your master server from a couple of client facing nodes, you can off load some of the work. Basically your client nodes would handle the communications with the endpoints, while the master server would do most of the work with the database. We run in this config, with an API / Admin node as well. So we have a master, an admin/api node, and three client facing nodes for our 16,000 endpoints. Works well and while we still see some performance hits at certain times of the day, for the most part everything runs great in this config.
Posted on 09-18-2019 06:08 AM
Wow, impressive setup. I have around 150 client systems, going up to 250 in the near future. Do you run them behind a load balancer?
I am leaning toward a load balancer pointing to two jamf servers, one a master and the second server to take some of the load off of the master.
Posted on 09-18-2019 07:16 AM
I wouldn't think that you would need to cluster for under 5000 clients. Are you running JamfPro on physical hardware or a VM? Windows or Linux?
Posted on 09-18-2019 07:35 AM
I am running on a VM currently but migrating back to a MacPro. VM has 4vcores 8g of ram.
Posted on 09-18-2019 07:54 AM
I personally think VM's are the way to go. They provide much more flexibility than physical hardware. I am also a big believer in Linux servers over Windows. I have a large org (47.5K clients) and we struggled a lot with performance issues until we moved everything to Ubuntu server VMs. Depending on your org's requirements and cost you could also look at cloud JamfPro.
Posted on 09-18-2019 07:59 AM
I moved from a MacPro to a VM (CentOS 7) hoping to save resources and I can repurposed my MacPro system. But I kept having to up my VM resourses so I just gave up and I am starting to migrate back over to the MacPro. My org will never grow that big while I am around.
Posted on 09-18-2019 08:10 AM
If your environment is under 500 you don't need to cluster. If you're having performance issues I would look at what is causing the issues. What resources are you having to increase on the VMs?
Look at your Smart Groups. Make sure you're not using a lot of fuzzy logic criteria (the "like" or "not like" options). Smart Groups with a lot of criteria, more than 3 or 4, can have an impact. Look to switch over to using regex instead.
You can also extend your inventory time. Do you really need to update inventory every day? Stretch it to a week. That will cut down on the number of devices checking in.
My previous environment was around 200 endpoints and I ran it all on a single Ubuntu VM with no problems at all. And I didn't have a ton of memory allocated either.
Oh, and you could look to split out your database onto a dedicated box as well.
Posted on 09-18-2019 08:33 AM
I would split of the MySQL database to a separate VM and make sure the appropriate amount of resources are allocated for your load. I have update inventory happening ever hour and don't have an issue.
Posted on 09-18-2019 11:48 AM
@stevewood do you mean logic like this? lol
Posted on 09-18-2019 11:52 AM
@jray10 Oh yeah, especially like that! Especially if all of those groups are Smart Groups because those have to recalculate as well.
We crippled our server with less than 3,000 endpoints once because of logic like that. Literally, could not get into the GUI, client machines could not check in, it was bad. One of our contractors had created a group just like that and it killed us.
Posted on 09-18-2019 12:11 PM
@stevewood Sad day for me I use that to deploy All my basic software, and used them for profiles but now they point to single static groups.
So I will move all my scopes to point to only the static groups for my labs and not a single larger group, hopefully this helps. I am going to move the DB to a different system, I just don't know where. Or if I should visualize or use a DM. I like the idea of keeping Jamf on a VM and on Linux. Moving to a Mac was an attempt to fix some performance issues.
Posted on 09-18-2019 12:20 PM
If you can make each of those have a single item in common, like adding "Student" to the names of the groups, you could use a regex and cut that down to a single line. Then add the "not computer name" as exceptions to your policies / profiles, or to a single static group that then was added to your policies / profiles.
I would test this in Jamf (I did it using the Patterns app), but you should be able to add "Students" to the name and do "Matches Regex" and "Students" as the criteria.