MDM Agent on iOS
I worked on MDM in Android, and used the API's to lock, wipe etc when I receive a C2DM push message from the server.
When I was trying to explore more on the iOS part of it, I was a bit confused. I got a feeling that, we don't need to code a agent for the MDM to work on iPhone.
So is it completely managed from the server? Or do I have to have an agent application too? If yes, can you help me with a sample of the agent programming?
For complete MDM control of the iPhone, you either need to look at profile management as sent out from Mac OS X Lion Server (they added this into this OS version) or a third-party solution (MobileIron, Tarmac, etc). There is some good background, slightly dated information here too: How to configure/install MDM server for iPhone and iPad
There is no need of a separate agent application - it's handled by iOS itself.
If you not using Lion Server,you can implement your own MDM sever and for that you need iOS Enterprise developer account.
To implement MDM Server follow these as below.
- This pdf https://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf is very much helpful.
server url should start with "https" only and that url should exit and these details you have to provide while generating mobileconfig profile using IPCU.
This page also you can to refer:http://www.softhinker.com/in-the-news/iosmdmvendorcsrsigning and then verify few thingsas remove the passphrase from customerPrivateKey.pem using this command
openssl rsa -in customerPrivateKey.pem -out PlainKey.pem
Then merge your APNS certificate (for example CustomerCompanyName.pem) downloaded from the portal https://identity.apple.com/pushcert/ using this command
cat CustomerCompanyName.pem PlainKey.pem > PlainCert.pem
Now this PlainCert.pem file can be used in your server as APNS/MDM certificate.
Guys yes. I'm sure most of you have had this question. With experience after developing MDM on iOS too, we don't need a client to be coded separately in iOS. iOS takes care of it completely.
So you may need the client only for the purpose of pointing out a link to the server having the configuration profile (so you can actually keep a record of who and how many installed the application using a key or an ID in the URL), and if you have to manage things which aren't provided by MDM, like location updates, etc.