11/11/2008
For this topology, Microsoft System Center Mobile Device Manager (MDM) 2008 is accessible using a public or home wireless access point. Limited configuration is needed unless you are using wireless access that requires authentication.
Topology benefits include the following:
- Support for managed Windows Mobile devices that come from
external networks including homes, public wireless access sources,
and Mobile Operators.
- The same external MDM Gateway Server can be used to support
both WWAN and WLAN devices coming from public networks.
When using public Wi-Fi access, note the following:
- Paid public Wi-Fi is not supported transparently with MDM.
- Many public Wi-Fi access points have limitations on Network
Address Translation (NAT) support, preventing more than one
connection over the ports that are used by the VPN client. The
result is that the VPN client may work intermittently. In some
environments, ports used by the VPN client may also be filtered.
Furthermore, it may be difficult to control NAT inactivity timeouts
in places such as coffee shops and hotspots. Overall service is
dependent upon the provider of the wireless access.
The following illustration shows a managed device communicating with MDM using public or home Wi-Fi access.
The numbers in the illustration above highlight the following:
- The managed device has the VPN client enabled, and IPsec
communication is used between the managed device and MDM Gateway
Server.
- If Wi-Fi access requires additional authentication (for
example, payment for wireless usage), you must disable the managed
device VPN client, gain access to the wireless network, and then
enable the VPN client. To disable the VPN client, see
Enabling or
Disabling the Mobile Device VPN Client.
- There is normal communication between MDM Gateway Server in the
perimeter network and MDM Device Management Server in the company
network. No modifications are necessary. However, some home or
public Wi-Fi access points may not have the required MDM MDM ports
open for device communication. You must ensure these ports are
opened in your IT environment. For a list of required MDM, see
Planning for
Mobile Device Manager.