Part 2 : MDM Plan, Design and Implement

In Part1 of the MDM series, we talked about the initial phase of the project which includes – Assess your environment, Identify types of users/groups, level of access and the different MDM/MEM/MAM profiles based on the criteria to implement MDM in an on-premise deployment scenario.
In this part, I would like to share the Architecture, Components, Checklist for network/port requirements, firewall rules  and lastly the systematic approach to configure and roll-out device and user enrollment with appropriate profiles/rules propagated based on the profile definition. For those who are not aware of the acronyms, please scroll down to the bottom of this blog. The topics that I am unable to cover is MCM, Apple Configuration, Public and Intranet Application configuration and many other ones which may be required in a cloud deployment scenario or in a large scale deployment.
This is a basic on-premise deployment with NO (high availability, redundancy, SaaS) capabilities and with a capacity of upto 2000 devices/users. 
AirWatch Roles and Services
Below table will provide you an idea on your MDM Infrastructure requirement in terms of number of servers, number of Operating Systems (MS OS & SQL Licenses), network/VLAN (generally network layout will be between two zones – Internal/Production and DMZ on the corporate network and public IP/FQDN and CA-signed Public SSL Certificate on the Internet/world side) . 
AirWatch Software/Components Requirements
Before you start building the servers, it is always a good practice to know the software and pre-requisite requirements to save time and avoid getting into obstacles at the initial stage. Following table is a snapshot of those basic requirements to get started.
AirWatch Network/Port Requirements
The next in the design/implementation phase is the network/port and firewall requirements to have a seamless communication between the following components:
Mobile Device(Internet) → Device Services
Mobile Device(Internet) → Secure Email Gateway (SEG) → Email Services (Internal/Corporate network)
Device Services(DMZ) → MDM Database/Corporate Resources (Internal/Corporate network)
Below table may provide the visibility and help in defining the network rules in your environment:
The MDM related services/components can be installed on a single big server or can be distributed into more than one servers as in our case, the services such as ACC, AWCM can be either installed in DMZ and/or internal network depending on your network layout and choice. 
CloudMessaging Status URL: https://<;:2001/awcm/status
Secure Email Gateway URL : https://<>/segconsole/management.ashx
where, is the public FQDN or IP address of your MDM server which users (sometimes admin on behalf of users) connect to from their device to enroll/register the device with your MDM environment.
In my next part in this series, will cover the configuration and management of Users, Devices, Groups, Profiles etc. from MDM Console.
to be continued…
MDM = Mobile Device Management
MEM = Mobile Email Management
MAM = Mobile Application Management
MCM = Mobile Content Management

About cloudray

Predominantly based around Virtualization, but will include other technology related information and anything else I find interesting and feel the need to share with you. I also use this Blog as both a place to store useful information that I think that will come in handy to me at some point in the future, and also a place to help aid my learning. I find a great way to learn about something is to research about it and then write it up in my own words. I'm Pushpal Ray, from India. As a certified VCP3/4/5 professional, I am currently working as an Independent Consultant. Over 10 years of IT-industry experience, currently focused around the Desktop Virtualization(End-User Computing). I also have extensive experience in Windows Administration, Datacenter Migration, Workload profiling & benchmarking. At my leisure, I enjoy hiking, running, photography, spend hours in my fav coffee shop & spend quality time with my wife. Occasionally, catch up with few friends for a drink!
This entry was posted in Enterprise Virtualization, MDM, Mobility and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s