First Distribution Point... Questions

New Contributor III

I've read-through postings on Distribution Points and have the Managing Distribution Points section from the Casper Suite Administrator's Guide, but have a few questions. If there is a document that answeres these questions, please feel free to smack me to it! Our Maser Server is running OSX Server 10.5.8 and JSS v 8.52. The soon to be added Distribution Point Server will have the same versions of both.

The Admin Guide says to create a share point (AFP or SMB) on the server to be used as the distribution point. Do I do this in OSX Server or is this done in Casper? Is the share mentioned in the admin Guide the/shared Items/Casper Share directory or a different one? Where am I setting the permissions for this Share (OSX Server or Casper)? The Admin Guide says to create an account that has read-only access to this share, and another that has read/write. It doesn't say what the user id needs to be for these accounts, but does say the read-only account also has to be indicated for "Everyone". Elsewhere I saw two accounts that jss required: casperadmin; casperinstall. I thought jss created these automatically- do I need to create these accounts manually? If so where?

Since we already have a Main JSS Server and this second server is to be used as our first Distribution Point, I assume we don't check the "Use this server as the Master" option. So what do I select here? Since this first Distibution Point isn't yet created I can't select it from the list. I don't want this to replace the Master (which we already have), so I don't want to check that option, and this isn't a failover server either. Do I not select either option?

When first setting up the Distribution Point isit best to manually copy all the packages and scripts while at the same location as the master before deploying it to the remote location? We think that's the best bet but don't want the replication to copy the items again once it's at the remote site.

We plan to use a network to network vpn for this Distribution Point. Are there any known issues with this? This Distribution Point will be temporary since remote users will be arriving for a conference and it's an opportunity to update user's Macs, since it can't be done when they are elsewhere. Because of the setup at the meeting the Macs will connect to a wireless access point for getting their updates from jss. Other than the speed problem are there any gotha's I need to be aware of? It's important to note that the Distribution Point will be connected directly to the router via a wire.


Contributor III

The share point is created on the server itself. If you're using OS X Server, use Server to set up the share & permissions.

The users, likewise, are created on the server. Standard accounts are fine, just go into System Preferences -> Accounts and add them there.

Once this is set up, then go into the JSS and enter the appropriate information for the users & shares.

Since this is a secondary server then you are correct - do not check either "Use this server as Master" or "Enable Load Balancing with Failover Distribution Point".

If you want to copy the contents of the repository prior to deployment, make sure you log in as casperadmin on both boxes to do the copying. casperadmin is supposed to own the files. You should be able to mount one or the other share via AFP and move files then.

Can't speak to the VPN aspect, but it seems that it would be OK. You're basically connecting only the secondary server to the main JSS database at that point, correct? JAMF Support could confirm this for you, but I believe that you'll want to set this up as a clustered machine. (Settings -> General Settings -> Server Configuration -> Clustering)

I do see that there is mention of a "load balancer", which is the address of your main JSS. Honestly, I'm not sure what this means re: the other checkbox on your MAIN server, regarding load balance/failover. I set up clustering here manually some time ago, before it was integrated into the JSS, and I have not yet upgraded to 8.52 so I'm not 100% sure if that plays into it. I do know that we do not have the option checked in our current setup (8.21) and it seems to work fine.

Our setup here is maintained as a cluster. The secondary connects to the main JSS database, but maintains its own copy of the packages which are synced every night. This server handles the load on a closed network, while the main handles load on the regular LAN.

In short: JAMF1 has the database, and services most of the clients. JAMF2 connects to the database on JAMF1, so that all the records are in one place, but it physically handles all of the actual services (deployment, netboot, etc) on a subset of clients.

New Contributor III

That is great information, and thank you for taking the time to explain. I now have a better understanding of the underpinnings and philosophy of the DP setup. Another curve I've just now been told about is that the network folks here have banned afp from their network. Instead we are now constraind to using smb. Is it correct that this isn't a big deal if Mac's are used as the Main Server and the DP? It shouldn't impact the functionality of the replication should it? I'm thinking that if we use a Windows Server as any of our DP's then the replication functionality will become an issue. On the Windows box we'll also need to install MySQL and separate replication software, is this correct? What I'm saying is that if our main Casper Server is a Mac, and the DP is a Windows box, what functionality do I lose, and what special software has to be placed on the Windows box for it to work correctly as a DP?

George Spiese

Esteemed Contributor III

Our Master Distribution Point is currently on an Xserve (AFP) and our Replica Distribution Points are on a mix of AFP (Xserve) and SMB (Windows Server 2008 & EMC Celerra).

We have service accounts (non expiring passwords) set up on the domain for casperadmin and casperinstall, and the former has full rights to the shares while the later has read-only. If any of your boxes are not on the domain you can create those accounts locally.

JAMF might b!tc# slap me for saying this, but automatic AFP<->AFP replication is easy to set up, since the function is built in. But as Borat would say, not so sure about SMB.

Either way if you run Casper Admin from a spare Mac it will mount the Master Distribution Point automatically, and you'll see all the Replica Distribution Points (whether AFP or SMB) listed in the window. Select any one of them and hit Replicate (then go to lunch) and it'll replicate.

We really need JAMF to come up with a solid replication white paper, so we can migrate JSS without having to come up with hacks and workarounds to automate replication. Happy to help them test here as we have an isolated LAB environment.