One of the challenges Casper admins can run into is performance tuning, which can require going into parts of the JSS that you normally go into only when JAMF Support asks you to do so. To help with this process, there are formulas which you can use to calculate if your JSS’s Tomcat and MySQL services are configured for best performance.
Before proceeding further, I want to emphasize that a) check with JAMF Support first and b) you should always, always, always make backups of your JSS before changing settings. I assume no responsibility and bear no culpability if your JSS breaks as a result of anything you implement as a result of reading this post. I am also not responsible for incorrect math, ruining anyone’s weekend, or that long talk you now need to have with your boss about why your JSS is now broken.
One other thing to be aware of is that I’m going to be focusing on Linux and Windows in this post since those are the platforms that I’m most familiar with for hosting a Casper 9 JSS.
For more details, see below the jump:
One of the lesser-known changes that Apple introduced with OS X Yosemite was a Hypervisor framework, which was designed to allow virtualization solutions to be built for OS X without the need for third-party kernel extensions.
One reason for this was that eliminating the need for kernel extensions allowed the possibility of virtualization software to be distributed and sold via the Mac App Store. While neither VMware or Parallels have taken advantage of this, a new virtualization product named Veertu has recently become available in the MAS.
Veertu is available for free from the MAS, and allows installation of selected Linux VMs, downloaded from Veertu’s online library. For more details, see below the jump.
As part of keeping an eye on my support systems, I’ve been using a script for my Casper servers running on Linux which emails me a status report on a daily basis. I adapted this script from an earlier one I wrote to monitor Tomcat and alert me if Tomcat was having issues. The script tells me a number of things that are useful to know, including the following:
- Free space on all attached drives
- Who’s logged in via SSH or in the console
- Virtual memory statistics
- Current system tasks
- SMB connections information
- Recent entries in the Apache server logs
- Recent entries in the JSS server log
In my case, my Casper servers are hosted on Red Hat Enterprise Linux so I’ve focused this script’s development and testing on compatibility with RHEL-based Linux distributions. That said, nothing in it is RHEL-specific so it should also work on other Linux distributions. For more information, see below the jump.
As part of preparing for Yosemite, I’ve started testing Casper 9.5.1. As part of my testing, I wanted to address an issue that first appeared for me in Casper 9.4: The blue Featured banner in Self Service.
I use the Featured setting to publish items to the Self Service landing page. When I upgraded my test environment to Casper 9.4, I noticed that all of my Featured items now had a blue Featured banner. Since everything on the main landing page is set to be Featured, in my opinion the banner is distracting and does not add value.
I have submitted a feature request to be able to turn off the blue Featured banner, but as of 9.5.1 this feature request is marked as UNDER REVIEW and has not been implemented. Since I anticipate that I’ll have Macs running Yosemite within the next month, I’ll likely need to deploy Casper 9.5.1 and I wanted to be able to stop this banner from appearing in 9.5.1’s Self Service.
The approach I adopted was to take a copy of the appropriate PNG file on the Casper server and use Preview’s Instant Alpha tool to make all content in the image transparent. In effect, I wanted to have the Featured banner file still be there (to help avoid failures in the event that something in Self Service was checking for the file’s presence) but have the banner itself be completely invisible to my users. This approach worked just fine in my testing and it appears to be similar to what Christopher Collins is using in his shop.
For those who want a copy of the transparent PNG file that I created, I have it available for download here. Once downloaded and uncompressed, it’ll be a PNG file named casper_95_featured.png.
Using the downloaded PNG file, here’s how to deploy on a Casper server to make the Featured banner transparent:
NOTE: The instructions below are for a Casper server running on Red Hat Enterprise Linux, where the JSS Tomcat directory is stored in /usr/local/jss and the Tomcat server has an associated tomcat7 user. The JSS Tomcat directory may be installed in a different location and the Tomcat user may not be named tomcat7 on operating systems other than RHEL . When in doubt, contact JAMF Support for assistance.
1. Log into the Casper server using an account that can use root privileges.
2. Copy casper_95_featured.png into /usr/local/jss/tomcat/webapps/ROOT/images/selfservice2
3. Rename the existing featured.png in /usr/local/jss/tomcat/webapps/ROOT/images/selfservice2 to now be named featured_bak.png
4. Rename casper_95_featured.png to now be named featured.png
5. Run the following command with root privileges:
chown tomcat7:tomcat7 /usr/local/jss/tomcat/webapps/ROOT/images/selfservice2/featured.png
6. Start Self Service and verify that the blue Featured image does not appear.
If the blue Featured banner is still appearing in Self Service, the Featured banner may be cached on individual Macs To fix this, you can clear the Self Service cache on the affected machines by following the procedure below:
1. Quit Self Service
2. Remove the com.jamfsoftware.selfservice folder from /Users/username/Library/Caches/
3. Relaunch Self Service
The blue Featured banner should no longer appear in Self Service.
As part of Firefox 31’s release, Mozilla made a change to enable support for NT LAN Manager version 1 (NTLMv1) network authentication when connecting to sites that are using HTTPS to allow encrypted communication via SSL between Firefox 31 and the website in question. This is to address the change made in Firefox 30, which disabled support for NT LAN Manager version 1 (NTLMv1) network authentication for sites using either HTTP and HTTPS.
NTLMv1 authentication to sites using HTTP is still disabled by default. For more information on why HTTPS is now enabled while HTTP remains disabled, this Mozilla bug report discusses the issue.
A way to tell if the NTLMv1-using site you’re trying to access is using HTTP or HTTPS is to check the connection address. If it begins with https://, you should be OK. If it begins with http:// , Firefox 31 will still block NTLMv1 authentication.
If you need to enable NTLMv1 authentication for an HTTP site that uses NTLMv1 authentication, Mozilla has provided a workaround to non-Windows users of Firefox, in the form of a setting that can be toggled to allow NTLMv1 authentication. This workaround should allow Mac and Linux users to continue using NTLMv1 authentication on HTTP sites, which will allow access again to SharePoint-based or IIS-backed web applications. For those folks who need it, I have the workaround documented here.
Since Casper 9.x was first released, I’ve been preparing for my shop’s own upgrade from Casper 8.x to 9.x. As of the morning of Saturday, June 28th, those preparations have ended with my shop’s successful upgrade to Casper 9.32. When I mentioned this on Twitter, I heard from a few folks who mentioned that they were planning to also do this in the near future and @theycallmebauer asked if I was going to post about my experience.
I thought that was a good idea, so please see below the jump for the details.
As part of Firefox 30’s release, Mozilla made a change to disable support for NT LAN Manager version 1 (NTLMv1) network authentication. This change affects sites using Microsoft’s SharePoint or IIS services. The Windows version of Firefox 30 should switch to using NTLMv2 authentication automatically, but NTLMv2 is not supported by Firefox on non-Windows platforms.
Update – 7-22-2014: Mozilla has released Firefox 31, which now allows access on non-Windows platforms to Sharepoint and IIS sites using HTTPS. For more details, see this post.
The result for non-Windows platforms is that access may be blocked when Firefox 30 users try to access those kinds of sites.
Mozilla has provided a workaround to non-Windows users of Firefox, in the form of a setting that can be toggled to allow NTLMv1 authentication. This workaround should allow Mac and Linux users to continue using NTLMv1 authentication, which will allow access again to SharePoint-based or IIS-backed web applications. For more details, see below the jump.