QMX ios MDM Pre-Requisites and Installation Guide



Similar documents
Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Guide for Generating. Apple Push Notification Service Certificate

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Generating an Apple Enterprise MDM Certificate

Creating an Apple APNS Certificate

Generating an Apple Push Notification Service Certificate

How to Obtain an APNs Certificate for CA MDM

APNS Certificate generating and installation

Zenprise Device Manager 6.1

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

ECA IIS Instructions. January 2005

e-cert (Server) User Guide For Microsoft IIS 7.0

Mobility Manager 9.0. Installation Guide

Mobile Secure Cloud Edition Document Version: ios Application Signing

INSTALLING YOUR SSL CERTIFICATE ON THE FILEHOLD SERVER ON WINDOWS 2008 X64 ON IIS 7

Cloud Services MDM. Control Panel Provisioning Guide

Sophos Mobile Control Installation guide

Secure IIS Web Server with SSL

BlackBerry Enterprise Service 10. Version: Configuration Guide

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

QuickStart Guide for Mobile Device Management

Install an SSL Certificate onto SilverStream. Sender Recipient Attached FIles Pages Date. Development Internal/External None 5 6/16/08

QuickStart Guide for Mobile Device Management. Version 8.6

Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006

Sophos Mobile Control Installation guide. Product version: 3.5

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Microsoft IIS 7 Guide to Installing Root Certificates, Generating CSR and Installing certificate

App Orchestration 2.5

Sophos Mobile Control Installation guide. Product version: 3.6

WHITE PAPER Citrix Secure Gateway Startup Guide

Sophos Mobile Control Installation guide. Product version: 3

Sophos Mobile Control SaaS startup guide. Product version: 6

Configuration Guide. BES12 Cloud

BASIC CLASSWEB.LINK INSTALLATION MANUAL

Comodo Mobile Device Manager Software Version 1.0

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

CA Mobile Device Management 2014 Q1 Getting Started

Microsoft IIS 4 Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Configuration Guide BES12. Version 12.3

Configuration Guide BES12. Version 12.2

Generating and Renewing an APNs Certificate. Technical Paper May 2012

Copyright 2013, 3CX Ltd.

QuickStart Guide for Managing Mobile Devices. Version 9.2

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

Fusion Installer Instructions

Sophos Mobile Control Startup guide. Product version: 3.5

Configuring Load Balancing

Sophos Mobile Control Startup guide. Product version: 3

App Orchestration 2.0

Symantec Mobile Management 7.2 MR1Quick-start Guide

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Kaspersky Lab Mobile Device Management Deployment Guide

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

etoken Enterprise For: SSL SSL with etoken

Mobility Manager 9.5. Installation Guide

CA Mobile Device Management. How to Create Custom-Signed CA MDM Client App

Kony MobileFabric Messaging. Demo App QuickStart Guide. (Building a Sample Application

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

Introduction to the EIS Guide

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

This guide provides information on...

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Configuration Guide BES12. Version 12.1

Scenarios for Setting Up SSL Certificates for View

Setting Up SSL on IIS6 for MEGA Advisor

Certificate Management for your ICE Server

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Set up SSL in Deployment Solution 7.5

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Vodafone Secure Device Manager Administration User Guide

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

Preparing for GO!Enterprise MDM On-Demand Service

Parallels Mac Management for Microsoft SCCM 2012

Microsoft Office Web Apps Server 2013 Integration with SharePoint 2013 Setting up Load Balanced Office Web Apps Farm with SSL (HTTPS)

Wavecrest Certificate

Microsoft IIS Integration Guide

Mobile Device Management Version 8. Last updated:

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES


Reference and Troubleshooting: FTP, IIS, and Firewall Information

F-Secure Messaging Security Gateway. Deployment Guide

Clearswift Information Governance

Citrix XenMobile Mobile Device Management

NSi Mobile Installation Guide. Version 6.2

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

Deep Freeze and Microsoft System Center Configuration Manager 2012 Integration

Using TLS Encryption with Microsoft Outlook 2007

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Creating the Certificate Request

NetSpective Global Proxy Configuration Guide

ADFS Integration Guidelines

FTP, IIS, and Firewall Reference and Troubleshooting

User Guide Generate Certificate Signing Request (CSR) & Installation of SSL Certificate

Introduction to Mobile Access Gateway Installation

Sophos Mobile Control Installation guide. Product version: 5.1

Installation Guide. SafeNet Authentication Service

Transcription:

QMX ios MDM Pre-Requisites and Installation Guide QMX System Requirements The following requirements apply to the system that QMX will be installed on. This system will host the QMX MDM Service. These are in addition to the basic QMX system requirements. Follow the steps in this ios installation guide after successfully installing the QMX base framework using the QMX Configuration Manager Installation Guide. 1..Net 4.0 2. IIS must be installed. a. The IIS Management Scripts and Tools feature (Server 2008 and 2008 R2 only) should be added to the IIS Server role. This is not a requirement but it will ensure that the QMX MDM service will use the correct SSL certificate when signing messages sent to mobile devices. b. SSL Bindings must be configured on port 443 with a valid certificate and certificate chain. c. The subject of the SSL certificate must match the DNS name that Mobile Devices will use to connect to the QMX MDM Service. Devices will be asked to trust the Root CA of this certificate upon enrollment. 3. An MDM APNS certificate (including its corresponding private key) must be installed in the local certificate store (See section titled Acquiring and MDM APNS Certificate). Microsoft Simple Certificate Enrollment Protocol (MSCEP) System Requirements The QMX MDM service requires an MSCEP service to supply client enrollment certificates to mobile devices. This system does not need to be the same system QMX is installed on. 1. MSCEP for Active Directory Certificates Role Installed (Requires Enterprise Server) a. For more information regarding MSCEP, go to http://www.microsoft.com/downloads/details.aspx?familyid=e11780de-819f-40d7-8b8e- 10845BC8D446&displaylang=en 2. Hot-Fix for KB2483564 Installed - http://support.microsoft.com/kb/2483564 3. To allow for requests with long query strings, cut & paste the following command into a command window (required for ios devices): %systemroot%\system32\inetsrv\appcmd.exe set config /section:system.webserver/security/requestfiltering /requestlimits.maxquerystring:"3072" /commit:apphost Acquiring an MDM APNS Certificate To use MDM, you must be part of the Apple Developers program and have access to the portal for generating an App ID and generating a cert for MDM use with QMX.

Generate a Certificate Request through IIS on the QMX server 1. Select Start > Administrative Tools > Internet Information Services (IIS) Manager. 2. Select the server name. 3. From the center menu, double-click the Server Certificates button in the Security section. 4. Next, from the Actions menu on the right, select Create Certificate Request. This will open the Request Certificate wizard. 5. In the Distinguished Name Properties window, enter the following: a. Common Name - The name associated with the developer account. Organization - The legally registered name of your organization/company Organizational unit -The name of your department within the organization City/locality -The city in which your organization is located State/province -The state in which your organization is located Country/region The country in which your organization is located 6. Click Next 7. In the Cryptographic Service Provider Properties window, select the following: a. Cryptographic service provider: Microsoft RSA SChannel b. Bit length: 2048 8. Save the CSR to your computer. Remember the filename and location that you save the file. Submitting your certificate request to the Apple Developer Portal 1. From the QMX server, go to - http://developer.apple.com/devcenter/ios/index.action 2. Log in 3. Click ios Provisioning Portal, click App IDs, click New App ID. 4. Enter a common name for your App ID. [ Example: QMX MDM 1 ] 5. select an existing Bundle Seed ID for your App ID 6. Do NOT select Use Team ID 7. Enter a unique bundle identifier. Note: This must begin with com.apple.mgmt and end with a unique string. [ Example: com.apple.mgmt.qmxmdm1 ] 8. Click Submit. 9. Locate the certificate in the list of certificates and click Configure (on the right). 10. Click Configure under Production Push SSL Certificate. 11. Upload the certificate signing request (CSR), and then click Generate. 12. When the assistant is finished generating the certificate, click Continue. 13. Click Download. 14. Specify a location to download the certificate when prompted, then done. Installing the certificate on the QMX server 1. After you have copied the file to the Windows Server, go back to the Internet Information Services (IIS) Manager > Server Certificates and select Complete Certificate Request from the Actions menu on the right. This will open the Complete Certificate Request wizard. 2. Browse to the.pem file that was provided to you from the Apple Push Certificates Portal and enter a friendly name. a. *The friendly name is not part of the certificate itself, but is used by the server administrator to easily distinguish the certificate. Call it QMX MDM 3. Selecting OK will install the certificate to the server. You should now see the server listed in the Server Certificates section.

Configuration After installing QMX and configuring it for integration with SCCM the ios extension must be installed. The QMX MDM service requires configuration items to be supplied on the following screens in the QMX Configuration console. System Center > MDM Global Variables System Center > SCCM > SMS > ios > Global Variables These screens contain the documentation for each item. The WMI Service on the QMX System must be restarted after configuring the values. Note: You do not add devices manually or through discovery within the QMX config tool as you normally would with another extension type. Device enrollment does this for you. Extending the SCCM Managed Object Format (MOF) SCCM 2007: 1. Open and Copy the entire contents of the QMX ios extension file: <install location of SCCM>\eXc Software\WMI Providers\nonWindows\Virtual Agent Library\SMS\iOS\def_mof\SCCM 2007\QMX_iOS.mof 2. Edit SCCM directory file: <install location of SCCM>\Microsoft Configuration Manager\inboxes\clifiles.src\hinv\sms_def.mof a. Paste copied content to the end of the sms_def.mof 3. Restart the executive and component manager services. SCCM 2012: 1. Under Administration > Client Settings, right click and choose properties 2. Within the properties console, select Hardware Inventory, then click the button Set Classes 3. Within the Hardware Inventory Classes console, choose import, select the mof file from the ios extension directory: <install location of SCCM>\eXc Software\WMI Providers\nonWindows\Virtual Agent Library\SMS\iOS\def_mof\SCCM 2012\QMX_iOS.mof, and choose open, then import. You will see the new class definition with the defined properties 4. Choose ok to close all consoles

Network Topology Requirements SCCM Certificate Authority QMX Device Enrollment Service (MSCEP) SSL Port 2195 HTTPS HTTPS Apple Push Notification Service Mobile Device 1. Mobile devices need to have HTTPS access to the MSCEP server 2. Mobile devices need to have HTTPS access to the QMX server 3. The QMX server needs permission to make an outgoing SSL connection on port 2195

Device Enrollment Mobile ios devices can be enrolled in the QMX MDM service by browsing to the following URL: https://<external_qmx_host_name>/mdm/ Note: external_qmx_host_name is the host name of the QMX system that can be resolved externally by the device. They will be presented with the following screen: The user must select Trust MDM Service if the device does not already trust the certificate authority that issued the SSL certificate configured for the IIS SSL bindings. This will be the case if you are using an internal Certificate Authority. Once the MDM Service is trusted the User can select Enroll Device to enroll the device in the MDM Service. Once the device has been enrolled, the node will automatically be added to the QMX configuration tool under and registered with SCCM along with the asset data. Note: You must follow the section Extending the SCCM mof in order to prep SCCM for data integration. Self-Service Device Profiles The QMX MDM Service provides a repository for Self-Service ios Device Profiles. Profiles can be added to the repository located in the Virtual Agent Libray\MDM\Profiles directory of the QMX installation directory (typically Program Files\eXc Software\WMI Providers\nonWindows). Mobile devices can access this repository with the following URL: https://<external_qmx_host_name>/mdm/profiles ios Profile Installation using Software Distribution ios Profiles can be installed using the QMX SCCM Software Distribution process. This lets and administrator track the compliance of a profile distribution using SCCM reporting tools. The integrated QMX Software Distribution Wizard now supports a new ios Profile package type that can be used for this purpose. Currently the SCCM Distribution Point is the only distribution method supported.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information