Overview
In certain circumstances, there is a requirement where a direct LDAPS connection is not possible to implement a Jamf Infrastructure Manager (JIM). This is commonly deployed within the DMZ and will proxy and securely tunnel traffic from datajar.mobi to internal domain controllers via the proxy. It is important to note that no direct connection occurs to internal systems from datajar.mobi.
System Requirements
- Windows Server 2012 (64-bit), Windows Server 2012 R2 (64-bit), Windows Server 2016 (64-bit) or Windows Server 2019 (64-bit) (Note: .NET Framework 4.0 or later is required.)
- A 64-bit capable Intel processor
- 2 GB of RAM
- 300 MB of disk space available
- Amazon Correcto v11 (see below)
How to install and configure Amazon Corretto (OpenJDK) 11
- Download Amazon Corretto: https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/windows-7-install.html
- Use the instructions from the above URL.
Network Configuration
In order for the JIM to communicate with datajar.mobi, the following network requirements must be met:
- TCP port 8389 inbound from Internet (see IP restrictions)
- TCP port 443 outbound from DMZ to datajar.mobi (see IP restrictions)
- TCP port 389 inbound from DMZ
- TCP port 53 inbound from DMZ
Name Resolution
It is important to note that a server with the Infrastructure Manager role must resolve both internally and externally to the same hostname. For example, internally the server im.domain.com would resolve to 192.168.1.10 and when queried from the internet the server im.domain.com would resolve to 195.20.19.8.
This is called split DNS and is required if you are using Network Address Translation. If you are not sure on your deployment type, please speak to your implementation engineer.
Once you have you network configuration in place, please supply all details via our service desk where you implementation engineer will then test and apply your configuration.
Service Account
Lastly, in order for datajar.mobi to query your directory services a service account is required that can read it. Please ensure you provide you implementation engineer the following:
- Username: Please supply the username and fully distinguished path i.e. CN=readaccount,DC=example,DC=com
- Password: Please supply a secure password.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.