- Jamf Nation Community
- Products
- Jamf Pro
- Custering and DNS Problems
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Custering and DNS Problems
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2017 05:21 AM
3 weeks ago, JAMF helped us add a 2nd JSS server and create a cluster. We don't have a load balancer so we used DNS round-robin (Win 2008r2 DNS) for a poor-mans load balancing.
We had 2 identical DNS A records pointing to 2 different IPs (2 different servers). That was the internal DNS. External DNS was just 1 A record pointing to the internal Master server (the original JSS). However, we have had JSS since 8.5 so we had originally used a different name way back then for the 1st JSS server. That name is still being used as the JSS URL. At the time JAMF said we could just CNAME that name to the new JSS server we installed then (now master JSS server) and not have to re-enroll devices. After adding the cluster, DNS looked like this:
Internal
IP1, IP2 > A record>CNAME
External
IP1>A record>CNAME
Kinda worked and kinda didn't. Logging into the JSS was fine, that round-robin'd fine. But the devices had problems. Self-Service on devices would, sometimes, say "Server cannot be contacted" The fix was to just turn off/on wifi. However the issue would return after a few days. Very possibly after the devices went home overnight. We removed the A record for the 2nd JSS and devices are fine.
Should we just bite-the-bullet and get a load balancer?
What about getting rid of the CNAME from the original JSS that no longer is here?
Should we spin up a 3rd JSS server, name it the original JSS (the CNAME) and make it the new Master?
Any other recommendations?
**EDIT Clustering and DNS !
Labels:
- Labels:
-
Jamf Pro
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2017 06:07 AM
I would personally recommend a balancer and I'll note that not all of them are expensive. For instance the one we used in CJA class was Pound, a Linux-based open source one. There are many others both paid and free, hardware vs. software. Even Pound allowed you to define multiple backends, append a cert and give priority to specific backends. Here's a link to info about Pound on Ubuntu servers: [https://help.ubuntu.com/community/Pound](link URL)
I wanted to clarify that while round-robbin DNS works in theory, we had had bad luck with it years ago for database servers such as PowerSchool. They ended up buying a balancer for that and I'm able to piggy-back my JSS cluster off of that load balancer. The exact one we use is called KEMP, but it is in fact a paid solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2017 10:34 AM
Have to say yes on the load balancer. We too use KEMP. Very happy with it. Have 9 JSS instances behind it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-17-2017 10:43 AM
@gbyers glad to hear you use and like KEMP....when we built our cluster I was worried as I hadn't heard from many other users balancing a JSS cluster with it.
If I may pick your brain, could I get in touch with you somehow? Our KEMP is working well but I haven't been able to set Limited Access up so well for my tomcat backends. When I go into the JSS and do that it works but then KEMP reports the backend as down and doesn't send traffic to that backend.
In short I don't want an end user going directly to a back-end and trying to administer the JSS from it.
My KEMP guy in house says it's an issue with how KEMP detects that a backend is up or down and has offered to call KEMP support, but hasn't had time.
In short did you run into this and if so what did you do?
