Dell KACE VK3000 Mobile Management Appliance: Setup Guide

Dell KACE VK3000
Mobile Management Appliance

Setup Guide
March 2013
Dell KACE VK3000 Mobile Management Appliance Setup Guide
ii
2013 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written permis-
sion of Dell Inc. is strictly forbidden. Dell and the DELL logo are trademarks of Dell Inc.
Other trademarks and trade names may be used in this document to refer to either the
entities claiming the marks and names or their products. Dell Inc. disclaims any propri-
etary interest in trademarks and trade names other than its own.
Dell KACE VK3000 Mobile Management Appliance Setup Guide iii
Contents
Setting up the appliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Installing the VK3000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Configuring the appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Configuring SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Configuring LDAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Configuring EULA settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Next steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Getting support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Scheduling training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
iv
5
Setting up the appliance
About this guide
This guide explains how to set up the Dell KACE Virtual K3000 (VK3000) Mobile
Management Appliance. The VK3000 runs as a virtual product and does not require
dedicated hardware. It is a scalable solution that includes all of the features of the
physical K3000 appliance. For information about setting up the physical K3000, see
http://www.kace.com/support/resources/documentation.
System requirements
For host system, managed device, and storage requirements, see
http://www.kace.com/products/mobile-management-appliance/techs-specs.
Before you begin
1 Purchase a VK3000 license from Dell KACE sales at
http://www.kace.com/about/contact.php.
2 Obtain a trusted SSL certificate so that you can enable trusted SSL
communications over the appliance.
3 Obtain a static IP address for the appliance. If you use a private or non-routable
IP address, be aware of the DNS requirements in step 4 and be aware of the port
requirements in step 7.
4 Ensure that your public DNS server is configured so that the IP address of your
appliance is resolvable over the Internet.
Unlike other Dell KACE K-series appliances, the K3000 requires
SSL to work properly, because services such as the Apple Push
Notification service and Google Cloud Messaging require it.
Wildcard SSL certificates are acceptable. Password-protected
certificates are not supported. For instructions on configuring
SSL, see Configuring SSL on page 10.
6
5 To manage Apple iOS devices:
Register as an Apple developer. This enables you to create an Apple Push
Notification service certificate for iOS device management. For more
information, go to https://developer.apple.com/programs/register/.
Ensure that your firewall permits outbound access to the IP address range
used by Apple: 17.0.0.0/8.
6 To manage Android devices:
Create a business-related Google account to be used with Google Cloud
Messaging.
Obtain a Google Cloud Messaging API key and product key from
http://developer.android.com/google/gcm/gs.html.
7 Verify that your network and firewall settings permit access to the required
inbound and outbound ports:
Inbound ports
Port Description
443 Inbound communication to the appliance from the Internet. This
port is used for:
Secure communications between the appliance and devices
Enrolling devices with the appliance
Linking to Dell KACE K1000 or K2000 appliances (requires
that SSL is enabled on the linked appliances)
Communications for Google Cloud Messaging
80 (Optional) Inbound communication to the appliance from the
Internet. This port redirects inbound traffic to secure port 443.
If port 80 is blocked, users need to use HTTPS to access the
appliance Administrator Interface.
Outbound ports
Port Description
443 Outbound communication on port 443 from the appliance to
google.com. This is required for writing client Android
applications that use Google Cloud Messaging. For more
information, see http://developer.android.com/google/gcm/
gcm.html.
7
Installing the VK3000
Before you install the VK3000, you need to install the VMware vSphere Client or
vSphere Web Client on your host system, and then install the VK3000 on ESX/ESXi.
1 Go to http://www.kace.com/support/customer/downloads/. To obtain your
customer login credentials for this section of the website, email Dell KACE
Technical Support at support@kace.com.
2 In the Virtual K3000 Series Management Appliance section, download the
compressed OVF (Open Virtualization Format) file to your vSphere Client or
vSphere Web Client host system.
3 Extract the files.
4 If you are using a version of VMware ESX released prior to version 4.0, convert
the OVF file to a compatible format using the VMware vCenter Converter. For
more information, see
http://www.vmware.com/products/converter/features.html.
443/80 (Optional) If you are linking to Dell KACE K1000 or K2000
appliances, enable outbound communications on port 443 or
port 80 from the K3000 appliance to linked appliances.
636 or 389 Outbound communications from the appliance to LDAP or Active
Directory servers. For security, Dell KACE recommends using
port 636.
2195 Outbound communications from the appliance to Apple Push
Notification service. This is used to send notifications to
managed devices.
2196 Outbound communications from the appliance to Apple
feedback service.
5223 Outbound communications from devices. Devices use this port
to connect to Apple Push Notification service over WiFi.
For more information about port requirements for Apple Push
Notification service, see Apple Technical Note TN2265 at
http://developer.apple.com/library/ios/#technotes/tn2265/
_index.html.
5228, 5229,
5230
Outbound communications from Android devices to google.com
for Google Cloud Messaging. For more information, see http://
developer.android.com/google/gcm/gcm.html.
Outbound ports
Port Description
8
5 In the vSphere Client or vSphere Web Client program, deploy the OVF template.
The installation wizard appears.
6 Select the components that your implementation requires: data center,
datastore, and so on.
7 Click Finish.
8 Confirm the appliance settings. Check for a valid network and any other settings
you need.
Configuring the appliance
1 In the VMware product, run the virtual machine to boot the appliance (this takes
5 to 10 minutes), and then proceed with the initial network configuration.
2 On a computer that is connected to subnet 10.10.10.0/24, open a web browser
and enter the appliance Administrator Interface IP address:
https://10.10.10.10
The Initial Konfiguration page appears.
3 On the login page, enter:
Login: konfig
Password: konfig
4 Click LOGIN. The Configuration section appears.
5 In the Configuration > Licensing section, provide license information:
6 In the Configuration > Network Settings section, modify the default network
settings to match your network requirements:
Option Description
End User
License
Agreement
Read the End User License Agreement, then select the check
box to accept the agreement.
Enter license
key
Enter the license key you received in the Welcome email
from Dell KACE, including the dashes. If you do not have a
license key, contact Dell KACE Technical Support at
http://www.kace.com/support/contact.php.
Option Description
IP address Enter the static IP address the appliance has in your
network. For example, 192.168.1.1.
9
7 In the vSphere client program, change the network configuration settings to
match your requirements.
8 In the Configuration > General Settings section, specify account settings:
Netmask Enter the subnet mask that appliance has in your network.
For example, 255.255.255.0.
Default Router Enter the default router for the appliance.
Hostname Enter the hostname of the appliance.
Important: The hostname must match the hostname used in
your DNS settings and SSL certificate.
Domain Enter the domain the appliance is on. For example,
example.com.
Important: The domain must match the domain used in your
DNS settings and SSL certificate.
DNS 1 Enter the IP address of the primary DNS server the appliance
uses to resolve host names.
DNS 2 (Optional) Enter the IP address of the secondary DNS server
the appliance uses to resolve host names.
Date/Time NTP
server
The web address of the NTP (Network Time Protocol) server
used by the appliance.
Option Description
Organization Enter the name of your company or group. This identifies the
appliance in the Dell KACE data warehouse for Technical
Support purposes.
Admin email Enter an email address to use as the point of contact for the
appliance.
Email suffix Enter the domain used as the default for profiles. For
example, if you enter kace.com, the default domain for
profiles would be com.kace.profilename.
Change admin
password
Change the password for the administration account named
konfig to a new unique password. You use this account to
log in to the appliance Administrator Interface. The default
password is konfig.
Option Description
10
Configuring SSL
To configure SSL, you need to generate a CSR (Certificate Signing Request) and
private key and use them to obtain an SSL certificate from a Certification Authority
(CA). After you obtain an SSL certificate, you enter the certificate information in the
K3000 appliance Administrator Interface.
1 To generate a private key and a CSR, do one of the following:
Use any software capable of generating an CSR, such as the free OpenSSL
suite or Mac OS X server. Be sure to choose PEM format if you use a Microsoft
tool, and do not use a passphrase.
If you have a Dell KACE K1000 or K2000, use the SSL wizard in the
Administrator Interface of that appliance to generate a CSR and a private
key. For more information, see the Administrator Guide for each appliance.
2 Download the private key for use in step 5.
3 Download or copy the CSR and send it to your CA, such as GoDaddy or VeriSign.
The CA returns to you a certificate in a .cer file, which should be PEM-encoded.
In addition, the CA provides a ZIP file containing a number of intermediate
certificates.
4 Save the certificate and intermediate certificates, to be used in step 5.
5 Enter the SSL key and certificate:
a In the K3000 Administrator Interface, click the K3000 Settings icon.
b Open to the Configuration > SSL Configuration section.
c Click SSL Configuration to expand the section.
d Enter the private key for your SSL certificate in the Key field.
e In the Certificate field, copy and paste the certificate text from the .cer file
first, and then from the expanded intermediate certificates from the ZIP
file. For each, be sure to include the BEGIN and END lines.
For example:
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
6 Click Apply.
11
Configuring LDAP authentication
LDAP authentication makes it possible for users to log in to the Administrator
Interface using their domain credentials.
1 In the K3000 Administrator Interface, click the K3000 Settings icon.
2 In the Configuration > LDAP Configuration section, specify the following
settings:
To enable appliance linking for single sign-on for all your K-
series appliances, you must set up LDAP authentication for
each appliance and use a suitably privileged LDAP account.
For more information, see each appliances Administrator
Guide.
Option Description
Server friendly
name
(Optional) Enter a descriptive name to identify the
LDAP or Active Directory server.
Server hostname
(or IP)
(Required) Enter the IP address or hostname of the
LDAP server or Active Directory server.
LDAP port number (Required) Enter the port number the appliance uses to
connect to the LDAP or Active Directory server. Use
port 636 for secure LDAP and port 389 for LDAP.
SSL (Optional) Enable Secure Sockets Layer (SSL)
cryptographic protocol. Using SSL is necessary to
prevent passwords being transmitted in clear text in
certain instances.
Search base DN (Required) Enter the criteria used to search for
accounts. This criteria specifies a location or container
in the LDAP or Active Directory structure, and the
criteria should include all the users that you want to
authenticate. Enter the most specific combination of
OUs, DCs, or CNs that match your criteria, ranging from
left (most specific) to right (most general).
For example, this path leads to the container with
users that you need to authenticate:
OU=end_users,DC=company,DC=com.
Search filter (Optional) The search filter. For example, the default
filter is:
(|(samaccountname=[login])(mail=[login])(cn=[login])).
12
3 Click Save.
4 (Optional) Test the LDAP settings:
a Expand User login test (optional).
b Enter the credentials of a user.
c Click Test LDAP settings.
Configuring EULA settings
When users enroll devices, they must accept a EULA (End User License Agreement).
You can configure the EULA to state your security policy and notify users that the
system operator can perform various actions. These actions include tracking the
location of the users device, wiping the operators data, remotely installing and
removing software, and so on.
1 In the K3000 Administrator Interface, click the Mobile Management icon, then
click Settings.
2 Click User Portal (Device enrollment page and EULA) to expand the section.
3 In the End User License Agreement field, enter the text of the agreement you
want users to accept.
4 Click Save.
LDAP login (Required) Enter the credentials required for an admin
account to log in to the LDAP server to read accounts.
Note: The appliance does not write to the LDAP server,
so this account does not need write privileges.
For example: LDAP Login:
CN=service_account,CN=Users,DC=company,DC=com.
LDAP password (Required) Enter the password for the LDAP login
account.
Default Domain (Optional, except as noted) Enter the domain used as
the default.
Note: For pushing Exchange ActiveSync profiles
properly to iOS devices, this field cannot be left blank
and must contain the domain associated with the LDAP
server.
Option Description
13
Next steps
Configure additional appliance settings and Mobile Management settings. For more
information about these tasks, click the Help button in the upper right of the
Administrator Interface to display context-sensitive Help. To open the Help system,
click any related topic in the Help panel.
For printable documentation, go to the first topic in the Help system.
Getting support
The Dell KACE Support website, http://www.kace.com/support/contact.php, has a
customer section where you can access training videos, documentation, the Help Desk
User Portal, and product updates. To obtain your customer login credentials for this
section of the website, email Dell KACE Technical Support at support@kace.com. To
provide product feedback, go to http://kace.uservoice.com/forums/187596-k3000.
For additional information and support, go to http://www.ITNinja.com/k3000.
14
Scheduling training
To help you begin using the appliance, Dell KACE provides a fixed number of online
training sessions called JumpStart. To understand the scope of your JumpStart
purchase, please review the JumpStart Datasheet at
http://www.kace.com/support/training.
To schedule training, email the Dell KACE training team at jumpstart@kace.com. You
must complete your JumpStart training within 60 days of the initial product shipment.
Additional training sessions can be purchased separately as needed.
15
www.dell.com | support.dell.com

Dell KACE VK3000 Mobile Management Appliance: Setup Guide

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Dell KACE VK3000 Mobile Management Appliance: Setup Guide

Загружено:

Авторское право:

Доступные форматы

Dell KACE VK3000

Mobile Management Appliance

Вам также может понравиться