Jamf Nation Community

Are you using the external to deploy any policies?

I'm in basically the same boat as Jared and was about to post a similar question.

I'd like to keep my EMEA folks pulling their packages from a DP in EMEA whether they're on the corporate network or not, and setting up the all-encompassing network segment would seem to defeat that.

Anyone from JAMF have a suggestion or comment?

Hi All,

I have this working.

We were advised by JAMF that network segments membershipo will overwrite itself, with the most limiting being used.

So if we have NW segment for 10.0.0.1 / 10.0.0.255 for "DP Internal" & then a NW segment of 1.1.1.1 /255.255.255.255 for "DP External"

Then if a Mac has an IP of 10.0.0.24 it will use DP Internal.

It also appears to be working that way for us.

Ah okay cool. So there's some logic built in there. So I could have an all-encompassing (1.1.1.1-255.255.255.255) segment assigned to the external DP. Then use my existing class-B private IP scopes to target particular internal DPs.

The JSS will assign the internal DPs when you're on an internal network and an external DP when your IP changes to be outside of those more limiting scopes.

Correct?

But that still means having just a single external DP for the entire world. I'd like to have an external DP for each region.

@ Jared.. yes. BUT speak to JAMF to clarify.. Jason Liebel of JAMF Support assisted with my clustering & external DMZ DP.

Below is an edited version of my JSS's summary:

Network Segments -------------------------------------------------------------------------------------------------- Name: Office 12 Starting Address: 10.1.12.1 Ending Address: 10.1.12.255 Total Addresses: 255 Distribution Point: 12-MAC-JSS-01 Software Update Server: 12-MAC-JSS-01 Netboot Server: 12-MAC-JSS-01 Building: 12 Override Building: Yes -------------------------------------------------------------------------------------------------- Name: Office 13 Starting Address: 10.1.13.1 Ending Address: 10.1.13.255 Total Addresses: 255 Distribution Point: 13-MAC-JSS-01 Software Update Server: 13-MAC-JSS-01 Netboot Server: 13-MAC-JSS-01 Building: 13 Override Building: Yes -------------------------------------------------------------------------------------------------- Name: External Starting Address: 1.1.1.1 Ending Address: 255.255.255.255 Total Addresses: 4,278,124,287 Distribution Point: EXT-MAC-JSS-01 Software Update Server: EXT-MAC-JSS-01

@Nick. Sorry, but if you host your external DP with a hosting company within (say) the UK.. how would that then affect off wan clients in (say) HK? I mean, is there any issue geographically that will exist?

FWIW, my external DP is in London on a 100MB lease line. We have alot of people working in the far east, other than differing internet speeds @ their locations things work well.

if you have an all inclusive network segment for your external DP, then all external clients will pull packages from that DP. I'd like to have external clients in the US pull packages from a DP in the US, EMEA clients pull from EMEA, etc.

@Nick (thanks for replying to the other thread too btw).

AFAIK there is no way within the JSS to do this.. but what difference would it make? surely you could just have 1 external DP hosted somewhere & allow all clients to access it.

I'm not sure how the geographic location is going to change things on the client. (i guess i'm missing something, sorry).

it's just a speed thing, that's all. I want people to be able to download the packages as fast as possible- and if I host the DP at my datacenter in Indianapolis, things will be much slower for a person in Russia than if I can have her download from a DP in Europe.
stupid worldwide corporations! :)

I think something that I'm forgetting is that a user will *only* hit the external DP if they're not in a satellite office. Satellite offices have their own DPs.

I think this is way less of an issue than I initially thought.

exactly- as long as you've got network segments set up to automatically update their location, you'll be all set.

Yep.. works well