Kaspersky Security Center 13.1
13.1
English

Contents

iOS MDM Server

iOS MDM Server allows you to manage iOS devices by installing dedicated iOS MDM profiles on them. The following features are supported:

  • Device lock
  • Password reset
  • Data wipe
  • Installation or removal of apps
  • Use of an iOS MDM profile with advanced settings (such as VPN settings, email settings, Wi-Fi settings, camera settings, certificates, etc.)

iOS MDM Server is a web service that receives inbound connections from mobile devices through its TLS port (by default, port 443), which is managed by Kaspersky Security Center using Network Agent. Network Agent is installed locally on a device with an iOS MDM Server deployed.

When deploying an iOS MDM Server, the administrator must perform the following actions:

  • Provide Network Agent with access to the Administration Server
  • Provide mobile devices with access to the TCP port of the iOS MDM Server

This section addresses two standard configurations of an iOS MDM Server.

In this section

Standard configuration: Kaspersky Device Management for iOS in DMZ

Standard configuration: iOS MDM Server on the local network of an organization

See also:

Main installation scenario

Ports used by Kaspersky Security Center
Page top
[Topic 92389]

Standard configuration: Kaspersky Device Management for iOS in DMZ

An iOS MDM Server is located in the DMZ of an organization's local network with internet access. A special feature of this approach is the absence of any problems when the iOS MDM web service is accessed from devices over the internet.

Because management of an iOS MDM Server requires Network Agent to be installed locally, you must ensure the interaction of Network Agent with the Administration Server. You can ensure this by using one of the following methods:

  • By moving the Administration Server to the DMZ.
  • By using a connection gateway:
    1. On the device with iOS MDM Server deployed, connect Network Agent to the Administration Server through a connection gateway.
    2. On the device with iOS MDM Server deployed, assign Network Agent to act as connection gateway.

See also:

Simplified deployment scheme
Page top
[Topic 92391]

Standard configuration: iOS MDM Server on the local network of an organization

An iOS MDM Server is located on the internal network of an organization. Port 443 (default port) must be enabled for external access, for example, by publishing the iOS MDM web service on Microsoft Forefront Threat Management Gateway (hereinafter referred to as TMG).

Any standard configuration requires access to Apple web services for the iOS MDM Server (range 17.0.0.0/8) through TCP port 2197. This port is used for notifying devices of new commands by means of a dedicated service named APNs.

Page top
[Topic 92392]