A public Jamf Pro server, DMZ or Reverse Proxy?

A quick look at how to make your Jamf pro server reachable from the Internet.

For this weeks blog, I’d like to touch the topic of on-premise Jamf Pro installations, and to be more specific, some consideration to make when making your on-prem server reachable outside your network.

First of all: the thoughts and statements in this article are my own. Please feel free to comment, correct and make suggestions, but just remember to refer to docs.jamf.com (and other Jamf KB’s, white papers and tech articles) for official guidance on supported installations of Jamf Pro.

That said, more and more people are choosing for Jamf Cloud over on-premise Jamf Pro installations, and this for multiple reasons. With Jamf Cloud you don’t need to manage your own server, keep it up to date, make it secure, etc… which frees up a lot of time you can use for other things, like managing your devices instead of managing servers or just use the time to enjoy a cold beer, nice cup of coffee or whatever you fancy doing instead of maintaining servers.

But some environments are not ready to move to cloud services (yet), because their type of business doesn’t allow it, or whatever other valid reason. Hosting an on-premise Jamf Pro server might sometimes be the only option. That’s fine, but hosting your own server comes with big responsibilities (which would otherwise be taken care of by Jamf when using Jamf Cloud), and apart from organising the required ressources, keeping your servers up and running, and investing time in maintenance, there are multiple network and security considerations to make.

I’m not going to dive into all the requirements for the Jamf Pro server, as those can easily be found on: Jamf Pro System Requirements

Instead, I’d like to touch one specific part of the on-premise setup: how to allow your devices to communicate with your internal Jamf Pro server, when they are outside your internal network, roaming the beautiful but sometimes hostile internet?

Continue reading “A public Jamf Pro server, DMZ or Reverse Proxy?”

Use the Force with Active Directory!

Apart from bigger posts on heavier topics, I also want to use this channel to quickly share some handy tips and tricks, or cool little tools which I like to use. Like this one…

Many of us have some kind of homelab for testing purposes right? Or even an entire company testing environment.

So, most likely you have an Active Directory sitting somewhere, which you use to test all kind of AD related stuff. Such as, integrating LDAP into Jamf Pro, binding Macs to AD (yeah, I know, to bind or not to bind… I’ll have to tackle that discussion soon) or any other AD related functionality.

So yes, I also configured some test servers in the past. Installed Active Directory, created some virtual users and groups,… ending up with the most boring names ever… I’m not going to list any of them, in order not to offend anyone of you (especially colleagues, friends and family) who, by coincidence, might have the same name as my test users and to avoid any discussion on why some were domain admins, and others just normal users in this virtual environment 🙂

However, this all changed when I came across this awesome little gem: Active Directory Star Wars PowerShell Module

Continue reading “Use the Force with Active Directory!”

A word on LDAP integration and the Jamf Infrastructure Manager

Let’s get this this blog started with one very popular add on for Jamf Cloud: ‘JIM’, or Jamf Infrastructure Manager.

Note: while JIM can also be used for more complex on-premise Jamf Pro installations, I’ll focus this post on Jamf Cloud only. The setup for on-premise servers should however be similar, taking some network considerations into account.

Before forcing you to read my point of view on JIM, I’d like to share a link to THE video you must watch to understand all the details on how this tools works. Laurent, one of the Jamf Profesional Services Engineers, presented an awesome keynote on JIM during JNUC 2017! Have a look at the end of this post for the link.

However, while not trying to re-invent the wheel, here are my highlights on  the installation and configuration of LDAP integration in Jamf Pro.

Many companies or educational institutions use Active Directory, or another LDAP, to manage their end users. And while binding macs to AD is a complete different discussion, ‘to bind or not to bind’ will most likely be one of my future posts, LDAP integration in Jamf Pro remains a very nice thing to have.

Integrating LDAP into Jamf Pro allows you to assign devices to users, auto configure user settings based on AD attributes, authenticate users in Self Service, provision Jamf Pro accounts for admin users and enrollment purposes, etc…

See: Integrating with LDAP Directory Services

For this integration to work however, the Jamf Pro server needs to be able to query the LDAP server. For on-premise Jamf Pro installations, this is most likely going to be a straight forward exercise, as both servers are likely to be on the same internal network. But for Jamf Cloud instances, there is some additional configuration needed. Opening up the internal LDAP server to the world, is most likely not going to amuse your network security team, but still, Jamf Cloud needs acces from outside your network, through the firewall, inbound to the LDAP server. One way or the other…

Continue reading “A word on LDAP integration and the Jamf Infrastructure Manager”

Hello world

Hi!

Welcome to this blog… or at least the placeholder for what’s supposed to become a blog. You have to start somewhere, right?

As a field technician, active in the domain of managing and deploying Apple devices, I come across different challenges and requirements to make the life of the Mac sys admin easier and less time consuming.

My goal with this blog is to collect useful tips, tricks, howto’s and resources, which may be useful for other sys admins who use Jamf as their main tool.

Nothing special, nothing fancy, just some useful things!

Coming up soon!

Brgds,

TTG