Cloud Link Configuration Guide. March 2014

Similar documents
Using Kerberos Authentication in a Reverse Proxy Environment

MobiControl v13: Package Rules to Profiles Migration Guide. January 2016

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

MobiControl v12: Migration to Profiles Guide. December 2014

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Authlogics Forefront TMG and UAG Agent Integration Guide

Blue Coat Security First Steps Solution for Controlling HTTPS

One Identity Safeguard for Privileged Sessions 5.9. Remote Desktop Protocol Scenarios

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Interdomain Federation for the IM and Presence Service, Release 10.x

Dell One Identity Cloud Access Manager 8.0. Overview

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Cloud Access Manager Configuration Guide

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

Cloud Access Manager Overview

DoD Common Access Card Authentication. Feature Description

Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 10.5(1)

Cisco Expressway with Jabber Guest

AirWatch Mobile Device Management

VMware Tunnel on Linux. VMware Workspace ONE UEM 1811

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

VMware Horizon View Deployment

Installation and configuration guide

VMware AirWatch Content Gateway Guide for Windows

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1811

Symantec Managed PKI. Integration Guide for ActiveSync

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Tanium Network Quarantine User Guide

VMware AirWatch Content Gateway Guide for Windows

BlackBerry Enterprise Server for Microsoft Exchange

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Workspace ONE UEM Integration with OpenTrust CMS Mobile 2. VMware Workspace ONE UEM 1811

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

VMware Tunnel Guide Deploying the VMware Tunnel for your AirWatch environment

Symantec Drive Encryption Evaluation Guide

Configuration Guide. BlackBerry UEM Cloud

CA Mobile Device Management Configure Access Control for Using Exchange PowerShell cmdlets

SafeNet Authentication Service

Balabit s Privileged Session Management and Remote Desktop Protocol Scenarios

Cisco Meeting Management

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

VMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment

Dell Secure Mobile Access Connect Tunnel Service User Guide

CRYPTOCard Migration Agent for CRYPTO-MAS

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

VMware AirWatch Content Gateway Guide for Windows

DameWare Server. Administrator Guide

VMware AirWatch Integration with OpenTrust CMS Mobile 2.0

Installing and Configuring vcloud Connector

VMware AirWatch Content Gateway Guide for Windows

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Product Support Notice

VMware AirWatch Content Gateway Guide for Linux For Linux

Remote Support Security Provider Integration: RADIUS Server

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

HYCU SCOM Management Pack for F5 BIG-IP

Authenticating Cisco VCS accounts using LDAP

Security Provider Integration Kerberos Authentication

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

VMware Enterprise Systems Connector Installation and Configuration

Authenticating Devices

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Cisco Expressway Authenticating Accounts Using LDAP

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

CA SiteMinder Web Access Manager. Configuring SiteMinder Single Sign On for Microsoft SharePoint 2007 Using Forms-based Authentication

Configuration Guide. BlackBerry UEM. Version 12.9

SonicWall Global VPN Client Getting Started Guide


OpenID Cloud Identity Connector. Version 1.3.x. User Guide

One Identity Defender 5.9. Product Overview

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

BlackBerry Enterprise Server for Lotus Domino 2.0 Service Pack 5 Readme file

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

SPNEGO SINGLE SIGN-ON USING SECURE LOGIN SERVER X.509 CLIENT CERTIFICATES

One Identity Quick Connect for Base Systems 2.4. Administrator Guide

HYCU SCOM Management Pack for F5 BIG-IP

Downloading and Licensing. (for Stealthwatch System v6.9.1)

McAfee Firewall Enterprise epolicy Orchestrator Extension

Installation and Configuration Guide for Visual Voic Release 8.5

Microsoft Unified Access Gateway 2010

VMware Enterprise Systems Connector Installation and Configuration. Modified 29 SEP 2017 VMware AirWatch VMware Identity Manager 2.9.

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Best Practices for Security Certificates w/ Connect

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

BlackBerry UEM Configuration Guide

Novell Access Manager

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Transcription:

Cloud Link Configuration Guide March 2014

Copyright 2014 SOTI Inc. All rights reserved. This documentation and the software described in this document are furnished under and are subject to the terms of a license agreement or non-disclosure agreement. Except as expressly set forth in a license agreement, you agree that you shall not reproduce, store or transmit in any form or by any means, electronic, mechanical, or otherwise, all or any part of this document or the software described in this document. The specification and information regarding the products in this document are subject to change without notice and contains information confidential and proprietary to SOTI. All statements, information, and recommendations in the following documentation are believed to be accurate but are presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. In no event shall SOTI Inc. or its affiliates be liable for any indirect, special, consequential, or incidental damages, including without, lost profits or loss or damage to data arising out of the use or inability to use this documentation as recommended, even if SOTI Inc. or its affiliates have been advised of the possibility of such damage. SOTI Inc. and the SOTI Inc. logo and products are trademarks or registered trademarks of SOTI Inc. and/or its affiliates in Canada and other countries. i

Table of Contents Introduction... 1 Getting Started... 2 System & Communication Preparation... 2 Understanding Certificate Validation... 2 System Requirements... 3 MobiControl Cloud... 3 MobiControl Cloud Link Agent Host... 3 Supported Deployment Topologies... 4 Standard Cloud Link Deployment... 4 Network Requirements... 5 Cloud Link Communication through a Reverse Proxy... 5 Network Requirements... 6 Load Balancing Cloud Link Communication... 7 Network Requirements... 8 Configuring Cloud Link... 8 Downloading the Cloud Link Agent... 8 Running the Cloud Link Agent Installer... 9 Configuring MobiControl Cloud... 11 Configuring Cloud Link Agent... 12 Configuring Services to use a Cloud Link Agent... 13 Limiting Cloud Link Agent Communications... 14 Troubleshooting... 15 Testing Cloud Link Communication... 15 Cloud Link Logging... 16 MobiControl Cloud Logs... 16 Cloud Link Agent Logs... 16 Log Descriptions & Remediation... 16 Glossary... 18 ii

Introduction MobiControl Cloud offers a flexible, scalable, and highly available Enterprise Mobility Management (EMM) solution ideal for customers looking to reduce their investment in IT infrastructure and maintenance. This Software as a Service (SaaS) provides the same feature set available to an on-premise deployment of MobiControl, which often leverages other onpremise enterprise services such as directory services, and certificate authorities. In most environments, enterprise services are protected behind a corporate firewall and are not exposed to the Internet where MobiControl Cloud connections originate. Without the ability to communicate with these services MobiControl Cloud cannot provide features such as directoryauthenticated device enrollment and automated certificate distribution. To overcome this, MobiControl offers Cloud Link Agent, a light on-premise component which securely extends enterprise services to MobiControl Cloud. Cloud Link Agent accepts MobiControl Cloud requests and forwards them to the respective enterprise service, and then relays the response back to the Cloud in real-time. This MobiControl Cloud Link document is a technology overview and configuration guide. It also provides insight on several advanced deployment options including communication through a reverse proxy such as a Microsoft Threat Management Gateway (TMG), and load balancing Cloud Link communication. This document does not cover the initial setup of MobiControl and assumes that you have basic knowledge, and administrative access to all involved systems and firewalls. March 2014 Page 1

Getting Started Before configuring Cloud Link refer to the following System & Communication Preparation and Understanding Certificate Validation sections to help you prepare your environment by making several key decisions based on your organization s IT best practices and architecture. System & Communication Preparation Cloud Link s inbound HTTPs connection to your corporate network can communicate directly to the Cloud Link Agent, or in more advanced scenarios, through a reverse proxy or load balancer positioned at the edge of your network. Decide whether Cloud Link will communicate directly, through a reverse proxy, or through a load balancer Learn more about Cloud Link s Supported Deployment Topologies, and network requirements for each topology Prepare an on-premise server to host the Cloud Link Agent that meets the minimum System Requirements Assign a publicly accessible IP address that routes to the Cloud Link Agent Assign a fully qualified domain name (FQDN) to the IP address Understanding Certificate Validation Cloud Link communication is protected by mutually authenticated HTTPs sessions. MobiControl provides a Client Certificate for authenticating to the Cloud Link Agent, which can be validated by the Cloud Link Agent or a reverse proxy. Given the flexible deployment options for Cloud Link, a Server Certificate for the Cloud Link Agent is not provided and must be purchased or issued by your corporate infrastructure. Purchase or issue a Server Certificate for the Cloud Link Agent with a Common Name matching the FQDN MobiControl Cloud will communicate with Decide whether to issue your own Client Certificate or use the one provided by MobiControl Cloud Ensure you have the Root certificates on hand for any Certificate Authority you use to issue certificates March 2014 Page 2

System Requirements MobiControl Cloud MobiControl version 11.0.0 or later is required. MobiControl Cloud Link Agent Host MobiControl Cloud Link Agent can be hosted on Windows Vista, 7, 8, Server 2003, or 2008 except where Cloud Link Agent is extending ADCS via DCOM, which requires Windows 2003 or 2008 server. March 2014 Page 3

Supported Deployment Topologies MobiControl Cloud forms a mutually authenticated and encrypted connection to the Cloud Link Agent in order to make requests to enterprise services behind the corporate firewall. The inbound nature of this connection provides communication transparency and multiple deployment options to achieve scalability, high availability, and security. This section describes the different deployment topologies to extend enterprise resources to MobiControl while using Cloud Link. Standard Cloud Link Deployment In a standard Cloud Link deployment, MobiControl Cloud and the Cloud Link Agent communicate directly to extend enterprise resources required by MobiControl Cloud. The following diagram illustrates the standard deployment topology, which suggests that the Cloud Link Agent be positioned within the DMZ of your network. Figure 1 Standard Cloud Link Deployment March 2014 Page 4

Network Requirements The Standard Cloud Link Deployment Communication Matrix table represents the communication requirements between MobiControl Cloud and the Cloud Link Agent, and between the Cloud Link Agent and enterprise services available to MobiControl Cloud. Bold text represents mandatory communication. Table 1 - Standard Cloud Link Deployment Communication Matrix Protocol Source Port Destination Port HTTPs MobiControl Cloud 443 CLA Host 443 LDAPs CLA Host 636 AD 636 HTTPs CLA Host 443 ADCS 443 DCOM CLA Host 135 ADCS 135 Cloud Link Communication through a Reverse Proxy An alternative deployment for enhanced security is to leverage a reverse proxy that authenticates MobiControl Cloud requests destined for the Cloud Link Agent. In this topology, MobiControl Cloud is configured to communicate with the reverse proxy as if it was the Cloud Link Agent. The reverse proxy provides validation of the Client Certificate presented by MobiControl Cloud in the request and then publishes the request along with an authentication token to the Cloud Link Agent. The Cloud Link Agent verifies the authentication token and then returns the requested information to MobiControl Cloud. IMPORTANT: The reverse proxy must support passing a Windows Identity to the Cloud Link Agent. Generally, this is achieved through Kerberos Constrained Delegation (KCD), which requires that the reverse proxy and the Cloud Link Agent host be bound to the same Active Directory domain with the appropriate Service Principal Name (SPN) present. The following diagram illustrates Cloud Link communication through a Reverse Proxy and outlines the authentication flow of this topology. March 2014 Page 5

Figure 2 - Cloud Link Communication through a Reverse Proxy Network Requirements The Cloud Link Communication through Reverse Proxy Communication Matrix table represents the communication requirements between MobiControl Cloud and the reverse proxy, between the reverse proxy and the Cloud Link Agent, and between the Cloud Link Agent and enterprise services available to MobiControl Cloud. Bold text indicates required communication. Table 2 - Cloud Link Communication through Reverse Proxy Communication Matrix Protocol Source Port Destination Port HTTPs MobiControl Cloud 443 Reverse Proxy 443 HTTPs Reverse Proxy 443 CLA Host 443 LDAPs CLA Host 636 AD 636 HTTPs CLA Host 443 ADCS 443 March 2014 Page 6

DCOM CLA Host 135 ADCS 135 Load Balancing Cloud Link Communication To improve high availability and/or scalability, you can load balance Cloud Link communication using a common network appliance. While a combination of reverse proxy and load balancing is possible, the following example demonstrates a bare load balanced deployment. In this topology MobiControl Cloud will make requests to the load balancer, which will balance the requests across multiple Cloud Link Agents. The load balancer is transparent to the MobiControl Cloud, therefore mutual authentication is formed between MobiControl Cloud and Cloud Link Agent directly. NOTE: Cloud Link communication is stateless, so the use of sticky sessions can be avoided. It is therefore important that each Cloud Link Agent have the Server Certificate that matches the load balancer s FQDN. The following diagram illustrates the Load Balanced Cloud Link Communication deployment option. Figure 3 - Load Balanced Cloud Link Communication March 2014 Page 7

Network Requirements The Load Balanced Cloud Link Communication Matrix table represents the communication requirements for load balanced MobiControl Cloud to Cloud Link Agent communication. Bold text indicates required communication. Table 3 Load Balanced Cloud Link Communication Matrix Protocol Source Port Destination Port HTTPs MobiControl Cloud 443 Load Balancer 443 HTTPs Load Balancer 443 CLA Host 1 / 2 443 LDAPs CLA Host 1 / 2 636 AD 636 HTTPs CLA Host 1 / 2 443 ADCS 443 DCOM CLA Host 1 / 2 135 ADCS 135 Configuring Cloud Link Once your environment has been prepared and you have selected a deployment topology you can install and configure Cloud Link. Downloading the Cloud Link Agent To download the Cloud Link Agent, in the MobiControl Web Console: 1. Click on the All Devices Tab. 2. Click the Servers. 3. Right-click on Cloud Link Agents. 4. Select Download Cloud Link Agent Installer. March 2014 Page 8

5. From the same menu, select Download MobiControl Root Certificate. NOTE: The Cloud Link Agent establishes trust with requests made by MobiControl Cloud using the MobiControl Root certificate. If you plan to provide your own client certificate you may skip this step because trust will be established with the Root that issued the certificate you provide. 6. Copy CloudLinkAgentInstaller.exe and when needed, MobiControl Root Certificate to the Cloud Link Agent host. Running the Cloud Link Agent Installer To run the Cloud Link Agent Installer, from the Cloud Link Agent host computer: 1. Launch CloudLinkAgentInstaller.exe with administrative rights. 2. Follow the installation prompts providing the desired installation path, and click Next until complete. 3. Click Finish on the InstallShield Complete dialog box. The Cloud Link Agent Administration Utility will open. 4. Continue to March 2014 Page 9

5. Configuring MobiControl Cloud before configuring the Cloud Link Agent. March 2014 Page 10

Configuring MobiControl Cloud From the MobiControl Web Console: 1. Click on the All Devices tab. 2. Click the Servers. 3. Right-Click Cloud Link Agents. 4. Select Create Cloud Link Agent. 5. Use the following table as a guide to completing the Cloud Link Agent Properties window. Field Cloud Link Agent Name Cloud Link Agent Address Root Certificate Cloud Link Authentication Value / Description Enter an internal identifier for this Cloud Link Agent that will be used as a reference in the MobiControl console when configuring a service to use Cloud Link. Enter the HTTPs URL used by MobiControl Cloud to access the Cloud Link Agent. The URL must contain the fully qualified domain name followed by /cla. For example: https://fully.qualified.domain/cla If a reverse proxy or load balancer sits before your Cloud Link Agent, the FQDN should reflect that by using the FQDN of that host. Upload the Root certificate that issued the Server Certificate you purchased or issued for the Cloud Link Agent. If your certificate was issued via a commercial certificate authority, it is unlikely that you are required to provide a Root. Choose Internal MobiControl Certificate, or select Custom Certificate and upload a certificate issued from your own certificate authority. Record March 2014 Page 11

the Thumbprint displayed for use when configuring the Cloud Link Agent. Configuring Cloud Link Agent To configure the Cloud Link Agent, launch Cloud Link Administration Utility with administrative privileges: 1. Use the following table as a guide to configuring the Cloud Link Administration Utility according to your deployment topology: Field Fully Qualified Doman Name Matching SSL Certificate Security Value / Description Enter the publicly accessible FQDN used by the MobiControl Cloud to communicate to the Cloud Link Agent. Import or select the SSL certificate that matches the FQDN provided above. For direct or load balanced communication, select Authenticate using Certificates Select Accept certificates with this thumbprint only. Enter the Cloud Link Authentication certificate thumbprint provided when creating the Cloud Link Agent in the Web Console. Alternatively, if a reverse proxy is passing a Windows Identity instead of a Client Certificate choose Windows Identity and restrict the request to the expected user. IMPORTANT: Not restricting authentication to a certificate thumbprint or March 2014 Page 12

user is considerably less secure. The ability to do so is provided for troubleshooting purposes only. 2. Click Apply to restart the Cloud Link Agent service. Configuring Services to use a Cloud Link Agent Once you have configured the communication between MobiControl Cloud and the Cloud Link Agent, specify that your connection(s) to enterprise services communicate through the Cloud Link Agent instead of attempting a direct connection. To configure LDAP connections (the option is also available for Certificate Authorities) to communicate over Cloud Link, from the MobiControl Web Console: 1. Click on the All Devices tab. 2. Click the Servers. 3. In the Global Settings section, click on the wrench icon beside LDAP Connections. 4. Create or edit an existing LDAP connection. 5. In the Cloud Link Agent dropdown, select the Cloud Link Agent you want the connection to use. March 2014 Page 13

6. Click OK. Limiting Cloud Link Agent Communications In role-based administrative environments, the Cloud Link Agent provides greater security and peace of mind by optionally restricting the hosts MobiControl Cloud can communicate with. If MobiControl Cloud requests information from a server restricted by the Cloud Link Agent administrator, the request will be rejected. To limit the hosts the Cloud Link Agent can communicate with, from the Cloud Link Agent host computer: 1. Launch the CloudLinkAdminUtility.exe with administrative privileges. 2. In the Security section, select Accept requests for selected hosts only option. 3. In the text field, enter the FQDN of the host(s) you wish to allow the Cloud to communicate with. 4. Click Apply. The Cloud Link Agent service restarts. March 2014 Page 14

Troubleshooting Testing Cloud Link Communication MobiControl provides quick validation after Cloud Link agent configuration changes to ensure that authenticated communication is established between all components. To verify connectivity manually, from the Servers tab in the MobiControl Web Console: 1. Locate the Cloud Link Agent you created earlier. Note the visual indicator that represents the Cloud Link Agent s current status. 2. Right-click Cloud Link Agent, 3. In the dropdown list, click Cloud Link Agent Properties. 4. Click Test in the Cloud Link Agent Properties window. A success or failure message appears. NOTE: This test confirms that MobiControl Cloud can communicate with the Cloud Link Agent, not that the services the Cloud Link Agent is extending to the Cloud are accessible and responsive. March 2014 Page 15

Cloud Link Logging MobiControl Cloud Logs Cloud Link logs can be found in several different locations depending on the MobiControl component sending the request. Often the best way to diagnose a Cloud Link issue is to review the logs after such a request has been attempted. For example, configure your LDAP connection to use the Cloud Link, and perform an LDAP lookup. To access server-side logs, in the MobiControl Web Console click the? menu. Cloud Link Agent Logs Cloud Link Agent logs can be found in C:\ProgramData\SOTI\CloudLinkAgent.log on the Cloud Link Agent host computer. Log Descriptions & Remediation The following table provides guidance for troubleshooting common misconfiguration of environments using Cloud Link. Error / Log Entry EndpointNotFoundException: There was no endpoint listening at https://fully.qualified.domain/cla/xxx that could accept the message. SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'fully.qualified.domain'. Remediation The Cloud Link Agent is not running, or the hostname is invalid. Verify that the Cloud Link Agent service is running. Verify that the hostname for the Cloud Link Agent in the MobiControl console is correct. Certificate trust could not be established between MobiControl Cloud and the Cloud Link Agent. Verify you have uploaded the Root certificate that issued the Server Certificate for the Cloud Link Agent to the MobiControl console. Ensure that the common name of the certificate matches March 2014 Page 16

that of the host the MobiControl Cloud is communicating. System.ArgumentException: Access to specified server was not enabled FaultException: Access is denied. The Cloud Link Agent is restricting the hosts MobiControl cloud is communicating with. Add the FQDN of the intended host to the Security section of the Cloud Link Administration Utility. The Cloud Link Agent has rejected a request because the certificate or windows identity did not match what was expected. Verify the identity used during authentication, and that the Cloud Link Agent accepts requests from this identity. Cloud Link Agent responds to certificate authenticated requests with 403 Forbidden despite a valid client certificate being present in MobiControl Cloud. The issuer of the client certificate does not appear in the Trusted Issuers List presented by the Cloud Link Agent host. Refer to http://support.microsoft.com/kb/2464556 for more details. Shorten the Trusted Issuers List by removing unneeded Root certificates. Disable sending the Trusted Issuers List entirely. March 2014 Page 17

Glossary The following terms and abbreviations are used throughout this document and are listed here as a reference: AD Active Directory ADCS Active Directory Certificate Services CA Certificate Authority CLA Cloud Link Agent (service hosted on-premise) Client Certificate Credential used to prove the identity of the requesting party DCOM Distributed Component Object Model DMZ De-Militarized Zone DS Deployment Service (Responsible for Agent-based communication) DSE DS Extensions (Responsible for Web-based device communication) EMM Enterprise Mobility Management FQDN Fully Qualified Domain Name HTTP(s) Hypertext Transfer Protocol (secure) KCD Kerberos Constrained Delegation LDAP(s) Lightweight Directory Access Protocol (secure) MDM Mobile Device Management MS Management Service (Responsible for MobiControl Web Console) PKI Public Key Infrastructure SCEP Simple Certificate Enrollment Protocol Server Certificate Credential used to prove the identify of a server SPN Service Principal Name TMG Threat Management Gateway March 2014 Page 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback