Mobile Device Connector prerequisites

validation-status-icon-error WARNING

If the port or the hostname for the MDM server is changed, all mobile devices must be re-enrolled.
For this reason, it is recommended that you set up a dedicated hostname for the MDM server so that if you ever need to change the host device of the MDM server, you can do so by reassigning the new host device's IP address to the MDM hostname in your DNS settings.

The following prerequisites must be met in order to install Mobile Device Connector on Windows:

Public IP address/hostname or public domain accessible from the Internet.

details_hoverNOTE

If you need to change the hostname of your MDM Server, you will need to run a repair installation of your MDC component. If you change the hostname of your MDM Server, you will need to import a new HTTPS Server certificate that includes this new hostname for MDM to continue working correctly.

Ports open and available - see the complete list of ports here. We recommend using default port numbers 9981 and 9980, but these can also be changed in configuration file of your MDM Server if needed. Make sure that mobile devices are able to connect via specified ports. Change your firewall and/or network settings (if applicable) to make this possible. For more information about MDM architecture click here.

Firewall settings - when installing Mobile Device Connector on non-server OS such as Windows 7 (for evaluation purpose only), make sure to allow communication ports by creating firewall rules for:

C:\Program Files\ESET\RemoteAdministrator\MDMCore\ERAMDMCore.exe, TCP port 9980

C:\Program Files\ESET\RemoteAdministrator\MDMCore\ERAMDMCore.exe, TCP port 9981

C:\Program Files\ESET\RemoteAdministrator\Server\ERAServer.exe, TCP port 2222

 

details_hoverNOTE

Actual paths to .exe files may vary depending on where each of the ESMC components is installed on your client OS system.

A database server already installed and configured. Make sure you meet Microsoft SQL or MySQL requirements.

RAM usage of MDM connector is optimized so there can be maximum of 48 "ESET Security Management Center MDMCore Module" processes running concurrently, and if the user connects more devices, the processes will then periodically change for each device that currently needs to use the resources.

Microsoft .NET Framework 3.5 must be installed; you can install it using the Add Roles and Features Wizard (as shown below).

install_net_framework

Certificate requirements

You will need an SSL certificate in .pfx format for secure communication over HTTPS. We recommend that you use a certificate provided by a Certification Authority (ESMC CA or 3rd party CA). Self-signed certificates are not recommended because not all mobile devices let users to accept self-signed certificates. This is not an issue with CA signed certificates, because they are trusted and do not require acceptance by the user.

You need to have a certificate signed by CA (ESMC CA or a 3rd party CA), and the corresponding private key, and utilize standard procedures (traditionally using OpenSSL), to merge those  into one .pfx file:
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out httpsCredentials.pfx
This is the standard procedure for most servers which use SSL certificates.

For Offline installation, you will also need a Peer certificate (the Agent certificate exported from ESET Security Management Center). Alternatively, you can use your custom certificate with ESMC.