Endpoint Security Complete

 View Only

Symantec Mobile Device Management 7.1 Proof of Concept - Part V: Configuring Mobile Management 7.1 For a Mobile Management 7.1 Proof of Concept 

Oct 21, 2011 12:06 PM

Warning

THIS WALKTHROUGH is PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE WALKTHROUGH IS WITH YOU. SHOULD THE WALKTHROUGH PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 

Configuring Mobile Management 7.1 Server (Symantec Mobile Management 7.1 User Guide, 2011, pp. 31 - 33)

  1. Open Symantec Management Console.
  2. Select Site Server for installing Mobile Management.
    1. Expand Setting and click onAll Settings.
    2. Click onMobile Management > Mobile Management Service, and click Mobile Management Servers.
    3. Click New.
    4. Choose the MDM server and click OK.

Note: For a computer to appear here, it must have MSMQ installed.

  1. Force the Mobile Management service to be installed.
    1. Expand Settings > Mobile Management > Mobile Management Service > Policies.
    2.  Click Mobile Management Service Install.
    3. Under Apply to, double click Computers Requiring Mobile Management Service Install.
    4. When the page titled Edit selected group opens, click on Update results and then click on OK.
    5. Make sure Run once ASAP is ticked and click on Save Changes.
    6. Click on Start > All Programs > Symantec > Symantec Management Agent.
      1. When the Symantec Management Agent open click on Settings on the top right hand side of the page.
      2. When the Symantec Management Agent opens, under Configuration, click on Update.
      3. Close the Symanatec Management Agent.

Configuring iOS Enrollment  (Mobile Management 7.1 - Configuring SCEP, APNS, and Enrollment Settings)

iOS Configuration

  1. In the Symantec Management Console, on the Home menu, clickMobile Management.
  2. In the left pane, expand Configuration, and then click iOS Configuration Editor.
  3. On the iOS Configuration Editor page, in the left pane, under iOS Configuration Profiles click on SCEP.
  4. Click on the yellow star to create a new profile.
  5. Enter the following information:
    1. Name: SCEP Server
    2. Description: SCEP Server MDMServerIPAddress
    3. URL:  http://MDMServerIPAddress/certsrv/mscep/mscep.dll
    4. Subject: CN=YourSCEPServerCommonName(from the SCEP certificate, make sure you remove the spaces before and after the equal sign.)
    5. Challenge: 42D49BD4EF2BBA068D58105864DF02F8 (need to scroll to the bottom of the page) The challenge can be found by browsing to http://localhost/certsrv/mscep_admin/and copying the enrollment challenge password.
  6. Click Save Changes.

Configure iOS MDM Enrollment Credentials (Symantec Mobile Management 7.1 User Guide, 2011, p. 34)

  1. Click on iOS MDM Enrollment Configuration.
  2. From Cryptographic credential used for authentication choose SCEP Server – SCEP Server MDMServerIPAddress from the dropdown.
  3. For Push Certificate Subject, choose the Push Certificate Subject from the APNS certificate.
    1. Open Microsoft Management Console
      1. Click Start > Run
      2. Type in mmc and click OK
    2. When the MMC opens click on File > Add/Remove Snap-in…
    3. On the left hand column choose Certificates, click on Add.
    4. When Certificates snap-in opens choose Computer account and then click on Next.
    5. When Select Computer opens accept the defaults and click on Finish.
    6. Click OK.
    7. Browse to Console Root > Certificates > Personal > Certificates.
    8. Double click on the Apple Production IOS Push Services certificate.
    9. Click on the Details tab.
    10. Click on Subject and copy com.apple.mgmt. XXX.
    11. Paste the copied data into the Push Certificate Subject field.
    12. Click Save Changes.

Configuring Mobile Management Server Settings

  1. Click on Mobile Management Server Settings.
  2. Enrollment Tab:
    1. Untick Enable Authentication Check.
  3. Agent Tab:
    1. Report Frequency: 1800
    2. Support Company: Company Name
    3. Support Phone: Company Phone Number
    4. Support URL: Company URL
  4. APNS Tab:
    1. APNS Push Certificate Thumbprint (Symantec Mobile Management 7.1 User Guide, 2011, p. 42)
      1. On the Start menu, click Run.
      2. At the command prompt, type mmc, and press Enter.
      3. In the Microsoft Management Console, on the File menu, click Add/Remove Snap-in.
      4. On the Add or Remove Snap-in page, under Available snap-ins, click Certificates, and then click Add.
      5. On the Certificate snap-in page, click Computer account, and then click Next.
      6. Click Finish, and then click OK
      7. On the Console1 page, expand Console root > Certificates > Personal and then double-click Certificates.
      8. In the center pane, double-click the APNS Certificate.
      9. In the Certificate dialog box, on the Details tab, click Thumbprint, and then copy its HEX values to the clipboard.
      10. In the Symantec Management Console, on the Home menu, click Mobile Management.
      11. In the left pane, expand Configuration, and then click Mobile Management Server settings.
      12. On the Mobile Management Server Settings page, on the APNS tab, in the APNS Push Certificate Thumbprint box, paste the APNS certificates Thumbprint value that you copied in step ix.
    2. Highlight your server at the bottom of the page and then click on the edit button.
      1. Tick Override server connection info.
      2. Server name override: MDMServerIPaddress
      3. Port: 80
    3. Click Save Changes.
    4. When you are returned to the APNS tab click Save Changes.

Forcing a the Changes to Commit

  1. In Computer Management > Services right click the Mobile Management Service Agent service and choose Restart to commit the changes.        

Installing and Enrolling the Mobile Management Agent iOS application (Symantec Mobile Management 7.1 User Guide, 2011, p. 45)

  1. Download the agent from the Apple App Store or your internal Web site.
  2. Tap the Mobile Management Agent iOS application on your iPhone/iPad/iPod device to start it.
  3. On the enrollment screen, provide the following information:
    1. URL: http://<Site Server Name or Address>/MobileEnrollment/Symc-IOSEnroll.aspx
    2. Name: Your domain user name.
    3. Password: Your Domain Password.
  4. On the License screen, click Yes.
  5. On all the subsequent screens for MDM enrollment, click OK or Yes.

Creating Configuration Payloads (Symantec Mobile Management 7.1 User Guide, 2011, p. 100)

  1. In the Symantec Management Console, on the Home menu, click Mobile Management.
  2. In the left pane, expand Configuration, and then click iOS Configuration Editor.
  3. On the iOS Configuration Editor page, in the left pane, under iOS Configuration Profiles, click the payload that you want to add to the configuration profile.
  4. In the right pane, click New payload, and then specify the payloads options.
  5. Click Save Changes.

Adding Configuration Payloads to a Policy (Symantec Mobile Management 7.1 User Guide, 2011, pp. 100 - 101)

  1. In the Symantec Management Console, on the Manage menu, click Policies.
  2. Expand Policies>Mobile Management, and right-click Mobile Configuration Profiles.
  3. Click New > Mobile Device Configuration Policy.
  4. On the New Mobile Device Configuration Policy page, under Profile settings, specify the settings.
  5. Under Configuration Settings, click the Add Mobile Configuration to a Policy symbol.
  6. In the Symantec Management Console dialog box, click the payload that you want to add to the policy, and then click OK.
  7. (Optional) Repeat steps 5 through 6 for any other payload you want to add to the configuration profile.
  8. Under Applied To, specify to which devices you want to apply the policy.

Click Save Changes.

 Part I: Installing and Configuring Windows Server 2008 R2 Enterprise For a Mobile Management 7.1 Proof of Concept

Part II: Installing Mobile Management 7.1 For a Mobile Management 7.1 Proof of Concept

Part III: Obtaining and Installing an Apple APNS Certificate For a Mobile Management 7.1 Proof of Concept

Part IV: Installing and Configuring SCEP For a Mobile Management 7.1 Proof of Concept

Part V: Configuring Mobile Management 7.1 For a Mobile Management 7.1 Proof of Concept

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jan 08, 2012 05:40 PM

Great Job,

I can't find or download the User and Admin Guide for MMS 7.1!

The only one I can find is the implementation guide.
Can you provide the link, please?

Oct 25, 2011 03:34 PM

Hi Cameron, this is a really great article, do you have it also in a pdf form? Regards Ingo

Related Entries and Links

No Related Resource entered.