Scribd
Upload
431 views4 pages

AirWatch Components - VEffort

The document discusses the key components of the AirWatch mobile device management (MDM) platform, including the Device Services Server, Console Server, Database Server, AirWatch Cloud Connector, AirWatch Mobile Access Gateway, Secure Email Gateway, and Cloud Messaging Service. It explains the purpose and typical deployment location of each component for both cloud-based (SaaS) and on-premise implementations. It also provides a flow chart showing how the components fit together and are related to AirWatch's licensing models.

Uploaded by

jones_lenn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
431 views4 pages

AirWatch Components - VEffort

The document discusses the key components of the AirWatch mobile device management (MDM) platform, including the Device Services Server, Console Server, Database Server, AirWatch Cloud Connector, AirWatch Mobile Access Gateway, Secure Email Gateway, and Cloud Messaging Service. It explains the purpose and typical deployment location of each component for both cloud-based (SaaS) and on-premise implementations. It also provides a flow chart showing how the components fit together and are related to AirWatch's licensing models.

Uploaded by

jones_lenn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

4/14/2016

AirWatchComponents|vEffort

AirWatchComponents
PostedbyveffortonJanuary22,2015

2Comments

IvebeenworkingonacoupleofAirWatchengagementsrecentlyandasaresult,myproductknowledgehashadtomove
toalowerlevel.BeingmoreofaCitrixGuyfromanMDMperspectiveIvehadmoreinvolvementinXenMobileupuntil
now,butseeingasCitrixisdeemeda2ndtiervendorbythelikesofresearchfirmIDC,itssurprisingthelackofresources
thereisouttherefortoptierAirWatchcomparedtoXenMobile.MaybeitsbecauseAirWatchreallypushtheSaaSmodel
wheretheonpremisthepoorrelation(~70/30marketsplit)sothereislesscommunityinterestoutthere.
WhatIwantedtocoverherewashowtheheadlineproductsfitintotheAirWatcharchitectureasatfirstglanceitsnot
obvious,tothisendIhavecreatedaflowchartasakindofdecisionmatrix.Thecomponentswillchangedependingupon
requirementsandifSaaSischosenoveronprem.
TheComponents
BelowIwillbrieflycovereachofthekeycomponents
DeviceServicesServerThisistheServerthatactivelycommunicateswiththedevicesandhandlesenrollments.Seeing
asdeviceswillnormallybeanywhereandeverywhere,thisserverneedstobeavailableontheinternet.ForSaaS
deployments,clearlythiswillbehandledbutforOnPrem,thiswillnormallylocatedwithinaDMZwithSSLpunched
throughtotheinternetsecuredwithapubliccertificate.
ConsoleServerSometimescalledtheAPIserver,theservercommunicateswiththeDeviceServicesServerandcontains
aWebApp(IISSite)foradministrativecontroloftheenvironment.ThiswillnormallybeplacedontheinternalLAN,but
wouldbepossibletocombinewiththeDeviceServicesServer.
DatabaseServerAswithmostenterpriseproductsadatabaseisrequiredclearlyAirWatchholdsalotofdevicedata
andthisneedstobestoredsomewhere.NotethatSQListheonlysupporteddatabasetypeanditneedstobefullSQL,not
express.Again,thiscouldbecombinedbutinlargerdeploymentswouldbeseparatedtoaidwithhighavailabilityplans.
InaSaaSdeployment,alloftheabovewillbehostedandmanagedbyAirWatch,butrequiredforalldeploymentsbethey
SaaSoronprem.Thefollowingcomponentshowever,areoptionaldependinguponrequirements.
AirWatchCloudConnector(ACC)ThisisnearlyalwaysusedinSaaSonlydeploymentsforbringingtheabovethree
componentstolocalcustomerbasedbackendresources.TypicalintegrationcomponentswouldbeDirectoryServices
(LDAP),MicrosoftCertificateServices,andExchangetonameafew.IfyouhaveaSaaSdeployment,yourADislocally
hostedandyouwanttoconfigureAutoenrollmentforenduserstousetheiremailaddressesforexample,youllbe
needingACC.ThisisnormallyplacedontheinternalLANwithadirectoutboundconnectiontotheinternetsoitcan
communicatewiththeAirWatchSaaS.Thiscanbeeitherdirect(preferable)orviainternalproxy.
JustaquicknoteonconnectingcomponentsviaproxyAtthetimeofwriting(v8.0.1.0)proxyPACfilesarenot
supportedintheACCbuttheyarefortheMAG!
https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

1/4

4/14/2016

AirWatchComponents|vEffort

AirWatchMobileAccessGateway(MAG)TheMAG(alsoknownasMAGEndpoint)isarelayforaccessinginternal
content.ItdiffersfromtheACCwhichismoreaboutauthenticationwheretheMAGisproxyandcontent.Thiscomponent
issecuredintermsofAirwatch(Containerised)soifyouplantouseityouwillneedtobeusingoneoftheAirWatch
clientbasedproductstoaccessthecontent,thatbeingSecureContentLocker,theAirWatchBrowser,thePerAppVPNfor
iOS7orEnterpriseAppsthathavebeensubjecttoAirWatchAppWrapping.
Intermsofplacementthereareanumberofoptions.Really,beingareverseproxy,thisisaDMZtypeofcomponentbut
couldbeapaintomanageasandwhenyouwanttoopenituptomorebackendresources,thisisbecauseyouwould
needtoaddrulesforeachserver(unlessyoucheatandopenupasubnetorwhatever).IfyouhavenoDMZ,itssimpleas
thereisonlyoneoptionwhichwillbeLANplacement.IfyoudohaveaDMZthebestapproachwouldagainbeinternal
LANbutalsotousetheadditionalsubcomponent.
AirWatchMobileAccessGateway(MAG)RelayThisispartofthesameinstallerastheabovebutyoujustchoose
therelayoption.ThisisdesignedtobeplacedinaDMZandiswhatyourexternaldeviceswillbepointingatalongwith
theAirWatchCloudMessagingService.ThissimplifiesongoingmanagementinaDMZscenarioastheinternalMAG
Endpointservercanbeleftfullyopentochattoallinternalresourceswhilstthecommunicationremainssecurewiththe
relayhandlingconnectivitybetweenthedevices,AWCMandtheinternalMAG.IntheMAGconfigurationontheAirWatch
managementconsoleitjustneedstobetoldthatsitsusingtherelaymodelratherthanbasicendpoint.
SecureEmailGateway(SEG)Letsbeclear,theSEGisntarequirementforenduserstobereceivingemailsontheir
devicesbutitiscertainlybeneficial.TheSEGsitsbetweenyourExchangeActiveSyncserver(s)andenablesgreatercontrol
andmonitoringofemailtoandfromenrolleddevices.ActiveSyncisgloballyenabledonExchangeandwhileitcanbe
switchedoffonamailboxbasisand(sinceExchange2010SP2)besubjecttodevicequarantinerules,itisnotveryeasyto
control.TheSEGwillproxytheActiveSynccommunicationsandblock/allowdependinguponconfiguredpolicy.
CloudMessagingServiceThisismentionedforinformation,itsadifferentsortofcomponenttotheaboveasitisa
facilitatorratherthansomethingthatperformsitsownspecificfrontendfunctionbutitisimportant.Ithandlesmessages
fromtheAdministrativeConsole,andisaprerequisiteforboththeMAGandACC.ForSaaSdeploymentsthisisnta
considerationasitispreconfiguredbyAirWatchbutforonpremthisneedstobeinstalledandconfigured,typicallyonthe
DeviceServiceServer.SeeingastheACCisgenerallyonlyusedinSaaSimplementationsthough,thisisnormallyonlya
concernforMAGinstallations.PartoftheMAGconfigurationrequirestheCloudMessagingServicedetailstobeentered.
Licencing
Somethingelsetobearinmindislicencingasthesecomponentsdontdirectlyfitintotheirlicencingmodelswellthey
do,butyouhavetobasethecomponentsontherequirementsandsubsequentlicencingmodel,whichwillspitoutthe
requiredcomponents.Thelicencingmodelsandpricingisavailablepubliclyhere.Youcouldactuallyintegrateanyofthe
belowcomponentsandnolicensingwouldbebreachedbuttakeforexampletheMAGyesthiscouldbefullyintegrated
intoAirWatchbutunlessyouaredoingAppWrapping,usingtheAirWatchBrowserand/orContentLocker(whichwould
requireaBluelicense)itsinclusionwouldhavenobenefit.
SowhatIvedoneontheflowdiagramistocolourthetextinaccordancewiththerequiredlicencingbandingassuming
https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

2/4

4/14/2016

AirWatchComponents|vEffort

youarerequiringfeaturesthatrequirethecomponentinquestion.
ComponentFlowChart
Sowithoutfurtherado,hereistheflowchartIhavecreatedhelpwithallofthis.Notethedecisionquestionsareveryhigh
level,otherquestionscouldbeaskedofthecapabilitiesparticularlyaroundtheACCwhichhasmanyintegrationpoints.

https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

3/4

4/14/2016

AirWatchComponents|vEffort

https://veffort.wordpress.com/2015/01/22/airwatchcomponents/

4/4

You might also like