Setting Up MDM

Before we setup Mobile Device Management, let us first understand the architecture behind managing mobile devices over-the-air (OTA). The diagram below depicts the MDM Architecture in Desktop Central

Desktop Central - Mobile Device Communication

Desktop Central workflow

1. All Communications from Desktop Central to the mobile device will be routed through intermediate services such as APNs for iOS devices and GCM for android devices. A live TCP connection is maintained for intermediate service.  APNs & GCM  acts an intermediate wake up service to wake up the device whenever an action is triggered to be performed  from the Desktop Central. Managed mobile device communicates with Desktop Central to receive the instructions and report back the status and data.

For the above setup to work, the following should be done

1. Assuming users' mobility, Desktop Central Server should be reachable via public IP address. If you are installing Desktop Central Server in the LAN, add an entry in your external router to route the requests to your public IP to the internal IP of the computer where Desktop Central Server is installed. If all the devices managed are within the LAN, this requirement is not needed.

2. Ports Details

3. Ports that needs to be opened at Desktop Central Server

• 8383 - Used for secured communication between the agent and the Desktop Central
  
  
  Ports that needs to be opened for managing iOS devices

• 2195 - Should be open for the Desktop Central Server to reach the APNs.

• 5223 - If the mobile device connects to the internet through the WiFi, then this port should be opened. For better security, you can restrict these connections on the IP range 17.0.0.0/8. If all the managed devices have access to cellular data network, this requirement is not needed.
  
  
  Ports that needs to be opened for managing Android devices

If the mobile device connects to the internet through WiFi, then the following ports should be opened on the firewall.

• 5228

• 5229

• 5230