Prerequisites Guide for ios



Similar documents
Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Configuration Guide BES12. Version 12.2

Sophos Mobile Control SaaS startup guide. Product version: 6

Configuration Guide BES12. Version 12.1

Deploying iphone and ipad Mobile Device Management

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Configuration Guide BES12. Version 12.3

Sophos Mobile Control Installation prerequisites form

Mobility Manager 9.0. Installation Guide

Preparing for GO!Enterprise MDM On-Demand Service

BlackBerry Enterprise Service 10. Version: Configuration Guide

ipad in Business Mobile Device Management

Copyright 2013, 3CX Ltd.

iphone in Business Mobile Device Management


ManageEngine Desktop Central. Mobile Device Management User Guide

How to Obtain an APNs Certificate for CA MDM

Frequently Asked Questions Enterprise Mobile Manager

Sophos Mobile Control Installation guide. Product version: 3.5

CA Mobile Device Management 2014 Q1 Getting Started

QuickStart Guide for Managing Mobile Devices. Version 9.2

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide


Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Managing OS X with Configuration Profiles

QuickStart Guide for Mobile Device Management

QMX ios MDM Pre-Requisites and Installation Guide

Configuration Guide. BES12 Cloud

QuickStart Guide for Mobile Device Management. Version 8.6

Sophos Mobile Control Installation guide. Product version: 5.1

Mobile Device Management Solution Hexnode MDM

Sophos Mobile Control Installation guide. Product version: 3.6

APPLE PUSH NOTIFICATION IN EMC DOCUMENTUM MOBILE APPLICATION

MaaS360 Cloud Extender

Sophos Mobile Control Installation guide. Product version: 3

Kaspersky Lab Mobile Device Management Deployment Guide

MaaS360 On-Premises Cloud Extender

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Mobile Device Management Version 8. Last updated:

PROTECTING DATA IN TRANSIT WITH ENCRYPTION IN M-FILES

COMODO CERTIFICATE MANAGER. Simplify SSL Certificate Management Across the Enterprise

Mobile Device Management and Security Glossary

Introduction to the EIS Guide

CUSTOMER SAP Afaria Overview

PC Monitor Enterprise Server. Setup Guide

BES10 Cloud architecture and data flows

Hosted Microsoft Exchange Client Setup & Guide Book

Hosted Microsoft Exchange Client Setup & Guide Book

The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices

Server Installation ZENworks Mobile Management 2.7.x August 2013

Symantec Mobile Management 7.2 SP3 MR1 Release Notes

Deploy Remote Desktop Gateway on the AWS Cloud

Bosch Video Management System

Casper Suite. Security Overview

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

iphone and ipad in Business Deployment Scenarios

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Advanced Administration

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

DEVICE MANAGEMENT EXTENSIONS

EMR Link Server Interface Installation

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Sophos Mobile Control Installation guide

CUSTOMER Installing SAP Afaria

Symantec Mobile Management 7.2 MR1Quick-start Guide

Creating an Apple APNS Certificate

Deploying iphone and ipad Apple Configurator

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

Installation Procedure SSL Certificates in IIS 7

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the BlueSecure Controller (BSC)

Password Reset PRO INSTALLATION GUIDE

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

Q. I use a MAC How do I change my password so I can send and receive my ?

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc.

Casper Suite Administrator s Guide. Version 9.0

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

Vodafone Secure Device Manager Administration User Guide

WirelessOffice Administrator LDAP/Active Directory Support

SQL Server 2008 and SSL Secure Connection

ipad Classroom Installation & Deployment Important information

Ensuring the security of your mobile business intelligence

MS Skype for Business and Lync. Integration Guide

Application Note. Onsight Connect Network Requirements v6.3

Cloud Services MDM. Control Panel Provisioning Guide

GRAVITYZONE HERE. Deployment Guide VLE Environment

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

How to Pop to Outlook

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Server Software Installation Guide

Install and configure server

Mobility Manager 9.5. Installation Guide

Transcription:

Prerequisites Guide for ios

Prerequisites Guide for ios This document includes the following topics: Overview Apple Developer Membership Requirement Prerequisites for Mobile Device Management Prerequisites for Building the Athena MDM Agent Overview This guide contains prerequisite information for Mobile Device Management (MDM) of ios Devices. Included are the required Apple Developer membership, inbound and outbound ports, certificates and provisioning profile that is used when developing an Athena MDM Agent, SCEP or identity certificates, APNS certificate for Mobile Device Management, and optional root, signing, and encryption certificates for security. Apple Developer Membership Requirement The following membership is required: ios Developer Enterprise Program membership- visit the following Web site to become a member: http://developer.apple.com/programs/ios/enterprise Prerequisites for Mobile Device Management The following certificates and ports are required for Athena to manage ios devices.

4 Prerequisites Guide for ios Prerequisites for Building the Athena MDM Agent Microsoft SCEP Server or Identity Certificate(s) Microsoft SCEP Server- allows devices to be authenticated automatically over-the-air by a certificate authority and receive a unique certificate for identification. For more information on configuring a SCEP Server on Windows Server 2003 and 2008, see the SCEP Server Setup Guide. Identity Certificate(s)- while less secure, it is possible to manually generate one or more Identity Certificates through a certificate authority and then use them across all devices. Apple Push Notification Certificate for MDM (MDM Certificate) This certificate allows Athena to use the Apple Push Notification Service (APNS), which lets APNS notify ios devices under management to communicate with it. For more information on acquiring an MDM Certificate, see the MDM Certificate Guide For ios. Outbound TCP Ports To communicate with Apple s services, the following ports must be open for outbound connections over TCP: 2195- must be open, outbound, on the server hosting the Odyssey APNS NT Service for communication with the Apple Push Notification Service. 2196- must be open, outbound, on the server hosting the Odyssey APNS NT Service for communication with the Apple Push Notification Feedback Service. 5223- must be open, outbound, on any network on which ios devices are confined to a WLAN and unable to access cellular data networks. For a higher level of security, firewall rules can limit this port to the 17.0.0.0/8 address block which is assigned to Apple. 5223 can be left closed if all ios devices being managed have access to a cellular data network. Inbound TCP Port For ios devices to enroll with Odyssey Software's MDM Sync web service, the server hosting the service must be reachable by HTTP or HTTPS on some open port. Prerequisites for Building the Athena MDM Agent The following certificates and provisioning profile are required for building your own version of the Athena MDM Agent and distributing it in-house. This is only necessary if you do not plan to use the Athena MDM Agent offered in the Apple

Prerequisites Guide for ios 5 App Store. For information on acquiring these prerequisites and building your own version of the Athena MDM Agent, see the Athena Agent Development Guide. Developer Certificate- lets you sign the Athena MDM Agent under your own identity. WWDR Intermediate Certificate- validates your Developer Certificate. Apple Push Notification Certificate- authenticates Athena Services with the Apple Push Notification Service, allowing push notifications to be sent to the Athena MDM Agent. APN-Configured Provisioning Profile for Distribution- lets you build the Athena MDM Agent while configuring it to accept Apple Push Notifications not related to Mobile Device Management. Root Certificate Signing Certificates The following are optional, but strongly recommended if security is a priority for your organization. ios security is built on PKI (Public Key Infrastructure). For more information on acquiring and generating these security certificates, please see the Security Guide. The Root Certificate (from your certificate authority) must be placed onto ios devices and on any machine running Athena Services if it is self-signed (in other words, created by you). If your Signing, Encryption, and Server Authentication Certificates are signed by a recognized commercial certificate authority (such as VeriSign), a Root Certificate is not required on either the ios device or any machine running Athena Services. Signing Certificates ensure the integrity of configuration profiles by preventing tampering. They are created from a Root Certificate through a certificate authority. Two Signing Certificates must be generated, one for ios devices and one for any machine running Athena Services. Signing Certificate with Private and Public Keys- placed on any machine running Athena Services, allowing machines to sign configuration profiles before they are sent to ios devices. Signing Certificate with Public Key- placed on all ios devices, allowing devices to recognize and accept configuration profiles signed using the Signing Certificate with Private and Public Keys.

6 Prerequisites Guide for ios Encryption Certificates Signing Certificates ensure the integrity of configuration profiles by preventing tampering. They are created from a Root Certificate through a certificate authority. Two Signing Certificates must be generated, one for ios devices and one for any machine running Athena Services. Signing Certificate with Private and Public Keys- placed on any machine running Athena Services, allowing machines to sign configuration profiles before they are sent to ios devices. Signing Certificate with Public Key- placed on all ios devices, allowing devices to recognize and accept configuration profiles signed using the Signing Certificate with Private and Public Keys. Encryption Certificates ensure that information inside of configuration profiles cannot be read by a third-party, and must be used in conjunction with Signing Certificates. Encryption Certificates are created from a Root Certificate through a certificate authority. Two Encryption Certificates must be generated, one for ios devices and one for any machine running Athena Services. Encryption Certificate with Private and Public Keys- placed on all ios devices, allowing devices to decrypt and install configuration profiles encrypted using the Encryption Certificate with Public Key. Encryption Certificate with Public Key- placed on any machine running Athena Services, allowing machines to encrypt configuration profiles before they are sent to ios devices. Server Authentication (SSL) Certificate The Server Authentication Certificate is placed on any machine running Athena Services, and allows MDM commands to be encrypted and sent over HTTPS, preventing a third-party from reading the MDM commands. Server Authentication Certificates are created from a Root Certificate through a certificate authority. For sites with many machines on a single domain (e.g. multiple primary and secondary management points), it is possible to create a wild-card Server Authentication Certificate that can be installed on multiple machines.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information