A Jamf Infrastructure Manager instance is a service that is managed by Jamf Pro. It can be used to host the following:
LDAP Proxy—This allows traffic to pass securely between Jamf Pro and an LDAP directory service. The Infrastructure Manager and the LDAP Proxy typically reside within the DMZ.
The LDAP Proxy requires integration with an LDAP directory service.
For more information, see the LDAP Proxy section in the Jamf Pro Administrator’s Guide.
Healthcare Listener—This allows traffic to pass securely from a healthcare management system to Jamf Pro.
For more information, see the Healthcare Listener section in the Jamf Pro Administrator’s Guide.
When you install an instance of the Infrastructure Manager, Jamf Pro allows you to enable the LDAP Proxy or the Healthcare Listener. Infrastructure Manager instances can be installed on Linux and Windows. For more information, see Installing a Jamf Infrastructure Manager Instance.
When using the LDAP Proxy, the Jamf Infrastructure Manager can be customized for incoming access by any available port 1024 or greater. For Linux, port 1024 or greater must be used because lower-numbered ports are reserved for root services. The port used must be opened, inbound, on your firewall and also on the computer on which the Infrastructure Manager is installed. The recommended port is 8389 for communication between your Jamf Pro server and the Infrastructure Manager. Configure inbound firewall rules on your connection and the Jamf Infrastructure Manager host's operating system to allow connections on a selected port only from Jamf Pro. For more information, see the Permitting Inbound/Outbound Traffic with Jamf Cloud Knowledge Base article.
Note: The Infrastructure Manager does not currently respect network proxy settings configured in the host operating system or in Java. Therefore, the Infrastructure Manager must be enrolled with Jamf Pro and receive its initial configuration on a network that does not require connection via an outbound proxy. Unless a firewall rule is created to allow the Infrastructure Manager to connect to Jamf Pro without using an outbound proxy, the Infrastructure Manager will not receive LDAP configuration updates or be able to notify Jamf Pro that it is operational. It will still be able to receive the inbound LDAP lookup requests from Jamf Pro, however.
For communication between the Infrastructure Manager and an LDAP directory service, your LDAP server’s regular incoming port is used. This port is specified in the LDAP server’s configuration in Jamf Pro. The most common configurations are port 389 for LDAP and port 636 for LDAPS. This communication occurs between the Infrastructure Manager in the DMZ and an internal LDAP directory service only.
Note: If your environment is hosted in Jamf Cloud and uses Network Access Translation (NAT), you can configure the Jamf Infrastructure Manager to ensure successful communication between the Infrastructure Manager and Jamf Pro. For more information, see the Configuring the Jamf Infrastructure Manager to Use Network Address Translation (NAT) Knowledge Base article.
When using Jamf Pro hosted on Jamf Cloud, the necessary external IP addresses for Jamf Cloud must be allowed inbound to the Infrastructure Manager. Jamf Cloud customers should limit the source IP addresses to the list for their hosting region.
Note: Internal domain addresses (for example, .local, .company, or .mybiz) are not supported at this time. The Infrastructure Manager must be resolvable to the external Jamf Pro server.
For more information about network communication and the connections initiated between the Infrastructure Manager and Jamf Pro, see the Network Ports Used by Jamf Pro Knowledge Base article.
For more information on Infrastructure Manager-related topics, see the following sections in the Jamf Pro Administrator's Guide:
For more information on how to configure the LDAP server manually, see the LDAP Attribute Mappings Reference Knowledge Base article.