Arsitektur ManageEngine Mobile Device Manager Plus

fankychristian - April 08, 2017
ManageEngine Mobile Device Manager Plus supports managing your Mobile Devices from a central point. It allows you to perform Policy Management, Profile Management, Asset Management, App Management and Security Management of mobile devices.
Mobile Device Manager Plus Architecture
Figure 1: MDM Architecture of Mobile Device Manager Plus
*Forwarding Server (optional)

Advantages

The advantages of using the MDM architecture of Mobile Device Manager Plus include the following:
  • Agentless, Over-the-Air (OTA) Management
  • Uses Apple's Push Notification Service/ Android GcM for communication
  • Profiles and Policies gets deployed immediately
  • All communications to and from the mobile device is secured.

Architecture

  1. Any communication from Mobile Device Manager Plus to the device is routed through Apple Push Notification service (APNs) via TCP port 2195 for iOS devices and through GCM via TCP port 80 for Android Devices
  2. As per Apple IOS MDM protocol, all iOS devices maintain a dedicated TCP connection with APNs at TCP Port 5223. Mobile Device Manager Plus leverages this to wake up a device using APNs.
  3. Device communicates with Mobile Device Manager Plus Server for available instructions at port 8383 using a secured connection.
  4. Executes the instructions and reports back to Mobile Device Manager Plus Server with the status/data at port 9383 securely.
For the above setup to work, the following should be done
  • Assuming users' mobility, Mobile Device Manager Plus Server should be reachable via public IP address. You should NAT your internal IP of Mobile Device Manager Plus Server to a public IP to enable this. If all the devices managed are within the LAN, this requirement is not needed.

Ports Details

TCP Ports that needs to be opened at Mobile Device Manager Plus Server

9383 - Used for secured communication between the agent and the Mobile Device Manager Plus

TCP Ports that needs to be opened for managing iOS devices

2195 - Should be open for the Mobile Device Manager Plus Server to reach the APNs. Host address:
gateway.push.apple.com.
5223 - If the mobile device connects to the internet through the WiFi, then this
port should be opened. For better security, you can restrict these connections on
the IP range 17.0.0.0/8. If all the managed devices have access to cellular data
network, this requirement is not needed.

TCP Ports that needs to be opened for managing Android devices

443 - Used for secured communication between the Mobile Device Manager Plus server and the GCM
server.
Port numbers 5228, 5229, 5230 should be open on the fire wall, If the mobile device
connects to the internet through WiFi. This enables communication between the mobile
devices and the GCM.