Parallels Mobile Device Managment 8.1 Installation Manual MDM 81 IG EN
User Manual: parallels Mobile Device Managment - 8.1 - Installation Manual Free User Guide for Parallels Mobile Software, Manual
Open the PDF directly: View PDF .
Page Count: 39
Download | |
Open PDF In Browser | View PDF |
Product Manual MDM On Premise Installation Version 8.1 Last Updated: 06/07/15 Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 632 0411 Fax: + 41 52 672 2010 www.parallels.com Copyright © 19992015 Parallels IP Holdings GmbH and its affiliates. All rights reserved. Parallels, 2X and the Parallels logo are trademarks or registered trademarks of Parallels IP Holdings GmbH in the United States and/or other countries. All other trademarks are the property of their respective owners. Microsoft, Windows, Windows Server, Windows NT, Windows Vista, and MSDOS are registered trademarks of Microsoft Corporation. Apple, Mac, the Mac logo, Mac OS, iPad, iPhone, iPod touch, FaceTime HD camera and iSight are trademarks of Apple Inc., registered in the US and other countries. Linux is a registered trademark of Linus Torvalds. All other marks and names mentioned herein may be trademarks of their respective owners. Version 8.1 – Last updated 6th July 2015 Manual Index Section 1 On Premise Edition Requirements and Installation 1. Introduction, Benefits & Editions Available 2. System Requirements. 3. Installing Mobile Device Manager On Premise Edition 4. Configuring Mobile Device Manager Section 2 Accounts & BackOffice 5. Creating the MDM Accounts 6. Accessing BackOffice Section 3 The Server User Interface 7. Using the Server User Interface System Requirements Prerequisites 1. A machine running Windows Server 2008 R2 64Bit, Windows Server 2012 64Bit or Windows Server 2012 R2 64Bit with Microsoft .NET Framework 4.5 and Internet Information Services (IIS) installed. 2. Access to an SMTP server to use to send emails (can be local or remote) 3. Microsoft SQL Server 2012 You are required to have a database instance installed either on the same machine running Mobile Device Management or on a different machine within your network. The SA (System Administrator) account needs to be enabled. SQL Server Reporting Services is required to be enabled. If using the Express edition of SQL Server, advanced features are required. 4. A digital certificate valid for the hosting domain signed by a trusted Certificate Authority. A SSL signed certificate from a company which provides digital certificates. This certificate should also support wildcard functionality. 5. Google Cloud Messaging API A Google account with Google Cloud Messaging API enabled is required. For more information on how to enable the GCM service and obtaining the Server API Key, please have a look at the following link: http://developer.android.com/google/gcm/gs.html 6. SMS Gateway account with CardBoard Fish . A HTTPS SMS account with CardBoard Fish is required for the messaging feature to work. More information can be found at the following link: http://www.cardboardfish.com/products/http_sms 7. Make sure that the following firewall ports are open and in the case of the incoming, preferably port forwarded to the MDM server IP as they are vital for communication between your devices and your MDM server: Apple Devices Running iOS: If you have any Apple devices you will also need to make sure that you have in addition to the above: 1. A Simple Certificate Enrollment Protocol (SCEP) A separate server running the SCEP service is required to issue digital certificates to iOS devices. This is vital if you want to manage iOS devices via the MDM portal. The service should also be configured to run using singlepassword mode. More information can be found at the following link: http://social.technet.microsoft.com/wiki/contents/articles/9063.networkdeviceenrollmentser vicendesinactivedirectorycertificateservicesadcs.aspx 2. An Apple Enterprise Account An Apple Enterprise Account is required in order to obtain the necessary MDM Vendor Certificate provided by Apple in a .pem format. More information can be found at the following link: h ttps://developer.apple.com/programs/ios/enterprise/ IMPORTANT NOTE: All Certificates should be located in a folder that grants full access at least to the IIS users group (IIS_IUSRS) and SYSTEM. It is also highly recommended that all certificates are saved on a physical drive connected to the MDM Server machine (ex. under the C :\ directory). Installing Mobile Device Management On Premise Edition Introduction Before you can manage your devices using MDM you first have to install and configure the On Premise edition on your server machine. Before doing so, first check whether your machine complies with the minimum hardware specifications (see System Requirements) . Once confirmed, download the Mobile Device Management On Premise edition setup file from here: http://www.2x.com/mdm/downloadlinks/ Setup and File Installation 1. Double click the Mobile Device Management setup file to begin the installation. Confirm the machine which Mobile Device Management is going to run on meets the system requirements and click “Next” to continue. 2. Subsequently, review the EndUser License Agreement, and click next to continue. Note that you must accept the terms in order to continue the installation. 3. You will then be prompted to define the path where the installation folder will be created. Alternatively, click on the browse button to change the directory if needed. 4. Click ‘Install’ to confirm the previous steps and start the installation process. 5. Once setup starts the file installation process, you shall be prompted to install ‘Microsoft SQL Server System CLR Types’. Click on the ‘Next’ button to proceed. Note that you must accept the terms in order to continue the installation. Note : You will not be prompted to install this component if it is already available. 6. Further define the machine administrator and company name, click ‘Next’ and subsequently ‘Install’ to confirm and start the installation process. The installation process shall complete and the Mobile Device Management On Premise edition installed on your server machine. Configuring Mobile Device Management Introduction After the file installation is completed, the MDM Install Wizard will start up and guide you through the necessary stages needed to configure your newly installed MDM On Premise edition service. There are a total of 9 settings to be configured. Certificate Configuration 1. In this part of the installation and configuration wizard fill in the following fields: Server Address: Enter your MDM server FQDN here (Example mdm.company.com). If you already have a PFX certificate available, proceed to configure the below: ● Certificate (PFX Format): Define the path where the PFX file is stored. ● Certificate password: Enter the certificate password. ● If you require to generate a PFX certificate from scratch, enable the ‘I do not have a PFX Certificate’ checkbox and further configure: ● ● ● ● ● Certificate: Select your SSL certificate obtained by a Certificate Authority (CA) company. The file should end with a .pem extension*. Root Certificate: Select the Root Certificate file obtained by a Certificate Authority (CA) company. The file should end with a .cer extension. Private Key: Select the Private Key you were provided with by your Certificate Authority (CA) company. The file should end with a .pem extension. Private Key Password: Insert the password used during the generation of your Private Key. Export Password: The password to be used for the new PFX file * Signed digital certificate must support wildcards. Database Configuration 2. In the Database Settings dialog window, fill in the following: ● ● Location: Specify the IP address of the machine hosting your SQL database. If the database is located on the same machine you are installing Mobile Device Management, you can also use localhost. Password: Fill in the password of your SA database account. Note: Click ‘Test Connection’ to confirm the MDM server is able to connect to the configured database. 3. During this process the installer will start performing the following operations: ● ● Generate the PFX certificate. Create the database users. Email Configuration 4. Next, you shall be requested to fill in the Email Settings to be used by MDM. ● ● ● ● ● ● SMTP Server: Fill in the SMTP server to be used. Port: Fill in the port number to be used for sending out emails. Email: Fill in the email address that you want to be shown when emails are sent out. Username: Fill in the username to be used if the mail server requires authentication. Password: Password for the username provided if the mail server requires authentication. Use Secure Connection: Tick this box if your SMTP server requires an SSL connection. SMS Settings Configuration 5. In the next page you are requested to fill in the SMS Settings provided to you by CardBoard Fish. CardBoardFish is an online service that provides, high quality, reliable, and low cost SMS delivery services. This step is necessary in order to be able to send out SMS’s for features such as the Lock & Wipe function: ● SMS Username: Fill in the username obtained from CardBoard Fish. ● SMS Password : Fill in the password for your CardBoard Fish account. iOS Settings Configuration 6. Next, you will be asked to fill in the iOS settings obtained from your SCEP server in order for iOS devices to be able to connect and communicate with your MDM server: ● SCEP Server URL: The URL pointing to your certificate SCEP server. ● Challenge Password: Input the challenge password generated by your certificate SCEP server. ● MDM Vendor Certificate Path: Select the path to the certificate provided to you by Apple. ● MDM Vendor Private Key Path: Select the path to the private key previously generated to obtain the certificate by Apple. ● MDM Vendor Private Key Password: Insert the password of your Private Key. ● MDM Vendor Export Password: Define the password for the Apple certificate which will be generated. * Signed digital certificate must support wildcards Google Messaging Settings 7. In the next dialog window you are asked to fill in the GCM settings obtained from your Google Cloud Messaging project. This is used to send PUSH notifications to Android devices. ● Project Number/ GCM API Key: Insert the Project Number obtained by the Google Cloud Messaging project. ● API Key/ GCM Project Id: Insert the API Key obtained by the Google Cloud Messaging project. Note: The GCM Project Id is also known as the P roject Number . Extract this number from the Google Developers Console > API Project > Overview > Project Number (Top Left Corner) as shown below. BackOffice Account Configuration 8. After that, you will be asked to fill out the details for the admin account to access the Mobile Device Management BackOffice. ● Name, Surname: Insert the administrator’s name and surname. ● Email: Insert the administrator’s email address. ● Username: The username that will be used by the admin to log into BackOffice. ● Password: The password that will be used by the administrator to log into BackOffice. ● Confirm Password: R einsert the password to be used by the admin to log into Back Office. SQL Server Reporting Service Configuration 9. Next, you will be asked to enter SSRS settings required by setup to deploy SSRS configuration for MDM and also generate reports. Upon completion click ‘Next’ to initialise final setup. ● Web Service URL : The URL pointing toward your Reporting Services endpoint. Portal User credentials are required to authenticate connections from the MDM portal when generating reports. If the SQL Server Reporting Services (SSRS) is not installed on the same server that MDM setup is running on, enable the “Portal User Credentials” checkbox and configure the below: ● User Login and Password: Enter Windows credentials that are configured in SSRS with browser permissions. Note : If Setup is running on the same machine SSRS will automatically be configured to authenticate credentials from the MDM portal. Administrator credentials are required to deploy MDM report configuration to SSRS. If the administrator you are currently logged in with does not have administrator privileges and content management rights in SSRS, enable “Use the credentials below”: ● Administrator Login Name and Password: Enter Windows account credentials configured with administrator privileges and content management rights in SSRS. Note : If setup is running on the same machine as SSRS, administrator rights are automatically authenticated. 10. Finalise the installation by clicking finish and optionally select to launch Mobile Device Management upon completion. Creating the MDM Accounts Introduction After completing the file and the server configuration you will need to create an account on which your devices will be registered on. Setting Up Your Account 1. You may now set up your Mobile Device Management account: 1. Go to https:///signup 2. Specify an account name. You will use this account name to enroll mobile devices and to log in to your On Premise MDM portal. 3. Specify your name and email. 4. Specify and confirm a password (to login to the account). 5. Read the Terms of Service document. 6. Enter the CAPTCHA and click Sign up. 7. Activate your account by clicking on the link included in the welcome email sent to you. 8. You can now logon to the portal by specifying your account name, email and password at: https:// /Admin/Login/LogOnActivate 2. You are now able to access the Mobile Device Management administration pages through the following URL’s: ● ● ● https:// /signup Used to create accounts in order to further assign and manage your devices. https:// Used to log into your account, assign devices and further manage them. https:// /backoffice Used to log into the backend of the system and manage the accounts and change system configuration settings. Accessing BackOffice Accessing and Configuring Your BackOffice 1. To access the BackOffice of your MDM system, you need to access: https:// /backoffice 2. Fill in the Username and Password provided previously in step 8 of chapter 4 (Configuring Mobile Device Manager) to access your BackOffice. 3. From the BackOffice you can add additional users, assign them permissions to perform the actions below and even specify IP’s that BackOffice access is allowed from per user: ● Account You can view, disable, enable, delete or administer existing accounts created through the https:// /signup ● Administration You can view, add and delete users and groups which can access this Mobile Device Management BackOffice Portal. Add a BackOffice User To add a user and assign the permissions discussed in the step 3, click “Add” and configure the below: ● Basic Information : Fill in user details such as name, surname, email address and the username and password used to access BackOffice. ● Access Locations : Select IP’s (added from ‘Access Locations’) the user is able to access BackOffice from or allow access from all. ● Permission Groups : Select the Group (added from the ‘Groups’) this user will inherit permissions from. ● Custom Permissions : Enable the Custom permissions below to the user: ○ Manage Accounts : User can view, disable, enable, delete or administer existing accounts. ○ Manage Support Users : User can view, add and delete users and groups which can access this Mobile Device Management BackOffice Portal and even specify the Access Location IP’s. In addition, ‘Dashboard’ displays the total number of activated accounts, inactive accounts, devices currently connected and devices currently registered on the system, ‘Groups’ allows you to add new or already existing groups and from ‘Access Locations’, specify IP’s that BackOffice access is allowed from. Note : Groups and Access Locations specified will show up on new users configuration window. Reports The Parallels 2X backoffice provides reports via the reports node: ● MDM Device Transactions this report provides an overview of activity between the MDM server and devices on all accounts including the ID or unique command identifier, the textual description of the command, the amount of these commands sent, the commands which were processed by the device and the overall percentage of pushed vs serviced commands. ● MDM Server Activity presents inventorial data about devices connected to the MDM server from all accounts. Information produced in this report include total active devices by operating system, total active accounts, number of new signups, account signups by source (Play Store, Website etc.), new accounts activity (number of accounts categorized by number of devices enrolled), total active devices by operating system version, total active devices by client version. Each report can also be exported and downloaded in the following formats: CSV, PDF, MHTML, Excel, Word and TIFF. Note: The Reporting node requires that SSRS is configured from the Server User Interface > Reports. Managing the Server User Interface The Parallels 2X MDM On Premise Edition installation has successfully completed, MDM accounts created and devices connected. The backend of Parallels 2X MDM, also known as the 'Server User Interface' consists of 10 tabs used to monitor, maintain and update MDM configuration and processes configured during the installation process including a few additional options. Access the Server User Interface from the server Parallels 2X MDM is installed on > click the 2X MDM Program Group > click ‘2X MDM Server'. 1. Status Tab The Status tab lists the Parallels 2X MDM services, how long they have been running for and also allows for each individual service to be stopped and then started again: ● Device Server: Handles all communication between devices and the MDM Server. ● Background Services: Handles tasks which include email notification, SMS messaging, Push notifications etc.(Review 2. Status Tab for full description) ● Bridge Server: Handles Remote Control sessions via internet connection The server logs listed are extracted from the Windows Event logs and are useful for investigating behavior on the system. 2. Services Tab From this tab, select to disable any of the services described in the “Status Tab”. In addition you can also disable any of the background tasks performed by Parallels 2X MDM Background Services below: ● Email Sending Service : Enables the mailer thread that sends out Email notifications ● SMS Sending Service : Enables sending of SMS messages to devices ● Push Sending Service : Enables sending of Push notifications to devices ● iOS/ Android Device Wakeup : Sends push notifications to Android/ iOS devices to recreate a new session when the current session timeout is reached ● Client Offline Alert Service : Notifies administrators when a device has reached its offline alert configuration ● iOS App Refresh : Performs daily checks of applications iOS devices must install and uninstall since the last check was peformed 3. Settings Tab The settings tab consists of configuration options required for connectivity between the devices and the server running the Parallels 2X MDM Service. The server address and certificate settings configured during the installation process may also be updated from here. From the General section you can adjust the options below: ● Server Address : The MDM server FQDN (Example mdm.company.com). ● Listening Port : The port used for devices to connect to the MDM server ● Minimum log level : Set the level of logging displayed on the Status tab ● Data Folder : The folder where MDM account data is stored Optionally Enable Load Balancing Support to specify the URL used to access the MDM portal and the Subdomain URL that devices connect to: ● Portal Address : The URL pointing toward the server running the Parallels 2X MDM Service ● MDM Service Address : The subdomain URL pointing toward the server running the Parallels 2X MDM service From the Bridge Server section, adjust the bridge server options below: ● HTTP Port : The port the browser connects through when using Remote Control ● Devices Port : The port devices connect through when Remote Control is enabled ● Max Connections : The number of Remote Control sessions allowed simultaneously ● Minimum log level : Set the level of logging displayed on the Status tab From the SSL Certificate section, you can adjust the certificate settings configured during the installation process: ● Certificate (PFX Format): Define the path where the PFX file obtained by a Certificate Authority (CA) is stored ● ● Root Certificate: Select the Root Certificate file obtained by a Certificate Authority (CA) company. The file should end with a .cer extension Certificate password: Enter the certificate password 4. Database Tab From here, configure settings required for the connection between your database and Parallels 2X MDM Service. From the General section configure the below: ● Server : Specify the IP address of the machine hosting your SQL database. If the database is located on the same machine you have installed Mobile Device Management on, you can also use localhost. Connection Pooling is a cache of database connections maintained so that the connections can be reused when future requests to the database are made. If enabled, you can also adjust both the minimum and maximum connection pool size The Roles section allows you to adjust the below roles configured during setup: ● Administrator : Username and Password of administrator account used to connect to the database ● Device :Username and Password for users created during setup process ● Common :Username and Password that can access and update all of the mdm tables ● Signup :Username and Password used to create MDM accounts ● Portal :Username and Password used to access the MDM portal ● Reports :Username and Password used by the reporting server to connect to the MDM database 5. Map Tab Next, the Map tab allows you to configure which maps provider location updates will be resolved to and displayed on from the MDM portal. Select the map provider you have registered with from the Provider d ropdown and enter the related API key in the Provider API Key text field. If Bing maps is selected, optionally also enable the ‘Use Microsoft Maps Background resolver service’ to resolve location points without an address. 6. Messaging Tab This tab consists of settings required for both STMP and SMS message notifications to be sent by Parallels 2X MDM. These settings were configured during setup. From the SMTP Settings section you can adjust the settings below: ● Server: The SMTP server IP address or FQDNto be used. ● Port: The port number to be used for sending out emails. ● Email: The email address that you want to be shown when emails are sent out. ● Username: The username to be used if the mail server requires authentication. ● Password: Password for the username provided if the mail server requires authentication. ● Use Secure Connection: Tick this box if your SMTP server requires an SSL connection. From the SMS Settings section configure the below: ● Username: Fill in the username obtained from CardBoard Fish. ● Password : Fill in the password for your CardBoard Fish account. 7. Android Tab For MDM to communicate with GCM and send PUSH notifications to Android devices, configure or update the configuration options below: ● Project Number: The project number obtained by the Google Cloud Messaging project. ● API Key: The API Key obtained by the Google Cloud Messaging project. 8. iOS Tab Similarly, for iOS devices to be able to connect and communicate with your MDM server, configure or update the SCEP server configuration options below: ● SCEP Server URL: The URL pointing to your certificate SCEP server. ● Challenge Password: The challenge password generated by your certificate SCEP server. ● MDM Vendor PFX Path: Select the path to the certificate provided to you by Apple. ● Vendor Password: The Apple Certificate password 9. AppFabric Tab Parallels 2X MDM uses AppFabric to distribute shared cache to multiple OnPremise installations of MDM. Enable AppFabric if you are hosting MDM on multiple servers. This way you can scale for different services running on different servers to share information via AppFabric. Enable the ‘Use AppFabric’ checkbox, click ‘Add’ and configure the options below: ● Server Address : Server hostname to be used for AppFabric caching to store sessions of the MDM server ● Port : The port used to store sessions of the MDM server 10. Reporting Tab You can alter the configuration options defined during the setup process used both to deploy and generate reports. The configuration options are listed below: ● Web Service URL : The URL pointing toward your Reporting Services endpoint. ● Reporting Access: Toggle the reporting feature for the back office and admin portal. ● Portal User Login and Password: Enter Windows credentials that are configured in SSRS with browser permissions. ● Administrator Login Name and Password: Enter Windows credentials configured with administrator privileges and content management rights in SSRS. The Advanced button allows you to define the database that will be used to generate reports. The Override Reporting Data Source option is typically enabled when the mdm database that reports will be generated with is mirrored on another server. If required, enable this feature and configure the below: ● Database Server : Specify the IP address of the machine hosting the mirrored SQL database ● Database Name : Specify the mirrored database name ● Database Username and Password : Mirrored Database credentials ● Show message in reports node : Set the value in hours equal to the mirrored database update interval used to alert administrators in the portal that report data may be as old as the value set. Note : Setting the reporting Data Source to a mirrored mdm database takes load off the live database. 11. Data Purging Lastly, data purging settings allow you to configure the amount of time data is retained for before being deleted from the MDM Server. You are able to control any data retention period of the data types below: ● Call History ● Session History ● Location History ● Data Usage ● Actions ● Retired Devices ● Alerts
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : No Producer : PDFill: Free PDF Writer and Tools Modify Date : 2015:07:08 10:55:48+02:00 Create Date : 2015:07:08 10:55:48+02:00 Page Count : 39EXIF Metadata provided by EXIF.tools