- Jamf Nation Community
- Products
- Jamf Pro
- Initial Setup: Server Architecture
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Initial Setup: Server Architecture
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-10-2014 01:35 PM
Hello Everyone,
We are joining the JAMF community and will be setting up Casper very soon. I wanted to poll the people already using the product to see how they setup their server architecture and see if anyone has any "gotchas" we might want to be aware of.
A quick run-down of our environment: I am at a university with an extremely decentralized layout, VLANs and public IPs galore, many customized machines and a relatively small mac population that will certainly grow over time. We are probably the most complex environment with the fewest macs of anyone using Casper. As of now the mac population is 125 macs, that will scale to 400 over the next several years.
Right now we are trying to decide on whether to use a VM or physical server, the concern being that I/O intensive things like netbooting could have an adverse effect on other vm servers in the cluster. We're leaning toward a physical linux server to host the repository and JSS, and possibly just have the SQL database live in a VM (since VMs are easier to manage and that gives us more agility if a failure occurs - the repository could be uploaded from another box pretty easily). We would be using the repo for netboot/software deployment and SUS. We support creative curriculums so our apps are rather large. My thought is 7-9 TB should be enough for all of those things.
Given we have multiple buildings across campus to support and the switches are not all gig, we are also wondering if distribution points would be necessary. It's unlikely we'd be doing a great deal of netbooting; more often we'll be pushing patches and software, collecting inventory.
If anyone can offer some advice to spare us from any growing pains they experienced during initial rollout (or maybe even later when you tried to scale) that would be much appreciated.
Thanks all, looking forward to using this suite!
Labels:
- Labels:
-
Tips & Tricks
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-11-2014 04:46 AM
Some random stream-of-consciousness thoughts:
a) Sounds like you won't be using Apple servers/will be using the NetSUS to handle NetBooting. The easiest way to use the NetSUS is to download the OVA file and use it virtualized. I'd leave the NetSUS as its own VM.
b) Given that the NetSUS will be a VM, and you've already realized one of the important reasons to virtualize MySQL, you may as well virtualize the JSS as well (for 400 machines, could easily run on the same VM as MySQL). Bigger question is, if you will be running an internet-facing JSS. In that case I'd run a physical box in a DMZ as a Limited Access JSS, with only the relevant (8443/80/445) TCP ports exposed to the Internet.
c) are all of your internal links Ethernet, or are there some WAN links on campus? I would probably try to figure out the buildings that will have the highest concentrations of Macs and put a couple of distribution points (well, JDSes) there.
d) Do you know if you can even NetBoot across subnets in your network? May want to buy OS X Server ($20 from the App Store) and enable it and turn on the NetInstall service and create a simple NetBoot image following the instructions here on JAMF Nation. Make sure your routers at remote networks have an ip-helper defined that's the IP address of the temporary Mac server. If you can't get this working, your remote DP's may want to/need to become NetSUS machines as well.
Since it sounds like you're not using Mac servers, I'd probably recommend Linux as that gives you the JDS functionality whereas a Windows server does not.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-16-2014 07:55 AM
General rec based on your questions:
• VM is A-OK for MySQL, JSS (Apache/Tomcat), SUS etc... just NOT the NetBoot in my experience.
That's the big gotcha in any event. Each setup is unique and you will invariably come across network specific issues regarding bandwidth utilization and what have you. Security is up to you as well, but having limited access JSS in the DMZ is pretty good as well. Regardless, here's my biggest recommendation. Take the CJA course. It's spectacular and will teach you how to do this JAMFs way.
