Mobile Device Management

The following diagram demonstrates communication between ESET Security Management Center components and a mobile device:

MDM

details_hoverNOTE

Security recommendation for MDM: MDM host device requires internet access. We recommend that the MDM host device be behind a firewall and only the required ports for the MDM are be open. You can also deploy an IDS/IPS to monitor the network for anomalies.


Mobile Device Connector (MDC) is a ESMC component that allows for Mobile Device Management with ESET Security Management Center; permitting management of Android and iOS mobile devices and administration of mobile security.

MDC provides an agent-less solution where Agents are not running directly on mobile devices (to save battery and performance of mobile device). MDC serves as a host of these virtual agents. MDC store data for/from mobile devices in its dedicated SQL database.

HTTPS certificate is required to authenticate communication between mobile device and MDC. To authenticate communication between ESMC Server and MDC, a Proxy certificate is used.

Managing Apple devices has some additional requirements. Using ESMC MDC to manage iOS devices requires Apple Push Notification service certificate. APN service enables ESET MDC to securely communicate to Apple mobile devices. This certificate must be signed directly by Apple (using Apple Push Certificates Portal) and delivered to the MDC via policy. Subsequently, iOS devices might be enrolled to ESMC MDC.

In certain countries, Apple Device Enrollment Program (DEP) is available. DEP is a new powerful method for enrollment of corporate iOS devices. With DEP you can enroll devices automatically to MDC without any direct contact with the device and also with minimal interaction from the user. DEP extends the capabilities of iOS MDM dramatically and allows complete customization of the device setup.

After successful installation and setup of the Mobile Device Connector, mobile devices can be enrolled. After successful enrollment, the mobile device can be managed from ESMC Web Console.