- Jamf Nation Community
- Products
- Jamf Pro
- Re: Designing a JSS setup from scratch
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 12:21 PM
Hi folks,
I have the possibility of completely re-architecting the JSS setup we have here as the current one has certain drawbacks.
So if you were going to completely redesign your JSS set up, what would you aim for in your design?
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 05:19 PM
@franton I would dropkick all Apple hardware into a dark alley, and build the new JSS infrastructure on Windows Server 2008 virtual machines (or whatever your Datacenter folks want you to use). I'd keep the master in your main location and run headless Tomcat instances in remote locations (clustering). I'd also run headless MDM, if you're able to add to your cluster if you can get it to connect from DMZ to your master. I'd put the Distribution Points on Windows Server 2008 virtual machines as well, so you can manage them yourself (the usual AAMEE/SMB heads up). I'd make sure you've got your DNS and certs stuff planned out in advance...and buy the Datacenter team some beer for making sure they keep the servers running (and not update Java LOL).
--
https://donmontalvo.com
https://donmontalvo.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 06:24 PM
i'd pretty much second what don said, with added emphasis on avoiding apple servers. Seriously. I've been extremely happy with housing my JSS on a windows server VM and using our existing SCCM file shares as distribution points, though mounting those SMB shares can be a little flaky. If you use windows file shares, I'd recommend setting up IIS and using HTTP downloads, they've been very reliable.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 12:42 PM
I'd put MDM on a separate JSS so I didn't have to upgrade both at the same time if I didn't want to, or one could be externally facing without the other.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 01:22 PM
I would wait for Casper 9 and think very hard about my organizational structure and package naming conventions, particularly if you have a silo or other kind of complex environment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 01:55 PM
We don't have a complex environment at all at present. It'll be easier to make changes now than later, especially when our xserves are "retired".
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 05:19 PM
@franton I would dropkick all Apple hardware into a dark alley, and build the new JSS infrastructure on Windows Server 2008 virtual machines (or whatever your Datacenter folks want you to use). I'd keep the master in your main location and run headless Tomcat instances in remote locations (clustering). I'd also run headless MDM, if you're able to add to your cluster if you can get it to connect from DMZ to your master. I'd put the Distribution Points on Windows Server 2008 virtual machines as well, so you can manage them yourself (the usual AAMEE/SMB heads up). I'd make sure you've got your DNS and certs stuff planned out in advance...and buy the Datacenter team some beer for making sure they keep the servers running (and not update Java LOL).
--
https://donmontalvo.com
https://donmontalvo.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 06:24 PM
i'd pretty much second what don said, with added emphasis on avoiding apple servers. Seriously. I've been extremely happy with housing my JSS on a windows server VM and using our existing SCCM file shares as distribution points, though mounting those SMB shares can be a little flaky. If you use windows file shares, I'd recommend setting up IIS and using HTTP downloads, they've been very reliable.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2013 09:47 PM
Any suggestions on netboot replacements. I'm planning on dumping our Xserves as soon as possible for clustered Linux VM, but I'm torn on keeping Mac mini's around to netboot and image from. I'm hoping the JDS and AWS will handle most of what we are looking for. Suggestions or comments welcome.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2013 01:05 AM
@donmontalvo : That's roughly what I plan to do except apart from an IIS http dp, I'm going the unix route on this. That's unless anyone can give me a convincing reason as to why not.
Eventually our xserves will go the way of the dodo (can't come soon enough), and we'll probably shift over to a single JDS per site to provide netboot, apple sus and application delivery.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2013 01:06 AM
@jhbush1973 : We're looking at internal JDS solution. Can't say too much more due to Casper 9 beta test restrictions apart from beats rolling our own solution with netatalk and resposado!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2013 05:42 AM
we are anxiously awaiting JDS as well. I hope the timing works as we're looking to get rid of our xserves this summer.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2013 01:07 PM
I'm planning a cluster JSS set up so I can have a "restricted" JSS in our DMZ for our external users. We'll have a master JSS inside our firewall for everyone else. If you've done something similar, how are you all setting up your load balancers? The docs i've seen aren't very specific on this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2013 02:01 PM
@jhbush1973
JAMF has already offered a NetBoot/SUS Appliance. I've been using this product this past summer/fall to handle imaging our lab hardware. Here are a couple of threads regarding the appliance.
https://jamfnation.jamfsoftware.com/viewProduct.html?id=180&view=info
If you want to roll it directly onto hardware instead of a VM (I recycled some old PC hardware and did this myself). Word of warning that you have to have the 10.04 64-bit server build to pull it off GitHub.
https://jamfnation.jamfsoftware.com/discussion.html?id=3874
I can't comment on future products but this is a great tool JAMF has provided.
