Skip to main content

We are looking to deploy JAMF to bring management of our Mac's in line with similar controls like we have with our Windows computers. I am working to get approval to move forward and wondering if anyone ever created any leadership like visio diagrams before that show the systems and how they interface before I reinvent. Thinking:

  • JAMF Server on Windows server
  • Mac Mini for Mac updates tied to JAMF for management of releases.
  • LaCie drive connected to Mini for space
  • MacBook Pro's and Mac Pro's on the client side that connect to AD and JAMF
  • FileVault Encryption managed by JAMF.
  • Visual of remoting into workstations using JAMF capabilities.

Fairly simple but again if someone has something appreciate sharing.

Thanks.

Steve

I don't have any diagrams to share, but you should reconsider using LaCie drives for your backups or storage. Unless you like the bitter taste of tears and frustration as you watch them fail one after another after another.

@damienbarrett Thanks for making the LaCie comment! I've never seen drives more prone to failure.

Now, @jriker1 I don't have any diagrams for you. However, there are some great training materials from JAMF regarding the layout of services in such a manner. See if you can contact someone (perhaps your rep if you're talking with them) about any documentation from the CJA course (Which I highly recommend). That is more of a layout of services as provided and managed by the JAMF Casper Suite (However you break it out).

That said, many installations look very different depending on what needs to be supported, across what kind of network (or locations) and at what level of performance. You've got a few things to think about. For example the Casper Suite requires at least the following

•Apache/Tomcat WebServer (This is the "JSS")
•MySQL Server and Database
•SMB or AFP FileShare (Referred to as Distribution point)
•NetBoot service if you wish to use NetBoot for any reason (Imaging, etc)... you don't have to though.

Optionally you may set up (and likely have)
•LDAP integration (Requires LDAP service)
•SMTP service which will allow the JSS to send notifications
•Syslog server... for collecting advanced logs
•GSX account from Apple for monitoring device warranty status
•DEP/VPP account for the purchase and distribution of well... Apple stuff. In short, DEP for hardware VPP for apps.
•Any tricks to support remote access to workstations if they are not on your network directly (Casper Remote makes a standard VNC connection).

OK, so I bet you knew all of that. Whether or not you want to put those internet facing services on Windows servers is up to you (Not my first choice but everyone has there comfort zones and other institutional limitations/requirements). However, I don't see anything here for your fileshare unless that's what you're thinking of using the MacMini for. Mac mini's are great by the way, but their performance will vary depending on what you're pushing out of it.

In the grand scheme of things I bet this would be simple, but it will likely be unique to your specific installation.

I don't have diagrams, but I can say that our environment (University) is set up similar to much of what you describe as your goals.

  • JAMF Server on Windows Server (VSphere VM)
  • Reposado/Margarita for Apple SUS updates (VSphere VM) tied to JAMF for management of releases
  • Mac Mini for Tech bench - NetBoot / AST
  • Macs (any model) on the client side that connect to AD and JAMF
  • Visual of remoting into workstations using JAMF capabilities
  • Working on implementing FileVault Encryption managed by JAMF

With the exception of the FV implementation that is under way, we have been operating in this fashion for many years now.

Terms & ConditionsCookie settingsAccessibility statement