4 Replies Latest reply on Jul 15, 2016 3:59 AM by gabriele.garioni

    Mobility with LDMS 2016: is CSA always mandatory?

    gabriele.garioni Apprentice

      hi,

      one of my customers want to manage about 200 tablets in LDMS 2016.

      Those tablets are connected only to internal network (same network as coreserver) via Wifi connections, they have no SIMs and no 3G/4G connection.

      The customer is complaining about the fact that he has to buy, implement and configure a CSA (and a pubblic certificate of course) to manage Device that are in LAN.

       

      Is the CSA mandatory also in this environment? is there any way to enroll a mobile device, connected in the same LAN of the coreserer, without a CSA?

       

      thanks in advance to everyone.

        • 1. Re: Mobility with LDMS 2016: is CSA always mandatory?
          phoffmann SupportEmployee

          In essence - yes. And he can complain to Apple & Google about it, but he may want to hold off on that ... it's got its reasons.

           

          Mobility management requires the use of API's from Google / Apple - and as such, will require a CSA (devices have to talk to Apple's / Google's servers to have the API commands be picked up) and then a CSA to talk to their Core Server (as it's not a good idea of hooking up a Core to the internet) .

           

          Your customer does know that the CSA can come in a VM format, right?

           

          We recommend the use of a custom certificate for security reasons, but that is by no means required. If they're happy to sign off on the risk of using the default certificate, then they're fine to use that. We're not making people go out to cert-vendors & buy certs ... it's usually security common sense, but we don't have roaming bullies that go and "make people" do that.

           

          It may help to make your customer understand that Apple / Google lock down the devices & won't let anyone "just talk" to their devices directly, right? The *ONLY* way (shy of essentially doing actual cracking) that's legitimate goes through the Apple / Google API's and as such their servers?

           

          This isn't a requirement "because we want to be difficult" - it's a requirement from Google / Apple because that's the only way they permit their API's to be called.

           

          Does that help?

          1 of 1 people found this helpful
          • 2. Re: Mobility with LDMS 2016: is CSA always mandatory?
            gabriele.garioni Apprentice

            thank you so much.

            it's a perfect answer and complete explanation of the situation. it is going to help me a lot when i'll be facing with customer's complaints.

            • 3. Re: Mobility with LDMS 2016: is CSA always mandatory?
              phoffmann SupportEmployee

              No problem.

               

              While "inconvenient" - it's ultimately all down to security. You can understand why Apple/Google won't allow comms other than through them ... yes, it's inconvenient - and security is a compromise between inconvenience & security.

               

              While most products will have "weird decisions" stuff somewhere along the line, this entire section is dictated unto the industry by the mobile vendors (for good reasons). Much in the same way, if there's stuff that "you can do on operator X but can't do on operator Y" - the most common reason is "because Y won't let us".

              • 4. Re: Mobility with LDMS 2016: is CSA always mandatory?
                gabriele.garioni Apprentice

                another good piece of knowledge. thanks