Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • AirWatch Components - VEffort

    Încărcat de

    jones_lenn
    71 vizualizări4 pagini
    The document discusses the key components of the AirWatch mobile device management (MDM) platform, including the Device Services Server, Console Server, Database Server, AirWatch Cloud Connector, AirWatch Mobile Access Gateway, Secure Email Gateway, and Cloud Messaging Service. It explains the purpose and typical deployment location of each component for both cloud-based (SaaS) and on-premise implementations. It also provides a flow chart showing how the components fit together and are related to AirWatch's licensing models.

    Descriere originală:

    AirWatch Documentation- components for AirWatch Deployment

    Titlu original

    AirWatch Components _ VEffort

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    The document discusses the key components of the AirWatch mobile device management (MDM) platform, including the Device Services Server, Console Server, Database Server, AirWatch Cloud Connector, AirWatch Mobile Access Gateway, Secure Email Gateway, and Cloud Messaging Service. It explains the purpose and typical deployment location of each component for both cloud-based (SaaS) and on-premise implementations. It also provides a flow chart showing how the components fit together and are related to AirWatch's licensing models.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    71 vizualizări4 pagini

    AirWatch Components - VEffort

    Încărcat de

    jones_lenn
    The document discusses the key components of the AirWatch mobile device management (MDM) platform, including the Device Services Server, Console Server, Database Server, AirWatch Cloud Connector, AirWatch Mobile Access Gateway, Secure Email Gateway, and Cloud Messaging Service. It explains the purpose and typical deployment location of each component for both cloud-based (SaaS) and on-premise implementations. It also provides a flow chart showing how the components fit together and are related to AirWatch's licensing models.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    4/14/2016

    AirWatchComponents|vEffort

    AirWatchComponents
    PostedbyveffortonJanuary22,2015

    2Comments

    IvebeenworkingonacoupleofAirWatchengagementsrecentlyandasaresult,myproductknowledgehashadtomove
    toalowerlevel.BeingmoreofaCitrixGuyfromanMDMperspectiveIvehadmoreinvolvementinXenMobileupuntil
    now,butseeingasCitrixisdeemeda2ndtiervendorbythelikesofresearchfirmIDC,itssurprisingthelackofresources
    thereisouttherefortoptierAirWatchcomparedtoXenMobile.MaybeitsbecauseAirWatchreallypushtheSaaSmodel
    wheretheonpremisthepoorrelation(~70/30marketsplit)sothereislesscommunityinterestoutthere.
    WhatIwantedtocoverherewashowtheheadlineproductsfitintotheAirWatcharchitectureasatfirstglanceitsnot
    obvious,tothisendIhavecreatedaflowchartasakindofdecisionmatrix.Thecomponentswillchangedependingupon
    requirementsandifSaaSischosenoveronprem.
    TheComponents
    BelowIwillbrieflycovereachofthekeycomponents
    DeviceServicesServerThisistheServerthatactivelycommunicateswiththedevicesandhandlesenrollments.Seeing
    asdeviceswillnormallybeanywhereandeverywhere,thisserverneedstobeavailableontheinternet.ForSaaS
    deployments,clearlythiswillbehandledbutforOnPrem,thiswillnormallylocatedwithinaDMZwithSSLpunched
    throughtotheinternetsecuredwithapubliccertificate.
    ConsoleServerSometimescalledtheAPIserver,theservercommunicateswiththeDeviceServicesServerandcontains
    aWebApp(IISSite)foradministrativecontroloftheenvironment.ThiswillnormallybeplacedontheinternalLAN,but
    wouldbepossibletocombinewiththeDeviceServicesServer.
    DatabaseServerAswithmostenterpriseproductsadatabaseisrequiredclearlyAirWatchholdsalotofdevicedata
    andthisneedstobestoredsomewhere.NotethatSQListheonlysupporteddatabasetypeanditneedstobefullSQL,not
    express.Again,thiscouldbecombinedbutinlargerdeploymentswouldbeseparatedtoaidwithhighavailabilityplans.
    InaSaaSdeployment,alloftheabovewillbehostedandmanagedbyAirWatch,butrequiredforalldeploymentsbethey
    SaaSoronprem.Thefollowingcomponentshowever,areoptionaldependinguponrequirements.
    AirWatchCloudConnector(ACC)ThisisnearlyalwaysusedinSaaSonlydeploymentsforbringingtheabovethree
    componentstolocalcustomerbasedbackendresources.TypicalintegrationcomponentswouldbeDirectoryServices
    (LDAP),MicrosoftCertificateServices,andExchangetonameafew.IfyouhaveaSaaSdeployment,yourADislocally
    hostedandyouwanttoconfigureAutoenrollmentforenduserstousetheiremailaddressesforexample,youllbe
    needingACC.ThisisnormallyplacedontheinternalLANwithadirectoutboundconnectiontotheinternetsoitcan
    communicatewiththeAirWatchSaaS.Thiscanbeeitherdirect(preferable)orviainternalproxy.
    JustaquicknoteonconnectingcomponentsviaproxyAtthetimeofwriting(v8.0.1.0)proxyPACfilesarenot
    supportedintheACCbuttheyarefortheMAG!
    https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

    1/4

    4/14/2016

    AirWatchComponents|vEffort

    AirWatchMobileAccessGateway(MAG)TheMAG(alsoknownasMAGEndpoint)isarelayforaccessinginternal
    content.ItdiffersfromtheACCwhichismoreaboutauthenticationwheretheMAGisproxyandcontent.Thiscomponent
    issecuredintermsofAirwatch(Containerised)soifyouplantouseityouwillneedtobeusingoneoftheAirWatch
    clientbasedproductstoaccessthecontent,thatbeingSecureContentLocker,theAirWatchBrowser,thePerAppVPNfor
    iOS7orEnterpriseAppsthathavebeensubjecttoAirWatchAppWrapping.
    Intermsofplacementthereareanumberofoptions.Really,beingareverseproxy,thisisaDMZtypeofcomponentbut
    couldbeapaintomanageasandwhenyouwanttoopenituptomorebackendresources,thisisbecauseyouwould
    needtoaddrulesforeachserver(unlessyoucheatandopenupasubnetorwhatever).IfyouhavenoDMZ,itssimpleas
    thereisonlyoneoptionwhichwillbeLANplacement.IfyoudohaveaDMZthebestapproachwouldagainbeinternal
    LANbutalsotousetheadditionalsubcomponent.
    AirWatchMobileAccessGateway(MAG)RelayThisispartofthesameinstallerastheabovebutyoujustchoose
    therelayoption.ThisisdesignedtobeplacedinaDMZandiswhatyourexternaldeviceswillbepointingatalongwith
    theAirWatchCloudMessagingService.ThissimplifiesongoingmanagementinaDMZscenarioastheinternalMAG
    Endpointservercanbeleftfullyopentochattoallinternalresourceswhilstthecommunicationremainssecurewiththe
    relayhandlingconnectivitybetweenthedevices,AWCMandtheinternalMAG.IntheMAGconfigurationontheAirWatch
    managementconsoleitjustneedstobetoldthatsitsusingtherelaymodelratherthanbasicendpoint.
    SecureEmailGateway(SEG)Letsbeclear,theSEGisntarequirementforenduserstobereceivingemailsontheir
    devicesbutitiscertainlybeneficial.TheSEGsitsbetweenyourExchangeActiveSyncserver(s)andenablesgreatercontrol
    andmonitoringofemailtoandfromenrolleddevices.ActiveSyncisgloballyenabledonExchangeandwhileitcanbe
    switchedoffonamailboxbasisand(sinceExchange2010SP2)besubjecttodevicequarantinerules,itisnotveryeasyto
    control.TheSEGwillproxytheActiveSynccommunicationsandblock/allowdependinguponconfiguredpolicy.
    CloudMessagingServiceThisismentionedforinformation,itsadifferentsortofcomponenttotheaboveasitisa
    facilitatorratherthansomethingthatperformsitsownspecificfrontendfunctionbutitisimportant.Ithandlesmessages
    fromtheAdministrativeConsole,andisaprerequisiteforboththeMAGandACC.ForSaaSdeploymentsthisisnta
    considerationasitispreconfiguredbyAirWatchbutforonpremthisneedstobeinstalledandconfigured,typicallyonthe
    DeviceServiceServer.SeeingastheACCisgenerallyonlyusedinSaaSimplementationsthough,thisisnormallyonlya
    concernforMAGinstallations.PartoftheMAGconfigurationrequirestheCloudMessagingServicedetailstobeentered.
    Licencing
    Somethingelsetobearinmindislicencingasthesecomponentsdontdirectlyfitintotheirlicencingmodelswellthey
    do,butyouhavetobasethecomponentsontherequirementsandsubsequentlicencingmodel,whichwillspitoutthe
    requiredcomponents.Thelicencingmodelsandpricingisavailablepubliclyhere.Youcouldactuallyintegrateanyofthe
    belowcomponentsandnolicensingwouldbebreachedbuttakeforexampletheMAGyesthiscouldbefullyintegrated
    intoAirWatchbutunlessyouaredoingAppWrapping,usingtheAirWatchBrowserand/orContentLocker(whichwould
    requireaBluelicense)itsinclusionwouldhavenobenefit.
    SowhatIvedoneontheflowdiagramistocolourthetextinaccordancewiththerequiredlicencingbandingassuming
    https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

    2/4

    4/14/2016

    AirWatchComponents|vEffort

    youarerequiringfeaturesthatrequirethecomponentinquestion.
    ComponentFlowChart
    Sowithoutfurtherado,hereistheflowchartIhavecreatedhelpwithallofthis.Notethedecisionquestionsareveryhigh
    level,otherquestionscouldbeaskedofthecapabilitiesparticularlyaroundtheACCwhichhasmanyintegrationpoints.

    https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

    3/4

    4/14/2016

    AirWatchComponents|vEffort

    https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

    4/4

    S-ar putea să vă placă și