Exposing an on-premise Jamf instance to the internet?

As for @tlarkin 's comment...it's very true and a very ugly scenario...when I was first planning on adding external support years ago, I had a colleague do a simple security audit on our former on prem server design and well he hated that...we solved by putting the tomcat nodes behind the load balancer and made the balancer the sole way in...it was very awkward but doable if interested. I will definitely pitch the cloud though simply because of how smoothly Jamf made our transition.

@blackholemac Just curious on the S3, is it a cost thing or is it just cloud storage is a no go? I am wondering since cloud storage is so cheap it is probably cheaper than whatever it cost you to self host the distribution points yourself.

@blackholemac : did you edit your post four times in the space of 10 minutes or so? Jamf Nation alerted me five times via email that I was mentioned in this post.

I did but wasn’t trying to be a turd... I have a bad habit of rereading something I write long after I post it I shouldn’t do that I should read it before I hit post but I’m really weird about that. Please forgive

@tlarkin I do mean what I said on a 100% cost basis. Microsoft is essentially giving us (a school district) Azure and charging a very trivial amount for bandwidth usage. As such I’ve been advocating for a formal Azure distribution point for years... https://www.jamf.com/jamf-nation/feature-requests/2083/microsoft-azure-support-for-cloud-distributions-points

The short of it is you don’t have to sell me on having a cloud distribution point (whatever vendor provides) because I agree with your position 100%. I merely have to deal with, “Why can’t we do it on Azure instead?” The good news is that this pandemic actually gave me a whole lot ammunition to move our Jamf Pro instance to the cloud...period. Along with it, I get to reap all the benefits of being a Jamf Cloud customer now...(cloud distribution point Included) without having to wait on that feature to be added.

I’m sure all of you have been presented with the comment, “Why can’t we do <whatever it is we are trying to do> with <whatever it is that the org prefers or already has>. I don’t encounter that too often but I do sometimes especially if I want to build something in the DMZ for whatever reason. I actually had a file distribution point working In Azure, but it was very slow, not very effective and not exactly my ideal. With Jamf Cloud, I get a supported solution.

@blackholemac ah I see, well Azure is also a very solid cloud platform. We use both Azure and AWS. I misread the whole thing and thought you were not allowed cloud storage because of cloud prices, my bad. Reading and words are hard.

Hi. I was wondering if anyone has any clear instructions on what needs to be done, and how for the split DNS setup. Our network team appear to have gone down a certain track, and the results aren’t working. I’ve explained that the internal and DMZ IP addresses need to resolve to the same name, but each time they come back to me, they don’t. Any simple explanations would be great.

We have an internal web server and a limited access DMZ web server (behind a load balancer so we can filter traffic to block JSS URLs we don't want available), both using CNAME records that resolve to their appropriate IPs (DMZ server for the Internet, and the internal server from our corporate network). Each web server talks to the MySQL database server. The CNAME is the same for both records, they just resolve differently depending on the network.