Multiple ActiveSync domains
Ivanti Standalone Sentry supports multiple ActiveSync domains. You can configure multiple ActiveSync domains on the same Ivanti Standalone Sentry to direct email traffic. You may want to configure multiple ActiveSync domains if your enterprise has multiple Exchange ActiveSync (EAS) domains and you want to use the same Standalone Sentry as the proxy to the ActiveSync domains.
Standalone Sentry gets the ActiveSync server information from the Host header in the HTTP request. The device populates the Host header with the value of the Server Name configured in the Exchange setting in Ivanti EPMM. Standalone Sentry matches the Host header value (Server Name in the Exchange setting) to the ActiveSync Service Name configured in the Standalone Sentry settings to determine which ActiveSync server to forward the traffic. If Standalone Sentry does not find a match, the traffic is forwarded to the ActiveSync server configured in the default service.
Additional setup on your domain name server (DNS) and on Ivanti EPMM is required to support multiple ActiveSync domains on Ivanti Standalone Sentry. The additional setup is described in the following sections:
•Ivanti Standalone Sentry configuration
•Standalone Sentry certificate
DNS setup
Each EAS domain must have a separate Ivanti Standalone Sentry DNS entry that points to the IP address for the Ivanti Standalone Sentry on which you are configuring the EAS domain. For example, if you have two EAS domains, myenterprise1.com and myenterprise2.com, create two Ivanti Standalone Sentry DNS entries, standalonesentry1.com and standalonesentry2.com. Point the Ivanti Standalone Sentry DNS entries to the IP address of the Ivanti Standalone Sentry on which you are configuring the EAS domains.
Ivanti Standalone Sentry configuration
You configure multiple domains by creating separate ActiveSync services in the Standalone Sentry settings in Services > Sentry in the Ivanti EPMM Admin Portal. For more information, see Configure ActiveSync.
•Settings in the Ivanti Standalone Sentry configuration are applied to all ActiveSync services configured in the Ivanti Standalone Sentry configuration.
•For device and server authentication, Kerberos authentication to the ActiveSync server is not supported if multiple ActiveSync services are configured.
Exchange setting
For each Ivanti Standalone Sentry DNS entry, create a corresponding Exchange setting on Ivanti EPMM. For Server Address in the Exchange setting, enter the DNS name for Ivanti Standalone Sentry. For more information, see Configuring Exchange settings for Ivanti Standalone Sentry for ActiveSync.
Standalone Sentry matches the hostname in the Exchange setting to the ActiveSync Service name in the Standalone Sentry configuration. The ActiveSync traffic is forwarded to the ActiveSync servers configured for that service. If the hostname entered in the Exchange setting does not match any ActiveSync service name configured on Standalone Sentry, the default service is used, and traffic is routed to the ActiveSync server associated with the default service.
Standalone Sentry certificate
Upload a separate Standalone Sentry certificate for each Standalone Sentry DNS entry, so that devices can trust the Standalone Sentry. Alternately, you can also do the following:
•Upload a wild card certificate that covers the domains for all ActiveSync services on Standalone Sentry.
OR
•Upload a certificate with one or more SAN names that cover the DNS Names of all ActiveSync services on Standalone Sentry.
You upload the Standalone Sentry certificate in the Ivanti EPMM Admin Portal. Go to Services > Sentry, and click the Manage Certificate link. For more information, see Uploading Sentry certificates.