MDM is described as follows:

  • IOS MDM explanation (1) – first meeting and https://juejin.cn/post/6844903969160986632
  • IOS MDM explanation, (2) certificate of https://juejin.cn/post/6844903969173536782
  • IOS MDM, (3) – generate mobileconfig configuration file at https://juejin.cn/post/6844903969177747469
  • IOS MDM, (4) – https://juejin.cn/post/6844903969182105608 installation mobileconfig configuration file
  • IOS MDM, (5) – send a instruction to equipment operation at https://juejin.cn/post/6844903969186136072

I. Introduction to MDM

MDM – Moblie Device Management Enables enterprises to conveniently manage mobile devices such as iphones and pads.

When firms to make use of mobile equipment office or IT comes to some security restrictions equipment management role can be clearly reflected, by the MDM IT personnel door to registered plant safely in the enterprise environment, wireless configuration and update Settings, monitor compliance with company policies, also can be manage remote erasing or lock equipment. For example, many front-line employees in electronics factories are not allowed to take mobile phones at work for fear that criminals may take photos and leak product information. If MDM is introduced at this time, the application of mobile phone cameras can be prohibited during work, and other things will not affect the use of mobile phones.

MDM provides the following operations:

  • Install and delete a description file
  • Install and delete a configuration file
  • Gets a list of installed description files
  • Gets a list of installed configuration files
  • Gets the list of installed certificates
  • Gets the list of installed third-party applications
  • Application installation and deletion
  • Obtaining device information (UDID, Languages, DeviceID, BatteryLevel, etc.)
  • Get security-related information
  • The device locks the screen, restarts, shuts down, clears passwords, and erases data
  • Gets a list of enabled constraints
  • Lock and locate lost devices
  • Manage device Settings, device names, wallpaper, and mobile networks
  • Set the installed application properties
  • Get information about updatable systems
  • Install a file or book

And so on and there are many other subtle features that are not all listed. Does MDM feel so powerful that if you haven’t seen it before, you might be surprised to learn that a device without jailbreaking can do this? O(∩_∩)O Yes, MDM is so powerful that it can play a big role in enterprise application deployment and device management.

Despite the many functions of MDM, there are only a few common operations involved in actual applications, such as screen lock and password deletion, APP installation and deletion, configuration file installation and deletion, and obtaining the list of installed apps and other device-related information.

Second, about the

When I first got to know MDM, I was confused and didn’t know where to start. Looking at the scattered information on the Internet, the problem involved is fragmented, really not whether they have specific operation? Does it actually run through? Anyway, the major forums are also turning around, some people may understand, do, but write is also all, according to the steps of the real operation is also a mass of paste. I had no choice but to force myself to read official sources, because other useful sources provided so little information.

After several months of learning and understanding, MY understanding of MDM has gradually become much clearer. At this point, our management platform is also running, and we are planning to deploy to the internal use of the enterprise. Therefore, I want to make a good summary and record step by step what I have done, what I have thought about and what problems I have encountered, which may help you better understand MDM and quickly use MDM.

3. MDM Workflow

Here’s a picture from the official website:

The figure above shows that the MDM service requires apple push server APNs, its own or third-party MDM server, and managed devices. In practice, the three communicate with each other through HTTPS, so push must have push certificates just like ordinary APP push. When no operation is performed, nothing is connected except the device and APNs. Their roles in the system are as follows:

  • The MDM server sends commands to manage devices, obtain related information and operations, and respond to device operations. In the case of APNs, a command is sent to THE APNs to wake up the device to actively connect to the MDM server and report whether the device is currently idle (if the device is idle, the MDM server will proceed to the next step such as start sending instructions).

  • APNs: can be regarded as the messenger between the other two. It mainly forwards the MDM server instruction to the device, which tells the device to start connecting to the server.

  • Equipment: Install a configuration description file (described below) through Safari access server and register it as a managed device. After receiving APNs instruction, connect to the MDM server according to the URL of the installed configuration file and report its status. Then, the device receives the next command, such as DeviceInformation (to query DeviceInformation, such as ModelName, BatteryLevel, and WiFiMAC). After receiving the command in XML format, the device sends the relevant query information to the server. If no further command is needed, the server closes the connection.

In addition, data is transmitted between the device and the MDM server in THE form of PUT requests in XML format. Therefore, when sending commands, the server encapsulates the commands into an XML file and implements PUT request operations. APNs sends only an identifier associated with the device itself, with no other commands, to wake up the device to connect to the MDM server.

Iv. Operations to be done and problems I have encountered

To implement a complete MDM service, we need to: Make APNs push certificate, configuration file for device installation, implement HTTPS communication, implement MDM related protocols, learn MDM protocol related commands and use, and an MDM server (this is not the main description, because all these related are done by our background). So I’m going to do the following tasks in turn.

  • IOS MDM Details (1) – Understanding and In-depth
  • IOS MDM Details (2) – Certificate creation
  • IOS MDM Details (3) – Generate the Mobileconfig profile
  • IOS MDM Details (4) – Install the Mobileconfig profile
  • IOS MDM Details (5) – Send a command to the device

These are just a few key operations in MDM services. Other details will be sorted out in the future.

Under normal circumstances, I encountered the following problems:

Problem 1. Failed to install the Mobileconfig configuration file

An installation failure message is displayed during the device installation. When I tried to use the packet capture tool Charles to check, the installation succeeded, but failed again after closing the software. I guess that Charles agent can connect to the MDM Server which is still on the Intranet, and this problem can be avoided if I directly publish it to the Internet (no verification yet?). .

Fault 2. The CONNECTION between the MDM server and APNs cannot be established. As a result, the push fails

Push command Java background has been an error, javax.net.ssl.SSLHandshakeException: sun. Security. The validator. ValidatorException: No trusted certificate found later upgraded SKD error lifted.

Software caused connection abort: Recv failed after the screening is the address of the development environment of the original connection, have this configuration option in the configuration of mobileconfig environment that is generated by default, the environment that is generated by applying identity.apple.com/pushcert push certificate only certificates, This I was also silly thought generation and push are the same 😭.

Fault 3. After the command is pushed successfully, the device does not respond or slowly

When the command is pushed successfully, sometimes there is no response, and most of them are between the MDM Server and APNs. It is estimated that the device is not awakened or does not receive the command. There is a certain delay between APNs and the device because the push is not timely.

When the device is connected to the Sever, sending commands quickly gets a response. But sometimes the response will be very slow after several consecutive operations. It is speculated that the equipment itself has not had time to process, and the specific is still under study.

Problem 4. Silent installation of APP

Since we are enterprise application distribution, we publish an application that we want all controlled devices to install forcibly, that is, we don’t need a popup to ask the user to click ok. But it’s not there yet, it looks like android will be, iOS is still being worked on.

Fifth, summary

The above is a brief introduction and understanding of MDM. If you are familiar with MDM, thank you for your guidance. If you are not familiar with MDM, I hope you can help me. Next, I will install the above steps for the next step.