Mobile Device Manager (MDM) Console architecture lets you manage servers and devices by using either a graphical user interface (GUI) console or a command line-based Microsoft® Windows® PowerShell™ console.
- The MDM Console snap-in is a GUI-based management tool. This
Microsoft Management Console (MMC 3.0) snap-in lets you manage
Windows Mobile devices and the MDM system.
- MDM Shell provides a powerful command line interface for MDM
services and databases.
Whichever console you use, a collection of PowerShell scripts called cmdlets (pronounced "command-lets") perform requested tasks. A cmdlet is a single-feature command that manipulates objects in Windows PowerShell. You can recognize cmdlets by their format: a verb and noun separated by a dash (-), such as Get-Help, Get-Process, and Start-Service.
These cmdlets provide the logic that performs the primary management tasks in areas such as the following:
- MDM Device Management Server management
- Enrollment service management
- Priority tasks, such as device wipe
- Asset management
To support the new mobile device Group Policy settings, you use extensions to the Group Policy Editor and Group Policy Management Console (GPMC) tools. Setup installs a new MMC snap-in to enable MDM software distribution to a device.
MDM Shell Console
The computer that has MDM Console installed also stores the cmdlets. When you use the consoles, they call the cmdlets as required.
The following illustration shows you how MDM Console provides access to these functional management areas.
You can manage MDM components directly on MDM Device Management Server by using a server-based management console, or by using a workstation-based console in a remote location.
For MDM Gateway Server management tasks, the MDM GCM service is used on MDM Device Management Server to issue the command to the server by using a secure SSL connection through the internal firewall of the enterprise. This method helps minimize the security risk of communicating with MDM Gateway Server in the perimeter network by making sure that communications start only from MDM Device Management Server to MDM Gateway Server, and not vice-versa.
For local MDM Device Management Server-based management tasks, MDM Administration Service controls the communications and makes sure that tasks perform as requested. Finally, if the management task requires communication with the managed device, MDM Device Management Server communicates with the device by using an Open Mobile Alliance device management (OMA DM) session by using the Mobile virtual private network (VPN) connection set up from the MDM Gateway Server.