Installing JSS in DMZ

DBrowning
Valued Contributor

I currently have a JSS built on my internal network. I'm in the process of getting one built for my DMZ. I only want the DMZ JSS to "check in" with machines when they are out in the wild. Do i need to install MySQL and everything as I did when i setup the internal JSS?

1 ACCEPTED SOLUTION

MAD0oM
Contributor

@ddcdennisb All you need to do is Tomcat, MYSQL and the JSS. Follow the instructions like you would installing your master. When you get to the JSS installation it will prompt to enter your MYSQL info. In that case you would enter your MASTER info. Make sure ALL the ports are opened to access all information and get no errors.

View solution in original post

11 REPLIES 11

chriscollins
Valued Contributor

Nope. You only run the tomcat server on the external JSS server, and you point it to the mysql database that is in use by your internal JSS server. Then in the web apps you turn on clustering.

Just keep in mind you can only have one URL for machines to check into. So your internal DNS url for your machines needs to match the external one.

kitzy
Contributor III

Hi @ddcdennisb][/url,

What @chriscollins][/url posted is correct.

If you haven't seen it yet, we have a kbase article outlining the process here.

MAD0oM
Contributor

In my case i just made the JSS URL the external but once the folks are internal .....instead of going out then back in to check into the JSS, i put a DNS record entry so the internal clients would point to my MASTER instead of the DMZ.

MAD0oM
Contributor

DBrowning
Valued Contributor

sorry to sound like a nub.... so all i need to install on the external server is TomCat and the JSS?

Then within the External JSS web interface i point the DB to my internal existing DB?
@chriscollins
@johnkitzmiller

MAD0oM
Contributor

@ddcdennisb All you need to do is Tomcat, MYSQL and the JSS. Follow the instructions like you would installing your master. When you get to the JSS installation it will prompt to enter your MYSQL info. In that case you would enter your MASTER info. Make sure ALL the ports are opened to access all information and get no errors.

View solution in original post

DBrowning
Valued Contributor

@Sherdwain Thanks!!

iJake
Valued Contributor

Be aware of your policy scoping, though. Your machines will be able to check in from outside but unless you make a distribution point accessible from outside those policies that require a package will fail.

MAD0oM
Contributor

@ddcdennisb One more thing. Make sure to turn off the Web Access for your DMZ as a extra security Feature unless ofcourse you want to access your JSS from the outside. but port 3306 is the SQL port you need opened in and out.

DBrowning
Valued Contributor

the DMZ jss will be a point for using lock/wipe commands when people are outside our network.

Thanks all for the info.

dooley_do
New Contributor

Question - does the DMZ based JSS require outbound ports to APN?

Thanks