1. Home
  2. General
  3. Hexnode MDM – Architecture

Hexnode MDM – Architecture

Hexnode MDM lets you securely manage both personal and corporate mobile devices in your business. Using Hexnode MDM, an IT manager can easily enroll devices over-the-air, impose settings/policies, manage apps and check compliance with enterprise’s standards. Unified web console simplifies EMM by letting you centrally manage and secure the entire fleet of devices.

The main infrastructure entities involved in the architecture are:

Hexnode MDM server

The Server which hosts Hexnode Mobile Device Management software. The server must be accessible via public IP address as many users will be out of office network.


A firewall establishes a barrier between a trusted, secure internal network of an enterprise and internet. It controls incoming and outgoing network traffic based on predefined set of rules.


Apple Push Notification Service is a highly efficient service created by Apple, to enable communication from a third party to iOS devices. APNs certificate installed in Hexnode MDM server ensures that the managed mobile devices communicate through a secure channel using Apple Push Notification Service.


Google Cloud Messaging, recently known as Firebase Cloud Messaging, is a service developed by Google to help the servers to send notification to not only Android devices, but iOS and Chrome web apps.


Windows notification service, developed by Microsoft, allows communication between a third party service and any Windows devices, including Windows Phones, PCs and Xbox consoles.

Mobile Devices

Personal or corporate-owned devices of employees which need to be managed in an organization.

Architecture of Hexnode MDM:

  1. Hexnode MDM initiates the communication by sending a notification to APNs server, to wake up the managed mobile device (via TCP port 2195).
  2. A live TCP connection is maintained by all iOS devices to APNs, via port 5223.
  3. The device listens for the commands, policy settings and configurations sent by Hexnode MDM.
  4. The device will execute the commands, apply the configurations/policies and report the data back to the Hexnode MDM server.

APNs ports

  • Port 80: The default application port used during the installation of Hexnode MDM.
  • Port 443: Used for secured and encrypted connection between mobile devices and Hexnode MDM.
  • Port 2195 (outbound): This port must be open for the Hexnode MDM server to
    communicate with APNs (Host Address is gateway.push.apple.com).
  • Port 5223(outbound): If the mobile devices are connected to the internet through Wi-Fi, this port should be open.

GCM/FCM ports

Ports 5228, 5229 and 5230 are used for Firebase Cloud Messaging. Google randomly uses any of these three ports.

WNS ports

TCP port 443 is used in the case of Windows Notification Service.

Alternate port

The port 1883 (outbound) can be used for devices without GCM.


Was this article helpful?

Related Articles

Leave a Comment