With a lot more of our workstations soon to be leaving campus for an unknown extended period, we're looking at quickly standing up a server in the DMZ so that we can continue to manage those systems while off campus.
I've got the basic instructions (https://www.jamf.com/jamf-nation/articles/174/installing-a-jamf-pro-web-application-in-the-dmz) and am thinking about the other practical implications/changes needed.
So far I've got:
- Right now our DEP process does not require login, because it only works on campus anyway. Once it works off campus, seems like requiring login would be a good idea.
- The article talks about running policies while off site or not (needing an externally accessible DP). Without the DP am I basically monitoring only? Will policies that don't include a package or script run OK? (Granted, that doesn't leave much, in my setup.)
- How complicated is it to set up an externally accessible DP?
What else should I be thinking about?
@sdagley The internal DP does have https turned on, fairly recently. I still have a few packages that refuse to distribute that way for whatever reason and fall back to SMB, but they are the exception and I believe they are all lab-related, so on-campus only. Do people usually set up a 2nd DP for external use, or just make the same internal one available externally by poking holes in the firewall?
@Hugonaut We are looking at adding an externally accessible DP for our site as well, for prestage enrollments, as well as enabling our Self-Service policies to work off site. Our environment is clustered, the webapps are Ubuntu virtuals in the dmz, with our certificate on the load balancer.
Would you be able to provide some insight on how to accomplish this?