Help

MDM Best Practice for DMZ

robb1068
Contributor

Posted on ‎06-08-2012 03:42 PM

Our iPad population has grown to the point where our JSS is looking like the solution for adding Mobile Device Management. However, the iPads would be for the most part, off our network, requiring a JSS instance outside our network in the DMZ to manage them.

We've had a single JSS server for about four years now managing our Mac environment, but MDM is a new ballgame. As is setting up and maintaining a secondary JSS. However, I have to figure that this isn't too far off what other companies are doing... anyone else supporting iOS devices outside your network?

0 Kudos
Reply
3 REPLIES 3

matthew-c
New Contributor III

Posted on ‎06-08-2012 04:28 PM

I'd like some guidance on this too, we won't be using the JSS for iOS management (yet) but OS X MDM will most definitely feature in our plans.

I'm going to follow this https://jamfnation.jamfsoftware.com/article.html?id=174 but would like to here about any gotchas etc.

cheers

Matt

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎06-09-2012 12:34 AM

I clustered our JSS with one server externally accessible that is clustered to our internal JSS.

This is nice as only the internal JSS has the database, also the external server does not have the JSS interface accessible & I use the external JSS as a HTTPS distribution point for all macs outside my WAN.

But, I still needed to make change to my companies firewall to allow communication.

We do not use the JSS for iOS MDM, but for Lion MDM. However, we could use all the above for iOS if we wished.

0 Kudos
Reply

robb1068
Contributor

Posted on ‎06-15-2012 08:03 AM

I sent some questions to JAMF from our server team, but I'll post them here as well. We're going with a Windows server in the DMZ.

Server specs and requirements. I've found some information on Windows server specs with regards to software requirements, but they need to know hardware specs as well (Processor speed, can it run 64-bit, RAM, disk space, etc.).

What kind of encryption I used when the JSS communicates with an iOS device? What protocol?

Firewall ports – any special ports that the JSS server in the DMZ needs open to talk to the main JSS server within the Corporate firewall?

Do the iOS devices check in, similar to the Mac clients or do they rely entirely on the Push notifications?

0 Kudos
Reply