Pre-JumpStart Mac Mini Server Prep

emily
Valued Contributor III
Valued Contributor III

Hi everyone! I have a question about some JumpStart preparation stuff. I thought asking here might be nice since I'm sure someone out there has a similar set up.

We're rolling out Casper soon and just got in two Mac Mini servers to use (one will be the JSS and file distribution point, the other is a backup in case the main server hardware has an issue and we need a quick replacement). We also got one of those adorable RackMac Mini racks for them to live on.

The two Mac Mini Servers will be housed off-prem at our server space in Data Foundry. I'm sure we need to do some basic setup and configuration of the Mac Mini Servers to prepare them for JumpStart (enabling SSH for remote log-in, etc.).

I was wondering if anyone else here uses Mac Mini Servers hosted off-premises, and if so, what initial start-up concerns did you have? Or what configurations/setups did you work on before moving the servers over to the storage facility?

This may seem like a simple thing but I was only brought in recently because they needed a 'Mac Expert' in our IT department and were looking to deploy a Mac management solution for the ~100 Mac fleet at the company. I don't have much networking/server maintenance experience. So any tips you have for pre-JumpStart setup in this kind of situation is great appreciated. Thanks!

7 REPLIES 7

bentoms
Release Candidate Programs Tester

Hi @emilykausalik,

I'd be tempted to setup the Mac Minis in a Redundant Array of Inexpensive Servers (read: RAIS) config, connected via Thunderbolt.

http://www.zdnet.com/mountain-lions-new-buddy-redundant-array-of-independent-servers-7000005740/

That way if the primary has a hardware issue, you can power it off & power up the backup & it'll work as if the primary was up.

The rest, I'd leave till your jump start tbh.

tlarkin
Honored Contributor

Hi @emilykausalik

As someone who has performed a ton of Jumpstarts for JAMF Software, I can tell you the basics that really help the process are as follows (in no particular order):

- DNS (FQDN) is setup and can be resolved
- VNC or other Remote Desktop access
- SSH is nice but not necessarily needed on the JSS although I would recommend it
- MySQL 5.5 installer
- Java 6/7 installer

The Professional Services JAMF person will be able to do everything else while onsite. Having those installers downloaded only really helps save the time it takes to download them. The Pro Services person can then go through the process with you, so you can learn how to setup and install a JSS. You should have received an email with the SOW about what the Jumpstart is and what it encompasses. The one thing I do recommend you bring up is log flushing in the JSS. By default it is turned off, and well you won't want to keep logs of every action that ever happened for all eternity in your JSS. Otherwise the Professional Services from JAMF or one of our integrators will take care of the rest.

Welcome to Casper!

Thanks,
Tom

jhbush
Valued Contributor II

+ all the previous suggestions
-network segments -a contact that has a grip of your network topology

endor-moon
Contributor II

I agree with the previous suggestions. I am also new to Casper Suite, but not to Mac. This may seem like a simple addition to the other suggestions but it took me a while to realize that you need to install the Java JDK not the Java JRE, for the JSS server. Current version is 7u51 if memory serves: Yes, its full name is Java SE Development Kit 7u51 and you should only download it from Oracle. Installing the strong cryptography version of the policy.jar files was simple enough, but there is no installer -- you need to copy the files to the correct locations yourself. I used Terminal commands for that, first:

find / -name *policy.jar -print

...to find where the files are, then the cp command to copy the files into place, overwriting the original files. (I didn't bother to back them up as I don't use JDK for anything else so that seemed a waste of time.)

Cheers...

kitzy
Contributor III

Hi @emilykausalik,

As someone else who performs JumpStarts on a regular basis, I'll echo what @tlarkin said. In addition, if you wanted to install MySQL and Java before the JumpStart, we have a kbase article with instructions here: https://jamfnation.jamfsoftware.com/article.html?id=28. The installation only takes a few minutes, so if you don't get around to it beforehand, it won't derail the JumpStart.

Additionally, if you're not the person responsible for the following things, make sure the person who is responsible is aware the JumpStart is happening, and will be available at minimum the morning of the first day.

-Creating and changing firewall rules
-Making changes (such as adding a service account) to active directory
-DNS (ideally this would be set up ahead of time)
-Email (creating an account for the JSS to send email)

Your engineer should reach out to you to schedule a pre-call to go over a lot of this technical information. If not, reach out to your coordinator for their contact info. You should have also received a "JumpStart Ready Pack" from your coordinator, which contains a lot of this information as well. I'd highly recommend looking that over before your pre-call.

I hope that helps!

Chris_Hafner
Valued Contributor II

These are all great things. With that said, I'm not seeing too much regarding "off-siting" the JSS. I've worked with various cloud instances, but so long as DNS resolves, security is the primary concern. All of that aside though, will you need to netboot? Do you want an internal SUS or Caching server?>

spraguga
Contributor

You can also use the Push Diagnostics app to test if the ports are open for Apple Push Notifications which are usually blocked on corporate firewalls. That is if you are going to use APNs.

http://twocanoes.com/push-diagnostics