Beruflich Dokumente
Kultur Dokumente
COPYRIGHT
TRADEMARK ATTRIBUTIONS
McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.
Installation Guide
Contents
Preface
About this guide . . . . . . . . . . . . Audience . . . . . . . . . . . . Conventions . . . . . . . . . . . Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5 5 5 6
Considerations before installing McAfee EMM software . . . . . . . . . . . . . . . . . . . 7 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Mission-critical access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Notifying users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Help for users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 McAfee EMM components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Server components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Client components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Configuration modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Enhanced security mode (dual servers) . . . . . . . . . . . . . . . . . . . . . 10 Basic security mode (single server) . . . . . . . . . . . . . . . . . . . . . . . 11 Simplified mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Installation requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Requirements for Public Key Infrastructure (PKI) environments . . . . . . . . . . . . 13
15
15 18 18 21 24
29
29 30 31 32 34 36 37 38 38 39 40
43
Overview of provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Installation Guide
Contents
Provision iOS devices . . . . . . . . . . . . Provision Android devices . . . . . . . . . . Provision Android devices using the McAfee Configure email for Android devices . . . Provision Windows Phone 7 devices . . . . . . Provision Windows Mobile devices . . . . . . .
. . . . EMM . . . . . .
. . . . app . . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
. . . . . .
44 44 44 45 46 46
47
Upgrade McAfee EMM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Migrate McAfee EMM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Uninstall McAfee EMM software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
51
Create an SRV record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Export your encryption key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 SQL database permissions for installation . . . . . . . . . . . . . . . . . . . . . . . . 52
53 55
Installation Guide
Preface
This guide provides the information you need to install your McAfee product. Contents About this guide Find product documentation
Audience
McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Users People who use the computer where the software is running and can access some or all of its features.
Conventions
This guide uses the following typographical conventions and icons. Book title or Emphasis Title of a book, chapter, or topic; introduction of a new term; emphasis. Bold User input or Path
Code
Text that is strongly emphasized. Commands and other text that the user types; the path of a folder or program. A code sample. Words in the user interface including options, menus, buttons, and dialog boxes. A live link to a topic or to a website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product.
Installation Guide
Installation Guide
Before you begin, plan the deployment of your McAfee EMM software, learn about the software components, decide on a configuration model, and verify that your system meets minimum requirements. Contents Considerations before installing McAfee EMM software McAfee EMM components Configuration modes Installation requirements
Security
Use these questions to help you identify the type of security policies you want to enforce. What types of devices are used in your network? A survey of device types, manufacturers, models, and operating systems might help you target your security policies. Which hardware or software restrictions apply for user devices? For example, you might want to disable cameras or Wi-Fi. Which applications should be blacklisted? EMM treats user devices with blacklisted applications as out-of-compliance. Which authentication settings are enforced on devices? For example, can users use passwords or PIN codes? What is the minimum length for each type of authentication? Are users required to change their password on a regular basis? What happens when authentication fails? For example, how many attempts should a user have to enter the correct password? Should the device be wiped after a specified number of failed attempts?
Mission-critical access
Determine which type of access is mission-critical to your organization. In some organizations, access to email and other data from a mobile device might be important; in others it might be critical. If your organization considers use of ActiveSync-enabled devices mission-critical, you must consider all subsystems in the McAfee EMM software to be mission-critical.
Installation Guide
In this situation, use hardware redundancy options such as: Network load balancing (NLB) Redundant Array of Independent Disks (RAID) Clustering options built into the operating system and applications SQL replication
Notifying users
Before deploying McAfee EMM software, consider how to notify users of provisioning requirements and planned changes to their mobile devices. The User Notifications screen allows you to bulk-authorize many users at once and automatically send them emails or text messages with provisioning details. You can bulk-authorize users based on LDAP groups or by importing a list in comma-separated value (CSV) format. For Windows Mobile devices, the initial installation and configuration requires users to enter a default password on their device. After the McAfee EMM software is deployed, users can't access their devices until they've provided the default password. To prevent temporarily limiting access to Windows Mobile devices, plan how to provide the default password to users in advance. In addition to providing users with provisioning instructions, be sure to tell them how use of their mobile devices is changing. In many cases, the only difference is that users need to enter a password or PIN when they turn on their device or when the device locks after a timeout period. In other cases, your security policy might limit access to applications.
Installation Guide
Server components
These components are installed on enterprise servers and are used in the administration of the McAfee EMM system. EMM server component Hub Description The McAfee EMM Hub (Hub) manages communication between McAfee EMM components. It allows secure communication across the firewall (between the DMZ and the internal network) and eliminates the need to open custom firewall ports. SSL communication is established between the components. Using a custom installation, the Hub can also communicate with the DMZ components through an HTTP (non-secure) connection. The McAfee EMM Console (Console) is the application that manages the McAfee EMM system. It is an Internet Information Services (IIS) application accessible with Internet Explorer or Firefox web browsers with Microsoft Silverlight installed. Through the Console, administrative users can configure system settings, change policies, manage devices and users, administer McAfee EMM roles, perform Helpdesk functions, and view reports. The McAfee EMM Portal (Portal) is an Internet-facing component that allows device users to initiate requests for software downloads, and to perform limited Helpdesk functions. Users access the Portal from a browser on a PC or mobile device. The Portal typically resides on a McAfee EMM server installed in the DMZ. The McAfee Device Management Gateway (DMG) is an Internet-facing component that manages the server-side communication with legacy Windows Mobile devices. It controls policy, software, and configuration updates for mobile devices.
Console
Portal
ActiveSync Proxy The McAfee ActiveSync Proxy is an Internet-facing component that proxies and Compliance ActiveSync traffic to the email servers. It is an IIS application that resides in the Filter DMZ and enables McAfee EMM to control access to enterprise resources on the DMZ server before reaching the internal network. The McAfee Compliance Filter is installed on the filter/proxy server that is placed in the DMZ (or for basic security deployments, on the internal McAfee EMM server). Push Notifier The McAfee Push Notifier is an Internet-facing component that sends push notifications to mobile devices. The Push Notifier is a required component that is usually installed in the DMZ so it can communicate with Apple and Android push notification services. The McAfee BES Agent is an optional component that synchronizes the BlackBerry Enterprise Server to McAfee EMM and performs select device actions. We recommend installing the BES Agent on the internal server. The McAfee PKI Agent is an optional component that dynamically retrieves certificates from a Microsoft certificate authority in PKI environments. It is usually installed on an internal server.
Installation Guide
Client components
These components are installed on mobile devices that are registered on the enterprise network. They help provision user devices and communicate with the server. EMM Client Components McAfee EMM app (iOS devices) McAfee EMM app (Android devices) McAfee EMM Secure Container app (Android devices) Download Manager (Windows Mobile) PDA Secure (Windows Mobile) The Download Manager is the communication module installed on Windows Mobile devices. It provides device-side communication with the McAfee EMM server. PDA Secure is the security module installed on Windows Mobile devices. It enforces security based on policies that are created in the McAfee EMM Console. Except for the password screen, there is no user interface for PDA Secure, and it can't be modified by the user. An administrative unlock code is required to remove PDA Secure from the device. Description McAfee EMM is a free iOS app that enables easy provisioning by the user, and allows push notifications to deliver profile and security policy changes. McAfee EMM is a free Android app that enables easy provisioning by the user, and allows push notifications to deliver profile and security policy changes. The McAfee EMM Secure Container app is a free app, currently for Android only, that sandboxes enterprise email, contacts, and calendars.
Configuration modes
The specific configuration of your McAfee EMM software depends on the unique needs of your environment. The most common configurations are: Enhanced security mode on dual servers (recommended) Basic security mode on a single server Simplified mode (for use on a trial basis only)
10
Installation Guide
Installation Guide
11
Simplified mode
Simplified mode is appropriate when you install McAfee EMM software on a trial basis. Simplified deployments use ActiveSync Protocol for user authentication, so you don't have to integrate with an LDAP environment. However, you must add users manually or by uploading a file of authorized users. The server where the McAfee EMM Hub is installed communicates with the SQL Server and the Exchange server that is running ActiveSync.
12
Installation Guide
Installation requirements
This section describes the system requirements and settings necessary to install and run McAfee EMM software.
System requirements
Use this table to verify that your system meets minimum operating requirements. Requirement Hardware Description 4 GB RAM Dual Core CPU Operating system Windows Server 2003 x86 or 64-bit with Service Pack 2 (Standard or Enterprise versions) Windows Server 2008 64-bit with Service Pack 2 (Standard or Enterprise versions) Windows Server 2008 R2 64-bit with Service Pack 1 (Standard or Enterprise versions)
Do not use Windows Server 2003 Service Pack 1 with SQL Express 2008. Installation fails with this configuration.
SQL Server
For a list of currently supported mobile devices, contact McAfee Technical Support or Sales. Internet Explorer Firefox
Microsoft Silverlight 3.0 or later must be installed on the browser.
Installation Guide
13
14
Installation Guide
Before installing McAfee EMM, you must configure your system settings. The McAfee EMM Deployment Helper walks you through preparing your system and obtaining required certifications. Contents System settings Run the McAfee Deployment Helper
System settings
Before installing McAfee EMM software, use this table to verify your system settings. The McAfee EMM Deployment Helper walks you through many of these prerequisites. Requirement Verifiable by Description Deployment Helper? McAfee Services is accessible from the Internet using public domain registration. You have an SSL certificate that matches the public DNS name and is from a recognized certificate authority like Verisign or Go Daddy.
Each time the SSL certificate is updated, all iOS devices are re-provisioned. Device users receive a confirmation to re-install the EMM profile. To avoid frequent provisioning, we suggest getting a multi-year SSL certificate. Don't use a trial certificate.
You have a valid MDM certificate if you want to use the MDM feature on iOS devices. You can install McAfee EMM software with MDM disabled, but doing so disables the following features for devices running iOS versions 4 and later: Policy updates without user intervention Remote lock and passcode unlock Syncing for devices provisioned with the EMM Portal Cleaner selective wipe Uninstall without user intervention Ability to collect device details, including phone numbers, installed apps and profiles, certificates, restrictions, policy compliance, IMEI number, and WAPMACA address
Installation Guide
15
Requirement
Verifiable by Description Deployment Helper? Yes (internal ports only) For all installations: Inbound traffic on Port 443 to the McAfee EMM servers is allowed. Traffic on Port 443 from the McAfee EMM server to the email servers providing ActiveSync is allowed. The McAfee EMM Hub connects to the LDAP server for authentication and to the remote SQL server where the EMM Database is installed. For enhanced installations: Traffic on Port 443 or 80 from the McAfee EMM DMZ Server to Private LAN EMM internal server is allowed. For iOS push notifications: Outbound connection from the external McAfee EMM Server to "Apple Push Notification Service" at gateway.push.apple.com on TCP port 2195 is allowed. Outbound connection from the external McAfee EMM server to "Apple Push Feedback Service" at feedback.push.apple.com on TCP port 2196 is allowed.
For specific port and configuration details for iOS devices in a business environment, see http://images.apple.com/iphone/ business/docs/iPhone_IMAP.pdf.
For Android push notifications: The McAfee EMM Push Notifier connects to the Android C2DM service on port 443. Device Wi-Fi Access Rules No For iOS devices: Port 5223 outbound from the device is open. If the devices are on a 3G network, the port doesn't need to be opened. For Android devices: Port 5228 outbound from the device is open.
16
Installation Guide
Requirement
Verifiable by Description Deployment Helper? Yes The Windows/SQL account used for installation has permission to create a database on the database server. If a database already exists and was created by a system admin, the only permission required is CONNECT SQL. The logon credentials must be mapped to the database owner or to a user assigned appropriate permissions. If you can't give CREATE DATABASE permission to the installation account, you can create an empty database with the permissions CONNECT SQL and CREATE ANY DATABASE.
Installation Account
User Authentication
Yes
For all installations: You know the fully qualified domain name or IP address of the server used for authentication. For AD authentication, a legacy (NT) name is also required. ActiveSync is fully functional and the Exchange or Domino Traveler server is configured for ActiveSync. For enhanced and basic installations: Your Active Directory service account has "local administrator" privileges on the server where the McAfee EMM Hub is installed, and has read-only access to Active Directory or Domino LDAP services. For simplified installations: You have access to a non-administrator Exchange account (with email access) to test your ActiveSync connection. Don't use a domain administrator account as the test account. Domain administrator accounts have built-in restrictions that prevent authentication using the ActiveSync channel.
Installation Guide
17
18
Installation Guide
Field
Value
Use SQL Express Select to install SQL Express on the local system and create the McAfee EMM Database. Server Name Authentication Host name or IP address of the SQL server for your EMM Database. Windows Authentication (recommended) SQL Authentication Username Password Database 9 User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database containing the McAfee EMM schema and data.
On the Specify LDAP Server screen, complete the fields, then click Next. Field Authentication Value Active Directory Domino Domain FQDN Domain DN Domain Name Username Password External EMM Proxy Server Address Fully qualified domain name of the server used for authentication. Domain distinguished name. If the server is in the current domain, this field is automatically populated when Domain FQDN is completed. Domain name of the LDAP server. This field is automatically populated when Domain FQDN is completed. User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
10 On the Confirm Installation Settings screen, review your settings (print, email, or save your info by clicking the link), then click Run Scan. When the scan is completed, results are shown. If any tasks are marked failed, review the information, then click the Launch KB Assistance link to help resolve any issues.
Installation Guide
19
6 7 8 9
On the Specify Setup Type screen, select Enhanced Security Model - External Server, then click Next. On the Introduction to Dual Server Installations (External Server) screen, review the information, then click Next. On the Specify Hub Server screen, enter the server address for the McAfee EMM Hub, then click Next. On the Provide an MDM Certificate screen, select Use Existing Certificate.
10 On the Specify an MDM Certificate screen in the File Path field, browse to select the .p12 file. Enter the password for the certificate, verify the Topic (this should match the MDM topic associated with your certificate), then click Next. 11 On the Provide a Portal Certificate screen, select one of these options: If you want Complete these steps... to... Create New SSL Certificate On the Generate an SSL Certificate Request screen, complete the fields under Certificate Request, then click Create to create the certificate request file. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Certificate Request File Path Browse to select the location to store the certificate request. Verify the certificate request with a certificate authority. This is done separately from the Deployment Helper. Once the certificate request is verified, complete the fields under Certificate Response, then click Export to export the certificate in .pfx format. Click Next to continue. Certificate File Path Browse to select the valid .cer or .pem certificate file. Certificate Password Password for the certificate. On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
The user who creates the certificate must export the corresponding certificate response file. The private key created as part of the certificate request is stored in a secure Windows key container under that user's identity. Exporting the certificate response must be done on the same system where the certificate request was generated.
On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
20
Installation Guide
12 On the Specify ActiveSync Server screen, complete the fields, then click Next. Field Value
Server Address Your mail server's ActiveSync server address. For a Domino server, enter <servername>/servlet/traveler. Domain Name Username Password Domain name of the server for authentication. User name in the domain for validating the ActiveSync connection. Password for the user name account.
13 On the Confirm Installation Settings screen, review your settings (print, email, or save your info by clicking the link), then click Run Scan. When the scan is completed, results are shown. If any tasks are marked failed, review the information, then click the Launch KB Assistance link to help resolve any issues.
Use SQL Express Select to install SQL Express on the local system and create the McAfee EMM Database. Server Name Authentication Host name or IP address of the SQL server to install the EMM Database. Windows Authentication (recommended) SQL Authentication Username Password Database 8 User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database containing the McAfee EMM schema and data.
On the Specify LDAP Server screen, complete the fields, then click Next.
Installation Guide
21
Field Authentication
Domain FQDN Domain DN Domain Name Username Password External EMM Proxy Server Address 9
Fully qualified domain name of the server used for authentication. Domain distinguished name. If the server is in the current domain, this field is automatically populated when Domain FQDN is completed. Domain name of the LDAP server. This field is automatically populated when Domain FQDN is completed. User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
10 On the Specify an MDM Certificate screen in the File Path field, browse to select the .p12 file. Enter the password for the certificate, verify the Topic (this should match the MDM topic associated with your certificate), then click Next. 11 On the Provide a Portal Certificate screen, select one of these options:
22
Installation Guide
If you want Complete these steps... to... Create New SSL Certificate On the Generate an SSL Certificate Request screen, complete the fields under Certificate Request, then click Create to create the certificate request file. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Certificate Request File Path Browse to select the location to store the certificate request. Verify the certificate request with a certificate authority. This is done separately from the Deployment Helper. Once the certificate request is verified, complete the fields under Certificate Response, then click Export to export the certificate in .pfx format. Click Next to continue. Certificate File Path Browse to select the valid .cer or .pem certificate file. Certificate Password Password for the certificate. On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
The user who creates the certificate must export the corresponding certificate response file. The private key created as part of the certificate request is stored in a secure Windows key container under that user's identity. Exporting the certificate response must be done on the same system where the certificate request was generated.
On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
12 On the Specify ActiveSync Server screen, complete the fields, then click Next. Field Value
Server Address Your mail server's ActiveSync server address. For a Domino server, enter <servername>/servlet/traveler. Domain Name Username Password Domain name of the server for authentication. User name in the domain for validating the ActiveSync connection. Password for the user name account.
13 On the Confirm Installation Settings screen, review your settings (print, email, or save your info by clicking the link), then click Run Scan. When the scan is completed, results are shown. If any tasks are marked failed, review the information, then click the Launch KB Assistance link to help resolve any issues.
Installation Guide
23
Task 1 2 3 4 5 6 7 Log on to a Windows Server. Locate and execute the installer file DeploymentHelperInstall.msi. On the Agreement screen, accept the terms of the license agreement, then click Install. When installation is complete, select Start | All Programs | McAfee EMM | EMM Deployment Helper. On the Before You Begin screen, review the instructions, then click Next. On the Specify Setup Type screen, select Custom Installation, then click Next. On the Select Components to Test screen, select the components you want to install, then click Next. The installation screens appear for the components you selected. 8 9 Complete the settings screens for each component you selected in the previous step. See Pre-installation settings for components. On the Confirm Installation Settings screen, review your settings (print, email, or save your info by clicking the link), then click Run Scan. When the scan is completed, results are shown. If any tasks are marked failed, review the information provided. Click the Launch KB Assistance link to help resolve any issues.
Use SQL Express Select to install SQL Express on the local system and create the McAfee EMM Database.
24
Installation Guide
Table 2-2 LDAP settings Field Authentication Value Active Directory Domino Domain FQDN Domain DN Domain Name Username Password External EMM Proxy Server Address Fully qualified domain name of the server used for authentication. Domain distinguished name. If the server is in the current domain, this field is automatically populated when Domain FQDN is completed. Domain name of the LDAP server. This field is automatically populated when Domain FQDN is completed. User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
Installation Guide
25
Table 2-3 Portal Certificate settings If you want to... Create New SSL Certificate Complete these steps... On the Generate an SSL Certificate Request screen, complete the fields under Certificate Request, then click Create to create the certificate request file. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Certificate Request File Path Browse to select the location to store the certificate request. Verify the certificate request with a certificate authority. This is done separately from the Deployment Helper. Once the certificate request is verified, complete the fields under Certificate Response, then click Export to export the certificate in .pfx format. Click Next to continue. Certificate File Path Browse to select the valid .cer or .pem certificate file. Certificate Password Password for the certificate. On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
The user who creates the certificate must export the corresponding certificate response file. The private key created as part of the certificate request is stored in a secure Windows key container under that user's identity. Exporting the certificate response must be done on the same system where the certificate request was generated.
On the Specify a Portal Certificate screen, complete the fields, then click Next. File Path Browse to select the exported .pfx file. Password Password for the certificate.
Server Address Your mail server's ActiveSync server address. For a Domino server, enter <servername>/ servlet/traveler. Domain Name Username Password Domain name of the server for authentication. User name in the domain for validating the ActiveSync connection. Password for the user name account.
26
Installation Guide
Table 2-5
PKI Agent settings Complete these steps... On the Generate a Signer Certificate Request screen, complete the fields, then click Create. Common Name Common name for the certificate. Organization Name of your organization. Organization Unit Unit within your organization that is requesting the certificate. City/Locality Unabbreviated city of the organization. State/Province Unabbreviated state name or province of the organization. Country/Region Country or region of the organization. Email Email address of the administrator making the request. Certificate Request File Path Browse to select the location to store the certificate request.
On the Create a Signer Certificate screen, complete the fields, then click Create. Certificate Request File Path Browse to select the location for the signer certificate request. Certificate Password Password for the certificate. CA Name URL of the enrollment server, or the fully qualified domain name of the certificate authority server and certificate authority name (common name as entered on the certificate), in the format <CA server>\<CA name>. Certificate Response File Path Browse to select the location to store the certificate request.
On the Create a Device Certificate screen, complete the fields, then click Next. Certificate Template Certificate template name. For example, user. Subject Template Certificate subject name. For example, CN=user. EKUs Extended key usage object identifiers separated by commas. For example, 1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.8. Server Name Certificate authority server name. Signer Certificate Select from the list of signer certificates returned by the certificate authority.
BlackBerry server settings Value BES server address. Authentication method. User name for validating the BES server. Password for the user name account. Domain of the authentication account for the BES server.
Installation Guide
27
28
Installation Guide
The installation process depends on your planned configuration. Contents Install McAfee EMM software in enhanced security mode Install McAfee EMM software in basic security mode Install McAfee EMM software in simplified mode Customize your McAfee EMM installation Install auxiliary components Troubleshoot certificate errors
Installation Guide
29
Installing McAfee EMM software Install McAfee EMM software in enhanced security mode
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, select Dual Server (Internal) to install the Hub, Console, and Database on the current server. On the Database Settings screen, complete the fields, then click Next.
If the installer does not detect SQL Express, the field Install SQL Express 2008 R2 appears and all other fields, except Password, are disabled. Complete the Password field and follow the prompts to install SQL Express, or deselect the installation option and complete the fields.
Value Host name where you want to install the McAfee EMM Database. Windows Authentication (recommended) SQL Authentication
User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database that contains your McAfee EMM schema and data.
On the LDAP Settings screen, complete the fields, then click Next.
Your entries on this screen depend on whether you select user authentication based on Active Directory or Domino credentials.
Field Authentication
Fully qualified domain name of the server for authentication. Directory service name to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Leave this field blank.
Domain Name
The domain name of the server to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Domain name of the server for authentication.
30
Installation Guide
Installing McAfee EMM software Install McAfee EMM software in enhanced security mode
Value User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Dual Server (External) to install the McAfee EMM Portal, DMG, and Proxy. On the Certificate Settings screen, complete the fields, then click Next. Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices.
Installation Guide
31
Installing McAfee EMM software Install McAfee EMM software in basic security mode
On the DMZ Component Settings screen in the ActiveSync Server Address field, enter the IP address or FQDN of the ActiveSync server that the McAfee EMM Proxy connects to for email. Verify the ActiveSync server connection using these steps: a Click the green checkmark next to the ActiveSync Server address. The ActiveSync Server Verification screen appears with the Username, Password, and Domain fields automatically populated with the credentials you specified on the LDAP Settings screen. Click Verify. If the connection was successful, the message "Successfully connected to [server]" appears. If the verification was unsuccessful, do the following, based on the error code: Error Code 500 Make sure that the Exchange server is operational. Error Code 403 Make sure that the user credentials are valid, that the user has a mailbox configured in the Exchange server, and that the Exchange server is accessible from the EMM server. c Click OK to return to the DMZ Component Settings screen, then click Next.
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Single Server. On the Database Settings screen, complete the fields, then click Next.
If the installer doesn't detect SQL Express, the field Install SQL Express 2008 R2 appears, and all other fields except Password are disabled. Complete the Password field and follow the prompts to install SQL Express, or deselect the installation option and complete the fields.
32
Installation Guide
Installing McAfee EMM software Install McAfee EMM software in basic security mode
Value Host name where you want to install the McAfee EMM Database. Windows Authentication (recommended) SQL Authentication
User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the database that contains your McAfee EMM schema and data.
On the LDAP Settings screen, complete the fields, then click Next.
Your entries on this screen depend on whether you select user authentication based on Active Directory or Domino credentials.
Field Authentication
Fully qualified domain name of the server for authentication. Directory service name to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Leave this field blank.
Domain Name
The domain name of the server to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Domain name of the server for authentication.
User name for the connection to the directory server. Password for the connection to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM Proxy that devices connect to for ActiveSync.
On the Certificate Settings screen, complete the fields, then click Next. Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices.
Installation Guide
33
Installing McAfee EMM software Install McAfee EMM software in simplified mode
On the DMZ Component Settings screen in the ActiveSync Server Address field, enter the IP address or FQDN of the ActiveSync server that the McAfee EMM Proxy connects to for email. Verify the ActiveSync server connection using these steps: a Click the green checkmark next to the ActiveSync Server address. The ActiveSync Server Verification screen appears with the Username, Password, and Domain fields auto-populated from the credentials you specified on the LDAP Settings screen. Click Verify. If the connection was successful, the message "Successfully connected to [server]" appears. If the verification was unsuccessful, do the following, based on the error code: Error Code 500 Make sure that the Exchange server is operational. Error Code 403 Make sure that the user credentials are valid, that the user has a mailbox configured in the Exchange server, and that the Exchange server is reachable from the EMM server. c Click OK to return to the DMZ Component Settings screen, then click Next.
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Single Server. On the Database Settings screen, complete the fields, then click Next.
If the installer doesn't detect SQL Express, the field Install SQL Express 2008 R2 appears and all other fields except Password are disabled. Complete the Password field and follow the prompts to install SQL Express, or deselect the installation option and complete the fields.
Value Host name where you want to install the McAfee EMM Database. Windows Authentication (recommended) SQL Authentication
34
Installation Guide
Installing McAfee EMM software Install McAfee EMM software in simplified mode
Value User name for the connection to the EMM Database server. Password for the connection to the EMM Database server. Name of the Database that contains your McAfee EMM schema and data.
On the LDAP Settings screen, complete the fields, then click Next. Field Authentication ActiveSync Server Domain Name Verification Username Verification Password External EMM Proxy Server Address Value ActiveSync Protocol ActiveSync server used for authentication. This server tests that users have an email-enabled Exchange account. Domain name of the ActiveSync server. User name to connect to the directory server. Password to connect to the directory server. Fully qualified domain name of the McAfee EMM Proxy for external connectivity. This is the address of the EMM proxy that devices connect to for ActiveSync.
On the Certificate Settings screen, complete the fields, then click Next. Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None - MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices. 8 On the DMZ Component Settings screen in the ActiveSync Server Address field, enter the IP address or FQDN of the ActiveSync server that the McAfee EMM Proxy connects to for email. Verify the ActiveSync server connection using these steps: a Click the green checkmark next to the ActiveSync Server address. The ActiveSync Server Verification screen appears with the Username, Password, and Domain fields automatically populated from the credentials you specified on the LDAP Settings screen. Click Verify. If the connection was successful, the message "Successfully connected to [server]" appears. If the verification was unsuccessful, do the following, based on the error code: Error Code 500 Make sure that the Exchange server is operational. Error Code 403 Make sure that the user credentials are valid, that user has a mailbox configured in exchange server, and that the exchange server is reachable from the EMM server. c Click OK to return to the DMZ Component Settings screen, then click Next.
Installation Guide
35
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
3 4 5
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Custom Installation. On the Components screen, select the components you want to install, complete the fields, then click Next.
For a PKI installation, select Database, PKI Agent, Console, and Hub.
Value Website where the web service is installed. Connection method used by McAfee web services to communicate with the McAfee EMM Hub. Default Key Custom Key For use when installing in an HA environment.
This field appears only if you didn't select to install the McAfee EMM Hub. Enter the address of the Hub, including the port number. For example, servername:portnumber.
Complete the settings screens for each component you selected in the previous step. See Installation settings for components.
36
Installation Guide
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
Installation Guide
37
Table 3-3 Portal Certificate settings Field File Path Password Value Select your public security certificate. Password for your public security certificate.
Certificate Option User-defined If your MDM certificate is available, select this option and complete the File Path and Password fields. MDM Topic is populated automatically. None MDM Disabled The MDM feature is disabled and iOS devices versions 4 and later are treated as legacy devices. This doesn't affect MDM/C2DM-supported Android devices. Table 3-4 Field User Password Domain CA Name PKI Agent settings Value User name for the connection to the Enrollment Agent service account. Password for the connection to the Enrollment Agent. Domain name of the Enrollment Agent. Fully qualified domain name of the certificate authority server, in the format <CA server>\<CA name>.
Install the Download Manager File Installer for Windows Mobile support
Install the McAfee EMM Download Manager installer if your organization uses Windows Mobile devices. The Download Manager can be added to any installation configuration. Task 1 2 3 4 5 Log on to the server where you want to install the Download Manager. Locate and right-click the file TDDMFilesSetup.exe, then select Run as Administrator. When prompted by the McAfee Files Setup InstallSheild Wizard, click Next. On the Agreement screen, accept the terms of the license agreement, then click Next. On the Database Server screen, complete the fields, then click Next.
38
Installation Guide
Value
Database Server Database server where the McAfee EMM Database was installed. Windows Authentication (recommended) SQL Authentication You are prompted to enter the Login ID and Password for the connection to the database. 6 7 On the Select Database screen, select the name of the McAfee EMM Database, then click Next. On the Download Manager File Configuration screen, complete the fields, then click Next. Field Value
Device Management Gateway URL of the server where the DMG is located. Don't enter the protocol. location SSL Port Domain (optional) 8 Click Install. When the program is installed, the Install Wizard Complete screen appears. 9 Click Finish to close the installer. Select to use SSL communication. Port available for HTTPS sessions on the server. Name of the domain that authenticates users. If you are using multiple domains, leave this field blank.
Install the BlackBerry Enterprise Server (BES) Agent for BlackBerry support
Install the BES Agent if your organization uses BlackBerry devices. A BES Agent can be added to any installation configuration. If the BES server uses multiple authentication servers, they all must be added to McAfee EMM.
When the BES Agent is installed, it immediately begins communicating with the authentication servers. If you are using multiple authentication servers, you must install the McAfee EMM software and all authentication servers from the Console (System Settings | Authorization Servers) before installing the BES Agent. You can install the BES Agent on the McAfee internal server or the DMZ server.
Task 1 2 Log on to the server where you want to install the BES Agent. Locate and right-click the installer file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. 3 4 If the installer doesn't detect the Windows installer or .NET version, you are prompted to install them now. Click Continue to install. If prompted to reboot the server, click Yes. The installer continues automatically when the reboot is complete.
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Custom Installation.
Installation Guide
39
On the Components screen, select BES Agent, complete the fields, then click Next. Field Installation Website Value Website where the web service is installed.
Internal Connectivity Connection method used by McAfee web services to communicate with the McAfee EMM Hub. Encryption Key 6 Default Key
On the BES Agent Settings screen, complete the fields, then click Next. Field BlackBerry Server Data Retrieval Frequency (h) Authentication Username Password Domain Value BES server address. Frequency in hours that the BES server is re-queried for device data. User account used to authenticate to the BES server. User name of the authentication account for the BES server. Password of the authentication account for the BES server. Domain of the authentication account for the BES server.
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
40
Installation Guide
In the EMM certificate configuration, make sure you use the template name and not the template display name. The name displayed in the template list is the display name. Check the template properties for the name. For example, the template name for the "Web Server" template is "WebServer" (no spaces). If you get errors about issuance requirements: Select the Issuance requirements tab in the template properties. Deselect CA cert manager approval. Select This number of authorized signatures. The number next to it should be 1. Select policy type application policy, then in the application policy drop-down list, select certificate request agent.
Installation Guide
41
42
Installation Guide
After installing the McAfee EMM software on your servers, users can provision their mobile devices to your network with the system's client-side components, including the McAfee EMM app and Secure Container. Contents Overview of provisioning Provision iOS devices Provision Android devices Provision Windows Phone 7 devices Provision Windows Mobile devices
Overview of provisioning
You must provision the device from the device itself. Provisioning methods vary by device. You can provision devices using these methods: iOS devices Use the McAfee EMM app. Androids Use the McAfee EMM app. Some devices require manual email configuration using Exchange ActiveSync. Windows Phone 7 Configure email using Exchange ActiveSync. Windows Mobile Use the McAfee EMM Portal.
To validate credentials, the McAfee EMM server needs details of the Active Directory, Domino directory, or ActiveSync server. If your system specifies authorized users, the user must be on the authorized users list. For details on authorization servers and authorized users, see the McAfee EMM Product Guide. Prior to provisioning, do the following: 1 2 3 Verify that the date and time on the device are set accurately. Update your device catalog. For details on adding the device catalog, see the McAfee EMM Product Guide. If you want the McAfee EMM app to automatically detect the EMM Portal, create an SRV record.
Installation Guide
43
Enter your email address and password, then click Sign In. a b (Optional) If your device doesn't automatically detect the EMM server, enter the server address provided by your administrator, then click Sign In. (Optional) If your administrator set a temporary password, on the Provisioning Token screen, enter the password, then click OK.
4 5
On the User Agreement screen, click Accept. On the Install Profile screen, click Install, then confirm by clicking Install Now. If the device has a passcode, the Enter Passcode screen appears. Enter your passcode, then click Done.
6 7
Click Install to allow your server administrator to remotely manage your device. On the Profile Installed screen, click Done.
44
Installation Guide
3 4
Launch the McAfee EMM app. Enter your email address and password, then click Sign In. a b (Optional) If your device doesn't automatically detect the EMM server, enter the server address provided by your administrator, then click Sign In. (Optional) If your administrator set a temporary password, on the Provisioning Token screen, enter the password, then click OK.
5 6 7
On the User Agreement screen, click Accept. When the Activate Device Administrator screen appears, click Activate. (Optional, Android 3.x and later) If your organization's security policies are set to allow only encrypted devices, you are redirected to your device's encryptions settings page. Click to encrypt your device. On the EMM Screen unlock security screen, set a PIN or password for your device, then click OK. On the Secure Container installation screen, you are prompted to do one of the following: If you are assigned to a policy that requires the Secure Container, click OK. You are taken to the Android Market to install Secure Container. If you are assigned to a policy that recommends the Secure Container, you have the option to install it. Click Yes or No. If you click Yes, you are taken to the Android Market to install Secure Container.
8 9
10 (Optional) If you installed the Secure Container in the previous step, you are prompted to do the following: a b Enter the password for your email account. Click OK, then enter your password. Create a Secure Container passcode. On the Setup Passcode screen, enter a passcode, then re-enter to confirm.
Installation Guide
45
46
Installation Guide
The server-side components of the McAfee EMM software are easily upgraded, migrated, or uninstalled. Contents Upgrade McAfee EMM software Migrate McAfee EMM software Uninstall McAfee EMM software
Task 1 2 Log on to the server where the McAfee EMM Hub and Database are installed. Locate and right-click the upgrade file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. If prompted, click Yes to reboot the server. The installer continues automatically when the reboot is complete. 3 On the Agreement screen, accept the terms of the license agreement, then click Next. If you are running the upgrade installer for the second time, the field Use Configuration From Previous Installations appears on the Agreement screen. Select this option to keep the configurations from your previous upgrade. 4 5 On the Options screen, click Upgrade. (Optional) If you're using Windows or SQL authentication, the Database Settings screen appears. Complete the fields, or verify the pre-populated values if you selected to use configuration from your previous installations, then click Next. On the Summary screen, review the information, then click Upgrade. Click Finish to close the upgrade installer.
6 7
Installation Guide
47
(Optional) If you're upgrading from a version earlier than 10.0, you must upgrade the iOS5 profile on users' devices to enable iOS5 restrictions. To push the upgrade to iOS5 devices, do the following: a b c d Open the EMM Console. Click System Settings | General Settings. Check to enable Upgrade iOS MDM Access Rights. Click Save.
The EMM server sends iOS5 users a push notification to update their corporate device settings. The user is prompted to accept the user agreement and install the updated profile.
Locate and right-click the file Setup.exe, then select Run as Administrator to open the McAfee EMM Platform Installation Launcher. If prompted, click Yes to reboot the server. The installer continues automatically when the reboot is complete.
4 5 6
On the Agreement screen, accept the terms of the license agreement, then click Next. On the Options screen, click Custom Installation. On the Components screen, select to install the Hub, complete the fields, then click Next. Field Installation Website Internal Connectivity Value Website to install the web service. http https Encryption Key Default Key
7 8
On the Database Settings screen, verify the information is correct, then click Next. On the Migration - ActiveSync to LDAP screen, do one of the following: To continue with the migration process by authenticating the servers, deselect Skip Migration of Authentication Servers, then select and edit each authorization server. The Edit Auth Server screen appears for each server. Complete the fields, then click Save. After you've edited all the authentication servers, click Next.
Your entries on the Edit Auth Server screens depend on whether you select user authentication based on Active Directory or Domino credentials.
48
Installation Guide
Field Authentication
Fully qualified domain name of the server for authentication. Directory service name to be used for authentication: Active Directory This field is populated when Domain FQDN is completed. Domino Leave this field blank.
Domain Name
The name of the server to be used for authentication. Active Directory This field is populated when Domain FQDN is completed. Domino Domain name of the server for authentication.
Username Password 9
User name to connect to the directory service. Password to connect to the directory service.
To re-install certain components but remain in ActiveSync Protocol mode, select Skip Migration of Authentication Servers, then click Next to reinstall the components.
On the Summary screen, review the information, then click Install. When the installation is complete, details are automatically saved to an install log located at C: \Program Files\McAfee\EMM Platform\Install_ddmmccyy_hhmmss.
Installation Guide
49
50
Installation Guide
These specialized installation tasks prepare you for custom configuration of your McAfee EMM software. Contents Create an SRV record Export your encryption key SQL database permissions for installation
An example SRV record is: _activation._tcp.acme.com. 86400 IN SRV 0 1 443 emm.acme.com 2 Publish the certificate to a device-accessible DNS server.
Installation Guide
51
Task 1 2 Click the name of the server in the upper-left corner of the McAfee EMM Console. On the Export Key screen in the Key Password field, enter your key password, then select Export Encryption Key. You are prompted to save the .skx file.
52
Installation Guide
This table shows languages supported by the McAfee EMM system components. Code Language McAfee Server Apple App EMM App Notifications Store (13 languages supported by iOS) Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported English English Supported Supported Supported Supported Supported Supported with FR with FR Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported English Supported English Supported Supported Android McAfee Marketplace EMM (15 Console languages supported by Android) User Agreement on the Console
ID
Bahasa Indonesia
Supported Supported Supported Supported Supported Supported English Supported Supported Supported with FR Supported Supported Supported Supported Supported Supported Supported Supported Supported with ES Supported Supported Supported
EN-US English (U.S.) FI FR FR-CA DE IT JA-JP KO NOR PT PT-BR ES Finnish French French, Canadian German Italian Japanese Korean Norwegian Portuguese Brazilian Spanish Mexican SV-SE Swedish RU TR Russian Turkish
Portuguese, Supported Supported Supported Supported Supported Supported with ES with ES Supported Supported Supported Supported Supported Supported
ES-MX Spanish,
Installation Guide
53
Code
Language
McAfee Server Apple App EMM App Notifications Store (13 languages supported by iOS) Supported Supported Supported Supported
DA PL
Danish Polish
Supported Supported
54
Installation Guide
Index
A
about this guide 5 Active Directory, See LDAP ActiveSync installation settings 37 pre-installation settings 24 Proxy, description 9 agents BES Agent, installing 39 Enrollment Agent, installation settings 37 PKI Agent, installation settings 37 Android devices configuring email 45 provisioning 44 auxiliary components, installing BES Agent 39 Download Manager File Installer 38
configuration making changes to 48 modes 10 considerations, planning your installation how users get help 8 mission-critical access 7 notifying users 8 security 7 Console description 9 supported languages 53 conventions and icons used in this guide 5 custom installation configuring an SRV record 51 exporting encryption key 51 installing 36 running the Deployment Helper 24
B
basic security mode about 11 installing 32 running the Deployment Helper 21 BES Agent description 9 installing 39 pre-installation settings 24 BlackBerry Enterprise Server Agent, See BES Agent browser requirements 13
D
Database, McAfee EMM installation settings 37 pre-installation settings 24 Deployment Helper about 18 basic security installation 21 customized installation 24 enhanced security installation 18 running on external servers 19 running on internal servers 18 deployment planning determining mission-critical functions 7 help for users 8 notifying users 8 security 7 devices provisioning 43 settings 15 supported types 13 DMG, description 9 documentation audience for this guide 5 product-specific, finding 6 typographical conventions and icons 5
C
certificate authority requirements 13 troubleshooting certificate errors 40 compliance Filter, description 9 security considerations 7 components auxiliary, installing 38 client-side 10 server-side 9 settings, installation 37 settings, pre-installation 24
Installation Guide
55
Index
L
languages, supported by McAfee EMM 53 LDAP installation settings 37 pre-installation settings 24 system settings 15
E
email, configuring for Android devices 45 EMM app description 10 provisioning Android devices 44 provisioning iOS devices 44 EMM Portal description 9 provisioning Windows Mobile devices 46 encryption key, exporting 51 enhanced security mode about 10 installing 2931 running the Deployment Helper 18 upgrading from a previous version 47 Enrollment Agent requirements 13 troubleshooting certificate errors 40 external domain, system settings 15 external server installing 31 running the Deployment Helper 19
M
McAfee ServicePortal, accessing 6 MDM certificate pre-installation settings 24 system settings 15 migration instructions 48
N
notification to users, planned deployment 8
O
operating system requirements 13
P
PDA Secure, description 10 PKI Agent, description 9 PKI environment installation settings 37 installing 36 pre-installation settings 24 requirements 13 running the Deployment Helper 24 troubleshooting certificate errors 40 portal certificate installation settings 37 pre-installation settings 24 troubleshooting certificate errors 40 pre-installation component settings 24 considerations 7 system settings 15 provisioning Android devices 44 configuring SRV record 51 email on Android devices 45 iOS devices 44 overview 43 Windows 7 devices 46 Windows Mobile devices 46 public security certificate, See SSL certificate Push Notifier description 9 system settings 15
H
HA environment, installing 36 hardware requirements 13 help for users, planning 8 Hub, description 9
I
installation basic security mode 32 BES Agent 39 configuration modes 10 considerations before 7 custom 36 Download Manager File Installer 38 enhanced security mode 2931 migrating, simplified to basic security mode 48 simplified mode 34 upgrading from a previous version 47 internal server installing 30 running the Deployment Helper 18 iOS devices, provisioning 44 iPad, See iOS devices iPhone, See iOS devices iPod, See iOS devices
56
Installation Guide
Index
R
requirements PKI environments 13 system 13 system settings 15 router and firewall access, system settings 15
simplified mode (continued) upgrading from a previous version 47 SQL account, system settings 15 database permissions 52 server requirements 13 SRV record, creating 51 SSL certificate, system settings 15 supported devices 13 system requirements 13
S
Secure Container description 10 installing on Android devices 44 security considerations 7 security modes basic, on a single server 11, 32 enhanced, on dual servers 10, 29 migrating to basic security mode 48 simplified 12, 34 ServicePortal, finding product documentation 6 settings installation 37 pre-installation 24 system requirements 15 simplified mode about 12 installing 34 migrating to basic security mode 48
T
Technical Support, finding product information 6 troubleshooting, certificate errors 40
U
uninstallation instructions 49 upgrade instructions 47 user authentication, system settings 15 user devices, See devices
W
Windows 7 devices, provisioning 46 Windows Mobile Download Manager File Installer 38 provisioning devices 46
Installation Guide
57
00