Mobile Device Manager Server Configuration Overview

  • Article

2/9/2009

With System Center Mobile Device Manager, Windows Mobile 6.1 devices can become a trusted member of your company network. As soon as it is enrolled, the managed device can access internal network resources for your company that the administrator enables. This includes file shares, internal applications, Microsoft Exchange e-mail messages, Microsoft SharePoint sites, and other services that before only desktop and portable computers could access.

The following MDM features help you manage, control, and make your mobile messaging environment more secure:

  • Enforce Active Directory group policies specific to managed devices
  • Wipe all data from managed devices and the contents of removable storage cards
  • Use Windows Server Update Services (WSUS) with MDM software distribution components to distribute .cab files to managed devices

With MDM architecture, you can configure MDM in your company infrastructure in many ways. However, this depends on the scalability option that you select and the availability of system requirements for your company. The following illustration shows an overview of the three primary server configurations:

Dd252845.56e21f31-cf6b-4e4c-a5e6-97bda73778a8(en-us,TechNet.10).gif

There are three primary configuration options:

  • Integrated configuration: For the minimal MDM configuration, install the components on two physical 64-bit servers: MDM Gateway Server on a stand-alone or workgroup server in the perimeter network; and MDM Enrollment Server, MDM Device Management Server, and Microsoft SQL Server on a domain-joined server in the company network. Although the integrated option provides a simple implementation, it is not the most secure configuration and can restrict an organization that has many Windows Mobile devices to manage.

  • Distributed configuration: Deploy each MDM component—MDM Gateway Server, MDM Device Management Server, MDM Enrollment Server, and SQL Server—on separate, dedicated physical 64-bit servers. This configuration provides better scalability than the integrated configuration. However, this configuration offers no redundancy and makes it more difficult to scale out with more servers when the number of managed devices increases.

  • Scaled-out configuration (recommended): Configure MDM Gateway Server and MDM Device Management Server in load-balanced arrays. At first, an array may consist of only one server, but when the initial installation is set up as a scaled-out configuration, you can add more servers easily. We recommend that you have a dedicated computer that is running SQL Server to make software distribution on a larger scale easier. This is the recommended configuration for a production enterprise environment. The scaled-out configuration allows for the greatest scalability and the highest levels of availability for managed mobile devices.

    Note

    To scale out MDM Device Management Server or MDM Enrollment Server, you can deploy either hardware or software load balancers. See the product technical documentation for features and limitations of load balancers. With either software or hardware balancers, affinity must be enabled in the load balancer configuration.

For more information about these configuration options, see Planning for Mobile Device Manager in the MDM Planning Guide.