Moving JSS to Windows Server 2012

Poseiden951
Contributor

Hello JAMF!

At the moment we have about five devices in our JSS, before we get to big we would like to move the JSS to Server 2012.

The part I'm slightly confused about:

Our current URL is https://jss.domain.more:8443. Can I install the JSS on Windows, set it up with the same URL then shutdown the old JSS without it causing problem? Or will two URL's that match cause a problem?

Thank you for reading!

3 ACCEPTED SOLUTIONS

bmarks
Contributor II

That would be bad, r.e. changing the hostname. You may end up requiring a re-enroll of all of your devices since the JSS certificates would be changing. Since you have so few devices currently enrolled, it would probably be best to start from scratch, set it up the way you want it now (and the way you know you'll want it for a long time) and then re-enroll those five devices.

View solution in original post

millersc
Valued Contributor

5 devices are not worth the headache of moving them. Just spin up the new server and re-enroll them. If you had 500, that would be different.

View solution in original post

franton
Valued Contributor II

This is why a single DNS service name is highly recommended for use. It gives you a single contact point, and then you can redirect it wherever you want. It is worth integrating this into any Casper design, as it comes in extremely handy for situations such as this one. Also consider moving your database into it's own server too.

View solution in original post

9 REPLIES 9

chriscollins
Valued Contributor

You should be able to do that if you are in effect just swapping hardware.

Bring up the new server, make sure you have all the same ports open, etc. Do a final backup of the JSS database out of the old server. Shut it down. Make the new server have the same IP and DNS name as the old server. Import your database from the backup on the new server. You might have to also though grab the Tomcat SSL certs from the old server too though.

Poseiden951
Contributor

@chriscollins

We're looking forward to changing the DNS name, we can keep the old IP. What problems would happen by changing the DNS name?

bmarks
Contributor II

That would be bad, r.e. changing the hostname. You may end up requiring a re-enroll of all of your devices since the JSS certificates would be changing. Since you have so few devices currently enrolled, it would probably be best to start from scratch, set it up the way you want it now (and the way you know you'll want it for a long time) and then re-enroll those five devices.

View solution in original post

millersc
Valued Contributor

5 devices are not worth the headache of moving them. Just spin up the new server and re-enroll them. If you had 500, that would be different.

View solution in original post

Poseiden951
Contributor

@bmarks @millersc

That's my plan now, new DNS and IP.

We just added 30 test machines to the current JSS after posting this. I'll just enroll all the machines to the new JSS during our yearly summer re-imaging.

franton
Valued Contributor II

This is why a single DNS service name is highly recommended for use. It gives you a single contact point, and then you can redirect it wherever you want. It is worth integrating this into any Casper design, as it comes in extremely handy for situations such as this one. Also consider moving your database into it's own server too.

View solution in original post

frozenarse
Contributor II

I'm about to do this process for about 300 devices. The plan is to move over the entire distribution point data and restore a DB backup on the new JSS. After that we will shut down the old server and change the hostname on the new server to match what the old servername was.

Is that what others have done? Any potential stumbling blocks I should be aware of? My understanding is that the APNS cert etc would be carried over in the database.

frozenarse
Contributor II

If the clients are looking to an alias are there certificate mismatch issues due to the actual tomcat server having a different hostname?

My tomcat cert skills are extremely minimal.

franton
Valued Contributor II

No, as you would make a tomcat ssl certificate for the DNS host name rather than the server name. It then only becomes an issue connecting to the server directly, which ordinarily you wouldn't do.

@andrewseago has an excellent JNUC video on how to set up the Casper backend.