Cisco Systems manual Getting Fiberlink MaaS360 Ready for ISE, Import MDM Certificate to ISE

Page 8

Getting Fiberlink MaaS360 Ready for ISE

The first requirement is to establish basic connectivity between the Cisco ISE server and the Fiberlink MaaS360 MDM server. A firewall is typically located between ISE and the Fiberlink MaaS360 cloud. The firewall should be configured to allow an HTTPS session from ISE located in the data center to the Fiberlink MaaS360 server located in the public Internet. The session is established outbound from ISE towards the MDM where ISE takes the client role. This is a common direction for web traffic over corporate firewalls.

Figure 1

Traffic Through Firewall

Cisco ISE

AD/LDAP

FiberLink

Cloud

Certificate

Authority

Cloud

Extender

294297

Import MDM Certificate to ISE

The Fiberlink MaaS360 MDM server incorporates an HTTPS portal to support the various users of the system. In the case of a cloud service, this website will be provided to the enterprise and ISE must establish trust with this website. Even though the cloud website is authenticated with a publicly signed certificate, ISE does not maintain a list of trusted root CAs. Therefore the administrator must establish the trust relationship. The simplest approach is to export the MDM site certificate, then import the certificate into a local cert store in ISE. Most browsers allow this. Internet explorer is shown in Figure 2 with a cloud-based MDM deployment.

8Integrating Fiberlink MaaS360 with Cisco Identity Services Engine

Image 8
Contents Revised August 6 Page Page Fiberlink MaaS360 Capabilities and Features OverviewCapability Features Fiberlink MaaS360-Key Capabilities Deployment Models Getting Fiberlink MaaS360 Ready for ISE Import MDM Certificate to ISEExporting the MDM Site Certificate with Internet Explorer Grant ISE Access to the Fiberlink MaaS360 API Manage Administrator Account Add Account Add MDM Server to ISE Configure the MDM API on ISE Verify Connectivity to MDM Message ExplanationReview MDM Dictionaries Enterprise Integration DMZFiberlink MaaS360 Cloud Extender Download Cloud Extender Installation Wizard Active Directory/LDAP Integration AD Group MembershipsOwnership User Group Restrictions MDM Profiles Create Policies Shows the flow of this process Mobile Client Application-Fiberlink MaaS360 Agent MDM APNS/GCNDevice Ownership User Experience MDM On-boardingMDM Enrollment MDM Enrollment-Terms of Acceptance Enterprise Application Store Pass Code ComplexityInstallation of Maas360 Application Corporate Data Data at-RestCorporate Wipe Forced CoA from ISEISE Compliance versus MDM Compliance Verify Device ComplianceEnd User Portal Action Type Options Device Compliance/Restrictions Device Scanning IntervalsPINLockStatus Manually Updating the MDM ServerRegisterStatus Manage Lost/Stolen DevicesJailbroken or Rooted devices Application Distribution Cisco Applications Jabber, etc Conclusion Disclaimer