Help

Patching a system over VPN, no DMZ access

ImAMacGuy
Valued Contributor II

Posted on ‎06-12-2014 06:35 AM

We recently put some boxes in a vendors location that only links back to us via periodic VPN access. Our JSS is not on the DMZ at this point, and our VPN connection is pretty slow to push packages... (I waited over 10hrs to upload a 5gb pkg before I gave up).

So my question is what would be the best way to keep these systems patched?
they can use Apple SUS, but I'm not sure the best way to force down patches w/o being able to talk to the JSS.

0 Kudos
Reply
6 REPLIES 6

thoule
Valued Contributor II

Posted on ‎06-12-2014 07:18 AM

Can you put a JDS on site?

0 Kudos
Reply

lashomb
Contributor II

Posted on ‎06-12-2014 07:55 AM

Sounds like a Cloud Distribution Point would be ideal.

0 Kudos
Reply

ImAMacGuy
Valued Contributor II

Posted on ‎06-12-2014 08:00 AM

The Cloud could work, however that's chunk of money for only a handful of machines.
JDS would be limited by the same restrictions...
is there a way to do an 'offline' policy that just tells the machine to check and install software updates if the SUS is set to Apple? Then it could report in when the machine is on VPN...

0 Kudos
Reply

lashomb
Contributor II

Posted on ‎06-12-2014 08:04 AM

I don't know if Casper can do that but crankd would be able to react to being on VPN and run a script. http://grahamgilbert.com/blog/2013/07/12/using-crankd-to-react-to-network-events/

0 Kudos
Reply

robb1068
Contributor

Posted on ‎06-12-2014 11:03 AM

How periodic is the VPN connection to your JSS? Do you have separate policies for caching the package and installing the package?

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎06-12-2014 11:05 AM

@jwojda, why even set them to anything but Apples Software Update Servers?

0 Kudos
Reply