iOS: Mobile Device Management

2019-03-16 17:44发布

问题:

I am little confused about the MDM, wish that someone could help me here. I have studied the docs from the Apple website regarding the iOS MDM,but still I feel puzzled ,I have some questions.

  1. Whether MDM server is communicating APNS every-time when it needs to execute command ?
  2. Is it very complex to setup our own MDM server and how to setup our own MDM server ?

Thank you in advance.

回答1:

1) the general idea is that you send one request via APNS and then respond with a command when the device 'phones home' to your MDM server. Once the device responds to your command, you can send another command back in response and so on until the device has executed all the commands at which point your server should respond with an empty HTTP response.

2) That entirely depends on what your definition of complex is! I have created 2 MDM 'servers' in the past year and it's not impossible but quite complex to detail.



回答2:

MDM server communicates only when it needs to send a command to the device. Here is how it goes,

  1. MDM server contacts APNS server with MDM payload.
  2. APNS server triggers a wake up on device to check server for MDM command.
  3. Mobile device contacts the MDM server for command to be executed.

Implementing MDM is simple if you have a enterprise account.

  1. Get your MDM certificate. http://www.blueboxmoon.com/wordpress/?p=877

  2. Using IPCU create a profile and push it on mobile.

  3. With this the device push magic will be passed to the checkin URL you specified in the config profile.
  4. Then trigger the mdm payload using JAVAPNS with push magic and token. JavaPNS - https://code.google.com/p/javapns/
  5. Create a simple page that will respond to device command. Refer Blackhat guide for full documentation. https://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf or this http://darthnull.org/media/papers/MDM_CommandReference.pdf for commands reference.