Showing posts with label push notification. Show all posts
Showing posts with label push notification. Show all posts

Wednesday, November 30, 2016

Mobile Device Management(MDM)


Now a days employees are bringing their own devices to work (BYOD) and using these devices to share data  within the office campus, so it is difficult for IT department to monitor and control the devices. In this case Mobile Device Management (MDM) protocol provides a way for system administrators to send device management commands to managed mobile devices. By using the MDM service, an IT administrator can inspect, install, or remove profiles; monitor device status e.g. battery status etc. ;remove passcodes; and begin secure erase on a managed device. 
In iOS 4 and above MDM inbuilt client is already there, so for iOS devices there is no need to develop any application to support MDM. But for Android devices to support MDM, MDM client application needs to be installed.

iOS MDM
The MDM protocol is built on top of HTTP, transport layer security (TLS), and push notifications. The related MDM check-in protocol provides a way to delegate the initial registration process to a separate server.
MDM uses the Apple Push Notification Service (APNS) to deliver a “wake up” message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results.
To provide MDM service, IT department needs to deploy an HTTPS server to act as an MDM server, then distribute profiles containing the MDM payload to managed devices. 
Posted by at No comments:
Labels: , , , , , , , , , , , , , , ,

iOS MDM Certificate Creation


  • create a CSR using any toolkit, i.e. KeyChain Access on Mac System, then export private key as 'vendor.p12'
  • log in to Apple Member Center, and go to 'iOS Provisioning Portal'
  • select 'Certificates' on the left navigation bar, and click 'Other' tab on the center.
  • follow the instruction on that page, and upload the CSR you created.
  • then the certificate for you as a MDM vendor will be available to download on the 'Other' tab. And download it.
  • download WWDR intermediate certificate.
  • download Apple root certificate.
  • execute below openssl command to convert MDM vendor certificate, WWDR certificate, and Apple root certificate to PEM format one by one :
    openssl x509 -inform der -in mdm_identity.cer -out mdm.pem
    openssl x509 -inform der -in AppleWWDRCA.cer -out intermediate.pem
    openssl x509 -inform der -in AppleIncRootCertificate.cer -out root.pem
  • Now you need to generate encoded plist and you need these below mentioned files as input files

          customer.der, vendor.p12, mdm.pem, intermediate.pem, root.pem
          There are few third party web sites also which can help you to generate encoded plist.

  • Now first verify the generated plist.xml format that should match with the sample plist.xml provided in MDM Protocol Reference document.
  • If plist.xml is in appropriate format then upload the encoded_plist to portal . So we need to take care that plist.xml is just for our reference this is not for upload.For upload encoded_plist only. After that download the certificate from portal.

Posted by at 1 comment:
Labels: , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)