mSuite and Systems Center Mobile Device Manager 2008 Connector for Notes/Domino

MDM Device Management Server
MDM Device Management Server is the primary administration and management service for all managed devices. MDM Device Management Server is the functional hub for device Group Policy application, device software packages, and device data wipe. This server communicates with existing infrastructure servers, such as domain controllers, and manages the translation of information and commands between the MDM system and managed devices. MDM Device Management Server may exist as multiple, identically configured load balance servers.

MDM Enrollment Server
This server manages the requests for and retrieving of certificates for devices and for creating the Active Directory® Domain Service objects that will represent these devices. By using these objects, you can manage the devices as if they were members of a domain. The process uses a one-time password to perform secure enrollment over untrusted connections, such as the internet and mobile data networks. This role enables users to enroll their devices from anywhere without connecting the devices to a computer or having physical access to the company network.
MDM Enrollment Server makes sure that both the device and the server authenticate mutually before it accepts or issues enrollment certificates. MDM Enrollment Server uses Active Directory to provide the identity store.

Databases
The services on MDM Device Management Server and MDM Enrollment Server maintain databases to manage device configuration, tasks, and status settings. These SQL databases are pivotal to configure and update managed devices.  With MDM in place, protected network access is available from managed devices to LOB applications. Additionally, you can use Group Policy and software packages to manage the enrolled Windows Mobile powered devices.
To manage a Windows Mobile powered device from the MDM system, the device must be running Windows Mobile 6.1. This version of the operating system contains the application that is required to manage the device from the MDM system, and supports the standards that enable the device to establish an authenticated and encrypted communications channel to a MDM Gateway Server.

Services
MDM components work with key IT services to give managed devices access to selected business data. The following shows the primary IT services that work with MDM:
Active Directory Domain Service
The Windows-based operating system directory service stores credentials for virtual private network (VPN) and 802.1X-based connections and the Group Policy settings that configure the required settings on each managed device. Examples include configuring ActiveSync® settings or enabling a “password required” policy.

MDM software distribution
MDM software distribution uses Windows Software Update Server (WSUS) to allow for the distribution of applications to managed devices. The administrator uses MDM software distribution to create, monitor, and push application packages to managed devices.

Certificate services
The MDM client and server security model requires X.509 certificates. MDM works directly with your existing Public Key Infrastructure (PKI) for client and server certificate signing. If no current PKI is in place, or if you want to maintain a separate certification authority for device authentication, you can add a Microsoft enterprise certification authority. The Windows Server® 2003 Enterprise Edition operating system certification authority is the only fully supported issuing certification authority for MDM.

Mobility Framework
This solution utilizes modified Mobility Framework components:
 Connection Manager Server (CMS)
 Device Connection Manager (DCM)
 These components have been adapted to utilize the VPN services and connection management capabilities of the MDM Gateway Server and Windows Mobile devices that support MDM.  Content is only decrypted in the secure zone and not in the DMZ. This also further strengthens security by providing a third level of encapsulation.  The CommonTime Mobility Framework is made up of a series of Machine Services that are normally installed on a single Windows 2003 server. The services are:  Database (repository)  The Domino Connector for MDM uses a single SQL 2005 or later database for system configuration. This database can be hosted by SQL Server Express.  Configuration Service  This machine service provides a centralized mechanism for all other CommonTime components to access the configuration database. The database can be local or remote.  Connection Manager Server  The Connection Manager Server is responsible for maintaining an AES 256 encrypted tunnel between itself and the Device Communication Manager (DCM). All mNotes and mForms communication is transmitted through this tunnel.