- Jamf Nation Community
- Products
- Jamf Pro
- Re: What non-standard port works well for JSS if w...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2013 01:35 PM
I have a client that finished their Jumpstart this week. We are very likely to have the JSS be on a server that shares iCal server and port 8443 will be in conflict in this case.
https://jamfnation.jamfsoftware.com/article.html?id=120
Has anyone documented a good alternate port to run tomcat? I've done some light searching but haven't seen this documented. If no one has a good guide, I'll check to see what ports our firewalls allow (or if there is consensus on which ports are generally open on most firewalls) and document our decision here with an answer when we decide what we will do with tomcat on the JSS that sits in a DMZ / publicly routable IP address.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2013 06:58 PM
You can go through the trouble of changing the port (to anything really, but the standard https port 443 jumps to mind), but you'll have to modify the configuration files with every release. It's easier to have a dedicate machine, or VM, for your JSS/mySQL database.
Personally, I think you should take a step back and really think about whether you want this installed on Apple hardware. Xserves are out, unless you like getting replacement parts from eBay. Mini's really aren't true servers unless you're a very small shop. And, unless your server room guys are very lenient, they will not be happy with a MacPro in the server room.
I think, in the long run, you'll be happier with some flavor of Linux (or Windows if you're a Windows shop) running your JSS and then leveraging whatever network filer you currently have in place for the distribution point(s). It's easier to do in the beginning rather than later on. It also has the benefit, in most enterprise environments, of shifting the server maintenance pieces of managing a JSS to a group of people that manage a bunch of other servers. This lets you, or whoever will be doing it, focus on managing the Macs.
Also, have the clients point at a DNS CNAME. Your server will (eventually) die, it's easier to change a DNS record to point at a new server then to tell all the clients to point at a new server.
My 2¢
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2013 06:58 PM
You can go through the trouble of changing the port (to anything really, but the standard https port 443 jumps to mind), but you'll have to modify the configuration files with every release. It's easier to have a dedicate machine, or VM, for your JSS/mySQL database.
Personally, I think you should take a step back and really think about whether you want this installed on Apple hardware. Xserves are out, unless you like getting replacement parts from eBay. Mini's really aren't true servers unless you're a very small shop. And, unless your server room guys are very lenient, they will not be happy with a MacPro in the server room.
I think, in the long run, you'll be happier with some flavor of Linux (or Windows if you're a Windows shop) running your JSS and then leveraging whatever network filer you currently have in place for the distribution point(s). It's easier to do in the beginning rather than later on. It also has the benefit, in most enterprise environments, of shifting the server maintenance pieces of managing a JSS to a group of people that manage a bunch of other servers. This lets you, or whoever will be doing it, focus on managing the Macs.
Also, have the clients point at a DNS CNAME. Your server will (eventually) die, it's easier to change a DNS record to point at a new server then to tell all the clients to point at a new server.
My 2¢
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-07-2013 11:11 AM
Josh - your points are perfect. I especially appreciate the warning that each release will change the ports.
For us, the updating of the software is an unknown since we're starting with things, but Mac mini are more than enough horsepower to run things and the cost to add Windows / Linux to the technology stack is likely going to be higher than the cost to document and have a configuration step each release.
We do overload DNS in the sense that each function has it's own entry: mail, chat, jss, od, web, www, wiki, dns, dhcp
This points at one host currently, but can clearly move to different servers if/when we want to change things. If people like, I'll probably make a short slide of the small config we chose in case it helps places that are smaller shops and don't want / don't need full time IT staff to manage things. The enterprise approach would clearly be to run things on it's own VM or server as the scaling and site preference is on the pendulum of "host all loads on metal" vs "virtualize all the servers" at the time you make a JSS decision.
For now, we'll run JSS on port 9443 and let iCal server have 8443 on our Mini that's hosting everything. We're not likely to ever need WebSphere and Apple doesn't claim to ever use 9443.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-10-2013 11:34 PM
One solution for Apple servers we have looked at is this:
http://www.precursor.ca/rais/#Results
It allows multiple MacMinis to be housed in a rack unit. have a look at the Resources section of the page.
