• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
[Fed-Talk] The Dance: MDM <-> APNS <-> iOS Device
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] The Dance: MDM <-> APNS <-> iOS Device

  • Subject: [Fed-Talk] The Dance: MDM <-> APNS <-> iOS Device
  • From: William Cerniuk <email@hidden>
  • Date: Thu, 27 Sep 2018 14:30:21 -0400
ALCON,

I am looking for a traditional timing diagram or a network state diagram that
illustrates the dance that is performed between the Mobile Device Management
(MDM) server, the Apple Push Notification Servers (APNS), and the client
endpoint iOS devices during enrollment and especially during the periodic
device MDM checkin cycle.

We are seeing situations where iOS devices are are not checking in to the MDM
and thus are not recorded as active devices in in the MDM. In our case a policy
is being enacted that devices not checking in after a certain period of time
will be deleted form the MDM records. While I think this is a really bad idea
for a multitude of technical and non-technical reasons, it does re-light the
fire on “why are the devices not checking in?!"

Historically the devices not checking in has been due to a reluctance of our
Network Security Operations Center (NSOC) to follow the Apple guidance for MDM
operations and open up communications from the MDM server to the APNS servers
across all class A 17.0.0.0/8 for **outbound** TCP ports 5223 (general APNS
service), 2195 (push notifications), 2196 (Feedback service). This has resulted
in blocked communications between the MDM and the APNS depending on the APNS du
jour and it’s IP address.

Anyway, in trying to explain why if we block the APNS servers, iPads will be
randomly inhibited from completing the check in cycle. People are not going to
read or digest the Apple documentation (noted below). I need an accurate
communications timing diagram or communications state diagram for the
interaction of the three entities. Concerned only with the most basic MDM
enrollment and MDM checkin communication sequences.

Any help much appreciated.

--
Very Respectively,
Wm. Cerniuk

Ph: 703.594.7616
FaceTime/iMessage: email@hidden

Time is Short, and the Water Rises

PS
The apple documentation leaves much to be desired:

https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/3-MDM_Protocol/MDM_Protocol.html

https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/2-MDM_Check_In_Protocol/MDM_Check_In_Protocol..html#//apple_ref/doc/uid/TP40017387-CH4-SW2


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: [Fed-Talk] Beta version of "keychain-pkcs11" available
  • Previous by thread: Re: [Fed-Talk] Beta version of "keychain-pkcs11" available
  • Index(es):
    • Date
    • Thread