MDM Multiple Instance Topologies
2/9/2009
In Microsoft System Center Mobile Device Manager (MDM) 2008 Service Pack 1, an instance specifies a separate, independent installation of MDM in a forest, in a domain, or both. Microsoft System Center Mobile Device Manager (MDM) 2008 Service Pack 1 can support multiple instances, which provides flexibility and increased manageability for companies that deploy MDM in an enterprise-wide topology. This architecture provides a security-enhanced boundary between each MDM instance; therefore, managed devices will not have access to other instances. In addition, MDM administrators in one MDM instance cannot access or administer other instances.
The following sections explain how MDM uses certificate template object identifiers—also known as OIDs—and Active Directory Universal Security Groups (USGs) to help keep network traffic separate between MDM 2008 SP1 instances, and describe the recommended topology for implementing a multiple instance deployment of MDM 2008 SP1 in multiple domains.
Note
You can use MDM Best Practices Analyzer Tool to analyze a group of servers to determine if prerequisites for deploying MDM 2008 SP1 are met. You can also use the tool to analyze servers post-deployment to verify things such as port settings. To download the tool, see MDM Best Practices Analyzer Tool at this Microsoft Web page: https://go.microsoft.com/fwlink/?LinkID=127030.