A Jamf Infrastructure Manager instance is a service that is managed by the Jamf Software Server (JSS). It can be used to host the following:
LDAP Proxy—This allows traffic to pass securely between a JSS and an LDAP directory service. The Infrastructure Manager and the LDAP Proxy typically reside within the DMZ.
The LDAP Proxy requires integration with an LDAP directory service.
For more information, see the LDAP Proxy section in the Casper Suite Administrator’s Guide.
Healthcare Listener—This allows traffic to pass securely from a healthcare management system to a JSS.
For more information, see the Healthcare Listener section in the Casper Suite Administrator’s Guide.
When you install an instance of the Infrastructure Manager, the JSS allows you to enable the LDAP Proxy or the Healthcare Listener. Infrastructure Manager instances can be installed on Linux and Windows. For more information, see Installing a Jamf Infrastructure Manager Instance.
When using the LDAP Proxy, the Jamf Infrastructure Manager can be customized for incoming access by any unused port above 1024. The port used must be opened, inbound, on your firewall and also on the computer on which the Infrastructure Manager is installed. The recommended port is 8389 for communication between your JSS and the Infrastructure Manager.
For communication between the Infrastructure Manager and an LDAP directory service, your LDAP server’s regular incoming port is used. This port is specified in the LDAP server’s configuration in the JSS. The most common configurations are port 389 for LDAP and port 636 for LDAPS. This communication occurs between the Infrastructure Manager in the DMZ and an internal LDAP directory service only.
Note: The Infrastructure Manager does not support Network Address Translation (NAT).
When using the JSS hosted on Jamf Cloud, the necessary external IP addresses for Jamf Cloud must be allowed inbound to the Infrastructure Manager. For more information, see the Permitting Inbound/Outbound Traffic with Jamf Cloud Knowledge Base article.
Note: Internal domain addresses (for example, .local, .company, or .mybiz) are not supported at this time. The Infrastructure Manager must be resolvable to the external JSS server.