For this topology you place an internal Mobile Device Manager (MDM) Gateway Server in your company network. The sole purpose of the internal MDM Gateway Server is to allow Wi-Fi–enabled managed devices to communicate with MDM.
Topology benefits include the following:
- Support for push-like capabilities to Wi-Fi devices in the
corporate network, similar to WWAN managed devices.
- Improved security and management of Wi-Fi devices when
connected to the corporate network.
The following illustration shows a managed device communicating with an internal MDM Gateway Server.
The numbers in the illustration above highlight the following:
- The managed device must have Wi-Fi enabled.
- Two network subnets are used for this topology. Subnet A for
MDM Wi-Fi clients, and Subnet B for accessing the MDM Device
Management Server and other corporate services such as Active
Directory directory services. A DNS server provides DNS resolution
to MDM Gateway Server (Interface on Subnet A).
- The internal MDM Gateway Server has two network interface
cards. One for clients on the Wi-Fi subnet (Subnet A), and the
other for the network that hosts your MDM installation (Subnet B)
including Active Directory. You must configure an address pool on
the MDM Gateway Server for managed device clients.
- You must ensure that your routing infrastructure is configured
to allow traffic from Subnet B (MDM Device Management Server,
line-of-business applications, services) to be routed back to
Subnet A based upon the destination address (MDM Gateway Server
device address pool). For example if traffic originates from the
internal MDM Gateway Server address pool, the reply is sent back to
the internal MDM Gateway Server.
You may also deploy an MDM Gateway Server in the perimeter network to support external managed devices with this topology. The internal MDM Gateway Server provides support to internal managed devices by using Wi-Fi.
Wi-Fi in this topology does not support a seamless transition from using an external MDM Gateway Server to the internal MDM Gateway Server. If you use this internal gateway scenario, you must disable the managed device VPN client and enable Wi-Fi to force the transition from the external MDM Gateway Server to the internal MDM Gateway Server. You must then re-enable the managed device VPN client to communicate with the internal MDM Gateway Server.
 Important: |
|---|
| The above process provides a faster transition from the external to the internal MDM Gateway Server. If the process is not followed the VPN may stay connected to the external MDM Gateway Server or take a longer time to transition. |
To disable the VPN client and enable Wi-Fi, see Windows Mobile Device Wi-Fi Configurationand Enabling or Disabling the Mobile Device VPN Client.