Mobile Device Manager Device Management Server Architecture

2/9/2009

Mobile Device Manager Device Management Server provides the services necessary to interface the management infrastructure servers and services of your company with MDM Gateway Server in the perimeter network. MDM Device Management Server transforms protocols that are used within your company to Open Mobile Alliance Device Management (OMA DM). This enables you to manage Windows Mobile devices in a manner similar to how you manage portable and desktop computers for your company.

Device management includes the following tasks:

• Application distribution
• Group Policy application
• Firmware inventory
• Device wipe

The following illustration shows the detailed architecture of MDM Device Management Server.

MDM Device Management Server has the following components:

• Administration services: These Web services manage the administration tasks received from Mobile Device Manager Console. When commands are received, the relevant service translates them into OMA DM tasks and then stores them in the relevant MDM database.

• OMA service: This Web service works as an OMA proxy and enables the managed device to use OMA DM to communicate with MDM. This method provides more secure communication with systems in your company network. The OMA service converts tasks from the MDM database into OMA DM commands and then sends them to the managed device for execution. When the device has completed the commands, the OMA service updates the database with the device status.
  This service supports load balanced arrays of MDM Device Management Server that provide a scalable architecture. You can use an appliance or the native Windows Network Load Balancer (WNLB) capability to load balance these arrays.

• MDM software distribution: This service provides the interface to Windows Server Update Services (WSUS). All external communications use the standard WSUS interfaces. Therefore, no update to the WSUS servers is required.

• Group Policy service: This service communicates with the Group Policy service on your company domain controllers. This service determines the Resultant Set of Policy (RSoP) from the Active Directory Domain Service for each device object in the domain. The service translates Group Policy settings into tasks and then stores them in the MDM database. The OMA service processes them and applies them to a device the next time that the device connects.

• Remote Wipe service: This service manages the command to wipe data from a managed device. This service is notified when a device has been wiped or the wipe command has expired. The service then does several things:

  • It communicates with a domain controller to remove the Active Directory Domain Service object for the device.
  • It communicates with the MDM Enrollment Server to revoke the device certificate and delete its account from Active Directory.
  • It updates MDM Gateway Server and databases so that the device cannot connect to the system by using its previous credentials. The device can complete the enrollment process again if it has to rejoin the managed environment.

• Gateway Central Manager (GCM) service: This service helps overcome the difficulty of configuring a computer that is running MDM Gateway Server in the perimeter network in a more secure manner. The GCM service communicates configuration changes and updates to MDM Gateway Server. This communication is pushed through a Secure Sockets Layer (SSL) connection from MDM Device Management Server on the company network to the management Internet Information Services (IIS) instance on MDM Gateway Server.

  Note

  For increased security, MDM Gateway Server is unable to start communications with MDM Device Management Server. Additionally, the GCM service uses ports other than the standard TCP 443 to manage Mobile Device Manager Gateway Server. The administrator can configure the port to use for the GCM service.