Jamf, Nomad, Jamf Connect… just WOW ! What a surprise !

Wow, what a surprise indeed! That moment you are in the middle of mentioning the capabilities of Nomad to the sys admin you are on-boarding in Jamf Pro… the news of the year rolls in…!

Nomad is Jamf… wait, what? Can’t be?!… Time for a small break in the on-boarding session to figure out what just happened!

Yes, there is was, the email from Dean (Jamf CEO), followed by a lot of excitement in the internal chats, emails and other channels. Indeed, Nomad is Jamf and there is Jamf Connect now… just WOW!

But why all the fuzz? What’s Nomad anyway? Why is this such a big news?

Continue reading “Jamf, Nomad, Jamf Connect… just WOW ! What a surprise !”

Default LDAP mapping for Active Directory in Jamf

In today’s post I’d like to go through adding LDAP integration to Jamf Pro, with Microsoft Active Directory as Directory server, and more specific: share the default settings in case you have to configure the LDAP integration manually. So no magic in this post, just sharing the default workflow and AD mappings which might come in handy. I’ll share some other Directory Service mappings soon, such as freeIPA, OD,…

Before we start diving into the settings, just remember that, if you are a Jamf Cloud customer, you will first need to grant Jamf Cloud access to your AD server. Either by Whitelisting the IP adresses of Jamf Cloud, or by installing a Jamf Infrastructure Manager or ‘JIM’ in your DMZ. See my post on ‘JIM’: )

Once this is done, you can go into the settings of Jamf Pro and configure the LDAP connection using the wizard. Jamf Pro will automatically try to fetch the Directory settings and mappings.

Continue reading “Default LDAP mapping for Active Directory in Jamf”

How to change the default Jamf Pro port to 443… and why you might want to keep it on 8443.

Many people have asked me how to change the default port that Jamf Pro is using for the SSL communication, which is by default 8443. Or even change it to any other custom port (when terminating SSL behind a load balancer for instance).

First off all, and this is very important, do not change the Jamf Pro port in a production environment with enrolled devices. The port is part of the URL that the devices trust for MDM enrollment and management. Changing the port breaks the enrollment and you will have to re-enroll all devices!

Secondly, configuring Jamf Pro behind a load balancer is beyond the goal of this post. For such more complex setups, I’d advise to have a look at the Jamf 350 course. 

Continue reading “How to change the default Jamf Pro port to 443… and why you might want to keep it on 8443.”

A public Jamf Pro server, DMZ or Reverse Proxy?

A quick look at how to make your Jamf pro server reachable from the Internet.

For this weeks blog, I’d like to touch the topic of on-premise Jamf Pro installations, and to be more specific, some consideration to make when making your on-prem server reachable outside your network.

First of all: the thoughts and statements in this article are my own. Please feel free to comment, correct and make suggestions, but just remember to refer to docs.jamf.com (and other Jamf KB’s, white papers and tech articles) for official guidance on supported installations of Jamf Pro.

That said, more and more people are choosing for Jamf Cloud over on-premise Jamf Pro installations, and this for multiple reasons. With Jamf Cloud you don’t need to manage your own server, keep it up to date, make it secure, etc… which frees up a lot of time you can use for other things, like managing your devices instead of managing servers or just use the time to enjoy a cold beer, nice cup of coffee or whatever you fancy doing instead of maintaining servers.

But some environments are not ready to move to cloud services (yet), because their type of business doesn’t allow it, or whatever other valid reason. Hosting an on-premise Jamf Pro server might sometimes be the only option. That’s fine, but hosting your own server comes with big responsibilities (which would otherwise be taken care of by Jamf when using Jamf Cloud), and apart from organising the required ressources, keeping your servers up and running, and investing time in maintenance, there are multiple network and security considerations to make.

I’m not going to dive into all the requirements for the Jamf Pro server, as those can easily be found on: Jamf Pro System Requirements

Instead, I’d like to touch one specific part of the on-premise setup: how to allow your devices to communicate with your internal Jamf Pro server, when they are outside your internal network, roaming the beautiful but sometimes hostile internet?

Continue reading “A public Jamf Pro server, DMZ or Reverse Proxy?”