Posted on 04-04-2022 08:45 AM
We have a big number of users who are still working from home and we would like to be able to manage those MacBooks through Jamf pro without a VPN connection. Jamf's solution is to have two servers, the main server hosted internally and the secondary server hosted on the DMZ which will communicate with the DB on the main server. however, for this to work both servers need to have the same FQDN. Sadly this can't be done in our environment (as our external DNS redirect to our internal)
Does anyone have any other way to make Jamf Pro accessible over the internet?
I know many people will suggest going with Jamf Cloud, and I appreciated your suggestion -I'm a big fan of it myself- but the management won't go with any cloud solution.
Thanks in advance!
Posted on 04-04-2022 09:22 AM
It's been years since we hosted on-prem, and I wasn't involved in the initial design. But with both those caveats stated, I remember we used an F5 load balancer to redirect to one of three servers all hosted internally behind our firewall. Your DNS requests would flow to one spot still. I don't see it on my cloud instance, but I recall there also being a server option in Settings to set whether the server would allow connections form off the network or something similar from computers and mobile devices.
Posted on 04-06-2022 10:11 AM
I know some companies have got around this by using zcalers for firewalls, but as you prob already know jamf cloud will be cheaper and easier than a perimiter redesign.