Configure 2 addresses for DMZ

glpi-ios
Contributor III

Hello,

In order to set up a JSS in DMZ, do we have to have only one address accessible internally and externally?

Is it possible to have 2 diferent addresses to configure locally on the client computers? If one is not accessible, it tries to connect to the second one.

Thanks for your help

4 REPLIES 4

burdett
Contributor II

Our DNS service is uses BIND.
Working with our network engineers they recommended creating a view in the BIND DNS to direct clients to the proper JSS depending on whether the client is internal or external. Windows DNS probably has a the same function?

glpi-ios
Contributor III

Hello @burdett

Thank you for your reply.

I have seen with our network administrators and apparently this is not possible.

No problem, I asked if you knew a solution but I think it's up to our network technicians to find a solution.

Thanks for your help.

bradtchapman
Valued Contributor II

You need two distinct Jamf servers in a cluster. One facing internal, one facing external. A DNS record internal and external with the same FQDN that matches your "Jamf URL." Also, buy a publicly-signed SSL certificate and install on both.

burdett
Contributor II

@glpi-ios There is a document, Installing a JSS Web Application in the DMZ,

Talk to your JAMF TAM, about also purchase the JSS Migration Service Expanded Service. A member of Jamf Services will work with you via WebEx to install the JSS in the DMZ and ensure functionality. For more information on Jamf Expanded Services, download the following PDF:
https://resources.jamf.com/documents/products/documentation/jamf-premium-services.pdf

Maybe your network technicians can direct connections to internal, external host with host firewall rules. I would recommend creating a test server pair and test your DMZ configuration before acting on your production environment.