MDM Distributed Configuration Topology

11/11/2008

The distributed approach to deploy System Center Mobile Device Manager (MDM) provides a more secure solution than an integrated configuration. However, the distributed deployment is not as scalable as the recommended scaled-out distributed configuration described in MDM Scaled-Out Distributed Configuration Topology. The following illustration shows an MDM distributed configuration topology:

The following are highlighted by number in the diagram:

1: SSL-based Windows Mobile device traffic to MDM Enrollment Server
2: IPsec-based managed device traffic to MDM Gateway Server and SSL-based managed device traffic to MDM Device Management Server

Note:
For each MDM topology, the Active Directory® Domain Services, certification authority server, the computer that is running Microsoft® SQL Server®, MDM Device Management Server, and MDM Enrollment Server must be in the same site. However, servers that are running MDM Gateway Server do not have to be in the same geographical site. Active Directory, the certification authority server, the computer that is running SQL Server, MDM Device Management Server, and MDM Enrollment Server must be in the same domain.

Note:

For each MDM topology, the Active Directory® Domain Services, certification authority server, the computer that is running Microsoft® SQL Server®, MDM Device Management Server, and MDM Enrollment Server must be in the same site. However, servers that are running MDM Gateway Server do not have to be in the same geographical site. Active Directory, the certification authority server, the computer that is running SQL Server, MDM Device Management Server, and MDM Enrollment Server must be in the same domain.