Posted on 03-13-2019 10:06 AM
Hello,
In order to set up a JSS in DMZ, do we have to have only one address accessible internally and externally?
Is it possible to have 2 diferent addresses to configure locally on the client computers? If one is not accessible, it tries to connect to the second one.
Thanks for your help
Posted on 03-15-2019 02:06 PM
Our DNS service is uses BIND.
Working with our network engineers they recommended creating a view in the BIND DNS to direct clients to the proper JSS depending on whether the client is internal or external. Windows DNS probably has a the same function?
Posted on 03-25-2019 05:32 AM
Hello @burdett
Thank you for your reply.
I have seen with our network administrators and apparently this is not possible.
No problem, I asked if you knew a solution but I think it's up to our network technicians to find a solution.
Thanks for your help.
Posted on 03-25-2019 07:22 AM
You need two distinct Jamf servers in a cluster. One facing internal, one facing external. A DNS record internal and external with the same FQDN that matches your "Jamf URL." Also, buy a publicly-signed SSL certificate and install on both.
Posted on 03-25-2019 12:12 PM
@glpi-ios There is a document, Installing a JSS Web Application in the DMZ,
Talk to your JAMF TAM, about also purchase the JSS Migration Service Expanded Service. A member of Jamf Services will work with you via WebEx to install the JSS in the DMZ and ensure functionality. For more information on Jamf Expanded Services, download the following PDF:
https://resources.jamf.com/documents/products/documentation/jamf-premium-services.pdf
Maybe your network technicians can direct connections to internal, external host with host firewall rules. I would recommend creating a test server pair and test your DMZ configuration before acting on your production environment.