Mobicontrol Administration utility

Mobicontrol Administration utility

Inquiry:

 

  1. Mobicontrol documentation that are found online is not enough or vagued.“Mobicontrol Administration Utility – Deployment Server”
    1. Site Name – can I input a unique sitename? Or it is recommended to use the default?
    2. Deployment Server Name – can I input a unique deployment server name? Or it is recommended to use the default?
    3. Primary Agent Address and Port
      • Is this the address for communication between device agent and soti server?
      • Should I use FQDN resolvable from internal and external network?
      • Another scenario: Public IP with port forwarded to 5494 – ex: 1.2.3.4:44
    4. Secondary Agent Address and Port
      • Private IP with port 5494
    5. Device Management Address and Port
      • What is the difference between “Primary Agent Address” ?
      • FQDN via port 443 ?
    6. Management Service Address and Port
      • Is this the address the Webconsole users should contact to?
      • Is it recommended also to use FQDN?
    7. Override Local Management Service Address
      • Disable
    8. Deployment Server FQDN/IP and Port
      • FQDN of Deployment Server that is resolvable from internal and external network

 

  • 21 January 2019
  • SOTI MobiControl
  • 2 Answers
  • 0 Upvote
  • 3 Followers
  • 1K Views
    • 2 Answers
    • 0 Upvote
    • 3 Followers

2 Answers

Order By:   Standard | Newest | Votes
TJ Bukoski | posted this 21 January 2019

Site Name – can I input a unique sitename? Or it is recommended to use the default?

Yes you can put in a Unique Sitename, but you should do so before you enroll any devices into MobiControl. If you change the sitename of a MobiControl environment device will stop connecting with the error: "Sitename Mismatch". Do not use special characters in your Sitename.

Deployment Server Name – can I input a unique deployment server name? Or it is recommended to use the default?

This should be the hostname of the machine that hosts the Deployment server. It is best not to change this from default.

Primary Agent Address and Port: Is this the address for communication between device agent and soti server?

Yes, please understand that this is the address and port that is communicated to the device on enrolment and check-in for how the device communicates to the server. This option does not configure the listening port or address for the service.

Should I use FQDN resolvable from internal and external network?

It is best practice to use an FQDN that is resolvable from the internal and external network. This helps greatly when you have to change hardware or certificates and reduces the amount of configurations you have to apply to the server

Another scenario: Public IP with port forwarded to 5494 – ex: 1.2.3.4:44

If you configure the agent to talk on port 44 but have your network appliance redirect the traffic to port 5494 it will work. The Deployment Service always listens on 5494 by default

Secondary Agent Address and Port: Private IP with port 5494

It's not best practice to use Private IPs in any capacity in a MobiControl configuration. But there is value in using IPs if you expect DNS outages in your environment. 

Device Management Address and Port: What is the difference between “Primary Agent Address” ?

The Device Management Address (DMA) is for Web Traffic that devices use to communicate to MobiControl. In most cases, this address is how iOS and MacOS devices communicate to MobiControl. MobiControl cannot manage Apple devices without the DMA. The iOS Profile Signing certificate is also based on the DMA. Changing the DMA or the certificate after enrolling Apple devices will require the re-enrollment of those devices. The DMA also host the App Catalog rule for Apple and Android devices and the device enrollment via URL option.

FQDN via port 443 ?

Yes please, the DMA will not work with Apple devices if it is an IP address.

Management Service Address and Port: Is this the address the Webconsole users should contact to?

Yes it is, it is also the Address of the MobiControl Web Console APIs. The other components in MobiControl will refer to this address when it needs to find the Management Service.

Is it recommended also to use FQDN?

Yes, it is always recommended to use FQDN.

Override Local Management Service Address

Leave this disabled by default unless you plan to redirect traffic to the Web Console or the APIs via a network appliance. You really need to understand what you are doing if you enable this feature, otherwise you may see redirection errors when you try to access the Web Console or use the APIs.

Deployment Server FQDN/IP and Port: FQDN of Deployment Server that is resolvable from internal and external network

This option is also known as the "Management Console Address" by the SOTI staff. It is the address that is communicated to the Management Service, SOTI Assist and the Remote Control Plugin that tells those components how to communicate to the Deployment Service. If you cannot remote control a device, it is usually because this address was not configured correctly. The Address only needs to be reachable externally if you have machines that are using the Remote Control Plugin that are external to the network that MobiControl is on. It is also important to know that this address cannot be load balanced as the Remote Control feature needs the Management Service and the Remote Control Plugin (Or SOTI Assist) to talk to the same server the device is currently talking to and a Load Balancer cannot meet this requirement.

  • 2
  • 1
Benedict Lumabi | posted this 21 January 2019

excellent explanation TJ. Mobicontrol documentation should be improved, it should be something like this.

  • 0
  • 0
Give us your feedback
Give us your feedback
Feedback