EMM 10.1 Installation Guide

Installation Guide
McAfee Enterprise Mobility Management 10.1
COPYRIGHT
Copyright 2012 McAfee, Inc. Do not copy without permission.
TRADEMARK ATTRIBUTIONS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.
LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
Installation Guide
Contents
Preface
About this guide . . . . . . . . . . . . Audience . . . . . . . . . . . . Conventions . . . . . . . . . . . Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5 5 5 6
Planning your installation
Considerations before installing McAfee EMM software . . . . . . . . . . . . . . . . . . . 7 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Mission-critical access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Notifying users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Help for users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 McAfee EMM components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Server components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Client components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Configuration modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Enhanced security mode (dual servers) . . . . . . . . . . . . . . . . . . . . . 10 Basic security mode (single server) . . . . . . . . . . . . . . . . . . . . . . . 11 Simplified mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Requirements for Public Key Infrastructure (PKI) environments . . . . . . . . . . . . 13
Preparing for installation

System settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Run the McAfee Deployment Helper . . . . . . . . . . . . . . . . . . . . . Run the Deployment Helper for enhanced security installations . . . . . . . Run the Deployment Helper for basic security installations . . . . . . . . . Run the Deployment Helper for custom installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15
15 18 18 21 24
Installing McAfee EMM software

Install McAfee EMM software in enhanced security mode . . . . . . . . . . . . Install the internal components . . . . . . . . . . . . . . . . . . . Install the external components . . . . . . . . . . . . . . . . . . . Install McAfee EMM software in basic security mode . . . . . . . . . . . . . . Install McAfee EMM software in simplified mode . . . . . . . . . . . . . . . . Customize your McAfee EMM installation . . . . . . . . . . . . . . . . . . Installation settings for components . . . . . . . . . . . . . . . . . Install auxiliary components . . . . . . . . . . . . . . . . . . . . . . . Install the Download Manager File Installer for Windows Mobile support . . . Install the BlackBerry Enterprise Server (BES) Agent for BlackBerry support . Troubleshoot certificate errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
29 30 31 32 34 36 37 38 38 39 40
Provisioning user devices
43
Overview of provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Installation Guide
Contents
Provision iOS devices . . . . . . . . . . . . Provision Android devices . . . . . . . . . . Provision Android devices using the McAfee Configure email for Android devices . . . Provision Windows Phone 7 devices . . . . . . Provision Windows Mobile devices . . . . . . .
. . . . EMM . . . . . .
. . . . app . . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
44 44 44 45 46 46
Modifying McAfee EMM software
47
Upgrade McAfee EMM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Migrate McAfee EMM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Uninstall McAfee EMM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Specialized installation tasks
51
Create an SRV record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Export your encryption key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 SQL database permissions for installation . . . . . . . . . . . . . . . . . . . . . . . . 52
Language support for McAfee EMM Index
53 55
Installation Guide
Preface
This guide provides the information you need to install your McAfee product. Contents About this guide Find product documentation
About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.
Audience
McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Users People who use the computer where the software is running and can access some or all of its features.
Conventions
This guide uses the following typographical conventions and icons. Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis. Bold User input or Path
Code
Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program. A code sample. Words in the user interface including options, menus, buttons, and dialog boxes. A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product.
User interface Hypertext blue
Installation Guide
Preface Find product documentation
Find product documentation

McAfee provides the information you need during each phase of product implementation, from installation to daily use and troubleshooting. After a product is released, information about the product is entered into the McAfee online KnowledgeBase. Task 1 2 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com. Under Self Service, access the type of information you need: To access... User documentation Do this... 1 Click Product Documentation. 2 Select a product, then select a version. 3 Select a product document. KnowledgeBase Click Search the KnowledgeBase for answers to your product questions. Click Browse the KnowledgeBase for articles listed by product and version.
Installation Guide
Planning your installation
Before you begin, plan the deployment of your McAfee EMM software, learn about the software components, decide on a configuration model, and verify that your system meets minimum requirements. Contents Considerations before installing McAfee EMM software McAfee EMM components Configuration modes Installation requirements
Considerations before installing McAfee EMM software

When you install any software that updates the way users interact with the network, it is important to plan for the installation and deployment of that software.
Security
Use these questions to help you identify the type of security policies you want to enforce. What types of devices are used in your network? A survey of device types, manufacturers, models, and operating systems might help you target your security policies. Which hardware or software restrictions apply for user devices? For example, you might want to disable cameras or Wi-Fi. Which applications should be blacklisted? EMM treats user devices with blacklisted applications as out-of-compliance. Which authentication settings are enforced on devices? For example, can users use passwords or PIN codes? What is the minimum length for each type of authentication? Are users required to change their password on a regular basis? What happens when authentication fails? For example, how many attempts should a user have to enter the correct password? Should the device be wiped after a specified number of failed attempts?
Mission-critical access
Determine which type of access is mission-critical to your organization. In some organizations, access to email and other data from a mobile device might be important; in others it might be critical. If your organization considers use of ActiveSync-enabled devices mission-critical, you must consider all subsystems in the McAfee EMM software to be mission-critical.
Installation Guide
Planning your installation Considerations before installing McAfee EMM software
In this situation, use hardware redundancy options such as: Network load balancing (NLB) Redundant Array of Independent Disks (RAID) Clustering options built into the operating system and applications SQL replication
Notifying users
Before deploying McAfee EMM software, consider how to notify users of provisioning requirements and planned changes to their mobile devices. The User Notifications screen allows you to bulk-authorize many users at once and automatically send them emails or text messages with provisioning details. You can bulk-authorize users based on LDAP groups or by importing a list in comma-separated value (CSV) format. For Windows Mobile devices, the initial installation and configuration requires users to enter a default password on their device. After the McAfee EMM software is deployed, users can't access their devices until they've provided the default password. To prevent temporarily limiting access to Windows Mobile devices, plan how to provide the default password to users in advance. In addition to providing users with provisioning instructions, be sure to tell them how use of their mobile devices is changing. In many cases, the only difference is that users need to enter a password or PIN when they turn on their device or when the device locks after a timeout period. In other cases, your security policy might limit access to applications.
Help for users

Consider how you want users to get help if they have trouble during or after provisioning. Some help tasks, like wiping a device, can be completed by the user through the McAfee EMM Portal. Other tasks can be completed only by an administrator through the McAfee EMM Helpdesk. Make sure you have a plan in place to provide help to users.
Installation Guide
Planning your installation McAfee EMM components
McAfee EMM components

The McAfee EMM system is based on a client-server architecture with server-side and client-side components.
Server components
These components are installed on enterprise servers and are used in the administration of the McAfee EMM system. EMM server component Hub Description The McAfee EMM Hub (Hub) manages communication between McAfee EMM components. It allows secure communication across the firewall (between the DMZ and the internal network) and eliminates the need to open custom firewall ports. SSL communication is established between the components. Using a custom installation, the Hub can also communicate with the DMZ components through an HTTP (non-secure) connection. The McAfee EMM Console (Console) is the application that manages the McAfee EMM system. It is an Internet Information Services (IIS) application accessible with Internet Explorer or Firefox web browsers with Microsoft Silverlight installed. Through the Console, administrative users can configure system settings, change policies, manage devices and users, administer McAfee EMM roles, perform Helpdesk functions, and view reports. The McAfee EMM Portal (Portal) is an Internet-facing component that allows device users to initiate requests for software downloads, and to perform limited Helpdesk functions. Users access the Portal from a browser on a PC or mobile device. The Portal typically resides on a McAfee EMM server installed in the DMZ. The McAfee Device Management Gateway (DMG) is an Internet-facing component that manages the server-side communication with legacy Windows Mobile devices. It controls policy, software, and configuration updates for mobile devices.
Console
Portal
Device Management Gateway
ActiveSync Proxy The McAfee ActiveSync Proxy is an Internet-facing component that proxies and Compliance ActiveSync traffic to the email servers. It is an IIS application that resides in the Filter DMZ and enables McAfee EMM to control access to enterprise resources on the DMZ server before reaching the internal network. The McAfee Compliance Filter is installed on the filter/proxy server that is placed in the DMZ (or for basic security deployments, on the internal McAfee EMM server). Push Notifier The McAfee Push Notifier is an Internet-facing component that sends push notifications to mobile devices. The Push Notifier is a required component that is usually installed in the DMZ so it can communicate with Apple and Android push notification services. The McAfee BES Agent is an optional component that synchronizes the BlackBerry Enterprise Server to McAfee EMM and performs select device actions. We recommend installing the BES Agent on the internal server. The McAfee PKI Agent is an optional component that dynamically retrieves certificates from a Microsoft certificate authority in PKI environments. It is usually installed on an internal server.
BES Agent (optional) PKI Agent (optional)
Installation Guide
Planning your installation Configuration modes
Client components
These components are installed on mobile devices that are registered on the enterprise network. They help provision user devices and communicate with the server. EMM Client Components McAfee EMM app (iOS devices) McAfee EMM app (Android devices) McAfee EMM Secure Container app (Android devices) Download Manager (Windows Mobile) PDA Secure (Windows Mobile) The Download Manager is the communication module installed on Windows Mobile devices. It provides device-side communication with the McAfee EMM server. PDA Secure is the security module installed on Windows Mobile devices. It enforces security based on policies that are created in the McAfee EMM Console. Except for the password screen, there is no user interface for PDA Secure, and it can't be modified by the user. An administrative unlock code is required to remove PDA Secure from the device. Description McAfee EMM is a free iOS app that enables easy provisioning by the user, and allows push notifications to deliver profile and security policy changes. McAfee EMM is a free Android app that enables easy provisioning by the user, and allows push notifications to deliver profile and security policy changes. The McAfee EMM Secure Container app is a free app, currently for Android only, that sandboxes enterprise email, contacts, and calendars.
Configuration modes
The specific configuration of your McAfee EMM software depends on the unique needs of your environment. The most common configurations are: Enhanced security mode on dual servers (recommended) Basic security mode on a single server Simplified mode (for use on a trial basis only)
Enhanced security mode (dual servers)

Enhanced security mode is the recommended configuration for McAfee EMM software. It provides maximum security and verifies web traffic before it enters your private network. In an enhanced security installation, you authorize users based on their Active Directory or Domino credentials. The enhanced security configuration installs McAfee EMM on two servers. The McAfee EMM Portal, DMG, ActiveSync Proxy, Compliance Filter, and Push Notifier are installed on an Internet-facing IIS server in the DMZ. The McAfee EMM Hub remains in the private subnet and runs the remaining server components. Communication from the Internet to the DMZ is restricted to HTTPS on port 443. Traffic between McAfee servers is also an SSL connection. Using a custom installation, the Hub communicates with the DMZ components using a non-secure HTTP connection.
10
Installation Guide
Basic security mode (single server)

Basic security mode is appropriate for smaller organizations without complex security requirements, or for trial installations. In a basic security installation, you authorize users based on their Active Directory or Domino credentials. In basic security mode, all McAfee EMM IIS components are installed on a single server that is available to mobile devices. Inbound traffic is allowed from the Internet for HTTPS sessions on port 443. The McAfee EMM/IIS server is positioned in the internal subnet so that it can access account information in the authorization server and connect to the SQL server as needed.
Installation Guide
11
Simplified mode
Simplified mode is appropriate when you install McAfee EMM software on a trial basis. Simplified deployments use ActiveSync Protocol for user authentication, so you don't have to integrate with an LDAP environment. However, you must add users manually or by uploading a file of authorized users. The server where the McAfee EMM Hub is installed communicates with the SQL Server and the Exchange server that is running ActiveSync.
12
Installation Guide
Planning your installation Installation requirements
Installation requirements
This section describes the system requirements and settings necessary to install and run McAfee EMM software.
System requirements
Use this table to verify that your system meets minimum operating requirements. Requirement Hardware Description 4 GB RAM Dual Core CPU Operating system Windows Server 2003 x86 or 64-bit with Service Pack 2 (Standard or Enterprise versions) Windows Server 2008 64-bit with Service Pack 2 (Standard or Enterprise versions) Windows Server 2008 R2 64-bit with Service Pack 1 (Standard or Enterprise versions)
Do not use Windows Server 2003 Service Pack 1 with SQL Express 2008. Installation fails with this configuration.
SQL Server
Microsoft SQL Server 2005, 2008, or 2008 R2

SQL Server 2008 R2 Express is available with the McAfee EMM installer.
Supported mobile devices Browsers
For a list of currently supported mobile devices, contact McAfee Technical Support or Sales. Internet Explorer Firefox
Microsoft Silverlight 3.0 or later must be installed on the browser.
Requirements for Public Key Infrastructure (PKI) environments

When installing McAfee EMM in a PKI environment using Enrollment Agents and certificate authority connections, the following requirements apply. Customized installation is required to install the Enrollment Agent. The McAfee EMM Deployment Helper guides you through obtaining your Enrollment Agent certificate. Installation in a PKI environment is supported only with Microsoft certificate authority running on Windows 2008 64-bit with Service Pack 1 or Windows 2008 R2 with Service Pack 1. Certificate authority can be standalone or enterprise, but it must belong to an AD domain. Your Enrollment Agent installation account must be set to "local" on the system where the Enrollment Agent is installed.
Installation Guide
13
Planning your installation Installation requirements
14
Installation Guide
Preparing for installation
Before installing McAfee EMM, you must configure your system settings. The McAfee EMM Deployment Helper walks you through preparing your system and obtaining required certifications. Contents System settings Run the McAfee Deployment Helper
System settings
Before installing McAfee EMM software, use this table to verify your system settings. The McAfee EMM Deployment Helper walks you through many of these prerequisites. Requirement Verifiable by Description Deployment Helper? McAfee Services is accessible from the Internet using public domain registration. You have an SSL certificate that matches the public DNS name and is from a recognized certificate authority like Verisign or Go Daddy.
Each time the SSL certificate is updated, all iOS devices are re-provisioned. Device users receive a confirmation to re-install the EMM profile. To avoid frequent provisioning, we suggest getting a multi-year SSL certificate. Don't use a trial certificate.
External No Domain for McAfee Services SSL Certificate Yes
MDM Certificate Yes
You have a valid MDM certificate if you want to use the MDM feature on iOS devices. You can install McAfee EMM software with MDM disabled, but doing so disables the following features for devices running iOS versions 4 and later: Policy updates without user intervention Remote lock and passcode unlock Syncing for devices provisioned with the EMM Portal Cleaner selective wipe Uninstall without user intervention Ability to collect device details, including phone numbers, installed apps and profiles, certificates, restrictions, policy compliance, IMEI number, and WAPMACA address
Installation Guide
15
Preparing for installation System settings
Requirement
Verifiable by Description Deployment Helper? Yes (internal ports only) For all installations: Inbound traffic on Port 443 to the McAfee EMM servers is allowed. Traffic on Port 443 from the McAfee EMM server to the email servers providing ActiveSync is allowed. The McAfee EMM Hub connects to the LDAP server for authentication and to the remote SQL server where the EMM Database is installed. For enhanced installations: Traffic on Port 443 or 80 from the McAfee EMM DMZ Server to Private LAN EMM internal server is allowed. For iOS push notifications: Outbound connection from the external McAfee EMM Server to "Apple Push Notification Service" at gateway.push.apple.com on TCP port 2195 is allowed. Outbound connection from the external McAfee EMM server to "Apple Push Feedback Service" at feedback.push.apple.com on TCP port 2196 is allowed.
For specific port and configuration details for iOS devices in a business environment, see http://images.apple.com/iphone/ business/docs/iPhone_IMAP.pdf.
Router/Firewall Access Rules
For Android push notifications: The McAfee EMM Push Notifier connects to the Android C2DM service on port 443. Device Wi-Fi Access Rules No For iOS devices: Port 5223 outbound from the device is open. If the devices are on a 3G network, the port doesn't need to be opened. For Android devices: Port 5228 outbound from the device is open.
16
Installation Guide
Preparing for installation System settings
Requirement
Verifiable by Description Deployment Helper? Yes The Windows/SQL account used for installation has permission to create a database on the database server. If a database already exists and was created by a system admin, the only permission required is CONNECT SQL. The logon credentials must be mapped to the database owner or to a user assigned appropriate permissions. If you can't give CREATE DATABASE permission to the installation account, you can create an empty database with the permissions CONNECT SQL and CREATE ANY DATABASE.
Installation Account
User Authentication
Yes
For all installations: You know the fully qualified domain name or IP address of the server used for authentication. For AD authentication, a legacy (NT) name is also required. ActiveSync is fully functional and the Exchange or Domino Traveler server is configured for ActiveSync. For enhanced and basic installations: Your Active Directory service account has "local administrator" privileges on the server where the McAfee EMM Hub is installed, and has read-only access to Active Directory or Domino LDAP services. For simplified installations: You have access to a non-administrator Exchange account (with email access) to test your ActiveSync connection. Don't use a domain administrator account as the test account. Domain administrator accounts have built-in restrictions that prevent authentication using the ActiveSync channel.
See also SQL database permissions for installation on page 52
Installation Guide
17
Preparing for installation Run the McAfee Deployment Helper
Run the McAfee Deployment Helper

The Deployment Helper verifies the McAfee EMM prerequisites and assists in preparing your environment for McAfee EMM installation. The Deployment Helper is available on the McAfee download site. Tasks Run the Deployment Helper for enhanced security installations on page 18 In an enhanced security installation, McAfee EMM is installed on two servers, so you must run the Deployment Helper on both servers. To prepare for an enhanced security installation, complete these tasks. Run the Deployment Helper for basic security installations on page 21 The Deployment Helper walks you through preparing for basic installation by obtaining MDM and portal certificates, specifying your LDAP and ActiveSync servers, and creating your McAfee EMM Database. Run the Deployment Helper for custom installations on page 24 The Deployment Helper walks you through preparing for custom installation, including installation in a PKI environment, by specifying the databases to use and obtaining required certification.
Run the Deployment Helper for enhanced security installations

In an enhanced security installation, McAfee EMM is installed on two servers, so you must run the Deployment Helper on both servers. To prepare for an enhanced security installation, complete these tasks. Tasks Run the Deployment Helper on the internal server on page 18 The Deployment Helper walks you through preparing your internal server for enhanced security installation by specifying your LDAP server and creating your McAfee EMM Database. Run the Deployment Helper on the external server on page 19 The Deployment Helper walks you through preparing your external server for enhanced security installation by obtaining MDM and portal certificates, specifying your ActiveSync server, and setting the location of your McAfee EMM Hub.
Run the Deployment Helper on the internal server

The Deployment Helper walks you through preparing your internal server for enhanced security installation by specifying your LDAP server and creating your McAfee EMM Database. Task 1 2 3 4 5 6 7 8 Log on to a Windows server. Locate and execute the installer file DeploymentHelperInstall.msi. On the Agreement screen, accept the terms of the license agreement, then click Install. When the installation is complete, select Start | All Programs | McAfee EMM | EMM Deployment Helper. On the Before You Begin screen, review the instructions, then click Next. On the Specify Setup Type screen, select Enhanced Security Model - Internal Server, then click Next. On the Introduction to Dual Server Installations (Internal Server) screen, review the information, then click Next. On the Specify Database Server screen, complete the fields, then click Next.
18
Installation Guide
Field
Value
Use SQL Express Select to install SQL Express on the local system and create the McAfee EMM Database. Server Name Authentication Host name or IP address of the SQL server for your EMM Database. Windows Authentication (recommended) SQL Authentication Username Password Database 9 User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database containing the McAfee EMM schema and data.
On the Specify LDAP Server screen, complete the fields, then click Next. Field Authentication Value Active Directory Domino Domain FQDN Domain DN Domain Name Username Password External EMM Proxy Server Address Fully qualified domain name of the server used for authentication. Domain distinguished name. If the server is in the current domain, this field is automatically populated when Domain FQDN is completed. Domain name of the LDAP server. This field is automatically populated when Domain FQDN is completed. User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
10 On the Confirm Installation Settings screen, review your settings (print, email, or save your info by clicking the link), then click Run Scan. When the scan is completed, results are shown. If any tasks are marked failed, review the information, then click the Launch KB Assistance link to help resolve any issues.
Run the Deployment Helper on the external server

The Deployment Helper walks you through preparing your external server for enhanced security installation by obtaining MDM and portal certificates, specifying your ActiveSync server, and setting the location of your McAfee EMM Hub. Before you begin Generate an MDM certificate according to the instructions in KB73382. Task 1 2 3 4 5 Log on to a Windows server. Locate and execute the installer file DeploymentHelperInstall.msi. On the Agreement screen, accept the terms of the license agreement, then click Install. When installation is complete, select Start | All Programs | McAfee EMM | EMM Deployment Helper. On the Before You Begin screen, review the instructions, then click Next.
Installation Guide
19
6 7 8 9
On the Specify Setup Type screen, select Enhanced Security Model - External Server, then click Next. On the Introduction to Dual Server Installations (External Server) screen, review the information, then click Next. On the Specify Hub Server screen, enter the server address for the McAfee EMM Hub, then click Next. On the Provide an MDM Certificate screen, select Use Existing Certificate.
10 On the Specify an MDM Certificate screen in the File Path field, browse to select the .p12 file. Enter the password for the certificate, verify the Topic (this should match the MDM topic associated with your certificate), then click Next. 11 On the Provide a Portal Certificate screen, select one of these options: If you want Complete these steps... to... Create New SSL Certificate On the Generate an SSL Certificate Request screen, complete the fields under Certificate Request, then click Create to create the certificate request file. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Certificate Request File Path Browse to select the location to store the certificate request. Verify the certificate request with a certificate authority. This is done separately from the Deployment Helper. Once the certificate request is verified, complete the fields under Certificate Response, then click Export to export the certificate in .pfx format. Click Next to continue. Certificate File Path Browse to select the valid .cer or .pem certificate file. Certificate Password Password for the certificate. On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
The user who creates the certificate must export the corresponding certificate response file. The private key created as part of the certificate request is stored in a secure Windows key container under that user's identity. Exporting the certificate response must be done on the same system where the certificate request was generated.
Use Existing SSL Certificate
On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
20
Installation Guide
12 On the Specify ActiveSync Server screen, complete the fields, then click Next. Field Value
Server Address Your mail server's ActiveSync server address. For a Domino server, enter <servername>/servlet/traveler. Domain Name Username Password Domain name of the server for authentication. User name in the domain for validating the ActiveSync connection. Password for the user name account.
Run the Deployment Helper for basic security installations

The Deployment Helper walks you through preparing for basic installation by obtaining MDM and portal certificates, specifying your LDAP and ActiveSync servers, and creating your McAfee EMM Database. Before you begin Generate an MDM certificate according to the instructions in KB73382. Task 1 2 3 4 5 6 7 Log on to a Windows Server. Locate and execute the installer file DeploymentHelperInstall.msi. On the Agreement screen, accept the terms of the license agreement, then click Install. When installation is complete, select Start | All Programs | McAfee EMM | EMM Deployment Helper. On the Before You Begin screen, review the instructions, then click Next. On the Specify Setup Type screen, select Basic Security Model - Single Server, then click Next. On the Specify Database Server screen, complete the fields, then click Next. Field Value
Use SQL Express Select to install SQL Express on the local system and create the McAfee EMM Database. Server Name Authentication Host name or IP address of the SQL server to install the EMM Database. Windows Authentication (recommended) SQL Authentication Username Password Database 8 User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database containing the McAfee EMM schema and data.
On the Specify LDAP Server screen, complete the fields, then click Next.
Installation Guide
21
Field Authentication
Value Active Directory Domino
Domain FQDN Domain DN Domain Name Username Password External EMM Proxy Server Address 9
Fully qualified domain name of the server used for authentication. Domain distinguished name. If the server is in the current domain, this field is automatically populated when Domain FQDN is completed. Domain name of the LDAP server. This field is automatically populated when Domain FQDN is completed. User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
On the Provide an MDM Certificate screen, select Use Existing Certificate.
10 On the Specify an MDM Certificate screen in the File Path field, browse to select the .p12 file. Enter the password for the certificate, verify the Topic (this should match the MDM topic associated with your certificate), then click Next. 11 On the Provide a Portal Certificate screen, select one of these options:
22
Installation Guide
If you want Complete these steps... to... Create New SSL Certificate On the Generate an SSL Certificate Request screen, complete the fields under Certificate Request, then click Create to create the certificate request file. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Certificate Request File Path Browse to select the location to store the certificate request. Verify the certificate request with a certificate authority. This is done separately from the Deployment Helper. Once the certificate request is verified, complete the fields under Certificate Response, then click Export to export the certificate in .pfx format. Click Next to continue. Certificate File Path Browse to select the valid .cer or .pem certificate file. Certificate Password Password for the certificate. On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
12 On the Specify ActiveSync Server screen, complete the fields, then click Next. Field Value
Server Address Your mail server's ActiveSync server address. For a Domino server, enter <servername>/servlet/traveler. Domain Name Username Password Domain name of the server for authentication. User name in the domain for validating the ActiveSync connection. Password for the user name account.
Installation Guide
23
Run the Deployment Helper for custom installations

The Deployment Helper walks you through preparing for custom installation, including installation in a PKI environment, by specifying the databases to use and obtaining required certification. Before you begin If you want to enable MDM on your McAfee EMM system, generate an MDM certificate according to the instructions in KB73382.
For PKI installations, run the Deployment Helper on the system where you plan to install the Enrollment Agent.
Task 1 2 3 4 5 6 7 Log on to a Windows Server. Locate and execute the installer file DeploymentHelperInstall.msi. On the Agreement screen, accept the terms of the license agreement, then click Install. When installation is complete, select Start | All Programs | McAfee EMM | EMM Deployment Helper. On the Before You Begin screen, review the instructions, then click Next. On the Specify Setup Type screen, select Custom Installation, then click Next. On the Select Components to Test screen, select the components you want to install, then click Next. The installation screens appear for the components you selected. 8 9 Complete the settings screens for each component you selected in the previous step. See Pre-installation settings for components. On the Confirm Installation Settings screen, review your settings (print, email, or save your info by clicking the link), then click Run Scan. When the scan is completed, results are shown. If any tasks are marked failed, review the information provided. Click the Launch KB Assistance link to help resolve any issues.
Pre-installation settings for components

Use these tables to complete the Deployment Helper's settings screens in a custom installation. Table 2-1 Database settings Field Server Name Authentication Value Host name or IP address of the SQL server to install the EMM Database. Windows Authentication (recommended) SQL Authentication Username Password Database User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database for the McAfee EMM schema and data.
Use SQL Express Select to install SQL Express on the local system and create the McAfee EMM Database.
24
Installation Guide
Table 2-2 LDAP settings Field Authentication Value Active Directory Domino Domain FQDN Domain DN Domain Name Username Password External EMM Proxy Server Address Fully qualified domain name of the server used for authentication. Domain distinguished name. If the server is in the current domain, this field is automatically populated when Domain FQDN is completed. Domain name of the LDAP server. This field is automatically populated when Domain FQDN is completed. User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
Installation Guide
25
Table 2-3 Portal Certificate settings If you want to... Create New SSL Certificate Complete these steps... On the Generate an SSL Certificate Request screen, complete the fields under Certificate Request, then click Create to create the certificate request file. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Certificate Request File Path Browse to select the location to store the certificate request. Verify the certificate request with a certificate authority. This is done separately from the Deployment Helper. Once the certificate request is verified, complete the fields under Certificate Response, then click Export to export the certificate in .pfx format. Click Next to continue. Certificate File Path Browse to select the valid .cer or .pem certificate file. Certificate Password Password for the certificate. On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
Table 2-4 ActiveSync Server settings Field Value
Server Address Your mail server's ActiveSync server address. For a Domino server, enter <servername>/ servlet/traveler. Domain Name Username Password Domain name of the server for authentication. User name in the domain for validating the ActiveSync connection. Password for the user name account.
26
Installation Guide
Table 2-5
PKI Agent settings Complete these steps... On the Generate a Signer Certificate Request screen, complete the fields, then click Create. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Email Email address of the administrator making the request. Certificate Request File Path Browse to select the location to store the certificate request.
If you want to... Create Signer Certificate Request
Generate Signer Certificate
On the Create a Signer Certificate screen, complete the fields, then click Create. Certificate Request File Path Browse to select the location for the signer certificate request. Certificate Password Password for the certificate. CA Name URL of the enrollment server, or the fully qualified domain name of the certificate authority server and certificate authority name (common name as entered on the certificate), in the format <CA server>\<CA name>. Certificate Response File Path Browse to select the location to store the certificate request.
Test Device Certificate Creation
On the Create a Device Certificate screen, complete the fields, then click Next. Certificate Template Certificate template name. For example, user. Subject Template Certificate subject name. For example, CN=user. EKUs Extended key usage object identifiers separated by commas. For example, 1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.8. Server Name Certificate authority server name. Signer Certificate Select from the list of signer certificates returned by the certificate authority.
Table 2-6 Field
BlackBerry server settings Value BES server address. Authentication method. User name for validating the BES server. Password for the user name account. Domain of the authentication account for the BES server.
Server Address Authentication Username Password Domain
Installation Guide
27
28
Installation Guide
Installing McAfee EMM software
The installation process depends on your planned configuration. Contents Install McAfee EMM software in enhanced security mode Install McAfee EMM software in basic security mode Install McAfee EMM software in simplified mode Customize your McAfee EMM installation Install auxiliary components Troubleshoot certificate errors
Install McAfee EMM software in enhanced security mode

Install McAfee EMM software in enhanced security mode for maximum security. This configuration installs the McAfee server-side components on dual servers. For an enhanced security installation, complete these tasks. Before you begin Run the McAfee Deployment Helper for enhanced security mode. Tasks Install the internal components on page 30 Install the McAfee EMM Hub, Console, and Database on the internal server. This is the first step to install McAfee EMM in enhanced security mode. Install the external components on page 31 Install the McAfee EMM Portal, DMG, and Proxy on the external server. This is the second step to installing McAfee EMM in enhanced security mode.
Installation Guide
29
Installing McAfee EMM software Install McAfee EMM software in enhanced security mode
Install the internal components

Install the McAfee EMM Hub, Console, and Database on the internal server. This is the first step to install McAfee EMM in enhanced security mode. Task 1 2 Log on to the server where you want to install the internal components. Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. 3 4 5 If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, select Dual Server (Internal) to install the Hub, Console, and Database on the current server. On the Database Settings screen, complete the fields, then click Next.
If the installer does not detect SQL Express, the field Install SQL Express 2008 R2 appears and all other fields, except Password, are disabled. Complete the Password field and follow the prompts to install SQL Express, or deselect the installation option and complete the fields.
Field Server Name Authentication
Value Host name where you want to install the McAfee EMM Database. Windows Authentication (recommended) SQL Authentication
Login Password Database 6
User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database that contains your McAfee EMM schema and data.
On the LDAP Settings screen, complete the fields, then click Next.
Your entries on this screen depend on whether you select user authentication based on Active Directory or Domino credentials.
Domain FQDN Domain DN
Fully qualified domain name of the server for authentication. Directory service name to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Leave this field blank.
Domain Name
The domain name of the server to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Domain name of the server for authentication.
30
Installation Guide
Installing McAfee EMM software Install McAfee EMM software in enhanced security mode
Field Username Password External EMM Proxy Server Address 7
Value User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
Click Finish to close the installer.
Install the external components

Install the McAfee EMM Portal, DMG, and Proxy on the external server. This is the second step to installing McAfee EMM in enhanced security mode. Before you begin Install the McAfee EMM Hub, Console, and Database on the internal server. Task 1 2 Log on to the server where you want to install the external components. Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. 3 4 5 If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Dual Server (External) to install the McAfee EMM Portal, DMG, and Proxy. On the Certificate Settings screen, complete the fields, then click Next. Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices.
Installation Guide
31
Installing McAfee EMM software Install McAfee EMM software in basic security mode
On the DMZ Component Settings screen in the ActiveSync Server Address field, enter the IP address or FQDN of the ActiveSync server that the McAfee EMM Proxy connects to for email. Verify the ActiveSync server connection using these steps: a Click the green checkmark next to the ActiveSync Server address. The ActiveSync Server Verification screen appears with the Username, Password, and Domain fields automatically populated with the credentials you specified on the LDAP Settings screen. Click Verify. If the connection was successful, the message "Successfully connected to [server]" appears. If the verification was unsuccessful, do the following, based on the error code: Error Code 500 Make sure that the Exchange server is operational. Error Code 403 Make sure that the user credentials are valid, that the user has a mailbox configured in the Exchange server, and that the Exchange server is accessible from the EMM server. c Click OK to return to the DMZ Component Settings screen, then click Next.
Install McAfee EMM software in basic security mode

Use a basic security installation if your organization doesn't have complex security requirements. This configuration installs the McAfee EMM components on a single server. Before you begin Run the McAfee Deployment Helper for basic security installations. Task 1 2 Log on to a Windows Server. Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. 3 4 5 If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Single Server. On the Database Settings screen, complete the fields, then click Next.
If the installer doesn't detect SQL Express, the field Install SQL Express 2008 R2 appears, and all other fields except Password are disabled. Complete the Password field and follow the prompts to install SQL Express, or deselect the installation option and complete the fields.
32
Installation Guide
Installing McAfee EMM software Install McAfee EMM software in basic security mode
Login Password Database 6
User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database that contains your McAfee EMM schema and data.
On the LDAP Settings screen, complete the fields, then click Next.
Your entries on this screen depend on whether you select user authentication based on Active Directory or Domino credentials.
Domain Name
The domain name of the server to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Domain name of the server for authentication.
Username Password External EMM Proxy Server Address 7
User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
On the Certificate Settings screen, complete the fields, then click Next. Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices.
Installation Guide
33
Installing McAfee EMM software Install McAfee EMM software in simplified mode
On the DMZ Component Settings screen in the ActiveSync Server Address field, enter the IP address or FQDN of the ActiveSync server that the McAfee EMM Proxy connects to for email. Verify the ActiveSync server connection using these steps: a Click the green checkmark next to the ActiveSync Server address. The ActiveSync Server Verification screen appears with the Username, Password, and Domain fields auto-populated from the credentials you specified on the LDAP Settings screen. Click Verify. If the connection was successful, the message "Successfully connected to [server]" appears. If the verification was unsuccessful, do the following, based on the error code: Error Code 500 Make sure that the Exchange server is operational. Error Code 403 Make sure that the user credentials are valid, that the user has a mailbox configured in the Exchange server, and that the Exchange server is reachable from the EMM server. c Click OK to return to the DMZ Component Settings screen, then click Next.
10 Click Finish to close the installer.
Install McAfee EMM software in simplified mode

Use a simplified deployment if you are installing McAfee EMM software on a trial basis. Task 1 2 Log on to a Windows Server. Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. 3 4 5 If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Single Server. On the Database Settings screen, complete the fields, then click Next.
If the installer doesn't detect SQL Express, the field Install SQL Express 2008 R2 appears and all other fields except Password are disabled. Complete the Password field and follow the prompts to install SQL Express, or deselect the installation option and complete the fields.
34
Installation Guide
Installing McAfee EMM software Install McAfee EMM software in simplified mode
Field Login Password Database 6
Value User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the Database that contains your McAfee EMM schema and data.
On the LDAP Settings screen, complete the fields, then click Next. Field Authentication ActiveSync Server Domain Name Verification Username Verification Password External EMM Proxy Server Address Value ActiveSync Protocol ActiveSync server used for authentication. This server tests that users have an email-enabled Exchange account. Domain name of the ActiveSync server. User name to connect to the directory server. Password to connect to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM proxy that devices connect to for ActiveSync.
On the Certificate Settings screen, complete the fields, then click Next. Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None - MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices. 8 On the DMZ Component Settings screen in the ActiveSync Server Address field, enter the IP address or FQDN of the ActiveSync server that the McAfee EMM Proxy connects to for email. Verify the ActiveSync server connection using these steps: a Click the green checkmark next to the ActiveSync Server address. The ActiveSync Server Verification screen appears with the Username, Password, and Domain fields automatically populated from the credentials you specified on the LDAP Settings screen. Click Verify. If the connection was successful, the message "Successfully connected to [server]" appears. If the verification was unsuccessful, do the following, based on the error code: Error Code 500 Make sure that the Exchange server is operational. Error Code 403 Make sure that the user credentials are valid, that user has a mailbox configured in exchange server, and that the exchange server is reachable from the EMM server. c Click OK to return to the DMZ Component Settings screen, then click Next.
Installation Guide
35
Installing McAfee EMM software Customize your McAfee EMM installation
Customize your McAfee EMM installation

Use a customized installation if you have unique configuration requirements, including operating in a PKI environment. Before you begin If you are customizing your installation for an HA environment, install the McAfee EMM Hub on a single server, then export an encryption key and use it to install additional components on a second server. You can then pair your systems using load balancing as appropriate for your setup. Task 1 Log on to a Windows server.
For a PKI installation, you must install on an internal server.
Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
3 4 5
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Custom Installation. On the Components screen, select the components you want to install, complete the fields, then click Next.
For a PKI installation, select Database, PKI Agent, Console, and Hub.
Field Installation Website Internal Connectivity Encryption Key
Value Website where the web service is installed. Connection method used by McAfee web services to communicate with the McAfee EMM Hub. Default Key Custom Key For use when installing in an HA environment.
Hub Server Address (optional)
This field appears only if you didn't select to install the McAfee EMM Hub. Enter the address of the Hub, including the port number. For example, servername:portnumber.
Complete the settings screens for each component you selected in the previous step. See Installation settings for components.
36
Installation Guide
Installing McAfee EMM software Customize your McAfee EMM installation
Click Finish and run the installer on additional servers as needed.

To complete a PKI installation, next install the McAfee EMM Portal, DMG, and Proxy on an external server.
See also Export your encryption key on page 51
Installation settings for components

Use these tables to complete the settings screens in a customized installation. Table 3-1 Field Server name Authentication Database settings Value Host name where you want to install the McAfee EMM Database. Windows Authentication (recommended) SQL Authentication Login Password Database Table 3-2 Field Authentication User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database that contains your McAfee EMM schema and data. LDAP settings Value Active Directory Domino Domain FQDN Domain DN Fully qualified domain name of the server for authentication. Directory service name to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Leave this field blank. Domain Name The domain name of the server to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Enter the domain name of the server for authentication. Username Password External EMM Proxy Server Address User name to connect to the directory service. Password to connect to the directory service. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
Installation Guide
37
Installing McAfee EMM software Install auxiliary components
Table 3-3 Portal Certificate settings Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices. Table 3-4 Field User Password Domain CA Name PKI Agent settings Value User name for the connection to the Enrollment Agent service account. Password for the connection to the Enrollment Agent. Domain name of the Enrollment Agent. Fully qualified domain name of the certificate authority server, in the format <CA server>\<CA name>.
Signer Certificate Select the Enrollment Agent certificate.
Install auxiliary components

Install auxiliary components to manage the specific types of mobile devices in use on your network. Tasks Install the Download Manager File Installer for Windows Mobile support on page 38 Install the McAfee EMM Download Manager installer if your organization uses Windows Mobile devices. The Download Manager can be added to any installation configuration. Install the BlackBerry Enterprise Server (BES) Agent for BlackBerry support on page 39 Install the BES Agent if your organization uses BlackBerry devices. A BES Agent can be added to any installation configuration.
Install the Download Manager File Installer for Windows Mobile support
Install the McAfee EMM Download Manager installer if your organization uses Windows Mobile devices. The Download Manager can be added to any installation configuration. Task 1 2 3 4 5 Log on to the server where you want to install the Download Manager. Locate and right-click the file TDDMFilesSetup.exe, then select Run as Administrator. When prompted by the McAfee Files Setup InstallSheild Wizard, click Next. On the Agreement screen, accept the terms of the license agreement, then click Next. On the Database Server screen, complete the fields, then click Next.
38
Installation Guide
Installing McAfee EMM software Install auxiliary components
Field Connect Using
Value
Database Server Database server where the McAfee EMM Database was installed. Windows Authentication (recommended) SQL Authentication You are prompted to enter the Login ID and Password for the connection to the database. 6 7 On the Select Database screen, select the name of the McAfee EMM Database, then click Next. On the Download Manager File Configuration screen, complete the fields, then click Next. Field Value
Device Management Gateway URL of the server where the DMG is located. Don't enter the protocol. location SSL Port Domain (optional) 8 Click Install. When the program is installed, the Install Wizard Complete screen appears. 9 Click Finish to close the installer. Select to use SSL communication. Port available for HTTPS sessions on the server. Name of the domain that authenticates users. If you are using multiple domains, leave this field blank.
Install the BlackBerry Enterprise Server (BES) Agent for BlackBerry support
Install the BES Agent if your organization uses BlackBerry devices. A BES Agent can be added to any installation configuration. If the BES server uses multiple authentication servers, they all must be added to McAfee EMM.
When the BES Agent is installed, it immediately begins communicating with the authentication servers. If you are using multiple authentication servers, you must install the McAfee EMM software and all authentication servers from the Console (System Settings | Authorization Servers) before installing the BES Agent. You can install the BES Agent on the McAfee internal server or the DMZ server.
Task 1 2 Log on to the server where you want to install the BES Agent. Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. 3 4 If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Custom Installation.
Installation Guide
39
Installing McAfee EMM software Troubleshoot certificate errors
On the Components screen, select BES Agent, complete the fields, then click Next. Field Installation Website Value Website where the web service is installed.
Internal Connectivity Connection method used by McAfee web services to communicate with the McAfee EMM Hub. Encryption Key 6 Default Key
On the BES Agent Settings screen, complete the fields, then click Next. Field BlackBerry Server Data Retrieval Frequency (h) Authentication Username Password Domain Value BES server address. Frequency in hours that the BES server is re-queried for device data. User account used to authenticate to the BES server. User name of the authentication account for the BES server. Password of the authentication account for the BES server. Domain of the authentication account for the BES server.
Troubleshoot certificate errors

If you encounter errors importing your portal certificate or Enrollment Agent certificate during installation, check for the following conditions and fix them before continuing.
Portal certificate errors

The password was incorrect. The certificate file is invalid, does not exist, or is empty. The certificate chain in the certificate file does not contain the necessary issuers. The certificate's validity period is invalid. None of the certificates in the certificate chain are marked as certificate authority certificates. There is no certificate chain in the certificate file. An unexpected error occurred when determining the validity of the certificate.
Enrollment Agent certificate errors for PKI environments

Look for errors in the EMM server event log. Look for failed requests listed on the certificate authority server and find the request that failed. The certificate authority log might have more details than the EMM log about why the certificate request failed.
40
Installation Guide
In the EMM certificate configuration, make sure you use the template name and not the template display name. The name displayed in the template list is the display name. Check the template properties for the name. For example, the template name for the "Web Server" template is "WebServer" (no spaces). If you get errors about issuance requirements: Select the Issuance requirements tab in the template properties. Deselect CA cert manager approval. Select This number of authorized signatures. The number next to it should be 1. Select policy type application policy, then in the application policy drop-down list, select certificate request agent.
Installation Guide
41
42
Installation Guide
Provisioning user devices
After installing the McAfee EMM software on your servers, users can provision their mobile devices to your network with the system's client-side components, including the McAfee EMM app and Secure Container. Contents Overview of provisioning Provision iOS devices Provision Android devices Provision Windows Phone 7 devices Provision Windows Mobile devices
Overview of provisioning
You must provision the device from the device itself. Provisioning methods vary by device. You can provision devices using these methods: iOS devices Use the McAfee EMM app. Androids Use the McAfee EMM app. Some devices require manual email configuration using Exchange ActiveSync. Windows Phone 7 Configure email using Exchange ActiveSync. Windows Mobile Use the McAfee EMM Portal.
To validate credentials, the McAfee EMM server needs details of the Active Directory, Domino directory, or ActiveSync server. If your system specifies authorized users, the user must be on the authorized users list. For details on authorization servers and authorized users, see the McAfee EMM Product Guide. Prior to provisioning, do the following: 1 2 3 Verify that the date and time on the device are set accurately. Update your device catalog. For details on adding the device catalog, see the McAfee EMM Product Guide. If you want the McAfee EMM app to automatically detect the EMM Portal, create an SRV record.
See also Create an SRV record on page 51
Installation Guide
43
Provisioning user devices Provision iOS devices
Provision iOS devices

Use the McAfee EMM app to provision your iOS device. You can do this with or without a provisioning token, or one-time password, set by the administrator. Task 1 2 Download the McAfee EMM app from the Apple App Store. Launch the McAfee EMM app, then click OK to allow the app to use your current location.
If corporate policy blocks jailbroken devices, location must be turned on to avoid disruption in email service. Your location is not stored in any database, nor is it made available to the company.
Enter your email address and password, then click Sign In. a b (Optional) If your device doesn't automatically detect the EMM server, enter the server address provided by your administrator, then click Sign In. (Optional) If your administrator set a temporary password, on the Provisioning Token screen, enter the password, then click OK.
4 5
On the User Agreement screen, click Accept. On the Install Profile screen, click Install, then confirm by clicking Install Now. If the device has a passcode, the Enter Passcode screen appears. Enter your passcode, then click Done.
6 7
Click Install to allow your server administrator to remotely manage your device. On the Profile Installed screen, click Done.
Provision Android devices

Use the McAfee EMM app to provision your Android device. The app walks you through installing the Secure Container. If you don't install the Secure Container, most Android devices require manual email configuration using Exchange ActiveSync. Tasks Provision Android devices using the McAfee EMM app on page 44 Use the McAfee EMM app to provision your Android device. Provisioning with the app includes installing the Secure Container to access enterprise email, contacts, and calendars. Configure email for Android devices on page 45 If you didn't install the Secure Container and your corporate email isn't listed in Applications | Settings | Accounts and sync after provisioning, use Exchange ActiveSync to manually configure email.
Provision Android devices using the McAfee EMM app

Use the McAfee EMM app to provision your Android device. Provisioning with the app includes installing the Secure Container to access enterprise email, contacts, and calendars. Task 1 2 Download the McAfee EMM app from the Android Market, then confirm the download. Click Install.
44
Installation Guide
Provisioning user devices Provision Android devices
3 4
Launch the McAfee EMM app. Enter your email address and password, then click Sign In. a b (Optional) If your device doesn't automatically detect the EMM server, enter the server address provided by your administrator, then click Sign In. (Optional) If your administrator set a temporary password, on the Provisioning Token screen, enter the password, then click OK.
5 6 7
On the User Agreement screen, click Accept. When the Activate Device Administrator screen appears, click Activate. (Optional, Android 3.x and later) If your organization's security policies are set to allow only encrypted devices, you are redirected to your device's encryptions settings page. Click to encrypt your device. On the EMM Screen unlock security screen, set a PIN or password for your device, then click OK. On the Secure Container installation screen, you are prompted to do one of the following: If you are assigned to a policy that requires the Secure Container, click OK. You are taken to the Android Market to install Secure Container. If you are assigned to a policy that recommends the Secure Container, you have the option to install it. Click Yes or No. If you click Yes, you are taken to the Android Market to install Secure Container.
8 9
10 (Optional) If you installed the Secure Container in the previous step, you are prompted to do the following: a b Enter the password for your email account. Click OK, then enter your password. Create a Secure Container passcode. On the Setup Passcode screen, enter a passcode, then re-enter to confirm.
Configure email for Android devices

If you didn't install the Secure Container and your corporate email isn't listed in Applications | Settings | Accounts and sync after provisioning, use Exchange ActiveSync to manually configure email. Task 1 2 3 4 Click Applications | Settings | Accounts and sync. Click Add Account | Microsoft Exchange ActiveSync. Follow the prompts to enter your email address, password, domain\user name, and proxy server address, then click Done. (Optional) If prompted, click OK to allow remote security administration.
Installation Guide
45
Provisioning user devices Provision Windows Phone 7 devices
Provision Windows Phone 7 devices

Use Exchange ActiveSync to manually configure email on your Windows Phone 7. Task 1 2 3 Select Settings | Email & Accounts | Add an Account. Select Outlook. Enter your email address and password, then click Sign In. The message "Your settings could not be found..." appears. 4 Enter the domain, then click Sign In. The message "Your settings could not be found..." appears. 5 6 7 Click OK. Click Advanced. In the Server field, enter the server address of the EMM proxy, then click Sign In.
Provision Windows Mobile devices

Use the McAfee EMM Portal to provision your Windows Mobile device. Task 1 2 3 4 Access the URL for the McAfee EMM Portal for your organization. View the user agreement, then click Accept. Enter your network user name, password, and domain, then click Log On. On the Download page, click Provision My Device. The prompts to download the Download Manager vary by device. Confirm the download as prompts appear. If you are prompted with the message "TDDM *****.cab. What would you like to do with this file?", click Open to continue the provisioning process. (If you click Save, the provisioning process stops.) 5 6 On the Download Manager screen, enter the user name, password, and domain (the domain might be pre-populated), then click Next. When installation is complete and the device has automatically restarted, enter default password 12345, then click Unlock. On the Change Password screen, enter a new power-on password for the device, then click Done.
46
Installation Guide
Modifying McAfee EMM software
The server-side components of the McAfee EMM software are easily upgraded, migrated, or uninstalled. Contents Upgrade McAfee EMM software Migrate McAfee EMM software Uninstall McAfee EMM software
Upgrade McAfee EMM software

You can upgrade your McAfee EMM software to version 10.1 from versions 9.6, 9.7.2, or 10.0. If you have versions 9.7.0, 9.7.1, or a version earlier than 9.6, contact McAfee Technical Support for assistance. Upgrading an enhanced security installation (on dual servers) Complete the upgrade procedure first on the internal server that contains the McAfee EMM Hub, Console, and Database, then repeat the upgrade procedure on the external server containing the McAfee EMM DMG, Proxy, and Portal. Upgrading from a simplified deployment Follow the procedure for migrating McAfee EMM.
Task 1 2 Log on to the server where the McAfee EMM Hub and Database are installed. Locate and right-click the upgrade file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. If prompted, click Yes to reboot the server. The installer continues automatically when the reboot is complete. 3 On the Agreement screen, accept the terms of the license agreement, then click Next. If you are running the upgrade installer for the second time, the field Use Configuration From Previous Installations appears on the Agreement screen. Select this option to keep the configurations from your previous upgrade. 4 5 On the Options screen, click Upgrade. (Optional) If you're using Windows or SQL authentication, the Database Settings screen appears. Complete the fields, or verify the pre-populated values if you selected to use configuration from your previous installations, then click Next. On the Summary screen, review the information, then click Upgrade. Click Finish to close the upgrade installer.
6 7
Installation Guide
47
Modifying McAfee EMM software Migrate McAfee EMM software
(Optional) If you're upgrading from a version earlier than 10.0, you must upgrade the iOS5 profile on users' devices to enable iOS5 restrictions. To push the upgrade to iOS5 devices, do the following: a b c d Open the EMM Console. Click System Settings | General Settings. Check to enable Upgrade iOS MDM Access Rights. Click Save.
The EMM server sends iOS5 users a push notification to update their corporate device settings. The user is prompted to accept the user agreement and install the updated profile.
Migrate McAfee EMM software

You can migrate your McAfee EMM installation from a simplified deployment to basic security mode. Migration involves uninstalling and reinstalling the McAfee EMM Hub. You don't change the other components of your McAfee EMM system. Task 1 2 Log on to the server where the Hub is installed. Manually uninstall the Hub from your McAfee EMM system. a b 3 Select Start | Control Panel | Add or Remove Programs. Select McAfee EMM Hub, then click Uninstall.
Locate and right-click the file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. If prompted, click Yes to reboot the server. The installer continues automatically when the reboot is complete.
4 5 6
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Custom Installation. On the Components screen, select to install the Hub, complete the fields, then click Next. Field Installation Website Internal Connectivity Value Website to install the web service. http https Encryption Key Default Key
7 8
On the Database Settings screen, verify the information is correct, then click Next. On the Migration - ActiveSync to LDAP screen, do one of the following: To continue with the migration process by authenticating the servers, deselect Skip Migration of Authentication Servers, then select and edit each authorization server. The Edit Auth Server screen appears for each server. Complete the fields, then click Save. After you've edited all the authentication servers, click Next.
Your entries on the Edit Auth Server screens depend on whether you select user authentication based on Active Directory or Domino credentials.
48
Installation Guide
Modifying McAfee EMM software Uninstall McAfee EMM software
Domain Name
The name of the server to be used for authentication. Active Directory This field is populated when Domain FQDN is completed. Domino Domain name of the server for authentication.
Username Password 9
User name to connect to the directory service. Password to connect to the directory service.
To re-install certain components but remain in ActiveSync Protocol mode, select Skip Migration of Authentication Servers, then click Next to reinstall the components.
Uninstall McAfee EMM software

To uninstall McAfee EMM software, follow these steps for each server where you installed components. Task 1 2 3 4 Log on to the server where your McAfee EMM components are installed. Locate and right-click the file Setup.exe, then select Run as Administrator. When the Options screen appears, click Uninstall. On the Uninstall Summary screen, click Uninstall. Checkmarks appear next to each component as they're uninstalled. 5 Click Finish to close the uninstaller.
Installation Guide
49
Modifying McAfee EMM software Uninstall McAfee EMM software
50
Installation Guide
Specialized installation tasks
These specialized installation tasks prepare you for custom configuration of your McAfee EMM software. Contents Create an SRV record Export your encryption key SQL database permissions for installation
Create an SRV record

Configure an SRV record to allow the McAfee EMM Agent to locate the correct EMM Portal during provisioning. Task 1 Create an SRV record with this format: _Service._Proto.Name TTL Class SRV Priority Weight Port Target _Service _Proto Name TTL Class SRV Priority Weight Port Target _activation _tcp Customer's domain name (must end with a period) 86400 IN SRV 0 1 443 Canonical hostname of the EMM portal server
An example SRV record is: _activation._tcp.acme.com. 86400 IN SRV 0 1 443 emm.acme.com 2 Publish the certificate to a device-accessible DNS server.
Export your encryption key

You need an encryption key (in .skx format) to customize your McAfee EMM system or migrate the software from one server to another. Before you begin McAfee EMM must be installed and you must be logged on to the Console.
Installation Guide
51
Specialized installation tasks SQL database permissions for installation
Task 1 2 Click the name of the server in the upper-left corner of the McAfee EMM Console. On the Export Key screen in the Key Password field, enter your key password, then select Export Encryption Key. You are prompted to save the .skx file.
SQL database permissions for installation

The user who installs the McAfee EMM Database on the database server must have the permissions shown here. CREATE TABLE CREATE VIEW CREATE PROCEDURE CREATE FUNCTION CREATE RULE CREATE DEFAULT BACKUP DATABASE BACKUP LOG CREATE TYPE CREATE ASSEMBLY CREATE XML SCHEMA COLLECTION CREATE SCHEMA CREATE SYNONYM CREATE AGGREGATE CREATE ROLE CREATE MESSAGE TYPE CREATE SERVICE CREATE CONTRACT CREATE REMOTE SERVICE BINDING CREATE ROUTE CREATE QUEUE CREATE SYMMETRIC KEY CREATE ASYMMETRIC KEY CREATE FULLTEXT CATALOG CREATE CERTIFICATE CREATE DATABASE DDL EVENT NOTIFICATION CONNECT CONNECT REPLICATION CHECKPOINT SUBSCRIBE QUERY NOTIFICATIONS AUTHENTICATE SHOWPLAN ALTER ANY USER ALTER ANY ROLE ALTER ANY APPLICATION ROLE ALTER ANY SCHEMA ALTER ANY ASSEMBLY ALTER ANY DATASPACE ALTER ANY MESSAGE TYPE ALTER ANY CONTRACT ALTER ANY SERVICE ALTER ANY REMOTE SERVICE BINDING ALTER ANY ROUTE ALTER ANY FULLTEXT CATALOG ALTER ANY SYMMETRIC KEY ALTER ANY ASYMMETRIC KEY ALTER ANY CERTIFICATE SELECT INSERT UPDATE DELETE REFERENCES EXECUTE ALTER ANY DATABASE DDL TRIGGER ALTER ANY DATABASE EVENT NOTIFICATION VIEW DATABASE STATE VIEW DEFINITION TAKE OWNERSHIP ALTER CONTROL
52
Installation Guide
Language support for McAfee EMM
This table shows languages supported by the McAfee EMM system components. Code Language McAfee Server Apple App EMM App Notifications Store (13 languages supported by iOS) Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported English English Supported Supported Supported Supported Supported Supported with FR with FR Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported English Supported English Supported Supported Android McAfee Marketplace EMM (15 Console languages supported by Android) User Agreement on the Console
ID
Bahasa Indonesia
Supported Supported Supported Supported Supported Supported English Supported Supported Supported with FR Supported Supported Supported Supported Supported Supported Supported Supported Supported with ES Supported Supported Supported
ZH-CN Chinese, Simplified ZH-TW Chinese, Traditional NL Dutch
EN-US English (U.S.) FI FR FR-CA DE IT JA-JP KO NOR PT PT-BR ES Finnish French French, Canadian German Italian Japanese Korean Norwegian Portuguese Brazilian Spanish Mexican SV-SE Swedish RU TR Russian Turkish
Portuguese, Supported Supported Supported Supported Supported Supported with ES with ES Supported Supported Supported Supported Supported Supported
ES-MX Spanish,
Installation Guide
53
Language support for McAfee EMM
Code
Language
McAfee Server Apple App EMM App Notifications Store (13 languages supported by iOS) Supported Supported Supported Supported
Android McAfee Marketplace EMM (15 Console languages supported by Android)
User Agreement on the Console
DA PL
Danish Polish
Supported Supported
54
Installation Guide
Index
A
about this guide 5 Active Directory, See LDAP ActiveSync installation settings 37 pre-installation settings 24 Proxy, description 9 agents BES Agent, installing 39 Enrollment Agent, installation settings 37 PKI Agent, installation settings 37 Android devices configuring email 45 provisioning 44 auxiliary components, installing BES Agent 39 Download Manager File Installer 38
configuration making changes to 48 modes 10 considerations, planning your installation how users get help 8 mission-critical access 7 notifying users 8 security 7 Console description 9 supported languages 53 conventions and icons used in this guide 5 custom installation configuring an SRV record 51 exporting encryption key 51 installing 36 running the Deployment Helper 24
B
basic security mode about 11 installing 32 running the Deployment Helper 21 BES Agent description 9 installing 39 pre-installation settings 24 BlackBerry Enterprise Server Agent, See BES Agent browser requirements 13
D
Database, McAfee EMM installation settings 37 pre-installation settings 24 Deployment Helper about 18 basic security installation 21 customized installation 24 enhanced security installation 18 running on external servers 19 running on internal servers 18 deployment planning determining mission-critical functions 7 help for users 8 notifying users 8 security 7 devices provisioning 43 settings 15 supported types 13 DMG, description 9 documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5
C
certificate authority requirements 13 troubleshooting certificate errors 40 compliance Filter, description 9 security considerations 7 components auxiliary, installing 38 client-side 10 server-side 9 settings, installation 37 settings, pre-installation 24
Installation Guide
55
Index
Domino, See LDAP Download Manager description 10 installing 38
L
languages, supported by McAfee EMM 53 LDAP installation settings 37 pre-installation settings 24 system settings 15
E
email, configuring for Android devices 45 EMM app description 10 provisioning Android devices 44 provisioning iOS devices 44 EMM Portal description 9 provisioning Windows Mobile devices 46 encryption key, exporting 51 enhanced security mode about 10 installing 2931 running the Deployment Helper 18 upgrading from a previous version 47 Enrollment Agent requirements 13 troubleshooting certificate errors 40 external domain, system settings 15 external server installing 31 running the Deployment Helper 19
M
McAfee ServicePortal, accessing 6 MDM certificate pre-installation settings 24 system settings 15 migration instructions 48
N
notification to users, planned deployment 8
O
operating system requirements 13
P
PDA Secure, description 10 PKI Agent, description 9 PKI environment installation settings 37 installing 36 pre-installation settings 24 requirements 13 running the Deployment Helper 24 troubleshooting certificate errors 40 portal certificate installation settings 37 pre-installation settings 24 troubleshooting certificate errors 40 pre-installation component settings 24 considerations 7 system settings 15 provisioning Android devices 44 configuring SRV record 51 email on Android devices 45 iOS devices 44 overview 43 Windows 7 devices 46 Windows Mobile devices 46 public security certificate, See SSL certificate Push Notifier description 9 system settings 15
H
HA environment, installing 36 hardware requirements 13 help for users, planning 8 Hub, description 9
I
installation basic security mode 32 BES Agent 39 configuration modes 10 considerations before 7 custom 36 Download Manager File Installer 38 enhanced security mode 2931 migrating, simplified to basic security mode 48 simplified mode 34 upgrading from a previous version 47 internal server installing 30 running the Deployment Helper 18 iOS devices, provisioning 44 iPad, See iOS devices iPhone, See iOS devices iPod, See iOS devices
56
Installation Guide
Index
R
requirements PKI environments 13 system 13 system settings 15 router and firewall access, system settings 15
simplified mode (continued) upgrading from a previous version 47 SQL account, system settings 15 database permissions 52 server requirements 13 SRV record, creating 51 SSL certificate, system settings 15 supported devices 13 system requirements 13
S
Secure Container description 10 installing on Android devices 44 security considerations 7 security modes basic, on a single server 11, 32 enhanced, on dual servers 10, 29 migrating to basic security mode 48 simplified 12, 34 ServicePortal, finding product documentation 6 settings installation 37 pre-installation 24 system requirements 15 simplified mode about 12 installing 34 migrating to basic security mode 48
T
Technical Support, finding product information 6 troubleshooting, certificate errors 40
U
uninstallation instructions 49 upgrade instructions 47 user authentication, system settings 15 user devices, See devices
W
Windows 7 devices, provisioning 46 Windows Mobile Download Manager File Installer 38 provisioning devices 46
Installation Guide
57
00

EMM 10.1 Installation Guide

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

EMM 10.1 Installation Guide

Hochgeladen von

Copyright:

Verfügbare Formate

Installation Guide

McAfee Enterprise Mobility Management 10.1

Copyright 2012 McAfee, Inc. Do not copy without permission.

LICENSE INFORMATION License Agreement

McAfee Enterprise Mobility Management 10.1

Planning your installation

Preparing for installation

Installing McAfee EMM software

Provisioning user devices

McAfee Enterprise Mobility Management 10.1

Modifying McAfee EMM software

Specialized installation tasks

Language support for McAfee EMM Index

McAfee Enterprise Mobility Management 10.1

About this guide

User interface Hypertext blue

McAfee Enterprise Mobility Management 10.1

Preface Find product documentation

Find product documentation

McAfee Enterprise Mobility Management 10.1

Planning your installation

Considerations before installing McAfee EMM software

McAfee Enterprise Mobility Management 10.1

Planning your installation Considerations before installing McAfee EMM software

Help for users

McAfee Enterprise Mobility Management 10.1

Planning your installation McAfee EMM components

McAfee EMM components

Device Management Gateway

BES Agent (optional) PKI Agent (optional)

McAfee Enterprise Mobility Management 10.1

Planning your installation Configuration modes

Enhanced security mode (dual servers)

McAfee Enterprise Mobility Management 10.1

Planning your installation Configuration modes

Basic security mode (single server)

McAfee Enterprise Mobility Management 10.1

Planning your installation Configuration modes

McAfee Enterprise Mobility Management 10.1

Planning your installation Installation requirements

Microsoft SQL Server 2005, 2008, or 2008 R2

Supported mobile devices Browsers

Requirements for Public Key Infrastructure (PKI) environments

McAfee Enterprise Mobility Management 10.1

Planning your installation Installation requirements

McAfee Enterprise Mobility Management 10.1

Preparing for installation

External No Domain for McAfee Services SSL Certificate Yes

MDM Certificate Yes

McAfee Enterprise Mobility Management 10.1

Preparing for installation System settings

Router/Firewall Access Rules

McAfee Enterprise Mobility Management 10.1

Preparing for installation System settings

See also SQL database permissions for installation on page 52

McAfee Enterprise Mobility Management 10.1

Preparing for installation Run the McAfee Deployment Helper

Run the McAfee Deployment Helper

Run the Deployment Helper for enhanced security installations

Run the Deployment Helper on the internal server

McAfee Enterprise Mobility Management 10.1

Preparing for installation Run the McAfee Deployment Helper

Run the Deployment Helper on the external server

McAfee Enterprise Mobility Management 10.1