Documente Academic
Documente Profesional
Documente Cultură
Guide
Installing, configuring, and using the Remote Management Service
v4.1
AirWatch v9.1
Have documentation feedback?Submit a Documentation Feedback support ticket using the Support Wizard on
support.air-watch.com.
Copyright 2017 VMware, Inc. All rights reserved. This product is protected by copyright and intellectual property laws in the United States and other countries as well as by
international treaties. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their
respective companies.
1
Table of Contents
Chapter 1: Overview 3
Introduction to Remote Management v4.1 4
Remote Management v4.1 Components 4
Remote Management v4.1 Supported Platforms 5
Remote Management v4.1 Requirements 5
Typical Deployment of the Remote Management v4.1 Server 12
2
Chapter 1:
Overview
Introduction to Remote Management v4.1 4
Remote Management v4.1 Components 4
Remote Management v4.1 Supported Platforms 5
Remote Management v4.1 Requirements 5
Typical Deployment of the Remote Management v4.1
Server 12
3
Chapter 1: Overview
Database
The database handles system and tenant configuration, operations, and logging such as the accrual of historical device
enrollment data.
Portal Services
The Portal Services component handles the administrative and management services for Remote Management v4.1. The
Management Website is installed as part of the portal services component.
T10 Interface
The T10 interface is the part of the Management website under Portal Services that defines an integration portal between
AirWatch and the Remote Management server.
The T10 interface uses Representational State Transfer (REST) communication with a JavaScript Object Notation (JSON)
payload. The T10 interface allows AirWatch to make a mobile device eligibility call.
The T10 interface can also start a remote support session using the Remote Management tool and delete the device from
the Remote Management system.
Core Services
The Core Services component provides service discovery and auxiliary services for the Remote Management solution
through Web services and Windows services.
Connection Proctor
The Connection Proctor component uses the Windows Connection Proctor service to manage device connections to the
Remote Management server. The component also simultaneously handles multiple requests for sessions.
4
Chapter 1: Overview
General Requirements
For SaaS customers, the general requirements are the only requirements that must be met.
The Remote Management v4.1 requires the following on the admin side.
Requirements Minimum
Supported Latest version of Google Chrome, Safari, Internet Explorer, or Edge.
Browsers
AirWatch version AirWatch v9.0.2+ with the AirWatch Rugged EMM Bundle.
Ensure that your version of AirWatch includes these features by contacting your account
representative.
5
Chapter 1: Overview
Requirement Description
Portal Admin User Create a user with the following settings.
l First name: Portal.
l Create a password that the user cannot change and which does not
expire.
Hardware Requirements
Hardware Minimum
Remote Management Server
CPUs 2.4 GHz Processors,
4 Logical Processors,
2 CPU 2 Core 2x2 or 4 Physical
depending on machine type VM vs
Physical.
Memory 16 GB
Hard Drive IOPS 15,000 SAS minimum
Hard Drive Space 100 GB for OS drive
Remote Management Database
Hard Drive Space 200 GB for databases
200 GB for backups and logs
Remote Device Maximum
Given a single server deployment with the above minimum
specifications, the maximum number of concurrent remote
device sessions is 250.
6
Chapter 1: Overview
Software Requirements
Ensure that you meet the following on-premises installation requirements.
To ensure proper configuration of the roles and features, use the Remote Management installation PowerShell scripts.
For more information, see Remote Management Server Installation PowerShell Scripts on page 25.
Requirements
Remote Management Server
Operating Microsoft Windows 2012 R2.
System
Software Microsoft .NET Framework 4.5.
Microsoft Report Viewer 2012 Redistributable Package.
Server Roles l Application Server.
7
Chapter 1: Overview
Requirements
Features l .NET Framework 3.5 Features.
o .NET Framework 3.5 (includes .NET 2.0 and 3.0).
o HTTP Activation.
o Non-HTTP Activation.
o IIS Management Console.
n TCP Activation.
l Dbcreator.
8
Chapter 1: Overview
Requirements
User Mapping l Dbowner.
l Dbbackupoperator.
l SQLAgent dependent.
l serverGroup dependent.
Network Requirements
9
Chapter 1: Overview
controlplane.aetherpal.internal
Host Record Create a host record in your DNS that points to your Remote Management
Server.
The host record must be named
admin.
Service Coordinator Service Create a service record for the Service Coordinator.
Records
l Record type: SRV.
l Domain: Enter the forward lookup zone of your Remote Management server.
l Service: _svc.
l Protocol: _tcp.
l Priority: 0.
l Weight: 0.
l Host Offering this service: Enter your Remote Management server hostname.
Data Tier Proxy Service Record l Record type: SRV.
l Domain: Enter the forward lookup zone of your Remote Management server.
l Service: _dtp.
l Protocol: _tcp.
l Priority: 0.
l Weight: 0.
l Host Offering this service: Enter your Remote Management server hostname.
10
Chapter 1: Overview
Site Certificate
The site certificate secures HTTPS binding for the management website for port 443 and allows a secure connection. This
secure connection is between the admin and Web services. Also, the site certificate secures the connection to the
Connection Proctor on port 8446. The customer provides the site certificate as a wildcard certificate. You must use a PFX
file containing the public/private key and certificate chain during installation.
Enrollment Certificate
The enrollment certificate is an SSL certificate that enables remote management devices to enroll or register with the
Remote Management server. The enrollment certificate also secures the connection to the server. AirWatch provides the
certificate in a PFX file containing the private and public key and the certificate chain.
11
Chapter 1: Overview
1. Queue RM Command
2. Queuing Command to Connect to RMS
3. Confirm Command
4. Create Remote Management Session
5. Send Session URL
6. Request Remote Management Session URL
7. Admin Joins Remote Management Session
8. Device Joins Remote Management Session
9. Send Commands/Get Frames
12
Chapter 2:
Remote Management Service
Configuration and Installation
Remote Management v4.1 on-premises Installation
Overview 14
Generate the Remote Management v4.1 Certificates 14
Create the Common Name from the AirWatch Database 15
Configure the Remote Management Installer 16
Install the Remote Management Server Components 18
Configure the AirWatch Console 20
13
Chapter 2: Remote Management Service Configuration and Installation
Prerequisites
l Download the Remote Management v4.1 Certificate Generator.
Procedure
1. Open the Remote Management v4.1 Certificate Generator. Be certain to use the correct version of the tool according
to the version of AirWatch you are using.
AirWatch Version Certificate Generator Tool Version
Pre 9.2 RemoteManagementCertificateGenerator_Before_9_2
9.2 and above RemoteManagementCertificateGenerator_9_2
14
Chapter 2: Remote Management Service Configuration and Installation
4. Navigate to the folder on your device holding the Remote Management v4.1 Certificate Generator. Find the
generated certificates in the Artifacts\public folder.
5. In the Artifacts folder, find the "Certificate Seed Script.sql". Run this script against the AirWatch Database to seed the
generated certificates into the AirWatch database.
6. Install the certificates onto the Remote Management server into the appropriate certificate stores.
a. Add the file named "root_cert.cer" to the Root cert store.
7. Switch to the Cert Store and find the file you just added called "intermediate_cert.cer"
8. Right click the "intermediate_cert.cer" file and select Export. Now choose P7B as the export type.
9. This P7B file is needed for when you Configure the Remote Management Installer on page 16.
Prerequisites
Download the Remote Management v4.1 Certificate Generator.
Procedure
To create the Common Name.
1. Open the Remote Management v4.1 Certificate Generator.
3. Copy the displayed text. This text is the SQL script to run against the AirWatch Database.
6. On the fist line of the query, replace the NULLvalue with the GroupID for the customer type OG that you want to
use. The OG you choose must be a customer type, it cannot be of any other type including global, partner,
container, and so on.
For example,
becomes
15
Chapter 2: Remote Management Service Configuration and Installation
Prerequisites
Install the proper certificates onto the server. For more information on the certificates, see Remote Management v4.1
Requirements on page 5.
l Install the Site certificate to secure HTTPS binding for the server.
l Install the AirWatch portal certificate onto the server. Install the root certificate into the Root Trusted Certificate
Authorities store and the intermediate certificate into the Intermediate Trusted Certificates store. For information on
generating the certificates, see Generate the Remote Management v4.1 Certificates on page 14.
l Install the Enrollment certificate onto the server. Install the root certificate into the Root Trusted Certificate
Authorities store. Next, install the intermediate certificate into the Intermediate Trusted Certificates store. Then
install the client certificate into the Personal store.
Procedure
Configure the installer.
1. On the database server, extract the contents of the installer ZIP file into C:\temp.
Important: Extract all contents from the ZIP file into c:\temp. Do not move the files around inside the temp folder
as the installer needs all the files in their extracted locations. Do not rename or move the temp folder.
3. Select Next.
16
Chapter 2: Remote Management Service Configuration and Installation
Setting Description
DB Owner user Enter the user name of the internal Remote Management Database user that the installation
name automatically creates in the database.
DB Application Enter the user name of the internal Remote Management Database user that the installation
user name automatically creates in the database.
6. (Optional) Select the Advanced button to configure the Port, LDF, MDF, and NDF paths for the database.
7. Select Next.
Select Next.
17
Chapter 2: Remote Management Service Configuration and Installation
Setting Description
T10 Certificate Browse for the T10 certificate by selecting the ... Button.
Consider using a P7B format for this certificate. The P7B format includes the whole certificate
chain and does not require a password to install. The P7B format also places the Root and
Intermediate certificates into the correct certificate stores automatically.
Auto generate a Create a user for the T10 service in the machine's Local Users and Groups.
user in Local
Users and
Groups
Prerequisites
l Copy the install.config file created during the Configuration portion of the Remote Management v4.1 onto the server
hosting the Remote Management v4.1 components. For more information, see Configure the Remote Management
Installer on page 16.
Procedure
1. On the server, extract the contents of the installer ZIP file into C:\temp.
Important: Extract all contents from the ZIP file into c:\temp. Do not move the files around inside the temp folder
as the installer needs all the files in their extracted locations. Do not rename or move the temp folder.
3. Select Next.
4. Select Install.
18
Chapter 2: Remote Management Service Configuration and Installation
l Core Services
l Portal Services
l Application Services
l Connection Proctor
6. Select Next.
7. If you are installing the database component, configure the Database Credentials settings.
Setting Description
SQL Database
Server Name Enter the Database server hostname.
Authentication Select the database account authentication. The authentication can be either Windows
Authentication or SQL Authentication.
User name Enter the user name of the database account. This user name is used by the installer to
automatically create all the databases required to install Remote Management.
Password Enter the password of the database account.
Application Access
Database Set the password for the Remote Management database owner SQL account. This account does
Owner not have system-wide permissions. The account only has permissions within the Remote
Password Management databases.
Database User Set the password for the Remote Management database user SQL account. This account does
Password not have system-wide permissions. The account only has permissions within the Remote
Management databases.
8. Select Next.
9. If you are installing the remaining components, configure the Authentication Credentials.
Setting Description
Enrollment Certificate Details
Enrollment Certificate Enter the password for the enrollment certificate added during the Configuration
Password portion.
Active Directory Authentication
User name Enter the Active Directory user name.
Password Enter the Active Directory password.
11. If you are installing the remaining components, configure the Portal Credentials.
19
Chapter 2: Remote Management Service Configuration and Installation
Setting Description
SSL Select the ... Button to browse for the Site certificate installed before starting the Configuration
Certificate portion. For more information, see Remote Management v4.1 Requirements on page 5.
13. If you are installing the remaining components, configure the Connection Proctor Credentials.
Setting Description
CP This setting is auto-populated.
Binding
(Local)
Port This setting is a verification which you can use to check for port 8446.
CP FQDN Enter the server fully qualified domain name. For example, "<hostname>"
Port Enter the actual port number used for the Connection Proctor component. Consider using 8446.
CP Select the ... Button to browse for the Site certificate installed before starting the Configuration
certificate portion. For more information, see Remote Management v4.1 Requirements on page 5.
This certificate is the same one used on the Authentication Credentials screen in the previous step.
15. Select OK to confirm that you have opened the firewall ports.
2. Navigate to Settings > System > Advanced > Site URLs > External Remote Management.
20
Chapter 2: Remote Management Service Configuration and Installation
https://<hostname>/t10
Device Connection Name Enter the Remote Management server fully qualified domain name. For example,
"https://<hostname>"
4. Select Save.
The Remote Management server is now ready to handle remote management sessions with end-user devices.
21
Chapter 3:
Remote Management v4.1
Start a Remote Management v4.1 Connection 23
Remote Management v4.1 Client Tools 23
Remote Management Server Installation PowerShell Scripts25
22
Chapter 3: Remote Management v4.1
2. In the Remote Support window, select Launch Session after the connection process completes.
After selecting Launch Session, a new tab opens and the connection steps display.
Once the connection is made, the remote management client opens and the device is ready for use.
Remote Management v4.1 does not have the same functionality as Remote Management v3.0. The following features
are not currently available in Remote Management v4.1.
l Registry Manager
Remote Control
The main section of the Remote Management client is a device screen view that allows you to control the end-user device
remotely.
23
Chapter 3: Remote Management v4.1
Control the device by clicking or dragging on the displayed screen and buttons. You can send keystrokes to the device
and copy and paste information onto the device during a session.
If a user needs privacy, they can pause a remote control session.
To use the whiteboard, select the whiteboard icon ( ) in the bottom right of the device screen view.
The whiteboard menu consists of the following items.
Shortcuts
The Remote Management client provides a shortcuts menu to navigate quickly to a screen or menu item on the device.
24
Chapter 3: Remote Management v4.1
The shortcuts icon is on the bottom right, near the whiteboard icon. Navigate to that screen by selecting an item from
the shortcuts menu.
Device Summary
The Remote Management client provides a device summary of information similar to Device Details. Use this information
to diagnose issues on a device while connected without navigating away from the Remote Management client.
The Device Summary pane provides at-a-glance information to use during troubleshooting. The pane displays signal
strength, battery, network status, storage, and main memory information. Display additional information not displayed
in the information by selecting the Additional Information ( ) icon.
PowerShell Commands for enabling PowerShell script execution on the local machine
25
Chapter 3: Remote Management v4.1
PowerShell Script for Application and Web Server Roles and Features
Install Features
26
Chapter 3: Remote Management v4.1
Remove Features
27
Chapter 3: Remote Management v4.1
Import-Module ActiveDirectory
$GroupName = "RMAdminGroup"
New-ADUser -Name $PUDN -AccountPassword $PUPassword1 -DisplayName $PUDN -Enabled $True -GivenName
$PUFN -Surname $PULN -SamAccountName $PUSAM -PasswordNeverExpires $True -UserPrincipalName $PUUPN
28
Chapter 3: Remote Management v4.1
Write-Host "Please select the correct default zone" -ForeGroundColor Yellow -BackGroundColor Black
Write-Host "Example: 4" -ForeGroundColor Yellow -BackGroundColor Black
$DNSZones = Get-DnsServerZone | Select ZoneName -ExpandProperty ZoneName
$Count1 = 0
ForEach ($DNSZone in $DNSZones) { $Count1++; Write-Host $Count1")" $DNSZone }
$Selection1 = Read-Host
$GetRootZone = $DNSZones[$Selection1-1]
"`n`n`n"
$ARecord = "Admin"
$DTPRecord = "_dtp._tcp"
$SVCRecord = "_svc._tcp"
$Priority = "0"
$Weight = "0"
$DTPPort = "8865"
$SVCPort = "8870"
$FLZoneName = "controlplane.aetherpal.internal"
$FLZoneName1 = "admin.controlplane.aetherpal.internal"
Write-Host "Please enter the IP address of the Admin/Anchor/APP Server." -ForeGroundColor Cyan -BackGroundColor Black
Write-Host "If each server is seperate please enter the IP Address of the APP Server" -ForeGroundColor Cyan -BackGroundColor Black
Write-Host "Example: 10.10.30.234" -ForeGroundColor Cyan -BackGroundColor Black
$Result4 = Read-Host
$FLZoneExist1 = Get-DnsServerZone | Where { $_.ZoneName -eq $FLZoneName } | Select ZoneName -ExpandProperty ZoneName
IF ($FLZoneExist1 -ne $Null) { Add-DnsServerResourceRecordA -Name $ARecord -ZoneName $FLZoneName -AllowUpdateAny -IPv4Address $Result4; Add-
DnsServerResourceRecord -Srv -Name $DTPRecord -ZoneName $FLZoneName DomainName $FLZoneName1 Priority $Priority Weight $Weight Port
$DTPPort; Add-DnsServerResourceRecord -Srv -Name $SVCRecord -ZoneName $FLZoneName DomainName $FLZoneName1 Priority $Priority Weight
$Weight Port $SVCPort } ELSE { Add-DnsServerPrimaryZone -Name $FLZoneName -ReplicationScope "Forest" -PassThru; Add-
DnsServerResourceRecordA -Name $ARecord -ZoneName $FLZoneName -AllowUpdateAny -IPv4Address $Result4; Add-DnsServerResourceRecord -Srv -Name
$DTPRecord -ZoneName $FLZoneName DomainName $FLZoneName1 Priority $Priority Weight $Weight Port $DTPPort; Add-DnsServerResourceRecord -
Srv -Name $SVCRecord -ZoneName $FLZoneName DomainName $FLZoneName1 Priority $Priority Weight $Weight Port $SVCPort }
29
Accessing Other Documents
30