AirWatch (v8.0) - MAG Install Guide for Windows
March 27, 2017 | Author: Tony Y | Category: N/A
Short Description
Download AirWatch (v8.0) - MAG Install Guide for Windows...
Description
AirWatch Mobile Access Gateway Installation Guide for Windows Installing the MAG for your AirWatch environment AirWatch v8.0
© 2015 VMware, Inc. All rights reserved. This document, as well as the software described in it, is furnished under license. The information in this manual may only be used in accordance with the terms of the license. This document should not be reproduced, stored or transmitted in any form, except as permitted by the license or by the express permission of AirWatch, LLC. All other marks and names mentioned herein may be trademarks or trade names of their respective companies.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Table of Contents What's New
3
Introduction to Mobile Access Gateway Installation for Windows
4
In This Guide
4
Terminology
4
Before You Begin
5
In This Section
5
Requirements
5
Recommended Reading
5
Getting Started
5
Prerequisites for MAG Proxy/Content Connectivity for SaaS Environments
6
Prerequisites for MAG Proxy/Content Connectivity for On-Premise Environments
10
Installation Preparation
15
Overview
15
Performing Preliminary Installation Steps
15
Configure MAG Proxy/Content
17
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
20
Overview
20
Installing the MAG
20
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows
29
Overview
29
Installing MAG for Basic (Endpoint only) Configurations
29
Appendix: SSL Offloading
35
Overview
35
SSL Offloading Traffic Flow
35
Enabling SSL Offloading
36
Appendix: Upgrading the Component
37
Upgrading the MAG for Windows Proxy/Content Components Appendix: Kerberos KDC Proxy Support How to Access Logs Appendix: Outbound Proxies using PAC Files For Windows Finding Additional Documentation
37 38 40 41 41 43
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 2
What's New
What's New This guide has been updated with the latest features and functionality from the most recent release of AirWatch v8.0. The list below includes these new features and the sections and pages on which they appear. l
The MAG configuration process now lets you use enterprise CA certificates to authenticate devices against the MAG Proxy component. See Configure MAG Proxy/Content on Windows for more information.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 3
Introduction to Mobile Access Gateway Installation for Windows
Introduction to Mobile Access Gateway Installation for Windows This document describes the Windows installation process for the AirWatch Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure and effective method for individual applications to access corporate resources. For more information about how you can leverage MAG, architecture and security information, and AirWatch Admin Console settings to manage the MAG's functionality, please refer to the AirWatch Mobile Access Gateway Admin Guide, available via AirWatch Resources. A separate version of this guide exists with instructions on the AirWatch Tunnel for Linux installation process. Please search AirWatch Resources for the Mobile Access Gateway Installation Guide for Linux to view it.
In This Guide l
l
l
l
Before You Begin – Ensure your deployment meets the necessary hardware, sizing, software and firewall requirements before attempting to install the MAG. MAG Installation Preparation – Perform some preliminary steps to ensure a smooth installation of the MAG. MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows – Run the MAG installer for a relayendpoint configuration. MAG Proxy/Content Installation for a Basic Configuration on Windows – Run the MAG installer for a basic (endpoint only) configuration.
l
Appendix – SSL Offloading – Read more about how to enable SSL Offloading for the MAG.
l
Appendix – Upgrading the MAG – Read more about how to upgrade the MAG from one version to the next.
l
Appendix – Kerberos KDC Proxy Support – Read more about enabling Kerberos authentication functionality.
l
Appendix – Outbound Proxies using PAC Files – Read more about steps you should follow if you are accessing outbound proxies through the MAG that use a PAC file and also require authentication.
Terminology Reading over the following terminology as it relates to the various components of the MAG will help aid your understanding of the technology. l
l
l
l
MAG – Mobile Access Gateway. The generic term for the two components that comprise it: Proxy and Content. Proxy – The MAG component that handles securing traffic between an end-user device and a website via the AirWatch Browser mobile app. Content – The MAG component that handles securing end-user access to corporate resources such as a file server via the AirWatch Content Locker mobile app. App Wrapping – Functionality that lets you secure enterprise applications without code changes. It can add an extra layer of security and data loss prevention while offering a consistent user experience.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 4
Before You Begin
Before You Begin This section covers topics and prerequisites you should familiarize yourself with so you can get the most out of using this guide.
In This Section l
Requirements – See a list of requirements you must meet before installing the MAG.
l
Recommended Reading – See a list of additional guides that contain supplemental information about MAG.
l
Getting Started – See additional considerations you should know before you begin.
Requirements l
l
For a complete listing of all requirements for installing MAG in a SaaS environment, refer to Prerequisites for MAG Proxy/Content Connectivity for SaaS Environments. For a complete listing of all requirements for installing MAG in an on-premise environment, refer to Prerequisites for MAG Proxy/Content Connectivity for On-Premise Environments.
Recommended Reading l
l
l
AirWatch Cloud Messaging (AWCM) Guide – This guide walks on-premise customers through setting up the AWCM service, which is required for using MAG. AirWatch Mobile Access Gateway Admin Guide – This guide provides an overview of the MAG and how to enable MAG functionality within the AirWatch Admin Console. AirWatch On-Premise Configuration Guide – This guide details the various aspects of an on-premise deployment, including hardware sizing, high availability, monitoring/maintenance, and so on.
Getting Started l
l
l
Note the following distinction between on-premise and SaaS deployments: o
On-premise refers to AirWatch deployments where your organization hosts all AirWatch components and servers on its internal networks.
o
SaaS refers to AirWatch deployments where certain AirWatch components, such as the Console and API servers, are hosted in the cloud by AirWatch.
Before continuing with MAG installation, ensure AWCM is configured and operational. If you are an on-premise customer, refer to the AWCM Guide, available via AirWatch Resources, for instructions on how to configure AWCM before installing the MAG. Ensure you have performed all the necessary preliminary steps in MAG Installation Preparation.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 5
Prerequisites for MAG Proxy/Content Connectivity for SaaS Environments
Prerequisites for MAG Proxy/Content Connectivity for SaaS Environments Status Checklist
Requirement
Notes
Hardware Requirements VM or Physical Server (64bit)
1 CPU Core (2.0+ GHz)* *An Intel processor is required. 2 GB RAM or higher 5 GB Disk Space
Sizing for up to 100,000 Devices Number of Devices Up to 5,000
5,000 to 50,000
50,000 to 100,000
100,000+
CPU Cores
1
4 or 2 load-balanced w/ 2 CPU Cores
4 or 2 load-balanced w/ 2 CPU Cores
2 load-balanced with 4 CPU Cores
RAM (GB)
4
4
8
16
General Requirements Remote access to Windows Recommended to setup Remote Desktop Connection Manager for Servers available to multiple server management, installer can be downloaded from AirWatch and http://www.microsoft.com/en-us/download/confirmation.aspx?id=21101 Administrator rights Installation of Notepad++ (Recommended)
Installer can be downloaded from http://download.tuxfamily.org/notepadplus/6.5.1/npp.6.5.1.Installer.exe
Software Requirements Windows Server 2008 R2 or Windows Server 2012 or Windows Server 2012 R2 Install Role from Server Manager
IIS 7.0 (Server 2008 R2) IIS 8.0 (Server 2012 or Server 2012 R2) IIS 8.5 (Server 2012 R2 only)
Install .NET Framework 4.5.2
The installer will install this version of .NET provided the server has Internet access. Otherwise, download and manually install it.
Install 64-bit Java Runtime Environment version 7 or greater
Download from https://java.com/en/download/index.jsp
Internally registered DNS
Register the MAG relay (If Relay-Endpoint) or register the MAG Endpoint (If Endpoint only)
Note: Ensure 32-bit Java is not installed.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 6
Prerequisites for MAG Proxy/Content Connectivity for SaaS Environments
Status Checklist
Requirement
Notes
Externally registered DNS
Register the MAG relay (If Relay-Endpoint) or register the MAG Endpoint (If Endpoint only)
SSL Certificate from trusted Ensure SSL certificate is trusted by all device types being used. (i.e. not all third party with Subject or Comodo certificates are natively trusted by Android) Subject Alternative name of DNS IIS 443 Binding with the same SSL certificate
Validate that you can connect to the server over HTTPS (https://yourAirWatchDomain.com). At this point, you should see the IIS splash page.
Ensure the AWCM SSL certificates Intermediate and Root CA certificate are in the Java CA Keystore on the MAG server
Use the Command Line Utility on the MAG server to enter the following: keytool -list -v -keystore $JAVA_HOME\jre \lib\security\cacerts OR Use the GUI tool (free) here: http://portecle.sourceforge.net/
Note: For configuring the ports listed below, all traffic is uni-directional (outbound) from the source component to the destination component. Network Requirements Source Component Destination Component Protocol Port
Verification
Devices (from Internet and Wi-Fi)
Once MAG starts correctly, it should be listening on the HTTPS port by default. To make sure, you can open browser and check the following:
AirWatch MAG
HTTPS
2020 by default (for Browser)
https://: – You should see an untrusted certificate screen unless there is a trusted SSL certificate and in that case you should see 407 MAG Authentication Failed! Devices (from Internet and Wi-Fi)
AirWatch MAG
HTTPS
443 (for Telnet from Internet to MAG Content) server on port
Note
1
1
MAG – Basic-Endpoint Configuration AirWatch MAG Endpoint
AirWatch Cloud Messaging Server*
HTTPS
443
Verify by entering https://: 443/awcm/status in browser and ensure there is no certificate trust error
2
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 7
Prerequisites for MAG Proxy/Content Connectivity for SaaS Environments
Source Component Destination Component Protocol Port AirWatch Tunnel Endpoint
Web-based content HTTP or repositories (SharePoint HTTPS / WebDAV / CMIS / etc.)
80 or 443
AirWatch Tunnel Endpoint
Internal websites / web apps
HTTP or HTTPS
80 or 443
AirWatch MAG Endpoint
Internal System
Any
Any
AirWatch MAG Endpoint
AirWatch REST API
HTTPS
443
CIFS or SMB
4
5
Verify by entering https://APIServerUrl/API/help in browser. If you are prompted for credentials, enter AirWatch admin credentials and an API help page should display.
https://asXXX.awmdm. com or
Network Share-based repositories (Windows file shares)
Note
6
https://asXXX.airwatch portals.com AirWatch Tunnel Endpoint
Verification
137-139 or 445
Telnet from AirWatch Tunnel endpoint to CIFS/SMB endpoint.
7
8
MAG – Relay-Endpoint Configuration AirWatch MAG Relay
AirWatch Cloud Messaging Server
AirWatch MAG Relay
AirWatch MAG Endpoint HTTPS
2010 (for Telnet from MAG Relay to MAG Browser) Endpoint server on port
3
AirWatch MAG Relay
AirWatch MAG Endpoint HTTPS
443 (for Telnet from MAG Relay to MAG Content) Endpoint server on port
3
AirWatch Tunnel Endpoint
Web-based content HTTP or repositories (SharePoint HTTPS / WebDAV / CMIS / etc.)
80 or 443
AirWatch Tunnel Endpoint
Internal websites / web apps
HTTP or HTTPS
80 or 443
AirWatch MAG Endpoint
Internal System
Any
Any
AirWatch MAG Relay
AirWatch REST API
HTTP or HTTPS
80 or 443
https://asXXX.awmdm. com or https://asXXX.airwatch portals.com
HTTP or HTTPS
443
Verify by entering https://:443/awcm/status in browser and ensure there is no certificate trust error
2
4
5 6 Verify by entering https://APIServerUrl/API/help in browser. If you are prompted for credentials, enter AirWatch admin credentials and an API help page should display.
7
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 8
Prerequisites for MAG Proxy/Content Connectivity for SaaS Environments
Source Component Destination Component Protocol Port
Verification
AirWatch Tunnel Endpoint
Telnet from AirWatch Tunnel endpoint to CIFS/SMB endpoint.
Network Share-based repositories (Windows file shares)
CIFS or SMB
137-139 or 445
Note
8
Note: If you plan on using the MAG/AirWatch Tunnel to connect to network file shares, then it is required that either the Endpoint be on the same domain as the NFS or, if the MAG/AirWatch Tunnel is on a different domain, it must have domain trust with the domain of the NFS. * For SaaS customers, see https://airwatch.zendesk.com/entries/21419683-What-are-the-AirWatch-IP-ranges-for-SaaSdata-centers- to view an ASK article that provides the most up-to-date IP ranges. 1. For devices attempting to access internal resources. 2. For the MAG to query the AirWatch Admin Console for compliance and tracking purposes. 3. For MAG Relay topologies to forward device requests to the internal MAG endpoint only. 4. For devices with the AirWatch Content Locker to access internal content. 5. For devices with the AirWatch Browser to access internal websites/web applications. 6. For devices with app tunnel; enables applications to communicate with internal systems. Note: If a firewall resides between the MAG Endpoint and an internal system you are trying to reach, then you will have to open the corresponding port depending on the traffic. For example, Windows Network Files Shares require ports 135 through 139 and 445 to be open in order to access content on Windows fileshares. 7. The MAG needs to communicate with the API for initialization. Ensure there is connectivity between the REST API and the MAG server.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 9
Prerequisites for MAG Proxy/Content Connectivity for On-Premise Environments
Prerequisites for MAG Proxy/Content Connectivity for OnPremise Environments Status Checklist
Requirement
Notes
Hardware Requirements VM or Physical Server (64bit)
1 CPU Core (2.0+ GHz)* *An Intel processor is required. 2 GB RAM or higher 5 GB Disk Space Note: The requirements listed here support basic data query. You may require additional server space if your use case involves the transmission of large encrypted files from a content repository.
Sizing for up to 100,000 Devices Number of Devices Up to 5,000
5,000 to 50,000
50,000 to 100,000
100,000+
CPU Cores
1
4 or 2 load-balanced w/ 2 CPU Cores
4 or 2 load-balanced w/ 2 CPU Cores
2 load-balanced with 4 CPU Cores
RAM (GB)
4
4
8
16
General Requirements Remote access to Windows Recommended to setup Remote Desktop Connection Manager for Servers available to multiple server management; you can download the installer from: AirWatch and http://www.microsoft.com/en-us/download/confirmation.aspx?id=21101 Administrator rights Installation of Notepad++ (Recommended)
You can download the installer from: http://download.tuxfamily.org/notepadplus/6.5.1/npp.6.5.1.Installer.exe
Software Requirements Windows Server 2008 R2 or Windows Server 2012 or Windows Server 2012 R2 Install Role from Server Manager
IIS 7.0 (Server 2008 R2) IIS 8.0 (Server 2012 or Server 2012 R2) IIS 8.5 (Server 2012 R2 only)
Install .NET Framework 4.5.2
The installer will install this version of .NET provided the server has Internet access. Otherwise, download and manually install it.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 10
Prerequisites for MAG Proxy/Content Connectivity for On-Premise Environments
Status Checklist
Requirement
Notes
Install 64-bit Java Runtime Environment version 7 or greater
Download from https://java.com/en/download/index.jsp
Internally registered DNS
Register the MAG relay (If Relay-Endpoint) or register the MAG Endpoint (If Endpoint only)
Externally registered DNS
Register the MAG relay (If Relay-Endpoint) or register the MAG Endpoint (If Endpoint only)
Note: Ensure 32-bit Java is not installed.
SSL Certificate from trusted Ensure SSL certificate is trusted by all device types being used. (i.e. not all third party with Subject or Comodo certificates are natively trusted by Android) Subject Alternative name of DNS IIS 443 Binding with the same SSL certificate
Validate that you can connect to the server over HTTPS (https://yourAirWatchDomain.com). At this point, you should see the IIS splash page.
Ensure the AWCM SSL certificates Intermediate and Root CA certificate are in the Java CA Keystore on the MAG server
Use the Command Line Utility on the MAG server to enter the following: keytool -list -v -keystore $JAVA_HOME\jre \lib\security\cacerts OR Use the GUI tool (free) here: http://portecle.sourceforge.net/
Note: For configuring the ports listed below, all traffic is uni-directional (outbound) from the source component to the destination component. Network Requirements Source Component Destination Component Protocol Port
Verification
Devices (from Internet and Wi-Fi)
Once MAG starts correctly, it should be listening on the HTTPS port by default. To make sure, you can open browser and check the following:
AirWatch MAG
HTTPS
2020 by default (for Browser)
https://:2020 – You should see an untrusted certificate screen unless there is a trusted SSL certificate and in that case you should see 407 MAG Authentication Failed! Devices (from Internet and Wi-Fi)
AirWatch MAG
HTTPS
443 (for Telnet from Internet to MAG Content) server on port
Note
1
1
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 11
Prerequisites for MAG Proxy/Content Connectivity for On-Premise Environments
Source Component Destination Component Protocol Port AirWatch Device Services
AirWatch Tunnel
HTTP or HTTPS
80 or 443
AirWatch Console
AirWatch Tunnel
HTTP or HTTPS
80 or 443
Verification
Note
8 9
MAG – Basic-Endpoint Configuration AirWatch MAG Endpoint
AirWatch Cloud Messaging Server
HTTP or HTTPS
2001 or a Verify by entering port you https://: configure /awcm/status in browser and ensure there is no certificate trust error
AirWatch Tunnel Endpoint
Web-based content HTTP or repositories (SharePoint HTTPS / WebDAV / CMIS / etc.)
80 or 443
AirWatch Tunnel Endpoint
Internal websites / web apps
HTTP or HTTPS
80 or 443
AirWatch MAG Endpoint
Internal System
Any
Any
AirWatch MAG Endpoint
AirWatch REST API (DS or CN server)
HTTP or HTTPS
80 or 443 Verify by entering https://APIServerUrl/API/help in browser and ensure there is no certificate trust error (cannot be a self-signed certificate). If you are prompted for credentials, enter Airwatch admin credentials
AirWatch Tunnel Endpoint
Network Share-based repositories (Windows file shares)
CIFS or SMB
2
3
4 6
137-139 or 445
Telnet from AirWatch Tunnel endpoint to CIFS/SMB endpoint.
7
10
MAG – Relay-Endpoint Configuration AirWatch MAG Relay
AirWatch Cloud Messaging Server
HTTP or HTTPS
2001 or a Verify by entering port you https://:/awcm/status in browser and ensure there is no certificate trust error
AirWatch Tunnel Endpoint
Web-based content HTTP or repositories (SharePoint HTTPS / WebDAV / CMIS / etc.)
80 or 443
AirWatch Tunnel Endpoint
Internal websites / web apps
80 or 443
HTTP or HTTPS
2
3
4
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 12
Prerequisites for MAG Proxy/Content Connectivity for On-Premise Environments
Source Component Destination Component Protocol Port
Note
AirWatch MAG Endpoint
Internal System
AirWatch MAG Relay
AirWatch MAG Endpoint HTTPS
2010 (for Telnet from MAG Relay to MAG Browser) Endpoint server on port
6
AirWatch MAG Relay
AirWatch MAG Endpoint HTTPS
443 (for Telnet from MAG Relay to MAG Content) Endpoint server on port
6
AirWatch MAG Relay
AirWatch REST API (DS or CN server)
80 or 443 Verify by entering https://APIServerUrl/API/help in browser and ensure there is no certificate trust error (cannot be a self-signed certificate). If you are prompted for credentials, enter Airwatch admin credentials
7
AirWatch Tunnel Endpoint
Network Share-based repositories (Windows file shares)
Any
Verification
HTTP or HTTPS
CIFS or SMB
Any
5
137-139 or 445
Telnet from AirWatch Tunnel endpoint to CIFS/SMB endpoint.
10
Note: If you plan on using the MAG/AirWatch Tunnel to connect to network file shares, then it is required that either the Endpoint be on the same domain as the NFS or, if the MAG/AirWatch Tunnel is on a different domain, it must have domain trust with the domain of the NFS. 1. For devices attempting to access internal resources. 2. For the MAG to query the AirWatch Admin Console for compliance and tracking purposes. 3. For devices with the AirWatch Content Locker to access internal content from websites, such as SharePoint. 4. For devices with the AirWatch Browser to access internal websites/web applications. 5. For devices with app tunnel; enables applications to communicate with internal systems. Note: If a firewall resides between the MAG Endpoint and an internal system you are trying to reach, then you will have to open the corresponding port depending on the traffic. For example, Windows Network Files Shares require ports 135 through 139 and 445 to be open in order to access content on Windows file shares. 6. For MAG Relay topologies to forward device requests to the internal MAG endpoint only. 7. The MAG needs to communicate with the API for initialization. The API server is generally hosted on the AirWatch Admin Console Server or can be a separate server. Ensure there is connectivity between this server and the MAG server. 8. For the Device Services server to enumerate the repositories via the content relay and convert them into a format devices can use. 9. For the Console server to enumerate the repositories via the content relay for viewing in the AirWatch Admin
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 13
Prerequisites for MAG Proxy/Content Connectivity for On-Premise Environments
Console. 10. For devices with the AirWatch Content Locker to access internal content from Network Shares.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 14
Installation Preparation
Installation Preparation Overview Before installing the server within your network, you must ensure your environment meets all the requirements, and then prepare for installation by downloading the installation files. Notes: l
l
l
Steps 1 through 3 are applicable for on-premise customers only. If you are a SaaS customer, begin with step 4. Before you begin installing AirWatch Tunnel, ensure that AWCM is installed correctly, running, and communicating with AirWatch without any errors. For more information about configuring AWCM refer to the AirWatch AWCM Guide. AirWatch recommends you do not configure AirWatch Tunnel at the Global organization group level.
Performing Preliminary Installation Steps Prepare for the installation by performing the following steps.
1. Navigate to Groups & Settings ► All Settings ► System ► Advanced ► Site URLs in the AirWatch Admin Console. 2. Ensure the URLs highlighted above are correct: REST API URL – Should be in the format "https:///api". AWCM Server External URL – Should be in the format "server.acme.com" and not include a protocol such as https. AWCM Service Internal URL – Should be in the format "https://server.acme.com". 3. Select Save.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 15
Installation Preparation
4. Navigate to Groups & Settings ► All Settings ► System ► Advanced ► Device Root Certificate and verify the device root certificate exists. If it does not exist, click the Override radio button and generate the root device certificate.
5. Navigate to Groups & Settings ► All Settings ► System ► Advanced ► API ► REST API and click the Override radio button.
6. Ensure the Enable API Access check box is selected and an API Key is displayed in the field highlighted above. 7. Click Save.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 16
Configure MAG Proxy/Content
Configure MAG Proxy/Content Perform the following configuration procedure to access the MAG Windows installer, which will let you download and install the MAG Content and Proxy components. 1. Navigate to Groups & Settings ► All Settings ► System ► Enterprise Integration ► Mobile Access Gateway. If this is your first time configuring MAG, then select Configure and follow the configuration wizard screens. Otherwise, select the Override radio button, ensure the Enable Mobile Access Gateway check box is selected, and then select Configure to configure the following settings. In either case, select Configure MAG for Windows. a. Select either Basic or Relay-Endpoint as your Configuration Type. Select Next. You can find more info on these configuration types in the MAG Admin Guide, available via AirWatch Resources. b. Enter the following information for the Details section: Proxy (App Wrapping / Browser / SDK Configuration): l
Host Name – The name given to the server where the MAG will be installed. If you plan to install the MAG on an SSL offloaded server, enter the name of that server in place of the Host Name. Note: When entering the Host Name, do not include protocol (http://, https://, etc.).
l
Default HTTPS Port – The port number automatically assigned for HTTPS communication with the MAG. Note: By default AirWatch Tunnel utilizies a single HTTPS Port for HTTPS Tunneling. If you want to define an HTTP Port and use HTTP Tunneling you can do so on the Advanced settings page after configuration. Refer to the HTTP and HTTPS Tunneling section of the AirWatch Mobile Access Gateway Admin Guide, available via AirWatch Resources for more information.
l
Use Kerberos Proxy – Enabling Kerberos proxy support will allow access to Kerberos authentication, typically only available inside the corporate network, for target backend web services. Note that this does not currently support Kerberos Constrained Delegation (KCD). Note: The Endpoint server needs to be on the same domain as KDC for the Kerberos Proxy to successfully communicate with the KDC. For more information, see Appendix – Kerberos KDC Proxy Support.
If using a Relay-Endpoint setup, then also enter the Endpoint Details as follows: l
l
MAG Endpoint Host Name – Enter the FQDN (absolute domain name) of the MAG endpoint. Relay-Endpoint Port – This is the port used for traffic between the MAG relay and MAG endpoint. Note that you should not use port 80, because IIS, which is required for MAG installation, will already be bound to port 80.
Content Configuration:
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 17
Configure MAG Proxy/Content
l
Content Repository URL – The URL used to access the MAG Content Repository Relay from the Internet. Typically the same as the hostname field but with an HTTP/HTTPS protocol. For example: HTTPS://magrelay.acme.com.
Note: If using a Relay-Endpoint setup, enter both the Relay and Endpoint URLs. c. Click Next to advance to the SSL section. Enter the following information: App Wrapping / Browser / SDK SSL Certificate: l
Select the Use Public SSL Certificate check box if you are using third party public SSL certificates for authentication between AirWatch applications and the MAG. Select Upload to browse for and upload your certificate file (.pfx or .p12). This file must contain both your public and private key pair.
Content SSL Certificate: l
Ignore SSL Errors – Select to ignore SSL errors that occur during communication between the AirWatch Admin Console and the content repository.
d. Click Next to advance to the Authentication section, where you can select to use an enterprise CA in place of AirWatch issued certificates. Select Default to use AirWatch issued certificates. Select Enterprise CA to display drop-downs for your certificate authority and certificate template that you have uploaded into AirWatch. Also upload your root certificate of your CA. Note: The CA template must contain the following field in the subject name: CN=UDID. Supported CAs are ADCS, RSA and SCEP. For more information about integrating with your certificate provider, please see the certificate management documentation for your CA, available via AirWatch Resources in the Certificate Management section. e. Click Next to display the Summary section. Review the summary of your MAG configuration and select Save. You are navigated back to the MAG Configuration page. 2. Select the Advanced tab and then select Generate Certificates to enable MAG Authentication. If you plan to install the MAG on an SSL offloaded server, click Export MAG Certificate from the AirWatch Admin Console once the certificate has been generated. Then, import the certificate on the server performing SSL offload. (This server can be a load balancer or reverse proxy.)
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 18
Configure MAG Proxy/Content
Note: The other settings on this Advanced tab are explained in the AirWatch MAG Admin Guide, available via AirWatch Resources. 3. Select the General tab and then select the Download Windows Installer hyperlink.
4. Enter and confirm a certificate password and then click Download.
Note: The MAG password must contain a minimum of six characters. 5. Click Save. 6. Continue with the steps for MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows or MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows, depending on the configuration you selected.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 19
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows Overview Perform the following steps to install the MAG for a Relay-Endpoint configuration, which you can view below. Verify the presence of IIS and install Java on the MAG server as needed, as noted in the Requirements section. Note: Before you begin, ensure the server you are installing MAG on can reach AWCM by browsing to "https:// {url}:/awcm/status", where is the configurable external port for AWCM. You should see the status of the AWCM with no SSL errors. If there are errors, resolve them before continuing or the MAG will not properly function. Example of a Relay-Endpoint Configuration
For more information about the supported MAG configurations and deployment models, refer to the AirWatch Mobile Access Gateway Admin Guide, available via AirWatch Resources.
Installing the MAG The process below walks you through installing the MAG on the Relay server first. Immediately afterward, follow the instructions for installing the MAG on the Endpoint server as well.
Relay Server 1. Open the installer executable on the Relay MAG server and then click Next. For Relay-Endpoint configurations, you must perform MAG installation on both the Relay and Endpoint servers. The steps below assume you are first
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 20
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
installing it on the Relay server. Note: If a previous version of MAG is installed, the installer auto-detects it and offers the option to upgrade to the latest version. 2. Accept the End User License Agreement and then click Next.
3. Specify the destination for the downloaded MAG installation files and then click Next.
4. Select the Relay button to first install MAG on the Relay server.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 21
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
5. Select Is this server SSL Offloaded? if you are setting up a reverse proxy configuration with SSL Offloading. For more information see the Appendix B – SSL Offloading section. 6. Select Next. 7. Enter the Certificate Password you created in the AirWatch Admin Console and then click Next.
8. Select the Target Site in which the AirWatch application should be installed using the drop-down menu and then click Next.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 22
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
If Windows Firewall is turned on, you may receive the following dialog indicating that certain profiles are enabled. In this case, please ensure the necessary MAG ports – which include both the ones you configured in the AirWatch Admin Console and the default IIS website port you are using to access content – are allowed in the Windows Firewall settings.
9. Click Install to begin MAG installation on the server.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 23
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
10. Click Finish to close the MAG installer. Review the activity found in the .log file created by the MAG installer to verify successful MAG installation. The file can be found in the same destination folder where the installer executable was initially downloaded. Next, you will install the MAG on the Endpoint server.
Endpoint Server 1. Open the installer executable on the Endpoint MAG server and then click Next. Note: If a previous version of MAG is installed, the installer auto-detects it and offers the option to upgrade to the latest version. 2. Accept the End User License Agreement and then click Next.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 24
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
3. Specify the destination for the downloaded MAG installation files and then click Next.
4. Select the Endpoint button to install MAG on the Endpoint server. 5. Select the check box to indicate if MAG will use an outbound proxy. If so, enter the address of the Proxy Host and Proxy Port number to be used for communication. If the proxy requires authentication, first select the Does the proxy require authentication credentials? checkbox, then select whether it uses Basic or NTLM authentication, then specify the Username and Password credentials.
6. Specify whether you are using Proxy auto-configuration (PAC) files as part of your MAG installation. A PAC file is a set of rules that a browser checks to determine where traffic gets routed. For MAG, traffic is checked against the PAC file to determine if it has to go through an outbound proxy. If you have authentication for PAC files, then the MAG must know username and password of the proxy. You can reference a PAC file on a remote server by providing the PAC URL or Upload a PAC file directly.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 25
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
Note: If you are accessing outbound proxies through the MAG that use a PAC file and also require authentication, then refer to Appendix: Outbound Proxies using PAC Files. When you are finished, click Next.
7. Enter the Certificate Password you created in the AirWatch Admin Console and then click Next.
8. Select the Target Site in which the AirWatch application should be installed using the drop-down menu and then click Next.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 26
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
If Windows Firewall is turned on, you may receive the following dialog indicating that certain profiles are enabled. In this case, please ensure the necessary MAG ports – which include both the ones you configured in the AirWatch Admin Console and the default IIS website port you are using to access content – are allowed in the Windows Firewall settings.
9. Click Install to begin MAG installation on the server.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 27
MAG Proxy/Content Installation for a Relay-Endpoint Configuration on Windows
10. Click Finish to close the MAG installer.
Verify Installation Review the activity found in the .log file created by the MAG installer to verify successful MAG installation. The file can be found in the same destination folder where the installer executable was initially downloaded. Additionally, select Test Connection on the MAG configuration page (Groups & Settings ► All Settings ► System ► Enterprise Integration ► Mobile Access Gateway) in the AirWatch Admin Console to verify the installation. This page will tell you MAG version info, connectivity to the MAG via HTTP/S, and certificate chain and content endpoint validation. Note for on-premise customers: If you are an on-premise customer and your AirWatch Console server is installed on the internal network, then you may see fail connection for the Console To line items. This is the expected behavior when the Console server does not have access to the MAG Relay server in the DMZ and will not affect MAG functionality.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 28
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows Overview Perform the following steps to install the MAG for a Basic configuration, which you can view below. Verify the presence of IIS and install Java on the MAG server as needed, as noted in the Requirements section. Note: Before you begin, ensure the server you are installing MAG on can reach AWCM by browsing to "https:// {url}:/awcm/status", where is the configurable external port for AWCM. You should see the status of the AWCM with no SSL errors. If there are errors, resolve them before continuing or the MAG will not properly function. Example of a Basic Configuration
For more information about the supported MAG configurations and deployment models, refer to the AirWatch Mobile Access Gateway Admin Guide, available via AirWatch Resources.
Installing MAG for Basic (Endpoint only) Configurations 1. Open the installer executable on the Endpoint MAG server and then click Next. Note: If a previous version of MAG is installed, the installer auto-detects it and offers the option to upgrade to the latest version.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 29
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows
2. Accept the End User License Agreement and then click Next.
3. Specify the destination for the downloaded MAG installation files and then click Next.
4. Select the check box to indicate if MAG will use an outbound proxy. If so, enter the address of the Proxy Host and Proxy Port number to be used for communication. If the proxy requires authentication, first select the Does the proxy require authentication credentials? checkbox, then select whether it uses Basic or NTLM authentication, then specify the Username and Password credentials.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 30
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows
5. Specify whether you are using Proxy auto-configuration (PAC) files as part of your MAG installation. A PAC file is a set of rules that a browser checks to determine where traffic gets routed. For MAG, traffic is checked against the PAC file to determine if it has to go through an outbound proxy. If you have authentication for PAC files, then the MAG must know username and password of the proxy. You can reference a PAC file on a remote server by providing the PAC URL or Upload a PAC file directly. Note: If you are accessing outbound proxies through the MAG that use a PAC file and also require authentication, then refer to Appendix: Outbound Proxies using PAC Files. When you are finished, click Next.
6. Enter the Certificate Password you created in the AirWatch Admin Console and then click Next.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 31
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows
7. Select the Target Site in which the AirWatch application should be installed using the drop-down menu and then click Next.
If Windows Firewall is turned on, you may receive the following dialog indicating that certain profiles are enabled. In this case, please ensure the necessary MAG ports – which include both the ones you configured in the AirWatch Admin Console and the default IIS website port you are using to access content – are allowed in the Windows Firewall settings.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 32
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows
8. Click Install to begin MAG installation on the server.
9. Click Finish to close the MAG installer.
Verify Installation Review the activity found in the .log file created by the MAG installer to verify successful MAG installation. The file can be found in the same destination folder where the installer executable was initially downloaded. Additionally, select Test Connection on the MAG configuration page (Groups & Settings ► All Settings ► System ► Enterprise Integration ► Mobile Access Gateway) in the AirWatch Admin Console to verify the installation. This page will tell you MAG version info, connectivity to the MAG via HTTP/S, and certificate chain and content endpoint validation.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 33
MAG Proxy/Content Installation for a Basic (Endpoint only) Configuration on Windows
Note for on-premise customers: If you are an on-premise customer and your AirWatch Console server is installed on the internal network, then you may see fail connection for the Console To line items. This is the expected behavior when the Console server does not have access to the MAG endpoint in the DMZ and will not affect MAG functionality.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 34
Appendix: SSL Offloading
Appendix: SSL Offloading Note: SSL Offloading is supported for Content and Proxy components.
Overview When accessing HTTP endpoints using HTTP Tunneling, all HTTP traffic is encrypted and authenticated using an SSL certificate and sent over port 2020 as HTTPS. You can perform SSL Offloading with products such as F5's BIG-IP Local Traffic Manager (LTM), or Microsoft's Unified Access Gateway (UAG), Threat Management Gateway (TMG) or Internet Security and Acceleration Server (ISA) solutions. While these are common solutions, support is not exclusive to these. MAG/AirWatch Tunnel is compatible with general SSL Offloading solutions provided that the solution supports the HTTP CONNECT method. The following diagram illustrates how SSL Offloading affects traffic in a Relay-Endpoint configuration.
Note: Using the MAG/AirWatch Tunnel to access internal content supports both SSL offloading and also proxying traffic. Using the MAG to perform proxy functions supports SSL Offloading only.
SSL Offloading Traffic Flow 1. A device requests access to content or resources, which can be either an HTTP or HTTPS endpoint. l
l
Requests to HTTP endpoints are sent over a port you configure and encrypted and authenticated with an SSL certificate. Requests to HTTPS endpoints are sent over a port you configure and encrypted and authenticated with a third party SSL certificate.
2. The traffic hits an SSL Termination Proxy, which must contain the AirWatch certificate exported from the AirWatch Admin Console or your organization's own public certificate.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 35
Appendix: SSL Offloading
l
l
Requests to HTTP endpoints over the port you configure have their SSL certificate offloaded and sent to the Relay unencrypted over port 2010. Requests to HTTPS endpoints over the port you configure are unaffected and continue to the Relay on that port.
Note: Since all traffic is now sent over the port you configured, you must create a rule on your SSL Termination Proxy to forward all traffic on that port. 3. The traffic continues from the Relay to the Endpoint on a port you configure. 4. The Endpoint communicates with your backend systems to access the requested content or resources.
Enabling SSL Offloading To enable SSL Offloading, ensure the SSL Offloading check box is selected during installation for the Relay server. This informs the Relay to expect to receive all traffic on the port you configured.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 36
Appendix: Upgrading the Component
Appendix: Upgrading the Component To upgrade, simply download and run the installer again using the same procedures outlined previously in this document, depending on your configuration setup. Note that any custom changes you made to configuration files after the original installation will be lost, so you may want to make backups of these files to reference later.
Upgrading the MAG for Windows Proxy/Content Components 1. Log in to the AirWatch Admin Console and navigate to Groups & Settings ► All Settings ► System ► Enterprise Integration ► Mobile Access Gateway. 2. Select the General tab and then select the Download Windows Installer hyperlink.
3. Enter and confirm a certificate password and then click Download.
Note: The MAG password must contain a minimum of six characters. 4. Continue with the steps for MAG Installation for a Relay-Endpoint Configuration or MAG Installation for a Basic (Endpoint only) Configuration.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 37
Appendix: Kerberos KDC Proxy Support
Appendix: Kerberos KDC Proxy Support Note: Kerberos KDC Proxy Support is supported for the Proxy component. MAG/AirWatch Tunnel Proxy supports Kerberos authentication in the requesting application. This new component, Kerberos KDC proxy (KKDCP), gets installed on the endpoint server. AirWatch KKDCP acts as a proxy to your internal KDC server. AirWatch-enrolled and compliant devices with a valid AirWatch issued identity certificate can be allowed to access your internal KDC. For a client application to authenticate to Kerberos- enabled resources, all of the Kerberos requests need to be passed through KKDCP. The basic requirement for Kerberos authentication is to make sure you install the Endpoint with Kerberos proxy enabled during configuration in a network where it can access the KDC server. Note: Currently, this functionality is only supported with the AirWatch Browser v2.5 and higher for Android. You can enable Kerberos proxy settings in the following manner: 1. During the configuration, check the box Use Kerberos proxy and enter the Realm of the KDC server.
2. If the Realm is not reachable then you could also configure the KDC server IP on the Advanced settings tab in system settings.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 38
Appendix: Kerberos KDC Proxy Support
Note: Only add the IP if the Realm is not reachable, as it will take precedence over the Realm value entered in the configuration.
Note: By default the Kerberos proxy server uses port 2040, which is internal only, hence no firewall changes are required to have external access over this port. 3. Save the settings and download the installer to install MAG. On Windows, once the MAG is installed you will see that a new Windows service called AirWatch Kerberos Proxy has been added.
4. Enable Kerberos from the SDK settings in the AirWatch Admin Console so the requesting application is aware of the
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 39
Appendix: Kerberos KDC Proxy Support
KKDCP. To do this, navigate to Groups & Settings ► All Settings ► Apps ► Settings And Policies and select Security Policies. Under Integrated Authentication, select Enable Kerberos. Save the settings.
How to Access Logs l
l
l
The path for KKDCP logs for MAG for Windows is: \AirWatch\Logs\MobileAccessGateway To make sure the AirWatch KKDCP server is up and running, access the following URL in your browser from the server where KKDCP is installed: http://localhost:2040/kerberosproxy/status If the proxy server is working as expected then the browser return the following response: { "kdcServer":"internal-dc01.internal.local.:88", "kdcAccessible":true }
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 40
Appendix: Outbound Proxies using PAC Files
Appendix: Outbound Proxies using PAC Files Note: Outbound Proxies using PAC files is supported for the Proxy component.
For Windows If you are accessing outbound proxies through the MAG that use a PAC file and also require authentication, then you will need to perform the following steps: 1. In Windows Explorer, navigate to \AirWatch\MobileAccessGateway\bin. 2. Run proxy-tools. 3. Enter 1 for proxy credentials and do NOT press enter.
4. Enter 1 for Basic and 2 for NTLM authentication using a single service account.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 41
Appendix: Outbound Proxies using PAC Files
5. Enter the domain, username and password according to your service account credentials for the outbound proxy configured in your environment.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 42
Finding Additional Documentation
Finding Additional Documentation While reading through this documentation you may encounter topics that reference other documents that are not included here. You may also be looking for separate documentation that is not a part of this resource. You can access this additional documentation through the AirWatch Resources page (https://resources.air-watch.com) on myAirWatch. Note: It is always recommended you pull the document from AirWatch Resources each time you need to reference it. To search for and access additional documentation via the AirWatch Resources page, perform the following step-by-step instructions: 1. Navigate to http://my.air-watch.com and log in using your AirWatch ID credentials. 2. Select AirWatch Resources from the navigation bar or home screen. The AirWatch Resources page displays with a list of recent documentation and a list of Resources Categories on the left. 3. Select your AirWatch Version from the drop-down list in the search parameters to filter a displayed list of documents. Once selected, you will only see documentation that pertains to your particular version of AirWatch.
4. Access documentation using the following methods: l
l
l
Select a resource category on the left to view all documents belonging to that category. For example, selecting Documentation filters your search to include the entire technical documentation set. Selecting Platform filters your search to only include platform guides. Search for a particular resource using the search box in the top-right by entering keywords or document names. Add a document to your favorites and it will be added to My Resources. Access documents you have favorited by selecting myAirWatch from the navigation bar and then selected My Resources from the toolbar.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 43
Finding Additional Documentation
l
Download a PDF of a document by selecting the button. Note, however, that documentation is frequently updated with the latest bug fixes and feature enhancements. Therefore, it is always recommended you pull the document from AirWatch Resources each time you need to reference it.
Having trouble finding a document? Make sure a specific AirWatch Version is selected. All Versions will typically return many results. Make sure you select Documentation from the category list, at a minimum. If you know which category you want to search (e.g., Platform, Install & Architecture, Email Management) then selecting that will also further narrow your search and provide better results. Filtering by PDF as a File Type will also narrow your search even further to only include technical documentation manuals.
AirWatch Mobile Access Gateway Installation Guide for Windows | v.2015.07 | July 2015 Copyright © 2015 VMware, Inc. All rights reserved. Proprietary & Confidential.
Page 44
View more...
Comments
