Jamf Nation Community

Thanks for the reply Matt, Our jumpstart is actually at the beginning of next month, so not immediatly next week. When you say start packaging files can you elaborate? Do you mean start gathering the packages that we will want to install via casper, or do you mean actually creating packages of some other files?

If you already have the Casper Suite downloaded you can start packaging applications you want to deploy with casper using Composer. Some vendor packages will deploy without needing Composer but since you have some time why not do all the busy work first. Write the scripts you think you will need, package applications, stuff like that.

ahh thats what i was thinking, the casper suite would do the "packaging". We do not actually have the casper suite yet. Our school board should have approved the purchase last night(yeah we already have our jumpstart schedueld and the board hadnt pulled the trigger on approval yet) I will start gathering some of the existing packages/scripts onto the would be JSS server. Can you comment on how much "data" space i should have on my JSS? Currently i just have the 80GB OS volume.

How many clients will be in your deployment? I have about 5000 clients and I am using about 300GB of storage. Granted, I work in K-12 and we offer a ton of applications for various age groups and specific classroom deployments.

Thanks Pat.best, thats good for reference. We should have roughly 1000 macbooks and 700 or so Ipads. we are k-12 as well, so less than 2000 clients total.

The fact that you have a server ready to go and thought to ask on these boards shows you are ahead of the game in many respects. Ask the person who comes in to do your JumpStart and they can probably tell you some interesting stories of customers that didn't even have a server in place when they came in to do the installation and training. :)

Your JAMF rep should be supplying you with a checklist of things to have ready as well, so it will be good reference.

Oh, one thing to be ready with is, if you plan on integrating your Casper server with your LDAP environment, like AD, make sure you have all that information ready. Domain, hostnames, distinguished account names that will be used to do the lookups, authentication type you use there, mappings (like where the email address is stored in AD records) etc. Consider having the person who handles your LDAP environment nearby (if its not you) or even in the training. Think also about what groups you will be importing to assign various privileges to. Undoubtedly, getting AD/LDAP integration going often takes up more time than it should because most people don't know what they need for it to work properly.
Trust me, you will save yourself a lot of time if you have most of that information at the ready. Time you can use on more interesting things like, learning everything a policy can do or going over the MCX settings.

Good luck and welcome to the party. Report back on how things go.

Thanks for the reply MM2270, all good information to have. The Jamf rep I have been speaking with through email has provided me with the prerequisites and I am in the process of getting all the documentation ready and lined up for their arrival. Its pretty much myself(the server specialist) and the network manager who handles the switches and routers etc. I'm sure some parts will take longer than others as there are indeed pieces of my enviroment that I just dont know as much about as I shoud. Kinda dumped into the position with little-no training. I've actually been "fairly successful" managing our entire mac enviroment with deploy studio and workgroup manager for MCX over the past 2 years. With the influx of ipads that we are now receiving, we really had to spring for a better management solution. I am so very pshched to be part of the Casper Party :) Will I be one of the few thats gonna run the JSS on a virtual(vmware) 2008 R2 box?

sorry for the double post

I ran my JSS on VMware with Server R2 for a few months but ended up switching back to OSX mostly because of politics. It worked well enough for us!

Sam, I'm pretty sure you will not be alone in running your JSS on a VMWare Win 2K8 setup. In fact, I'd guess over the course of the next year, there will be more customers running Casper on 'alternate' platforms than on OS X Server hardware. And now with the NetSUS appliance which JAMF released about a month back, there isn't much of a reason to even have OS X Servers in your environment if you prefer not to.

Other than the ability to run AFP without using ExtremeZI-P.

Well, yeah, but I was referring to client management, a la Casper. Sure, for Macs to use fileshares like in creative environments, AFP is still much more reliable than SMB.

yeah, and wouldnt yah know all of our file shares and network mounts are on windows SMB shares. We set ourselves up for issues here :)

Hey Sam,

Welcome to Casper! It is always great to see a new member get their feet wet. I work for JAMF in professional services and as part of my job I perform Jump Starts. Everyone here has given really solid advice already, which is what makes this community so great. Your account manager will always be your go to person for questions you will have. So, always feel free to contact them with questions.

Since the time is limited on a Jump Start it does help a lot if you can get things in place. Of course, when a JAMF employee arrives on site we will be more than happy to help set anything up that is not already in place. Since the time is limited having things like FQDN for your JSS, LDAP mappings, DNS, and the JSS set up allows us to dive right into the product after giving you the basic test drive.

I know things like AD can get complicated, and some AD admins create pools of domains with multiple forests, nested groups, and so forth. Sometimes getting LDAP mappings to work can take a while, and if you got things like that in place already we won't have to spend time getting that one function to work.

As for scaling your infrastructure, that is always a tricky question. Before I worked at JAMF I ran a one to one for a K12 school system and we had about 8,000 Macs and 1,000 iOS devices. Scaling it is something that is an ongoing process in my experience. When you start leveraging our product more, you may have to tweak Tomcat and MySQL settings, as well as your management frame work settings like check in frequency and so forth. This is something that can always be tweaked down the road, and in my five years of running a one to one in K12 with Casper I most definitely tweaked my back end settings several times over the years. All I have to say is, Don't Panic! We can help you make the product work.

As for server platforms, this is something I like to call, "Choose your own adventure." Basically the JSS just needs MySQL, Tomcat, and Java. Since those three things run on Linux, Unix, Windows and OS X, you can choose your own adventure. Each platform will have it's pros and cons, and the pros and cons will definitely have direct parallel with your environment. So you must choose what works best for you. We have installers that are supported on Windows Servers and OS X Servers, which make it easier to install and get up and running. We also have pretty good documentation on redhat and debian based distributions of Linux, since their command line package managers are really straight forward to use. There is also documentation on how to manually install it if you want to use a different form of Linux or Unix.

Whatever server platform you are most comfortable with, use it. No need to reinvent the wheel. As for distribution points, they can be anything. You can put Mac Mini Servers in office buildings and they can distribute packages, you can create a snapshot of a Linux VM and then deploy that in different data centers, or you can uses slices of SANs or whatever it is you want. It is just a file share with authentication. I like the Linux VM idea because there is an open source version of SMB and AFP, and if you create a snapshot of a zero state distribution point all you would have to do is import it, set IP/DNS and then synchronize it, and it can be done with free open source software. Of course, that is just my opinion and not by any means a fact, and you can accomplish the same goals with other platforms.

Thanks for reaching out to the community and getting on the ball with your set up, I think your Jump Start will go over great.

Thanks,
Tom

Not having AFP available should be fine. I'm using SMB and HTTP on my JSS (running on Red Hat Linux), where HTTP is the main delivery mechanism for pushing scripts and installers to my managed Macs. My only use of SMB is when using Casper Admin to upload and manage my scripts and installers.

Thanks again for the replys. We have 8 rural sites that are only accessible by plane or boat and are connected via satellite links. While their connections are above average for such rural locations, its still satellite. We will probably look into distribution points out at each site. Luckily we drank the apple koolaide gallons at a time so we ended up with a full blown Xserv at each location as well as a new Dell PE server with 2008 R2. We arent using the Xserv's for anything besides OD replicas so we can likely repurpose them as dist points. We migrated from an all windows enviroment to what is basically 80% apple and 20% windows now. Since all of our file shares are legacy from when we used to be all windows, the macs just connect via smb and its really pretty painless.

Doing a little more reading, and I was wondering what the benefit of having our JSS server web facing/accessible would be? Obviously the clients could then contact the JSS server when off campus, but does anyone have any real world examples, maybe in the education enviroment? Its one more thing I can get done before the jumpstart.

We have just enabled this feature about 3 weeks ago. The first thing that we noticed is that 3 machines that had been stolen a year prior started checking in!!!! We all enjoyed that moment for a bit, then informed the police :) We currently have that feature enabled for equipment recovery and I have yet to utilize it for anything else.

Sam-
Welcome to the JAMF community. It'll seem like you're drinking from the firehose for a bit due to all the information you'll find here, but once you're a bit less wet behind the ears, you'll be totally stoked that you chose Casper over something else. The user community is totally a selling point.

Having your JSS accessible to the outside world is really beneficial as your devices will be managed all the time. If this is your goal, look into setting up a micro-instance of the JSS in your DMZ. Even if you don't have a lot of devices, keeping your main JSS air-gapped from the outside world is a good security practice. Have a look at JAMF's article here: https://jamfnation.jamfsoftware.com/article.html?id=174

Whomever does your JumpStart will be a great resource for this too.

One thing to add to your list of prerequisites: certificates. You may want to consider getting a certificate from an outside CA (e.g. Verisign) to make things easier. While you can use an internal CA, not having to install Root CAs on all your devices is one less thing to worry about when you're new to the product.

Just my 2¢. Again, welcome.

Our front facing JSS has also caught stolen laptops. I love it!