The document discusses Square, an expert in global Apple deployments. It outlines their challenge of deploying and managing over 200 Macs across 6 locations in 3 continents with only 2 support specialists. Key considerations for the deployment included choosing servers for the JSS and distribution points, JSS setup, security, package replication, and imaging processes. Possible imaging workflows like pre-stage, quickadd, and custom quickadd are described. Next steps mentioned involve cloud storage and VM environment integration.
11. What is Square?
⣠Apple Premium Reseller in the UK
⣠Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
12. What is Square?
⣠Apple Premium Reseller in the UK
⣠Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
⣠Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
13. What is Square?
⣠Apple Premium Reseller in the UK
⣠Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
⣠Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
⣠International Apple Support Centres
14. What is Square?
⣠Apple Premium Reseller in the UK
⣠Apple Authorised Reseller in the USA, Latin
America & Singapore (Square [ i ] International)
⣠Hospitality specialists with our own IP in
software solutions (IPTV & Business Centre)
⣠International Apple Support Centres
⣠42 Square Design & Marketing Communications
17. The Challenge
How does the worldâs largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
18. The Challenge
How does the worldâs largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
⣠Only 2 Mac Support specialists based in London and New York
19. The Challenge
How does the worldâs largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
⣠Only 2 Mac Support specialists based in London and New York
⣠Being able to work with and re-purpose existing âstandardâ packages
20. The Challenge
How does the worldâs largest Art Auction House deploy, manage & maintain
over 200 Macs across three continents within the following framework?
⣠Only 2 Mac Support specialists based in London and New York
⣠Being able to work with and re-purpose existing âstandardâ packages
⣠6 locations in 3 Continents - Distributing the Distribution Points!
24. Considerations
⣠Choice of the Server for the JSS
⣠Choice of the Server for the Distribution Point
25. Considerations
⣠Choice of the Server for the JSS
⣠Choice of the Server for the Distribution Point
⣠JSS setup
26. Considerations
⣠Choice of the Server for the JSS
⣠Choice of the Server for the Distribution Point
⣠JSS setup
⣠Security
27. Considerations
⣠Choice of the Server for the JSS ⣠Package Replication
⣠Choice of the Server for the Distribution Point
⣠JSS setup
⣠Security
28. Considerations
⣠Choice of the Server for the JSS ⣠Package Replication
⣠Choice of the Server for the Distribution Point ⣠Replication servers
⣠JSS setup
⣠Security
29. Considerations
⣠Choice of the Server for the JSS ⣠Package Replication
⣠Choice of the Server for the Distribution Point ⣠Replication servers
⣠JSS setup ⣠Imaging Process
⣠Security
30. Considerations
⣠Choice of the Server for the JSS ⣠Package Replication
⣠Choice of the Server for the Distribution Point ⣠Replication servers
⣠JSS setup ⣠Imaging Process
⣠Security ⣠What is Next? (In few words)
48. Network Setup
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
49. Network Setup
⣠Casper servers are clustered
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
50. Network Setup
⣠Casper servers are clustered
⣠Outside the LAN, managed devices
will check in from the dmz
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
51. Network Setup
⣠Casper servers are clustered ⣠Only one port transits from DMZ to LAN 3306
(MySQL)
⣠Outside the LAN, managed devices
will check in from the dmz
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
52. Network Setup
⣠Casper servers are clustered ⣠Only one port transits from DMZ to LAN 3306
(MySQL)
⣠Outside the LAN, managed devices
will check in from the dmz ⣠Change of the JSS database password
Firewall
3306 3306 3306 *
Casper Server Casper db Casper Server
DMZ LAN
In and outbound connection
LAN connection
* Not available anymore
65. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
66. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
67. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
rsync via ssh tunnel
68. How do you do that?
Replication using keypair 2048 bit encryption rsync via ssh tunnel
#ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "LOCATION"
#cat ~/.ssh/id_rsa.pub | ssh myjssserver 'cat - >> ~/.ssh/authorized_keys'
rsync via ssh tunnel
#rsync -avrpogz --delete -e ssh root@myjssserver:"Source" "Destination" >>yourlogfile
74. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
75. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
Computer is automatically imaged
76. Possible Workflow with Pre-Stage
Computer is added to Prestage imaging
Computer netboots
Computer is automatically imaged
Computer is ready to be given to the end user
80. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
81. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
Computer is added to the inventory
82. Possible Workflow with QuickAdd
Computer is given to the end user
Computer is setup by the user. QuickAdd package is installed
Computer is added to the inventory
The policies are triggered automatically according to the network segment
86. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
87. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
88. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
Computer is added to the inventory
89. Possible Workflow with Customised QuickAdd
Computer is given to the end user
Computer is setup by the user. Customised QuickAdd package is installed
User complete a predefined set of information
Computer is added to the inventory
The policies are triggered automatically according to the Extended attributes set by the user.
