Page tree
Skip to end of metadata
Go to start of metadata

Introduction

Requirements and guide for deploying the Mobile Device Mamagement (MDM) service.

 Requirements

  • To secure your MDM communication you need a SSL/TLS certificate issued to the domain where the MDM server resides. 
  • Certificate handling in CapaInstaller describes how to secure your communications with a certificate



 Service Deployment

Make sure the server set to host the service is reachable on the network by the The Operator Computer.

 How to deploy a CapaInstaller Service
  • In System Administration expand Services and right click the service type to deploy
  • Prerequisite check - Make sure that the required prerequisites are met. If they are not, you are able to click the status link to install the missing requirements.
  • Input target computer for the service
  • Input Public URL and port
  • Configure the service specific options


Below example: Deploying the CapaInstaller OSD service



 MDM Service configuration options

 Configuration settings for the MDM service...


 


Service configurationDescription
URL

The url and port the service listen on.

Organization NameOrganization name displayed on managed devices
SCEP ServiceThe SCEP service used to enroll devices
Defaults to same server as the target server
Front-end ServiceThe Front-end service used to deliver agent data too.
Back-end ServiceThe Back-end Service used to require entities from the database

Transfer Encryption Certificate

Certificate to secure CapaInstaller service communication
Apple Push Certificate

Certificate to enable data communication with the Apple Cloud

User Agreement

Text presented to a normal user when enrolling the device
Operator AgreementText presented to an operator when enrolling the device


On the Agreements tab, you can change the User and Operator agreements.


 Offline service deployment

For services planned to be hosted on a server unreachable by the The Operator Computer... (e.g. in a DMZ zone or similar) offline deployment via the Back-end service can be used.


Below is a description, with examples showing an offline deployment.

 Offline deployment method...
  • Input target computer for the service and check Enable offline installation
  • Log in as administrator on the target computer

  • Open a browser and check that the browser is in a state where downloads are allowed.

  • Insert URL to the Back-end service appending /Install and fqdn=The target computers DNS name

    http://<ciBackendServer>:<port>/ciBackend/Install?fqdn=<fqdn>
  • Microsoft .NET Framework 3.5 is a prerequisite - if .NET3.5 is not available on the server Click the link to install
  • Click Install the Service -  The installer executable file will be downloaded
  • Execute the downloaded installer file


 Configuring or Updating a Certificate

 Click here to expand...

When a signed certificate is imported correctly into the Windows Personal Certificate Store, adding it to a CapaInstaller service is simple.

Example: Adding a certificate to the Mobile Device Management (MDM) Service


  • Locate the Service in System Administration. Right Click.
  • In the Service Settings > Configuration tab, locate the certificate type you want to add or update
  • Click the browse button to browse the local personal certificate store and select the correct certificate


If you are not managing certificates for your organization and have recived the certificate details in an e-mail or the like just paste the domain name and thumbprint into the dialog.

 Click here to expand...

Test of video

  • No labels