Installing BigFix MDM Service for Windows endpoints
Learn how to install BigFix MDM server for Windows endpoints.
About this task
In
this section, you can find instructions on how to install BigFix MCM Server for
Windows endpoints using the BESUEM Fixlet Install BigFix Windows MDM
Server
.
Before you begin: These prerequisites must be met
to install the BigFix MDM
Server for Windows endpoints:
- You must have the required certificates and keys. See, MDM SSL Certificates.
- You must have BigFix Agent running on the MDM Server target.
- You must have the wnscredentials.json file ready to upload. For the work flow to create this file, see Generating WNS credentials
In
the
Install BigFix Windows MDM Server
Fixlet, provide this
information:- Enter the organization name. While enrolling a device, the organization name is displayed to the users along with the rest of the profile information.
- Enter user facing hostname. This is the hostname of the server that the enrolling devices should be pointing to. The value must be the hostname from a valid URL. For example, enter mdmserver.deploy.bigfix.com.
- Enter LDAP parameters. This is used for
authorization to enroll users for MDM over the air. This limits enrollment
to your MDM server to authorized users only. Omitting all LDAP parameters
disables the need for LDAP authentication to enroll for MDM.
- LDAP URL: Valid format is ldap://<server>:<port>. For more information on LDAP URL formats, see https://ldap.com/ldap-urls/
- LDAP Base DN: Valid format "dc=example,dc=org"
- LDAP Bind User: The root point to bind to the server. For example, DC=mydomain, DC=mycompany, DC=com. "user@example.org"
- LDAP Bind Password: The password entered here is encrypted and
stored in the
MDM_PARAM_4.enc
file in the/var/opt/BESUEM/certs
directory.Note: LDAP Authentication is turned on by default.
- Upload the files containing the details of the MDM Server
TLS certificate and key contents.
- TLS key password: Enter a string to set TLS key password.
- In the MDM Server TLS Certificate section, click Upload
File and browse through the location to select the
TLS
.crt
file to be used. - In the MDM Server TLS Key section, click Upload
File and browse through the location to select the
TLS
.key
file to be used.
- Upload the files containing the MDM Server authentication
certificate and key contents.
- In the MDM Server Certificate Authority section, click Upload File and browse through the location to select the ca.cert.pem file.
- In the MDM Server Certificate content section, click Upload File and browse through the location to select the server.cert.pem file.
- In the MDM Server Key section, click Upload File and browse through the location to select the server.key file.
- WNS Credentials: This field appears when you select Windows as the operating
system. Click Upload File and browse through the
file location to select the
wnscredentials.json
file.Tip: To learn how to generate this file, see Generating WNS credentials - Deploy the Fixlet to the targeted systems.
Results:
- Downloads a set of docker images from software.bigfix.com which is needed for the MDM installation.
- Installs the services and certificates including the Plugin certificates and the TLS certificate on which the server runs.
- Applies all required configurations.