MobileIron

 

1Introduction

MobileIron Sentry is a key component of the MobileIron Platform. Sentry is an in-line gateway which manages, encrypts, and secures traffic between a mobile device and back-end enterprise systems.

MobileIron Sentry interacts with a company’s ActiveSync server, such as a Microsoft Exchange Server. The ActiveSync server allows employees to access email, contacts, calendar, tasks, and notes from their mobile devices. MobileIron Sentry, with input from the Virtual Smartphone Platform (VSP), protects the ActiveSync server from unauthorized access. MobileIron VSP provides end-to-end security and management for apps, documents, and devices. IT can now establish a virtual perimeter to secure business data without compromising the privacy of data, even on employee-owned smartphones and tablets.

A KEMP LoadMaster can be used to load balance the MobileIron workload.

1.1Document Purpose

This document is intended to provide guidance on how to deploy MobileIron with a KEMP LoadMaster. The KEMP Support Team is available to provide solutions for scenarios not explicitly defined.

1.2Intended Audience

This document is intended to be used by anyone deploying MobileIron with a KEMP LoadMaster.

2MobileIron Templates

KEMP have developed templates containing our recommended settings for MobileIron. These templates can be installed on the LoadMaster and used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Released templates can be downloaded from the Templates section on the KEMP documentation page: http://kemptechnologies.com/documentation/.

If you create another Virtual Service using the same template, ensure to change the Service Name to a unique name.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.

For steps on how to manually add and configure each of the Virtual Services, refer to Section 3.

Figure 1: Architecture Overview

3Create MobileIron Virtual Services

Refer to the two sections below for step-by-step instructions on how to create and configure the MobileIron Virtual Services.

3.1Create a MobileIron Sentry Virtual Service

The following lists the steps involved and values required to set up a MobileIron Sentry Virtual Service:

  1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services> Add New.

Figure 2: Virtual Service parameters

  1. Enter a valid IP address in the Virtual Address text box.
  2. Enter 443 in the Port text box.
  3. Enter a recognizable Service Name, for example MobileIron Sentry.
  4. Click Add this Virtual Service.

Figure 3: Standard Options for the Sentry

  1. Expand the Standard Options section.
  2. Deselect the Transparency check box.
  3. Enter 8443, 9090 in the Extra Ports text box and click Set Extra Ports.
  4. Select Source IP Address from the Mode drop-down list.
  5. Select 1 Hour from the Timeout drop-down list.
  6. Select Weighted Response Time from the Scheduling Method drop-down list.
  7. Enter 900 in the Idle Connection Timeout (Default 660) field and then click Set Idle Timeout.
  8. Expand the Advanced Properties section.

Figure 4: Advanced Properties - Add HTTP Redirector

  1. Click the Add HTTP Redirector button.

Figure 5: Real Servers Options for the Sentry

  1. Expand the Real Servers section and select HTTPS Protocol from the drop-down list.
  2. Enter /mics in the URL text box and click Set URL.

3.2Create a MobileIron VSP Virtual Service

The following lists the steps and values required to set up a MobileIron VSP Virtual Service:

  1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services> Add New.

Figure 6: Virtual Service properties

  1. Enter a valid IP address in the Virtual Address text box.
  2. Enter 443 in the Port text box.
  3. Enter a recognizable Service Name, for example MobileIron VSP.
  4. Click Add this Virtual Service.

Figure 7: Standard Options for the VSP

  1. Expand the Standard Options section.
  2. Deselect the Transparency check box.
  3. Enter 8080,8443,9090,9997 in the Extra Ports text box and click Set Extra Ports.
  4. Select Source IP Address from the Mode drop-down list.
  5. Select 1 Hour from the Timeout drop-down list.
  6. Select Fixed Weighting from the Scheduling Method drop-down list.
  7. Enter 1800 in the Idle Connection Timeout (Default 660) text box and then click Set Idle Timeout.

Figure 8: Real Server Options for the VSP

  1. Expand the Real Servers section and select HTTPS Protocol from the drop-down list.
  2. Enter /mifs in the URL: field and click Set URL.

References

Unless otherwise specified, the following documents can be found at http://www.kemptechnologies.com/documentation.

Virtual Services and Templates, Feature Description

Document History

Date

Change

Reason for Change

Version

Resp.

July 2015

Initial Draft

First draft of document

1.0

KG

Sep 2015

Release updates

Updates for 7.1-30 release

2.0

LB

Dec 2015

Release updates

Updates for 7.1-32 release

3.0

LB

Jan 2016

Minor change

Updated

4.0

LB

Mar 2016

Release updates

Updates for 7.1-34 release

5.0

LB

Was this article helpful?

0 out of 0 found this helpful

Comments