1 Reply Latest reply on Dec 29, 2017 4:54 AM by J4yJ4y

    Installing VIDM/Mobile SSO on-premises - advice needed

    skywalker76 Novice

      Hello experts,

       

      I'm in the process of setting up VIDM on-premises for our production platform as we will use mobile SSO for iOS & Android devices in our Office365 deployment with Airwatch. All connections will come from devices located on the internet.

      However, I'm having a nightmare trying to locate all the information required on the architecture level. I'm hoping that someone can help clarify a few things for me here as it's not at all clear in the official guides.

       

      Regarding port 5262 used for Android Mobile SSO, our network team requires the use of a reverse proxy (for obvious reasons) but from my understanding we are talking about an incoming TCP connection from the Android tunnel app straight through to the VIDM servers and is thus terminated on the appliance level. For this to work, do we need to simply forward the ports via our RP to the VIDM cluster? Security will not like this...

      I'm referencing the extract below as there is absolutely nothing else written about this in any of the VMWare official guides

       

       

      Regarding Mobile SSO for iOS, I'm aware that it uses a built-in KDC on VIDM so do I also need to do TCP/UDP port forwarding for port 88? Again, very little information posted about this anywhere...do I need to create a public DNS record that points to our VIDM LB so that the iOS clients are able to find the KDC? What can I put as the realm? Considering that everything is located on the same box, does it need to be different to the public DNS already created as in idm.company.com instead of kdc.company.com?

       

      We will also install UAG for intranet browsing purposes, can this be used as a Reverse Proxy to reach the VIDM servers - any documentation on that?

       

      Thanks in advance for your help!