We are considering purchasing Casper to manage 150 Macs across two organisations. Currently those business units have separate AD domains and network subnets. Do we have to wait until we have merged these before deploying Casper, or can we deploy Casper and merge the two instances later? Thanks.
You can and should implement Casper now. Within Casper you can define the subnets and other identifiers for each org to help organize each company logically. Casper will really help you when it comes time to merge as you can manage the AD bindings and other configs of each company's machine via policy rather than 'one by one.'
It's going to be much, much harder to merge two separate instances down the line.
I'm a little confused by your reply psliequ. You say we should implement Casper now, whilst we have two separate AD domains and subnets, but that it will be harder to merge two separate instances in the future, when we will probably have a single domain and subnet.
Is this not a little counter-intuitive?
For all intents and purposes, it doesn't matter when you implement Casper. You can manage as many computers as you want and organize them how you wish in the JSS. At a high level, AD binding/domains have no effect on how you manage the computers via Casper. If you are in the process of getting Casper then I would strongly ask to speak to an engineer and layout what your needs are and what you're looking to do and they can hopefully give you a couple of ideas as to how to go about managing your computers.
For example, you can make use of Sites if you want to separate computers and policies in the JSS. Or if none of that matters then you can use information based off the assigned user (department, building, etc) to determine how you build your smart groups for policy scoping.
I'll add on to what Balmes said — Sites and network segments should give you what you need. Here in my organization we have six largely independent offices sharing a single JSS. We have a site setup for each office, based on network segments. You can have full access admins, who can work in any site, and per-site admins who are limited to seeing just their site. Additionally, you can restrict policies and config profiles to particular sites or all sites. Talk to the account manager you are working with, and they should be able to show you a demo.
Thanks all. I've just got off the phone with a JAMF tech and he said the same, that we need not worry about merging multiple domains. That was my main concern about this project. I assumed it would all be tightly integrated with directory services, but it seems this is not a requirement.
But thanks for your advice, it's good to know this is an active and helpful forum.