Help

Installing JSS in DMZ

Go to solution
DBrowning
Valued Contributor II

Posted on ‎08-20-2014 10:02 AM

I currently have a JSS built on my internal network. I'm in the process of getting one built for my DMZ. I only want the DMZ JSS to "check in" with machines when they are out in the wild. Do i need to install MySQL and everything as I did when i setup the internal JSS?

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
MAD0oM
Contributor

Posted on ‎08-20-2014 10:42 AM

@ddcdennisb All you need to do is Tomcat, MYSQL and the JSS. Follow the instructions like you would installing your master. When you get to the JSS installation it will prompt to enter your MYSQL info. In that case you would enter your MASTER info. Make sure ALL the ports are opened to access all information and get no errors.

View solution in original post

0 Kudos
Reply
11 REPLIES 11

Go to solution
chriscollins
Valued Contributor

Posted on ‎08-20-2014 10:19 AM

Nope. You only run the tomcat server on the external JSS server, and you point it to the mysql database that is in use by your internal JSS server. Then in the web apps you turn on clustering.

Just keep in mind you can only have one URL for machines to check into. So your internal DNS url for your machines needs to match the external one.

0 Kudos
Reply

Go to solution
kitzy
Contributor III

Posted on ‎08-20-2014 10:23 AM

Hi @ddcdennisb][/url,

What @chriscollins][/url posted is correct.

If you haven't seen it yet, we have a kbase article outlining the process here.

0 Kudos
Reply

Go to solution
MAD0oM
Contributor

Posted on ‎08-20-2014 10:25 AM

In my case i just made the JSS URL the external but once the folks are internal .....instead of going out then back in to check into the JSS, i put a DNS record entry so the internal clients would point to my MASTER instead of the DMZ.

0 Kudos
Reply

Go to solution
MAD0oM
Contributor

Posted on ‎08-20-2014 10:25 AM

@ddcdennisb

0 Kudos
Reply

Go to solution
DBrowning
Valued Contributor II

Posted on ‎08-20-2014 10:31 AM

sorry to sound like a nub.... so all i need to install on the external server is TomCat and the JSS?

Then within the External JSS web interface i point the DB to my internal existing DB?
@chriscollins
@johnkitzmiller

0 Kudos
Reply

Go to solution
MAD0oM
Contributor

Posted on ‎08-20-2014 10:42 AM

@ddcdennisb All you need to do is Tomcat, MYSQL and the JSS. Follow the instructions like you would installing your master. When you get to the JSS installation it will prompt to enter your MYSQL info. In that case you would enter your MASTER info. Make sure ALL the ports are opened to access all information and get no errors.

0 Kudos
Reply

Go to solution
DBrowning
Valued Contributor II

Posted on ‎08-20-2014 10:45 AM

@Sherdwain Thanks!!

0 Kudos
Reply

Go to solution
iJake
Valued Contributor

Posted on ‎08-20-2014 10:48 AM

Be aware of your policy scoping, though. Your machines will be able to check in from outside but unless you make a distribution point accessible from outside those policies that require a package will fail.

0 Kudos
Reply

Go to solution
MAD0oM
Contributor

Posted on ‎08-20-2014 10:59 AM

@ddcdennisb One more thing. Make sure to turn off the Web Access for your DMZ as a extra security Feature unless ofcourse you want to access your JSS from the outside. but port 3306 is the SQL port you need opened in and out.

0 Kudos
Reply

Go to solution
DBrowning
Valued Contributor II

Posted on ‎08-20-2014 11:53 AM

the DMZ jss will be a point for using lock/wipe commands when people are outside our network.

Thanks all for the info.

0 Kudos
Reply

Go to solution
dooley_do
New Contributor

Posted on ‎04-12-2016 05:10 AM

Question - does the DMZ based JSS require outbound ports to APN?

Thanks

0 Kudos
Reply