Help

Limited Access setup for AWS

dmarcnw
New Contributor III

Posted on ‎11-16-2015 02:24 PM

Kind of a long winded question and just wanted to see what my options are.

  • Our master JSS is in AWS. Currently only accessible through our two office static IP addresses.
  • Our master JSS is a FQDN. We'll called it example.com. All JAMF agents resolve to example.com for their check-ins.

We want to add a second JSS in AWS, give it limited access, open the needed ports open to the world, and still have our agents resolve to example.com. We have an elastic IP so we would move that EIP to the limited access server.

What problems will I have? Since our master is already resolving to example.com, let's say I just move the FQDN to the limited access server and make that resolve to example.com, what will happen to the master that we use to administer our JSS?

0 Kudos
Reply
2 REPLIES 2

davidacland
Honored Contributor II

Posted on ‎11-16-2015 03:07 PM

The most common method is to have two DNS records so example.com resolves to the external, limited access JSS if the client is external and to the internal administration JSS if you are on the LAN.

0 Kudos
Reply

jimmy-swings
Contributor II

Posted on ‎12-19-2015 10:06 PM

On that note, is there any reference architecture, or best practise to expose JSS to both internal networks and the internet through AWS or other cloud services. Are users using AWS WAF or another service to help reduce the attack surface?

0 Kudos
Reply