Designing a JSS setup from scratch

franton
Valued Contributor III

Hi folks,

I have the possibility of completely re-architecting the JSS setup we have here as the current one has certain drawbacks.

So if you were going to completely redesign your JSS set up, what would you aim for in your design?

2 ACCEPTED SOLUTIONS

donmontalvo
Esteemed Contributor III

@franton I would dropkick all Apple hardware into a dark alley, and build the new JSS infrastructure on Windows Server 2008 virtual machines (or whatever your Datacenter folks want you to use). I'd keep the master in your main location and run headless Tomcat instances in remote locations (clustering). I'd also run headless MDM, if you're able to add to your cluster if you can get it to connect from DMZ to your master. I'd put the Distribution Points on Windows Server 2008 virtual machines as well, so you can manage them yourself (the usual AAMEE/SMB heads up). I'd make sure you've got your DNS and certs stuff planned out in advance...and buy the Datacenter team some beer for making sure they keep the servers running (and not update Java LOL).

--
https://donmontalvo.com

View solution in original post

nkalister
Valued Contributor

i'd pretty much second what don said, with added emphasis on avoiding apple servers. Seriously. I've been extremely happy with housing my JSS on a windows server VM and using our existing SCCM file shares as distribution points, though mounting those SMB shares can be a little flaky. If you use windows file shares, I'd recommend setting up IIS and using HTTP downloads, they've been very reliable.

View solution in original post

11 REPLIES 11

CasperSally
Valued Contributor II

I'd put MDM on a separate JSS so I didn't have to upgrade both at the same time if I didn't want to, or one could be externally facing without the other.

mcrispin
Contributor II

I would wait for Casper 9 and think very hard about my organizational structure and package naming conventions, particularly if you have a silo or other kind of complex environment.

franton
Valued Contributor III

We don't have a complex environment at all at present. It'll be easier to make changes now than later, especially when our xserves are "retired".

donmontalvo
Esteemed Contributor III

@franton I would dropkick all Apple hardware into a dark alley, and build the new JSS infrastructure on Windows Server 2008 virtual machines (or whatever your Datacenter folks want you to use). I'd keep the master in your main location and run headless Tomcat instances in remote locations (clustering). I'd also run headless MDM, if you're able to add to your cluster if you can get it to connect from DMZ to your master. I'd put the Distribution Points on Windows Server 2008 virtual machines as well, so you can manage them yourself (the usual AAMEE/SMB heads up). I'd make sure you've got your DNS and certs stuff planned out in advance...and buy the Datacenter team some beer for making sure they keep the servers running (and not update Java LOL).

--
https://donmontalvo.com

nkalister
Valued Contributor

i'd pretty much second what don said, with added emphasis on avoiding apple servers. Seriously. I've been extremely happy with housing my JSS on a windows server VM and using our existing SCCM file shares as distribution points, though mounting those SMB shares can be a little flaky. If you use windows file shares, I'd recommend setting up IIS and using HTTP downloads, they've been very reliable.

jhbush
Valued Contributor II

Any suggestions on netboot replacements. I'm planning on dumping our Xserves as soon as possible for clustered Linux VM, but I'm torn on keeping Mac mini's around to netboot and image from. I'm hoping the JDS and AWS will handle most of what we are looking for. Suggestions or comments welcome.

franton
Valued Contributor III

@donmontalvo : That's roughly what I plan to do except apart from an IIS http dp, I'm going the unix route on this. That's unless anyone can give me a convincing reason as to why not.

Eventually our xserves will go the way of the dodo (can't come soon enough), and we'll probably shift over to a single JDS per site to provide netboot, apple sus and application delivery.

franton
Valued Contributor III

@jhbush1973 : We're looking at internal JDS solution. Can't say too much more due to Casper 9 beta test restrictions apart from beats rolling our own solution with netatalk and resposado!

CasperSally
Valued Contributor II

we are anxiously awaiting JDS as well. I hope the timing works as we're looking to get rid of our xserves this summer.

franton
Valued Contributor III

I'm planning a cluster JSS set up so I can have a "restricted" JSS in our DMZ for our external users. We'll have a master JSS inside our firewall for everyone else. If you've done something similar, how are you all setting up your load balancers? The docs i've seen aren't very specific on this.

Brad_G
Contributor II

@jhbush1973
JAMF has already offered a NetBoot/SUS Appliance. I've been using this product this past summer/fall to handle imaging our lab hardware. Here are a couple of threads regarding the appliance.

https://jamfnation.jamfsoftware.com/viewProduct.html?id=180&view=info

If you want to roll it directly onto hardware instead of a VM (I recycled some old PC hardware and did this myself). Word of warning that you have to have the 10.04 64-bit server build to pull it off GitHub.

https://jamfnation.jamfsoftware.com/discussion.html?id=3874

I can't comment on future products but this is a great tool JAMF has provided.