ISEC7 - B*Nator EMM Suite. Check Before Installation Guide

Similar documents

Endpoint Manager for Mobile Devices Setup Guide


Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

Sophos Mobile Control Installation prerequisites form

Configuration Guide. BlackBerry UEM. Version 12.9

1 About this document System environment Communication between devices and push servers Technical support...


Sophos Mobile Control installation prerequisites form. Product version: 7

BlackBerry UEM Configuration Guide

Sophos Mobile Control Installation guide

Configuration Guide. BlackBerry UEM Cloud

NotifySCM Integration Overview

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Feature and Technical Overview

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide

BlackBerry Enterprise Server Express for IBM Lotus Domino

Configuration Guide. Installation and. BlackBerry Enterprise Server for Novell GroupWise. Version: 5.0 Service Pack: 4

BlackBerry Enterprise Server Express for Microsoft Exchange

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

VMware Workspace ONE UEM Recommended Architecture Guide

Sophos Mobile. server deployment guide. Product Version: 8.1

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0. Feature and Technical Overview

Sophos Mobile. server deployment guide. product version: 8.6

Pre-installation Checklist

Blackberry Enterprise Server Pre-installation and Checklist Guide

Installation and Upgrade Guide

Pre-Installation Checklist v5.0

McAfee Enterprise Mobility Management 12.0 Software

Domino Integration DME 4.6 IBM Lotus Domino

Sophos Mobile Control Super administrator guide. Product version: 3.5

Pre-Installation ZENworks Mobile Management 2.7.x August 2013

VMware AirWatch Recommended Architecture Guide Setting up and managing your on-premises AirWatch deployment

Installation Guide. McAfee Enterprise Mobility Management 10.1

Administration Guide. Installation and. BlackBerry Enterprise Transporter for Microsoft Office 365. Version: 1.0

GroupWise 18 Administrator Quick Start

ZENworks Mobile Workspace Installation Guide. September 2017

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

Sophos Mobile super administrator guide. Product version: 7.1

Sophos Mobile. super administrator guide. Product Version: 8

Venafi Platform. Architecture 1 Architecture Basic. Professional Services Venafi. All Rights Reserved.

SysAid Technical Presentation. Phone (Toll-Free US): Phone: +972 (3)

Solution Integration Guide for Multimedia Communication Server 5100/WLAN/Blackberry Enterprise Server

Symantec Mobile Management 7.1 Implementation Guide

Sophos Mobile Control Technical guide

Sophos Mobile in Central

Sophos Mobile. installation guide. Product Version: 8.5

Sophos Mobile. server deployment guide. product version: 9

System Requirements. Version Mobile Service Manager

Sophos Mobile. installation guide. product version: 8.6

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

Sophos Mobile Control SaaS startup guide. Product version: 7

Sophos Mobile. installation guide. product version: 9

BlackBerry Enterprise Server for Microsoft Exchange

Sophos Mobile. installation guide. Product Version: 8

Sophos Mobile Control startup guide. Product version: 7

Sage 200c Professional. System Requirements and Prerequisites

Sage 200c Professional. System Requirements and Prerequisites

ZENworks Mobile Workspace. Integration Overview. Version June 2018 Copyright Micro Focus Software Inc. All rights reserved.

Sage 300 People & Web Self Service Technical Information & System Requirements

Symantec Mobile Management 7.2 MR1 Release Notes

Sage 200c Professional. System Requirements and Prerequisites

Sophos Mobile in Central

Sophos Mobile as a Service

User guide NotifySCM Installer

Server Installation ZENworks Mobile Management 2.6.x January 2013

QuickStart Guide for Mobile Device Management. Version 8.7

Veritas Desktop and Laptop Option 9.2

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

Sophos Mobile Control SaaS startup guide. Product version: 6.1

Sophos Mobile. super administrator guide. product version: 8.6

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

Sophos Mobile as a Service

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Crestron Fusion Cloud On-Premises Software Enterprise Management Platform. Installation Guide Crestron Electronics, Inc.

VMware Enterprise Systems Connector Installation and Configuration. Modified 29 SEP 2017 VMware AirWatch VMware Identity Manager 2.9.

Good Mobile Messaging Good Mobile Control for IBM Lotus Domino

Administration Guide - Blackberry Enterprise Server Express For Microsoft Exchange

Sophos Mobile SaaS startup guide. Product version: 7.1

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware Enterprise Systems Connector Installation and Configuration

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

ecopy ShareScan v4.2 for ecopy ScanStation Pre-Installation Checklist

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

VMware AirWatch Content Gateway Guide for Windows

Symantec Mobile Management for Configuration Manager 7.2 MR1 Release Notes

CUSTOMER SAP Afaria Overview

Reference Architecture: XenMobile with NetScaler

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

Veritas Desktop and Laptop Option 9.3

BlackBerry Enterprise Server for Lotus Domino 2.0 Service Pack 5 Readme file

Enterprise solution comparison chart

Perceptive TransForm E-Forms Manager

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

Citrix Exam 1Y0-371 Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions Version: 6.0 [ Total Questions: 143 ]

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

Sophos Mobile. startup guide. Product Version: 8.1

Transcription:

ISEC7 - B*Nator EMM Suite Check Before Installation Guide Version 4.2.2 May 18, 2015

c 2015 by ISEC7 Software Ltd. The contents of this document are copyright protected, any guarantee is excluded. The reproduction of information or data, of texts, sections of text, or images is subject to the prior permission of ISEC7 Software Ltd. The place of fulfillment and sole legal domicile is Hamburg. The company names Apple, Google, IBM, Microsoft, Novell, Palm, Research In Motion Symbian and ISEC7 Software, used in this document are the registered trademarks of these companies. The product names in this document are registered trademarks of the aforementioned companies as follows: iphone, ipad (Apple), Android (Google), Lotus Domino (IBM), Lotus Notes (IBM), Lotus Notes Traveler (IBM), Novell GroupWise (Novell), Palm, webos (Palm), BlackBerry, BlackBerry Enterprise Server (RIM-Research In Motion), Microsoft ActiveSync, Microsoft Exchange, Microsoft IIS, Microsoft Outlook, Microsoft SQL Server, Microsoft SQL Server Desktop Engine, Windows Mobile, Windows Phone (Microsoft), Symbian platform (Symbian) and B*Nator (ISEC7 Software).

Contents 1 Introduction 1 1.1 Support contact.......................................... 1 1.2 About B*Nator.......................................... 2 1.2.1 How does B*Nator work................................. 2 2 Preparations 3 2.1 Documentation and resources................................... 3 2.2 Core components......................................... 3 2.2.1 SQL database....................................... 3 2.2.2 B*Nator Monitor..................................... 3 2.2.3 B*Nator Web (Apache Tomcat)............................. 3 2.2.4 B*Nator Agent...................................... 3 2.2.5 Java Runtime Environment (JRE)............................ 4 2.2.6 Windows Management Instrumentation service (WMI)................. 4 2.3 Location in the network...................................... 4 3 Services and authorizations 5 3.1 B*Nator Service Account..................................... 5 3.1.1 Account Details...................................... 5 3.1.2 Permissions........................................ 5 3.2 B*Nator Server.......................................... 5 3.2.1 Service Account...................................... 5 3.2.2 Virtualization (VM).................................... 5 3.2.3 Operating System..................................... 6 3.2.4 Hardware requirements.................................. 6 3.2.5 Java Runtime Environment................................ 6 3.2.6 Apache Tomcat webserver................................ 6 3.2.7 Additional Services.................................... 6 3.3 B*Nator Database......................................... 7 3.3.1 Supported SQL servers.................................. 7 3.3.2 SQL server settings.................................... 7 3.3.3 Database.......................................... 7 3.3.4 Database owner...................................... 7 3.4 General Host Monitoring..................................... 8 3.4.1 Java Runtime Environment................................ 8 3.4.2 Windows Management Instrumentation service (WMI)................. 8 3.4.3 Simple Network Management Protocol Service (SNMP)................ 8 3.5 BlackBerry Enterprise Service 12................................. 9 i

CONTENTS ii 3.5.1 Secure Hypertext Transfer Protocol (HTTPS)...................... 9 3.5.2 B*Nator Agent...................................... 9 3.5.3 Simple Network Management Protocol Service (SNMP)................ 9 3.6 BlackBerry Enterprise Service 10 (BDS and UDS)........................ 10 3.6.1 Secure Hypertext Transfer Protocol (HTTPS)...................... 10 3.6.2 B*Nator Agent...................................... 10 3.6.3 Simple Network Management Protocol Service (SNMP)................ 10 3.7 BlackBerry Enterprise Server database server........................... 11 3.7.1 BlackBerry Management Database access (BESMgmt)................. 11 3.7.2 B*Nator Agent...................................... 11 3.8 BlackBerry Enterprise Server................................... 12 3.8.1 B*Nator Agent...................................... 12 3.8.2 Simple Network Management Protocol Service (SNMP)................ 12 3.8.3 Additional services and accounts required for IBM Lotus Domino............ 12 3.9 BlackBerry Enterprise Server User Administration (BUA).................... 13 3.9.1 BlackBerry Enterprise Server 4.x............................. 13 3.9.2 BlackBerry Enterprise Server 5.x............................. 13 3.10 Good for Enterprise Servers.................................... 14 3.10.1 Secure Hypertext Transfer Protocol (HTTPS)...................... 14 3.10.2 Service Account...................................... 14 3.10.3 B*Nator Agent...................................... 14 3.11 IBM Domino Servers....................................... 15 3.11.1 Domino Internet Inter-Orb Protocol (DIIOP)...................... 15 3.11.2 Hypertext Transfer Protocol (HTTP).......................... 15 3.11.3 Simple Network Management Protocol Service (SNMP)................ 15 3.12 IBM Notes Traveler infrastructures................................ 16 3.12.1 B*Nator Agent...................................... 16 3.12.2 Additional Domino Server Monitoring.......................... 16 3.13 Microsoft Exchange servers.................................... 17 3.13.1 Microsoft Exchange Server 2000 & 2003......................... 17 3.13.2 Microsoft Exchange Server 2007 & 2010 & 2013.................... 17 3.14 Microsoft Exchange 2003 SP2 ActiveSync infrastructures.................... 18 3.14.1 Exchange Servers..................................... 18 3.14.2 Internet Information Servers (IIS)............................. 18 3.15 Microsoft Exchange 2007 & 2010 & 2013 ActiveSync infrastructures.............. 19 3.15.1 B*Nator Agent on Client Access Servers (CAS)..................... 19 3.16 Apple Mobile Device Management................................ 20 3.16.1 Certification Authority with Simple Certificate Enrollment Protocol........... 20 3.16.2 Apple Push Notification Service certificate, Apple ID.................. 20 3.16.3 Internet publishing of web services............................ 20 4 Used Protocols 22 5 Preinstallation Shortlist 24

Chapter 1 Introduction This document reviews the specifications for installing B*Nator within your mobile business communication infrastructure. It will review specifications like: Documentation and resources Feature and technical overview Hardware requirements Software requirements Necessary permissions Used protocols and ports The technical requirements for installing B*Nator are described in detail in the Installation Guide. 1.1 Support contact In case of any problems or questions the B*Nator support team is glad to assist you. You can reach us at: Europe Email: bnator@isec7.com Phone: +49 40 32 50 76 60 United States Email: bnator-us@isec7.com Phone: +1-908-279-7977 1

CHAPTER 1. INTRODUCTION 2 1.2 About B*Nator B*Nator is a highly effective monitoring and management suite for your mobile business communication infrastructure. B*Nator is a web-based monitoring software designed for monitoring and management of mobile device infrastructures like BlackBerry, Good for Enterprise, Apple MDM and ActiveSync. Stop the tedious search for problems. At a glance the B*Nator dashboard tells you the source of problems. Control lights immediately indicate the current status of all components within your whole mobile business communication infrastructure. B*Nator facilitates the use of even very complex infrastructures and delivers all relevant information to keep your business processes smoothly up and running. The software was developed by experienced BlackBerry and ActiveSync integrators who know about the real needs of administrators. It is from administrators to administrators. 1.2.1 How does B*Nator work B*Nator collects data from all relevant mobile device infrastructure components and stores them compressed in a SQL database. It uses technologies like Web Services, SNMP, WMI, DIIOP, PowerShell, network diagnostics tools, databases parsing or log files to get data remotely from servers or via B*Nator Agents located directly on a monitored systems. Good Operations Center IBM Notes Traveler Mail Server Database Server BlackBerry Infrastructure Good for Enterprise Microsoft Exchange ActiveSync BlackBerry Enterprise Service 10 / 12 Apple Push Notification System BlackBerry Enterprise Server Apple ios Devices Certification Authority with SCEP Service Mobile Devices Net Provider Firewall, WAN, LAN Application Server

Chapter 2 Preparations B*Nator is Java based monitoring and management application for the whole mobile communications infrastructure. 2.1 Documentation and resources The documentation as well as the software including required third party software are available from the B*Nator download area 1. 2.2 Core components B*Nator is separated in 4 different core parts that will be used to provide each functionality. 2.2.1 SQL database B*Nator stores every information in a SQL database. This is the core information storage of the whole suite. 2.2.2 B*Nator Monitor This is the core monitoring component of B*Nator. It will be installed as a B*Nator Monitor Windows service on a network host with a Microsoft Windows operating system and the Java Runtime Environment installed. It parses information using protocols like SQL, SNMP, DIIOP, ICMP or HTTP connections. 2.2.3 B*Nator Web (Apache Tomcat) This Apache Tomcat webserver is used to deploy the B*Nator Web interface, which provides all monitoring information from the B*Nator database and all management options. 2.2.4 B*Nator Agent An Agent is a small client that will be installed as a B*Nator Agent Windows service on a network host with a Microsoft Windows operating system and the Java Runtime Environment installed. It will provide information about the host and necessary data which is available only locally on hosts, like the Windows Registry, log files, WMI, PowerShell or the command line. The Agent only has a very small impact on a host s performance and shares the information with the Monitor via a SSL encrypted connection. 1 http://www.bnator.com/releasenotes 3

CHAPTER 2. PREPARATIONS 4 On the following systems B*Nator Agents are: Recommended: Agents are recommended to be installed on all systems to be monitored to keep the full functionality of B*Nator. Required BlackBerry Enterprise Solution servers with core services installed Microsoft Exchange Client Access Servers (for ActiveSync monitoring) IBM Lotus Notes Traveler Servers Applications servers like Rove Mobile, Live/Office Communication Servers, Paper I.Q. Optional: On all remaining hosts like mail- and database server etc. 2.2.5 Java Runtime Environment (JRE) B*Nator is a x86 Java based application. So Java is necessary to be able installing the Apache Tomcat and B*Nator Monitor services. Java x86 version 8 with latest updates. Java x86 version 7 with latest updates. Java x86 version 6 with latest updates. The B*Nator Agent also is a Java application, but this works with Java x86 as well as Java x64 in the above mentioned versions. 2.2.6 Windows Management Instrumentation service (WMI) The WMI service is used by the B*Nator Agent to provide information about the host that it is installed on, its performance, hard disks as well as the services and the option to control them. 2.3 Location in the network It would be possible, but it would not make sense to install B*Nator on any of the servers that will be monitored, like the following: BlackBerry Enterprise Solution Servers Good for Enterprise Servers Microsoft Internet Information servers IBM Lotus Notes Traveler servers Database servers Mail servers Application servers any other hosts to be monitored It is recommended installing B*Nator on a separate machine.

Chapter 3 Services and authorizations The following list gives a detailed overview about the supported software versions, the requirements for the B*Nator server and database as well as a list of the required services and permissions on the servers to be monitored. 3.1 B*Nator Service Account B*Nator can be used to connect to many different servers and services in the environment. To reduce the amount of different service accounts for each connection it is recommended to create a service account for B*Nator that can be granted with all permissions that are required for every service. 3.1.1 Account Details Directory: Active Directory Username: No specific username required. Password: The password should not expire. Mailbox: No mailbox requried. 3.1.2 Permissions The range of permissions to be granted depends on the range of environments that will be added to B*Nator, so they are described in detail in the following sections. 3.2 B*Nator Server Hard- and software requirements for B*Nator. 3.2.1 Service Account When following the recommendation of using a service account for B*Nator, as described in section 3.1, it needs to be a member of the Local Administrators groups and the permission to log on as a service, which usually is configured automatically by Windows, when using a log on account for a Windows service. 3.2.2 Virtualization (VM) It is possible to run B*Nator in a virtual machine. Currently no virtualization suites have know compatibility issues with the software itself. 5

CHAPTER 3. SERVICES AND AUTHORIZATIONS 6 All other required software like the operating system, Java, Apache Tomcat or the database etc. need to be compatible with the virtual machine. 3.2.3 Operating System For each of the listed operating systems the latest service packs are always recommended to use. Microsoft Windows Server 2012 / R2 Microsoft Windows Server 2008 / SP2 / R2 Microsoft Windows Server 2003 / SP2 / R2 Microsoft Windows Server 2000 SP4 Windows x86 as well as x64 systems are supported. 3.2.4 Hardware requirements Minimal Recommended With local database Processor Dual Core 2.0 GHz Quad Core 2.0 GHz Six Core 2.0 GHz RAM 4.0 GByte 8.0 GByte 8.0 GByte Hard disk 40 GByte 40 GByte 80 GByte Network 100 MBit 1000 MBit 1000 MBit 3.2.5 Java Runtime Environment The JRE is required as described in subsection 2.2.5. 3.2.6 Apache Tomcat webserver Apache Tomcat in version 6.0 and latest updates. The following settings of the webserver will be needed for the installation and every update of B*Nator so they should be kept in mind: HTTP connector port for Apache Tomcat, default is 8080, recommended is 80 Administrator login user name and password 3.2.7 Additional Services For IBM Domino 6.0.5, 7.0.x, 8.0.x or higher, after the installation of B*Nator, it is required to copy the NCSO.jar: from the IBM Domino server:... \Lotus\Domino\Data\domino\java to the B*Nator server:... \BNator\web\WEBINF\lib

CHAPTER 3. SERVICES AND AUTHORIZATIONS 7 3.3 B*Nator Database The following information is necessary for the B*Nator database. 3.3.1 Supported SQL servers The following database servers are available for use with B*Nator. It is recommended to locate the database on a remote database server. For monitored environments with up to 600 users a database instance could also be installed locally on the B*Nator server. Version Remote Local Microsoft SQL Server 2012 o - Microsoft SQL Express Server 2012 o o Microsoft SQL Server 2008 o - Microsoft SQL Express Server 2008 o o Microsoft SQL Server 2005 o - Microsoft SQL Express Server 2005 o o Microsoft SQL Server 2000 SP 3 o - Microsoft Desktop Engine (MSDE) 2000 SP3 o o SQL servers on x86 as well as x64 systems are supported. 3.3.2 SQL server settings Location: Local (for up to 600 users only) or remote Network settings: Protocol TCP/IP needs to be enabled, which is not enabled by default. TCP port: The default port used by B*Nator to connect to its database is 1433, but also other ports can be used. Authentication modes SQL Server Authentication: SQL Username and password. Credentials stored in clear text configuration file on the filesystem of B*Nator. Windows Authentication: Windows trusted username and password. Credentials stored in clear text configuration file on the filesystem of B*Nator. Single Sign On: Windows trusted username and password. Credentials provided via the account that the Apache Tomcat and B*Nator Monitor services log on. 3.3.3 Database Name: BNator Collation: Latin1_General_CI_AS Owner: Account as described in subsection 3.3.4 Size: Approx. 100 MByte per 1000 User. This size varies due to the specific settings of keeping other data like logs, message runtimes etc. 3.3.4 Database owner Its recommended to use the B*Nator service account, as described in section 3.1, that will be used by B*Nator to operate with its own database. But also SQL- or Windows Authentication can be used. Permissions for B*Nator database: public/db_owner Default database: BNator Language: English

CHAPTER 3. SERVICES AND AUTHORIZATIONS 8 3.4 General Host Monitoring The general monitoring for hosts coveres several features which often require to install a B*Nator Agent locally on the host. Other features require to enable the SNMP service. The following requirements depend on the range of features that should be used. 3.4.1 Java Runtime Environment The JRE is required as described in subsection 2.2.5 to run the B*Nator Agent. 3.4.2 Windows Management Instrumentation service (WMI) The WMI service is required as described in subsection 2.2.6 as a data source for the B*Nator Agent. 3.4.3 Simple Network Management Protocol Service (SNMP) The Windows SNMP Service is required to remotely retrieve host details with B*Nator Monitor service. Therefore a read only community must be created. It is also possible to restrict the hosts that are allowed to use this community to the B*Nator server.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 9 3.5 BlackBerry Enterprise Service 12 For the monitoring of BlackBerry Enterprise Service 12, the B*Nator Monitor uses the BlackBerry Web Services for Enterprise Administration to retrieve details about the BlackBerry domain with its servers, users, devices, groups, policies, profiles etc. 3.5.1 Secure Hypertext Transfer Protocol (HTTPS) The BlackBerry Web Services for Enterprise Administration are available via HTTPS connections. The SSL certificates are validated for every connection and need to be valid, so B*Nator can trust them in order to establish the secure connection to web service. Service Account In order to login to the Web Service a valid login to the BlackBerry domain has to be created with the Enterprise Administrator role, which can be done with the administrative console. Note: It is recommend to use the B*Nator service account, as described in section 3.1, to reduce the amount of service accounts in use and to avoid expiring login passwords. 3.5.2 B*Nator Agent An agent is required to be installed for BlackBerry Enterprise Service 12 specific monitoring features. It can be installed using the Java Runtime Environment that was installed with the BES. 3.5.3 Simple Network Management Protocol Service (SNMP) SNMP is used by the B*Nator Monitor to remotely retrieve connection and configuration information from the BlackBerry Enterprise Sevices 12 via the Windows SNMP Service. Therefore the service needs to be installed and a read only community must be created. It is also possible to restrict the hosts, that are allowed to use this community to the B*Nator server.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 10 3.6 BlackBerry Enterprise Service 10 (BDS and UDS) For the monitoring of BlackBerry Enterprise Service 10, which can be a BlackBerry Device Service or a Universal Device Service, the B*Nator Monitor uses the BlackBerry Web Services for Enterprise Administration to retrieve details about the BlackBerry domain with its servers, users, devices, groups, policies, profiles etc. 3.6.1 Secure Hypertext Transfer Protocol (HTTPS) The BlackBerry Web Services for Enterprise Administration are available via HTTPS connections. The SSL certificates are validated for every connection and need to be valid, so B*Nator can trust them in order to establish the secure connection to web service. Service Account In order to login to the Web Service a valid login to the BlackBerry domain has to be created with the Enterprise Administrator role. This can be done with the BlackBerry Device Service console (BlackBerry Adminsitration Service) and the Universal Device Service console (Administration Console). Note: It is recommend to use the B*Nator service account, as described in section 3.1, to reduce the amount of service accounts in use and to avoid expiring login passwords. 3.6.2 B*Nator Agent An agent is required to be installed for BlackBerry Enterprise Service 10 specific monitoring features. It can be installed using the Java Runtime Environment that was installed with the BES. 3.6.3 Simple Network Management Protocol Service (SNMP) SNMP is used by the B*Nator Monitor to remotely retrieve connection and configuration information from BlackBerry Device Sevices via the Windows SNMP Service. Therefore the service needs to be installed and a read only community must be created. It is also possible to restrict the hosts, that are allowed to use this community to the B*Nator server.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 11 3.7 BlackBerry Enterprise Server database server The BlackBerry Management Database is the core information source for monitoring BlackBerry Enterprise Server environments and will be parsed remotely by the B*Nator Monitor. 3.7.1 BlackBerry Management Database access (BESMgmt) An account with read-only access to the BESMgmt is necessary. Write access is only required if the B*Nator User Migration feature to migrate users wireless backup data is needed. Recommentation: When following the recommendation of using a service account for B*Nator, as described in section 3.1, it can be used for providing access to the BlackBerry management database. SQL Server settings Network settings: Protocol TCP/IP needs to be enabled, which is not enabled by default. TCP port: The TCP port used by B*Nator to connect to the database needs to be static. The default port is 1433. Authentication modes SQL Server Authentication: SQL Username and password. Credentials stored encrypted in B*Nator database. Windows Authentication: Windows trusted username and password. Credentials stored encrypted in B*Nator database. Single Sign On: Windows trusted username and password. Credentials provided via the account that the B*Nator Monitor service logs on. 3.7.2 B*Nator Agent With an agent installed on the host, additional SQL server specific host monitoring features are available.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 12 3.8 BlackBerry Enterprise Server The following preparations are necessary to enable the full functionality of B*Nator for BlackBerry Enterprise Servers. 3.8.1 B*Nator Agent An agent is required to be installed for BlackBerry Enterprise Server specific onitoring features. It can be installed using the Java Runtime Environment that was installed with the BES. 3.8.2 Simple Network Management Protocol Service (SNMP) SNMP is used by the B*Nator Monitor to remotely retrieve statistics and license information from the BlackBerry Enterprise Server via the Windows SNMP service. Therefore the service needs to be installed and a read only community must be created. It is also possible to restrict the hosts, that are allowed to use this community to the B*Nator server. 3.8.3 Additional services and accounts required for IBM Lotus Domino For BlackBerry Enterprise Server for IBM Lotus Domino there is additional services monitoring available for the underlying Domino server. For details please refer to section 3.11.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 13 3.9 BlackBerry Enterprise Server User Administration (BUA) The BlackBerry Enterprise Server User Administration Tool is required to execute BlackBerry user administration via B*Nator. It will be installed on the server. User administration in the B*Nator Web interface will be executed via the B*Nator Agent locally on the host. 3.9.1 BlackBerry Enterprise Server 4.x The BUA installs as a Windows service which connects to the BlackBerry Management database using the account which is executing the client. For this reasaon, the logon account that the B*Nator Agent Windows service uses, needs to have permissions on the BlackBerry management database that the BUA will be installed for. It is recommended to use the BESAdmin account as logon account for the B*Nator Agent Windows service to provide the client credentials to the BlackBerry management database. Location: BlackBerry Enterprise Server. Client access: A password needs to be defined during the installation. 3.9.2 BlackBerry Enterprise Server 5.x The BUA installs as an application which connects to the BlackBerry Administration Service API (BAA) of the BlackBerry Administration Service (BAS). Location: Any server that has HTTPS conenction to the BlackBerry Adminsitration Service. Client access: To use the BUA B*Nator needs credentials on the BAS. It is recommended to create a new administrator user. Type: Adminsitrator User Name: BNator Role: Enterprise Administrator

CHAPTER 3. SERVICES AND AUTHORIZATIONS 14 3.10 Good for Enterprise Servers For Good for Enterprise environments, there are Good Mobile Control (GMC) servers, which are used to control the environment and Good Mobile Messaging (GMM) servers, which do the synchronization between a device and a mailbox for a user. The following preparations are necessary to enable the full functionality of B*Nator for each server type. 3.10.1 Secure Hypertext Transfer Protocol (HTTPS) Good Mobile Control servers provide a web service, that is used by B*Nator to parse information about the environment. It is available via HTTPS connection. The certificate is validated for every connection and needs to be valid, so B*Nator can trust the certificate in order to establish the secure connection to web service. 3.10.2 Service Account In order to login to the Web Service a valid login to the GMC has to be created with the Adminsitrator role. This can be done with Good Mobile Control console. Recommendation: It is recommend to use the B*Nator service account, as described in section 3.1, to reduce the amount of service accounts in use. 3.10.3 B*Nator Agent An agent is required to be installed for Good for Enterprise server specific host monitoring features. Because of Good for Enterprise servers use their own Java Runtime Environment which is not actually installed into Windows, a separate JRE is required to be installed for the agent, as described in subsection 2.2.5.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 15 3.11 IBM Domino Servers For IBM Domino 6.0.5, 7.0.x, 8.0.x or higher some additional services are recommended. 3.11.1 Domino Internet Inter-Orb Protocol (DIIOP) Loaded and configured. DIIOP is used to provide the B*Nator Monitor access to information like: Name and size of the Domino directory Domino Tasks, versions and logs NSF databases for replication checks Technical user account for IBM Domino DIIOP To provide the full functionality of B*Nator with Lotus Domino, a technical user account needs to be available with following properties: Email address Internet password ID file with password This user needs to have the following permissions: Reader access to Domino Directory and all other directory services Reader access to all mail files of users with mobile devices This user has to be a member of the Domino Administrators group. 3.11.2 Hypertext Transfer Protocol (HTTP) The HTTP task is recommended to be enabled so that the B*Nator Monitor can retrieve the diiop_ior.txt via HTTP from the Domino server. But also the diiop_ior.txt can be uploaded manually to B*Nator to provide access to DIIOP, but in this case, the file need to re-uploaded every time it changes. 3.11.3 Simple Network Management Protocol Service (SNMP) SNMP is used by the B*Nator Monitor to remotely retrieve Domino information like version, data folder and release date via the Windows SNMP Service and the IBM Domino SNMP Agent service. Therefore these services need to be installed and a read only community must be created for the Windows SNMP Service. It is also possible to restrict the hosts, that are allowed to use this community, to the B*Nator server. NOTE: This is not possible for IBM Lotus Domino 5.0.3.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 16 3.12 IBM Notes Traveler infrastructures The following settings are necessary to get information about mobile devices connected to mailboxes on IBM Notes servers using the IBM Notes Traveler since version 8.5.1. 3.12.1 B*Nator Agent An agent is required to be installed to access the IBM Notes Traveler databases. 3.12.2 Additional Domino Server Monitoring There is additional services monitoring available for the underlying Domino server, as section 3.11.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 17 3.13 Microsoft Exchange servers With a B*Nator Agent installed on a mail server the following information can be get: Mail server information: Version Administrative group Full qualified domain name Server DN Storage group names and user counts Mailbox information: Client version (Outlook) Displayname Storage group Store name Size Total items Storage limit info For this to realize the B*Nator Agent Windows Service needs to log on as an Exchange-View-Only Administrator role account. In BlackBerry environments the BESAdmin account has that permissions. Recommentation: When following the recommendation of using a service account for B*Nator, as described in section 3.1, it can be used for providing the specific permissions to it. 3.13.1 Microsoft Exchange Server 2000 & 2003 Information will be parsed from the mail server via the local B*Nator Agent using the WMI service. 3.13.2 Microsoft Exchange Server 2007 & 2010 & 2013 Information will be parsed by a locally installed B*Nator Agent using PowserShell.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 18 3.14 Microsoft Exchange 2003 SP2 ActiveSync infrastructures The following settings are necessary to get information about mobile devices connected to mailboxes on Microsoft Exchange servers using the ActiveSync protocol. 3.14.1 Exchange Servers To be able getting information from Exchange Servers a B*Nator Agent needs to be installed and operating logged on as an Exchange-View-Only Administrator role account. Recommentation: When following the recommendation of using a service account for B*Nator, as described in section 3.1, it can be used for providing the specific permissions to it. B*Nator Agent An agent is required to be installed for Microsoft Exchange 2003 SP2 specific monitoring features. requires a Java Runtime Environment, as described in subsection 2.2.5. This Windows Management Instrumentation service (WMI) The WMI service is required as described in subsection 2.2.6. Also it is required to get information about mailboxes that are accessed via remote connections. 3.14.2 Internet Information Servers (IIS) To be able getting information about the devices that remotely connected to mailboxes through Client Access servers a remote HTTP connection from the B*Nator Monitor to the IIS is necessary. IIS management web interface HTTP Port: HTTP port where to access the IIS interface. Default ports are 80 or 443. Credentials: Username & password to log into the IIS interface.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 19 3.15 Microsoft Exchange 2007 & 2010 & 2013 ActiveSync infrastructures The following settings are necessary to get information about mobile devices connected to mailboxes on Microsoft Exchange servers using the ActiveSync protocol. 3.15.1 B*Nator Agent on Client Access Servers (CAS) To be able getting information from Client Access Servers a B*Nator Agent needs to be installed and operating logged on as an Exchange-View-Only Administrator role account. Recommentation: When following the recommendation of using a service account for B*Nator, as described in section 3.1, it can be used for providing the specific permissions to it. Java Runtime Environment x64 The server information is accessed using PowerShell, which is an x64 process. For this reason, also the B*Nator Agent has to be installed with an x64 Java Runtime Environment, as described in subsection 2.2.5.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 20 3.16 Apple Mobile Device Management For using the mobile device management features, provided by Apple, the following systems are required. 3.16.1 Certification Authority with Simple Certificate Enrollment Protocol For the mobile device management feature B*Nator needs a certificate to sign Apple configuration profiles for the devices, issued by a CA. Additionally during the enrollment for the MDM feature, the devices will use SCEP to request client certificates from a SCEP Server. On the other side, B*Nator can use the SCEP server s web interface to log in and parse a SCEP challenge password on demand for each request. The following CA/SCEP servers are supported for use with B*Nator: Microsoft Windows Server 2003 Certification Authority with SCEP Services Add-on. Microsoft Windows Server 2008 Network Device Enrollment Service (NDES) - Enterprise or Standalone. Other SCEP servers may also be usable, if the Apple ios devices can work with them and if a challenge password can be parsed from a web interface on demand. 3.16.2 Apple Push Notification Service certificate, Apple ID The Apple Push Notification Service is used to notify the device about pending actions. Using it requires a valid certificate, that needs to be requested using an Apple ID. The certificate request file will be provided the B*Nator support team. It is recommend to use a new company Apple ID only for this purpose, because the certificate needs to be renewed regularly. 3.16.3 Internet publishing of web services To make the mobile device management features available to the devices all the time, it is recommended to publish the following required web services to the internet via a secured HTTPS connection: B*Nator web service: The web service is used to enroll the devices with user accounts. B*Nator MDM service: The MDM service is a part of the web service and is used to provide the mobile device management server to the devices. The difference is, that the devices open this connection with a client certificate that needs to reach the B*Nator web server for authenticating the device. This is important when using a reverse proxy for this connection! SCEP server web service: Used by the Apple ios devices to request client certificates for the connection to the B*Nator MDM service.

CHAPTER 3. SERVICES AND AUTHORIZATIONS 21 Using reverse proxies The web services can be published to the internet on several ways. For security reasons it is recommended to use a reverse proxy in a DMZ. NOTE: When using a reverse proxy for the B*Nator MDM service connection, reverse proxies usually would bridge the connection and cut the device s certificate, so that it can not reach the B*Nator Apache Tomcat web server. Optionally the Apache Jakarta Connector 1 can be used as a plugin with several web servers to provide a kind of reverse proxy functionality for the B*Nator MDM and web service. This scenario could be configured for the following web servers: Microsoft IIS7+ on Windows Server 2008, which could additionally be configured to act as a reverse proxy also for the SCEP web service, using the official IIS plugins URL Rewrite 2 and Application Request Routing 3. Domain names and ports If a reverse proxy scenario is used or if the firewall can distinguish connections by external domain names, it is recommend to use different domain names on the same external IP address, to route all connections on only one IP address and one port to the different web services in the background, like: https://bnator.company.com» B*Nator web service https://mdm.company.com» B*Nator MDM service https://scep.company.com» SCEP server web service If no different domain names can be used, the web services can be published on their own with different ports on the same external IP address or on different IP addresses. Please contact the B*Nator support team for assistance with different options, if required. 1 http://tomcat.apache.org/connectors-doc/ 2 http://www.iis.net/download/urlrewrite 3 http://www.iis.net/download/applicationrequestrouting

Chapter 4 Used Protocols The following protocols and ports are used and have to be open between B*Nator and the specific monitored servers to provide each functionality described before. Source Target Protocol Default Port Monitor B*Nator database TSQL 1433 x Monitor http://license.isec7.com/ HTTP 80 / Proxy x Monitor AD/LDAP/GC LDAP / SSL 389 / 636 x Monitor SMTP gateway SMTP / SSL 25 / 465 x Monitor all monitored systems ICMP Agents Monitor TCP/IP 13657 x Web/Monitor HTTP 8080 x Monitor BlackBerry Web Services HTTPS 18084 x Monitor BlackBerry Web Services HTTPS 38443 x Monitor BlackBerry Web Services HTTPS 18082 x Monitor BlackBerry Server SNMP 161 Monitor BlackBerry Management Databases TSQL 1433 x Agent BlackBerry Management Databases TSQL 1433 x o Monitor BlackBerry Mobile Data Services HTTP 8080 x BlackBerry MDS Web/Monitor HTTP(S) 8080/443 x Monitor BlackBerry Infrastructures ICMP Monitor Good Mobile Control Server HTTPS 19005 x Monitor Internet Information Servers (IIS) HTTP(S) 80/443 x Monitor Lotus Domino Servers DIIOP 63148 x HTTP 80 x SNMP 161 Monitor Hosts monitored via SNMP SNMP 161 Monitor gateway.push.apple.com TCP 2195 Monitor feedback.push.apple.com TCP 2196 Monitor CA/RA with SCEP server HTTP(S) 80/443 x Monitor APNS, 17.0.0.0/8 TCP 2195, 2196 Apple ios devices APNS, 17.0.0.0/8 TCP 5223 Apple ios devices Web/Monitor HTTPS 443 x Apple ios devices SCEP server web service HTTPS 443 x 22

CHAPTER 4. USED PROTOCOLS 23 Legend: x Configurable o Only if SQL tunneling from the Monitor through an Agent is used. Required for BlackBerry Enterprise Service 12 environments. Required for BlackBerry Device Service (BES10) environments. Required for Universal Device Service (BES10) environments. Required for BlackBerry Enterprise Server environments. Required for Good for Enterprise environments. Required for Microsoft Exchange ActiveSync environments. Required for Lotus Domino environments. Required for other server monitoring. Required for Apple mobile device management.

Chapter 5 Preinstallation Shortlist This is a short summary of the detailed requirements described in the earlier chapters of this document. Environments: At least one of the following: BlackBerry Enterprise Service 12 BlackBerry Enterprise Service 10 BlackBerry Enterprise Server 4/5 with BlackBerry User Administration Service/Tool Good for Enterprise Microsoft Exchange with ActiveSync IBM Notes Notes with Traveler Novell GroupWise B*Nator Apple Mobile Device Management Service Account Allow log on locally (if not assigned by default) Log on as a service Public SQL server login with default language English on the SQL server that hosts the B*Nator database db_owner on B*Nator database db_datareader on BlackBerry Enterprise Server 4/5 databases db_datawriter on BlackBerry Enterprise Server 4/5 databases when this is a migration destination Enterprise-Administrator on BES12 and BES10 servers (BDS and UDS) Administrators role on Good Mobile Control servers Software Requriements Windows x64 as well as x86 systems are supported Microsoft Windows Server 2012 / R2 Microsoft Windows Server 2008 / SP2 / R2 Microsoft Windows Server 2003 / SP2 / R2 Microsoft Windows Server 2000 SP4 Java Runtime Environment 6 or 7 Apache Tomcat 6 Hardware Requirements Server can be virtualized 24

CHAPTER 5. PREINSTALLATION SHORTLIST 25 Minimal requirements when the database is remote: Processor: Single Core 2.0 GHz Processor: RAM: 2.0 GByte Processor: HDD: 40 GByte Processor: Network: 100 MBit Recommended requirements when the database is remote: Processor: Dual Core 2.0 GHz RAM: 4.0 GByte HDD: 40 GByte Network: 100 MBit Recommended requirements when the database is local: Processor: Quad Core 2.0 GHz RAM: 4.0 GByte HDD: 40 GByte Network: 100 MBit Database Server: Servers with an asterix (*) are also supported for local installations Microsoft SQL Server 2012 Microsoft SQL Express Server 2012* Microsoft SQL Server 2008 Microsoft SQL Express Server 2008* Microsoft SQL Server 2005 Microsoft SQL Express Server 2005* Microsoft SQL Server 2000 SP Microsoft Desktop Engine (MSDE) 2000 SP3* TCP/IP has to be enabled for a static port on the SQL server. Database: The database has to be created prior to the installation Name: BNator Collation: Latin1_General_CI_AS Owner: Service-Account mentioned earlier Network Support for resolving IP addresses into host names Only IPv4 for TCP/IP connections are supported AppleID: Only when using B*Nator as Apple MDM server Bon-personal AppleID should be used to request the APNS (Apple Push Notification Service) certificate Certificate Authority with SCEP Server: Only when using B*Nator as Apple MDM server CA with a SCEP server for client certificate requests by Apple devices, like the Microsoft CA with NDES (Network Device Enrollment Service)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback