Your SlideShare is downloading. ×
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
How to install kaspersky mdm & ksm for i os   v6
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How to install kaspersky mdm & ksm for i os v6

147

Published on

How to install kaspersky mdm & ksm for ios v6

How to install kaspersky mdm & ksm for ios v6

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
147
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 1 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile How it works .................................................................................................................. 2 Kaspersky MDM for iOS.............................................................................................................................................. 2 Kaspersky Security 10 for Mobile (for iOS)................................................................................................................. 2 How to install Kaspersky MDM for iOS .......................................................................... 2 Preparing the Environment ........................................................................................................................................... 2 1. Network configuration ............................................................................................................................ 2 2. Kaspersky Security Center ...................................................................................................................... 3 Installing Kaspersky MDM for iOS Server .................................................................................................................. 3 Getting APNs Certificate.............................................................................................................................................. 4 1. Create a request ....................................................................................................................................... 4 2. Sign the certificate request on the Kaspersky Lab website...................................................................... 5 3. Register it at the APNs ............................................................................................................................ 7 4. Get the .pfx file........................................................................................................................................ 7 Installing APNs Certificate........................................................................................................................................... 8 Installing iOS MDM profile ......................................................................................................................................... 8 1. Select a user account ............................................................................................................................... 8 2. Send the iOS MDM profile ..................................................................................................................... 8 3. Install the iOS MDM profile ................................................................................................................... 9 When iOS MDM profile is Installed Successfully...................................................................................................... 10 1. On the mobile device............................................................................................................................. 10 2. On the server side.................................................................................................................................. 10 How to install Kaspersky Security 10 for Mobile ........................................................ 11 Preparing the Environment ......................................................................................................................................... 11 1. Network Configuration.......................................................................................................................... 11 2. Kaspersky Security Center .................................................................................................................... 11 Preparing the Distribution........................................................................................................................................... 11 1. Get .ipa .................................................................................................................................................. 11 2. Publish .ipa............................................................................................................................................ 11 3. Create .plist............................................................................................................................................ 12 Installing the Kaspersky Security 10 for Mobile ........................................................................................................ 12 1. Add Kaspersky Security for Mobile to the manageable applications list.............................................. 12 2. Launch the installation .......................................................................................................................... 13 3. Complete the installation....................................................................................................................... 13 4. Install a license key ............................................................................................................................... 14 When Kaspersky Security 10 for Mobile is Installed Successfully ............................................................................ 15 1. On the mobile device............................................................................................................................. 15 2. On the server side.................................................................................................................................. 15 FOR INTERNAL USE ONLY
  • 2. 2 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile How it works Kaspersky Lab product line includes two products for iOS: 1. Kaspersky MDM for iOS 2. Kaspersky Security 10 for Mobile (for iOS) They both can be remotely managed via Kaspersky Security Center 10, and can be used on a mobile device simultaneously. Kaspersky MDM for iOS Agentless solution providing remote management of mobile devices: applies configuration parameters, policies for passcodes, locks and wipes devices remotely, installs and removes apps. See http://images.apple.com/iphone/business/docs/iOS_6_MDM_Sep12.pdf for more details. Kaspersky Security 10 for Mobile (for iOS) Endpoint solution providing security for mobile devices: via containers for apps, web protection, jailbreak detection, but no anti-virus. Can be managed remotely via KSC. How to install Kaspersky MDM for iOS Preparing the Environment 1. Network configuration 1. iOS MDM Server:  Windows 7 or 2008 OS  Accessible from the Internet (real IP or other means) at port TCP 443 (the port can be changed during the installation) KSC Administration ServerKaspersky Security for Mobile APNs Built-in connector to KSC Installation Kaspersky MDM for iOS KSC Network Agent FOR INTERNAL USE ONLY
  • 3. 3 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile  Have access to the APNs servers at ports TCP 2195 and 2196. See http://support.apple.com/kb/TS4264 for more details 2. KSC Administration Server: accessible from the Internet at ports TCP 8060 and 8061 (the ports can be changed in the properties of the Administration Server) 3. Mobile devices: access to the APNs servers at port TCP 5223. See http://support.apple.com/kb/TS4264 for more details When performing internal tests it is enough to have access from the mobile devices to the iOS MDM Server and KSC Administration Server via LAN (e.g. internal Wi-Fi). 2. Kaspersky Security Center 4. KSC Administration Server preinstalled, and no additional components are required 5. KSC Administration Console: install the Plug-in for management of mobile iOS devices (ServerPlugins MDM4IOSklcfginst.msi inside the KSC distribution archive ksc10.0.xxxxen.exe) 6. KSC settings:  Setup the Administration Server email notification settings: open the properties of the Reports and notifications node, and fill in the form  Install a license key allowing using the MDM features  Display the MDM interface 7. iOS MDM Server: Network Agent connected to the KSC Administration Server Installing Kaspersky MDM for iOS Server 1. Copy the ServerMDM4IOS folder from the KSC distribution (ksc10.0.xxxxen.exe) to the iOS MDM Server, and run setup.exe 2. In the installation wizard specify the ports: FOR INTERNAL USE ONLY
  • 4. 4 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 3. And the external URL of the iOS MDM Server—it must be accessible by this URL from the mobile devices 4. After that you should find the iOS MDM mobile device server in the Mobile devices / Mobile devices servers node Getting APNs Certificate This document describes how to generate an APNs certificate using OpenSSL. For some details about other methods please see http://support.kaspersky.com/9245. The following steps can be done on any computer running Windows. 1. Create a request 1. Install the Microsoft Visual C++ 2008 Redistributable Package: http://www.microsoft.com/en-us/download/details.aspx?id=15336 (for x64) http://www.microsoft.com/en-us/download/details.aspx?id=29 (for x86) 2. Install the OpenSSL: http://slproweb.com/download/Win64OpenSSL-1_0_1e.exe (for x64) http://slproweb.com/download/Win32OpenSSL-1_0_0k.exe (for x86) 3. During the installation keep all the default settings, and remember the installation folder. In all later steps we assume you’ve used C:OpenSSL-Win64, which is default for x64 4. Open the command line, type in set OPENSSL_CONF=C:OpenSSL-Win64binopenssl.cfg FOR INTERNAL USE ONLY
  • 5. 5 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile and press Enter 5. Type in C:OpenSSL-Win64binopenssl req -new -newkey rsa:2048 -nodes -out Name.csr -keyout Name.key - subj "/C=Country/ST=State/L=City/O=Company/OU=Department/CN=ServerName" and press Enter. Here,  Name — some name for the key  ServerName — the domain name or IP address that clients will use to reach the iOS MDM Server. You can use * to cover all subdomains  Country — put the country name common 2-letter abbreviation (US for the USA, UK for the UK, etc.)  State, City, Company, Department — state or province, city, company and department correspondingly. Multiple-word names are accepted, and no quotes needed 6. As a result, you’ll find both .csr and .key files in the user’s home folder 2. Sign the certificate request on the Kaspersky Lab website 7. Go to the https://companyaccount.kaspersky.com. To make it work you’ll need Adobe Flash Player, enabled popups, etc. So it makes sense to do this on some desktop 8. Login, or register, if you haven’t registered yet. You’ll need to provide a proper commercial license key, and some not @kaspersky.com email address 9. Click Submit request, then SCR Signing, Browse, and navigate to the mycert.csr you’ve got on the step 6 FOR INTERNAL USE ONLY
  • 6. 6 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 10. Click Sign CSR 11. Click OK and go to Inactive 12. Select the last request (it is selected by default), and press View Files/Details 13. Select mycert.plist and click Save to Disk 14. As a result you’ll get the mycert.plist file FOR INTERNAL USE ONLY
  • 7. 7 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 3. Register it at the APNs 15. Go to the https://identity.apple.com/pushcert/ 16. Login using any Apple ID, or register (https://appleid.apple.com/), if you haven’t registered yet. All you need is just some valid email address 17. Click Create a certificate 18. Browse to mycert.plist and click Upload 19. Then click Download 20. As a result you’ll get the MDM_ Laboratoriya Kasperskogo ZAO_Certificate.pem file 21. Rename in to something shorter, e. g. mycert.pem 22. Copy mycert.pem to the computer where you initially created the request for the certificate and put it into the user’s home folder, next to the mycert.key and mycert.csr 4. Get the .pfx file 23. At this point you should have three files—mycert.key, mycert.csr, and mycert.pem 24. Open the command line, and run the command C:OpenSSL-Win64binopenssl pkcs12 -export -out mycert.pfx -in mycert.pem -inkey mycert.key -name "My Certificate" You’ll be asked to enter a password, and then verify it. Type in e.g. Ka5per5Ky 25. As a result next to mycert.* you’ll find mycert.pfx FOR INTERNAL USE ONLY
  • 8. 8 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile Installing APNs Certificate 1. In the KSC Administration Console go to the Mobile devices / Mobile devices servers node 2. Find the iOS MDM mobile devices server and open its properties 3. Switch to the Certificates tab and click the upper Install 4. Browse to mycert.pfx and install it. You’ll be asked to type in the password put on the step 24 of the “Getting the APNs Certificate” section If next time you deploy an iOS MDM profile you get the certificate missing error, then you have installed not the latest build of Kaspersky MDM for iOS. Check the version of the Control Panel Programs Programs and Features Kaspersky iOS MDM mobile device server. If it is older than 10.0.3368.0, then download a newer one and reinstall it, or do the following:  Run the Kaspersky Security Center Remote Diagnostics Utility (Start / All Programs / Kaspersky Security Center), and connect it to the Administration Server  Enable the Network Agent tracing, keep the default tracing level  Install the certificate  Disable the Network Agent tracing Installing iOS MDM profile 1. Select a user account Select the user account you want to send the iOS MDM profile to, or create a new one. 1. In the KSC Administration Console go to the Users Accounts node 2. Find the user account you want to use (with a proper email address), or create a new one 2. Send the iOS MDM profile 3. Select the user account(s) you want to use 4. Click Install iOS MDM profile to user’s mobile device. It’s a link in the bottom right of the window FOR INTERNAL USE ONLY
  • 9. 9 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 5. Select the server you want to use (just click it), clear the By SMS checkbox (unless you want to deliver it by SMS and have already set it up), and click OK 3. Install the iOS MDM profile Now you need to retrieve the link to the iOS MDM profile from the message you’ve send. You can either receive it directly on the mobile device or get it on your desktop and then use the QR-code. Let’s say we have the email account preconfigured directly on the mobile device. 6. Receive the email and click the link. It points to the KSC built-in web-server. If the specified name is unreachable from the mobile device, you can modify it right in the browser window. Until CF1 there is no way to preconfigure it on the Administration Server 7. In the Cannot Verify Server Identity window click Continue, and then Install (twice) FOR INTERNAL USE ONLY
  • 10. 10 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 8. Enter the passcode if you’ve setup one, and click Done When iOS MDM profile is Installed Successfully 1. On the mobile device 1. Go to the Settings / General, then scroll down to the Profile group. Tap it 2. Find the Kaspersky mdm profile here 2. On the server side 3. In the KSC Administration Console go to the Mobile devices / iOS MDM mobile devices node. 4. You should find the device here: 5. And be able to send commands to it. E.g. try to Block device. It should be applied almost immediately FOR INTERNAL USE ONLY
  • 11. 11 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile How to install Kaspersky Security 10 for Mobile Preparing the Environment 1. Network Configuration The same as for Kaspersky MDM for iOS. Plus, KSC Administration Server must be accessible from the mobile devices at ports TCP 13292 and 17100 (can be changed in the properties of the Administration Server). 2. Kaspersky Security Center 1. KSC Administration Server—add the Mobile devices support component: under the Control Panel Programs Programs and Features find Kaspersky Security Center Administration Server, and click Uninstall/Change 2. KSC Administration Console—install the Kaspersky Security 10 for Mobile plug-in (ksc10.0.xxxxen.exeServer PluginsKES4Mobileklcfginst.msi) 3. KSC settings—open ports for mobile devices: in the KSC Administration Console open the properties of the Administration Server, go to the Settings tab, enable Open port for mobile devices 4. iOS MDM Server—install Kaspersky MDM for iOS and deploy its MDM profile to the mobile device Preparing the Distribution Kaspersky Security 10 for Mobile (iOS) is distributed in form of an unsigned application. This is the Apple policy—you cannot install just any application. It should be either available on the official AppStore or distributed using your iOS Developer Account. So, as far as Kaspersky Security is not available at the AppStore, we need an iOS Developer Account. Technically it means the Kaspersky Security for Mobile is distributed as KES.app but to start deployment you need an .ipa plus .plist files. 1. Get .ipa How to sign the distribution is not covered in this version of the document. See http://support.kaspersky.com/9614 for some details. Let’s say we already have the kes.ipa file. 2. Publish .ipa First, you need to publish kes.ipa on some webserver. Let’s use KSC built-in webserver. 1. Copy kes.ipa to the KLShare folder. By default it is the %ProgramFiles(x86)%Kaspersky LabKaspersky Security CenterShare 2. If you put kes.ipa right in the root of the KLShare, the link to it will look like http://<server-address>:8060/kes.ipa FOR INTERNAL USE ONLY
  • 12. 12 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 3. Create .plist It’s an XML-file pointing to the kes.ipa. You can create it using some XML-editor, or Notepad. Anyway, it should contain the following data: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>items</key> <array> <dict> <key>assets</key> <array> <dict> <key>kind</key> <string>software-package</string> <key>url</key> <string>http://security-center.abc.lab:8060/kes.ipa</string> </dict> </array> <key>metadata</key> <dict> <key>bundle-identifier</key> <string>ksm.com.kaspersky.KES</string> <key>bundle-version</key> <string>10.0.32</string> <key>kind</key> <string>software</string> <key>title</key> <string>KESM</string> </dict> </dict> </array> </dict> </plist> Here, http://security-center.abc.lab:8060/kes.ipa —a link to the published package you got on the step 2. 3. Create the kes.plist file as described above, and put it in the KLShare folder, next to kes.ipa Installing the Kaspersky Security 10 for Mobile You can do this either via Kaspersky MDM for iOS (or some other MDM), or connect a device to some desktop and use iTunes. This document is about installation through Kaspersky MDM for iOS. 1. Add Kaspersky Security for Mobile to the manageable applications list 1. Open the KSC Administration Console and go to the Mobile devices / Mobile devices servers node 2. Double-click the iOS MDM mobile devices server and switch to the Managed applications tab 3. Click Add, type in e.g. “Kaspersky Security 10 for Mobile” 4. In the second field specify the link which points to kes.plist. This URL should be accessible from the mobile device at the port TCP 6081 5. The other two checkboxes are optional FOR INTERNAL USE ONLY
  • 13. 13 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 2. Launch the installation 6. Go to the Mobile devices / iOS MDM mobile devices, and find the device you want to install KSM to 7. Select it and click Install application to device. It’s a link on the right pane 8. Select the package you want to install and click OK 3. Complete the installation 9. Go to the mobile device and wait till a notification appears. It should happen almost immediately 10. Click Install 11. As a result you should find the Browser app among the installed applications FOR INTERNAL USE ONLY
  • 14. 14 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile 12. Launch it, fill in the configuration details: the KSC Administration Server address and port 13292, and click Done 13. Click , then start Synchronization, and wait till it’s finished 4. Install a license key 14. In the KSC Administration Console go to the Unassigned computers / Domains node 15. Find the KSM10 folder (unless you haven’t changed it two steps above), and the mobile device in it. Move it to Managed computers 16. Go to the mobile device and start the synchronization once more (repeat the step 13) FOR INTERNAL USE ONLY
  • 15. 15 How to install Kaspersky MDM for iOS & Kaspersky Security for Mobile When Kaspersky Security 10 for Mobile is Installed Successfully 1. On the mobile device The Browser app can be found among installed applications, and in the Settings / General / Profile you’ll find a new provisioning profile. 2. On the server side 1. Go to the Mobile devices / iOS MDM mobile devices, and find the device 2. Double-click it and switch to the Applications folder. You should find the ksm.com.kaspersky.KES here 3. Modify the policy for Kaspersky Security for Mobile: on the Network tab click Categories, and block the Social network category 4. Go to the mobile device, open the Brower app, and synchronize it 5. Try to open facebook.com, but get an error message FOR INTERNAL USE ONLY

×