Posted on 07-30-2013 04:25 PM
I am trying to figure out how to put a distribution point on our DMZ that can talk to the main DP on the LAN. I have looked at all the documentation on setting the JSS up on a DMZ, but it is pretty lacking in information and I must say I am a little confused.
Here is the goal of what I need to accomplish:
-Clients that are managed will be able to download software from Self Service outside of our LAN
-I need to replicate the master DP to the external DP
I am a little confused as to what steps I need to take to get this process started. I am running my current setup (on the LAN) on a 10.8 Mac server and will be running a 10.8 VM server to serve as the external DP. I currently have MySQL and everything else installed on the VM - I was going off of the article about JSS in the DMZ, but now I am stuck and can't seem to get the master to replicate to the VM.
How do I setup a DP that talks to the internal master so clients can download software outside of the LAN?
Posted on 07-30-2013 08:54 PM
DMZ servers typically have two network interfaces (NICs). One NIC is connected to the internal LAN and the other is connected to the Internet (with a suitable firewall in place that allows only certain traffic to pass).
So, first question: Does your DMZ distribution point server have two NICs configured?
Second question: Is your JSS accessible both on the LAN and to the Internet? If not, do you have a second JSS in the DMZ for clients reporting from the Internet?
The Certified JSS Administrator course may interest you if you need to set up multiple JSS systems.
Posted on 07-31-2013 12:50 AM
Hi Nichele!
Another option might be something along these lines, leveraging Box.com for a public CasperShare:
http://bryson3gps.wordpress.com/2013/02/06/using-box-as-a-casper-share/
Posted on 07-31-2013 03:46 AM
Hi Nichele,
I've done what your attempting except we are using real Mac servers & not VM's.
I'm on holiday for a few more days, I'll try & respond when back.
Posted on 07-31-2013 05:41 AM
i am using a reverse proxy on the external server pointing to the http share on the internal server that way you dont have to have space on the external server and no replication...
Posted on 08-09-2013 09:50 AM
Hi Bentoms-
No pressure, but I wanted to see if you have any updated information that could help me? Thanks!
Posted on 08-09-2013 09:55 AM
I'd second the post about using box.com.. Took it one step further since you are using a Actual server, install the box sync tool on it.. And let it auto upload that content to box.com. Just remember to never try and sync to it in casper admin. It won't work.
This takes the strain off your network to supply that content externally..
Posted on 08-26-2013 12:14 PM
How'd this turn out? I've just gotten my DMZ JSS set (literally today) and am in the process of configuring a DP out there. I am 100% positive our Server team and Security would flip if I suggest a public Box.com account.
Posted on 09-03-2013 01:37 PM
I had to put a hold on it because things got busy, but I am on the same page as you. We don't want to use a Box account to transfer anything, and now I am also looking at adding another DP in Amsterdam and need to get that configured, so I am still at the starting point.
Posted on 09-05-2013 01:44 PM
@nessts... Could you email more detail around setting up the reverse proxy on the DMZ server.
My setup is as follows - Windows VM Server in the DMZ with limited access and XServe internal.
Currently external clients are checking in but not able to see apps within Self Service.
Thanks in advance.... ::sp
Posted on 09-05-2013 02:28 PM
in my Mac server and my linux server that do the same thing running Apache web server i created a reverse.conf file
you would replace internal server with your real internal server, you have to have 80 and or 443 open between them for that traffic to pass.
ProxyPass /CasperShare http://internalserver/CasperShare
ProxyPassreverse / https://internalserver/
ProxyPassreverse / http://internalserver/
Posted on 06-19-2015 01:10 PM
@nessts Can you share the reverse.conf file script? Thanks.
Posted on 06-19-2015 01:40 PM
well. its not a script its a conf file for apache. and the contents of said file are in my last post on 9/5/13