Install ESMC Mobile Device Connector (Standalone)

To install Mobile Device Connector as a standalone tool, on a different computer than ESMC Server, complete following steps.

validation-status-icon-error WARNING

Mobile Device Connector must be accessible from the Internet so that mobile devices can be managed at all times regardless of their location.

details_hoverNOTE

Take into account that a mobile device communicates with Mobile Device Connector which inevitably affects usage of mobile data. This applies especially to roaming.

Follow the steps below to install Mobile Device Connector on Windows:

1.Please read the prerequisites first and make sure all are met.

2.Double-click the installation package to open it, select Install Mobile Device Connector (Standalone) and click Next.

package_installation_select

3.Deselect the check box next to Participate in product improvement program if you do not agree to send crash reports and telemetry data to ESET. If the check box is left selected, telemetry data and crash reports will be sent to ESET.

4. After accepting the EULA, click Next.

5.ESET Security Management Center Mobile Device Connector requires a database for operation. Select Microsoft SQL Server Express if you want to install the database, or leave the check box empty. If you would like to connect to an existing database, you will have the option to do so during installation. Click Install to proceed with the installation.

6.If you installed the database as part of this installation in step 5, the database will now be installed automatically and you can skip to step 8. If chose not to install a database in step 5, you will now be prompted to connect the MDM component to your existing database.

details_hoverNOTE

You can use the same database server you are using for the ESMC database, but we recommend that you use a different DB server if you are planning to enroll more than 80 mobile devices.

7.The installer must connect to an existing database that will be used by Mobile Device Connector. Specify the following connection details:

Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication

ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/SQL Server/SQL Server Native Client 10.0/ODBC Driver 11 for SQL Server

Database name: We recommend that you use the default database name "era_mdm_db" if possible.

Hostname: hostname or the IP address of your database server

Port: used for connection to the database server

Database admin account Username/Password

Use Named Instance - If you are using MS SQL database, you can also select the Use Named Instance check box. This will allow you to use custom database instance, you can set it in the Hostname filed in the form HOSTNAME\DB_INSTANCE for example: 192.168.0.10\ESMC7SQL . For clustered database use only the clustername. If this option is selected, you cannot change which port will be used, system will use default ports determined by Microsoft.

details_hoverNOTE

When you select the Use Named Instance check box, you can connect the ESMC Server also to MS SQL database that is installed in a Failover Cluster. In Hostname field, enter the cluster name.

mdm_setup07

8.If the connection was successful, you will be prompted to verify that you want to use the provided user as a database user for ESMC MDM.

9.After the new database is successfully installed, or the installer successfully connected  to the existing database, you can proceed with the MDM Installation. Specify your MDM hostname: this is the public domain or public IP address of your MDM server as it is reachable by mobile devices from the Internet.

MDM hostname must be entered in the same form it appears in your HTTPS Server certificate, otherwise the iOS mobile device will refuse to install the MDM Profile. For example, if there is an IP address specified in the HTTPS certificate, type in this IP address into the MDM hostname field. If an FQDN is specified (for example, mdm.mycompany.com) in the HTTPS certificate, enter this FQDN in the MDM hostname field. Also, if a wildcard * is used (for example, *.mycompany.com) in the HTTPS certificate, you can use mdm.mycompany.com in the MDM hostname field.

validation-status-icon-error WARNING

Be very careful what you fill in the MDM Hostname filed in this step of installation. If the information is incorrect, or in a wrong form, the MDM Connector will not work properly and the only way to fix it will be re-installation of the component.

mdm_setup03

10. In the next step, verify the connection to the database by clicking Next.

11. Connect the MDM Connector to the ESMC Server. Fill in the Server host and Server port required for connection to the ESMC Server and select either Server Assisted installation or Offline Installation to proceed:

oServer assisted installation - Provide ESMC Web Console administrator credentials and the installer will download the required certificates automatically. Also check the permissions required for server-assisted installation.

1.Enter your Server host - name or IP address of your ESMC Server and Web Console port (leave default port 2223 if you are not using custom port). Also, provide Web Console administrator account credentials - Username/Password.

2.When asked to Accept the Certificate, click Yes. Continue to step 11.

oOffline installation - Provide a Proxy certificate and Certification Authority which can be exported from ESET Security Management Center. Alternatively, you can use your custom certificate and appropriate Certification Authority.

1.Click Browse next to the Peer certificate and navigate to the location of your Peer certificate location (this is the Proxy certificate you have exported from ESMC). Leave the Certificate password text field blank as this certificate does not require a password.

2.Repeat the procedure for Certificate Authority and  continue to step 11.        

details_hoverNOTE

If you are using custom certificates with ESMC (instead of the default ones that were automatically generated during ESET Security Management Center installation), these should be used when you are prompted to supply a Proxy certificate.

12. Specify the destination folder for Mobile Device Connector (we recommend using the default), click Next > Install.


After the MDM installation is finished, you will be prompted for an Agent installation. Click Next to start the installation and accept the EULA if you agree with it and follow these steps:

1.Enter the Server host (hostname or IP address of your ESMC Server) and Server port (the default port is 2222, if you are using a different port, replace the default port with your custom port number).

validation-status-icon-warning IMPORTANT

Make sure the Server host matches at least one of the values (ideally be FQDN) defined in Host field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid". The only exception is in case there is a wildcard (*) in Server certificate Host field, which means it will work with any Server host.

2.If you are using proxy, select the check box Use Proxy. When selected, the installer will continue with offline installation.

details_hoverNOTE

This proxy setting is only used only for (replication) between ESET Management Agent and ESMC Server, not for the caching of updates.

Proxy hostname: hostname or IP address of the HTTP Proxy machine.

Proxy port: default value is 3182.

Username, Password: enter the credentials used by your proxy if it uses authentication.

You can change proxy settings later in your policy. Proxy must be installed before you can configure an Agent - Server connection via Proxy.

3.Select one of the following installation options and follow the steps from the appropriate section below:

Server assisted installation - You will need to provide ESMC Web Console administrator credentials (installer will download the required certificates automatically).

Offline installation - You will need to provide an Agent certificate and a Certification authority which can be both exported from ESET Security Management Center. Alternatively, you can use your custom certificate.

To continue server-assisted Agent installation follow these steps:

1.Enter the hostname or IP address of your ESMC Web Console (same as ESMC Server) in the Server host field. Leave Web Console port set to the default port 2223 if you are not using custom port. Also, enter your Web Console account credentials in the Username and Password fields.

validation-status-icon-warning IMPORTANT

Make sure the Server host matches at least one the values (ideally be FQDN) defined in Host field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid". The only exception is in case there is a wildcard (*) in Server certificate Host field, which means it will work with any Server host.

2.Click Yes when asked if you want to accept the certificate.

3.Choose Do not create computer or Choose custom static group. If you click Choose custom static group you will be able to select from a list of existing Static groups in ESMC. The computer will be added to the group you= have selected.

4.Specify a destination folder for the ESET Management Agent (we recommend that you use the default location), click Next and then click Install.

To continue offline Agent installation follow these steps:

1.If you selected Use Proxy in the previous step, provide the Proxy hostname, Proxy port (the default port is 3128),Username and Password and click Next.

2.Click Browse and navigate to the location of your Peer certificate (this is the Agent certificate you exported from ESMC). Leave the Certificate password text field blank as this certificate does not require a password. You do not need to browse for a Certification authority - leave this field empty.

details_hoverNOTE

If you are using a custom certificate with ESMC (instead of the default ones that was automatically generated during ESET Security Management Center installation), use your custom certificates accordingly.

validation-status-icon-warning IMPORTANT

The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.

3.Click Next to install to the default folder or click Change to choose another folder (we recommend that you use the default location).


After the installation is complete, check to see if Mobile Device Connector is running correctly by opening https://your-mdm-hostname:enrollment-port (for example https://mdm.company.com:9980) in your web browser or from a mobile device. If the installation was successful, you will see following message:

mdm_check

You can now activate MDM from ESET Security Management Center.