Before you begin installing Integrated Sentry
Before installing Integrated Sentry review the following information:
Virtual Integrated Sentry requirements
If you are installing a virtual Integrated Sentry, confirm the following requirements before beginning setup of the MobileIron Integrated Sentry on VMware:
|
-
|
Limit: Unlimited (maximum assigned) |
|
-
|
1 virtual CPU (2 recommended) |
|
-
|
Limit: Unlimited (maximum assigned) |
Local Exchange Support (Exchange 2010)
If you are using Microsoft Exchange Server 2010, make sure the following prerequisites are in place before installing Integrated Sentry:
|
•
|
A user account that is a member of the Exchange Active Directory group “Organization Management group”. |
See http://technet.microsoft.com/en-us/library/dd335087.aspx.
|
•
|
Windows PowerShell 2.0. |
|
•
|
Exchange Management Tools 2010 |
The Integrated Sentry Installer will check if PowerShell, Exchange Management tools, and .NET 3.5 are installed, and help you install them if they are missing.
|
NOTE:
|
NET 3.5 full installation is required even if .NET 4.0 is installed on the same machine. Also, the .NET client profile alone may not be sufficient. |
Hosted Exchange support (Office 365, Exchange 2013, Exchange 2016)
If you are using Office 365, a hosted Exchange Server, make sure the following prerequisites are in place on the server on which you will install Integrated Sentry:
|
•
|
Windows PowerShell 4.0. |
|
•
|
.NET 4.5.1 through the most recent version as supported by MobileIron. |
The Integrated Sentry Installer will check if PowerShell and .NET are installed, and will prompt you if they are missing. Exchange Management tools do not have to be installed.
Also, for Office 365 support, enable WSMan in PowerShell using the following command:
> Enable-PSRemoting -force
Verify connectivity with MobileIron Core
Make sure that MobileIron Core can connect to the server on which you will install Integrated Sentry. The Core server connects to the Integrated Sentry via https on port 443.
SSL and Hosted Exchange
If you are using a hosted Exchange Server (Office 365), we recommend using SSL for the remote shell operation, which is the connection from Integrated Sentry to the hosted Exchange server. You enable and disable SSL configuration on the Sentry configuration page in the MobileIron Admin Portal.
See the following if you cannot use SSL:
Allowing unencrypted traffic
If you cannot use SSL for the connection between Integrated Sentry to the hosted Exchange server, complete the following configurations on the machine where you install the Integrated Sentry.
Before you begin
Ensure that the local machine configuration allows unencrypted traffic.
Procedure
|
1.
|
Run PowerShell as local administrator. |
|
2.
|
Allow unencrypted traffic, using the following PowerShell commands: |
> Get-Item WSMan:\localhost\Client\AllowUnencrypted
> Set-Item WSMan:\localhost\Client\AllowUnencrypted $true
If you are not using SSL and you don't execute these commands, when Integrated Sentry attempts to communicate with the hosted Exchange, an error occurs which provides a message similar to the following:
The WinRM client cannot process the request. Unencrypted traffic is currently disabled in the client configuration.
|
NOTE:
|
For Office 365, unlike for previously supported hosted Exchange Servers such as BPOS-D, you do not need to add an entry to the WSMan TrustedHosts store. The Exchange Server hosted by Office 365 is reachable at ps.outlook.com. The server certificate at this server is signed by a CA whose root certificate is in the certificate database on the server on which Integrated Sentry is installed. Because of these certificates, no entry needs to be added to the WSMan TrustedHosts store. |
Cleaning up local SSL configuration
If you had configured your Windows machine to not use SSL for the connection between Integrated Sentry to the hosted Exchange server, and now want to start using SSL, a best practice is to clean up the local configuration.
Procedure
|
1.
|
Enter the following PowerShell commands: |
> Get-Item WSMan:\localhost\Client\AllowUnencrypted
> Set-Item WSMan:\localhost\Client\AllowUnencrypted $false