Casper Replication

One of the problems we have in our environment, is our smaller offices don’t necessarily have a tunnel set back to HQ, and they have a lower bandwidth available so we wanted a DP onsite.

Originally we were doing replication via JDS. We still ended up using JAMF’S create DP script to provide us the failover we require. This worked however it did add extra layers of complexity to a process that really had no need to be complex.

It also added, one more piece to update when you updated the JSS.

 

By going with BTSync we were able to not have to worry about having an internal point to point link, instead utilizing the BT protocol to sync our DP’s using its mesh technology. BTsync encrypts the data as it transmits over the web. Which always has a risk, but we’re not storing sensitive data on our DP’s.

Mistakes Made:

  • Setting all DP’s To read/write sounds like a good idea, until you start cleaning one out while the rest are “indexing” creating an infinite loop of deleting files, and bt sync readding them.
  • Clicking remove, coincidently removed the sharing settings for that folder from every machine. TO re-add it one would have to rename either the master file or rename all presynced master folders, then copy and paste and let btsync reindex. Or end up with many named folders.

image04

Final Setup

Each machine auto logs in after reboot (btsync cannot run as a service on osx)

  • What we finally ended up with was a master DP (located in HQ) that has read/write access to a our shared folder “CasperFiles”.
  • Added all DP sites, let them sync for a minute. Quit BTSync on those machines, manually moved all JDS replicated files into the new folder. Opened up btsync and let it reindex.
  • We enabled Classic folders, which enables read only access.
  • Only our master is Read/Write, ensuring all slaves can’t destroy the repo.
  • Set our low bandwidth offices to 10kb/s upload. (It could be 1 kb to ensure those sites never upload)
  • Added our individual work machines within our IT group as read only access to the folder to the shared folder for Local Imaging (these machines usually sync over the network to the network attached dp) Made staff aware, that it’s always on, and if they’re on limited bandwidth (such as mobile hotspots) they should pause sync.

image03

  • Shared “CasperFiles”, with read only access on slaves, and read/write to the master
  • Uncheck “Store Deleted file in folder archive”
  • Added read/write usernames with afp shares (changing to https in the future) pointed to the folder location

Screen Shot 2016-07-17 at 8.56.24 AM

  • Updated the JSS to correspond to the new shares and set failover to our external DP.

image01

Final Thoughts:

  • You could run this on any OS that btsync supports. Including a Raspberry PI or in a cloud computing node..
  • Currently on OSX the machine needs to be logged in.
  • Its an all or nothing approach, you don’t get to choose what you’re syncing to each dp.
  • More secure environments can create a private IP host list

No Comments

Leave a Comment