Mobile devices have become commonplace in IT environments. With the increase in device number and increasing power and function of these devices, providing management capabilities in the enterprise is becoming more of a focal point for administrators. Configuration Manager 2012 R2 provides two types of management for mobile devices: lite management and depth management.
Lite Management Lite management is provided to any device that is capable of interfacing with Exchange Server through the ActiveSync connector. Such devices include Windows Phone 7 and iPhone and Android devices. Configuration Manager 2012 R2 provides an Exchange Server connector that works with Exchange ActiveSync–connected devices and facilitates settings management, general inventory, and remote wipe capabilities.
Lite Management Lite management is provided to any device that is capable of interfacing with Exchange Server through the ActiveSync connector. Such devices include Windows Phone 7 and iPhone and Android devices. Configuration Manager 2012 R2 provides an Exchange Server connector that works with Exchange ActiveSync–connected devices and facilitates settings management, general inventory, and remote wipe capabilities.
Depth Management Depth management is available for legacy Windows phone platforms, such as Windows Mobile 6.1 and 6.5 as well as Nokia Symbian devices, and it allows for a more robust management experience, including the ability to install a native Configuration Manager 2012 client on a device. Depth-managed devices provide all of the features of lite management (though not through Exchange ActiveSync) but also include support for software distribution and over-the-air enrollment. Further, inventory options available for depth-managed clients are more extensive and flexible than those provided through lite management.
Depth-managed devices require a client to be installed, along with certificates to provide access to the various Configuration Manager 2012 R2 systems. Once the client is installed, the device acts similar to a PC, looking up and making use of management points for retrieving policy, sending data such as inventory, and also making use of distribution points for software deployments.
The process of placing the client and certificates on the mobile device, known as enrollment, requires the use of two site system roles: the mobile device enrollment proxy point and the mobile device and AMT enrollment point. These site systems work in tandem to facilitate enrollment, provisioning, and management of mobile devices. At first glance, the difference between these two site system roles may not be apparent.
Enrollment Proxy Point This is the site system role typically placed in the DMZ and is the initial point of communication for devices. It is also the location where mobile devices find and download the mobile version of the Configuration Manager client. Once the client is installed, and as a part of enrollment, the mobile device enrollment proxy point will communicate with the mobile device and AMT enrollment point, typically located inside the protected network, to retrieve needed certificates and present them to the device being enrolled. Configuring multiple mobile device enrollment proxy points at a single site to support multiple
DMZ configurations is supported.
Enrollment Point This is a site system role typically installed inside the protected network, and it serves as an interface between the mobile device enrollment proxy point and the Enterprise Certificate Authority as certificate requests are presented from mobile devices and generated certificates are sent back to mobile devices.
Certificates are also required for provisioning AMT-capable devices. This site system role also serves as the interface between AMT devices requesting certificates and the Enterprise Certificate Authority.
If the enrollment proxy point or the enrollment point roles have not yet been added, you will need to select them in the Add Site System Roles Wizard.
1. Choose the site and server where the enrollment proxy point and enrollment point will be located.
The exact servers chosen depend on the overall configuration of the hierarchy and mobile management needs.
2. Select the roles in the Add Site System Roles Wizard System Role Selection. Click Next to proceed to the Enrollment Point page of the wizard.
3. On the Enrollment Point page, shown in Figure , configure the name for the website to be used.
1. Choose the site and server where the enrollment proxy point and enrollment point will be located.
The exact servers chosen depend on the overall configuration of the hierarchy and mobile management needs.
2. Select the roles in the Add Site System Roles Wizard System Role Selection. Click Next to proceed to the Enrollment Point page of the wizard.
3. On the Enrollment Point page, shown in Figure , configure the name for the website to be used.
If you make any changes, then the virtual directory name in the URL configured for the mobile device enrollment proxy point must be updated as well. You can also specify which account will be used for database communication. Of the two site system roles, this is the only one that needs to access the database directly.
4. On the Enrollment Proxy Point page, configure the name for the website to be used, as shown in Figure
4. On the Enrollment Proxy Point page, configure the name for the website to be used, as shown in Figure
Note that the website must support SSL communication and that a default URL pointing to the mobile device and AMT enrollment point is already present. This URL is configurable and will need to point to whichever location is chosen to host the mobile device and AMT enrollment point role. Note also that the end of the URL refers to the EnrollmentService virtual directory. This is the default name. If a non-default name is chosen for the virtual directory, the URL will need to match.
Note also that there is a virtual application name listed on the current page that is similar in name. Don’t be confused by the similarity; the virtual directory name here is the one used to configure the mobile device enrollment proxy point and is not changeable.
5. Once all configuration is complete, click Next.
5. Once all configuration is complete, click Next.
No comments:
Post a Comment