upload successful

不知不觉距离上次搭建 CSA 云平台已经过去两个月了,为自己的懒惰感到惭愧🙈

这里简单的说一下整个 MDM 配置流程:

  • 核心服务器 MDM 配置

    主要配置 CSA、策略轮询时间和苹果消息推送服务等

  • Agent 安装包

    用于管理设备,如策略下发、远程等

  • Agent Manifest Package 配置

    主要用于告知设备注册后从何处下载 plist 文件,plist 文件则提供 Agent 安装包所在位置以及相关说明

  • 联合管理代理

    通过 MDM 注册后自动部署代理和配置文件

# MDM 配置

# Common Settings

废话不多说,在 EPM 控制台中,依次点击 Modem Device Management > MDM configurations > Common Setting > Cloud Services Appliances(CSA) 选择我们的 CSA Server

upload successful

Sync Settings 配置设备定时签到时间,默认情况下,设备通过 MDM 注册到核心服务器,设备会在 1440 分钟后主动找服务器签到同步策略,如无特殊要求,此处保持默认即可

upload successful

# APNS

配置 APNS(Apple Push Notification Service) , 依次点击 Apple > Apple Push Notification service > Configure 进行证书配置

upload successful

  1. 选择创建一个新证书

upload successful

  1. 创建证书请求

upload successful

  1. 跳转到 Aplle Push 证书门户

upload successful

  1. 创建证书

upload successful

upload successful

选择刚刚生成的 plist 请求文件,然后点击 Upload

upload successful

下载证书

upload successful

  1. 选择证书并设置密码

upload successful

  1. 点击 Save 保存

upload successful

最后点击 OK 重启 MDM 服务

upload successful

APNS 是由苹果公司提供的推送服务,主要用于向 iOS、MacOS 和 WatchOS 设备发送远程通知、即时消息、应用更新、提醒和警报等这几个主要的作用

# MacOS Agent

创建 MacOS Agent ,依次点击 Configuration > Agent configuration > New Mac agent configuration

upload successful

填写配置名称,选择 Client connectivity, 这里的 Core infomationCore address 必须填写核心服务器的 FQDN(Fully Qualified Domain Name)

upload successful

Cloud Services Appliance 勾选启用并选择我们的 CSA

upload successful

Remote control tunnel 勾选启用并选择我们的 Remote Tunnel

upload successful

其它的策略根据自身需求调整,这里就不多赘述

# Agent Manifest Package

依次点击 Distribution > Distribution packages > New > Macintosh > Macintosh MDM

upload successful

填写程序包 NameApplication info 选择 Manifest URL

upload successful


截至当前 EPM 2022 SU3 MDM properties 信息,请根据自己的 EPM 版本填写

Patch Version URL Bundle ID Bundle Version
2022 SU3 https://download.ivanti.com/product/mac/2022/SU3/manifest.plist com.ivanti.IvantiAgentTool 11.0.5.2606
2022 SU2 https://download.ivanti.com/product/mac/2022/SU2/manifest.plist com.ivanti.IvantiAgentTool 11.0.5.2497
2022 SU1 https://download.ivanti.com/product/mac/2022/SU1/manifest.plist com.ivanti.ivscan 11.0.5.2378
2022 https://download.ivanti.com/product/mac/2022/manifest.plist com.landesk.LANDesk_Settings 11.0.5.2280
2021.1 SU4 https://download.ivanti.com/product/mac/2021/SU4/manifest.plist com.ivanti.IvantiAgentTool 11.0.5.2539
2021.1 SU3 https://download.ivanti.com/product/mac/2021/SU3/manifest.plist com.ivanti.IvantiAgentTool 11.0.5.2445
2021.1 SU2 Ver. 2 https://download.ivanti.com/product/mac/2021/SU2v2/manifest.plist com.landesk.LANDesk_Settings 11.0.4.2203
2021.1 SU2 https://download.ivanti.com/product/mac/2021/SU2/manifest.plist com.landesk.LANDesk_Settings 11.0.4.2192
2021.1 SU1 https://download.ivanti.com/product/mac/2021/SU1/manifest.plist com.landesk.LANDesk_Settings 11.0.4.2119
2021.1 https://download.ivanti.com/product/mac/2021/manifest.plist com.landesk.LANDesk_Settings 11.0.4.1887
2020.1 SU6 No changes made to the agent. Use same values as 2020.1 SU5 com. landesk.LANDesk_Settings 11.0.3.1742
2020.1 SU5 https://download.ivanti.com/product/mac/2020/SU5/manifest.plist com.landesk.LANDesk_Settings 11.0.3.1742
2020.1 SU3 https://download.ivanti.com/product/mac/2020/SU3/manifest.plist com.landesk.LANDesk_Settings 11.0.3.1652
2020.1 SU2 https://download.ivanti.com/product/mac/2020/SU2/V2/manifest.plist com.landesk.LANDesk_Settings 11.0.3.1497
2020.1 SU1 https://download.ivanti.com/product/mac/2020/SU1/manifest.plist com.landesk.LANDesk_Settings 11.0.3.1
2020.1 https://download.ivanti.com/product/mac/2020/manifest.plist com.landesk.LANDesk_Settings 11.0.3.1

# 联合管理代理

依次点击 Modem Device Management > CO-management agents 打开联合管理代理界面,勾选 Install Mac Agent, 设备配置文件选择我们的代理配置,例外建议添加 Allow Ivanti RC screen capture approval 和 EPM Agent authorization 这两个跟远程相关的配置,最下方选择我们的 Macintosh MDM 程序包

upload successful

到此,整个简单的 MDM 配置基本上已经结束

# MDM 注册

拷贝核心服务器 C:\Program Files\LANDesk\ManagementSuite\ldlogon\mac\mdmenroller.pkgMac OS
客户端安装

安装完后打开选择 手动输入详细信息

upload successful

填写核心服务器管理员账号和密码以及 CSA核心服务器 FQDN

upload successful

点击注册,此时弹出需要安装 Ivanti MDM 描述文件,点击 Install 进行安装

upload successful

非常尴尬,这里安装描述文件的时候报错了,提示 MDM 服务器无法验证,证书可能已过期,刚好前段时间,群里有个大佬也问过这个问题,我就厚着脸皮问大佬解决了没有,大佬说这个问题是 ESA 模块导致的,安装 ESA 模块更改了 IIS 的某些配置,但是具体改了什么他也不知道,所以最后只能重装解决

upload successful

那我也只好重装 EPM 服务器了,此处省略 N 个字,安装描述文件后会自动下载联合管理的相关配置和代理程序

upload successful

安装完毕后,此时服务器控制台已经可以看到这台 Mac 电脑的信息

upload successful

好了,MDM 注册就到这吧,后续深入学习再更新

此文章已被阅读次数:正在加载...Edited on

Give me a cup of [coffee]~( ̄▽ ̄)~*

Bob WeChat Pay

WeChat Pay

Bob PayPal

PayPal

Bob Alipay

Alipay