Sophos Mobile Control Installation guide. Product version: 3

Similar documents
Sophos Mobile Control Installation guide. Product version: 3.5

Sophos Mobile Control Installation guide. Product version: 3.6

Sophos Mobile Control Installation guide

Sophos Mobile Control Startup guide. Product version: 3.5

Sophos Mobile Control Startup guide. Product version: 3

Sophos Mobile Control Installation guide. Product version: 5.1

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Sophos Mobile Control Installation prerequisites form

Sophos Mobile Control SaaS startup guide. Product version: 6

Sophos Mobile Control Super administrator guide. Product version: 3

Sophos Mobile Control Technical guide


Copyright 2013, 3CX Ltd.


Mobile Device Management Version 8. Last updated:

Sophos Mobile Control User guide for Apple ios

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Configuration Guide. BES12 Cloud

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Sophos Mobile Control User guide for Android

How to Obtain an APNs Certificate for CA MDM

Sophos Mobile Control User guide for Apple ios. Product version: 4

Server Installation ZENworks Mobile Management 2.7.x August 2013

Sophos Mobile Control Administrator guide. Product version: 3

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Push Notification Service Certificate

Sophos Mobile Control User guide for Apple ios. Product version: 2 Document date: December 2011

Sophos Mobile Control User guide for Android. Product version: 4

Sophos Mobile Control Administrator guide. Product version: 3.6

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

BlackBerry Enterprise Service 10. Version: Configuration Guide

Kaspersky Lab Mobile Device Management Deployment Guide

Enterprise Manager. Version 6.2. Installation Guide

MadCap Software. Upgrading Guide. Pulse

Installation Guide for Pulse on Windows Server 2012

Sophos Mobile Control user help. Product version: 6.1

Installation Guide for Pulse on Windows Server 2008R2

Sophos Mobile Control User guide for Windows Phone 8. Product version: 3.5

Sophos for Microsoft SharePoint startup guide

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Configuration Guide BES12. Version 12.3

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Preparing for GO!Enterprise MDM On-Demand Service

NSi Mobile Installation Guide. Version 6.2

QuickStart Guide for Managing Mobile Devices. Version 9.2

How To Manage Storage With Novell Storage Manager 3.X For Active Directory

Advanced Configuration Steps

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

SMART Vantage. Installation guide

QuickStart Guide for Mobile Device Management

SafeGuard Enterprise upgrade guide. Product version: 6.1

QUANTIFY INSTALLATION GUIDE

Aradial Installation Guide

AVG Business SSO Partner Getting Started Guide

Sophos Mobile Control User guide for Windows Mobile

QuickStart Guide for Mobile Device Management. Version 8.6

Reconfiguring VMware vsphere Update Manager

Configuration Guide BES12. Version 12.2

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

System Administration Training Guide. S100 Installation and Site Management

Server Software Installation Guide

Cloud Services MDM. Control Panel Provisioning Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

ez Agent Administrator s Guide

Configuration Guide BES12. Version 12.1

NovaBACKUP xsp Version 15.0 Upgrade Guide

Dell Mobile Management. Apple Device Enrollment Program

SafeGuard Enterprise Web Helpdesk

ECA IIS Instructions. January 2005

Creating an Apple APNS Certificate

TecLocal 4.0 MultiUser Database

WhatsUp Gold v16.3 Installation and Configuration Guide

Sophos Mobile Control Technical Guide. Product version: 3.5

Symantec Mobile Management 7.2 SP3 MR1 Release Notes

Generating an Apple Enterprise MDM Certificate

Wavecrest Certificate

Shakambaree Technologies Pvt. Ltd.

Sophos Mobile Control Technical Guide. Product version: 3

Installing SQL Express. For CribMaster 9.2 and Later

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

OnCommand Performance Manager 1.1

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Vodafone Secure Device Manager Administration User Guide

SafeGuard Enterprise upgrade guide. Product version: 7

GFI Product Manual. Web security, monitoring and Internet access control. Administrator Guide

Ekran System Help File

Remote Service Manager Installation & Configuration Guide

StreamServe Persuasion SP5 Control Center

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Novell Filr 1.0.x Mobile App Quick Start

Sophos UTM. Remote Access via SSL Configuring Remote Client

Interact for Microsoft Office

Windows Server Update Services 3.0 SP2 Step By Step Guide

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

Transcription:

Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013

Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External EAS Proxy server...33 5 Running the Sophos Mobile Control Service as a limited user...42 6 Updating Sophos Mobile Control...43 7 Apple Push Notification service...44 8 Technical support...47 9 Legal notices...48 2

Installation guide 1 Introduction Sophos Mobile Control is a device management solution for mobile devices like smartphones and tablets. Sophos Mobile Control helps to keep corporate data safe by managing apps and security. The Sophos Mobile Control system consists of a server and a client component which communicate through data connections and text messages. The Sophos Mobile Control client is easily installed and managed with over-the air setup and configuration through the Sophos Mobile Control web console. With the Sophos Mobile Control Self Service Portal for your users, you can reduce IT efforts by allowing users to register their own devices and carry out other tasks without having to contact the helpdesk. This guide describes: How to install and set up the Sophos Mobile Control server (SMC server) How to install the external EAS Proxy server How to update Sophos Mobile Control How to create and upload an APNs certificate 1.1 Access data The access data for the system is saved in a database that can be extended later on. All steps have to be executed as an administrator of Microsoft Windows Server or as a user of the relevant group. The database user needs sysadmin rights. 1.2 Licenses To use Sophos Mobile Control you need a valid license. After purchasing the software, you receive a license file named license.sql. You must place this file in the same directory as the setup file during installation. Note: If there is no valid license available, the SMC server can be installed, but you cannot register any mobile devices in the Sophos Mobile Control web console. 3

Sophos Mobile Control 2 The Sophos Mobile Control server The SMC server is a dispersed system that consists of the following components: JBoss SQL database server MSQL SMC server provided as Java-Enterprise-Archive inside JBoss Directory Service Redistributable package The individual components communicate either through the database or through the J2EE-standard-designated interfaces. In this case no further exchange files are necessary. It is required that the server scripts and property data are configured and that they work with the single server operation. If changes are necessary, the single setting parameters have to be modified. 2.1 Install the operating system One possible server operating system is Microsoft Windows Server 2008 R2. For installation, refer to the relevant documentation. In addition, you have to install the following packages manually: Microsoft SQL Server: Microsoft SQL 2008, Microsoft SQL 2008 R2, Microsoft SQL 2012 or MSQL. Java JDK (including JRE): Version 7u9 or higher MySQL 5.5 with InnoDB support If JDK is not contained in the installation package, you may have to download it. 4

Installation guide 2.2 Install the database server Microsoft SQL Server We recommend Microsoft SQL Server 2012 Express Edition for Windows with installer. The following description shows the installation process for Microsoft SQL Server 2012 Express with Tools. 1. Execute the installer and select New SQL Server stand-alone installation or add features to an existing installation. 2. If problems occur, the Setup Support Rules dialog is displayed. Make the necessary changes to solve the problems shown and click Next. 5

Sophos Mobile Control 3. In the License Terms dialog, select I accept the license terms and click Next. 6

Installation guide 4. In the Feature Selection dialog, make sure that the options Database Engine Services and Management Tools - Basic are selected. If necessary, modify the installation directory. Click Next. 7

Sophos Mobile Control 5. In the Instance Configuration dialog, change the instance name, if necessary. Click Next. 8

Installation guide 6. In the Server Configuration dialog, make sure that NT_AUTHORITY\System is selected for SQL Server Database Engine and click Next. 9

Sophos Mobile Control 7. In the Database Engine Configuration dialog, select Mixed Mode (SQL Server authentication and Windows authentication). Define a strong password for the system administrator account and click Next. 10

Installation guide 8. SQL Server 2012 installation is now complete. In the Complete dialog, click Close to close the Setup wizard. You can also close the SQL Server Installation Center now. 11

Sophos Mobile Control 9. Before Sophos Mobile Control can be installed, the TCP/IP Protocol for the SQL Server needs to be enabled and the TCP port needs to be set to 1433. Open the Start menu, select All Programs > Microsoft SQL Server 2012 > Configuration Tools and click SQL Server Configuration Manager. In the SQL Server Configuration Manager, go to to Protocols for SQLEXPRESS and double-click TCP/IP. 12

Installation guide 10. In the Protocol tab of the TCP/IP Properties dialog, set Enabled to Yes and click the IP Addresses tab. 13

Sophos Mobile Control 11. In the IP Addresses tab of the TCP/IP Properties dialog, click TCP Dynamic Ports and make sure that the field is empty to disable this function. Now click TCP Port, enter 1433 and click OK to apply your settings. 12. For the new settings to take effect, the server needs to be restarted. Click SQL Server Services, right-click SQL Server (SQLEXPRESS) and select Restart. 2.3 Install Java JDK7 When you install Java JDK7, source code does not have to be installed. Install Java JRE in its complete version. 2.4 Install MySQL Server To install MySQL Server by using MSI Windows installer for MySQL Community Server 5.5x: 1. Double-click the installer and install MYSQL Server 5.5x. After the installation has been completed the MySQL Server Instance Configuration Wizard is started. 14

Installation guide 2. Follow the wizard steps and and select the following options in the individual dialogs: a) Select Detailed Configuration. b) Select Server Machine. c) Select Multifunctional Database. d) Select the standard installation path. e) Select Decision Support (DSS)/OLAP. f) Make sure that Enable TCP/IP Networking is selected and port 3306 is selected in the Port Number field. Make sure that the Enable Strict Mode field is selected. Click Next. g) Select Best Support For Multilingualism. h) Select Install As Windows Service. Make sure that Launch the MySQL Server automatically is selected. Select Include Bin Directory in Windows PATH. i) Make sure that Modify Security Settings is selected and define a strong root password. j) Install the MySQL GUI Tools. Use Custom installation. Note: You do not have to install the Workbench Migration Toolkit. 3. Add the following line to the my.ini file: wait_timeout=86400. 4. Restart the MySQL service. 15

Sophos Mobile Control 3 Set up Sophos Mobile Control The key steps are: Execute the Sophos Mobile Control installer. Carry out the configuration steps in the Sophos Mobile Control Configuration Wizard. If you want to configure the EAS Proxy server separately, execute the Sophos Mobile Control EAS Proxy installer, see External EAS Proxy server (section 4). As a super administrator create a customer (a tenant for which devices are managed) in the Sophos Mobile Control administration web console. For further information on this setup step, refer to the Sophos Mobile Control super administrator guide. 3.1 Install and configure Sophos Mobile Control Prerequisites: Before you execute the Sophos Mobile Control installer, put the license file license.sql for the operation of the SMC server in the directory where the setup file is located. If you want to use the database type MySQL, the MySQL JDBC driver is required. Download this driver from http://www.mysql.com/downloads/connector/j/ and save it on the server. You need to select it during Sophos Mobile Control configuration. 16

Installation guide If the database is not held locally, you need access to the TCP Port 3306. In addition, you need an admin account that can log in from the Sophos Mobile Control server. 1. Execute the Sophos Mobile Control installer, review and agree to the License Agreement. The System Property Checks dialog is displayed. To check that the system environment fulfills all necessary requirements for Sophos Mobile Control installation, click Check. If you want to generate a system check report after the check has been run, click Report. 17

Sophos Mobile Control 2. If all requirements are fulfilled, click Next. The Choose Install Location dialog is displayed. Choose the destination folder and click Install to start installation. 3. After the installation process the Sophos Mobile Control Configuration Wizard welcome dialog is displayed. Click Next. 4. In the Database selection dialog you can select: Use Microsoft SQL Server Use MySQL For this option, the MySQL JDBC driver is required. Select Use MySQL and browse for the driver you have downloaded. 18

Installation guide Click Next to specify server information and logon credentials in the Database Settings dialog. This dialog offers the required options according to the database type you have selected. 5. If you have selected Use Microsoft SQL Server in the Database selection dialog, the Database Settings dialog offers the following options. To use the user credentials specified during SQL server installation, select Use SQL Server Authentication with the following credentials and enter the required user name and password. Click Next to continue. 19

Sophos Mobile Control 6. If you have selected, Use MySQL in the Database selection dialog, the Database Settings dialog offers the following options: Select Use MySQL Authentication with the following credentials and enter the required user name and password. Click Next to continue. 7. In the next step, you create the database. In the Database Selection dialog, select Create a new database named, enter a name (for example SMCDB) and click Next. The Database Configuration dialog is displayed. It shows the relevant progress messages. After the database has been successfully created and populated, click Next. 20

Installation guide 8. In the next step, you can select optional setup steps in the Choose setup steps dialog. Setup steps that are mandatory for initial configuration are preselected and greyed out. You can select the following optional steps: Configure user interface access IP range In this step, you can configure an IP range white list to manage access to the Sophos Mobile Control web console and the Self Service Portal. Configure Exchange ActiveSync Proxy This step is preselected, but you can deactivate it. With this step you set up the standard embedded EAS Proxy. If you want to set up EAS Proxy separately with several instances (for example for load balancing), run the separate EAS Proxy setup. For further information, see External EAS Proxy server (section 4). Note: The EAS Proxy configuration step is necessary for configuring compliance check settings. If you run the separate EAS Proxy setup and need to configure compliance check settings, leave this step selected. Enable SCEP (Simple Certificate Enrollment Protocol for ios devices) Select this option to enable SCEP support for ios devices. By configuring SCEP support you allow devices to obtain certificates from a Certificate Authority by using SCEP. All required settings for SCEP can be configured by a super administrator in the Sophos Mobile Control web console. For further information, see the Sophos Mobile Control super administrator guide. Select the required optional steps and click Next. 21

Sophos Mobile Control 9. In the next step, you configure a super administrator account. The super administrator you create in this dialog has specific rights and tasks and is primarily used for customer management. In Sophos Mobile Control, customers are the tenants that manage the devices of their users. The super administrator logs on to a super administrator customer and can, for example, predefine settings for new customers and push settings and configuration to existing customers. For further information, refer to the Sophos Mobile Control super administrator guide. In the Configure super admin account dialog, enter the Super admin customer (the customer the super administrator will log on to), the Super admin login (the super administrator login name) and a Super admin password. Confirm the password and click Next. Note: These credentials are required for logging on to the Sophos Mobile Control web console. Note: The super administrator should not be used in productive operation, but only for administrative purposes. The super administrator is primarily intended for customer management. 22

Installation guide 10. If you have selected the optional setup step Configure user interface access IP range in Choose setup steps, you can configure an IP range white list for user interface access in the next step. In Administration Interface, enter the white list for the Sophos Mobile Control administrator web console. In Self Service Portal, enter the white list for the Sophos Mobile Control Self Service Portal. Follow the instructions for entering IP addresses shown in the dialog. After you have entered all required information, click Next. 23

Sophos Mobile Control 11. In the next step, you enter SMTP information and logon credentials. Note: This is required for sending emails to new users to provide them with logon credentials. In the Configure SMTP dialog under Enter SMTP server information, enter the SMTP information and click Next. Under Enter Sophos Mobile Control server email information, enter the email information for exception and report mails (for example for an expired APNs certificate). 24

Installation guide 12. If you have left the option Configure Exchange ActiveSync Proxy in the Choose setup steps dialog selected, you configure the Exchange Active Sync (EAS) Proxy information in the next step. Note: The EAS Proxy configuration step is necessary for configuring compliance check settings in the next step. If you run the separate EAS Proxy setup (for example for load balancing), enter non-applicable information here. Note: If you want to use Lotus Traveller, you need to set up an external EAS Proxy server. For further information on how to set up an external EAS Proxy server, see Install external EAS Proxy server (section 4.1). Enter the relevant EAS-Proxy information and select Use SSL, if required. Under Default mail access for new devices under management, specify how email access should be checked and handled: Select Compliance check controlled email access for an ongoing automatic check if devices comply with your corporate rules for mobile access. If devices are not compliant, further email access through EAS proxy may be denied depending on the compliance settings specified in the Sophos Mobile Control web console. Select Allow email access if all new managed devices are to be granted email access through EAS proxy. The administrator has to deny access individually. Select Deny email access to deny new managed devices email access through EAS proxy. The administrator has to grant access individually. Click Next. 25

Sophos Mobile Control 13. If you have configured the EAS Proxy setup in the last step you can configure the compliance check in the next step. You can configure the following: In the Compliance check interval (in minutes) field, enter the time interval in which the check is to be performed. In the Device sync interval (in minutes) field, enter the time interval after which the device synchronizes with the server. Note: The value you set in this field only applies to ios devices. For Android and Windows Mobile devices a default of 24 hours applies. To define a different interval for these device types, use the command package Set MDM Sync Interval (in minutes). Click Next. 26

Installation guide 14. In the next step, a certificate for the secure (HTTPS) access to the web server needs to be created or imported. If you do not have a trusted certificate yet, select Create self signed certificate, click Next and continue with step 15. If you have a trusted certificate, click Import a certificate from a trusted issuer, select PKCS12 with certificate, private key and certificate chain (intermediate and CA) from the dropdown list, click Next and continue with step 16. You can also select Separate files for certificate, private key, intermediate and CA from the dropdown list, click Next and continue with step 17. 27

Sophos Mobile Control 15. If you have selected Create self signed Certificate, the following dialog is shown. Enter the appropriate certificate information. After you have entered all necessary information click Next to review and confirm the creation. 16. If you have selected PKCS12 with certificate, private key and certificate chain (intermediate and CA) under Import a certificate from a trusted issuer, the following dialog is shown. Select the appropriate file and enter a password. Click Next to review and confirm the import. 28

Installation guide 17. If you have selected Separate files for certificate, private key, intermediate and CA under Import a certificate from a trusted issuer, the following dialog is shown. Select the appropriate files and enter a password. Click Next to review and confirm the import. 18. In the next step, you verify the license information. Click Next to confirm the licensing and configuration process. 29

Sophos Mobile Control 19. Configuration is now complete. 30

Installation guide 20. After installation has finished, the Sophos Mobile Control - Installation finished dialog is displayed. Make sure that the check box Start Sophos Mobile Control server now is selected and click Finish to start the Sophos Mobile Control server for the first time. Note: If you have used MS authentication, do not select the checkbox Start the Sophos Mobile Control server now. If you have selected SQL server authentication during installation, the SMCSVC service is started automatically and the Sophos Mobile Control server is executed. If you have selected Windows authentication, you first have to enter logon details in the service and start it afterwards. Note: After the service has been started it can take a few minutes before the web interface is available. Note: If a different language than English is used for the SQL login, an error occurs and an error message is displayed. To solve this problem, first stop the SMCSVC service. Then open SQL Management Studio on the server and select Security followed by Logins. Edit the properties of the user that is used to start the SMC server and set the Default language for this acccount to English. Click OK and start the SMCSVC service again. 31

Sophos Mobile Control Continue with the following configuration steps: In the Configuration Wizard, you have now created a super administrator and a super administrator customer. This setup does not support the LDAP connection to a directory service such as Active Directory and the self-registration of end users with the Self Service Portal. To support these features, a customer must be created by the super administrator. For further information, refer to the Sophos Mobile Control super administrator guide. If you have selected to configure the EAS Proxy server separately, configure the EAS Proxy now, see External EAS Proxy server (section 4). 32

Installation guide 4 External EAS Proxy server With Sophos Mobile Control you can set up an external EAS Proxy server with several instances. Sophos Mobile Control offers a separate EAS Proxy installer for this purpose. Features Besides the features of the internal EAS Proxy, the external EAS Proxy offers the following features: Lotus Traveler client support (which is not ActiveSync) Support for multiple Microsoft Exchange and Lotus Traveler servers (one instance per mail server, one TCP port per instance) Usage scenarios An external EAS Proxy server should be used for the following scenarios: You use Lotus Traveler for non-ios devices. The internal EAS Proxy cannot handle this scenario as Active Sync is not used here. The internal EAS Proxy supports ios devices for Lotus Traveler as Traveler supports ActiveSync for ios. So for ios devices you do not need to use the external EAS Proxy. For other platforms (for example, Android or Windows Mobile), Lotus Notes Traveler is supported by the external EAS Proxy. For these platforms, a dedicated Traveler client software is required. This software is available through <traveler-server>/servlet/traveler or the Traveler file system. Sophos Mobile Control can install and uninstall the client software. Configuration has to be done manually. 33

Sophos Mobile Control You want to support multiple backend servers. With the external EAS Proxy you can set up multiple instances of backend mail systems. Each instance needs an incoming TCP port. Each port can connect to a different backend. You need one URL per EAS instance. You want to set up load balancing for EAS For this scenario an existing load balancer for http is required. You set up the external EAS Proxy on different machines. All of these machines connect to the Sophos Mobile Control database to check for the requesting device's compliance. 34

Installation guide Setup The following applies to installation and setup: The external EAS Proxy can be installed on the same server, but needs to listen on different ports. Incoming SSL is not supported, only plain http. A reverse proxy in front is required. The external EAS Proxy can run on different (virtual and physical) machines. The external EAS Proxy just needs a connection to the Sophos Mobile Control database. Simple Windows setup 4.1 Install external EAS Proxy server Prerequisite: Sophos Mobile Control has been installed and set up, see Install and configure Sophos Mobile Control (section 3.1). If the EAS Proxy is to be installed on a separate machine, Java JRE needs to be installed. To support MySQL, the JDBC driver is required. You can download this driver from http://www.mysql.com/downloads/connector/j/. 1. Execute the Sophos Mobile Control EAS Proxy Setup.exe. The Sophos Mobile Control EAS Proxy Setup welcome dialog is displayed. Click Next. 2. In the License Agreement dialog, review the license terms and click I Agree. 35

Sophos Mobile Control 3. In the Choose Install Location dialog, choose the destination folder and click Install to start installation. 4. After Sophos Mobile Control EAS Proxy has been installed, the EAS Proxy Configuration Wizard welcome dialog is displayed. Click Next. 5. In the Database selection dialog you can select: Use Microsoft SQL Server Use MySQL For this option, the MySQL JDBC driver is required. Select Use MySQL and browse for the driver you have downloaded. 36

Installation guide Click Next to specify server information and logon credentials in the Database Settings dialog. This dialog offers the required options according to the database type you have selected. 6. If you have selected Use Microsoft SQL Server in the Database selection dialog, the Database Settings dialog offers the following options: To use the user credentials specified during SQL server installation, select Use SQL Server Authentication with the following credentials and enter the required user name and password. Click Next to continue. 37

Sophos Mobile Control 7. If you have selected, Use MySQL in the Database selection dialog, the Database Settings dialog offers the following options: Select Use MySQL Authentication with the following credentials and enter the required user name and password. Click Next to continue. 8. In the next step, you select the database. In the Database Selection dialog, select the database created for SMC by the SMC server setup and click Next. 38

Installation guide 9. In the next step, you configure the EAS Proxy instances. In the EAS Proxy instance setup dialog enter an Instance name, the relevant Server port (incoming traffic) and the ActiveSync Server (target). Select Enable traveler client access to enable Lotus Traveler client access. After entering the instance information, click Add to add the instance to the Instances list. After you have configured the EAS Proxy instances, click Save to save your changes. Click Next. Note: To edit instances, click the relevant instance in this list. 39

Sophos Mobile Control 10. Configuration is now complete. Click Finish to close the Configuration Wizard. The Sophos Mobile Control EAS Proxy server is installed. 40

Installation guide 11. After installation has finished, the Sophos Mobile Control EAS Proxy Installation finished dialog is displayed. Make sure that the check box Start Sophos Mobile Control EAS Proxy server now is selected and click Finish to start the Sophos Mobile Control EAS Proxy server for the first time. Note: If you have selected Windows authentication during installation, the Sophos Mobile Control EAS Proxy server cannot be started automatically and the checkbox Start Sophos Mobile Control EAS Proxy server now is greyed out. You first have to enter logon details in the service and start it afterwards. The Sophos Mobile Control EAS Proxy server has been installed and configured. 41

Sophos Mobile Control 5 Running the Sophos Mobile Control Service as a limited user For security reasons, you may want to run the SMC service as a limited user instead of an administrator. Note: If you use Windows Authentication for database access, you only have to carry out step 3 of the following description. 1. On the computer, on which Sophos Mobile Control is running, create a local, regular Windows user account with a password that does not expire. 2. Remove this user account from all groups. (By default, the user is in the users group.) 3. Grant this user account full access to the Sophos Mobile Control installation directory (C:\Programs\Sophos\Sophos Mobile Control) including all subdirectories. 4. In the SMCSVC service properties, change the user to this user account with the relevant password. 42

Installation guide 6 Updating Sophos Mobile Control 6.1 Updating from version 1.x to 3.0 SMC Server installations version 1.x cannot be updated directly to version 3.0. Version 1.0 has to be updated to version 1.1 and then to version 2.0 first. 6.2 Updating from version 2.x to 3.0 To update your SMC Server installation to version 3.0, execute the Sophos Mobile Control 3.0 installer. The installer automatically detects that an existing installation is to be updated to version 3.0. The administrator is asked whether the service should be stopped. The database is updated automatically. 43

Sophos Mobile Control 7 Apple Push Notification service To use the built-in Mobile Device Management (MDM) protocol of devices running Apple ios 4 (or higher), Sophos Mobile Control must use Apple s Push Notification service (APNs) to trigger the ios devices. The following sections describe the requirements that have to be fulfilled and the steps you must take to get access to the APNs servers with your own client certificate. Sophos Mobile Control offers an APNs Certificate Wizard for creating your APNs certificate. The wizard is included in your product delivery. It is also available for download in the web console. Note: Do NOT use the Internet Explorer for any Apple websites. Apple recommends their own Safari browser, but Mozilla Firefox, Opera or Google Chrome also work. 7.1 Requirements For silent operations all devices must have at least ios version 4 installed. A free update is available from Apple for iphone 3G, 3GS, 4 ipad ipod touch, 3rd or 4th generation To notify ios devices, the Sophos Mobile Control server needs to connect to the Apple Push Notification service. The notifications are sent SSL-encrypted to gateway.push.apple.com:2195 TCP (17.0.0.0/8) ios devices with Wifi only need a connection to the APNs Wifi ios device -> *.push.apple.com:5223 TCP (17.0.0.0/8) 7.2 Create and upload an APNs certificate To create an APNs certificate, you use the APNs Certificate Wizard. The wizard is included in your product delivery. It is also available for download in the web console. In the Dashboard, click the Settings button and go to the ios APNS tab. To download the wizard, click the available download link. 1. Start the APNs Certificate Wizard by doubleclicking the file APNs Certificate Wizard.exe. The APNs Certificate Wizard welcome dialog is shown. 2. Click Next. The Create CSR dialog is shown. 44

Installation guide 3. Enter your Company Name and your Country code (for example US). These fields are mandatory. Note: Below these fields, the dialog shows where all data of the process is stored. Make a note of this information. 4. Click Next. The Upload PLIST dialog is displayed. 5. In this step, you upload the Certificate Signing Request to Apple. Follow the instructions in the dialog: a) Open the Apple site indicated in the dialog in your browser. Note: Do not use Internet Explorer to open the Apple site as this may cause problems. Use Firefox, Chrome or Safari instead. We recommend that you use the latest browser versions. b) Log in with your Apple ID. If you do not have an Apple ID, create one. c) In the first dialog of the Apple Push Certificates Portal, click Create a Certificate. d) Accept the terms and conditions. e) Browse for your Certificate Signing Request (*.plist) and click Upload. You find the file name and the path in the Upload PLIST dialog of the Sophos APNs Certificate Wizard. Your Apple push certificate is created. f) Save the certificate file (*.pem) in the directory indicated in the Upload PLIST dialog. 6. Click Next. The Create P12 dialog is displayed. 7. In this step, you create your APNs certificate for Sophos Mobile Control. Enter a password for the APNs certificate. You need this password later, when you upload the.p12 certificate file to Sophos Mobile Control. Note: The Create P12 dialog shows the directory the certificate will be stored in. Make a note of this information. We recommend that you create a backup of the folder that contains the certificate files. 8. Click Next. The Sophos Mobile Control APNs Certificate Wizard finished dialog is displayed. 9. Click Finish. 10. In the Sophos Mobile Control web console, click the Settings button and go to the ios APNS tab. 45

Sophos Mobile Control 11. Browse for the.p12 certificate file you have created, enter your password and click Upload. After the file has been uploaded successfully, a confirmation message is displayed. 12. Click Save. 7.3 Migrating APNs certificates from the ios Developer Enterprise Program Certificates created with the ios Developer Enterprise Program (idep) cannot be renewed from within the idep anymore. If you have created your MDM APNs certificates with idep and they are about to expire, you have to migrate them to the new method described in Create and upload an APNs certificate (section 7.2). 1. Go to https://identity.apple.com/pushcert/ and log in with your idep Apple ID that you used to create your existing APNs certificate. 2. Carry out the following steps. For details on individual steps, see Create and upload an APNs certificate (section 7.2). a) Create a CSR. b) Let Sophos sign the CSR. c) Click the Renew button and upload the signed CSR. d) Download the certificate. e) Convert the APNs Certificate for Sophos Mobile Control. 46

Installation guide 8 Technical support You can find technical support for Sophos products in any of these ways: Visit the SophosTalk community at http://community.sophos.com/ and search for other users who are experiencing the same problem. Visit the Sophos support knowledgebase at http://www.sophos.com/en-us/support.aspx. Download the product documentation at http://www.sophos.com/en-us/support/documentation.aspx. Send an email to support@sophos.com, including your Sophos software version number(s), operating system(s) and patch level(s), and the text of any error messages. 47

Sophos Mobile Control 9 Legal notices Copyright 2011-2013 Sophos Ltd. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner. Sophos is a registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 48

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information