{"id":11095,"date":"2016-11-28T13:25:01","date_gmt":"2016-11-28T05:25:01","guid":{"rendered":"http:\/\/i-services.info\/wordpress\/?p=11095"},"modified":"2020-04-15T10:06:28","modified_gmt":"2020-04-15T02:06:28","slug":"mdm-server%e5%82%b3%e9%80%81%e6%8f%8f%e8%bf%b0%e6%aa%94%e5%92%8c%e6%8c%87%e4%bb%a4%e7%9a%84%e6%b5%81%e7%a8%8b","status":"publish","type":"post","link":"http:\/\/i-services.info\/wordpress\/?p=11095","title":{"rendered":"MDM server\u50b3\u9001\u63cf\u8ff0\u6a94\u548c\u6307\u4ee4\u7684\u6d41\u7a0b"},"content":{"rendered":"

<\/p>\n

    \n
  1. \u7ba1\u7406\u54e1\u50b3\u9001\u4e00\u500b\u8a2d\u5b9a\u63cf\u8ff0\u6a94(Configuration Profile)\u5230\u4f7f\u7528\u8005\u7684iOS\u88dd\u7f6e\u4e0a\u3002\n
  2. \u4f7f\u7528\u8005\u5b89\u88dd\u8a72\u8a2d\u5b9a\u63cf\u8ff0\u6a94\u3002\n
  3. \u8a72\u53f0iOS\u88dd\u7f6e\u5411MDM server\u8a3b\u518a\uff0c\u958b\u59cb\u88ab\u76e3\u7ba1\u3002\n
  4. MDM server\u900f\u904eApple Push Notification Service\u767c\u9001\u63a8\u64ad\u8a0a\u606f\u5230\u7d66iOS\u88dd\u7f6e\uff0c\u8acb\u88dd\u7f6e\u5411server\u78ba\u8a8d\u662f\u5426\u6709\u65b0\u7684\u6307\u4ee4\u6216query\u3002\n
  5. iOS\u88dd\u7f6e\u85c9\u7531HTTPS\u548cMDM server\u9023\u63a5\uff0cMDM server\u50b3\u9001\u6307\u4ee4\u7d66\u88dd\u7f6e\u3001\u6216\u662f\u5411\u88dd\u7f6e\u8981\u6c42\u56de\u50b3\u8cc7\u8a0a\u3002<\/li>\n<\/ol>\n

    Apple Push Notification<\/strong><\/p>\n

    \u7576MDM server\u8981\u548ciOS\u88dd\u7f6e\u6e9d\u901a\uff0cApple Push Notification\u6703\u9001\u4e00\u5247\u901a\u77e5\u7d66\u5728\u87a2\u5e55\u9396\u5b9a\u4e2d\u7684iOS\u88dd\u7f6e\uff0c\u8acbiOS\u88dd\u7f6e\u5411MDM server\u505acheck in\uff0c\u770b\u770b\u6709\u6c92\u6709\u65b0\u7684\u74b0\u5883\u8a2d\u5b9a\u3001\u6216\u5de5\u4f5c\u4efb\u52d9\u9700\u8981\u88ab\u63a8\u9001\u5230\u88dd\u7f6e\u4e0a\u3002<\/p>\n

    <\/p>\n

    \u5982\u679ciOS\u88dd\u7f6e\u6c7a\u5b9a\u63a5\u6536\u65b0\u7684\u8cc7\u6599\uff0cConfiguration Profile\u53ca\u5176\u4ed6\u8a2d\u5b9a\uff0c\u6703\u5728\u80cc\u666f\u7528\u88abSSL\/TLS\u52a0\u5bc6\u7684\u65b9\u5f0f\u5728\u88dd\u7f6e\u548cMDM server\u4e4b\u9593\u505a\u50b3\u8f38\u3002 <\/p>\n

    \u70ba\u4e86\u8b93Apple Push Notification\u670d\u52d9\u6b63\u78ba\u8fa8\u8a8d\u4f86\u81eaMDM server\u9001\u51fa\u7684\u6307\u4ee4\uff0c\u5fc5\u9808\u7533\u8acb\u53ca\u4e0b\u8f09Apple Push Certificate\uff0c\u5c07\u5176\u5b89\u88dd\u5230MDM server\u4e2d\uff0c\u5982\u6b64\u624d\u80fd\u8b93iOS\u88dd\u7f6e\u5411MDM server\u8a3b\u518a\u3002 <\/p>\n

    \u7db2\u8def\u8a2d\u5b9a<\/font><\/strong> <\/p>\n

      \n
    1. MDM server\u6700\u597d\u662f\u9023\u63a5\u5230\u4e00\u500b\u56fa\u5b9a\u7db2\u57df\uff0c\u800c\u975e\u4e00\u500bIP\u4f4d\u7f6e\u3002(The IP address range for the push service is subject to change; the expectation is that an MDM server will connect by hostname rather than by IP address. The push service uses a load-balancing scheme that yields a different IP address for the same hostname. This hostname is gateway.push.apple.com (and gateway.sandbox.push.apple.com for the development push notification environment). Additionally, the entire 17.0.0.0\/8 address block is assigned to Apple so firewall rules can be established to specify that range)\n
    2. \u628a\u9019\u53f0MDM server\u5efa\u7f6e\u5728\u4f01\u696d\u5167\u90e8\u6642\uff0c\u5efa\u8b70\u6253\u958b\u4ee5\u4e0bport\uff1a\n
        \n
      • Port TCP 80 (http)\n
      • Port TCP 443 (https)\n
      • Port TCP 1640 (SCEP)\n
      • Port TCP 5223 (APNS)\n
          \n
        • \u8b93iOS\u88dd\u7f6e\u9023\u63a5\u5230push service\u3002<\/li>\n<\/ul>\n
        • Port TCP 2195 (APNS)\n
            \n
          • \u8b93MDM server\u50b3\u9001\u901a\u77e5\u5230Apple Push Notification service\u3002<\/li>\n<\/ul>\n
          • Port TCP 2196 (APNS)\n
          • feedback service<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n

            \u8a3b\u518a<\/strong> <\/p>\n

            iOS\u88dd\u7f6e\u8a3b\u518a(Enrollment) \u88dd\u7f6e\u8a3b\u518a\u662f\u8b93iOS\u88dd\u7f6e\u63a5\u53d7\u88ab\u67d0\u53f0MDM server\u7ba1\u7406\u3002\u53ef\u4ee5\u628aiOS\u88dd\u7f6e\u63d2\u7dda\u5230\u96fb\u8166\u3001\u6216\u662f\u7528\u7121\u7dda(Over-the-Air Enrollment)\u50b3\u8f38\u7684\u65b9\u5f0f\u4f86\u63a5\u6536\u8a3b\u518a\u63cf\u8ff0\u6a94(Enrollment Profile)\uff0c\u591a\u534a\u90fd\u662f\u5f8c\u8005\uff0c\u5176\u6d41\u7a0b\u5305\u62ec\uff1a <\/p>\n

              \n
            1. User Authentication\n
                \n
              • \u7ba1\u7406\u54e1\u53ef\u900f\u904eemail\u3001\u7c21\u8a0a\u3001\u7db2\u9801\u3001App\u4f86\u8acb\u4f7f\u7528\u8005\u5728iOS\u88dd\u7f6e\u4e0a\u9032\u884c\u8a3b\u518a\u3002<\/li>\n<\/ul>\n
              • Certificate Enrollment\n
                  \n
                • iOS\u6703\u900f\u904eSCEP(Simple Certificate Enrollment Protocal)\u7522\u751f\u4e00\u500bcertificate enrollment request\uff0c\u9019\u500brequest\u50b3\u9001\u5230CA(Certificate Authority)\uff0c\u63a5\u8457\u4f7fiOS\u88dd\u7f6e\u6536\u5230identity certificate\u3002<\/li>\n<\/ul>\n
                • Device Configuration\n
                    \n
                  • \u5b89\u88dd\u597didentity certificate\u5f8c\uff0ciOS\u88dd\u7f6e\u5c31\u53ef\u4ee5OTA\u6536\u5230\u52a0\u5bc6\u904e\u7684\u74b0\u5883\u8a2d\u5b9a(configuration information)\u3002<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n

                    \u4f7f\u7528\u8005\u5fc5\u9808\u5728iOS\u88dd\u7f6e\u4e0a\u4e0b\u8f09\u5b89\u88dd\u7531MDM server\u767c\u51fa\u7684profile(\u63cf\u8ff0\u6a94)\uff0c\u63a5\u8457\u8a72\u53f0\u88dd\u7f6e\u5c31\u6703\u81ea\u52d5\u5411MDM server\u9032\u884c\u8a3b\u518a\u3002\u8a3b\u518a\u5b8c\u6210\u5f8c\uff0c\u9019\u53f0iOS\u88dd\u7f6e\u5c31\u80fd\u63a5\u6536\u4f86\u5f9eMDM server\u767c\u51fa\u7684\u74b0\u5883\u8a2d\u5b9a\u3001\u8cc7\u8a0a\u66f4\u65b0\u3001\u88ab\u9060\u7aef\u9396\u5b9a\u3001\u88ab\u9060\u7aef\u6e05\u9664\u8cc7\u6599\u7b49\u5de5\u4f5c\u3002<\/p>\n

                    <\/div>