Hexnode lets you securely manage both personal and corporate mobile devices in your business. Using Hexnode, an IT manager can easily enroll devices over-the-air, impose settings/policies, manage apps and check compliance with enterprise’s standards. Unified web console simplifies EMM by letting you centrally manage and secure the entire fleet of devices.
The main infrastructure entities involved in the architecture are:
The Server which hosts Hexnode Mobile Device Management software. The server must be accessible via public IP address as many users will be out of office network.
A firewall establishes a barrier between a trusted, secure internal network of an enterprise and internet. It controls incoming and outgoing network traffic based on predefined set of rules.
Apple Push Notification Service is a highly efficient service created by Apple, to enable communication from a third party to iOS devices. APNs certificate installed in Hexnode server ensures that the managed mobile devices communicate through a secure channel using Apple Push Notification Service.
Google Cloud Messaging, recently known as Firebase Cloud Messaging, is a service developed by Google to help the servers to send notification to not only Android devices, but iOS and Chrome web apps.
Windows notification service, developed by Microsoft, allows communication between a third party service and any Windows devices, including Windows Phones, PCs and Xbox consoles.
Personal or corporate-owned devices of employees which need to be managed in an organization.
Architecture of Hexnode:
- Hexnode initiates the communication by sending a notification to APNs server, to wake up the managed mobile device (via TCP port 2195).
- A live TCP connection is maintained by all iOS devices to APNs, via port 5223.
- The device listens for the commands, policy settings and configurations sent by Hexnode.
- The device will execute the commands, apply the configurations/policies and report the data back to the Hexnode server.
- Port 80: The default application port used during the installation of Hexnode.
- Port 443: Used for secured and encrypted connection between mobile devices and Hexnode.
- Port 2195 (outbound): This port must be open for the Hexnode server to
communicate with APNs (Host Address is gateway.push.apple.com).
- Port 5223(outbound): If the mobile devices are connected to the internet through Wi-Fi, this port should be open.
Ports 5228, 5229 and 5230 are used for Firebase Cloud Messaging. Google randomly uses any of these three ports.
TCP port 443 is used in the case of Windows Notification Service.
The port 1883 (outbound) can be used for devices without GCM.
|8998||Outbound||AD Agent||Hexnode Cloud||AD Agent Service|
||Samsung KNOX Enrollment|
|443||Bidirectional||Android Device||www.googleapis.com||Zero Touch Enrollment|
||HTTPS port used for secure and encrypted communication between Hexnode server and Windows devices.|
|443||Bidirectional||Apple Devices||mesu.apple.com||HTTPS port used for secure and encrypted communication between Hexnode server and Apple devices.|
|443||Bidirectional||Hexnode Cloud||Devices||HTTPS port used for secure and encrypted communication between Hexnode server and devices|
||HTTPS port used for file, app management.|
||HTTPS port used for Office365 Login.|
|1883||Bidirectional||Android Devices||*.pushy.me||Hexnode Push Service if GCM is not available.|
|5228, 5229, 5230||Bidirectional||Android Devices||Internet||Google push notification|
|3478 (TCP and UDP), 5349 (TCP)||Bidirectional||Android/ iOS Devices||
||Simple Traversal of UDP Through NAT (STUN) port for Remote View support, STUN over TLS for Remote View support.|
|443||Bidirectional||Android/ iOS Devices||remoteview.hexnodemdm.
|Remote View Server|
|5223||Inbound||Apple Devices||22.214.171.124/8||Apple Push Notification service (APNs) for Apple devices.|