• No results found

Prerequisites Guide for ios

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Prerequisites Guide for ios"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)
(2)
(3)

Prerequisites Guide for iOS

This document includes the following topics:

■ Overview

■ Apple Developer Membership Requirement

■ Prerequisites for Mobile Device Management

■ Prerequisites for Building the Athena MDM Agent

■ Prerequisites for Security

Overview

This guide contains prerequisite information for Mobile Device Management (MDM) of iOS Devices. Included are the required Apple Developer membership, inbound and outbound ports, certificates and provisioning profile that is used when developing an Athena MDM Agent, SCEP or identity certificates, APNS certificate for Mobile Device Management, and optional root, signing, and encryption certificates for security.

Apple Developer Membership Requirement

The following membership is required:

■ iOS Developer Enterprise Program membership- visit the following Web site to become a member:

http://developer.apple.com/programs/ios/enterprise

Prerequisites for Mobile Device Management

(4)

Microsoft SCEP Server or Identity Certificate(s)

■ Microsoft SCEP Server- allows devices to be authenticated automatically over-the-air by a certificate authority and receive a unique certificate for identification. For more information on configuring a SCEP Server on Windows Server 2003 and 2008, see the SCEP Server Setup Guide.

■ Identity Certificate(s)- while less secure, it is possible to manually generate one or more Identity Certificates through a certificate authority and then use them across all devices.

Apple Push Notification Certificate for MDM (MDM Certificate)

This certificate allows Athena to use the Apple Push Notification Service (APNS), which lets APNS notify iOS devices under management to communicate with it. For more information on acquiring an MDM Certificate, see the MDM Certificate

Guide For iOS.

Outbound TCP Ports

To communicate with Apple’s services, the following ports must be open for outbound connections over TCP:

■ 2195- must be open, outbound, on the server hosting the Odyssey APNS NT Service for communication with the Apple Push Notification Service.

■ 2196- must be open, outbound, on the server hosting the Odyssey APNS NT Service for communication with the Apple Push Notification Feedback Service.

■ 5223- must be open, outbound, on any network on which iOS devices are confined to a WLAN and unable to access cellular data networks. For a higher level of security, firewall rules can limit this port to the 17.0.0.0/8 address block which is assigned to Apple. 5223 can be left closed if all iOS devices being managed have access to a cellular data network.

Inbound TCP Port

For iOS devices to enroll with Odyssey Software's MDM Sync web service, the server hosting the service must be reachable by HTTP or HTTPS on some open port.

Prerequisites for Building the Athena MDM Agent

The following certificates and provisioning profile are required for building your own version of the Athena MDM Agent and distributing it in-house. This is only necessary if you do not plan to use the Athena MDM Agent offered in the Apple

Prerequisites Guide for iOS

Prerequisites for Building the Athena MDM Agent

(5)

App Store. For information on acquiring these prerequisites and building your own version of the Athena MDM Agent, see the Athena Agent Development Guide.

■ Developer Certificate- lets you sign the Athena MDM Agent under your own identity.

■ WWDR Intermediate Certificate- validates your Developer Certificate.

■ Apple Push Notification Certificate- authenticates Athena Services with the Apple Push Notification Service, allowing push notifications to be sent to the Athena MDM Agent.

■ APN-Configured Provisioning Profile for Distribution- lets you build the Athena MDM Agent while configuring it to accept Apple Push Notifications not related to Mobile Device Management.

Prerequisites for Security

The following are optional, but strongly recommended if security is a priority for your organization. iOS security is built on PKI (Public Key Infrastructure). For more information on acquiring and generating these security certificates, please see the Security Guide.

Root Certificate

The Root Certificate (from your certificate authority) must be placed onto iOS devices and on any machine running Athena Services if it is self-signed (in other words, created by you). If your Signing, Encryption, and Server Authentication Certificates are signed by a recognized commercial certificate authority (such as VeriSign), a Root Certificate is not required on either the iOS device or any machine running Athena Services.

Signing Certificates

Signing Certificates ensure the integrity of configuration profiles by preventing tampering. They are created from a Root Certificate through a certificate authority. Two Signing Certificates must be generated, one for iOS devices and one for any machine running Athena Services.

■ Signing Certificate with Private and Public Keys- placed on any machine running Athena Services, allowing machines to sign configuration profiles before they are sent to iOS devices.

■ Signing Certificate with Public Key- placed on all iOS devices, allowing devices to recognize and accept configuration profiles signed using the Signing Certificate with Private and Public Keys.

5 Prerequisites Guide for iOS

(6)

Encryption Certificates

Signing Certificates ensure the integrity of configuration profiles by preventing tampering. They are created from a Root Certificate through a certificate authority. Two Signing Certificates must be generated, one for iOS devices and one for any machine running Athena Services.

■ Signing Certificate with Private and Public Keys- placed on any machine running Athena Services, allowing machines to sign configuration profiles before they are sent to iOS devices.

■ Signing Certificate with Public Key- placed on all iOS devices, allowing devices to recognize and accept configuration profiles signed using the Signing Certificate with Private and Public Keys.

Encryption Certificates ensure that information inside of configuration profiles cannot be read by a third-party, and must be used in conjunction with Signing Certificates. Encryption Certificates are created from a Root Certificate through a certificate authority. Two Encryption Certificates must be generated, one for iOS devices and one for any machine running Athena Services.

■ Encryption Certificate with Private and Public Keys- placed on all iOS devices, allowing devices to decrypt and install configuration profiles encrypted using the Encryption Certificate with Public Key.

■ Encryption Certificate with Public Key- placed on any machine running Athena Services, allowing machines to encrypt configuration profiles before they are sent to iOS devices.

Server Authentication (SSL) Certificate

The Server Authentication Certificate is placed on any machine running Athena Services, and allows MDM commands to be encrypted and sent over HTTPS, preventing a third-party from reading the MDM commands. Server Authentication Certificates are created from a Root Certificate through a certificate authority. For sites with many machines on a single domain (e.g. multiple primary and secondary management points), it is possible to create a wild-card Server Authentication Certificate that can be installed on multiple machines.

Prerequisites Guide for iOS

Prerequisites for Security

References

Download now ( PDF - 6 Page - 117.95 KB )

Related documents

CONTROL_DIABETES_eBook_BY_Guru_Mann.pdf

[r]

Establishment of an Indirect Genetic Transformation Method for Arabidopsis thaliana ecotype Bangladesh

To determine the optimum conditions for Agrobacterium mediated transformation, we used different culture media such as inoculation media (1:1 amount of MS liqied medium and

A combined geomorphological and geophysical approach to characterising relict landslide hazard on the Jurassic Escarpments of Great Britain

another landslide shear zone exposed at river level at nearby East Arnecliff Wood. These data were 525 . not used directly but were used to inform an expert judgement based estimate

Bootstrap Mouseover Dropdown Menu Example

Like a dropdown you mouseover over one by using bootstrap dropdown menu of related menu item to the hover effects make a list.. Call were using bootstrap mouseover dropdown example

LJMU Research Online

Although DLT16am shows photometric features typically observed in Type II-P SNe (namely an extended plateau after max- imum, with a subsequent steep drop in magnitude around +80

Ergonomics Approach For Fashionable Apparel Design

Simple design. cotton fabric adequate to this model loosely pants support more freedom in movement .zipper in jacket and in pants allow ease of wearing .it is easy

Analysis of Foodstuff Price Volatility in Ghana: Implications for Food Security

The data used are monthly wholesale prices for maize, millet, and rice as reported by the Ghana Ministry of Food and Agriculture (MoFA) foodstuff price compilation

Estimated mortality of adult HIV-infected patients starting treatment with combination antiretroviral therapy

In this paper, we report on five regional cohorts with available patient-level data needed for estimation of mortality in adult HIV-infected patients starting ART: East, Southern