SCMDM basics

Over the last couple of months i have been working heavily on the brand new offering from MS - SCMDM 2008. It was interesting to install and get up and running the server side installations of SC MDM in our local lab environment and trouble shooting the issues around it. The remarkable bit is that the server is fairly simple to install given the fact that it is a RTM build of a version 1 product.

Basically MS SCMDM - Microsoft Security Center Mobile Device Management - allows devices to be a part of the corporate network (i.e Vpn'ed in ) which enable a host of other functionality from the perspective of management and securing of devices. IT staff can easily push applications, security settings and transparently manage devices out in the field over GPRS or any other public network. Another huge benefit of this is that devices can now connect into LOB applications hosted internally without any special configurations.

Operationally how this works is that devices have to enroll themselves into the domain and appear like computers and users to the admins. The enrollment process provides the device with a client certificate. The device then uses the client certificate to create and maintain a VPN connection over the air. So now the device has 2 IPs - one provided by the Service provider and one for the internal network. The client creates a VPN tunnel to the Gateway server on the corporate network and ALL traffic flows through this server. Effectively the Gateway server routes each and every network (external and internal ) request, allowing the administrators on the domain to control IP traffic.

If you want to know more here are some useful resources to get started with -

 watch this space for more updates