i am having a hard time finding the information i am looking for, Kaspersky Support seems to be kind of busy (long response times) so i thought
i'd give it a shot and ask here in the Kaspersky forum.
the following statements probably contain incorrect information, so please feel free to correct me rightaway
i have the following scenario:
- KSC 10.3.407 in internal server vlan with iOS MDM Server installed
- Kaspersky Agent on a Windows Server in the DMZ, configured as MDM Gateway for Android, and also running an iOS MDM Server
- i'm running split DNS (internal and external domain is the same)
due to network topology and security restrictions, users are forced to enroll their iOS devices while being connected to the internal wifi network.
from within this wifi, they can access the KSC, hence enrollment (and further management) of the iOS profile works (enrollment requires TCP 8060 & TCP 8061).
once the device leaves the company wifi, commands do not get executed on the devices though.
there is allowed only TCP 443 inbound on the DMZ iOS MDM Server (which should be enough?), as there is no Kaspersky webserver installed.
my questions are:
for starters, can i use multiple, different iOS MDM Servers for enrollment and management at all?
as i use split DNS, i should be able to use the same APNs for both iOS MDM Servers, or do i need to get a new push certificate for each iOS MDM Server?
is there a documentation anywhere describing troubleshooting/debugging of iOS MDM Servers?
really looking forward to your valuable input, thanks in advance!
have a great weekend!