Do I need memcache for all my servers

nigelg
Contributor

This is our test setup:-
JSS 9.98 Clustered environment
2 clustered web apps behind a load balancer for internal clients
1 internal web app for management tasks (master)
1 external web app in the DMZ for external clients

We are considering building 2 memcache servers.

My question is :-

Do all my web apps need to connect to memcache including the external web app?

I am aware that memcache is not a requirement until Jamf Pro 10 is released but we want to get this set up correctly before we move this environment into production.

I have also submitted this to JAMF Support to get their view and will add their response to this thread for people to use for future reference.

4 REPLIES 4

blackholemac
Valued Contributor III

I have been told that you can do one Memcache server for your cluster farm provided it is configured properly according the this documentation: https://www.jamf.com/jamf-nation/articles/428/memcached-installation-and-configuration-for-clustered-jss-environments

My source was actually one of Jamf's training instructors.

donmontalvo
Esteemed Contributor III

Based on the apparent lack of security for memcached, aside from blocking ports, not sure it should be in the DMZ? #askingForAFriend

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor III

Apparently memcached is now a recommendation, and not a requirement, for Jamf Pro 10.

--
https://donmontalvo.com

chmeisch
New Contributor III

The memcached usage is sooo looow so far as of 9.101 (in regards to CPU, space). We have 3 JSS's running with ~10k devices and have two memcached instances running on the two JSSs that are slaves in our clustered environment. One doesn't get used virtually at all, the other does a lot of connections and occasional spikes of ~50Mbps traffic, but it barely pushes server resources. You can monitor it live with a tool like netdata. (https://github.com/firehol/netdata)

I'd say install it on both of your load balanced slaves, dont need to allocate much to it, and then set your firewall rules to allow connections only from your webapp on the DMZ (ip address, etc) to the memcached port, maybe use a non-standard port for it. Of course the master that is internal will have access to it.