IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Manage an iOS Device with multiple iOS MDM Servers
laucharb
post 17.02.2017 15:27
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 17.02.2017




hi guys,

i am having a hard time finding the information i am looking for, Kaspersky Support seems to be kind of busy (long response times) so i thought
i'd give it a shot and ask here in the Kaspersky forum.
the following statements probably contain incorrect information, so please feel free to correct me rightaway smile.gif

i have the following scenario:
- KSC 10.3.407 in internal server vlan with iOS MDM Server installed
- Kaspersky Agent on a Windows Server in the DMZ, configured as MDM Gateway for Android, and also running an iOS MDM Server
- i'm running split DNS (internal and external domain is the same)

due to network topology and security restrictions, users are forced to enroll their iOS devices while being connected to the internal wifi network.
from within this wifi, they can access the KSC, hence enrollment (and further management) of the iOS profile works (enrollment requires TCP 8060 & TCP 8061).

once the device leaves the company wifi, commands do not get executed on the devices though.
there is allowed only TCP 443 inbound on the DMZ iOS MDM Server (which should be enough?), as there is no Kaspersky webserver installed.

my questions are:
for starters, can i use multiple, different iOS MDM Servers for enrollment and management at all?
as i use split DNS, i should be able to use the same APNs for both iOS MDM Servers, or do i need to get a new push certificate for each iOS MDM Server?
is there a documentation anywhere describing troubleshooting/debugging of iOS MDM Servers?

really looking forward to your valuable input, thanks in advance!

have a great weekend!
- Benni
Go to the top of the page
 
+Quote Post
laucharb
post 8.03.2017 11:45
Post #2


Newbie
*

Group: Members
Posts: 3
Joined: 17.02.2017




It seems this kind of Topology of iOS Management (2 iOS MDM Device Servers, sharing devices among each other) is not supported by Apple.

so ... topic can be closed i guess.

thanks anyway!
cheers

QUOTE(laucharb @ 17.02.2017 12:27) *
hi guys,

i am having a hard time finding the information i am looking for, Kaspersky Support seems to be kind of busy (long response times) so i thought
i'd give it a shot and ask here in the Kaspersky forum.
the following statements probably contain incorrect information, so please feel free to correct me rightaway smile.gif

i have the following scenario:
- KSC 10.3.407 in internal server vlan with iOS MDM Server installed
- Kaspersky Agent on a Windows Server in the DMZ, configured as MDM Gateway for Android, and also running an iOS MDM Server
- i'm running split DNS (internal and external domain is the same)

due to network topology and security restrictions, users are forced to enroll their iOS devices while being connected to the internal wifi network.
from within this wifi, they can access the KSC, hence enrollment (and further management) of the iOS profile works (enrollment requires TCP 8060 & TCP 8061).

once the device leaves the company wifi, commands do not get executed on the devices though.
there is allowed only TCP 443 inbound on the DMZ iOS MDM Server (which should be enough?), as there is no Kaspersky webserver installed.

my questions are:
for starters, can i use multiple, different iOS MDM Servers for enrollment and management at all?
as i use split DNS, i should be able to use the same APNs for both iOS MDM Servers, or do i need to get a new push certificate for each iOS MDM Server?
is there a documentation anywhere describing troubleshooting/debugging of iOS MDM Servers?

really looking forward to your valuable input, thanks in advance!

have a great weekend!
- Benni

Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 30.05.2017 09:19