Parallels Mobile Device Managment 8.1 Installation Manual MDM 81 IG EN

User Manual: parallels Mobile Device Managment - 8.1 - Installation Manual Free User Guide for Parallels Mobile Software, Manual

Open the PDF directly: View PDF .
Page Count: 39

Download
Open PDF In Browser	View PDF

Product Manual
MDM On Premise Installation
Version 8.1
Last Updated: 06/07/15

Parallels IP Holdings GmbH
Vordergasse 59
8200 Schaffhausen
Switzerland
Tel: + 41 52 632 0411
Fax: + 41 52 672 2010
www.parallels.com
Copyright © 1999­2015 Parallels IP Holdings GmbH and its affiliates. All rights reserved.
Parallels, 2X and the Parallels logo are trademarks or registered trademarks of Parallels IP Holdings
GmbH in the United States and/or other countries. All other trademarks are the property of their
respective owners.
Microsoft, Windows, Windows Server, Windows NT, Windows Vista, and MS­DOS are registered
trademarks of Microsoft Corporation.
Apple, Mac, the Mac logo, Mac OS, iPad, iPhone, iPod touch, FaceTime HD camera and iSight are
trademarks of Apple Inc., registered in the US and other countries.
Linux is a registered trademark of Linus Torvalds.
All other marks and names mentioned herein may be trademarks of their respective owners.

Version 8.1 – Last updated 6th July 2015

Manual Index
Section 1 ­ On Premise Edition Requirements and Installation
1. Introduction, Benefits & Editions Available
2. System Requirements.
3. Installing Mobile Device Manager On Premise Edition
4. Configuring Mobile Device Manager

Section 2 ­ Accounts & BackOffice
5. Creating the MDM Accounts
6. Accessing BackOffice

Section 3 ­ The Server User Interface
7. Using the Server User Interface

System Requirements
Prerequisites
1. A machine running Windows Server 2008 R2 64­Bit, Windows Server 2012 64­Bit or
Windows Server 2012 R2 64­Bit with Microsoft .NET Framework 4.5 and Internet Information
Services (IIS) installed.
2. Access to an SMTP server to use to send emails (can be local or remote)
3. Microsoft SQL Server 2012 ​
­ You are required to have a database instance installed either
on the same machine running Mobile Device Management or on a different machine within
your network. The SA (System Administrator) account needs to be enabled. SQL Server
Reporting Services is required to be enabled. If using the Express edition of SQL Server,
advanced features are required.
4. A digital certificate valid for the hosting domain signed by a trusted Certificate Authority. A
SSL signed certificate from a company which provides digital certificates. This certificate
should also support wildcard functionality.
5. Google Cloud Messaging API​
­ A Google account with Google Cloud Messaging API
enabled is required. For more information on how to enable the GCM service and obtaining
the Server API Key, please have a look at the following link:
http://developer.android.com/google/gcm/gs.html
6. SMS Gateway account with CardBoard Fish​
. ­ A HTTPS SMS account with CardBoard
Fish is required for the messaging feature to work. More information can be found at the
following link: ​
http://www.cardboardfish.com/products/http_sms
7. Make sure that the following firewall ports are open and in the case of the incoming,
preferably port forwarded to the MDM server IP as they are vital for communication between
your devices and your MDM server:

Apple Devices Running iOS:
If you have any Apple devices you will also need to make sure that you have in addition to the
above:
1. A Simple Certificate Enrollment Protocol (SCEP)​
­ A separate server running the SCEP
service is required to issue digital certificates to iOS devices. This is vital if you want to
manage iOS devices via the MDM portal. The service should also be configured to run using
single­password mode. More information can be found at the following link:

http://social.technet.microsoft.com/wiki/contents/articles/9063.network­device­enrollment­ser
vice­ndes­in­active­directory­certificate­services­ad­cs.aspx
2. An Apple Enterprise Account​
­ An Apple Enterprise Account is required in order to obtain
the necessary MDM Vendor Certificate provided by Apple in a .pem format. More information
can be found at the following link: h
​ttps://developer.apple.com/programs/ios/enterprise/
IMPORTANT NOTE:​
All Certificates should be located in a folder that grants full access at least to
the IIS users group (IIS_IUSRS) and SYSTEM. It is also highly recommended that all certificates
are saved on a physical drive connected to the MDM Server machine (ex. under the C
​:\ directory).

Installing Mobile Device Management On Premise Edition
Introduction
Before you can manage your devices using MDM you first have to install and configure the On
Premise edition on your server machine. Before doing so, first check whether your machine
complies with the minimum hardware specifications (see System Requirements) . Once confirmed,
download the Mobile Device Management On Premise edition setup file from here:
http://www.2x.com/mdm/downloadlinks/

Setup and File Installation

1. Double click the Mobile Device Management setup file to begin the installation. Confirm the
machine which Mobile Device Management is going to run on meets the system
requirements and click “Next” to continue.

2. Subsequently, review the End­User License Agreement, and click next to continue. Note that
you must accept the terms in order to continue the installation.

3. You will then be prompted to define the path where the installation folder will be created.
Alternatively, click on the browse button to change the directory if needed.

4. Click ‘Install’ to confirm the previous steps and start the installation process.

5. Once setup starts the file installation process, you shall be prompted to install ‘Microsoft SQL
Server System CLR Types’. Click on the ‘Next’ button to proceed. Note that you must accept
the terms in order to continue the installation.
Note​
: You will not be prompted to install this component if it is already available.

6. Further define the machine administrator and company name, click ‘Next’ and subsequently
‘Install’ to confirm and start the installation process.
The installation process shall complete and the Mobile Device Management On Premise edition
installed on your server machine.

Configuring Mobile Device Management
Introduction
After the file installation is completed, the MDM Install Wizard will start up and guide you through the
necessary stages needed to configure your newly installed MDM On Premise edition service. There
are a total of 9 settings to be configured.

Certificate Configuration

1. In this part of the installation and configuration wizard fill in the following fields:
Server Address: ​
Enter your MDM server FQDN here (Example ­
mdm.company.com).
If you already have a PFX certificate available, proceed to configure the below:
● Certificate (PFX Format):​
Define the path where the PFX file is stored.
● Certificate password:​
Enter the certificate password.
●

If you require to generate a PFX certificate from scratch, enable the ‘I do not have a PFX Certificate’
checkbox and further configure:
●
●
●
●
●

Certificate: ​
Select your SSL certificate obtained by a Certificate Authority (CA)
company. The file should end with a .pem extension*.
Root Certificate: ​
Select the Root Certificate file obtained by a Certificate Authority
(CA) company. The file should end with a .cer extension.
Private Key:​
Select the Private Key you were provided with by your Certificate
Authority (CA) company. The file should end with a .pem extension.
Private Key Password:​
Insert the password used during the generation of your
Private Key.
Export Password:​
The password to be used for the new PFX file

* Signed digital certificate must support wildcards.

Database Configuration

2. In the Database Settings dialog window, fill in the following:
●

●

Location: ​
Specify the IP address of the machine hosting your SQL database. If the
database is located on the same machine you are installing Mobile Device
Management, you can also use localhost.
Password: ​
Fill in the password of your SA database account.

Note:​
Click ‘Test Connection’ to confirm the MDM server is able to connect to the configured
database.

3. During this process the installer will start performing the following operations:
●
●

Generate the PFX certificate.
Create the database users.

Email Configuration

4. Next, you shall be requested to fill in the Email Settings to be used by MDM.
●
●
●
●
●
●

SMTP Server:​
Fill in the SMTP server to be used.
Port:​
Fill in the port number to be used for sending out emails.
Email:​
Fill in the email address that you want to be shown when emails are sent out.
Username:​
Fill in the username to be used if the mail server requires authentication.
Password:​
Password for the username provided if the mail server requires
authentication.
Use Secure Connection:​
Tick this box if your SMTP server requires an SSL
connection.

SMS Settings Configuration

5. In the next page you are requested to fill in the SMS Settings provided to you by CardBoard
Fish. CardBoardFish is an online service that provides, high quality, reliable, and low cost
SMS delivery services. This step is necessary in order to be able to send out SMS’s for
features such as the Lock & Wipe function:
● SMS Username:​
Fill in the username obtained from CardBoard Fish.
● SMS Password​
: Fill in the password for your CardBoard Fish account.

iOS Settings Configuration

6. Next, you will be asked to fill in the iOS settings obtained from your SCEP server in order for
iOS devices to be able to connect and communicate with your MDM server:
● SCEP Server URL:​
The URL pointing to your certificate SCEP server.
● Challenge Password:​
Input the challenge password generated by your certificate
SCEP server.
● MDM Vendor Certificate Path: ​
Select the path to the certificate provided to you by
Apple.
● MDM Vendor Private Key Path:​
Select the path to the private key previously
generated to obtain the certificate by Apple.
● MDM Vendor Private Key Password:​
Insert the password of your Private Key.
● MDM Vendor Export Password:​
Define the password for the Apple certificate which
will be generated.

* Signed digital certificate must support wildcards

Google Messaging Settings

7. In the next dialog window you are asked to fill in the GCM settings obtained from your
Google Cloud Messaging project. This is used to send PUSH notifications to Android
devices.
● Project Number/ GCM API Key: ​
Insert the Project Number obtained by the Google
Cloud Messaging project.
● API Key/ GCM Project Id:​
Insert the API Key obtained by the Google Cloud
Messaging project.
Note:​
The ​
GCM Project Id​
is also known as the P
​roject Number​
. Extract this number from the
Google Developers Console > API Project > Overview > ​
Project Number​
(Top Left Corner) as
shown below.

BackOffice Account Configuration

8. After that, you will be asked to fill out the details for the admin account to access the Mobile
Device Management BackOffice.
● Name, Surname: ​
Insert the administrator’s name and surname.
● Email:​
Insert the administrator’s email address.
● Username: ​
The username that will be used by the admin to log into BackOffice.
● Password: ​
The password that will be used by the administrator to log into
BackOffice.
● Confirm Password: R
​e­insert the password to be used by the admin to log into Back
Office.

SQL Server Reporting Service Configuration

9. Next, you will be asked to enter SSRS settings required by setup to deploy SSRS
configuration for MDM and also generate reports. Upon completion click ‘Next’ to initialise
final setup.
● Web Service URL​
: The URL pointing toward your Reporting Services end­point.

Portal User credentials are required to authenticate connections from the MDM portal when
generating reports. If the SQL Server Reporting Services (SSRS) is not installed on the same server
that MDM setup is running on, enable the “Portal User Credentials” checkbox and configure the
below:
● User Login and Password:​
Enter Windows credentials that are configured in SSRS with
browser permissions.
Note​
: If Setup is running on the same machine SSRS will automatically be configured to
authenticate credentials from the MDM portal.

Administrator credentials are required to deploy MDM report configuration to SSRS. If the
administrator you are currently logged in with does not have administrator privileges and content
management rights in SSRS, enable “Use the credentials below”:
● Administrator Login Name and Password: ​
Enter Windows account credentials configured
with administrator privileges and content management rights in SSRS.
Note​
: If setup is running on the same machine as SSRS, administrator rights are automatically
authenticated.

10. Finalise the installation by clicking finish and optionally select to launch Mobile Device
Management upon completion.

Creating the MDM Accounts
Introduction
After completing the file and the server configuration you will need to create an account on which
your devices will be registered on.

Setting Up Your Account

1. ​
You may now set up your Mobile Device Management account:
1. Go to ​
https:///signup
2. Specify an account name. You will use this account name to enroll mobile devices
and to log in to your On Premise MDM portal.
3. Specify your name and email.
4. Specify and confirm a password (to login to the account).
5. Read the Terms of Service document.
6. Enter the CAPTCHA and click Sign up.
7. Activate your account by clicking on the link included in the welcome email sent to
you.
8. You can now logon to the portal by specifying your account name, email and
password at: ​
https:///Admin/Login/LogOnActivate

2. ​
You are now able to access the Mobile Device Management administration pages through
the following URL’s:
●
●
●

https:///signup ­​Used to create accounts in order to further
assign and manage your devices.
https://​
­ Used to log into your account, assign devices and
further manage them.
https:///backoffice ­​Used to log into the backend of the
system and manage the accounts and change system configuration settings.

Accessing BackOffice
Accessing and Configuring Your BackOffice

1. To access the BackOffice of your MDM system, you need to access:
https:///backoffice
2. Fill in the Username and Password provided previously in step 8 of chapter 4 (Configuring
Mobile Device Manager) to access your BackOffice.

3. From the BackOffice you can add additional users, assign them permissions to perform the
actions below and even specify IP’s that BackOffice access is allowed from per user:
● Account​
­ You can view, disable, enable, delete or administer existing accounts
created through the https:///signup
● Administration ​
­ You can view, add and delete users and groups which can access
this Mobile Device Management BackOffice Portal.

Add a BackOffice User

To add a user and assign the permissions discussed in the step 3, click “Add” and configure the
below:
● Basic Information​
: Fill in user details such as name, surname, email address and the
username and password used to access BackOffice.
● Access Locations​
: Select IP’s (added from ‘Access Locations’) the user is able to access
BackOffice from or allow access from all.
● Permission Groups​
: Select the Group (added from the ‘Groups’) this user will inherit
permissions from.
● Custom Permissions​
: Enable the Custom permissions below to the user:
○ Manage Accounts​
: User can view, disable, enable, delete or administer existing
accounts.
○ Manage Support Users​
: User can view, add and delete users and groups which can
access this Mobile Device Management BackOffice Portal and even specify the
Access Location IP’s.
In addition, ‘Dashboard’ displays the total number of activated accounts, inactive accounts, devices
currently connected and devices currently registered on the system, ‘Groups’ allows you to add new
or already existing groups and from ‘Access Locations’, specify IP’s that BackOffice access is
allowed from.
Note​
: Groups and Access Locations specified will show up on new users configuration window.

Reports

The Parallels 2X backoffice provides reports via the reports node:
● MDM Device Transactions​
­ this report provides an overview of activity between the MDM
server and devices on all accounts including the ID or unique command identifier, the textual
description of the command, the amount of these commands sent, the commands which
were processed by the device and the overall percentage of pushed vs serviced commands.
● MDM Server Activity​
­ presents inventorial data about devices connected to the MDM
server from all accounts. Information produced in this report include total active devices by
operating system, total active accounts, number of new signups, account signups by source
(Play Store, Website etc.), new accounts activity (number of accounts categorized by
number of devices enrolled), total active devices by operating system version, total active
devices by client version.
Each report can also be exported and downloaded in the following formats: CSV, PDF, MHTML,
Excel, Word and TIFF.
Note:​
The Reporting node requires that SSRS is configured from the Server User Interface >
Reports.

Managing the Server User Interface
The Parallels 2X MDM On Premise Edition installation has successfully completed, MDM accounts
created and devices connected.
The backend of Parallels 2X MDM, also known as the 'Server User Interface' consists of 10 tabs
used to monitor, maintain and update MDM configuration and processes configured during the
installation process including a few additional options.
Access the Server User Interface from the server Parallels 2X MDM is installed on > click the 2X
MDM Program Group > click ‘2X MDM Server'.

1. Status Tab

The Status tab lists the Parallels 2X MDM services, how long they have been running for and also
allows for each individual service to be stopped and then started again:
● Device Server: ​
Handles all communication between devices and the MDM Server.
● Background Services: ​
Handles tasks which include email notification, SMS messaging,
Push notifications etc.(Review 2. Status Tab for full description)
● Bridge Server:​
Handles Remote Control sessions via internet connection
The server logs listed are extracted from the Windows Event logs and are useful for investigating
behavior on the system.

2. Services Tab

From this tab, select to disable any of the services described in the “Status Tab”. In addition you can
also disable any of the background tasks performed by Parallels 2X MDM Background Services
below:
● Email Sending Service​
: Enables the mailer thread that sends out Email notifications
● SMS Sending Service​
: Enables sending of SMS messages to devices
● Push Sending Service​
: Enables sending of Push notifications to devices
● iOS/ Android Device Wakeup​
: Sends push notifications to Android/ iOS devices to recreate
a new session when the current session timeout is reached
● Client Offline Alert Service​
: Notifies administrators when a device has reached its offline
alert configuration
● iOS App Refresh​
: Performs daily checks of applications iOS devices must install and
uninstall since the last check was peformed

3. Settings Tab

The settings tab consists of configuration options required for connectivity between the devices and
the server running the Parallels 2X MDM Service. The server address and certificate settings
configured during the installation process may also be updated from here.
From the ​
General​
section you can adjust the options below:
● Server Address​
: The MDM server FQDN (Example ­ mdm.company.com).
● Listening Port​
: The port used for devices to connect to the MDM server
● Minimum log level​
: Set the level of logging displayed on the Status tab
● Data Folder​
: The folder where MDM account data is stored
Optionally ​
Enable Load Balancing Support​
to specify the URL used to access the MDM portal and
the Subdomain URL that devices connect to:
● Portal Address​
: The URL pointing toward the server running the Parallels 2X MDM Service
● MDM Service Address​
: The subdomain URL pointing toward the server running the
Parallels 2X MDM service
From the ​
Bridge Server​
section, adjust the bridge server options below:
● HTTP Port​
: The port the browser connects through when using Remote Control
● Devices Port​
: The port devices connect through when Remote Control is enabled
● Max Connections​
: The number of Remote Control sessions allowed simultaneously
● Minimum log level​
: Set the level of logging displayed on the Status tab
From the​
SSL Certificate​
section, you can adjust the certificate settings configured during the
installation process:
● Certificate (PFX Format):​
Define the path where the PFX file obtained by a Certificate
Authority (CA) is stored

●
●

Root Certificate: ​
Select the Root Certificate file obtained by a Certificate Authority (CA)
company. The file should end with a .cer extension
Certificate password:​
Enter the certificate password

4. Database Tab

From here, configure settings required for the connection between your database and Parallels 2X
MDM Service.
From the ​
General ​
section configure the below:
● Server​
: Specify the IP address of the machine hosting your SQL database. If the database
is located on the same machine you have installed Mobile Device Management on, you can
also use localhost.
Connection Pooling​
is a cache of database connections maintained so that the connections can
be reused when future requests to the database are made. If enabled, you can also adjust both the
minimum and maximum connection pool size
The ​
Roles ​
section allows you to adjust the below roles configured during setup:
● Administrator​
: Username and Password of administrator account used to connect to the
database
● Device​
:Username and Password for users created during setup process
● Common​
:Username and Password that can access and update all of the mdm tables
● Signup​
:Username and Password used to create MDM accounts
● Portal​
:Username and Password used to access the MDM portal
● Reports​
:Username and Password used by the reporting server to connect to the MDM
database

5. Map Tab

Next, the Map tab allows you to configure which maps provider location updates will be resolved to
and displayed on from the MDM portal.
Select the map provider you have registered with from the ​
Provider d
​ropdown and enter the related
API key in the ​
Provider API Key​
text field.
If Bing maps is selected, optionally also enable the ‘Use Microsoft Maps Background resolver
service’ to resolve location points without an address.

6. Messaging Tab

This tab consists of settings required for both STMP and SMS message notifications to be sent by
Parallels 2X MDM. These settings were configured during setup.
From the ​
SMTP Settings​
section you can adjust the settings below:
● Server:​
The SMTP server IP address or FQDNto be used.
● Port:​
The port number to be used for sending out emails.
● Email:​
The email address that you want to be shown when emails are sent out.
● Username:​
The username to be used if the mail server requires authentication.
● Password:​
Password for the username provided if the mail server requires authentication.
● Use Secure Connection:​
Tick this box if your SMTP server requires an SSL connection.
From the ​
SMS Settings​
section configure the below:
● Username:​
Fill in the username obtained from CardBoard Fish.
● Password​
: Fill in the password for your CardBoard Fish account.

7. Android Tab

For MDM to communicate with GCM and send PUSH notifications to Android devices, configure or
update the configuration options below:
● Project Number:​
The project number obtained by the Google Cloud Messaging project.
● API Key: ​
The API Key obtained by the Google Cloud Messaging project.

8. iOS Tab

Similarly, for iOS devices to be able to connect and communicate with your MDM server, configure
or update the SCEP server configuration options below:
● SCEP Server URL:​
The URL pointing to your certificate SCEP server.
● Challenge Password:​
The challenge password generated by your certificate SCEP server.
● MDM Vendor PFX Path: ​
Select the path to the certificate provided to you by Apple.
● Vendor Password:​
The Apple Certificate password

9. AppFabric Tab

Parallels 2X MDM uses AppFabric to distribute shared cache to multiple On­Premise installations of
MDM. Enable AppFabric if you are hosting MDM on multiple servers. This way you can scale for
different services running on different servers to share information via AppFabric.
Enable the ‘Use AppFabric’ checkbox, click ‘Add’ and configure the options below:
● Server Address​
: Server hostname to be used for AppFabric caching to store sessions of
the MDM server
● Port​
: The port used to store sessions of the MDM server

10. Reporting Tab

You can alter the configuration options defined during the setup process used both to deploy and
generate reports. The configuration options are listed below:
● Web Service URL​
: The URL pointing toward your Reporting Services end­point.
● Reporting Access: ​
Toggle the reporting feature for the back office and admin portal.
● Portal User Login and Password:​
Enter Windows credentials that are configured in SSRS
with browser permissions.
● Administrator Login Name and Password: ​
Enter Windows credentials configured with
administrator privileges and content management rights in SSRS.

The ​
Advanced​
button allows you to define the database that will be used to generate reports. The
Override Reporting Data Source​
option is typically enabled when the mdm database that reports
will be generated with is mirrored on another server. If required, enable this feature and configure
the below:
● Database Server​
: Specify the IP address of the machine hosting the mirrored SQL
database
● Database Name​
: Specify the mirrored database name
● Database Username and Password​
: Mirrored Database credentials
● Show message in reports node​
: Set the value in hours equal to the mirrored database
update interval used to alert administrators in the portal that report data may be as old as the
value set.
Note​
: Setting the reporting Data Source to a mirrored mdm database takes load off the live
database.

11. Data Purging

Lastly, data purging settings allow you to configure the amount of time data is retained for before
being deleted from the MDM Server. You are able to control any data retention period of the data
types below:
● Call History
● Session History
● Location History
● Data Usage
● Actions
● Retired Devices
● Alerts



---

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Producer                        : PDFill: Free PDF Writer and Tools
Modify Date                     : 2015:07:08 10:55:48+02:00
Create Date                     : 2015:07:08 10:55:48+02:00
Page Count                      : 39

EXIF Metadata provided by EXIF.tools