Mobile Device Manager (MDM) Device Management Server provides the services necessary to interface the management infrastructure servers and services of your company with MDM Gateway Server in the perimeter network. MDM Device Management Server transforms protocols that are used within your company to Open Mobile Alliance Device Management (OMA DM). This enables you to manage Windows Mobile devices in a manner similar to how you manage portable and desktop computers for your company.
Device management includes the following tasks:
- Application distribution
- Group Policy application
- Firmware inventory
- Device wipe
The following illustration shows the detailed architecture of MDM Device Management Server.
MDM Device Management Server has the following components:
Administration services: These Web services manage the
administration tasks received from Mobile Device Manager (MDM)
Console. When commands are received, the relevant service
translates them into OMA DM tasks and then stores them in the
relevant MDM database.
OMA service: This Web service works as an OMA proxy and
enables the managed device to use OMA DM to communicate with MDM.
This method provides more secure communication with systems in your
company network. The OMA service converts tasks from the MDM
database into OMA DM commands and then sends them to the managed
device for execution. When the device has completed the commands,
the OMA service updates the database with the device status.
This service supports load balance arrays of MDM Device Management Server that provides a scalable architecture. You can use an appliance or the native Windows Network Load Balancer (WNLB) capability to load balance these arrays.
MDM software distribution: This service provides the
interface to Windows Software Update Server (WSUS). All external
communications use the standard WSUS interfaces. Therefore, no
update to the WSUS servers is required.
Group Policy service: This service communicates with the
Group Policy service on your company domain controllers. This
service determines the Resultant Set of Policies (RSOP) from the
Active Directory Domain Service for each device object in the
domain. The service translates Group Policy settings into tasks and
then stores them in the MDM database. The OMA service processes
them and applies them to a device the next time that the device
Remote Wipe service: This service manages the command to
wipe data from a managed device. This service is notified when a
device has been wiped or the wipe command has expired. The service
then does several things:
- It communicates with a domain controller to remove the Active
Directory Domain Service object for the device.
- It communicates with the MDM Enrollment Server to revoke the
device certificate and delete its account from Active Directory®.
- It updates MDM Gateway Server and databases so that the device
cannot connect to the system by using its previous credentials. The
device can complete the enrollment process again if it has to
rejoin the managed environment.
- It communicates with a domain controller to remove the Active Directory Domain Service object for the device.
Gateway Central Manager (GCM) service: This service helps
overcome the difficulty of configuring a computer that is running
MDM Gateway Server in the perimeter network in a more secure
manner. The GCM service communicates configuration changes and
updates to MDM Gateway Server. This communication is pushed through
an SSL connection from MDM Device Management Server on the company
network to the management IIS instance on MDM Gateway Server.
Note: For increased security, MDM Gateway Server is unable to start communications with MDM Device Management Server. Additionally, the GCM service uses ports other than the standard TCP 443 to manage Mobile Device Manager (MDM) Gateway Server. The administrator can configure the port to use for the GCM service.