Public Wi-Fi for MDM

11/11/2008

For this topology, Microsoft System Center Mobile Device Manager (MDM) 2008 is accessible using a public or home wireless access point. Limited configuration is needed unless you are using wireless access that requires authentication.

Topology benefits include the following:

Support for managed Windows Mobile devices that come from external networks including homes, public wireless access sources, and Mobile Operators.
The same external MDM Gateway Server can be used to support both WWAN and WLAN devices coming from public networks.

When using public Wi-Fi access, note the following:

Paid public Wi-Fi is not supported transparently with MDM.
Many public Wi-Fi access points have limitations on Network Address Translation (NAT) support, preventing more than one connection over the ports that are used by the VPN client. The result is that the VPN client may work intermittently. In some environments, ports used by the VPN client may also be filtered. Furthermore, it may be difficult to control NAT inactivity timeouts in places such as coffee shops and hotspots. Overall service is dependent upon the provider of the wireless access.

The following illustration shows a managed device communicating with MDM using public or home Wi-Fi access.

The numbers in the illustration above highlight the following:

The managed device has the VPN client enabled, and IPsec communication is used between the managed device and MDM Gateway Server.
If Wi-Fi access requires additional authentication (for example, payment for wireless usage), you must disable the managed device VPN client, gain access to the wireless network, and then enable the VPN client. To disable the VPN client, see Enabling or Disabling the Mobile Device VPN Client.
There is normal communication between MDM Gateway Server in the perimeter network and MDM Device Management Server in the company network. No modifications are necessary. However, some home or public Wi-Fi access points may not have the required MDM MDM ports open for device communication. You must ensure these ports are opened in your IT environment. For a list of required MDM, see Planning for Mobile Device Manager.