JAMF Software Server Installation and Configuration Guide for Windows. Version PDF

Please download to get full document.

View again

of 64
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report
Category:

Others

Published:

Views: 12 | Pages: 64

Extension: PDF | Download: 0

Share
Related documents
Description
JAMF Software Server Installation and Configuration Guide for Windows Version 9.91 JAMF Software, LLC 2016 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this
Transcript
JAMF Software Server Installation and Configuration Guide for Windows Version 9.91 JAMF Software, LLC 2016 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software 100 Washington Ave S Suite 1100 Minneapolis, MN (612) Under the copyright laws, this publication may not be copied, in whole or in part, without the written consent of JAMF Software, LLC. Apache Tomcat and Tomcat are trademarks of the Apache Software Foundation. Apple, Mac, OS X, and Safari are trademarks of Apple, Inc. registered in the U.S. and other countries. The CASPER SUITE, COMPOSER, the COMPOSER Logo, JAMF SOFTWARE, the JAMF SOFTWARE Logo, RECON, and the RECON Logo are registered or common law trademarks of JAMF SOFTWARE, LLC in the U.S. and other countries. Chrome is a trademark of Google, Inc. Intel is a registered trademark of the Intel Corporation in the U.S. and other countries. Firefox is a registered trademark of the Mozilla Foundation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Windows is a registered trademark of Microsoft Corporation in the United States and other countries. All other products and service names mentioned are the trademarks of their respective companies. Contents 4 Preface 5 About This Guide 6 Additional Resources 7 Overview of Technologies 8 Applications and Utilities 9 Ports 12 Installed Files and Folders 13 Requirements 15 Installation 16 Installing the JSS 18 Upgrading the JSS 20 Setup 21 Setting Up the JSS 22 JSS User Accounts and Groups 27 Activation Code 28 Integrating with an SMTP Server 30 Change Management 32 Integrating with GSX 35 JSS Summary 37 Server Infrastructure 38 About Distribution Points 41 File Share Distribution Points 43 Cloud Distribution Point 46 JAMF Distribution Server Instances 51 Advanced Configuration 52 SSL Certificate 53 Configuring Tomcat to Work with a Load Balancer 54 Tomcat Thread Pool Settings 55 JSS Web Application Memory 56 Tomcat PermGen Size 57 Viewing the Status of Database Tables 58 Clustering 60 Limited Access Settings 61 Backing Up the Database 64 Restoring Database Backups 65 Flushing Logs 67 Migrating to Another Server 3 Preface 4 About This Guide The JAMF Software Server (JSS) is a web application that functions as the administrative core of the Casper Suite. The JSS allows you to perform inventory and remote management and configuration tasks on managed computers and mobile devices. All other administrative applications in the Casper Suite communicate with the JSS. This guide provides step-by-step instructions for installing and setting up the JSS on the Windows platform. It also explains how to perform advanced configuration tasks. 5 Additional Resources For information on related topics, see the following resources: Casper Suite Administrator s Guide This guide provides information about setting up and managing the JSS after it is installed. It is available at: Manually Installing the JAMF Software Server This technical paper explains how to manually install the JSS on Linux and Windows platforms. You can download it from: 6 Overview of Technologies 7 Applications and Utilities This section provides an overview of the applications and utilities that you need to install and maintain the JAMF Software Server (JSS), and JAMF Distribution Server (JDS) instances. JAMF Software Server The JAMF Software Server (JSS) is a web application that functions as the administrative core of the Casper Suite. The JSS allows you to perform inventory and remote management and configuration tasks on managed computers and mobile devices. All other administrative applications in the Casper Suite communicate with the JSS. JSS Installer for Windows The JSS Installer for Windows is a standard.msi installation package that allows you to install and upgrade the JSS on supported Windows operating systems. It is signed by JAMF Software. To obtain the JSS Installer for Windows, log in to JAMF Nation and click Show alternative downloads below the Casper Suite DMG on the following page: https://jamfnation.jamfsoftware.com/myassets.html JSS Database Utility The JSS Database Utility allows you to back up and restore the jamfsoftware database. It also allows you to restart Apache Tomcat and MySQL and modify their settings. The JSS Database Utility is installed automatically when you run the JSS Installer. It is located in: C:\Program Files\JSS\bin\JSSDatabaseUtil.jar JDS Installers The JDS Installer for Mac (.pkg) and the JDS Installer for Linux (.run) allow you to install JDS instances on OS X or supported Linux operating systems. A JDS instance is a distribution point that is managed by the JSS, similar to a computer or mobile device. For more information on JDS instances, see JAMF Distribution Server Instances. To obtain the JDS Installers, log in to JAMF Nation and go to the following page: https://jamfnation.jamfsoftware.com/myassets.html 8 Ports The following table describes the main ports used to host communication between computers, distribution points, and the JAMF Software Server (JSS): Port Used for Direction 22 The standard port for SSH (known as remote login in OS X). Default port used by Casper Remote and Recon to connect to computers. 80 The standard port for HTTP. When you use HTTP to distribute files from a file share distribution point, they are downloaded on this port. 443* The standard port for HTTPS. When you use HTTPS to distribute files from a file share distribution point, they are downloaded on this port. The cloud distribution point and JDS instance also communicates on this port. In addition, this port is used for the following: Connect the JSS to the JAMF Push Proxy. Required for MDM-capable computers to communicate with Apple Push Notification service (APNs). Connect to Apple s Device Enrollment Program (DEP) and Volume Purchase Program (VPP). Note: Apple could change this port without JAMF Software knowledge. 548 The standard port for Apple File Protocol (AFP). If you use an AFP share to distribute files from a file share distribution point, computers mount the AFP share on this port. Outbound from Casper Remote and Recon, and inbound to computers Inbound to the distribution point, and outbound from computers Inbound to the distribution point, and outbound from the JSS, computers, and mobile devices Inbound to the share, and outbound from computers 3306 The default port used by the JSS to connect to MySQL. Outbound from the JSS, and inbound to MySQL 8443 The SSL port for the JSS. Default port used by applications and computers and mobile devices to connect to the JSS. Inbound to the JSS, and outbound from computers and mobile devices The following table describes other commonly used ports: Port Used for Direction 25 The standard port for SMTP. The JSS connects to an SMTP server to send notifications to JSS users. 139 If you use an SMB share to distribute files from a file share distribution point, computers mount the SMB share on this port. Outbound from the JSS, and inbound to the SMTP server Inbound to the share, and outbound from computers 9 Port Used for Direction 389 The standard port for LDAP. Any LDAP connections even those coming from other applications go through the JSS. This means that only the JSS connects to your LDAP server. 636 The standard port for LDAPS. Any LDAP connections even those coming from other applications go through the JSS. This means that only the JSS connects to your LDAP server. 445 If you have an SMB client, such as DAVE, installed on computers, they may mount the SMB share on this port. Outbound from the JSS, and inbound to the LDAP server Outbound from the JSS, and inbound to the LDAP server Inbound to the share, and outbound from computers 514 The default port used by the JSS to write to Syslog servers. Outbound from the JSS, and inbound to Syslog servers 2195* The port used to send messages from the JSS to APNs. Outbound from the JSS, and inbound to the APNs server 2196* The port used by the JSS to connect to APNs for feedback. Outbound from the JSS, and inbound to the APNs server 5223* The port used to send messages from APNs to the computers and ios devices in your network The port used to send messages from Google Cloud Messaging (GCM) to the personally owned Android devices in your network The HTTP port for the JSS on Linux and Windows platforms. Although it is available, applications do not connect to this port unless the defaults are overridden The HTTP port for the JSS on the Mac platform. Although it is available, applications do not connect to this port unless the defaults are overridden. Outbound from computers and ios devices, and inbound to the APNs server Outbound from Android devices, and inbound to the GCM server N/A N/A On the Windows platform, the JSS runs on 8443 and 8080 by default. If you decide to change these ports, you must change the port information in Tomcat s server.xml file and in the Preferences window for each Casper Suite application. You cannot change the default ports for SSH or SMB with the Casper Suite. * Ports 443, 2195, 2196, and 5223 must be open outbound and inbound to the /8 address block in order for computers and ios devices to communicate with APNs. For detailed information on MDM troubleshooting, see the following documentation from Apple: Learn about TCP and UDP ports used by Apple products. 10 Find out why you are not receiving Apple push notifications. https://developer.apple.com/library/ios/technotes/tn2265/_index.html#//apple_ref/doc/uid /DTS CH1-TNTAG41 Troubleshoot push notifications. 11 Installed Files and Folders The following files and folders are installed when you run the JSS Installer: JSS web application The files that make up the JSS web application are stored in the following location: C:\Program Files\JSS\Tomcat\webapps\ROOT\ Apache Tomcat Tomcat is the web application server that runs the JSS web application. A directory named Tomcat is installed in the following location: C:\Program Files\JSS\ For more information about the version of Tomcat installed by the JSS Installer, see the Apache Tomcat Version Installed by the JSS Installer Knowledge Base article. server.xml The JSS Installer installs a modified copy of Tomcat s server.xml file. This file enables SSL, ensures that the JSS appears in the root context, and enables database connection pooling. It is installed in the following location: C:\Program Files\JSS\Tomcat\conf\ keystore Tomcat requires a.keystore file to provide connections over SSL. The JSS Installer creates a default.keystore file and stores it in the following location: C:\Program Files\JSS\Tomcat\certs\ JSS Database Utility The JSS Database Utility ( JSSDatabaseUtil.jar) is installed in the following location: C:\Program Files\JSS\bin\ Database backup location By default, the JSS Database Utility stores database backups in the following location: C:\Program Files\JSS\Backups\Database\ Logs Logs for the installation and for the JSS are stored in the following location: C:\Program Files\JSS\Logs\ 12 Requirements This section lists the requirements for the applications and utilities you need to install and maintain the JAMF Software Server (JSS), and JAMF Distribution Server (JDS) instances. JAMF Software Server You can host the JSS on any server that meets the following requirements: Java 7 or Java 8 MySQL 5.5.x or 5.6.x (MySQL 5.6.x is recommended) Apache Tomcat 7 or 8 (Tomcat 7 is recommended) Tested Windows operating systems include: Windows Server 2008 R2 Windows Server 2012 R2 Although you can install the JSS on any server that meets the minimum requirements, the JSS Installer for Windows has additional requirements. (For more information, see the next section.) Browser requirements for the JSS are as follows: Safari Mozilla Firefox Google Chrome Microsoft Internet Explorer JSS Installer for Windows The JSS Installer for Windows requires a server with: A 64-bit capable Intel processor 2 GB of RAM 400 MB of disk space available Windows Server 2008 R2 (64-bit), Windows Server 2012 (64-bit), or Windows Server 2012 R2 (64-bit) Java SE Development Kit (JDK) 7 or 8 for Windows x64 You can download the JDK from: Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 or 8 (must be the same version as the JDK) You can download the JCE from: 13 MySQL Enterprise Edition 5.5.x or 5.6.x (recommended), or MySQL Community Server 5.5.x or 5.6.x, available at: https://www.mysql.com/downloads/ Ports 8443 and 8080 available Note: The JSS Installer for Windows automatically creates a firewall exception for port 844 If you are using a third-party firewall, or if you are using a port other than 8443, you will need to manually add a firewall exception. JSS Database Utility The JSS Database Utility requires a server with MySQL 5.5.x or 5.6.x (MySQL 5.6.x is recommended) installed. JDS Installer for Mac The JDS Installer for Mac requires a computer with: An Intel processor 2 GB of RAM 100 GB of disk space available OS X v10.7 v10.11 with OS X Server v3 or later installed Note : If you are hosting a JDS instance on a server with OS X Server v5.0.x installed, you must modify the Apache proxy and websites configuration files before you can use the JDS instance. (For more information, see the Troubleshooting JAMF Distribution Server (JDS) Issues on Computers with OS X Server v5.0.x Installed Knowledge Base article.) JDS Installer for Linux The JDS Installer for Linux requires a computer with: An Intel processor 2 GB of RAM 100 GB of disk space available One of the following operating systems: Ubuntu LTS Server Ubuntu 104 LTS Server Red Hat Enterprise Linux (RHEL) 6.4, 6.5, 6.6, or 7.0 Note: To install a JDS instance on a Linux operating system that is running on a virtual machine, you need a virtualization platform that provides SMBIOS information. 14 Installation 15 Installing the JSS Installing the JAMF Software Server (JSS) involves the following steps: Install the required software (if you haven t already). Create the jamfsoftware database. Run the JSS Installer. Before you begin, make sure your server meets the JSS Installer requirements. (For more information, see Requirements.) Note: For instructions on how to manually install the JSS on Windows, see the Manually Installing the JAMF Software Server technical paper. You can download it from: Step 1: Install the Required Software Java and MySQL must be installed on the server before you can create the jamfsoftware database and run the JSS Installer. For instructions on how to install and configure Java and MySQL, see the following Knowledge Base article: Installing Java and MySQL Step 2: Create the jamfsoftware Database Create a MySQL database in which the JSS can store its data, and a MySQL user that can access the database. A default MySQL database name, username, and password are used throughout the instructions in this section. It is recommended, however, that you use a custom username and password that comply with your organization's security requirements. It is also recommended that you not use root as a username. A different database name can also be set if desired. The default MySQL settings used in the instructions below are: Database name: jamfsoftware Username: jamfsoftware Password: jamfsw03 Note: If you customize any of the MySQL settings, you will be prompted to enter them on the Database pane when you run the JSS Installer. Open the MySQL Command Line Client. When prompted, enter the password for the MySQL root user. 16 Create a database by executing: CREATE DATABASE jamfsoftware; You can customize the database name by replacing jamfsoftware with the desired name as shown in the following example: CREATE DATABASE mydatabasename; Grant privileges to a MySQL user so that it can access the new database: GRANT ALL ON jamfsoftware.* TO IDENTIFIED BY 'jamfsw03'; You can customize the MySQL username and password by replacing 'jamfsoftware' and 'jamfsw03' with the desired username and password as shown in the following example: GRANT ALL ON mydatabasename.* TO IDENTIFIED BY 'custompassword'; Step 4: Run the JSS Installer The JSS Installer for Windows installs Apache Tomcat and the JSS web application. Note: To obtain the JSS Installer for Windows, log in to JAMF Nation and click Show alternative downloads below the Casper Suite DMG on the following page: https://jamfnation.jamfsoftware.com/myassets.html To run the JSS Installer for Windows, copy it to the server. Then open the installer and follow the onscreen instructions. Note: The installer must be run as an administrator. Related Information For related information, see the following section in this guide: Installed Files and Folders Learn about the files and folders that are installed by the JSS Installer. For related information, see the following Knowledge Base article: Apache Tomcat Version Installed by the JSS Installer View the Tomcat version that is installed by the JSS Installer. 17 Prepare to upgrade. Upgrading the JSS Upgrading the JAMF Software Server (JSS) involves the following steps: Run the JSS Installer. Note: The JSS Installer cannot be used to upgrade the JSS v8.1 or earlier. Finalize the upgrade and revert server settings. Note : To take full advantage of all new features, bug fixes, and enhancements available in the Casper Suite, it is recommended that you use the latest version of the JSS and the client applications. To upgrade the client applications, simply replace the existing applications with the latest version. Step 1: Prepare to Upgrade Ensure the following: You are logged in as a local administrator, not as a domain administrator. Apache Tomcat is stopped. For instructions, see the following Knowledge Base article: Starting and Stopping Tomcat Step 2: Run the JSS Installer Important: If an upgrade fails, do not click OK. Contact JAMF Software Support immediately. Back up the current database using the JSS Database Utility. For more information, see Backing Up the Database. Copy the most current version of the JSS Installer for Windows ( JSS Installer.msi) to the server. To obtain the JSS Installer for Windows, log in to JAMF Nation and click Show alternative downloads below the Casper Suite DMG on the following page: https://jamfnation.jamfsoftware.com/myassets.html Double-click the installer and follow the onscreen instructions to complete the upgrade. 18 (Upgrades from v9.72 or earlier only) Modify the server.xml file as explained in the following KB articles: Manually restart Tomcat. Step 3: Finalize the Upgrade and Revert Server Settings When the upgrade is complete: Configuring Supported Ciphers for Tomcat HTTPS Connections (Upgrades from v9.72 or earlier) Mitigating the SSL v0 POODLE Vulnerability (Upgrades from v9.6 or earlier) Verify that you can log in to the JSS. Due to a display issue that occurs with Internet Explorer, it is recommended that you use Firefox, Chrome, or Safari. 19 Setup 20 Setting Up the JSS The first time you connect to the JAMF Software Server (JSS), the JSS Setup Assistant guides you through the following setup tasks: Accept the license agreement. Enter your activation code. Create your first JSS user account. Enter your JSS URL. The JSS URL is the URL that client applications, computers, and mobile devices will connect to when communicating with the JSS. After you complete the JSS Setup Assistant, you can click the setup tips that are displayed onscreen to start configuring commonly used settings. You may also want to make changes to the following pre-configured settings to ensure they meet the needs of your organization. These settings are important because over time, they can significantly affect the size of your database and your levels of network traffic: Update Inventory policy Determines how often computers submit invento
Recommended
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks