The folks at AUC have posted my talk from XWorld 2016 about hosting the JSS in AWS.
Amazon Web Services’ Elastic Load Balancers can offer a great combination of security, availability, and performance to your JSS deployment. Elastic Load Balancers aren’t terribly difficult to set up, but there are a few gotchas to be aware of when using them with the JSS.
If you’re using a publicly trusted certificate with your JSS, you might have trouble with DEP enrollments failing with the ever so helpful error “Failed to contact Mobile Device Management server.” But is that really what’s happening here? The Mobile Device Management server is reachable (because of course that’s the first thing we check when we see this kind of error), so what’s causing this failure? The explanation is actually quite simple, but not very obvious.
Having recently updated my JSS to 9.82, I quickly noticed that my “Require password immediately after sleep or screen saver begins” setting was no longer being enforced. After some investigation, it became apparent that the JSS was not passing the “Ask For Password Delay” value into the profile when set to “immediately.”
As a Mac deployment grows, eventually the JSS might become too overloaded for a single server to handle. When that happens, installing the JSS on multiple servers and load balancing between them becomes ideal. This has the advantage of having many servers on the back end, but having it appear and function as a single unified server.
Pound is a free reverse proxy that can be used for load balancing the JSS. It can be run on just about any flavor of Linux. I wouldn’t recommend it for a critical production environment, but for testing or learning, it’s a great option.