In certain circumstances there is a requirement where a direct LDAPS connection is not possible to implement a Jamf Infrastructure Manager (JIM). This is commonly deployed within the DMZ and will proxy and securely tunnel traffic from datajar.mobi to internal domain controllers via the proxy. It is important to note that no direct connection occurs to internal systems from datajar.mobi.
- Windows Server 2008 R2 (64-bit), Windows Server 2012 (64-bit), Windows Server 2012 R2 (64-bit) or Windows Server 2016 (Note: .NET Framework 4.0 or later is required.)
- A 64-bit capable Intel processor
- 2 GB of RAM
- 300 MB of disk space available
- Amazon Correcto (see below)
How to install and configure Amazon Corretto (OpenJDK) 8
- Download Amazon Corretto: https://docs.aws.amazon.com/corretto/latest/corretto-8-ug/windows-7-install.html
- Run the installer and follow the instructions
- Copy and paste the following script into your preferred text editor, and then save it as a .bat file:
reg add "HKLM\Software\JavaSoft\Java Development Kit" /v CurrentVersion /t REG_SZ /d "1.8" /f
reg add "HKLM\Software\JavaSoft\Java Runtime Environment" /v CurrentVersion /t REG_SZ /d "1.8" /f
reg add "HKLM\SOFTWARE\WOW6432Node\Apache Software Foundation\Procrun 2.0\Tomcat8\Parameters\Java" /v Jvm /t REG_SZ /d "C:\Program Files\Amazon Corretto\jre8\bin\server\jvm.dll" /f
- Note: The path to OpenJDK listed in the commands must match your downloaded OpenJDK version. If necessary, change the path to the OpenJDK installation in the above command.
- Run the .bat script to edit the Java registry entries.
Note: The script must be run as an administrator.
In order for the JIM to communicate with datajar.mobi, the following network requirements must be met.
- TCP port 8389 inbound from Internet (see IP restrictions)
- TCP port 443 outbound from DMZ to datajar.mobi (see IP restrictions)
- TCP port 389 inbound from DMZ
- TCP port 53 inbound from DMZ
It is important to note that a server with the Infrastructure Manager role must resolve both internally and externally to the same hostname. For example, internally the server im.domain.com would resolve to 192.168.1.10 and when queried from the internet the server im.domain.com would resolve to 220.127.116.11. This is called split DNS and is required if you are using Network Address Translation. If you are not sure on your deployment type, please speak to you implementation engineer.
Once you have you network configuration in place, please supply all details via our service desk where you implementation engineer will then test and apply your configuration.
Lastly, in order for datajar.mobi to query your directory services a service account is required that can read it. Please ensure you provide you implementation engineer the following:
- Username: Please supply the username and fully distinguished path i.e. CN=readaccount,DC=example,DC=com
- Password: Please supply a secure password.
If you have any questions or queries with the above, please direct them to firstname.lastname@example.org