- Jamf Nation Community
- Products
- Jamf Pro
- Multiple JSS and Network Segments
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2015 08:52 AM
Due to bureaucracy, my work environment has two completely different JSS installations set up. They don't really affect each other most of the time. Our JSS only has the network segments our department uses put in it. There are several other segments that may be used by the other JSS, but I have no idea which ones are in their JSS.
There is a package that may need to run only while on our campus. Our network segments won't cover every possible building the machines we manage may be in. If I make a network segment(no default netboot/distribution point) that covered a network segment in the other JSS, would it interfere with the other JSS? I don't want to break their imaging or distribution to make one of our packages install more easily.
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2015 09:33 AM
If I am understanding right, it would never affect their environment because your machines will still be getting their information only from your JSS and their machines from their JSS. So whatever you set up for network segments will only ever be seen by your machines when talking to your JSS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2015 10:02 AM
@McAwesome my understanding is that the JSS uses the most restrictive network segment first.
So, in our environment we have network segments for the individual offices (ex. 10.49.4.0 - 10.49.7.254), but then we have an all inclusive network segment that covers every possible IP (1.1.1.1 - 255.255.255.255) to catch all external IP addresses when machines are checking in to the JSS in the DMZ.
If I client checks in with an IP of 10.49.4.40 it will use the default settings for the network segment that covers 10.49.4.0 - 10.49.7.254 before it goes to the network segment that covers every IP available for our external devices.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2015 09:33 AM
If I am understanding right, it would never affect their environment because your machines will still be getting their information only from your JSS and their machines from their JSS. So whatever you set up for network segments will only ever be seen by your machines when talking to your JSS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2015 09:55 AM
@chriscollins That's good. I just wanted to make sure I didn't break their imaging setup by creating a network segment overlapping theirs.
Do you know if there is a hierarchy on the segments? So if one segment(default netboot +distribution point set) covered a range like 104.204.1.1 through 104.204.255.255 while another segment(different netboot+distribution point) with a range of 104.204.70.1 through 104.204.70.255, would it use the netboot+distribution point of the broader first segment or the narrower second segment?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2015 10:02 AM
@McAwesome my understanding is that the JSS uses the most restrictive network segment first.
So, in our environment we have network segments for the individual offices (ex. 10.49.4.0 - 10.49.7.254), but then we have an all inclusive network segment that covers every possible IP (1.1.1.1 - 255.255.255.255) to catch all external IP addresses when machines are checking in to the JSS in the DMZ.
If I client checks in with an IP of 10.49.4.40 it will use the default settings for the network segment that covers 10.49.4.0 - 10.49.7.254 before it goes to the network segment that covers every IP available for our external devices.
