作者 主題: tech ed 2008 會後筆記 mobil device manage server  (閱讀 3300 次)

0 會員 與 1 訪客 正在閱讀本文。

小徒兒

  • 鑽研的研究生
  • *****
  • 文章數: 622
    • 檢視個人資料
Mobile Device Manager

1.enable vpn
2.only mobil 6.1
3.use AD infrastructure right away
4.software patch update enable


Acitve Directory Group

System center mobil device manager
MMC

·   Met OMA DM
·   Provisioning


·   Configuration of device
·   Software updates
·   Fault management


Connect with reporting service

Corporate intranet
-   Microsoft certificate authority
-   WSUS software management (software patch, sort report)
-   SQL server
-   Exchange
-   SharePoint
-   LOB service


Application configuration

***Enrollment server

-   Reverse proxy / ISA

***MDM registery server

***Mobil Device registry process -> enroll to vpn
      3.5. 3.0 G, wifly
on the intranet -> check dns -> enroll server (build internet connection -> offer certification need à build account -> post certification

enroll server (auto enroll)  server 2003
manage to log in to vpn
1)   link to vpn server
2)   through the ipsec (exchange the certification)
3)   check wether this account exist in domain
4)   assign one sub net
5)   you got the vpn pool’s ip (ipsec) , able to access the intranet
6)   gateway routing server

? (ip pool manage by vpn)
7)   recognize the company certificate
8)   assisg the vpn pool (relink the same ip)
9)   offer the data encryption


***Gateway server deploy requirement
·   network requirement

-   support standard DMZ infrastructure
§   2 firewall, on to internet one to intranet
-   when the mobile
§   vpn ip pool can link
§   mobile support proxy server (setting the group policy for proxy server)
§   not supporting nat
§   need 2 network cards
§   only support one IP

·   network link requirement


***VPN link

***MDM 08 Deployment topology
Device management server (sub title)

IPSEC MOBIL VPN

***MDB device management server
-   location
i.   intranet
-   utility   
i.   use to manage all controlled device
ii.   offer mobil device group policy, software patch, remote hard reset
iii.   CA and domain controller integration
iv.   Coordinate the communication between AD and CA

*** The benefit of Security Management
-   SCMDM enhance the management the active directory group policy
-   Disable other functions

***Group policy process
-   set up the policy of group (Windows active directory, SYS VOL)
-   Mobile Device Management server (group policy service) use OMA Proxy engine ->windows mobile device à DB

-   GPMC -> view the modeling, and results

***Reporting / Software
-   Windows Software Update Service (WSUS) 3.0
-   Offer convenient and handy deployment


***Create Package Wizard – software patch
-   Create to package software
-   Approve to certain group
-   Progress engine

***Software and HD list
-   Enroll devices information
-   device report
-   installed (policy)



***link to vpn (ddn)
??only 6.0 can use the MDM
?? if no enroll, how to manage that device
? auto-install, msg to install

***MDM Resource Kit
Auto loging  portal website
- Mobil device
·   Connect now
·   Vpn diagnostics
·   Device status viewer

- Server side tool
·   MDM Bulk Pre-Enrollment Tool
·   MDM applications Hash Code Tool

***requirement
-must
·   need server 2003 enterprise 64 bit
·   powershell 1.0
·   windows mobil 6.1

- option
·   exchange server

***resouce from 劉一寬經理
« 上次編輯: 2008-09-23 17:13 由 小徒兒 »